SlideShare a Scribd company logo

chapter 1 security.ppt

Download as PPT, PDF
ā€¢ā€¢
G
girmawodajo

The document discusses various topics relating to computer security and privacy including definitions, types of attacks and threats, vulnerabilities, countermeasures, physical security, and the human factor. It provides an overview of security concepts, outlines common computer security attacks and their categories, and discusses prevention and recovery strategies. The document also covers specific threats like viruses, worms, trojans, and describes anti-virus functions.

Technology
1 of 47
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Computer security (Itecā€¦ 3CrHr) Department of Computer Science Admas university Mekanisa campus Set by: HabtamuB.
Computer Security and Privacy ā€œThe most secure computers are those not connected to the Internet and shielded from any interferenceā€
Computer Security and Privacy Computer security is about provisions and policies adopted to protect information and property from theft, corruption, or natural disaster while allowing the information and property to remain accessible and productive to its intended users.
Computer Security and Privacy Network security on the other hand deals with provisions and policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network- accessible resources. Internet Not Sufficient!!
Computer Security and Privacy Elements of Security Integrity Confidentiality Availaibility
Spoofing Attack Brut Force Attack: Malware Attack: Virus/Worm Attack SMURF Attack: SYN Attack Trojan Horse Logic Bomb Ping of Death Packet Sniffing Eavesdropping Cracking Session Hijacking War Dialing DoS/DDoS Blackout/ Brownout Serge/Spike Traffic Analysis Wire Tapping Assignment: ā€¢ Form a group of Three. ā€¢ Read about these security attack related keywords and write a five page (maximum) summary of your findings including any recorded history of significant damages created by these attacks. ā€¢ Send your report by email in word format after two weeks (Use your names as the file name:shew.admas2010@gmail.com). ā€¢ Bonus: While reading, if you find keywords other than these, send them on the second page of your report. ā€¢ Finally prepare for presentation. Computer Security and Privacy
Course Outline 1.Fundamentals of computer security & privacy ļ‚§ Overview: history, vulnerabilities, countermeasures, physical security 2.Computer security attacks/threats ļ‚§ Viruses, Worms, Trojan horses, Crackers, Spy-wares ā€¦ 3.Cryptography and Encryption Techniques 4.Network security concepts and mechanisms ļ‚§ Transport and Application layer security, IP security, ā€¦ 5.Security mechanisms and techniques ļ‚§ Authentication, access control, firewall, ā€¦ 6.Secure system planning and administration ļ‚§ Analysing risks, planning, policies and procedures 7.Information Security ļ‚§ Legal, ethical and policy issues
References 1. Computer security basics, D. Russel and G. Gangemi 2. Security Complete, BPB Publications 3. Computer Security Fundamentals, Chuck Easttom 4. Network Security Essentials, W. Stallings 5. Effective Physical Security, Lawrence Fennelly 6. Information Security Policies and Procedures, Thomas R. Peltier 7. Physical Security for IT, Erbschloe Michael 8. Computer Security: Art and Science, Matt Bishop 9. Computer Security, Dicter Gouman, John Wiley & Sons 10. Computer Security: Art and Science, Mathew Bishop, Addison-Wesley 11. Principles of Information Security, Whitman, Thomson. 12. Network security, Kaufman, Perl man and Speciner, Pearson Education. 13. Cryptography and Network Security, 5th Edition William Stallings, Pearson Education 14. Introduction to Cryptography, Buchmann, Springer.
Computer Security and Privacy/ Overview Security: The prevention and protection of computer assets from unauthorized access, use, alteration, degradation, destruction, and other threats. Privacy: The right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information. Security/Privacy Threat: Any person, act, or object that poses a danger to computer security/privacy. Definitions
Computer Security and Privacy/Attacks Prevention oTo prevent someone from violating a security policy Detection: oTo detect activities in violation of a security policy oVerify the efficacy of the prevention mechanism Recovery oStop policy violations (attacks) oAssess and repair damage oEnsure availability in presence of an ongoing attack oFix vulnerabilities for preventing future attack. oRetaliation against the attacker Goals of Security
