AI News, Difference between revisions of "Basic Computer Security/Introduction"
- On 4. oktober 2018
- By Read More
Difference between revisions of "Basic Computer Security/Introduction"
This book is written for a reader with little to no previous knowledge of security issues, but one who is familiar with the basic functionality of his or her computer's operating system.
Reading this book should give you a basic understanding of the processes needed to secure your home computer and home network, as well as protect your privacy and data on the web.
(Also visible on the top right of the page.) This feature will facilitate returning to the index to move on to the next section, to return to this introduction, or to re-orient yourself if you click on a link and find yourself lost.
short word of warning before we begin: Any book on the subject of security is likely to enlighten the reader on a variety of nasty things that could potentially happen to him or her.
It is our hope that by reading this book you will learn more about the world around you and gain valuable knowledge and understanding that will help you protect yourself, your privacy, and your information.
Malware will introduce you to and describe the main malware (malicious software) threats that your computer will be subject to, and will then teach you how to safely and effectively eliminate them.
These topics include the encryption of data, setting user account controls and ensuring your computer is physically secure, to prevent theft of your important or sentimental data.
Network Security Concepts and Policies
In this chapter, you learn about the following topics: The open nature of the Internet makes it vital for businesses to pay attention to the security of their networks.
As companies move more of their business functions to the public network, they need to take precautions to ensure that the data cannot be compromised and that the data is not accessible to anyone who is not authorized to see it.
Unauthorized network access by an outside hacker or a disgruntled employee can cause damage or destruction to proprietary data, negatively affect company productivity, and impede the capability to compete.
The Computer Security Institute reported in its 2010/2011 CSI Computer Crime and Security Survey (available at http://gocsi.com/survey) that on an average day, 41.1 percent of respondents dealt with at least one security incident (see page 11 of the survey).
Individuals and corporations benefit from the elastic deployment of services in the cloud, available at all times from any device, but these dramatic changes in the business services industry exacerbate the risks in protecting data and the entities using it (individuals, businesses, governments, and so on).
Security policies and architectures require sound principles and a lifecycle approach, including whether the data is in the server farm, mobile on the employee’s laptop, or stored in the cloud.
To start on our network security quest, this chapter examines the need for security, looks at what you are trying to protect, and examines the different trends for attacks and protection and the principles of secure network design.
Establishing and maintaining a secure computing environment is increasingly more difficult as networks become increasingly interconnected and data flows ever more freely.
Therefore, it is very important to enable networks to support security services that provide adequate protection to companies that conduct business in a relatively open environment.
Several new assumptions have to be made about computer networks because of their evolution over the years: To provide adequate protection of network resources, the procedures and technologies that you deploy need to guarantee three things, sometimes referred to as the CIA triad: When designing network security, a designer must be aware of the following: Although viruses, worms, and hackers monopolize the headlines about information security, risk management is the most important aspect of security architecture for administrators.
A less exciting and glamorous area, risk management is based on specific principles and concepts that are related to asset protection and security management.
By knowing which assets you are trying to protect, as well as their value, location, and exposure, you can more effectively determine the time, effort, and money to spend in securing those assets.
risk is the likelihood that a particular threat using a specific attack will exploit a particular vulnerability of a system that results in an undesirable consequence.
Although the roof of the data center might be vulnerable to being penetrated by a falling meteor, for example, the risk is minimal because the likelihood of that threat being realized is negligible.
Without classification, data custodians find it almost impossible to adequately secure the data, and IT management finds it equally difficult to optimally allocate resources.
By classifying data correctly, data custodians can apply the appropriate confidentiality, integrity, and availability controls to adequately secure the data, based on regulatory, liability, and ethical requirements.
The following is a common way to classify data that many government organizations, including the military, use: It is important to point out that there is no actual standard for private-sector classification.
These are some well-known, publicly available catalogs that may be used as templates for vulnerability analysis: After assets (data) and vulnerabilities, threats are the most important component to understand.
These controls fall into one of three categories: Later in this chapter, we will discuss models and frameworks from different organizations that can be used to implement network security best practices.
Some of these controls are as follows: For example, if an organization has strict hiring practices that require drug testing and background checks for all employees, the organization will likely hire fewer individuals of questionable character.
Technical controls are extremely important to a good information security program, and proper configuration and maintenance of these controls will significantly improve information security.
The following are examples of technical controls: While trying to secure an environment with good technical and administrative controls, it is also necessary that you lock the doors in the data center.
Other examples of physical controls include the following: When security professionals examine physical security requirements, life safety (protecting human life) should be their number one concern.
With effective detective controls in place, the incident response can use the detective controls to figure out what went wrong, allowing you to immediately make changes to policies to eliminate a repeat of that same breach.
