Computer Security

Computer security is also known as cyber security or IT security. Computer security is a branch of information technology known as information security, which is intended to protect computers. It is the protection of computing systems and the data that they store or access.

Methods to Provide Protection

There are four primary methods to provide protection

  1. System Access Control It ensures that unauthorised users do not get into the system by encouraging authorised users to be security conscious.
  2. Data Access Control It monitors who can access what data, and for what purpose. Your system might support mandatory access controls with these. The sytem determines access rules based on the security levels of the people, the files, and the other objects in your system.
  3. System and Security Administration It performs offline procedures that makes or breaks secure system.
  4. System Design It takes advantage of basic hardware and software security characteristics.

Components of Computer Security

Computer security is associated with many core areas. Basic components of computer security system are

  1. Confidentiality It ensures that data is not accessed by any unauthorised person.
  2. Integrity It ensures that information is not altered by any unauthorised person in such a way that it is not detectable by authorised users.
  3. Authentication It ensures that users are the persons they claim to be.
  4. Access Control It ensures that users access only those resources that they are allowed to access.
  5. NonRepudiation It ensures that originators of messages cannot deny they are not sender of the message.
  6. Availability It ensures that systems work promptly and service is not denied to authorised users.
  7. Privacy It ensures that individual has the right to use the information and allows another to use that information.
  8. Stenography It is an art of hiding the existance of a message. It aids confidentiality and integrity of the data.
  9. Cryptography It is the science of writing information in a ‘hidden’ or ‘secret’ form and is an ancient art. It protects the data in transmit and also the data stored on the disk.

Some terms commonly used in cryptography are

(i) Plain Text It is the original message that is an input.

(ii) Cipher It is a bit-by-bit or character-by character transformation without regard to the meaning of the message.

(iii) Cipher Text It is the coded message or the encrypted data.

(iv) Encryption It is the process of converting plain text to cipher text, using an encryption algorithm.

(v) Decryption It is the reverse of encryption, i.e. converting cipher text to plain text.

Sources of Cyber Attack

The most potent and vulnerable threat of computer users is virus attacks. A computer virus is a small software program that spreads from one computer to another and that interferes with computer operation. It is imperative for every computer user to be aware about the software and programs that can help to protect the personal computers from attacks.

The sources of attack can be

  1. Downloadable Programs Downloadable files are one of the best possible sources of virus. Any type of executable file like games, screen saver are one of the major sources. If you want to download programs from the Internet then it is necessary to scan every program before downloading them.
  2. Cracked Software These softwares are another source of virus attacks. Such cracked forms of illegal files contain virus and bugs that are difficult to detect as well as to remove. Hence, it is always a preferable option to download software from the appropriate source.
  3. E-mail Attachments These attachments are the most common source of viruses. You must handle E-mail attachments with extreme care, especially if the E-mail comes from an unknown sender.
  4. Internet Majority of all computer users are unaware as when viruses attack computer systems. Almost all computer users click or download everything that comes their way and hence unknowingly invites the possibility of virus attacks.
  5. Booting from Unknown CD When the computer system is not working, it is a good practice to remove the CD. If you do not remove the CD, it may start to boot automatically from the disk which enhances the possibility of virus attacks.

Malware: Threats to Computer Security

Malware stands for malicious software. It is a broad term that refers to a variety of malicious programs that are used to damage computer system, gather sensitive information, or gain access to private computer systems. It includes computer viruses, worms, trojan rurses, rootkits, spyware, adware, etc.

Some of them are described

Virus

VIRUS stands for Vital Information Resources Under Siege. Computer viruses or perverse softwares are small programs that can negatively affect the computer. It obtains control of a PC and directs it to perform unusual and often destructive actions. Viruses are copied itself and attached itself to other programs which further spread the infection. The virus can affect or attack any part of the computer software such as the boot block, operating system, system areas, files and application program.

Type of Virus

Some common types of viruses are

(a) Resident Virus It fixes themselves into the system’s memory and get activated whenever the OS runs and infects all the files that are then opened. It hides in the RAM and stays there even after the malicious code is executed, e.g. Randex, Meve, etc.

(b) Direct Action Virus It comes into action when the file containing the virus is executed. It infects files in the folder that are specified in the AUTOEXEC.bat file path. e.g. Vienna virus.