Computer Security and Privacy/Attacks Interruption: An attack on availability ļƒ˜ E.g. DOS Attack Interception: An attack on confidentiality ļƒ˜ E.g. Eyes dropper Modification: An attack on integrity ļƒ˜ E.g. Hacker Fabrication: An attack on authenticity ļƒ˜ E.g. Man in the middle (MITM) Repudiation of origin: False denial that an entity created something. Categories of Attacks(Common security attacks)
Computer Security and Privacy/Attacks ļƒ˜Disclosure: Disclosure: unauthorized access to information oSpoofing ļƒ˜Deception: acceptance of false data. oModification, masquerading/spoofing, repudiation of origin, denial of receipt. oModification ļƒ˜Disruption: interruption/prevention of correct interruption/prevention of correct operation oModification ļƒ˜Usurpation: Usurpation: unauthorized control of a system unauthorized control of a system component oModification, masquerading/spoofing, delay, denial of service Classes of Threats (Shirley)
Computer Security and Privacy/Attacks Categories of Attacks/Threats (W. Stallings) Normal flow of information Interruption Interception Modification Fabrication Source Destination Attack
Computer Security and Privacy/Vulnerabilities Physical vulnerabilities (Ex. Buildings) Natural vulnerabilities (Ex. Earthquake) Hardware and Software vulnerabilities (Ex. Failures) Media vulnerabilities (Ex. Disks can be stolen) Communication vulnerabilities (Ex. Wires can be tapped) Human vulnerabilities (Ex. Insiders) Types of Vulnerabilities
Computer Security and Privacy/ Countermeasures Computer security controls ļ‚˜Authentication (Password, Cards, Biometrics) (What we know, have, are!) ļ‚˜Encryption ļ‚˜Auditing ļ‚˜Administrative procedures ļ‚˜Standards ļ‚˜Certifications ļ‚˜Physical Security ļ‚˜Laws
Computer Security and Privacy/ The Human Factor The human factor is an important component of computer security Some organizations view technical solutions as ā€œtheir solutionsā€ for computer security. However: ļ‚˜ Technology is fallible (imperfect) ļ‚˜ Ex. UNIX holes that opened the door for Morris worm ļ‚˜ The technology may not be appropriate ļ‚˜ Ex. It is difficult to define all the security requirements and find a solution that satisfies those requirements ļ‚˜ Technical solutions are usually (very) expensive ļ‚˜ Ex. Antivirus purchased by ETC to protect its Internet services ļ‚˜ Given all these, someone, a human, has to implement the solution
Computer Security and Privacy/ The Human Factor Competence of the security staff ļ‚˜Ex. Crackers may know more than the security team Understanding and support of management ļ‚˜Ex. Management does not want to spend money on security Staffā€™s discipline to follow procedures ļ‚˜Ex. Staff members choose simple passwords Staff members may not be trustworthy ļ‚˜Ex. Bank theft
Computer Security and Privacy/ Physical Security ā€œThe most robustly secured computer that is left sitting unattended in an unlocked room is not at all secure !!ā€ [Chuck Easttom]
Computer Security and Privacy/ Physical Security Physical security protects your physical computer facility (your building, your computer room, your computer, your disks and other media) [Chuck Easttom]. Physical security is the use of physical controls to protect premises, site, facility, building or other physical asset of an organization [Lawrence Fennelly]
Computer Security and Privacy/ Physical Security In the early days of computing physical security was simple because computers were big, standalone, expensive machines ļ‚˜It is almost impossible to move them (not portable) ļ‚˜They were very few and it is affordable to spend on physical security for them ļ‚˜Management was willing to spend money ļ‚˜Everybody understands and accepts that there is restriction
Computer Security and Privacy/ Physical Security => Physical security is much more difficult to achieve today than some decades ago
Computer Security and Privacy/ Physical Security Natural Disasters ļ‚˜ Fire and smoke ļ‚˜ Fire can occur anywhere ļ‚˜ Solution ā€“ Minimize risk Good policies: NO SMOKING, etc.. Fire extinguisher, good procedure and training Fireproof cases (and other techniques) for backup tapes Fireproof doors ļ‚˜ Climate ļ‚˜ Heat ļ‚˜ Direct sun ļ‚˜ Humidity Threats and vulnerabilities
Computer Security and Privacy/ Physical Security Natural Disasters ā€¦ ļ‚˜ Hurricane, storm, cyclone ļ‚˜ Earthquakes ļ‚˜ Water ļ‚˜ Flooding can occur even when a water tab is not properly closed ļ‚˜ Electric supply ļ‚˜ Voltage fluctuation Solution: Voltage regulator ļ‚˜ Lightning Threats and vulnerabilities ā€¦ Solution ļ‚˜ Avoid having servers in areas often hit by Natural Disasters!