Examples of these influences included the fear of a new worm outbreak, the uncertainty of providing web services, or doubts that a particular leading-edge security technology would fail.
in that it has a specific, damaging goal: to traverse industrial control systems, such as supervisory control and data acquisition (SCADA) systems, so that it can reprogram the programmable logic controllers, possibly disrupting industrial operations.
As a recent example of its activities, in May 2012, Anonymous attacked the website of the Quebec government after its promulgation of a law imposing new requirements for the right to protest by college and university students.
The nature and sophistication of threats, as well as their pervasiveness and global nature, are trends to watch.Figure 1-3 shows how the threats that organizations face have evolved over the past few decades, and how the growth rate of vulnerabilities that are reported in operating systems and applications is rising.
For example, attacks have expanded from individual denial of service (DoS) attacks from a single attacker against a single target, to large-scale distributed DoS (DDoS) attacks emanating from networks of compromised systems that are known as botnets.
Because infections are so complex and have so many end users (employees, vendors, and contractors), multiple types of endpoints (company desktop, home, and server), and multiple types of access (wired, wireless, VPN, and dial-up), infections are difficult to eradicate.
Taking into consideration constant reductions and streamlining in IT budgets, organizations face serious challenges in supporting a growing number of mobile devices at a time when their resources are being reduced.
These cloud services add challenges in visibility (how do you identify and mitigate threats that come to and from a trusted network?), control (who controls the physical assets, encryption keys, and so on?), and trust (do you trust cloud partners to ensure that critical application data is still protected when it is off the enterprise network?).
These teams now need to manage noncontrolled consumer devices, such as a personal tablet, coming into the network, and provide seamless and context-aware services to users all over the world.
Whether they are creating malware that can subvert industrial processes or tricking social network users into handing over login and password information, cybercriminals have a powerful weapon at their disposal: the exploitation of trust.
Nowhere is this tactic more widespread than within social networking, where cybercriminals continue to attract victims who are willing to share information with people they believe are known to them, with malware such as Koobface.
One noticeable shift in social engineering is that criminals are spending more time figuring out how to assume someone’s identity, perhaps by generating emails from an individual’s computer or social networking account.
to set up bank accounts, or even use their own bank accounts, to assist in the transfer of money from the account of a fraud victim to another location, usually overseas, via a wire transfer or automated clearing house (ACH) transaction.
Although enforcement of existing regulations has been weak in many jurisdictions worldwide, regulators and standards bodies are now tightening enforcement through expanded powers, higher penalties, and harsh enforcement actions.
Lately, regulators are also making it clear that enterprises are responsible for ensuring the protection of their data when it is being processed by a business partner, including cloud service providers.
The following are some of the U.S. and international regulations that many companies are subject to: The challenge becomes to comply with these regulations and, at the same time, make that compliance translate into an effective security posture.
For example, in an attempt to be helpful, people have been known to give their passwords over the phone to attackers who have a convincing manner and say they are troubleshooting a problem and need to test access using a real user password.
An example of a special organizational practice that helps to provide security is the separation of duty, where critical tasks require two or more persons to complete them, thereby reducing the risk of insider threat.
Implementation of security measures should not create an internally generated DoS, meaning, if security is too stringent or too cumbersome for users, either they will not have access to all the resources needed to perform their work or their performance will be hindered by the security operations.
Using a range of tools and techniques, an attacker can discover the company domain names, network blocks, IP addresses of systems, ports and services that are used, and many other details that pertain to the company security posture as it relates to the Internet, an intranet, remote access, and an extranet.
One form of a social engineering attack is for the hacker to pose as a visitor to the company, a delivery person, a service technician, or some other person who might have a legitimate reason to be on the premises and, after gaining entrance, walk by cubicles and look under keyboards to see whether anyone has put a note there containing the current password.
This type of attack usually means copying malicious code to the user system and giving it the same name as a frequently used piece of software.
The patterns derive from the concept of design patterns that are applied in a destructive rather than constructive context and are generated from in-depth analysis of specific, real-world exploit examples.
Later in this chapter, you learn about some of the general categories under which threats can be regrouped, such as: To assist in enhancing security throughout the security lifecycle, there are many publicly available classification databases that provide a catalog of attack patterns and classification taxonomies.
In an illegitimate situation, a port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services (each service is associated with a well-known port number) the computer provides.
A ping sweep consists of ICMP echo-requests (pings) sent to multiple hosts, whereas a single ping consists of ICMP echo-requests that are sent to one specific host computer.
The prime goal of an IP spoofing attack is to establish a connection that allows the attacker to gain root access to the host and to create a backdoor entry path into the target system.
IP spoofing is a technique used to gain unauthorized access to computers whereby the intruder sends messages to a computer with an IP address that indicates the message is coming from a trusted host.
