The computers are being used frequently in our daily life and it has proven importance in each and every field. We do all types of work which may be simple and some may be confidential and secret, so we expect our system to keep them personal and secure, otherwise it may get misused by anybody or may be attacked by viruses.
Computer security is also known as cyber security or IT security. Computer security is a branch of information technology known as information security, which is intended to protect computers. It is the protection of computing systems and the data that they store or access.
Methods to Provide Protection:There are four primary methods to provide protection
- System Access Control It ensures that unauthorized users do not get into the system by encouraging aurhorized users to be security conscious. For example, by changing their passwords on a regular basis.
- Data Access Control It monitors who can access what data, and for what purpose. Your system might support mandatory access controls with these. The sytem determines access rules based on the security levels of the people, the files, and the other objects in your system.
- System and Security Administration It performs offline procedures that makes or breaks secure system,
- System. Design it takes advantage of basic hardware and software security characteristics. For example, using a system architecture thats able to segment memory, thus isolating privileged processes from no privileged processes.
Components of Computer Security: Computer security is associated with many core areas. Basic components of computer security system are
- Confidentiality It ensures that data is not accessed by any unauthorized person.
- Integrity It ensures that information is not altered by any unauthorized person in such a way that it is not detectable by authorized users.
- Authentication It ensures that users are the persons they claim to be.
- Access Control It ensures that users access only those resources that they are allowed to access.
- Non-Repudiation It ensures that originators of messages cannot deny they are not sender of the message.
- Availability It ensures that systems work promptly and service is not denied to authorized users.
- Privacy It ensures that individual has the right to use the information and allows another to use that information.
- Steganography It is an art of hiding the existance of a message. It aids confidentiality and integrity of the data.
- Cryptography It is the science of writing information in a hidden or secret form and is an ancient art. It protects the data in transmit and also the data stored on the disk.
Some terms commonly used in cryptography are:
Plain Text It is the original message that is an input.
Cipher It is a bit-by-bit or character-by- character transformation without regard to the meaning of the message.
Cipher Text It is the coded message or the encrypted data.
Encryption It is the process of converting plain text to cipher text, using an encryption algorithm.
Decryption It is the reverse of encryption i.e., converting cipher text to plain text.
Transport Layer Security (TLS) Protocol:
It is a cryptographic protocol which provides secure http connection, enabling two parties
to communicate with privacy and data integrity.
Sources of Attack:
The most potent and vulnerable threat of computer users is virus attacks. A computer virus is a small software program that spreads from one computer to another and that interferes with computer operation.
It is imperative for every computer user to be awar, about the software and programs that can help to protect the personal computers from attacks. The sources of attack can be
Downloadable files are one of the best possible sources of virus. Any types of executable file like games, screen saver are one of the major sources, you want to download programs from the interne then it is necessary to scan every program before downloading them.
These softwares are another source of virus attack such cracked forms of illegal files contain virus am bugs that are difficult to detect as well as to remove Hence, it is always a preferable option to download software from the appropriate source.
These attachments are the most common source of viruses. You must handle e-mail attachments with extreme care, especially if the e-mail comes from an unknown sender.
Internet (Best Possible Source of Viruses) :
Majority of all computer users are unaware as when viruses attack computer systems. Almost a computer users click or download everything that comes their way and hence unknowingly invites the possibility of virus attacks.
Booting from Unknown CD:
When the computer system is not working, it is good practice to remove the CD. If you do no
remove the CD, it may start to boot automatically from the disc which enhances the possibility of virus attacks.
Threats to Computer Security –
Computer systems are vulnerable to many threats that can inflict various types of damage resulting in significant losses. A threat is a potential violation of security and when threat gets
executed, it becomes an attack. Those who execute such threats are known as attackers. Malware stands for malicious software. It is a broad term that refers to a variety of malicious
programs that are used to damage computer system, gather sensitive information, or gain access to private computer systems. Malware is unwanted software that any unauthorized person wants to run on your computer. These are known as security threats. It includes computer viruses, worms, trojan horses, rootkits, spyware, adware etc.
Some of them are described below.
Virus stands for vital information resource under siege. Computer Viruses or perverse software are small programs that can negatively affect the computer. It obtains control of a PC and directs it to perform unusual and often destructive actions. Viruses are copied itself and attached itself to other programs which further spread the infection. The virus can affect or attack any part of the computer software such as the boot block, operating system, system areas, files and application program.
Type of Virus: Some common types of viruses are-
- Resident Virus It fixes themselves into the systems memory and get activated whenever the OS runs and infects all the files that are then opened. It hides in the RAM and stays there even after the malicious code is executed. e.g., Randex, Meve etc.
- Direct Action Virus It comes into action when the file containing the virus is executed. It infects files in the folder that are specified in the AUTOEXEC.BAT file path. e.g., Vienna virus.