Computer Security and Privacy/ Physical Security People ļ‚˜Intruders ļ‚˜Internal Thieves ļ‚˜ Thieves ļ‚˜ People who have been given access unintentionally by the insiders ļ‚˜ Employees, contractors, etc. who have access to the facilities ļ‚˜External thieves ļ‚˜ Portable computing devices can be stolen outside the organizationā€™s premises Loss of a computing device ļ‚˜Mainly laptop Threats and vulnerabilities ā€¦
Computer Security and Privacy/ Physical Security Safe area Safe area often is a locked place where only authorized personnel can have access Organizations usually have safe area for keeping computers and related devices
Computer Security and Privacy/ Physical Security Is the area inaccessible through other openings (window, roof-ceilings, ventilation hole, etc.)? ļ‚˜Design of the building with security in mind ļ‚˜Know the architecture of your building Safe area ā€¦ Challenges During opening hours, is it always possible to detect when unauthorized person tries to get to the safe area? ļ‚˜Surveillance/guards, video-surveillance, automatic- doors with security code locks, alarms, etc. ļ‚˜Put signs so that everybody sees the safe area
Computer Security and Privacy/ Physical Security Are the locks reliable? ļ‚˜ The effectiveness of locks depends on the design, manufacture, installation and maintenance of the keys! ļ‚˜ Among the attacks on locks are: ļ‚˜ Illicit keys Duplicate keys Avoid access to the key by unauthorized persons even for a few seconds Change locks/keys frequently Key management procedure Lost keys Notify responsible person when a key is lost There should be no label on keys ļ‚˜ Circumventing of the internal barriers of the lock Directly operating the bolt completely bypassing the locking mechanism which remains locked ļ‚˜ Forceful attacks: Punching, Drilling, Hammering, etc. Safe areaā€¦Locks
Computer Security and Privacy/ Physical Security Surveillance with guards ļ‚˜The most common in Ethiopia ļ‚˜Not always the most reliable since it adds a lot of human factor ļ‚˜Not always practical for users (employees donā€™t like to be questioned by guards wherever they go) Safe areaā€¦ Surveillance
Computer Security and Privacy/ Physical Security Safe areaā€¦ Surveillance Surveillance with video ļ‚˜ Uses Closed Circuit Television (CCTV) ļ‚˜ Started in the 1960s ļ‚˜ Become more and more popular with the worldwide increase of theft and terrorism ļ‚˜ Advantages ļ‚˜ A single person can monitor more than one location ļ‚˜ The intruder doesnā€™t see the security personnel ļ‚˜ It is cheaper after the initial investment ļ‚˜ It can be recorded and be used for investigation ļ‚˜ Since it can be recorded the security personnel is more careful ļ‚˜ Todayā€™s digital video-surveillance can use advanced techniques such as face recognition to detect terrorists, wanted people, etc. ļ‚˜ Drawback ļ‚˜ Privacy concerns
Computer Security and Privacy/ Physical Security Choose employees carefully ļ‚˜Personal integrity should be as important a factor in the hiring process as technical skills Create an atmosphere in which the levels of employee loyalty, morale, and job satisfaction are high Remind employees, on a regular basis, of their continuous responsibilities to protect the organizationā€™s information Internal Human factor - Personnel
Computer security/ Attacks & Threats A computer security threat is any person, act, or object that poses a danger to computer security Computer world is full of threats! ā€¦ refer to the first assignmentā€¦ And so is the real world! ļ‚˜Thieves, pick-pockets, burglars, murderers, drunk drivers, ā€¦
Computer security/ Attacks & Threats What is the right attitude? ļ‚˜ To do what you do in real life What do you do in real life? ļ‚˜ You learn about the threats ļ‚˜ What are the threats ļ‚˜ How can these threats affect you ļ‚˜ What is the risk for you to be attacked by these threats ļ‚˜ How you can protect yourself from these risks ļ‚˜ How much does the protection cost ļ‚˜ What you can do to limit the damage in case you are attacked ļ‚˜ How you can recover in case you are attacked ļ‚˜ Then, you protect yourself in order to limit the risk but to continue to live your life You need to do exactly the same thing with computers!
Computer security/ Attacks & Threats Types of Threats/Attacks ā€¦ (Chuck Eastom) Hacking Attack: ļ‚˜Any attempt to gain unauthorized access to your system Denial of Service (DoS) Attack ļ‚˜Blocking access from legitimate users Physical Attack: ļ‚˜Stealing, breaking or damaging of computing devices
Computer security/ Attacks & Threats Malware Attack: ļ‚˜A generic term for software that has malicious purpose ļ‚˜Examples ļ‚˜Viruses ļ‚˜Trojan horses ļ‚˜Spy-wares ļ‚˜New ones: Spam/scam, identity theft, e-payment frauds, etc. Types of Threats/Attacks (Chuck Eastom)
Computer security/Threats Viruses ļ‚˜ā€œA small program that replicates and hides itself inside other programs usually without your knowledge.ā€ Symantec ļ‚˜Similar to biological virus: Replicates and Spreads Malware Attack: Worms ļ‚˜An independent program that reproduces by copying itself from one computer to another ļ‚˜It can do as much harm as a virus ļ‚˜It often creates denial of service
Computer security/Threats Trojan horses ļ‚˜(Ancient Greek tale of the city of Troy and the wooden horse) - ?? ļ‚˜Secretly downloading a virus or some other type of mal- ware on to your computers. Spy-wares ļ‚˜ā€œA software that literally spies on what you do on your computer.ā€ ļ‚˜Example: Simple Cookies and Key Loggers Malware Attackā€¦
Computer security/Threats Infection mechanisms ļ‚˜First, the virus should search for and detect objects to infect ļ‚˜Installation into the infectable object ļ‚˜Writing on the boot sector ļ‚˜Add some code to executable programs ļ‚˜Add some code to initialization/auto-executable programs ļ‚˜ā€¦ Most software based attacks are commonly called Viruses: How do viruses work?
Computer security/Threats Trigger mechanism ļ‚˜Date ļ‚˜Number of infections ļ‚˜First use How do viruses work? ā€¦ Effects: It can be anything ļ‚˜A message ļ‚˜Deleting files ļ‚˜Formatting disk ļ‚˜Overloading processor/memory ļ‚˜Etc.
