The meaning of computer security

The meaning of the term computer security has evolved in recent years. Before the problem of data
security became widely publicized in the media, most people’s idea of computer security focused on the
physical machine. Traditionally, computer facilities have been physically protected for three reasons:
• To prevent theft of or damage to the hardware
• To prevent theft of or damage to the information
• To prevent disruption of service
Computer security is security applied to computing devices such as computers and smartphones, as well
as computer networks such as private and public networks, including the whole Internet. The field covers
all the processes and mechanisms by which digital equipment, information and services are protected
from unintended or unauthorized access, change or destruction, and are of growing importance in line
with the increasing reliance on computer systems of most societies worldwide. It includes physical
security to prevent theft of equipment, and information security to protect the data on that equipment. It is
sometimes referred to as "cyber security" or "IT security", though these terms generally do not refer to
physical security (locks and such).
SECURITY SERVICES/GOALS
The classification of security services are as follows:
Confidentiality: Ensures that the information in a computer system and transmitted information are
accessible only for reading by authorized parties.
E.g. Printing, displaying and other forms of disclosure.
Authentication: Ensures that the origin of a message or electronic document is correctly identified, with
an assurance that the identity is not false.
Integrity: Ensures that only authorized parties are able to modify computer system assets and transmitted
information. Modification includes writing, changing status, deleting, creating and delaying or replaying
of transmitted messages.
Non repudiation: Requires that neither the sender nor the receiver of a message be able to deny the
transmission.
Access control: Requires that access to information resources may be controlled by or the target system.
Availability: Requires that computer system assets be available to authorized parties when needed.
SECURITY ATTACKS
There are four general categories of attack which are listed below.
Interruption
An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability
e.g., destruction of piece of hardware, cutting of a communication line or Disabling of file management
system.
Interception
An unauthorized party gains access to an asset. This is an attack on confidentiality.
Unauthorized party could be a person, a program or a computer. e.g., wire tapping to capture data in the
network, illicit copying of files
Modification
An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity.
e.g., changing values in data file, altering a program, modifying the contents of messages being
transmitted in a network.
Fabrication
An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. e.g.,
insertion of spurious message in a network or addition of records to a file.

NETWORK SECURITY
ENCRYPTION

SYSMMETRIC ASYMMETRIC
Encryption
KEY
Decryption
Two independent keys
Pair of keys

• Public key (ku)

• Private key (kr)
Secrete key (ks)
Every user has pair of key
One key for encryption
Another for decryption
Example
A= user, KUA, KRA
Encrypt KUA
Decry KRA
SENDER RECIEVER

PT ENCRY CYPHER SECURE CYPHER PT

DENCRY
TEXT TEXT
CHANNEL

KEY KEY
Symmetric KS KS
Asymmetric KUA KRA
KRA KUA
 CRYPTOGRAPHIC ALGORITHMS
SECURITY SERVICES
CONFIDENTIALITY AUTHENTICATION DIGITAL SIGNATURES
(Enc , Dec) integrity sender private key

Security data fixed length value digital signature algorithm

Symmetric Asymmetric append to plain text

(K) KU, KR MDS
Private, public key SHA- 512 Email security
DES RSA HMA PGP
AES

Web security Authentication

application

SSI & SET kerberos

Ip security

Stream cipher bit by Bit

Block cipher (group of 8 bits) block by block

Symmetric
Substitution (Character)
Transposition (Numeric)
Substitution
Ceasar cipher
Play fair cipher
Limitation
Used for short period of time

Ceasar

A B C D E F G H I
1 2 3 4 5 6 7 8 9
J K L M N O P Q R
10 11 12 13 14 15 16 17 18
S T U V W X Y Z
19 20 21 22 23 24 25 26

KEY –numerical, K
1< K < 26
C= (P + K ) Mod 26
Example
Plaintext = HELLO
C (H) = (8+4) mod 26
12 mod 26
C (H) = 12 =L
C(E) = (5 +4 ) mode 26
9 mod 26
C(H) = I
9 I
C(L) (12 +4) mod 26
16 mode 26
16 = P
C(O) = (15 + 4 ) mod 26
19 mod 26
19 = S
C (O) = (15 + 4) mod 26
19 mod 26
19= S
Plain text = ZOO
Cipher = DSS
Calculation of MOD
Operation of MOD
MOD = Reminder of Division
5 mod 2
Remainder (5/2)
2)5(2
4
1 remainder

2 mod 5
5)2(5
0
2 remainder
2 mod 5 = 2
9 mod 5 is a
If (a <b)
Play fair C8

Plain text = HELLO

KEY = NETWORK
Cipher text =?

