System Security

Security of a computer system is a crucial task. It is a process of ensuring confidentiality and

integrity of the OS.
A system is said to be secure if its resources are used and accessed as intended under all the
circumstances, but no system can guarantee absolute security from several of the various
malicious threats and unauthorized access.
Security of a system can be threatened via two violations:
 Threat: A program which has the potential to cause serious damage to the system.
 Attack: An attempt to break security and make unauthorized use of an asset.
Security violations affecting the system can be categorized as malicious and
accidental. Malicious threats, as the name suggests are a kind of harmful computer code or web
script designed to create system vulnerabilities leading to back doors and security
breaches. Accidental Threats, on the other hand, are comparatively easier to be protected
against.
Security can be compromised via any of the breaches mentioned:
 Breach of confidentiality: This type of violation involves the unauthorized reading of
data.
 Breach of integrity: This violation involves unauthorized modification of data.
 Breach of availability: It involves unauthorized destruction of data.
 Theft of service: It involves unauthorized use of resources.
 Denial of service: It involves preventing legitimate use of the system. As mentioned
before, such attacks can be accidental in nature.
Security System Goals –
Henceforth, based on the above breaches, the following security goals are aimed:
1. Integrity:
The objects in the system mustn’t be accessed by any unauthorized user & any user not
having sufficient rights should not be allowed to modify the important system files and
resources.
2. Secrecy:
The objects of the system must be accessible only to a limited number of authorized users.
Not everyone should be able to view the system files.
3. Availability:
All the resources of the system must be accessible to all the authorized users i.e only one
user/process should not have the right to hog all the system resources. If such kind of
situation occurs, denial of service could happen. In this kind of situation, a malware might
hog the resources for itself & thus preventing the legitimate processes from accessing the
system resources.
Threats can be classified into the following two categories:
1. Program Threats:
A program written by a cracker to hijack the security or to change the behaviour of a normal
process.
2. System Threats:
These threats involve the abuse of system services. They strive to create a situation in which
operating-system resources and user files are misused. They are also used as a medium to
launch program threats.
Types of Program Threats –

1. Virus:
An infamous threat, known most widely. It is a self-replicating and a malicious thread which
attaches itself to a system file and then rapidly replicates itself, modifying and destroying
essential files leading to a system breakdown.
Further, Types of computer viruses can be described briefly as follows:
– file/parasitic – appends itself to a file
– boot/memory – infects the boot sector
– macro – written in a high-level language like VB and affects MS Office files
– source code – searches and modifies source codes
– polymorphic – changes in copying each time
– encrypted – encrypted virus + decrypting code
– stealth – avoids detection by modifying parts of the system that can be used to detect it,
like the read system
call
– tunneling – installs itself in the interrupt service routines and device drivers
– multipartite – infects multiple parts of the system

2. Trojan Horse:
A code segment that misuses its environment is called a Trojan Horse. They seem to be
attractive and harmless cover program but are a really harmful hidden program which can be
used as the virus carrier. In one of the versions of Trojan, User is fooled to enter its
confidential login details on an application. Those details are stolen by a login emulator and
can be further used as a way of information breaches.
Another variance is Spyware, Spyware accompanies a program that the user has chosen to
install and downloads ads to display on the user’s system, thereby creating pop-up browser
windows and when certain sites are visited by the user, it captures essential information and
sends it over to the remote server. Such attacks are also known as Convert Channels.

3. Trap Door:
The designer of a program or system might leave a hole in the software that only he is
capable of using, the Trap Door works on similar principles. Trap Doors are quite difficult to
detect as to analyze them, one needs to go through the source code of all the components of
the system.

4. Logic Bomb:
A program that initiates a security attack only under a specific situation.
Types of System Threats –
Aside from the program threats, various system threats are also endangering the security of our
system:
1. Worm:
An infection program which spreads through networks. Unlike a virus, they target mainly LANs.
A computer affected by a worm attacks the target system and writes a small program “hook” on
it. This hook is further used to copy the worm to the target computer. This process repeats
recursively, and soon enough all the systems of the LAN are affected. It uses the spawn
mechanism to duplicate itself. The worm spawns copies of itself, using up a majority of system
resources and also locking out all other processes.
The basic functionality of a the worm can be represented as:

2. Port Scanning:
It is a means by which the cracker identifies the vulnerabilities of the system to attack. It is an
automated process which involves creating a TCP/IP connection to a specific port. To protect the
identity of the attacker, port scanning attacks are launched from Zombie Systems, that is
systems which were previously independent systems that are also serving their owners while
being used for such notorious purposes.
3. Denial of Service:
Such attacks aren’t aimed for the purpose of collecting information or destroying system files.
Rather, they are used for disrupting the legitimate use of a system or facility.
These attacks are generally network based. They fall into two categories:
– Attacks in this first category use so many system resources that no useful work can be
performed.
For example, downloading a file from a website that proceeds to use all available CPU time.
– Attacks in the second category involves disrupting the network of the facility. These attacks are
a result of the abuse of some fundamental TCP/IP principles.
the fundamental functionality of TCP/IP.
Security Measures Taken –
To protect the system, Security measures can be taken at the following levels:
 Physical:
The sites containing computer systems must be physically secured against armed and
malicious intruders. The workstations must be carefully protected.
 Human:
Only appropriate users must have the authorization to access the system. Phishing(collecting
confidential information) and Dumpster Diving(collecting basic information so as to gain
unauthorized access) must be avoided.
 Operating system:
The system must protect itself from accidental or purposeful security breaches.
 Networking System:
Almost all of the information is shared between different systems via a network. Intercepting
 these data could be just as harmful as breaking into a computer. Henceforth, Network should
be properly secured against such attacks.
Usually, Anti Malware programs are used to periodically detect and remove such viruses and
threats. Additionally, to protect the system from the Network Threats, Firewall is also be used.

Cryptography and its Types

Cryptography is technique of securing information and communications through use of codes so
that only that person for whom the information is intended can understand it and process it. Thus
preventing unauthorized access to information. The prefix “crypt” means “hidden” and suffix
graphy means “writing”.
In Cryptography the techniques which are use to protect information are obtained from
mathematical concepts and a set of rule based calculations known as algorithms to convert
messages in ways that make it hard to decode it. These algorithms are used for cryptographic key
generation, digital signing, verification to protect data privacy, web browsing on internet and to
protect confidential transactions such as credit card and debit card transactions.
Techniques used For Cryptography:
In today’s age of computers cryptography is often associated with the process where an ordinary
plain text is converted to cipher text which is the text made such that intended receiver of the text
can only decode it and hence this process is known as encryption. The process of conversion of
cipher text to plain text this is known as decryption.
Features Of Cryptography are as follows:
1. Confidentiality:
Information can only be accessed by the person for whom it is intended and no other
person except him can access it.
2. Integrity:
Information cannot be modified in storage or transition between sender and intended
receiver without any addition to information being detected.
3. Non-repudiation:
The creator/sender of information cannot deny his or her intention to send information at
later stage.
4. Authentication:
The identities of sender and receiver are confirmed. As well as destination/origin of
information is confirmed.
Types Of Cryptography:
In general there are three types Of cryptography:
1. Symmetric Key Cryptography:
It is an encryption system where the sender and receiver of message use a single common
key to encrypt and decrypt messages. Symmetric Key Systems are faster and simpler but
the problem is that sender and receiver have to somehow exchange key in a secure
manner. The most popular symmetric key cryptography system is Data Encryption
System(DES).
2. Hash Functions:
There is no usage of any key in this algorithm. A hash value with fixed length is
calculated as per the plain text which makes it impossible for contents of plain text to be
recovered. Many operating systems use hash functions to encrypt passwords.
 3. Asymmetric Key Cryptography:
Under this system a pair of keys is used to encrypt and decrypt information. A public key
is used for encryption and a private key is used for decryption. Public key and Private
Key are different. Even if the public key is known by everyone the intended receiver can
only decode it because he alone knows the private key.

Encryption is the process of converting normal message (plaintext) into meaningless message
(Ciphertext). Whereas Decryption is the process of converting meaningless message
(Ciphertext) into its original form (Plaintext).

The major distinction between secret writing associated secret writing is that secret writing is
that the conversion of a message into an unintelligible kind that’s undecipherable unless
decrypted. whereas secret writing is that the recovery of the first message from the encrypted
information.

Let’s see that the difference between encryption and decryption:

S.NO Encryption Decryption

Encryption is the process of

converting normal message into While decryption is the process of converting
1. meaningless message. meaningless message into its original form.

Encryption is the process which take While decryption is the process which take place
2. place at sender’s end. at receiver’s end.
 Its major task is to convert the plain While its main task is to convert the cipher text
3. text into cipher text. into plain text.

Any message can be encrypted with Whereas the encrypted message can be decrypted
4. either secret key or public key. with either secret key or private key.

In encryption process, sender sends Whereas in decryption process, receiver receives

the data to receiver after encrypted the information(Cipher text) and convert into
5. it. plain text.