Computer security/Threats Adolescents ļ‚˜Ethically normal and of average/above average intelligence. ļ‚˜Tended to understand the difference between what is right and wrong ļ‚˜Typically do not accept any responsibility for problems caused Who Writes Virus
Computer security/Threats The College Student ļ‚˜Ethically normal ļ‚˜Are not typically concerned about the results of their actions related to their virus writing Who Writes Virus ā€¦ The Adult (smallest category) ļ‚˜Ethically abnormal
Computer security/Threats Three categories ļ‚˜Scanners ļ‚˜Activity monitors ļ‚˜Change detection software Anti-Virus There are ļ‚˜Generic solutions ļ‚˜Ex. Integrity checking ļ‚˜Virus specific solution ļ‚˜Ex. Looking for known viruses
Types of Antivirus 1. AVG(Anti Virus Garden) the first most popular anti virus software It can download freely from internet 2. MacAfee the second most popular anti virus software 3. Norton the third most popular anti virus software and it cheeks and delete virus from a computer
Computer security/Threats Functions of anti-viruses ļ‚˜Identification of known viruses ļ‚˜Detection of suspected viruses ļ‚˜Blocking of possible viruses ļ‚˜Disinfection of infected objects ļ‚˜Deletion and overwriting of infected objects Anti-Virus ā€¦
Computer security/Threats Hacking: is any attempt to intrude or gain unauthorized access to your system either via some operating system flaw or other means. The purpose may or may not be for malicious purposes. Hackers/Intrusion Attack: Cracking: is hacking conducted for malicious purposes.
Computer security/Threats DoS Attack: is blocking access of legitimate users to a service. Denial of Service (DoS) Attack: Distributed DoS Attack: is accomplished by tricking routers into attacking a target or using Zumbie hosts to simultaneously attack a given target with large number of packets.
Computer security/Threats Simple illustration of DoS attack (from Easttom) C:>Ping <address of X> -l 65000 ā€“w 0 -t Ping Ping Ping Ping Web Server X Legitimate User
chapter 1 security.ppt

More Related Content

PPT
Computer Securityyyyyyyy - Chapter 1.ppt
SolomonSB
Ā 
PPT
Security - Chapter 1.ppt
WorknehEdimealem
Ā 
PPT
Chapter 1.ppt
abrahamermias1
Ā 
PPTX
Chapter 1 a
kibrutry
Ā 
PDF
Information Security Lecture Notes
FellowBuddy.com
Ā 
PDF
Insecurity vssut
RAVIKUMAR Digital Signal Processing
Ā 
PDF
cryptograph and computer security lecture 1.pdf
AWELHAJI2
Ā 
PPT
hel1.ppt
sheela631571
Ā 
Computer Securityyyyyyyy - Chapter 1.ppt
SolomonSB
Ā 
Security - Chapter 1.ppt
WorknehEdimealem
Ā 
Chapter 1.ppt
abrahamermias1
Ā 
Chapter 1 a
kibrutry
Ā 
Information Security Lecture Notes
FellowBuddy.com
Ā 
Insecurity vssut
RAVIKUMAR Digital Signal Processing
Ā 
cryptograph and computer security lecture 1.pdf
AWELHAJI2
Ā 
hel1.ppt
sheela631571
Ā 

Similar to chapter 1 security.ppt (20)

PPT
hel1.ppt
ssuserfdf7272
Ā 
PPT
Introduction to Computer Security.ppt
KojaSb
Ā 
PPT
hel1.ppt
LakshmiPrasadGutta
Ā 
PPT
hel1.ppt
Saiyed Shahab Ahmad
Ā 
PPT
hel1.ppt
FauziRahmanWiratmadj
Ā 
PPT
hel1.ppt
UsmanSafdar21
Ā 
PPT
hel1 (1).ppt
Sameer Ali
Ā 
PPT
Computer security power point prsentation.ppt
pihadar269
Ā 
PPT
hel1.ppt
SharudinBoriak1
Ā 
PPT
hel1.ppt
Thontadharya H.J.
Ā 
PPT
3 Most Common Threats Of Information Security
Ana Meskovska
Ā 
PPT
Information security
Yogeshwari M Yogi
Ā 
PPTX
cscu module 01 Foundations of Security.pptx
MakalamangiBrown
Ā 
PPTX
Security in network computing
Manoj VNV
Ā 
DOCX
E sec chaptr-1
123aleena
Ā 
PDF
Chapter 1 - Introduction.pdf
EthioDotNetDeveloper
Ā 
PDF
ICT-security-Lesson-4.pdf
asdfg hjkl
Ā 
PPTX
Network Security Chapter-1 Computer Science.pptx
Abdul Rahim Ahmadi
Ā 
PPTX
security in it (data and cyber security)
Rohana K Amarakoon
Ā 
PPTX
security system by desu star chapter 1.pptx
desalewminale
Ā 
hel1.ppt
ssuserfdf7272
Ā 
Introduction to Computer Security.ppt
KojaSb
Ā 
hel1.ppt
LakshmiPrasadGutta
Ā 
hel1.ppt
Saiyed Shahab Ahmad
Ā 
hel1.ppt
FauziRahmanWiratmadj
Ā 
hel1.ppt
UsmanSafdar21
Ā 
hel1 (1).ppt
Sameer Ali
Ā 
Computer security power point prsentation.ppt
pihadar269
Ā 
hel1.ppt
SharudinBoriak1
Ā 
hel1.ppt
Thontadharya H.J.