If an attacker manages to change the routing tables to divert network packets to the spoofed IP address, the attacker can receive all the network packets addressed to the spoofed address and reply just as any trusted user can.
Such attacks are easier to perpetrate when an attacker has a user account and password, but they are also possible when attackers combine simple spoofing attacks with their knowledge of messaging protocols.
If multiple hosts are attacked with spoofed requests, their collective replies to the third-party spoofed IP address create an unsupportable flood of packets, thus creating a DoS attack.
If the packets from the hacker have the sequence numbers that the target system is expecting, and if these packets arrive before the packets from the real, trusted system, the hacker becomes the trusted host.
To engage in IP spoofing, hackers must first use a variety of techniques to find an IP address of a trusted host and then modify their packet headers to appear as though packets are coming from that trusted host.
Several trust models may exist in a network: Password attacks can be implemented using several methods, including brute-force attacks, Trojan horse programs, IP spoofing, keyloggers, packet sniffers, and dictionary attacks.
Although packet sniffers and IP spoofing can yield user accounts and passwords, password attacks usually refer to repeated attempts to identify a user account, password, or both.
If this account has sufficient privileges, the attacker can create a back door for future access, without concern for any status and password changes to the compromised user account.
Just as with packet sniffers and IP spoofing attacks, a brute-force password attack can provide access to accounts that attackers then use to modify critical network files and services.
The strength of the hash is such that the hash value can be re-created only by using the original user and password information, and that it is impossible to retrieve the original information from the hash.
Hackers use many tools and techniques to crack passwords: Password cracking attacks any application or service that accepts user authentication, including the following: Confidentiality breaches can occur when an attacker attempts to obtain access to read-sensitive data.
The attacker then uses information from the database, such as a username, password, and email address, to intercept and read sensitive email messages destined for a user in the branch office.
complex form of IP spoofing is called man-in-the-middle attack, where the hacker monitors the traffic that comes across the network and introduces himself as a stealth intermediary between the sender and the receiver, as shown in Figure 1-8.
(This could also be an attack against confidentiality.) Another cleaver man-in-the-middle attack is for the hacker to successfully introduce himself as the DHCP server on the network, providing its own IP address as the default gateway during the DHCP offer.
Overt and covert channels refer to the capability to hide information within or using other information: There are numerous ways that Internet protocols and the data that is transferred over them can provide overt and covert channels.
The client, infected with the Trojan horse, could return to the hacker’s server a ping status report in a binary format, where a 0 would represent a successful ping over a one-minute period, and a 1 would represent two successful pings over a one-minute period.
In computing, phishing is an attempt to criminally acquire sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity.
DoS attacks are usually the consequence of one of the following: Hackers can use many types of attacks to compromise availability: Botnet is a term for a collection of software robots, or bots, that run autonomously and automatically.
Although the term botnet can be used to refer to any group of bots, it is generally used to refer to a collection of compromised systems running worms, Trojan horses, or back doors, under a common command and control infrastructure.
DDoS attack generates much higher levels of flooding traffic by using the combined bandwidth of multiple machines to target a single machine or network.
Figure 1-11 shows the process of a DDoS attack: The actual breach and vulnerability exploit is often accomplished using a combination of malware that infects, propagates, and delivers its payload following different techniques associated with traditional malware.
Securing information and systems against all threats requires multiple, overlapping protection approaches that address the human, technological, and operational aspects of information technology.
Identification of various failure modes might help a designer evaluate the probability of element failure, and identify the links that are the most critical for the security of the whole system.
The Information Security Triad: Confidentiality, Integrity, Availability (CIA)
Upon successful completion of this chapter, you will be able to: As computers and other digital devices have become essential to business and commerce, they have also increasingly become a target for attacks.
In this chapter, we will review the fundamental concepts of information systems security and discuss some of the measures that can be taken to mitigate security threats.
Just as a person with integrity means what he or she says and can be trusted to consistently represent the truth, information integrity means information truly represents its intended meaning.
Integrity can also be lost unintentionally, such as when a computer power surge corrupts a file or someone authorized to make a change accidentally deletes a file or enters incorrect information.
For example, a stock trader needs information to be available immediately, while a sales person may be happy to get sales numbers for the day in a report the next morning.
The most common way to identify someone is through their physical appearance, but how do we identify someone sitting behind a computer screen or at the ATM? Tools for authentication are used to ensure that the person accessing the information is, indeed, who they present themselves to be.
The primary drawback is that each information resource is managed separately, so if a security administrator wanted to add or remove a user to a large set of information resources, it would be quite difficult.
With RBAC, instead of giving specific users access rights to an information resource, users are assigned to roles and then those roles are assigned the access.