Introduction of Firewall in Network

A firewall is a network security device, either hardware or software-based, which monitors all
incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or
drops that specific traffic.

Accept : allow the traffic

Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply

A firewall establishes a barrier between secured internal networks and outside untrusted network,
such as the Internet.
History and Need for Firewall

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on
routers. ACLs are rules that determine whether network access should be granted or denied to
specific IP address.
But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not
have the capacity to keep threats out of the network. Hence, the Firewall was introduced.

Connectivity to the Internet is no longer optional for organizations. However, accessing the
Internet provides benefits to the organization; it also enables the outside world to interact with
the internal network of the organization. This creates a threat to the organization. In order to
secure the internal network from unauthorized traffic, we need a Firewall.

How Firewall Works

Firewall match the network traffic against the rule set defined in its table. Once the rule is
matched, associate action is applied to the network traffic. For example, Rules are defined as any
employee from HR department cannot access the data from code server and at the same time
another rule is defined like system administrator can access the data from both HR and technical
department. Rules can be defined on the firewall based on the necessity and security policies of
the organization.
From the perspective of a server, network traffic can be either outgoing or incoming. Firewall
maintains a distinct set of rules for both the cases. Mostly the outgoing traffic, originated from
the server itself, allowed to pass. Still, setting a rule on outgoing traffic is always better in order
to achieve more security and prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of these
three major Transport Layer protocols- TCP, UDP or ICMP. All these types have a source
address and destination address. Also, TCP and UDP have port numbers. ICMP uses type
code instead of port number which identifies purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For this
reason, the firewall must always have a default policy. Default policy only consists of action
(accept, reject or drop).
Suppose no rule is defined about SSH connection to the server on the firewall. So, it will follow
the default policy. If default policy on the firewall is set to accept, then any computer outside of
your office can establish an SSH connection to the server. Therefore, setting default policy
as drop (or reject) is always a good practice.

Generation of Firewall

Firewalls can be categorized based on its generation.

 1. First Generation- Packet Filtering Firewall : Packet filtering firewall is used to
control network access by monitoring outgoing and incoming packet and allowing them
to pass or stop based on source and destination IP address, protocols and ports. It
analyses traffic at the transport protocol layer (but mainly uses first 3 layers).
Packet firewalls treat each packet in isolation. They have no ability to tell whether a
packet is part of an existing stream of traffic. Only It can allow or deny the packets based
on unique packet headers.

Packet filtering firewall maintains a filtering table which decides whether the packet will be
forwarded or discarded. From the given filtering table, the packets will be Filtered according to
following rules:

1. Incoming packets from network 192.168.21.0 are blocked.

2. Incoming packets destined for internal TELNET server (port 23) are blocked.

3. Incoming packets destined for host 192.168.21.3 are blocked.

4. All well-known services to the network 192.168.21.0 are allowed.

2. Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs Stateful

Packet Inspection) are able to determine the connection state of packet, unlike Packet
filtering firewall, which makes it more efficient. It keeps track of the state of networks
connection travelling across it, such as TCP streams. So the filtering decisions would not
only be based on defined rules, but also on packet’s history in the state table.

3. Third Generation- Application Layer Firewall : Application layer firewall can inspect
and filter the packets on any OSI layer, up to the application layer. It has the ability to
block specific content, also recognize when certain application and protocols (like HTTP,
FTP) are being misused.
In other words, Application layer firewalls are hosts that run proxy servers. A proxy
 firewall prevents the direct connection between either side of the firewall, each packet
has to pass through the proxy. It can allow or block the traffic based on predefined rules.

Note: Application layer firewalls can also be used as Network Address Translator(NAT).

4. Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed
these days to stop modern security breaches like advance malware attacks and
application-layer attacks. NGFW consists of Deep Packet Inspection, Application
Inspection, SSL/SSH inspection and many functionalities to protect the network from
these modern threats.

Types of Firewall

Firewalls are generally of two types: Host-based and Network-based.

1. Host- based Firewalls : Host-based firewall is installed on each network node which
controls each incoming and outgoing packet. It is a software application or suite of
applications, comes as a part of the operating system. Host-based firewalls are needed
because network firewalls cannot provide protection inside a trusted network. Host
firewall protects each host from attacks and unauthorized access.

2. Network-based Firewalls : Network firewall function on network level. In other words,

these firewalls filter all incoming and outgoing traffic across the network. It protects the
internal network by filtering the traffic using rules defined on the firewall. A Network
firewall might have two or more network interface cards (NICs). A network-based
firewall is usually a dedicated system with proprietary software installed