Yassin

ASSOSA UNIVERSTIY COLLEGE OF COMPUTING AND INFORMATICS DEPARTMENT OF COMPUTER SCIENCE COURSE TITTLE: COMPUTER SECURITY Prepared by: Yassin Mohammed Id No.RU/2184/09 Submitted To: Instractor Azeze K. Submission Date 13/04/2013 E.C Assosa, Ethiopia COMPUTER SECURITY Abstract With the increasing development of computer and communications technology growth and increasing needs and development of information systems security. The problem of security must be approached with greater caution. With the development of computer and communication technologies have developed numerous tools to protect files and other information. A set of tools, procedures, policies and solutions to defend against attacks are collectively referred to as computer network security. It is necessary above all to define and learn about the concepts of attack, risk, threat, vulnerability and asset value. During the design and implementation of information systems should primarily take into account a set of measures to increase security and maintenance at an acceptable level of risk. In any case, there is a need to know the risks in the information system. Sources of potential security problems are challenges and attacks, while the risk relates to the probable outcome and its associated costs due to occurrence of certain events. There are numerous techniques help protect your computer: cryptography, authentication, checked the software, licenses and certificates, valid authorization... This paper explains some of the procedures and potential threats to break into the network and computers as well as potential programs that are used. Guidance and explanation of these programs is not to cause a break-in at someone else's computer, but to highlight the vulnerability of the computer's capabilities. I SECURITY One of the accepted definitions of security is that security is the maintenance of the level of acceptable risk. The risk is the result of accumulation of threats and weaknesses of the consequences. Since it is a process means that it must be planned and systematically monitor the system status and possible threats that can come from outside. We cannot say with certainty that a system is fully protected. There is no absolute security. Everything is relative. When the protection system is necessary to accept some level of risk and the possibility that a certain loss i.e. reasonable level of risk. Since security is a process it cannot pay for the purchase of a product. Each process is in a dynamic state, so the safety can be implemented using several different products and services, procedures and rules. However, the very products and services, procedures and rules are not sufficient in themselves. Need a proper and timely training of authorized persons in charge of the protection system. All that investment in staff training, procurement of goods and services, procedures and rules are far more profitable than paying damages. On the possibility of losing important data to say nothing. Must find a balance between investments in safety and immediate effects in order to reduce risk. Security is based on four basic steps as follows: Evaluation (assess the possible risks and predictions for their removal),  protection (prevent potential attacks in order to reduce the possibility of compromising the system),  discovery (the process of identifying the attack) and  Answer (a recovery with the possibility of further work or restoration of the system itself). Three basic principles of information security make up the trinity of ''great'':  Confidentiality - an attempt to prevent the intentional, unauthorized disclosure,  Integrity - data is a system and as such must remain and must not be changed,  Availability - only certain staff can access the data. Possible attacks and threats Since we defined that the security process, the protection system can select various security products, policies, procedures and practices. When we speak of the protection system must be protected from attacks that threaten the information systems. To protect against possible attacks have the ability to predict and know the attacks and the types of attacks. If you understand the types of attacks and ways in which they come, we can 1 COMPUTER SECURITY more easily monitor and control the risk of data loss. Ensuring safety should and must become the responsibility of each system administrator. Should always pay attention and ask: ''What is the probability that someone will break into a wired or wireless network, the company where you work and listen to network traffic? If this happens the measures taken? ''If you do not take certain steps there is a likelihood that an attack occurs or wired wireless network. When trying to improve security of information systems are mostly used six Categories of security measures including: general security policies and procedures, software, virus protection, digital signatures, encryption, firewalls and proxy servers.