Encryption is a process of encoding data upon its transmission or storage so that only authorized individuals can read it. This encoding is accomplished by a computer program, which encodes the plain text that needs to be transmitted;
This type of encryption is problematic because the key is available in two different places. An alternative to symmetric key encryption is public key encryption.
Not only should the data on the corporate servers be backed up, but individual computers used throughout the organization should also be backed up. A good backup plan should consist of several components.
Additional concepts related to backup include the following: As information has become a strategic asset, a whole industry has sprung up around the technologies necessary for implementing a proper backup strategy.
A company can contract with a service provider to back up all of their data or they can purchase large amounts of online storage space and do it themselves.
A firewall protects all company servers and computers by stopping packets from outside the organization’s network that do not meet a strict set of criteria.
Some organizations may choose to implement multiple firewalls as part of their network security configuration, creating one or more sections of their network that are partially secured.
This segment of the network is referred to as a DMZ, borrowing the term demilitarized zone from the military, and it is where an organization may place resources that need broader access but still need to be secured.
Through a combination of software and security measures, this lets an organization allow limited access to its networks while at the same time ensuring overall security.
An organization can implement the best authentication scheme in the world, develop the best access control, and install firewalls and intrusion prevention, but its security cannot be complete without implementation of physical security.
To implement physical security, an organization must identify all of the vulnerable resources and take measures to ensure that these resources cannot be physically tampered with or stolen.
A good information-security policy lays out the guidelines for employee use of the information resources of the company and provides the company recourse in the case that an employee violates a policy.
According to the SANS Institute, a good policy is “a formal, brief, and high-level statement or plan that embraces an organization’s general beliefs, goals, objectives, and acceptable procedures for a specified subject area.”
As the use of mobile devices such as smartphones and tablets proliferates, organizations must be ready to address the unique security concerns that the use of these devices bring.
For an employee with malicious intent, it would be a very simple process to connect a mobile device either to a computer via the USB port, or wirelessly to the corporate network, and download confidential data.
When an employee does have permission to access and save company data on his or her device, a different security threat emerges: that device now becomes a target for thieves.
According to a 2013 SANS study, organizations should consider developing a mobile device policy that addresses the following issues: use of the camera, use of voice recording, application purchases, encryption at rest, Wi-Fi autoconnect settings, bluetooth settings, VPN use, password settings, lost or stolen device reporting, and backup.
In some cases, it may even make sense to install remote data-removal software, which will remove data from a device if it becomes a security risk.
If a system’s security measures make it difficult to use, then users will find ways around the security, which may make the system more vulnerable than it would have been without the security measures!
If the organization requires an extremely long password with several special characters, an employee may resort to writing it down and putting it in a drawer since it will be impossible to memorize.
The same holds true for us personally: as digital devices become more and more intertwined with our lives, it becomes crucial for us to understand how to protect ourselves.
- On 25. september 2021
Map of Computer Science
The field of computer science summarised. Learn more at this video's sponsor Computer science is the subject that studies what ..
Cybersecurity: Crash Course Computer Science #31
Cybersecurity is a set of techniques to protect the secrecy, integrity, and availability of computer systems and data against threats. In today's episode, we're ...
Encryption Concepts - Information Security Lesson #6 of 12
Dr. Soper discusses encryption concepts. Topics covered include encryption algorithms, keyed and keyless cryptosystems, cryptanalysis, breaking encrypted ...
ICS Computer part 1,Ch 6,Security Violation-ICS/FSC Part 1- 11th Class
In this online lecture, Sir Abid Hussian explains Computer Science Chapter 6 Security,Copyright and the Law.The topic being discussed is Topic 6.2 Security ...
Early Computing: Crash Course Computer Science #1
Hello, world! Welcome to Crash Course Computer Science! So today, we're going to take a look at computing's origins, because even though our digital ...
Computer Networks Lecture1,Introduction to Computer network and IP address
In this video I have discussed what is networking and details about IP addresses like how is classful addressing dong.
Liebherr - Mobile and Crawler Cranes: 3 things an operator needs to consider
A Must for all crane operators: Strong wind and especially gusts can be really dangerous during a crane job. We want to raise awareness about this topic to ...
Windows 7: FULL TUTORIAL (Basics)
Are you new to Windows 7 and want to learn how to navigate the operating system? In this tutorial, David will show you the ins and outs of Windows 7 (designed ...
8. Web Security Model
MIT 6.858 Computer Systems Security, Fall 2014 View the complete course: Instructor: James Mickens In this lecture, Professor ..
TrueOS: Linux or Windows Alternative
TrueOS is a Windows or Linux alternative based on the FreeBSD operating system. In this video I install TrueOS in VirtualBox, and also try out a range of ...