MCB 126: INTRODUCTION TO

WEB TECHNOLOGIES
TOPIC: COMPUTER SECURITY

LECTURER: DR. D.D ALEBURU

Introduction
• Computer security refers to protecting and securing computers and
their related data, networks, software, hardware from unauthorized
access, misuse, theft, information loss, and other security issues.

• The Internet has made our lives easier and has provided us with lots
of advantages but it has also put our system's security at risk of
being infected by a virus, of being hacked, information theft,
damage to the system, and much more.
The CIA of Security
• The three fundamental security control principles are confidentiality,
integrity, and availability. Collectively, these are often referred to as
the “CIA triad.”
• By employing the concepts of confidentiality, integrity, and
availability to its data, an organization can properly secure its
hardware, software, and communications.
• Confidentiality: This concept centers on preventing the disclosure of
information to unauthorized persons.
• Depending on the type of information, a higher level of confidentiality
might
be required, depending on how sensitive it is.
• You must have adequate control mechanisms in place to enforce and
ensure that data is only accessed by the individuals who should be
allowed to access it and no one else.
• Another important part of confidentiality is that all sensitive data needs
to be controlled, audited, and monitored at all times.
• Here are some examples of sensitive data:
▫ Social security numbers
▫ Bank and credit card account information
▫ Criminal records
▫ Patient and health records
▫ Trade secrets
▫ Source code
▫ Military secrets
• The following are examples of security mechanisms designed to
preserve confidentiality:
▫ Logical and physical access controls
▫ Encryption (in motion and at rest)
▫ Database views
▫ Controlled traffic routing
• Integrity: This means that data has not been tampered with. It is
very important that systems and the data they maintain are
accurate, complete, and protected from unauthorized modification.
• Integrity protection encompasses more than just data; it not only
protects data, but also operating systems, applications, and
hardware from being altered by unauthorized individuals.
• Authorization is necessary before data can be modified in any way;
this is done to protect the data’s integrity.
• For example, what if a router is modified to send data to a
destination that it was not intended to?
• What if a confidential email is modified by an attacker before it
reaches its originally intended recipient?
• For example, if a person were to delete a required file, either
maliciously or inadvertently, the integrity of that file will have been
violated.
• Availability: Availability means that data is obtainable regardless of
how information is stored, accessed, or protected.
• It also means that data should be available regardless of the malicious
attack that might be perpetrated on it.
• The idea behind availability is that systems, applications, and data must
be available to users without impacting productivity.
• The most common attack against availability is a denial-of-service
(DoS) attack.
• User productivity can be greatly affected, and companies can lose a lot
of money if data is not available.
• For example, if you are an online retailer or a cloud service provider
and your ecommerce site or service is not available to your users, you
could potentially lose current or future business, thus impacting
revenue.
• Another acronym to live by is the AAA of computer security:
authentication, authorization, and accounting.

• Authentication: When a person’s identity is established with

proof and confirmed by a system. Typically, this requires a digital
identity of some sort, username/password, or other authentication
scheme.
• Authorization: When a user is given access to certain data or
areas of a building. Authorization happens after authentication and
can be determined in several ways, including permissions, access
control lists, time-of-day restrictions, and other login and physical
restrictions.
• Accounting: The tracking of data, computer usage, and network
resources. Often it means logging, auditing, and monitoring of the
data and resources.
• Accountability is quickly becoming more important in today’s
secure networks. Part of this concept is the burden of proof. You as
the security person must provide proof if you believe that someone
committed an unauthorized action.
• When you have indisputable proof of something users have done
and they cannot deny it, it is known as non-repudiation.
The Basics of Information Security
• Information security is the act of protecting data and information
systems from unauthorized access, unlawful modification and
disruption, disclosure, corruption, and destruction.

• The basic types of threats you need to be aware of to be an effective

security administrator:
• Malicious software: Known as malware, this includes computer
viruses, worms, Trojan horses, spyware, rootkits, adware, and other
types of unwanted software.
• Unauthorized access: Access to computer resources and data
without consent of the owner. It might include approaching the
system, trespassing, communicating, storing and retrieving data,
intercepting data, or any other methods that would interfere with a
computer’s normal work.
• System failure: Computer crashes or individual application
failure. This can happen due to several reasons, including user
error, malicious activity, or hardware failure.

• Social engineering: The act of manipulating users into revealing

confidential information or performing other actions detrimental to
the user. Almost everyone gets e-mails nowadays from unknown
entities making false claims or asking for personal information (or
money!); this is one example of social engineering.
• In general, a security administrator should create a proactive
security plan that usually starts with the implementation of security
controls.