N E T W O
R K A B C
D F G H i/j
L M P Q S
U V X Y Z
5x5 = 25
One letter
They share
 Steps
Fill the key
RULES
i. Divide plain text to pair of the letters
ii. Differentiate repeated letters in the pair with dummy letters
iii. If pair of plaintext letters are in same row, replace them with right most same column
iv. If PT letters in different row 8 column
Replace with the character which is the column corresponding row (diagonal)
Example
Divide
HE
LL is repeated
O add dummy letter to make a set
Differentiate with dummy character
HE/LX/LO
HE check whether they fall in the same row and column
Replace
HE WF
LX UP
LO NS

HEL X LO = Plain
WFUPNS = cipher
Example 2
PT =BALLON
KEY=NETWORK
C.T = ?

N E T W O
R K A B C
D F G H I/J
L M P Q S
U V X Y Z
BA/LL/OO/N
BA= CB
LX= UP
LO=NS
ON=NE

Type of attack based on the cia triad

Typpe of attack typical methods
1. Interception - reading email
- Eavesdropping
- Unathorized file viewing and copy
2. interruption
- Denial of service
- Loss and corruption of data
3. modification
- Asset tempering
- Data alteration
4. fabrication
- Generate undesirable data, processesor communication

Physical Access Factors

It is important for you to make physical access control the “outer perimeter” of your security plan.
This means:
1. Controlling physical access to the servers
2. Controlling physical access to networked workstations
3. Controlling physical access to network devices
4. Controlling physical access to the cable
5. Being aware of security considerations with wireless media
6. Being aware of security considerations related to portable computers
7. Recognizing the security risk of allowing data to be printed out
8. Recognizing the security risks involving floppy disks, CDs, tapes, and other removable media
Define integrity and non-repudiation.
Integrity: Service that ensures that only authorized person able to modify the message.
Non repudiation: This service helps to prove that the person who denies the transaction is true or false.
Define confidentiality and authentication
Confidentiality: It means how to maintain the secrecy of message. It ensures that the information in a
computer system and transmitted information are accessible only for reading by authorized person.
Authentication: It helps to prove that the source entity only has involved the transaction.

What is message authentication?

It is a procedure that verifies whether the received message comes from assigned source has not been
altered. It uses message authentication codes, hash algorithms to authenticate the message.
Define the classes of message authentication function.
Message encryption: The entire cipher text would be used for authentication.
Message Authentication Code: It is a function of message and secret key produce a fixed length value.
Hash function: Some function that map a message of any length to fixed length which serves as
authentication.
What are the requirements for message authentication?
The requirements for message authentication are
i. Disclosure: Release of message contents to any person or process not processing
the appropriate cryptographic key
ii. Traffic Analysis: Discovery of the pattern of traffic between parties. In a connection-oriented
application, the frequency and duration of connections could be determined.
In either a connection oriented or connectionless environment, the number and length of messages
between parties could be determined.
iii. Masquerade: Insertion of messages into the network from a fraudulent source. This includes the
creation of messages by an opponent that are purported to come from an authorized entity. Also included
are fraudulent acknowledgements of message receipt or no receipt by someone other than the message
recipient.
iv. Content modification: Changes to the contents of a message , including insertion, deletion,
transposition, and modification.
v. Sequence modification: Any modification to a sequence of messages between parties, including
insertion, deletion, and modification.
vi. Timing modification: Delay or replay of messages. In a connection-oriented application, an entire
session or sequence of messages could be a replay of some previous valid session, or individual messages
in the sequence could be delayed or replayed. In connectionless application, an individual message could
be delayed or replayed.
vii. Source repudiation: Denial of transmission of message by source.
viii. Destination repudiation: Denial of receipt of message by destination.

What is the meet in the middle attack?

