Computer Security A Definition of Computer Security ‘The NIST Computer Security Handbook [NIST95] defines the term computer security as follows ‘The protection afforded to an automated information system in order to attain the applicable objectives of preserving the Integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data and telecommunicatiors). In simple words, itis the protection of computer systems and networks from attacks by malicious actors that may result in unauthorised in format disclosure, theft of, or damage to hardware, software or data, as well as from the disruption or misdirection of the services they provide. Objectives of Computer Security Three key objectives that are at the Heart of Computer security : 1. Confidentiality This term covers two related concepts : Data Confidentiality Assures that private or confidential information is not made available or disclosed to unauthorised individuals. Privacy Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. 2. Integrity This term covers two related concepts. Data Integrity Assure that information and programs are changed only in a specified and authorised manner. System Integrity Assure that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorised ‘manipulation of the system. 3. Availability Assure that systems work promptley and service is not denied to authorised users. Malware : Threats to Computer Security © Malware stands for malicious software. It is a broad ‘term that refers to a variety of malicious programs that are used to damage computer system, gather sensitive information or gain access to private computer systems, « Itincludes computer viruses, worms, trojan horses, rootkits, spyware, bots, etc. Some of them are described below : Virus © VIRUS stands for Vital Information Resources Under Seize. Computer viruses or perverse softwares are small programs that negatively affects the computer systems. It obtains control of a PC and directs it to perform unusual and often destructive actions. © Viruses are self-replicating and attached themselves to other programs which further spread the infection. ‘The virus can attack any part of the computer software such as the boot block, operating system, system areas, files and application programs. The creeper virus is the world’s first computer virus designed by Bob Thomas in 1971 as an experiment in self-duplication. ‘Types of Virus Some common types of viruses are as follows as : 1, Resident Virus It fixes itself into the system's memory and get activated whenever the operating system runs and infects all the files that are opened. Ithides in the RAM and stays there even after the malicious code is executed. e.g., Randex, Meve etc 2. Direct Action Virus It comes into action when the file containing the virus is executed. It infects filescomputer Concepts Computer Security in the folder that are specified in the AUTOEXEC.bat file path. e.g, Vienna virus, 3. Overwrite Virus It deletes the information contained in the files that it infects, rendering them partially or totally useless, once they have been infected. e.g., Way, Trj.Reboot, Trivial.88.D ete. 4, Boot Sector Virus It is also called Master Boot Sector virus or Master Boot Record virus, This type of virus affects the boot sector of a system executing every time system is booted and before OSis loaded. Brain was the first PC boot sector virus created in 1986. e.g., Polyboot.B, AntiEXE etc. 5. Macro Virus It infects files that are created using certain applications or programs that contain ‘macros, like .doc, .xls, .ppt etc. eg., Melissa.A, 6. File System Virus Itis also called Cluster virus or Directory virus. It infects the directory of the computer by changing the path that indicates the location of a file. e.g., Dir-2 virus 7, Polymorphic Virus It uses a special method of encoding or encryption every time it infects a system. This virus then goes on to create a large number of copies. e.g., Elkern, Tuareg etc. 8. FAT Virus The file allocation table is a part of disk used to store all the information about the location of files, unusable space, etc. This virus affects the FAT section and may damage crucial information. eg,, Link virus etc. 9. Multipartite Virus It may infect and spread in multiple ways such as the operating system installed or the existence of certain files. They are very infectious. They may infect both the executable program files and the boot sector. eg. Flip, 10, Web Scripting Virus Many Websites execute complex code in order to provide interesting, content. These sites are sometimes created with purposely infected code. These viruses are attached to certain links, ads, images, videos and the layout of a website. They carry malicious code that get activated when you click on an infected source. eg., JS Fortnight Effects of Virus There are many different effects that viruses can have on your computer, depending on the types of virus. Some viruses can ® (i) monitor what you are doing. (i) slow down your computer's performance. (iii) destroy all data on your local disk. (iv) affect on computer networks and the connection to Internet. (¥) frequent crashes in your computer. (vi) increase or decrease memory size. (vii) display different types of error messages. (viii) decrease partition size. (xi) alter PC settings. (x) display arrays of annoying advertising. (xi) extend boot times. (xii) create more than one partitions. (xiii) automatic start up of unknown program Worms * A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. © They can also spread through shared media, such as USB drives or CD and DVD data disks, E-mail worms spread in macro or script code included in documents attached to e-mail or to instant messenger file transfer. Features of Worms 1, Independent It does not need any Host program, as it is an independent program or code chunk and actively carry out attacks. 