Computer Security: The Why’s and

Wherefores
 Agenda

• Introduction
• Security in distributed networks
• Proven system and network security measures
• Security administration issues
• Getting the most return on investment (ROI)
• Conclusion
 What is computer
security?
• General definition: computer security involves
providing appropriate levels of assurance of
– Availability of computing services and data/information
stored in computing systems
– Confidentiality of data/information stored in computing
systems
– Integrity of computing systems and data/information
stored therein
– Auditability of usage of computing systems and access to
data/information stored therein
– Non-repudiability of transactions initiated by individuals
and organizations
• the term 'availability' means ensuring timely and reliable access to and use of
information.
• confidentiality means the ability to protect data so that unauthorized parties
cannot view the data. The property that sensitive information is not disclosed to
unauthorized entities.
• Integrity means that data or information in your system is maintained so that it is
not modified or deleted by unauthorized parties. This is an important element of
data hygiene, reliability and accuracy.
• A data security audit is an evaluation of a company's entire security system to
identify areas of vulnerability. It's a preventive measure to protect your customers'
and employees' sensitive information against breaches of any kind.
• The certainty that someone cannot dispute the legitimacy of anything is known as
non-repudiation. Non-repudiation is a regulatory notion commonly used in
cybersecurity and refers to the service that confirms the origin and integrity of
data.
The number of security-related
incidents is escalating
Hacker forces Sun
to cut off outside
access
Computer system is shut
down in an effort to stop
possible sabotage of a product.
BY TOM SCHMITZ
Mercury News Staff Writer
Sun Microsystems Inc. cut off outside
access to its computer system Friday in
an attempt to block a hacker who
insiders say has been wreaking havoc
on the company’s internal network,
possibly trying to sabotage one of Sun’s
products.
POLICE FOIL £1M HACKING PLOT
30 January 2000 - Police have charged a woman under the
Computer Misuse Act following a £1 million hacking incident at a
leading city finance company.
Elaine Borg, a computer operator at fund managers Henderson
Financial Investment Services, is accused of hacking into the
company’s computer system between 1 October 1999 and 19
January 2000 with intent to defraud it of £1 million.
Borg appeared at City Magistrates’ Court in London last week
where police charged her under section two of the Computer
Misuse Act. Section two covers unauthorized access to system
with the aim of assisting a more serious crime, such as fraud or
blackmail.
Borg was arrested after security devices in the company’s OS/390
based systems detected irregular procedures. The irregularities
were monitored and traced back to Borg’s terminal.
GE Says Computers Linked
to Internet Were
Infiltrated
BY JARED SANDBERG
Staff Reporter of the WALL STREET JOURNAL
NEW YORK - Computer
hackers infiltrated General Electric Co.
computers connected to the Internet, according
to a broadcast report by GE’s local NBC
television station here.
The computer breach, which was
confirmed by a GE spokeswoman, gave the
hackers access to research and proprietary
information on GE computers in two cities,
according to the report on WNBC-TV. The
intruders, who managed to penetrate robust
security barriers, known as “firewalls, and
How much money is being spent?
What are organizations doing about it?
 Number of cyber threat incidents reported to
CyberSecurity Malaysia through MyCERT in 2022, by
type of crime
 Agenda
• Introduction
• Security in distributed networks
• Proven system and network security measures
• Security administration issues
• Getting the most return on investment (ROI)
• Status of cybersecurity legislation
• Conclusion
 Major security challenges in
distributed computing environments
• It is difficult to centralize security (as opposed to
mainframes)
• Clients create weak links in security
• Diversity of clients exacerbates the problem
• Just about every protocol used in client-server
communications at every layer of the OSI model has
inherent security-related weaknesses
Types of security threats in distributed
computing environments
• Unauthorized users
• Misrepresentation or spoofing
• Unauthorized invocation of services
• Corruption of functions or operations
• Denial of service
 Distributed denial of service attacks