Ā 
3 Most Common Threats Of Information Security
Ana Meskovska
Ā 
Information security
Yogeshwari M Yogi
Ā 
cscu module 01 Foundations of Security.pptx
MakalamangiBrown
Ā 
Security in network computing
Manoj VNV
Ā 
E sec chaptr-1
123aleena
Ā 
Chapter 1 - Introduction.pdf
EthioDotNetDeveloper
Ā 
ICT-security-Lesson-4.pdf
asdfg hjkl
Ā 
Network Security Chapter-1 Computer Science.pptx
Abdul Rahim Ahmadi
Ā 
security in it (data and cyber security)
Rohana K Amarakoon
Ā 
security system by desu star chapter 1.pptx
desalewminale
Ā 
Ad

Recently uploaded (20)

PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
Ā 
PDF
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
Ā 
PPTX
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
Ā 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
Ā 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
Ā 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
Ā 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
Ā 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
Ā 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
Ā 
PDF
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
Ā 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
Ā 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
Ā 
PDF
Orbitly Pitch Deckļ½œA Mission-Driven Platform for Side Project Collaboration (...
zz41354899
Ā 
PDF
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
Ā 
PDF
Software Development Methodologies in 2025
KodekX
Ā 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
Ā 
PDF
The Future of Mobile Is Context-Awareā€”Are You Ready?
iProgrammer Solutions Private Limited
Ā 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
Ā 
PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
Ā 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
Ā 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
Ā 
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
Ā 
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
Ā 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
Ā 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
Ā 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
Ā 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
Ā 
The Future of AI & Machine Learning.pptx
pritsen4700
Ā 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
Ā 
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
Ā 
Brief History of Internet - Early Days of Internet
sutharharshit158
Ā 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
Ā 
Orbitly Pitch Deckļ½œA Mission-Driven Platform for Side Project Collaboration (...
zz41354899
Ā 
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
Ā 
Software Development Methodologies in 2025
KodekX
Ā 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
Ā 
The Future of Mobile Is Context-Awareā€”Are You Ready?
iProgrammer Solutions Private Limited
Ā 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
Ā 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
Ā 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
Ā 
Ad

chapter 1 security.ppt

  • 1. Computer security (Itecā€¦ 3CrHr) Department of Computer Science Admas university Mekanisa campus Set by: HabtamuB.
  • 2. Computer Security and Privacy ā€œThe most secure computers are those not connected to the Internet and shielded from any interferenceā€
  • 3. Computer Security and Privacy Computer security is about provisions and policies adopted to protect information and property from theft, corruption, or natural disaster while allowing the information and property to remain accessible and productive to its intended users.
  • 4. Computer Security and Privacy Network security on the other hand deals with provisions and policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network- accessible resources. Internet Not Sufficient!!
  • 5. Computer Security and Privacy Elements of Security Integrity Confidentiality Availaibility
  • 6. Spoofing Attack Brut Force Attack: Malware Attack: Virus/Worm Attack SMURF Attack: SYN Attack Trojan Horse Logic Bomb Ping of Death Packet Sniffing Eavesdropping Cracking Session Hijacking War Dialing DoS/DDoS Blackout/ Brownout Serge/Spike Traffic Analysis Wire Tapping Assignment: ā€¢ Form a group of Three. ā€¢ Read about these security attack related keywords and write a five page (maximum) summary of your findings including any recorded history of significant damages created by these attacks. ā€¢ Send your report by email in word format after two weeks (Use your names as the file name:[email protected]). ā€¢ Bonus: While reading, if you find keywords other than these, send them on the second page of your report. ā€¢ Finally prepare for presentation. Computer Security and Privacy
  • 7. Course Outline 1.Fundamentals of computer security & privacy ļ‚§ Overview: history, vulnerabilities, countermeasures, physical security 2.Computer security attacks/threats ļ‚§ Viruses, Worms, Trojan horses, Crackers, Spy-wares ā€¦ 3.Cryptography and Encryption Techniques 4.Network security concepts and mechanisms ļ‚§ Transport and Application layer security, IP security, ā€¦ 5.Security mechanisms and techniques ļ‚§ Authentication, access control, firewall, ā€¦ 6.Secure system planning and administration ļ‚§ Analysing risks, planning, policies and procedures 7.Information Security ļ‚§ Legal, ethical and policy issues
  • 8. References 1. Computer security basics, D. Russel and G. Gangemi 2. Security Complete, BPB Publications 3. Computer Security Fundamentals, Chuck Easttom 4. Network Security Essentials, W. Stallings 5. Effective Physical Security, Lawrence Fennelly 6. Information Security Policies and Procedures, Thomas R. Peltier 7. Physical Security for IT, Erbschloe Michael 8. Computer Security: Art and Science, Matt Bishop 9. Computer Security, Dicter Gouman, John Wiley & Sons 10. Computer Security: Art and Science, Mathew Bishop, Addison-Wesley 11. Principles of Information Security, Whitman, Thomson. 12. Network security, Kaufman, Perl man and Speciner, Pearson Education. 13. Cryptography and Network Security, 5th Edition William Stallings, Pearson Education 14. Introduction to Cryptography, Buchmann, Springer.