This is the cryptanalytic attack that attempts to find the value in each of the range and domain of the
composition of two functions such that the forward mapping of one through the first function is the same
as the inverse image of the other through the second function-quite literally meeting in the middle of the
composed function.
If A and B exchange message, means E intercept the message and receive the B’ s public key and B’ s
userId, E sends its own message with its own public key and B’ s user ID based on the private key and Y.
B compute the secret key and A compute k2 based on private key of A and Y.

What are the properties a digital signature should have?

It must verify the author and the data and time of signature. It must authenticate the contents at the time of
signature.
It must be verifiable by third parties to resolve disputes.
What requirements should a digital signature scheme should satisfy?
The signature must be bit pattern that depends on the message being signed.
The signature must use some information unique to the sender, to prevent both forgery and denial.
It must be relatively easy to produce the digital signature.
It must be relatively easy to recognize and verify the digital signature.
It must be computationally infeasible to forge a digital signature, either by constructing a new message
for an existing digital signature or by constructing a fraudulent digital signature for a given message.
It must be practical to retain a copy of the digital signature in storage.

List the 3 classes of intruder?

Classes of Intruders
❖ Masquerader
❖ Misfeasor
❖ Clandestine user

Define virus. Specify the types of viruses?

 ❖ A virus is a program that can infect other program by modifying them the modification includes a
copy of the virus program, which can then go on to infect other program.
Types:
❖ Parasitic virus
❖ Memory-resident virus
❖ Boot sector virus
❖ Stealth virus
❖ Polymorphic virus

List the design goals of firewalls?

❖ All traffic from inside to outside, and vice versa, must pass through the firewall.
❖ Only authorized traffic, as defined by the local security policy, will be allowed to pass.
❖ The firewall itself is immune to penetration.

Specify the four categories of security threats?

❖ Interruption
❖ Interception
❖ Modification
❖ Fabrication

What is worm?
A worm is a program that can replicate itself and send copies from computer to computer across network
connections.
Four general techniques of firewall.
❖ Security control
❖ Direction control
❖ User control
❖ Behavior control
Three types of firewall.
❖ Packet filter
❖ Application level gateway
❖ Circuit level gateway.

What are the different types of security services?

The assurance that the communicating entity is the one that it claims to be.
Access control: The prevention of unauthorized use of a resource (i.e., this service controls who can have
access to a resource, under what conditions access can occur, and what those accessing the resource are
allowed to do).
Data confidentiality: The protection of data from unauthorized disclosure.
Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain
no modification, insertion, deletion, or replay).
Nonrepudiation: Provides protection against denial by one of the entities involved in a communication
of having participated in all or part of the communication.
Availability service: The property of a system or a system resource being accessible and usable upon
demand by an authorized system entity, according to performance specifications for the system (i.e., a
system is available if it provides services according to the system design whenever users request them).

Briefly define categories of security mechanisms.

SPECIFIC SECURITY MECHANISMS

May be incorporated into the appropriate protocol layer in order to provide some of the OSI security
services.
Encipherment
The use of mathematical algorithms to transform data into a form that is not readily intelligible. The
transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption
keys.
Digital Signature
Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit
to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient).
Access Control
A variety of mechanisms that enforce access rights to resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
Authentication Exchange
A mechanism intended to ensure the identity of an entity by means of information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Routing Control
Enables selection of particular physically secure routes for certain data and allows routing changes,
especially when a breach of security is suspected.
Notarization
The use of a trusted third party to assure certain properties of a data exchange.
PERVASIVE SECURITY MECHANISMS

Mechanisms that are not specific to any particular OSI security service or protocol layer.
Trusted Functionality
That which is perceived to be correct with respect to some criteria (e.g., as established by a security
policy).
Security Label
The marking bound to a resource (which may be a data unit) that names or designates the security
attributes of that resource.
Event Detection
Detection of security-relevant events.
Security Audit Trail
Data collected and potentially used to facilitate a security audit, which is an independent review and
examination of system records and activities.
Security Recovery
Deals with requests from mechanisms, such as event handling and management functions, and takes
recovery actions.

What is firewall? Explain different types of firewall.