Master gives signal to

Handler

Handler
 Distributed denial of service attacks

Handler sends
command to
Zombies

Handler

(continued from previous slide)

 Distributed denial of service attacks

Zombies release packet

barrage

Handler

(continued from previous slide)

 Major solutions
• Authentication--proving the identity of a person or
system
• Access control--limiting who and what can gain access to
– Systems and their components
– Network devices
– Applications
– Data
• Encryption-- transforming data in a manner such that
they cannot be meaningfully read because they are
garbled
• Auditing and monitoring
 Access control
• Many forms
– Selective blocking of network traffic
– Selective access to individuals or hosts
• Can be applied within
– Networks (e.g., firewalls)
– Individual hosts (e.g., personal firewalls)
– Applications
– File systems (e.g., permissions)
Some proven system security measures

• Requiring everyone to select and use a good (guess-

resistant) password
• Setting appropriate password aging parameters
• Using third-party authentication
• Running updated anti-virus software
• Setting restrictive file access permissions
• Limiting privileges to the minimum needed to get
the job done
• Setting appropriate levels of auditing and inspecting
logs frequently
Some proven system security measures

• Running personal firewalls

• Restricting dial-in access via modem
• Backing up critical computing systems as often as
appropriate
• Creating and testing a plan to follow in case an
attack causes a system to become unusable
• Encrypting files stored on hard drives
• Implementing appropriate physical security
measures
(continued from previous slide)
 Proven network security measures

• Firewalls
• Network authentication measures
• Appropriate network architectures
• Limiting services that run
• Intrusion detection
• Vulnerability scanning
• Encryption of network transmissions
 Never underestimate the value of
security training and awareness
• The Gartner Group found that training and
awareness produces more dividends than any other
single security-related measure
• Target audiences include
– Users
– System and network administrators
– Auditors
– Management
 Security administration issues

• Issues include
– Configuring systems to be secure right from the start
– Installing patches as needed
– Inspecting server configuration and settings to ensure that
unauthorized changes have not occurred
– Taking measures to minimize the likelihood of unauthorized changes
in the future
• Are extremely important because
– Machines are a target the minute they connect to the net
– The time gap between the discovery of a vulnerability and the time
it is exploited has narrowed considerably
– Most security-related events involve some degree of unauthorized
changes to systems and networks
What if you don’t patch vulnerabilities?

• You can always take a chance, but…

• Services in which vulnerabilities exist can be turned
off
– Running as few services as possible is a good idea, anyway
– Can result in denial or disruption of service, however
• Firewalls and personal firewalls can compensate
– Can stop attacks intended to exploit unpatched vulnerabilities
– Solution is anything but perfect
 Special concerns about patching

• Sheer number of patches

• Diversity of operating systems and applications that
need to be patched
• Which patches really need to be installed?
• How fast must the ones that are genuinely
necessary be installed?
• Has the patch been sufficiently tested?
• Bottom line--develop procedures to be followed in
evaluating/installing each new patch
The lighter side of the problem
 Getting the most ROI

• Always consider costs versus benefits when

considering implementing security measures
• Using metrics to show cost savings is the most
effective way to communicate ROI to management

(continued from previous slide)

 Agenda

• Introduction
• Security in distributed networks
• Proven system and network security measures
• Security administration issues
• Getting the most return on investment (ROI)
• Status of cybersecurity legislation
• Conclusion
 Conclusion
• Computer and information security continue to
grow in importance
• The gap between attackers’ capabilities and ability
to defend against them is widening
• Neglecting security is the worst thing you can do
• Defense in depth (multi-tiered defenses) work best
• Always weigh costs versus benefits when
considering security measures
• Nobody ever said this was going to be easy!
Threats and Attacks

Principles of Information Security, 2nd

Edition
 Learning Objectives
Upon completion of this material, you should be able to:

• Identify and understand the threats posed to

information security
• Identify and understand the more common
attacks associated with those threats