[5] Security breaches and attacks on information systems most often arise from the following sources: employees of firms, hackers, terrorists, and computer viruses. The most common steps in the attack are as follows:  Testing and Assessment,  Exploitation and penetration,  Increased privileges,  Maintenance of access,  Refusal of services. During the attack may lead to different consequences and the most common are: the destruction of resources, theft of resources, theft of services, refusal of service, corruption of data and applications. During normal flow of information data is moving from one place to another there are several types of attacks but, all attacks can be classified into four categories: 1. Cutting or breaking This kind of attack interrupts the flow of information in the system. This is a direct or active attack 2. Interception 2 COMPUTER SECURITY This kind of attack is difficult to see, and unlike the previous, active attacks, is a passive attack. This kind of attack the person trying to collect information or to perform monitoring of current performance. After gathering sufficient data can be exported active attack or some other kind of attack. 3. Changed This kind of attack falls into the category of active attacks, because the attack on the integrity. There may be a changing of the data or the whole system. 4. Fabrication This kind of attack is also an active attack and an attack on authenticity. This kind of attack is faking data, traffic etc. Attackers could use the software vulnerabilities in operating systems that allow remote programs and entities to be entered into the computer the victim and take control over it. As such, the computer becomes a kind of' ''zombie'' PCs that can continue to attack other computers, to burden the network and the like. No less dangerous or worms that can do damage, duplicated and converted into Zombie computers. Security of wireless networks Today, PC cards is most frequently used in home and business networks. All computers have a security protocol called Wired Equivalent Privacy (WEP). A device Using an 802.11 card is configured with a key, that in practice usually consists of a password or a key derived from a password. Wired Equivalent Privacy (WEP) is a protocol for encrypting wirelessly transmitted packets on IEEE 802.11 networks. In a WEP protected network, all packets are encrypted using the stream cipher RC4 under a common key, the root key1 Rk. Rk is the WEP or root key and IV is the initialization vector for a packet. K = Rk║IV is the session or per packet key. X is a key stream generated using K. The WEP protocol is designed to provide privacy to packet based wireless networks based on the 802.11b standard. The WEP encrypts by taking a secret key and a per-packet 3 byte IV, and using the IV followed by the secret key as the RC4 key. The attacker is able to retrieve the first byte of the RC4 output from each packet. The potential risks with the advent of wireless networks with manifold increase. Wireless is greatly vulnerable for the simple reason - incompetence that‟s been properly adjusted. We said that there is no absolute security. The same is true of networks. By placing an increasing number 3 COMPUTER SECURITY of ''hot spots'' (the location where the greatest number of people - cafes, parks for the rest ...) opens up the possibility that data theft and intrusion in the user's computer. Wireless networks are defined in IEEE 802.11, which brought the IEEE (Institute of Electrical and Electronics Engineers). Initial version of the IEEE 802.11 standard with the 2.4 GHz frequency and two data rates (from 1 and 2 Mb/s), which was formed in mid-1997 Year. Formed by standard formed working groups - group A, B, D, E, F and G. On the IEEE 802.11 specification is based and WiFi networks. In the beginning it was designed for mobile computing devices (laptop computers, Internet access, VoIP, games ...). Looking at an organization as a system, we can say that the wireless network vulnerable part of the system. Standards often fail to meet the three basic security requirements: reliable user authentication, authorization and user privacy. The first security mechanism (WEP-Wired Equivalent Privacy) has shown that it has significant security vulnerabilities. Relying on this mechanism without taking additional measures did not show good results. He later followed WEP2, EAP; WPA ... Individual explanation of these mechanisms would take away too much time and space so we can keep things in general. The attacker broke into someone‟s system, the wireless network; he must first catch a signal that now is not so difficult. By capturing the signal can be performed on active or passive attacks. In the beginning, are generally conducted passive attacks, i.e. listening for a signal and traffic between? Access points and users. The attached is clear that the attacker must know the physical layer is defined in the 802.11 standard. For an active attack, the attacker must have the proper equipment that can send data to the network. If the attacker does not have the service set identifier SSID - Service Set Identifier, the access point rejects the connection. However, since all control frames are not sent in encrypted form, an attacker can capture the control frames sent by the access point to communicate with other network users, find out the SSID and join the network. Preventing and limiting public access computer network The public computer network in Terms of criminal law is considered a set of interconnected computers that communicate by exchanging data. A public computer network is the computer network that it is subject to certain conditions, available to everyone and it can be global in character as the internet, regional or local