Firewall
A firewall is a software or hardware-based network security system that controls the incoming and
outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted,
secure internal network and another network (e.g., the Internet) that is not assumed to be secure and
trusted.
FIREWALL CHARACTERISTICS
1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by
physically blocking all access to the local network except via the firewall. Various configurations are
possible.
2. Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types
of firewalls are used, which implement various types of security policies.
3. The firewall itself is immune to penetration. This implies that use of a trusted system with a secure
operating system. There are three main classes of firewalls: packet filters, application and circuit
gateways (proxies),
And stateful inspection (or smart filter) firewalls.

Proxy Servers
A proxy service is an application that redirects users’ requests to the actual services based on an
organization’s security policy. All communication between a user and the actual server occurs through the
proxy server. Thus, a proxy server acts as a communications broker between clients and the actual
application servers. Because it acts as a checkpoint where requests are validated against specific
applications, a proxy server is usually processing intensive and can become a bottleneck under heavy
traffic conditions. Proxy servers can operate at either the application layer or the transport layer. Thus,
there are two classes of proxy servers: application gateways, which operate at the application layer; and
circuit-level gateways, which operate at the transport layer.
Application Gateways
An application gateway is a proxy server that provides access control at the application layer. It acts as an
application-layer gateway between the protected network and the untrusted network. Because it operates
at the application layer, it is able to examine traffic in detail and, therefore, is considered the most secure
type of firewall. It can prevent certain applications, such as FTP, from entering the protected network. It
can also log all network activities according to applications for both accounting and security audit
purposes. Application gateways can also hide information. Since all requests for services in the protected
network pass through the application gateway, it can provide network address translation (or IP address
hiding) functionality and conceal IP addresses in the protected network from the Internet by replacing the
IP address of every outbound packet (that is, packets going from the protected network to the Internet)
with its own IP address. Network address translation also permits unregistered IP addresses to be freely
used in the protected network because the gateway will map them to its own IP address when the users
attempt to communicate with the outside world.
Circuit-Level Gateways
A circuit-level gateway is a proxy server that validates TCP and UDP sessions before allowing a
connection or circuit through the firewall. It is actively involved in the connection establishment and does
not allow packets to be forwarded until the necessary access control rules have been satisfied. A circuit-
level gateway is not as secure as an application gateway because it validates TCP and UDP sessions
without full knowledge of the applications that use these transport services. Moreover, once a session has
been established, any application can run across that connection. This behavior exposes the protected
network to attacks from intruders. Unlike a circuit-level gateway, an application gateway can differentiate
the applications that need to be blocked from those that can be allowed to pass through the gateway.
Stateful Packet Filters
Although the application gateway provides the best security among the preceding firewalls, its intensive
processing requirement slows down network performance. A stateful packet filtering gateway attempts to
provide tight security without compromising performance. Unlike the application gateway, it checks the
data that passes through at the network layer but does not process it. The firewall maintains state
information for each session, where session states include a combination of communication phase and the
endpoint application state. When a stateful packet filtering gateway receives a data packet, it checks the
packet against the known state of the session. If the packet deviates from the expected session state, the
gateway blocks the rest of the session.

NOTE

Confidentiality

Confidentiality refers to data being accessible only by the intended individual or party. The focus of
confidentiality is to ensure that data does not reach unauthorized individuals.

Measures to improve confidentiality may include:

• Training
o Sensitive data handling and disposal
• Physical access control
o Storing personal documents in locked cabinets
• Logical access control
o User IDs, passwords and two-factor authentication
• Data encryption
Integrity

Integrity is roughly equivalent to the trustworthiness of data. It involves preventing unauthorised

individuals from modifying the data and ensuring the data’s consistency and accuracy over it’s entire life
cycle. Specific scenarios may require data integrity but not confidentiality. For example, if you are
downloading a piece of software from the Internet, you may wish to ensure that the installation package
has not been tampered with by a third party to include malicious code.

Integrity can be incorporated in a number of ways:

• Use of file permissions

o Limit access to read only
• Checksums
• Cryptographic signatures
o Hashing
Availability

Availability simply refers to ensuring that data is available to authorized individuals when required. Data
only has value if it is accessible at the required moment. A common form of attack on availability is a
Denial of Service (DoS) which prevents authorized individuals from accessing the required data. You
may be aware of the recent ransomware attack on UCL. This was a DoS attack as it prevented users from
being able to access their own files and requested for a ransom in exchange for reinstating that access.
In order to ensure availability of data, the following measures may be used:

• Regular backups
• Redundancy
o Off-site data Centre
• Adequate communication bandwidth

What is ID Spoofing?