Principles of Information Security, 2nd

Edition
 Threats

• Threat: an object, person, or other entity that

represents a constant danger to an asset

• Management must be informed of the

different threats facing the organization

• By examining each threat category,

management effectively protects information
through policy, education, training, and
technology controls
Principles of Information Security, 2nd
Edition
 Threats (continued)
• The 2004 Computer Security Institute
(CSI)/Federal Bureau of Investigation (FBI)
survey found:
– 79 percent of organizations reported cyber
security breaches within the last 12 months
– 54 percent of those organizations reported
financial losses totaling over $141 million

Principles of Information Security, 2nd

Edition
Threats to Information Security

Principles of Information Security, 2nd

Edition
 Acts of Human Error or Failure
• Includes acts performed without malicious
intent
• Causes include:
– Inexperience
– Improper training
– Incorrect assumptions
• Employees are among the greatest threats to
an organization’s data
Principles of Information Security, 2nd
Edition
Acts of Human Error or Failure (continued)
• Employee mistakes can easily lead to:
– Revelation of classified data
– Entry of erroneous data
– Accidental data deletion or modification
– Data storage in unprotected areas
– Failure to protect information

• Many of these threats can be prevented with

controls
Principles of Information Security, 2nd
Edition
Figure 2-1 – Acts of Human Error or Failure

Principles of Information Security, 2nd

Edition
 Deliberate Acts of Espionage or Trespass
• Access of protected information by unauthorized
individuals
• Competitive intelligence (legal) vs. industrial
espionage (illegal)
• Shoulder surfing occurs anywhere a person accesses
confidential information
• Controls let trespassers know they are encroaching on
organization’s cyberspace
• Hackers uses skill, guile, or fraud to bypass controls
protecting others’ information
Principles of Information Security, 2nd
Edition
Principles of Information Security, 2nd
Edition
 Deliberate Acts of Theft
• Illegal taking of another’s physical,
electronic, or intellectual property

• Physical theft is controlled relatively easily

• Electronic theft is more complex problem;

evidence of crime not readily apparent

Principles of Information Security, 2nd

Edition
 Deliberate Software Attacks
• Malicious software (malware) designed to
damage, destroy, or deny service to target
systems

• Includes viruses, worms, Trojan horses, logic

bombs, back doors, and denial-of-services
attacks

Principles of Information Security, 2nd

Edition
Principles of Information Security, 2nd
Edition
 Forces of Nature
• Forces of nature are among the most
dangerous threats

• Disrupt not only individual lives, but also

storage, transmission, and use of
information

• Organizations must implement controls to

limit damage and prepare contingency plans
for continued operations
Principles of Information Security, 2nd
Edition
 Deviations in Quality of Service
• Includes situations where products or
services not delivered as expected

• Information system depends on many

interdependent support systems

• Internet service, communications, and

power irregularities dramatically affect
availability of information and systems

Principles of Information Security, 2nd

Edition
 Internet Service Issues
• Internet service provider (ISP) failures can
considerably undermine availability of
information

• Outsourced Web hosting provider assumes

responsibility for all Internet services as well
as hardware and Web site operating system
software

Principles of Information Security, 2nd

Edition
 Attacks

• Act or action that exploits vulnerability (i.e.,

an identified weakness) in controlled system
• Accomplished by threat agent which damages
or steals organization’s information

Principles of Information Security, 2nd

Edition
Table 2-2 - Attack Replication Vectors

New Table

Principles of Information Security, 2nd

Edition
 Attacks (continued)
• Malicious code: includes execution of
viruses, worms, Trojan horses, and active
Web scripts with intent to destroy or steal
information

• Back door: gaining access to system or

network using known or previously
unknown/newly discovered access
mechanism
Principles of Information Security, 2nd
Edition
 Attacks (continued)
• Password crack: attempting to reverse
calculate a password