  • 9. Computer Security and Privacy/ Overview Security: The prevention and protection of computer assets from unauthorized access, use, alteration, degradation, destruction, and other threats. Privacy: The right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information. Security/Privacy Threat: Any person, act, or object that poses a danger to computer security/privacy. Definitions
  • 10. Computer Security and Privacy/Attacks Prevention oTo prevent someone from violating a security policy Detection: oTo detect activities in violation of a security policy oVerify the efficacy of the prevention mechanism Recovery oStop policy violations (attacks) oAssess and repair damage oEnsure availability in presence of an ongoing attack oFix vulnerabilities for preventing future attack. oRetaliation against the attacker Goals of Security
  • 11. Computer Security and Privacy/Attacks Interruption: An attack on availability ļƒ˜ E.g. DOS Attack Interception: An attack on confidentiality ļƒ˜ E.g. Eyes dropper Modification: An attack on integrity ļƒ˜ E.g. Hacker Fabrication: An attack on authenticity ļƒ˜ E.g. Man in the middle (MITM) Repudiation of origin: False denial that an entity created something. Categories of Attacks(Common security attacks)
  • 12. Computer Security and Privacy/Attacks ļƒ˜Disclosure: Disclosure: unauthorized access to information oSpoofing ļƒ˜Deception: acceptance of false data. oModification, masquerading/spoofing, repudiation of origin, denial of receipt. oModification ļƒ˜Disruption: interruption/prevention of correct interruption/prevention of correct operation oModification ļƒ˜Usurpation: Usurpation: unauthorized control of a system unauthorized control of a system component oModification, masquerading/spoofing, delay, denial of service Classes of Threats (Shirley)
  • 13. Computer Security and Privacy/Attacks Categories of Attacks/Threats (W. Stallings) Normal flow of information Interruption Interception Modification Fabrication Source Destination Attack
  • 14. Computer Security and Privacy/Vulnerabilities Physical vulnerabilities (Ex. Buildings) Natural vulnerabilities (Ex. Earthquake) Hardware and Software vulnerabilities (Ex. Failures) Media vulnerabilities (Ex. Disks can be stolen) Communication vulnerabilities (Ex. Wires can be tapped) Human vulnerabilities (Ex. Insiders) Types of Vulnerabilities
  • 15. Computer Security and Privacy/ Countermeasures Computer security controls ļ‚˜Authentication (Password, Cards, Biometrics) (What we know, have, are!) ļ‚˜Encryption ļ‚˜Auditing ļ‚˜Administrative procedures ļ‚˜Standards ļ‚˜Certifications ļ‚˜Physical Security ļ‚˜Laws
  • 16. Computer Security and Privacy/ The Human Factor The human factor is an important component of computer security Some organizations view technical solutions as ā€œtheir solutionsā€ for computer security. However: ļ‚˜ Technology is fallible (imperfect) ļ‚˜ Ex. UNIX holes that opened the door for Morris worm ļ‚˜ The technology may not be appropriate ļ‚˜ Ex. It is difficult to define all the security requirements and find a solution that satisfies those requirements ļ‚˜ Technical solutions are usually (very) expensive ļ‚˜ Ex. Antivirus purchased by ETC to protect its Internet services ļ‚˜ Given all these, someone, a human, has to implement the solution
  • 17. Computer Security and Privacy/ The Human Factor Competence of the security staff ļ‚˜Ex. Crackers may know more than the security team Understanding and support of management ļ‚˜Ex. Management does not want to spend money on security Staffā€™s discipline to follow procedures ļ‚˜Ex. Staff members choose simple passwords Staff members may not be trustworthy ļ‚˜Ex. Bank theft
  • 18. Computer Security and Privacy/ Physical Security ā€œThe most robustly secured computer that is left sitting unattended in an unlocked room is not at all secure !!ā€ [Chuck Easttom]
  • 19. Computer Security and Privacy/ Physical Security Physical security protects your physical computer facility (your building, your computer room, your computer, your disks and other media) [Chuck Easttom]. Physical security is the use of physical controls to protect premises, site, facility, building or other physical asset of an organization [Lawrence Fennelly]
  • 20. Computer Security and Privacy/ Physical Security In the early days of computing physical security was simple because computers were big, standalone, expensive machines ļ‚˜It is almost impossible to move them (not portable) ļ‚˜They were very few and it is affordable to spend on physical security for them ļ‚˜Management was willing to spend money ļ‚˜Everybody understands and accepts that there is restriction
  • 21. Computer Security and Privacy/ Physical Security => Physical security is much more difficult to achieve today than some decades ago
  • 22. Computer Security and Privacy/ Physical Security Natural Disasters ļ‚˜ Fire and smoke ļ‚˜ Fire can occur anywhere ļ‚˜ Solution ā€“ Minimize risk Good policies: NO SMOKING, etc.. Fire extinguisher, good procedure and training Fireproof cases (and other techniques) for backup tapes Fireproof doors ļ‚˜ Climate ļ‚˜ Heat ļ‚˜ Direct sun ļ‚˜ Humidity Threats and vulnerabilities
  • 23. Computer Security and Privacy/ Physical Security Natural Disasters ā€¦ ļ‚˜ Hurricane, storm, cyclone ļ‚˜ Earthquakes ļ‚˜ Water ļ‚˜ Flooding can occur even when a water tab is not properly closed ļ‚˜ Electric supply ļ‚˜ Voltage fluctuation Solution: Voltage regulator ļ‚˜ Lightning Threats and vulnerabilities ā€¦ Solution ļ‚˜ Avoid having servers in areas often hit by Natural Disasters!
