Introduction to Computer Security-Computer Security-Lecture Slides, Slides of Computer Security

Download Introduction to Computer Security-Computer Security-Lecture Slides and more Slides Computer Security in PDF only on Docsity! 2 Ao mlconwcatniay i Deeivscen en BS(CIS)-V About the course • Network Security what-why  Introduction to Security, Threats Attacks • Cryptography and Cryptology  Ciphers, Public Key Encryption, • Network Security  Standard Methods like IP Security • Web and email Security  Secure Socket Layer • Firewalls • Intrusion  Intrusion Detection Systems docsity.com Security Needs • Why systems should be secured?  Securing the information  Examples Bank Account, Software Development, Personal Information  Business Trust Good security – Trust A hacked online transaction system is not a trusted one  Reliability of Data Statistics docsity.com Security Models • Three basic approaches  Security by Obscurity  Simply hiding the network or not advertising it  Example : PIEAS Security Once exposed the system is vulnerable to attacks  Perimeter Defense  Secure on borders like a castle  Security depends solely on border guards [routers usually] No internal defense system Vulnerable to internal attacks  Example: Users with administrative privileges  Defense in Depth  Security is implemented on each system along with border security  If one of the system is compromised rest will remain secure  Example: all systems with different admin passwords docsity.com Insecurity • Threats • Vulnerabilities • Attacks docsity.com Worms • Self contained independent program • Propagates on network available • Scans the ports available and launches itself to other systems • Example  Robert Morris, 1986, Internet worm  Each worms creates two new processes 1 2  4  8  16 ….  Exhaust the resources  The person was arrested and prosecuted docsity.com Trojan Horses • Hide themselves inside a program  Replaces the whole program  Alter part of the program intelligently • The tempered program operates like the original programs • Performs disguised functions • Example  A fake login program  Login Wrong password  Login  The password is grabbed and will later be used for other illegal activity docsity.com Trap Doors • Security holes created by the developers to gain illegal access • Programs altered for illegal access • Can be misused  For gaining benefits  For contract security  Frauds or thefts  Gain Sensitive Data  Business competition docsity.com DNS attacks • Domain Name Service  A hierarchical name service used with TCP/IP  Used to translate IP addresses to host names  Enables networks access by a user friendly name  Example www.pieas.edu.pk 208.83.173.157  DNS Spoofs Man In Middle Attack DNS Poisoning docsity.com Man In Middle Attack • The hacker place himself between user and web server • Intercepts information e.g. credit card number etc. • Launching MIM  Similar URLs  User mistake helps  Middle man presents a similar program  Middle man even passes the information to actual program or launches the original program  Example: www.microsoft.com -www.micrisoft.com User www.microsoft.com www.micrisoft.com docsity.com DNS Poisoning • Compromise a DNS server • DNS entries are altered, causing redirection to hacker’s sites • Hacker’s site can be similar to original one • Purpose is to obtain critical user information • Example  [ 202.83.173.157 ] www.pieas.edu.pk  www.mypieas.edu.pk  [www.pieas.edu.pk] 202.83.173.157  202.83.173.200 • Redirections  URL on someone else site is changed to hacker’s site docsity.com Study Work • Find out a known virus • Analyze  Type  Infection it creates  History  How it creates infections and how it spreads itself  Activities other than infection  Remedies / Cure • Prepare a report and submit before Monday docsity.com Quiz-01 • What are security models ? Give example  Discusses the strength and weaknesses of each • Name three different security attacks ?  Discuss the attack method  Discuss the preventive measure to avoid that attack? • What is denial of service DOS attack?  Name the methods used for such an attack?  Discuss the harmfulness of such an attack docsity.com