• Brute force: trying every possible

combination of options of a password

• Dictionary: selects specific accounts to attack

and uses commonly used passwords (i.e., the
dictionary) to guide guesses

Principles of Information Security, 2nd

Edition
 Attacks (continued)
• Denial-of-service (DoS): attacker sends large number
of connection or information requests to a target
– Target system cannot handle successfully along with
other, legitimate service requests
– May result in system crash or inability to perform
ordinary functions
• Distributed denial-of-service (DDoS): coordinated
stream of requests is launched against target from
many locations simultaneously

Principles of Information Security, 2nd

Edition
Figure 2-9 - Denial-of-Service Attacks

Principles of Information Security, 2nd

Edition
 Attacks (continued)
• Spoofing: technique used to gain unauthorized
access; intruder assumes a trusted IP address

• Man-in-the-middle: attacker monitors network

packets, modifies them, and inserts them back
into network

• Spam: unsolicited commercial e-mail; more a

nuisance than an attack, though is emerging
as a vector for some attacks
Principles of Information Security, 2nd
Edition
 Virus and Worms
• A computer virus attaches itself to a program or
file enabling it to spread from one computer to
another, leaving infections as it travels.
• Almost all viruses are attached to an executable
file
• It is important to note that a virus cannot be
spread without a human action, (such as running
an infected program) to keep it going.
• Because a virus is spread by human action people
will unknowingly continue the spread of a
computer virus by sharing infecting files or
sending emails with viruses as attachments in the
email.
 Worm
• A worm is similar to a virus by design and is considered
to be a sub-class of a virus. Worms spread from
computer to computer, but unlike a virus, it has the
capability to travel without any human action. A worm
takes advantage of file or information transport
features on your system, which is what allows it to
travel unaided.
• Due to the copying nature of a worm and its capability
to travel across networks the end result in most cases
is that the worm consumes too much system memory
(or network bandwidth), causing Web servers, network
servers and individual computers to stop responding.
 Trojan Horse
• The Trojan Horse, at first glance will appear to be useful software but will
actually do damage once installed or run on your computer.  Those on the
receiving end of a Trojan Horse are usually tricked into opening them
because they appear to be receiving legitimate software or files from a
legitimate source. 
• When a Trojan is activated on your computer, the results can vary. Some
Trojans are designed to be more annoying than malicious (like changing
your desktop, adding silly active desktop icons) or they can cause serious
damage by deleting files and destroying information on your system.
• Trojans are also known to create a backdoor on your computer that gives
malicious users access to your system, possibly allowing confidential or
personal information to be compromised. Unlike viruses and worms,
Trojans do not reproduce by infecting other files nor do they self-replicate.
• Fast Facts: Appears useful but damages system, requires human action to
run, do not self-replicate.
Tips to Combat Viruses, Worms and Trojan Horses
on Your Computer

• 1. Keep The Operating System Updated

• 2. Use a Firewall
• 3. Use original Antivirus
• 4. Update Antivirus regularly
 Hacking and Spamming