  • 24. Computer Security and Privacy/ Physical Security People ļ‚˜Intruders ļ‚˜Internal Thieves ļ‚˜ Thieves ļ‚˜ People who have been given access unintentionally by the insiders ļ‚˜ Employees, contractors, etc. who have access to the facilities ļ‚˜External thieves ļ‚˜ Portable computing devices can be stolen outside the organizationā€™s premises Loss of a computing device ļ‚˜Mainly laptop Threats and vulnerabilities ā€¦
  • 25. Computer Security and Privacy/ Physical Security Safe area Safe area often is a locked place where only authorized personnel can have access Organizations usually have safe area for keeping computers and related devices
  • 26. Computer Security and Privacy/ Physical Security Is the area inaccessible through other openings (window, roof-ceilings, ventilation hole, etc.)? ļ‚˜Design of the building with security in mind ļ‚˜Know the architecture of your building Safe area ā€¦ Challenges During opening hours, is it always possible to detect when unauthorized person tries to get to the safe area? ļ‚˜Surveillance/guards, video-surveillance, automatic- doors with security code locks, alarms, etc. ļ‚˜Put signs so that everybody sees the safe area
  • 27. Computer Security and Privacy/ Physical Security Are the locks reliable? ļ‚˜ The effectiveness of locks depends on the design, manufacture, installation and maintenance of the keys! ļ‚˜ Among the attacks on locks are: ļ‚˜ Illicit keys Duplicate keys Avoid access to the key by unauthorized persons even for a few seconds Change locks/keys frequently Key management procedure Lost keys Notify responsible person when a key is lost There should be no label on keys ļ‚˜ Circumventing of the internal barriers of the lock Directly operating the bolt completely bypassing the locking mechanism which remains locked ļ‚˜ Forceful attacks: Punching, Drilling, Hammering, etc. Safe areaā€¦Locks
  • 28. Computer Security and Privacy/ Physical Security Surveillance with guards ļ‚˜The most common in Ethiopia ļ‚˜Not always the most reliable since it adds a lot of human factor ļ‚˜Not always practical for users (employees donā€™t like to be questioned by guards wherever they go) Safe areaā€¦ Surveillance
  • 29. Computer Security and Privacy/ Physical Security Safe areaā€¦ Surveillance Surveillance with video ļ‚˜ Uses Closed Circuit Television (CCTV) ļ‚˜ Started in the 1960s ļ‚˜ Become more and more popular with the worldwide increase of theft and terrorism ļ‚˜ Advantages ļ‚˜ A single person can monitor more than one location ļ‚˜ The intruder doesnā€™t see the security personnel ļ‚˜ It is cheaper after the initial investment ļ‚˜ It can be recorded and be used for investigation ļ‚˜ Since it can be recorded the security personnel is more careful ļ‚˜ Todayā€™s digital video-surveillance can use advanced techniques such as face recognition to detect terrorists, wanted people, etc. ļ‚˜ Drawback ļ‚˜ Privacy concerns
  • 30. Computer Security and Privacy/ Physical Security Choose employees carefully ļ‚˜Personal integrity should be as important a factor in the hiring process as technical skills Create an atmosphere in which the levels of employee loyalty, morale, and job satisfaction are high Remind employees, on a regular basis, of their continuous responsibilities to protect the organizationā€™s information Internal Human factor - Personnel
  • 31. Computer security/ Attacks & Threats A computer security threat is any person, act, or object that poses a danger to computer security Computer world is full of threats! ā€¦ refer to the first assignmentā€¦ And so is the real world! ļ‚˜Thieves, pick-pockets, burglars, murderers, drunk drivers, ā€¦
  • 32. Computer security/ Attacks & Threats What is the right attitude? ļ‚˜ To do what you do in real life What do you do in real life? ļ‚˜ You learn about the threats ļ‚˜ What are the threats ļ‚˜ How can these threats affect you ļ‚˜ What is the risk for you to be attacked by these threats ļ‚˜ How you can protect yourself from these risks ļ‚˜ How much does the protection cost ļ‚˜ What you can do to limit the damage in case you are attacked ļ‚˜ How you can recover in case you are attacked ļ‚˜ Then, you protect yourself in order to limit the risk but to continue to live your life You need to do exactly the same thing with computers!