It is the practice of using the telephone network to display a number on the recipient's Caller ID display
which is not that of the actual originating station.

What is Cyber espionage?

It is the act or practice of obtaining secrets from individuals, competitors, rivals, groups, governments,
and enemies for military, political, or economic advantage using illegal exploitation methods on the
internet.

What is the meaning of Sabotage?

Sabotage literally means willful damage to any machinery or materials or disruption of work. In the
context of cyberspace, it is a threat to the existence of computers and satellites used by military activities
What are Trojans and Spyware?

Trojans and spyware are the tools a cyber-criminal might use to obtain unauthorized access and steal
information from a victim as part of an attack.

What are Phishing and Pharming?

Phishing and Pharming are the most common ways to perform identity theft which is a form of cyber-
crime in which criminals use the internet to steal personal information from others.

Explain network security. What are the types of security features used in client server types of
network?
Ans:
Network security means the protection of networks and their services from unauthorized access,
modification, destruction or disclosure. It provides for assurance that a network performs its critical
functions correctly and there are no harmful side effects.
Security features used in Client-Server types of network are as follows :
i) Digital Signatures
ii) Encryption / Decryption
iii) Secure Socket Layer (SSL)
iv) Firewalls.
b. What is Public Key Cryptography? What are its advantages and disadvantages? (7)
Ans:
Public-key cryptography is a form of modern cryptography which allows users to communicate safely
without previously agreeing on a shared secret key. There are a number of significant practical difficulties
in this approach to distributing keys.
Public-key cryptography was invented to address these drawbacks — with public-key cryptography, users
can communicate with safety over an insecure channel without having to agree upon a key beforehand.
Public-key algorithms typically use a pair of two related keys — one key is private and must be kept
secret, while the other is made public and can be widely distributed; it should not be possible to deduce
one key of a pair given the other.
Advantages
(i) Increased security and convenience
(ii) Electronic records may be authenticated by affixing digital signatures
Disadvantages
Used to encrypt a secret key which is used to encrypt the bulk of a file or message. Such a protocol is
called a digital envelope
Public-key cryptography is not necessary and secret-key cryptography alone is sufficient.
This includes environments where secure secret-key agreement can take place, for example by users
meeting in private.
Explain the use of the following terms:
i) Public Key Encryption
ii) Secret Key Encryption
Ans:
A cryptographic system that uses two-keys—a public key known to everyone and a private or secret key
known only to the recipient of the message.
An important element to the public key system is that the public and private keys are related in such a
way that only the public key can be used to encrypt messages and only the corresponding private key can
be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the
public key.
They are extremely secure and relatively simple to use.
These algorithms lead to several varieties of public key encryption (PKE). PKE addresses three issues that
flaw many encryption schemes;
PKE is computationally difficult to decode.
PKE does not require a secure channel to send the key; the key is, in fact, public.
How does an authentication system differ from a firewall in functioning?
Ans:
Authentication vs firewall
User Authentication and Authorization
An important advanced firewall security feature is user-oriented authentication, which is the ability to
allow or deny certain connections based on user name and password combination or some other, more
advanced identification scheme.
Various authentication technologies are available. The simplest forms require typing a user name and a
reusable password.
This method is suitable for controlling only outbound Internet access, because password guessing and
eavesdropping attacks are likely on inbound access attempts.
Firewalls can log network activity in detail, filter the log to produce meaningful reports, and alert a
network administrator when the network has reached a predefined threshold.
The firewall software supports at least Internet services:
Gopher
SMTP
Telnet
DNS name resolution, preferably by letting you run DNS on the firewall and on an
internal system.

Give the types of firewalls and explain any one type in detail.
Ans:

Conceptually, there are two types of firewalls:

1. Network Level
2. Application Level
Network Level Firewall/Packet Filters
The Network level firewalls operate on the mechanism of filtering individual IP packets using the routers.
Packet filters, called “ access control lists” on Internet routers provide the rudimentary form of security.
Filters are configured to allow/discard packets based on attributes such as:
1. Specific source or destination IP addresses
2. Specific protocol types
3. Specific source or destination port numbers
4. TCP flags set/clear in the packet header