2. Exploit attacks It takes advantage of various operating system vulnerabilities to carry out active attacks, 3. Complexity Some worms are combined with web page scripts and are hidden in HTML pages. 4, Contagiousness They are more infectious than traditional virus. « Inorder to protect our computer system, we should keep our machine up to date. Anti-virus and Antispyware software are also helpful, Also, the use of firewall is recommended. * Worms are hard to detect because they are invisible files. e¢., Bagle, [love you, Morris, Nimda ete. Trojan * A Trojan, or Trojan horse, is a non-self-replicating type ‘of malware which appears to perform a desirable function but instead facilitates unauthorised access to the user’s computer system.% Prep Guide MAH-MCA CET * Ttis a useful or apparently useful program or utility containing hidden code that when invoked performs some unwanted or harmful functions. © Trojans do not attempt to inject themselves into other files like a computer virus. Trojan horses may steal information, or harm their host computer systems, * Trojans may use drive by downloads or install via online games or Internet driven applications in ‘order to reach target computers. Unlike viruses, Trojan horses do not replicate themselves. eg., Beast, Sub7.Zeus, ZeroAccess Rootkit etc. Spyware * Itisa program which is installed on a computer system to spy on the system owner's activity and collects alll the information which is misused afterwards. It tracks the user's behaviour and reports back to a central source. © Itis mostly classified into 4 types as : adware, system monitors, tracking including web tracking. and trojans example of other notorious types include digital right management capabilities that phone home, keyloggers, rootkits and web becons. ‘* These are used for either legal or illegal purpose. Spyware can transmit personal information to another person’s computer over the Internet. e.g. CoolWeb Search, FinFisher, Zango, Zlob Trojan, Keyloggers etc. Common problems that sypware can result in include, Data theft, identify fraud, device damage and browsing disruption, etc. * A device can become infected with spyware as result of ~ misleading marketing — phishing or spoofing ~ security vulnerabilities ~ software bundles = Trojans ~ accepting cookies consent requests from insecure websites ~ accepting pop-ups from untrusted sites clicking on malicious links = opening malicious attachments ~ downloading games, movies or music from pirated or spoofed websites ~ downloading malicious mobile apps Symptoms of Malware Attack Given below is a list of symptoms of malware attack which indicates that your system is infected with a computer malware. (i) Odd messages are displaying on the screen. (ii) Some files are missing. System runs slower. (iv) PC crashes and restarts again and again. (v) Drives are not accessible. (vi) Antivirus software will not run or installed. (vii) Unexpected sound or music plays. ‘The mouse pointer changes its graphic. (ix) System receives strange E-mails containing odd attachments or viruses. (x) PC starts performing functions like opening or closing window, running programs on its own. Some Other Threats to Computer Security ‘There are some other threats to computer security which are described below 1. Spoofing Itis the technique to access the unauthorised data without concerning to the authorised user. It accesses the resources over the network. It is also known as ‘Masquerade’. IP spoofing is a process or technique to enter in another computer by accessing its IP address. It pretends to be a legitimate user and access to its computer via a network. 2. Salami Technique It is a cybercrime that hackers typically used to commit financial crimes. It diverts small amounts of money from a large number of accounts maintained by the system. 3. Hacking Itis the act of intruding into someone else's computer or network to cause damage to or corrupt systems gather information on users, steal data and documents or disrupt data-related activity. Hacking may result in a Denial of Service (DoS) attack. It prevents authorised users from accessing the resources of the computer. A hacker is someone, who does hacking process. 4, Cracking Itis the act of breaking into computers software, systems or networks with malicious intent. It is an act of removing copy protection from a software. It is a popular, growing subject on Internet. Cracking tools are widely distributed on the Internet. They include password crackers, trojans, viruses, war-dialers, etc. 5. Phishing It is characterised by attempting to fraudulently acquire sensitive information such as passwords, credit cards details etc. by masquerading as a trustworthy person.computer Concepts Computer Security 6, Spam Itis the abuse of messaging systems to send unsolicited bulk messages in the form of E-mails. Itis a subset of electronic spam involving nearly identical messages sent to numerous recipients by E-mails. 