- Overwrite Virus It deletes the information contained in the files that it infects, rendering them partially or totally useless, once they have been infected. e.g., Way, Trj.Reboot, Trivial.88-D etc.
- Boot Sector Virus It is also called Master Boot Sector Virus or Master Boot Record Virus. This type of virus affects the boot sector of a hard disk. e.g., Poly boot.B, Anti EXE etc.
- Macros Virus It infects files that are created using certain applications or programs that- contain macros, like .doc, XIs, . pps etc. e.g., Melissa.A etc.
- File System Virus It is also called Cluster Virus or Directory Virus. It infects the jirectory of your computer by changing the path that indicates the location of a file. e.g., Dir-2 virus etc.
- Polymorphic Virus It encrypts or encodes itself in an encrypted way, every time it infects a system. This virus then goes on to create a large number of copies. e.g., Elkern, Tuareg etc.
- FAT Virus It is used to store all the information about the location of files, unusable space etc. e.g., Link virus etc.
- Multipartite Virus It may spread in multiple ways such as the operating system installed or the existance of certain files. e.g., Flip etc.
- Web Scripting Virus Many websites execute complex code in order to provide interesting content. These sites are sometimes created with purposely infected code. e.g., J .S. Fortnight etc.
Some common viruses are tabulated below
|1988||The Morris Internet Worm|
|2000||I Love You|
|2014||Net Worm, Heart Bleed|
Effects of Virus:
There are many different effects that viruses can have on your computer, depending on the types of virus. Some viruses can
- monitor what you are doing.
- slow- down your computers performance.
- download illegal files onto your computer without you being able to delete them.
- destroy all data on your local disk.
- generate IP address randomly and sends those IP address automatically.
- affect on computer networks and the connection to Internet.
- steal confidential information like password, account number, credit card information by random e-mailing.
- increase or decrease memory size.
- display different types of error messages.
- decrease partition size.
- alter PC settings.
- display arrays of annoying advertising.
- extend boot times,
- create more than one partition.
- cause computer to make strange noises, make music, clicking noises or beeps.
- damage data files.
- make disc unreadable.
- cause damage they were not designed to.
A computer worm is a standalone mal ware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program.
Worms almost always cause atleast some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Worms are hard to detect because they are invisible files.
e.g., Bagle, I love you, Morris, Nimda etc.
A Trojan, or Trojan Horse, is a non-self-replicating type of malware which appears to perform a desirable function but instead facilitates unauthorized access to the users computer system.
The term is derived from the Trojan Horse story in Greek mythology because Trojan Horses employ a form of “social engineering” presenting themselves as harmless, useful gifts, in order to
persuade victims to install them on their computers.
Trojans do not attempt to inject themselves into other files like a computer virus. Trojan Horses may steal information, or harm their host computer systems. Trojans may use drive-by downloads or install via online games or Internet-driven applications in order to reach target computers. Unlike viruses, Trojan horses do not replicate themselves.
e.g., Beast, Sub7.Zeus, ZeroAccess Rootkit etc.
Spyware is a program which is installed on a computer system to spy on the system owners activity and collects all the information which is misused afterwards. It tracks the users behaviour and reports back to a central source.
These are used for either legal or illegal purpose. Spyware can transmit personal information to another persons computer over the internet.
Spyware can harm you in many ways such as
- Steal your passwords.
- Observe your browsing choices.
- Spawn pop-up windows.
- Send your targeted e-mail.
- Redirect your web browser to phishing pages.
- Report your personal information to distant servers.
- Can alter your computer settings (like web browser, home page settings or the placement of your desktop icons).
- Can affect the performance of your computer system.
e.g., Cool Web Search, FinFisher, Zango, Zlob Trojan, Keyloggers etc.
Symptoms of a Malwore Attock:
There is a list of symptoms of malware attack which indicates that your system is infected with a computer malware.
Some primary symptoms are
- Odd messages are displaying on the screen.
- Some files are missing.
- System runs slower.
- PC crashes and restarts again and again.
- Drives are not accessible.
- Antivirus software will not run or installed.
- Unexpected sound or music plays.
- The mouse pointer changes its graphic.
- System receives strange e-mails containing odd attachments or viruses.
- PC starts performing functions like opening or closing windows, running programs on its own.
Some Other Threats: There are some other threats which are described below.
Spoofing is the technique to access the unauthorized data without concerning to the authorised user. It access the resources over the network. It is also known as Masquerade.
IP spoofing is a process or technique to enter in another computer by accessing its IP address. It pretend to be a legitimate user and access to its computer via a network.
Salami Technique: It diverts small amounts of money from a large number of accounts maintained by the system.
Hacking is the act; of intruding into someone elses computer or network. Hacking may result in a Denial of Service (DOS) attack. It prevents authorised users from accessing the resources of the computer. A hacker is someone, who does hacking process.