  • 33. Computer security/ Attacks & Threats Types of Threats/Attacks ā€¦ (Chuck Eastom) Hacking Attack: ļ‚˜Any attempt to gain unauthorized access to your system Denial of Service (DoS) Attack ļ‚˜Blocking access from legitimate users Physical Attack: ļ‚˜Stealing, breaking or damaging of computing devices
  • 34. Computer security/ Attacks & Threats Malware Attack: ļ‚˜A generic term for software that has malicious purpose ļ‚˜Examples ļ‚˜Viruses ļ‚˜Trojan horses ļ‚˜Spy-wares ļ‚˜New ones: Spam/scam, identity theft, e-payment frauds, etc. Types of Threats/Attacks (Chuck Eastom)
  • 35. Computer security/Threats Viruses ļ‚˜ā€œA small program that replicates and hides itself inside other programs usually without your knowledge.ā€ Symantec ļ‚˜Similar to biological virus: Replicates and Spreads Malware Attack: Worms ļ‚˜An independent program that reproduces by copying itself from one computer to another ļ‚˜It can do as much harm as a virus ļ‚˜It often creates denial of service
  • 36. Computer security/Threats Trojan horses ļ‚˜(Ancient Greek tale of the city of Troy and the wooden horse) - ?? ļ‚˜Secretly downloading a virus or some other type of mal- ware on to your computers. Spy-wares ļ‚˜ā€œA software that literally spies on what you do on your computer.ā€ ļ‚˜Example: Simple Cookies and Key Loggers Malware Attackā€¦
  • 37. Computer security/Threats Infection mechanisms ļ‚˜First, the virus should search for and detect objects to infect ļ‚˜Installation into the infectable object ļ‚˜Writing on the boot sector ļ‚˜Add some code to executable programs ļ‚˜Add some code to initialization/auto-executable programs ļ‚˜ā€¦ Most software based attacks are commonly called Viruses: How do viruses work?
  • 38. Computer security/Threats Trigger mechanism ļ‚˜Date ļ‚˜Number of infections ļ‚˜First use How do viruses work? ā€¦ Effects: It can be anything ļ‚˜A message ļ‚˜Deleting files ļ‚˜Formatting disk ļ‚˜Overloading processor/memory ļ‚˜Etc.
  • 39. Computer security/Threats Adolescents ļ‚˜Ethically normal and of average/above average intelligence. ļ‚˜Tended to understand the difference between what is right and wrong ļ‚˜Typically do not accept any responsibility for problems caused Who Writes Virus
  • 40. Computer security/Threats The College Student ļ‚˜Ethically normal ļ‚˜Are not typically concerned about the results of their actions related to their virus writing Who Writes Virus ā€¦ The Adult (smallest category) ļ‚˜Ethically abnormal
  • 41. Computer security/Threats Three categories ļ‚˜Scanners ļ‚˜Activity monitors ļ‚˜Change detection software Anti-Virus There are ļ‚˜Generic solutions ļ‚˜Ex. Integrity checking ļ‚˜Virus specific solution ļ‚˜Ex. Looking for known viruses
  • 42. Types of Antivirus 1. AVG(Anti Virus Garden) the first most popular anti virus software It can download freely from internet 2. MacAfee the second most popular anti virus software 3. Norton the third most popular anti virus software and it cheeks and delete virus from a computer
  • 43. Computer security/Threats Functions of anti-viruses ļ‚˜Identification of known viruses ļ‚˜Detection of suspected viruses ļ‚˜Blocking of possible viruses ļ‚˜Disinfection of infected objects ļ‚˜Deletion and overwriting of infected objects Anti-Virus ā€¦
  • 44. Computer security/Threats Hacking: is any attempt to intrude or gain unauthorized access to your system either via some operating system flaw or other means. The purpose may or may not be for malicious purposes. Hackers/Intrusion Attack: Cracking: is hacking conducted for malicious purposes.
  • 45. Computer security/Threats DoS Attack: is blocking access of legitimate users to a service. Denial of Service (DoS) Attack: Distributed DoS Attack: is accomplished by tricking routers into attacking a target or using Zumbie hosts to simultaneously attack a given target with large number of packets.
  • 46. Computer security/Threats Simple illustration of DoS attack (from Easttom) C:>Ping <address of X> -l 65000 ā€“w 0 -t Ping Ping Ping Ping Web Server X Legitimate User