• When creating the security plan, some IT professionals divide the

plan into three categories of controls as follows:
• Physical: Things such as alarm systems, surveillance cameras,
locks, ID cards, security guards, and so on.
• Technical: Items such as smart cards, access control lists (ACLs),
encryption, and network authentication.
• Administrative: Various policies and procedures, security
awareness training, contingency planning, and disaster recovery
plans (DRPs). Administrative controls can also be broken down into
two subsections: procedural controls and legal/regulatory controls.
• There are several ways to prevent and help recover from the
previous threats include
• User awareness: The wiser the user, the less chance of security
breaches. Employee training and education, easily accessible and
understandable policies, security awareness e-mails, and online
security resources all help to provide user awareness.
• Authentication: Verifying a person’s identity helps to protect
against unauthorized access. Authentication is a preventative
measure that can be broken down into five categories:
— Something the user knows; for example, a password or PIN
— Something the user has; for example, a smart card or other
security token
— Something the user is; for example, the biometric reading of
a fingerprint or retina scan
— Something a user does; for example, voice recognition or a
written signature
— Somewhere a user is; for example, a GPS-tracked individual,
or when a system is authenticated through geographic location
• Anti-malware software: Anti-malware protects a computer from
the various forms of malware and, if necessary, detects and removes
them.
• Types include antivirus and anti-spyware software. Well-known
examples include programs from Symantec and McAfee, as well as
Microsoft’s Windows Defender. Nowadays, a lot of the software
named “antivirus” can protect against spyware and other types of
malware as well.
• Data backups: Backups won’t stop damage to data, but they can
enable you to recover data after an attack or other compromise, or
system failure.
• From programs such as Windows Backup and Restore and Bacula to
enterprise-level programs such as IBM’s Tivoli and Symantec’s
Backup Exec, data backup is an important part of security.
• Encryption: The act of changing information using an algorithm
(known as a cipher) to make that information unreadable to anyone
except users who possess the proper “key”.
• Examples of this include wireless sessions encrypted with Advanced
Encryption Standard (AES), web pages encrypted with HTTP Secure
(HTTPS), and e-mails encrypted with Secure/Multipurpose Internet
Mail Extensions (S/MIME) or Pretty Good Privacy (PGP).