character. Preventing and limiting public access computer network protecting the rights of citizens, that is, communication and 4 COMPUTER SECURITY information through computers, and access to a public computer network sanctioned by criminal legislation. By preventing access to the public computer network involves completely disabling the second to use the computer network. By restricting access to public computer network involves the creation of access difficulties and efforts to prevent it. Prevention or obstruction should be performed without authorization, otherwise there is crime prevention and restriction of public access computer network if there is any legal basis to prevent someone access to a public computer network. Criminal offenses against computer data is often called cyber-crime. The term "cyber" is often used to describe new concepts in computer technology and terms associated with the Internet. Cyber-crime would identify all criminal activities committed using computers. The Convention on Cyber-crime of the Council of Europe, the terms "computer" and “cyber" crime is used as synonyms. The term “computer” and “cyber" Crime can involve all forms of computer use in crime. Often this form of high-tech crime, rather than the word “cyber” uses the term "cyberspace." The prefix “cyber” is a word that comes from the ancient Greek word derived from “cyber", hence the name of scientific disciplines, "Cybernetics". With cybercrime, we can distinguish two types of crimes that can be done by Computer. In one group, the new criminal offenses like the spread of computer viruses, destruction of files or software etc., or crimes where the computer is a means of attack and Care for the facility required separate legislation. In the second group are the classic Crimes such as fraud, child pornography, gambling, copyright infringement and the like, where the computer is used as a means of execution, and that caused it in a new form of cyber space. The rapid growth of computer crime has led to numerous problems, which can be classified as: • Technical problems are caused by rapid changes in technology and the inability of law enforcement to continually keep up to date, as well as technical deficiencies that make it difficult to find and prosecute perpetrators. • Legal problems are caused by the inability of the legal framework to monitor technological developments. • Operational problems are caused by lack of equipment, training and adequate organizational structure and the need to work at high speed regardless of time zone, language and cultural differences. Computer Network Information Security Policy 5 COMPUTER SECURITY Set up a firewall. Firewalls are an important means to ensure network security, network Management applications through the use of technology, packet filtering technology and agent technology, effectively control network access permissions, comprehensive data to external restrictions and discrimination .Meanwhile, the firewall can make the internal network structure Concealed, the external network to the internal network access to be limited in order to ensure the security of the internal network. In short, the firewall plays separated, analysis and its restricted role. Access control. Security policy and security model based on access control body set access permissions, such as to the identity of the user, password authentication, in order to gain the true identity of the user, to facilitate tracing network behavior . Combined with network licensing, issuing access permits the use of effective passwords and other means to prevent unauthorized users on the network information resources maliciously modified or used. Care must be taken to select a password which should enhance the security of the password strength, password and change them regularly to ensure information security. Strengthening Intrusion Detection. Network intrusion detection is a real-time network detection system can effectively compensate for the lack of firewalls and other protective means. Through real-time intrusion monitoring system to detect network security policy violations or external attacks, and calls the security warning and emergency response systems to ensure the security of network Information. Intrusion detection technology with real-time detection, early warning and response to counter other powerful features, is increasingly becoming an important means of enhancing network security. Information encrypted. Information technology is the key encryption technology to achieve information security, help strengthen security, through a particular encryption algorithm translated the important plaintext cipher text, so unauthorized users can not directly read the raw data, even if the data file is lost or stolen, as long as difficult to crack the key, so it will not lead to the leakage of confidential information, which greatly ensure information security. Close some not commonly used services and ports. From the theory in terms of computer security, computer systems were more port system is also more secure. For using the computer in the process, especially when the operating system is installed in inadvertently will not have to install some service functions and ports; it will not only occupy a certain system 6 COMPUTER SECURITY information and also reduce the security of computer systems sex. In