(c) Overwrite Virus It deletes the information contained in the files that it infects, rendering them partially or totally useless, once they have been infected. e.g. Way, Trj.Reboot, Trivial.88.D, etc.

(d) Boot Sector Virus It is also called Master Boot Sector Virus or Master Boot Record Virus. This type of virus affects the boot sector of a hard disk. e.g. Polyboot.B, AntiEXE, etc.

(e) Macros Virus It infects files that are created using certain applications or programs that contain macros, like .doc, .xls, .ppt, etc. e.g. Melissa.A.

(f) File System Virus It is also called Cluster Virus or Directory Virus. It infects the directory of your computer by changing the path that indicates the location of a file. e.g. Dir-2 virus.

(g) Polymorphic Virus It encrypts or encodes itself in an encrypted way, every time it infects a system. This virus then goes on to create a large number of copies, e.g. Elkern, Tuareg, etc.

(h) FAT Virus It is used to store all the information about the location of files, unusable space, etc. e.g. Link virus, etc.

(i) Multipartite Virus It may spread in multiple ways such as the operating system installed or the existance of certain files. e.g. Flip.

(j) Web Scripting Virus Many Websites execute complex code in order to provide interesting content. These sites are sometimes created with purposely infected code. e.g. JS Fortnight.

Some common viruses are tabulated below

YearName
1971Creeper
1982ElkCloner
1988The Morris Internet Worm
1999Melissa
2000I Love You
2001Code Red
2003SQL Slammer
2003Blaster
2004Sasser
2010Stuxnet
2011Trojan
2012Rootkit
2014Generic PUP
2014Net Worm

Effects of Virus

There are many different effects that viruses can have on your computer, depending on the types of virus. Some viruses can

(a) monitor what you are doing.

(b) slow down your computers performance.

(c) destroy all data on your local disk.

(d) affect on computer networks and the connection to Internet.

(e) increase or decrease memory size.

(f) display different types of error messages.

(g) decrease partition size.

(h) alter PC settings.

(i) display arrays of annoying advertising.

(j) extend boot times.

(k) create more than one partition.

Worms

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Worms are hard to detect because they are invisible files.

e.g. Bagle, I love you, Morris, Nimda, etc.

Trojan

A Trojan, or Trojan Horse, is a non-self-replicating type of malware which appears to perform a desirable function but instead facilitates unauthorised access to the user’s computer system. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan Horses may steal information, or harm their host computer systems. Trojans may use drive-by downloads or install via online games or Internet-driven applications in order to reach target computers. Unlike viruses, Trojan horses do not replicate themselves. e.g. Beast, Sub7.Zeus, ZeroAccess Rootkit, etc.

Spyware

It is a program which is installed on a computer system to spy on the system owner’s activity and collects all the information which is misused afterwards. It tracks the user’s behaviour and reports back to a central source.

These are used for either legal or illegal purpose. Spyware can transmit personal information to another person’s computer over the internet.

e.g. CoolWeb Search, FinFisher, Zango, Zlob Trojan, Keyloggers, etc.

Symptoms of Malware Attack

There is a list of symptoms of malware attack which indicates that your system is infected with a computer malware.

Some primary symptoms are

(i) Odd messages are displaying on the screen.

(ii) Some files are missing.

(iii) System runs slower.

(iv) PC crashes and restarts again and again.

(v) Drives are not accessible.

(vi) Antivirus software will not run or installed.

(vii) Unexpected sound or music plays.

(viii) The mouse pointer changes its graphic.

(ix) System receives strange E-mails containing odd attachments or viruses.

(x)  PC starts performing functions like opening or closing window, running programs on its own.

Some Other Threats to Computer Security

There are some other threats “which are described below

(i) Spoofing It is the technique to access the unauthorised data without concerning to the authorised user. It accesses the resources over the network. It is also known as ‘Masquerade’. IP spoofing is a process or technique to enter in another computer by accessing its IP address. It pretends to be a legitimate user and access to its computer via a network.

(ii) Salami Technique It diverts small amounts of money from a large number of accounts maintained by the system.

(iii) Hacking It is the act of intruding into someone else’s computer or network. Hacking may result in a Denial of Service (DoS) attack. It prevents authorised users from accessing the resources of the computer. A hacker is someone, who does hacking process.

(iv) Cracking It is the act of breaking into computers. It is a popular, growing subject on Internet. Cracking tools are widely distributed on the Internet. They include password crackers, trojans, viruses, war- dialers, etc.                                 