• Data removal: Proper data removal goes far beyond file deletion
or the formatting of digital media. The problem with file
deletion/formatting is data remanence, or the residue, left behind,
from which re-creation of files can be accomplished by some less-
than-reputable people with smart tools.
• Companies typically employ one of three options when met with the
prospect of data removal: clearing, purging (also known as
sanitizing), and destruction.
Computer Systems Security Threats
• Malicious Software
• Malicious software, or malware, is software designed to infiltrate a
computer system and possibly damage it without the user’s
knowledge or consent. Malware is a broad term used by computer
professionals to include viruses, worms, Trojan horses, spyware,
rootkits, adware, and other types of undesirable software.
• Virus
• A virus is code that runs on a computer without the user’s
knowledge; it infects the computer when the code is accessed and
executed. For viruses to do their dirty work, they first need to be
executed by the user in some way.
• A virus also has reproductive capability and can spread copies of
itself throughout the computer as long as it is first executed by the
user—the virus can’t reproduce by itself. By infecting files accessed
by other computers, the virus can spread to those other systems as
well.
• Types of viruses:
• Boot sector: Initially loads into the first sector of the hard drive;
when the computer boots, the virus then loads into memory.
• Macro: Usually placed in documents and e-mailed to users in the
hopes that the users will open the document, thus executing the virus.
• Program: Infects executable files.
• Polymorphic: Can change every time it is executed in an attempt to
avoid antivirus detection.
• Stealth: Uses various techniques to go unnoticed by antivirus
programs.
• Armored: This protects itself from antivirus programs by tricking
the program into thinking that it is located in a different place from
where it actually resides. Essentially, it has a layer of protection that
it can use against the person who tries to analyze it; it will thwart
attempts by analysts to examine its code.
• Multipartite: A hybrid of boot and program viruses that attacks the
boot sector or system files first and then attacks the other files on the
system.
• Worm
• A worm is much like a virus except that it self-replicates, whereas a
virus does not.
• Worms take advantage of security holes in operating systems and
applications (including backdoors, which we discuss later).
• They look for other systems on the network or through the Internet
that are running the same applications and replicate to those other
systems.
• With worms, the user doesn’t need to access and execute the
malware. A virus needs some sort of carrier to get it where it wants to
go and needs explicit instructions to be executed, or it must be
executed by the user. The worm does not need this carrier or explicit
instructions to be executed.
• A well-known example of a worm is Nimda (admin backward), which
propagated automatically through the Internet in 22 minutes in
2001, causing widespread damage. It propagated through network
shares, mass e-mailing, and operating system vulnerabilities.
• Trojan horses
• Trojan horses, or simply Trojans, appear to perform wanted
functions but are actually performing malicious functions behind
the scenes.
• These are not technically viruses and can easily be downloaded
without being noticed. They can also be transferred to a computer
by way of removable media, especially USB flash drives.
• One example of a Trojan is a file that is contained within a
downloaded program such as a key generator (known as a “keygen”
used with pirated software) or other executable.
• If a user complains about slow system performance and numerous
antivirus alerts, and they recently installed a questionable program
from the Internet or from a USB flash drive, their computer could be
infected by a Trojan.
• Remote access Trojans (RATs) are the most common type of Trojan,
for example Back Orifice, NetBus, or SubSeven (now deprecated);
their capability to allow an attacker higher administration privileges
than those of the owner of the system makes them quite dangerous.
• The software effectively acts as a remote administration tool
(another name for the RAT acronym).
• RATs can also be coded in PHP (or other languages) to allow remote
access to websites.
• Ransomware
• Some less than reputable persons use a particularly devious
malware known as ransomware—a type of malware that restricts
access to a computer system and demands that a ransom be paid.
• It locks the system in one of several ways, and informs the user that
in order to unlock the computer and regain access to files, a
payment would have to be made to one of several banking services,
often overseas.
• It often propagates as a Trojan or worm, and can make use of
encryption to make the user’s files inaccessible. This usage of
encryption is also known as cryptoviral extortion.
• One example of this is CryptoLocker. This ransomware Trojan
encrypts certain files on the computer’s drives using an RSA public
key. (The counterpart private key is stored on the malware creator’s
server.)
• Spyware
• Spyware is a type of malicious software either downloaded
unwittingly from a website or installed along with some other third-
party software.
• Usually, this malware collects information about the user without
the user’s consent. Spyware could be as simple as a piece of code
that logs what websites you access, or go as far as a program that
records your keystrokes (known as keyloggers).
• Spyware is also associated with advertising (those pop-ups that just
won’t go away!), and is sometimes related to malicious advertising,
or malvertising—the use of Internet-based advertising (legitimate
and illegitimate) to distribute malicious software.
• Spyware can possibly change the computer configuration without
any user interaction; for example, redirecting a browser to access
websites other than those wanted.
• Adware usually falls into the realm of spyware because it pops up
advertisements based on what it has learned from spying on the
user.
• Rootkit
• A rootkit is a type of software designed to gain administrator-level
control over a computer system without being detected.
• The term is a combination of the words “root” (meaning the root
user in a Unix/Linux system or administrator in a Windows system)
and “kit” (meaning software kit).
• Usually, the purpose of a rootkit is to perform malicious operations
on a target computer at a later date without the knowledge of the
administrators or users of that computer.
• A rootkit is a variation on the virus that attempts to dig in to the
lower levels of the operating system— components of the OS that
start up before any anti-malware services come into play.
• Rootkits can target the BIOS, boot loader, kernel, and more.
• An example of a boot loader rootkit is the Evil Maid Attack; this
attack can extract the encryption keys of a full disk encryption
system
• Rootkits are difficult to detect because they are activated before the
operating system has fully booted. A rootkit might install hidden
files, hidden processes, and hidden user accounts. Because rootkits
can be installed in hardware or software, they can intercept data
from network connections, keyboards, and so on.
• Spam
• Spam is the abuse of electronic messaging systems such as e-mail,
texting, social media, broadcast media, instant messaging, and so
on.
• Spammers send unsolicited bulk messages indiscriminately, usually
without benefit to the actual spammer, because the majority of
spam is either deflected or ignored.
• Companies with questionable ethics condone this type of marketing
(usually set up as a pyramid scheme) so that the people at the top of
the marketing chain can benefit; however, it’s usually not
worthwhile for the actual person who sends out spam.
• The most common form of spam is e-mail spam, which is one of the
worst banes of network administrators. Spam can clog up resources
and possibly cause a type of denial-of-service to an e-mail server if
there is enough of it. It can also mislead users, in an attempt at
social engineering.
• Summary of Malware Threats