Botnets
• A collection of software robots, or 'bots', that creates an
army of infected computers (known as ‘zombies') that are
remotely controlled by the originator. Yours may be one of
them and you may not even know it.
What they can do:
• Send spam emails with viruses attached.
• Spread all types of malware.
• Can use your computer as part of a denial of service attack
against other systems.
Hacking
• Hacking is a term used to describe actions taken by
someone to gain unauthorized access to a computer.
The availability of information online on the tools,
techniques, and malware makes it easier for even non-
technical people to undertake malicious activities.
What it can do:
• Find weaknesses (or pre-existing bugs) in your security
settings and exploit them in order to access your
information.
• Install a Trojan horse, providing a back door for
hackers to enter and search for your information.
Malware
• Malware is one of the more common ways to infiltrate or damage
your computer.
What it is:
• Malicious software that infects your computer, such as computer
viruses, worms, Trojan horses, spyware, and adware.
What it can do:
• Intimidate you with scareware, which is usually a pop-up message
that tells you your computer has a security problem or other false
information.
• Reformat the hard drive of your computer causing you to lose all your
information.
• Alter or delete files.
• Steal sensitive information.
• Send emails on your behalf.
• Take control of your computer and all the software running on it.
Phishing
• Phishing is used most often by cyber criminals because it's easy to
execute and can produce the results they're looking for with very little
effort.
What it is:
• Fake emails, text messages and websites created to look like they're
from authentic companies. They're sent by criminals to steal personal
and financial information from you. This is also known as “spoofing”.
What it does:
• Trick you into giving them information by asking you to update,
validate or confirm your account. It is often presented in a manner
than seems official and intimidating, to encourage you to take action.
• Provides cyber criminals with your username and passwords so that
they can access your accounts (your online bank account, shopping
accounts, etc.) and steal your credit card numbers.
Spam
• Spam is one of the more common methods of both sending information out
and collecting it from unsuspecting people.
What it is:
• The mass distribution of unsolicited messages, advertising or pornography to
addresses which can be easily found on the Internet through things like social
networking sites, company websites and personal blogs.
• Canada's anti-spam legislation applies to all commercial electronic messages.
A commercial electronic message is any electronic message that encourages
participation in a commercial activity, regardless of whether there is an
expectation of profit.
What it can do:
• Annoy you with unwanted junk mail.
• Create a burden for communications service providers and businesses to filter
electronic messages.
• Phish for your information by tricking you into following links or entering
details with too-good-to-be-true offers and promotions.
• Provide a vehicle for malware, scams, fraud and threats to your privacy.
Spoofing
• This technique is often used in conjunction with phishing in an
attempt to steal your information.

What it is:
• A website or email address that is created to look like it comes
from a legitimate source. An email address may even include
your own name, or the name of someone you know, making it
difficult to discern whether or not the sender is real.
What it does:
• Spends spam using your email address, or a variation of your
email address, to your contact list.
• Recreates websites that closely resemble the authentic site.
This could be a financial institution or other site that requires
login or other personal information.
Spyware
• Spyware & Adware
• Spyware and adware are often used by third parties to infiltrate your
computer.
What it is:
• Software that collects personal information about you without you knowing.
They often come in the form of a ‘free' download and are installed
automatically with or without your consent. These are difficult to remove
and can infect your computer with viruses.
What it can do:
• Collect information about you without you knowing about it and give it to
third parties.
• Send your usernames, passwords, surfing habits, list of applications you've
downloaded, settings, and even the version of your operating system to
third parties.
• Change the way your computer runs without your knowledge.
• Take you to unwanted sites or inundate you with uncontrollable pop-up ads.
Principles of Information Security, 2nd
Edition
Figure 2-11 - Man-in-the-Middle

Principles of Information Security, 2nd

Edition
 Attacks (continued)
• Mail bombing: also a DoS; attacker routes large
quantities of e-mail to target

• Sniffers: program or device that monitors data

traveling over network; can be used both for
legitimate purposes and for stealing information
from a network

• Social engineering: using social skills to convince

people to reveal access credentials or other
valuable information to attacker
Principles of Information Security, 2nd
Edition
 Attacks (continued)
• Buffer overflow: application error occurring
when more data is sent to a buffer than can
be handled

• Timing attack: relatively new; works by

exploring contents of a Web browser’s cache
to create malicious cookie

Principles of Information Security, 2nd

Edition
 Summary

• Threat: object, person, or other entity

representing a constant danger to an asset

• Attack: a deliberate act that exploits

vulnerability

Principles of Information Security, 2nd

Edition
 Video Links:
• https://www.youtube.com/watch?
v=uAHFNuDlcRw&ab_channel=IBMTechnology
• https://www.youtube.com/watch?
v=W46HD9XkLLE&ab_channel=MakeItEasyEdu
cation