addition. In order to understand the use of the user interface can be installed port monitoring program. It can be determined by examining those ports are not commonly used. In addition, once a virus into a computer system, the monitoring program can automatically alarm, some of the function can automatically shut down the port, effectively prevent hacker intrusion. IP addresses are correct hidden PC. IP address of the hacker and virus attacks must have a condition that is on the network and information attacks must have a real IP address to be a hacker to obtain the user's Padres mainly through the use of network technology to detect host information view, some of the traditional hackers and virus attacks, Flop overflow attacks and so must obtain address as preconditions. Therefore, the user should use a computer system when hiding your IP address, using a proxy server is the most common way to hide IP address; a hacker can only detect the proxy server IP address, but cannot get the user's real IP address You cannot find the real IP address will not be able to attack, effective maintenance of computer information and network security. Authentication technology. Authentication should include at least verification protocol and license agreement. A variety of network applications and computer systems are needed to confirm the legality through authentication, and then determine its personal data and specific permissions. For authentication system, the legitimate user's identity is easy to be someone else pretending to be its most important technical indicators. User being impersonated user may not only damage their own interests, but also may harm the interests of other users or the entire system. Therefore, authentication is the basis of authorization control. Only valid identity authentication, to ensure the effective implementation of access control, security audit, intrusion prevention and other security mechanisms. Timely installation of Vulnerability Patch. Vulnerability can be utilized during the attack weaknesses can be software, hardware, procedural shortcomings, functional design or improper configuration. University of Wisconsin Miller gives a research report on today's popular operating systems and applications, noting that the software cannot be without flaws and loopholes. Nowadays more and more viruses and hackers exploit software vulnerabilities to attack Internet users, such as the famous wave of virus attacks is to use the Microsoft RPC vulnerability to spread, the Sesser virus is the use of a Windows LSASS buffer overflow 7 COMPUTER SECURITY vulnerability exists in the attack. When our system there is loopholes in the program, it will cause great security risk. To correct these vulnerabilities, software vendors release patches. We should be installed vulnerability patch, effective solution to the security problems posed by vulnerable program. Vulnerability scanning can use specialized vulnerability scanners, such as COPS, tripwire, tiger and other software. File encryption and digital signature technology. File encryption and digital signature technology is to improve the security and confidentiality of information systems and data, one of the secrets to prevent external data theft, interception or destruction primary technologies Depending on the role, file encryption and digital signature technology is mainly divided into data transmission, data storage, data integrity of the three kinds of discrimination. MD means Encryption key Data integrity identification technology is mainly involved in the transmission of information, Access, processing of data related to the identity and to verify the contents, to confidentiality Requirements‟, including general identification passwords, keys, identity, data items of the system by Comparative validation object input feature value meets the preset parameters, to achieve data security. Send message of information Hash function The sender private key encryption Internet Abstract formed expressly MD Comparison. A digital signature is an effective method of network communications-specific safety issues, it enables the identification and validation of electronic documents, to ensure data integrity, privacy, non-repudiation has a very important role. Realization of digital signatures: 1) Usually a digital signature. A sender sends a message to give the recipient B M, the first one-way hash function is formed message digest MD, and then signed. This can confirm the source of the information and ensure the integrity of information, 2) Using asymmetric encryption algorithm and one-way hash function for digital signatures. This method uses two keys (public key and private key), respectively, the data encryption and decryption. If the public key to encrypt data, only with the corresponding private key can decrypt; if the private key used to encrypt the data, only the corresponding public key can decrypt. This approach allows anyone with the sender's public key can verify the digital signature is correct. Because the sender's private key confidentiality, so that the recipient can 8 COMPUTER SECURITY verify the results to either reject the message, but also makes it impossible to forge signatures and message packets to be modified One of the major areas of information security weakness discussed in the literature is on database vulnerabilities. Here