DEBRE MARKOS UNIVERSITY

BURIE CAMPUS
DEPARTMENT OF COMPUTER SCIENCE
Computer Security
By:
Amare W.

1
 2

Chapter Two: Computer threat

2.1 Malicious Code

♥ Malicious code is a set of instructions that cause a site’s security
policy to be violated.
♥ Malicious code is unwanted files or programs that can cuase
harm to a computer or compromised data stored on a computer.
♥ Computer viruses, worms, Trojan horses and Spy-wares are
effective tools with which to attack computer systems.
 3 01/27/2025

2.1.1 Computer Viruses

♥ This type of virus propagates itself only as specific programs

(the compiler and the login program).
♥ When the Trojan horse can propagate freely and insert a copy
of itself into another file, it becomes a computer virus.
♥ A computer virus is a program that inserts itself into one or
more files and then performs some (possibly null) action.
♥ The first phase, in which the virus inserts itself into a file, is
called the insertion phase. The second phase, in which it
3/2/2018

performs some action, is called the execution phase.

 4 01/27/2025

♥ Several types of computer viruses have been identified.

2.1.1.1 Boot Sector Infectors
♥ The boot sector is the part of a disk used to bootstrap the system or mount a
disk.
♥ Code in that sector is executed when the system “sees” the disk for the first
time.
♥ When the system boots, or the disk is mounted, any virus in that sector is
executed. (The actual boot code is moved to another place, possibly another
sector.)
♥ A boot sector infector is a virus that inserts itself into the boot3/2/2018
sector of a
disk.
 5 01/27/2025

2.1.1.2 Executable Infectors

♥ An executable infector is a virus that infects executable
programs.
♥ The PC variety of executable infectors are called COM or
EXE viruses because they infect programs with those
extensions.
♥ The virus can prepend itself to the executable or append itself.

3/2/2018
 6 01/27/2025

3.1.1.3 Multipartite Viruses

♥ A multipartite virus is one that can infect either boot sectors or
applications.
♥ Such a virus typically has two parts, one for each type. When
it infects an executable, it acts as an executable infector; when
it infects a boot sector, it works as a boot sector infector.

3/2/2018
 7 01/27/2025

2.1.1.4 Macro Viruses

♥ A macro virus is a virus composed of a sequence of
instructions that is interpreted, rather than executed directly.
♥ Conceptually, macro viruses are no different from ordinary
computer viruses.
♥ They can execute on any system that can interpret the
instructions.

3/2/2018
 8 01/27/2025

2.1.2 Computer Worms

♥ A computer virus infects other programs. A variant of the virus

is a program that spreads from computer to computer,
spawning copies of itself on each one.
♥ A computer worm is a program that copies itself from one
computer to another.
♥ The major difference between a worm and a virus is that
unlike a virus, a worm does not need a host program or
software to insert its code into.
3/2/2018
 9 01/27/2025

♥ Worms are standalone programs that are capable of working

on its own.
♥ Also, a virus needs human triggering for replication (i.e. when
a user opens/executes the infected file), while a worm
replicates on its own and can spread to other computers
through the network.
♥ Some prominent examples of worms include Storm Worm,
Sobig, MSBlast, Code Red, Nimda, Morris Worm, etc.
3/2/2018
 10 01/27/2025

2.1.3 Trojan Horses

♥ A Trojan horse is a program with an overt (documented or

known) effect and a covert (undocumented or unexpected)
effect.
♥ Dan Edwards was the first to use this term [25]. Trojan horses
are often used in conjunction with other tools to attack
systems.
♥ A propagating Trojan horse (also called a replicating Trojan
horse) is a Trojan horse that creates a copy of itself.
3/2/2018
 11 01/27/2025

2.1.4 Spyware
♥ It is a type of malware that spies on a person or an
organisation by gathering information about them, without the
knowledge of the user.
♥ It records and sends the collected information to an external
entity without consent or knowledge of the user.
♥ Spyware usually tracks internet usage data and sells
them to advertisers.
♥ They can also be used to track and capture credit card or bank
account information, login and password information or user’s
personal identity.
3/2/2018
 12 01/27/2025

2.2 Class of Attacks

♥ The three types of network attacks are:

Reconnaissance attacks
Access attacks
Denial of Service attacks
2.2.1 Reconnaissance
♥ Reconnaissance is an unauthorized user’s attempt to discover
and map network system devices, services available on those
systems, and the vulnerabilities of those systems. 3/2/2018
 13 01/27/2025

♥ It is also known as information gathering and, in most cases,

precedes an actual access or Denial of Service (DoS) attack.
♥ The malicious intruder typically ping sweeps the target network
first to determine what IP addresses are active and responsive.
♥ This can lead to the intruder finding information about what
services or ports are active on the live IP addresses.
♥ From the active IP address information, the intruder queries the
application ports to determine the application type and version as
well as the type and version of operating system running on the
3/2/2018

target host.
 14 01/27/2025

2.2.2 Access attacks

♥ Access is a broad term that refers to the capability of a specific

source (that is, a user on a computer, connected to a network that is
connected to the Internet) to connect to a specific destination (that is,
a computer on a network that is connected to the Internet).
♥ When a destination has been targeted, the attacker will attempt to use
some software application to reach the destination.
♥ An access attack can come in the form of unauthorized data
retrieval and manipulation, system access, or privileged escalation.
♥ Access attacks can also be used to gain control of a system and
3/2/2018

install and hide software that will be used later by the hackers.
 15 01/27/2025

2.2.3 Denial of Service, etc.

♥ DoS is when an attacker disables or corrupts networks,

systems, or services in order to deny the service to its intended
users.
♥ It usually involves crashing the system or slowing it down to
the point that it is unusable.
♥ DoS attacks can also be as simple as wiping out or corrupting
information necessary for business.
♥ In most cases, performing the attack simply involves running a
3/2/2018

hack, script, or tool.