(v) Phishing It is characterised by attempting to fraudulently acquire sensitive information such as passwords, credit cards details, etc by masquerading as a trustworthy person. Phishing messages usually take the form of fake notifications from banks providers, E-pay systems and other organisation. It is a type of Internet fraud that seeks to acquire a user’s credentials by deception.

(vi) Spam It is the abuse of messaging systems to send unsolicited bulk messages in the form of E-mails. It is a subset of electronic spam involving nearly identical messages sent to numerous recipients by E-mails.

(vii) Adware It is any software package which automatically renders advertisements in order to generate revenue for its author. The term is sometimes used to refer the software that displays unwanted advertisements. A software license is a document that provides legally binding guidelines on the use and distribution of software.

(viii) Rootkit It is a type of malware that is designed to gain administrative level control over a computer system without being detected. Rootkits can change how the operating system functions and in some cases, can temper with the antivirus program and render it infective. Rootkits are also difficult to remove, in some cases, require a complete re-installation of the operating system.

Solutions to Computer Security Threats

Some safeguards (or solutions) to protect a computer system from accidental access, are described below

Antivirus Software

It is a application software that is designed to prevent, search for, detect and remove viruses and other malicious software like worms, trojans, adware and more. It consists of computer programs that attempt to identify threats and eliminate computer viruses and other malware.

Some Popular Antivirus

·         Avast·            Avg
·         K7·            Kaspersky
·         Trend Micro·            Quick Heal
·         Symantec·            Norton
·         McAfee 

Digital Certificate

It is the attachment to an electronic message used for security purposes. The common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. It provides a means of proving your identity in electronic transactions.

Digital Signature

It is an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged.

Firewall

It can either be software-based or hardware-based and is used to help in keeping a network secure. Its primary objective is to control the incoming and outgoing network traffic by analysing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set.

A network’s firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external (inter) network, such as the Internet, that is not assumed to be secure and trusted. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users.

There are two forms of fireballs Hardware firewall and software firewall

Password

It is a secret word or a string of characters used for user authentication to prove identity or access approval to gain access to a resource, which should be kept secret from those who are not allowed to get access.

A password is typically somewhere between 4 to 16 characters, depending on how the computer system is setup. When a password is entered, the computer system is careful not to display the characters on the display screen, in case others might see it.

There are two common modes of password as follows

(i) Weak Password Easily remember just like names, birth dates, phone number, etc.

(ii) Strong Password Difficult to break and a combination of alphabets and symbols.

File Access Permission

Most current file systems have methods of assigning permissions or access rights to specific users and group of users. These systems control the ability of the users to view or make changes to the contents of the file system. File access permission refers to privileges that allow a user to read, write or execute a file.

There are three specific permissions as follow

(i) Read Permission If you have read permission of a file, you can only see the contents. In case of directory, access means that the user can read the contents.

(ii) Write Permission If you have write permission of a file, you can only modify or remove the contents of a file. In case of directory, you can add or delete contents to the files of the directory.

(iii) Execute Permission If you have execute permission of a file, you can only execute a file. In case of directory, you must have execute access to the bin directory in order to execute it or cd command.

Terms Related to Security

  1. Eavesdropping The attacker monitors transmissions for message content.
  2. Masquerading The attacker impersonates an authorised user and thereby gain certain unauthorised privilege.
  3. Patches It is a piece of software designed to fix problems with a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs and improving the usability and performance.
  4. Logic Bomb It is a piece of code intentionally inserted into a computer’s memory that will set off a malicious function when specified conditions are met. They are also called slag code and does not replicate itself.
  5. Time bomb It is a piece of software, that is used to the explode at a particular time.
  6. Application Gateway This applies security mechanisms to specific applications such as File Transfer Protocol (FTP) and Telnet services.
  7. Proxy Server It can act as a firewall by responding to input packets in the manner of an application while blocking other packets. It hides the true network addresses and used to intercept all messages entering and leaving the network.

Tit-Bits

  • Brain was the first PC boot sector virus created in 1986.                                
  • Creeper was the first computer virus created in 1971.

payloads is code in the worm designed to do more than spread the worm. Bomb virus

  •  has a delayed payioad.
  • Software Piracy means copying of data or computer software without the owner’s