7. Adware It is any software package which automatically renders advertisements in order to generate revenue for its author. The term is. sometimes used to refer the software that, displays unwanted advertisements. 8, Rootkit It is a type of malware that is designed to gain administrative level control over a computer system without being detected. Solutions to Computer Security Threats Some safeguards (or solutions) to protect a computer system from accidental access, are described below Antivirus Software « Ttis an application software that is designed to prevent, search for, detect and remove viruses and other malicious softwares like worms, trojans, adware and more. * Itconsists of computer programs that attempt to identify threats and eliminate computer viruses and other malware. + Few latest antivirus are as follow as : () Norton 360 with Lifelock (i) McAfee Antivirus Plus (ii) Bitdefender Antivirus Plus (iv) Trend Micro Antivirus+ Security (v) Webroot Secure Anywhere Antivirus (vi) Malware Bytes Digital Certificate Itis the attachment to an electronic message used for security purposes. The common use of a digital certificate is to verify that a user sending a message iswho he or she claims to be, and to provide the receiver with the means to encode a reply. It provides a means of proving your identity in tlectronic transactions. Digital Signature Itis an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged, Firewall * Itcan either be software based or hardware based and is used to help in keeping a network secure. Its primary objective is to control the incoming and outgoing network traffic by analysing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. * A network's firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external (inter) network, such as the Internet, that is not assumed to be secure and trusted. © A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. ‘© There are two forms of firewalls hardware and software firewalls. Password © Itis a secret word or a string of characters used for user authentication to prove identity or access approval to gain access to a resource. © A password is typically somewhere between 4 to 16 characters, depending on how the computer system is setup. When a password is entered, the computer system is careful not to display the characters on the display screen, in case others might see it. ‘There are two common modes of password as follows () Weak Password Easily remember just like names, birth dates, phone number ete. (ii) Strong Password Difficult to break and a combination of alphabets, numbers and special symbols. le Access Permission ‘© Most current file systems have methods of assigning, permissions or access rights to specific user and group of ‘users. These systems control the ability of the users to view or make changes to the contents of the file system. « File access permission refers to privileges that allow a user to read, write or execute a file,EXERCISES 1 Chapter Challenges . is a branch of information technology 10. own as information security. It affects the file allocation table section and may damage the crucial information Computer security Cyber security (a) Direc action virus (b) Macro virus Gracey GAdat thee (© FAT virus (4) File system virus 2. Computer security aims at preserving 411. Which virus spreads in application software that {@) integrity (b) availability contains macros? : (©) confidentiality (@) All of these (@) Macro virus (©) Boot virus ae (© File virus (4) Antivirus . A malware is a (@) program (&) hardware 42. The «...ssesee of a threat measures its potential (© person (€) None of these impact on a system. eee aaa Vines Wises od Tees (@) vulnerabilities (b) counter measures vares sui : : Horses that have a malicious content, is known as (6) degree of harm (@) susceptibility (@) Malicious software (malware) 13. Which of the following is the type of software that (©) adware has self-replicating software that causes damage to (© seareware files and system? (@) spyware (@) Viruses (0) Trojan horses (©) Bots (a) Worms 5. Itis a self-replicating program that infects computer and spreads by inserting copies of itself 14, Which of the following is not a type of virus? into other executable code or documents. (@) Bootsector (b) Polymorphic (a) Keylogger (b) Worm (©) Multipartite (d) Trojans (ving (4) Cracker 15, Which of the following usually observe each activity 6. If your computer rebooting itself then it is likely on the internet of the victim, gather all information that in the background and send it to someone else (@) it has a virus (a) malware () spyware (©) it does not have enough memory (© adware (€) All of these (0) there is no printer me 7 - . Masquerading is also known as (4) there has been a power surge (a) phishing (b) spam (c) spoofing (d) hacking ihe Bs commer Sirus Ie 17, It is a cybercrime that hackers typically used to ere ir idpee commit financial crimes (©) the famous (@) (a) Hacking (b) Adware 8. It deletes all the files that is infects (c) Salami attack (d) Rootkit ie) non reer ue) oreo 18. Which malicious software is designed to gain (©) polymorphic virus (d) multipartite virus administrative level control over the system 9. It infects the executables as well as boot sectors without being detected? (@) polymorphic virus _(b) boot sector virus (a) Rootkit (b) Adware (©) multipartite virus (d) non-resident virus (©) Spyware (a) None of these '*« Count Your Score 1 @ | 2) | 3@ | 4@ | 5 @ | 6 @) | 7 @ | 8 0) | a @ | 00 LL. (a) AZ (c) 13, @) a. @) 15. (b) 16, (c) mn © 18. (a)