 16 01/27/2025

….cont’d
♥ The attacker does not need prior access to the target, only a path
to the target. Once the path is realized, great paralyzing damage
can be caused.
♥ Because many DoS attacks are relatively easy to initiate and can
be performed anonymously, it is the most feared attack on the
Internet.
♥ A Distributed Denial of Service (DDoS) attack is one in which the
source of the attack is many computers (usually spread across a
large geographic area) making it very difficult to find and stop the
3/2/2018

source(s).
 17 01/27/2025

2.3 Program flaws

♥ Program security flaws can derive from any kind of software

fault.
♥ That is, they cover everything from a misunderstanding of
program requirements to a one-character error in coding or
even typing.
♥ The flaws can result from problems in a single code
component or from the failure of several programs or program
pieces to interact compatibly through a shared interface.
3/2/2018
 18 01/27/2025

♥ The security flaws can reflect code that was intentionally

designed or coded to be malicious or code that was simply
developed in a sloppy or misguided way.
♥ Thus, it makes sense to divide program flaws into two separate
logical categories: human errors, intentionally induced flaws
(malicious).
♥ They further divide intentional flaws into malicious and
nonmalicious ones.
3/2/2018
 19 01/27/2025

Nonmalicious Program flaws:

♥ Being human, programmers and other developers make

many mistakes, most of which are unintentional and
nonmalicious.
♥ Many such errors cause program malfunctions but do not
lead to more serious security vulnerabilities.
♥ In this section we consider three classic error types that have
enabled many recent security breaches.
♥ We explain each type, why it is relevant to security,3/2/2018
and how
it can be prevented or mitigated.
 20 01/27/2025

1. Buffer Overflow Attack

♥ A buffer is a temporary area for data storage. When more data (than was
originally allocated to be stored) gets placed by a program or system
process, the extra data overflows.
♥ It causes some of that data to leak out into other buffers, which can corrupt
or overwrite whatever data they were holding.
♥ In a buffer-overflow attack, the extra data sometimes holds specific
instructions for actions intended by a hacker or malicious user; for example,
the data could trigger a response that damages files, changes data or
exposes private information.
♥ Attacker would use a buffer-overflow exploit to take advantage
3/2/2018
of a
program that is waiting on a user’s input.
 21 01/27/2025

2. TIME-OF-CHECK TO TIME-OF-USE FLAWS

♥ In software development, time of check to time of use (TOCTOU,

TOCTTOU or TOC/TOU) is a class of software bugs caused by
changes in a system between the checking of a condition (such as
a security credential) and the use of the results of that check.
♥ This is one example of a race condition. Time-of-check, time of-
use race conditions occur when between the time in which a given
resource is checked, and the time that resource is used, a change
occurs in the resource to invalidate the results of the check.

3/2/2018
 22 01/27/2025

♥ Consider a Web application that allows a user to edit pages, and also
allows administrators to lock pages to prevent editing.
♥ A user requests to edit a page, getting a form which can be used to
alter its content.
♥ Before the user submits the form, an administrator locks the page,
which should prevent editing.
♥ However, since editing has already begun, when the user submits the
form, those edits (which have already been made) are accepted.
♥ When the user began editing, the appropriate authorization was
3/2/2018

checked, and the user was indeed allowed to edit.

 23 01/27/2025

3. INCOMPLETE MEDIATION::
♥ Incomplete mediation is another security problem. Attackers
are exploiting it to cause security problems.
♥ Supplying wrong type of data in wrong length.
♥ It is easy to exploit, but it has been exercised less often than
buffer overflows, nevertheless, unchecked data values
represent a serious potential vulnerability.

3/2/2018
 24 01/27/2025

Security Defences

♥ In defending against network attack, there are broadly speaking four

sets of available tools.
1. First is management — keeping your systems up-to-date and
configured in ways that will minimise the attack surface;
2. Next is filtering — the use of firewalls to stop bad things like Trojans
and network exploits, and to detect signs of attack and compromise if
any- thing gets through;
3. Next is intrusion detection — having programs monitoring your net-
works and machines for signs of malicious behaviour;
3/2/2018
4. Finally there’s encryption — protocols such as TLS and SSH that
enable you to protect specific parts of the network against particular
 25 01/27/2025

Database management systems security

♥ Database security involves protecting the database from

unauthorized access, modification, or destruction.
♥ Since the database represents an essential corporate resource,
database security is an important subcomponent of any
organization’s overall information systems security plan.
♥ In addition to the need to preserve and protect data for the
smooth functioning of the organization, database designers
have a responsibility to protect the privacy of individuals
3/2/2018
about whom data is kept.
 26 01/27/2025

Fundamentals of Access Control

♥ In any organization, access control methods should be defined

to restrict access to company resources as well as employee
and client data.
♥ Access control is a fundamental component in the support of
confidentiality and integrity.
♥ Access control must be addressed in the context of physical
security as well as information system access control.

3/2/2018
 27 01/27/2025

♥ To protect the information system, the database administrator

is responsible for the following major tasks:
♥ Installing the database management system and configuring it
securely
♥ Creating and securing user accounts and developing
appropriate access controls for users
♥ Developing and enforcing standards for applications programs
that access the database.
3/2/2018
 28 01/27/2025

♥ Encrypting sensitive data

♥ Ensuring that network connections to the data are secure
♥ Establishing appropriate audit mechanisms for the database
♥ Protecting the database against intruders by identifying and
guarding against security threats and applying security
controls and security updates as needed.

3/2/2018
 29

Thank you