again, the vulnerabilities are software and hardware related. The human factor has been glossed over. For instance, Shulman (2006) outlines ten vulnerabilities associated with database infrastructures but none of them talked about the activities end users do that make information systems vulnerable to attacks. In today's businesses, database technologies are needed more than before and with the increasing usage of the internet for business; threats or risks to these databases are growing. Lamar (2012) opines that database attacks are prevalent these days because of the following vulnerabilities which are summarized below: 9  Vulnerabilities in Operating Systems like Windows, UNIX and Linux and their services associated with the databases could create a loophole for illegal access which may lead to a Denial of Service (DoS) attack.  Database rootkits: A database rootkit is a program or a procedure that is hidden inside the database and that gives the administrator special privileges to be able to access data in the database. Sometimes the rootkits turn off alerts prompted by Intrusion Prevention Systems (IPS) which could be disastrous..  Weak authentication: Weak authentication models permit attackers to use tactics like social engineering and brute force to get hold of database login details of users.  Weak audit trails: A weak audit logging method in a database server is risky to an institution particularly in retail, financial, healthcare, and other businesses with strict regulatory observance. PCI, SOX, and HIPAA are rules that require extensive logging of actions and also generate events when something goes wrong. In order to resolve issues when something goes wrong, logging to critical transactions in a database must be done in an automated way. Audit trails work as the last line of database defense and can sense any violation. Audit trails can help trace back the violation to a particular period and a particular use. Majority of the known vulnerabilities are linked to an improper way of handling the inputs supplied by a user of the system, if these inputs are not properly processed before using them inside the application they can generate unforeseen behavior of the system. For instance, some identified and common vulnerabilities as described by Willy, Amel and Ana (2007) are:  Buffer overflow: this typically arises with permanent length buffers on occasions when a quantity of 9 COMPUTER SECURITY data is going to be written outside the boundaries of the existing defined capacity. The new data can corrupt the data of other buffers or processes and could create anomaly in the system. Again, the overflow of the buffer can be utilized to infuse malicious code, and then the execution sequence of the program could be changed in order to execute the malicious code and take control of the system.  XSS or cross site scripting: typically related to web applications and involves the injection of code in the pages accessed by end users. An attacker can exploit this and use it to bypass access controls, steal identity and perform phishing.  SQL injection: this is the injection of code to exploit the content of a database. It occurs when user inputs are not efficiently handled which gives the attacker access to sensitive information from the database.  Format string bugs: this typically occurs when external data is passed to an output function as an argument to format string. The printf output function in C language, for instance, creates an output based on the condition of the format string, some directives can write to memory locations, thus the printf can be exploited by an attacker to inject malicious code and alter the control flow to execute it.  Integer overflows: which are of two kinds, sign conversion bugs and arithmetic overflows. The former occurs when a signed integer is converted to an unsigned integer. 12 In the latter, the result of an arithmetic operation is an integer larger than the maximum integer and it is stored in an integer variable. Security focuses on a variety of threats and hinders them from penetrating or spreading into the network The most common threats include:  Trojan horses and spyware (spy programs)  DOS (Denial of service attacks)  Data interception and theft a. FLOODING In 1998, an American elite group, “The Digital Disturbance Theater” came up with Flood net, an application set to halt the Mexican president‟s webpage (for political reasons). Flood net is a java applet that automates the “refresh” button to click repeatedly. Sufficient users online would run the application and hence cause the site‟s server to continuously refresh until saturation and thus halt and disable the webpage. An attacker has used similar applications to take into hostage commercial websites in exchange for ransom. It is advisable for an organization to have for 10 COMPUTER SECURITY emergency, a savvy security expert (White-hat hacker); seeing that web technology is dynamic, with the ever changing trends in web scripting languages and browser configurations b. KEYLOGERS These are simple software codes that exploit what we call „hooks‟ on a computer‟s kernel. Hooks capture vital hardware traffic like Keystrokes and mouse movements. Software based Key loggers are programmed to capture any button stroke you type on the keyboard and save words as a text file. That includes all private information you type like Passwords, Google searches, Credit card number, emails, to name but a few. Regularly updating of the Antivirus is a sure way to beat this. Let it also be known that Hardware key loggers exist, masquerading as flash disks. USB password applications should deter such. c. TROJANS An experienced programmer is capable of creating a Trojan, a concealed application that runs in the background. A Trojan allows a hacker to become a ghost user on your PC/Workstation. They monitor when your computer is online to deliver captured keystroke log files to their preferred address. Hackers can always come back and upload a malicious code via the Trojan. Such a code maybe the one that kills your antivirus program after which, it takes your snap via webcam or taps into your office conversations from your laptop microphone. Trojans come tucked away neatly on pirated software and the so-called cracks we all like to use. As the adage goes, it is difficult to cheat an honest person. The converse is true for those who would escape this pitfall. Let them invest in genuine software. d. BLUETOOTH Bluetooth is emerging as a versatile networking technology connecting workstations to printers, smart phones etc. I see potential for mischief; where data could be wirelessly intercepted for malicious use. Such technology is currently non-existent, to the best of my knowledge, but nonetheless, a practical possibility. e. PHISING This is when emails appearing to come from well-known organizations pop up on your browser, sending you link and requesting for private information like credit card numbers, account passwords or congratulating you for winning. Watch out for that nice email from a website you 11 COMPUTER SECURITY do not even have an account with. Look-alike websites are also not uncommon. They will have you login and „refill‟ your personal details; after which they can make online purchases under your name or if they be diabolical enough, they will lock you out of your own account. (I lost my yahoo account that way). Numerous cyber security forums and workshops exist where one can always learn ways to have an edge over scammers and keep your business team informed f. RADIO JAMMING This can be a rare DOS (Denial of Service) technique to disrupt information flow in a wireless router network, accomplished by use of noise-generating radio devices. However, special Equipment exists, that can be used to track anonymous radio-noise sources, should interference be detected. g. WIRE SNIFFERS Attackers can always insert wire sniffing hardware at cable junctions. It should always be ensured that cable terminals and switch boards are always locked & access be granted only to authorized personnel. h. COMPROMISED SERVERS An exploited server is a server that is not entirely under your power. Someone else will have gained control of your server, using it for their own motives. Use of a Weak password is often one way a hacker will gain access to your server by guessing your password. People tend to use simple passwords to keep them memorable. Such include dates, lover/pet names, office surrounding etc. Caution must therefore be exercised by combining letters with numerals to create a simple yet strong password. i. SERVER SECURITY HOLES Server Security can be compromised via security holes in a web application like addons/plugins such as joomla / word press. It is advisable to use only secure connections whenever possible. This includes the use of SSL connections for email, and SFTP (Secure File transfer Protocol) instead of the more common but unsecure FTP protocol. j. ZERO DAY/HOUR ATTACK Take this for example. The „sticky keys‟ feature (sethc.exe) on your XP or Windows7 OS. It is a good accessibility feature that allows one to press special keys only once at a time. This 12 COMPUTER SECURITY application runs on the logon window when you press shift key five times even before you‟ve entered your password. One only needs to rename the command prompt shell (cmd.exe) to sethc.exe on a logged-in computer. By this, they will have gained full control of your laptop or workspace computer anytime later without passing through any known account. How? By simply pressing the shit key five times and voila, the command prompt! Try this for yourself (Hope they got that patched on Windows 8). Zero hour/day attacks take advantage software vulnerabilities that are yet to catch the eye of a software manufacture 13 COMPUTER SECURITY Summary Computer network security has become an important issue of network development at this stage, to ensure the network information security. We must depart from security threats through the use of advanced security technology and software technology to effectively monitor potential threats, and timely warning, response, to prevent malicious behavior. And should raise awareness of network security, improve the morality of the whole society, reduce network violations, efforts to establish a secure network environment. Vulnerability studies dwell on software or hardware aspects of the information assets ignoring the human aspect. The human factors vis-à-vis Information Technology (IT) have raised interest from the IT fraternity. Lesia and McCauleyBell (2007) concur that new solutions due to information insecurity have focused on technology alone while the human factor has been limited. 14