It is the act of breaking into computers. It is a popular, growing subject on the internet. Cracking tools are widely distributed on the internet. They include password crackers, trojans, viruses, war-dialers, etc. .
It is characterised by attempting to fraudulently acquire sensitive information such as passwords, credit cards details, ere – by masquerading as a trustworthy person. Phishing messages usually take the form of fake notifications from banks providers, e-pay systems and other organisation. It is a type of internet fraud that seeks to acquire a users credentials by deception.
It is the abuse of messaging systems to send unsolicited bulk messages in the form of E-mails it is a subset of electronic spam involving nearly identical messages sent to numerous recipients by E-mails.
It is any software package which automatically renders advertisements in order to generate revence for its author. The term is sometimes used to refer the software that displays unwanted advertisements.
Rootkit is a type of malware that is designed to gain administrative level control over a computer system without being detected. Rootkits can change how the operating system functions and in some cases, can temper with the antivirus program and render it infective. Rootkits are also difficult to remove, in some cases, require a complete re-installation of the operating system.
- Brain was the first PC boot sector virus created in 1986.
- Creeper was the first computer virus created in 1971.
- Parasitic virus attaches themselves to programs. also known as executables. The word parasites is used because a virus attaches to files or boot sectors and replicates itself, thus continuing to spread. It is designed as hide from Bomb-virus detection. .
- Payloads is code in the worm designed to do more than spread the worm. Bomb virus has a
- Logic Bomb is a malicious program intentionally inserted into a software system and is timed to cause harm at a certain point in time but is inactive until that point. Unlike viruses. it does not replicate itself.
- Payloads is code in the worm designed to do more than spread the worm. Bomb virus has a
Solutions to Computer Security Threats:
To safe the computer system from unauthorized access and threats, it is necessary to design some safeguards that handles these threats efficiently.
Some safeguards (or solutions) to protect a computer system from accidental access, are described below,
Antivirus software is a application software that are designed to prevent, search for, detect and remove viruses and other malicious software like worms, trojans, adware and more. It consists of computer programs that attempt to identify threats and eliminate computer viruses and other malware.
Some Popular Antivirus:
- ·Trend Micro
- ·Quick Heal
Digital Certificate: Digital certificate is the attachment to an electronic message used for security purposes.
The common use of a digital certificate is to verify that a user sending a message is who he or he claims to be, and to provide the receiver with the means to encode a reply. It provides a means of proving your identity in electronic transactions. The digital certificate contains information about whom the certificate was issued to, as well as the certifying authority that issued it.
It is an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable and cannot be imitated by someone else. Also, the signer of a document cannot later disown it by claiming that the signature was forged.
Firewall: A firewall can either be software-based or hardware-based and is used to help in keeping a network secure.
Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set.
A networks firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external (inter) network, such as the Internet, that is not assumed to be secure and trusted. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users.
There are two forms of firewalls:
Hardware (External) Firewall:
It provides protection to a local network. It is physical device that sits between the computer and the Internet. Hardware firewall requires quite a bit of work to fully configure.
These may range from a simple router to a proxy server that directs all traffic to a server elsewhere on the Internet before sending or taking data from a computer or a network.
Software (Internal) Firewall:
Software firewalls installed directly into the computer as programs. Once installed, these firewalls activate themselves and set up with relative ease.
There are four general techniques for access control
- Service Control It determines the types of Internet services that can be accessed, inbound or outbound.
- Direction Control It determines the direction in which particular service requests are allowed to flow.
- User Control It controls access to a service according to which user is attempting to access it.
- Behaviour Control It controls how particular services are used.
A password is a secret word or a string of characters used for user authentication to prove identity or access approval to gain access to a resource, which should be kept secret from those who are not allowed to get access.
In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, ATMs etc. A password is typically somewhere between 4 to 16 characters, depending on flow the computer system is set up.
When a password is entered, the computer system is careful not to display the characters on the display screen, in case others might see it.
There are two common modes of password as follows
1. Weak Password Easily remember just. -like names, birth dates, phone number etc.
2. Strong Password Difficult to break and a combination of alp habets and symbols. .
Some basic guidelines on setting a password are
- Do choose a password with atleast 8 characters containing both Alpha and Numeric characters.
- Do not use your computer account name, or the reverse of it, as the password.
- Do not write down your password. Do not store any password in any system including your own Pc.
- Change your password periodically.
- Avoid using the same password for multiple accounts.
- Always verify a users identity before resetting a password.
- Do not use persons, places or things that can be identified with you.
- Always logout or lock your terminal before leaving it.
- Choose passwords that are easy to remember but are difficult for an attacker to guess.
- Avoid using dictionary words, including foreign language, slong, jargon and proper names.
File Access Permission:
Most current file systems have methods of assigning permissions or access rights to specific users and group of users.
These systems control the ability of the users to view or make changes to the contents of the file
system. File access permission refer to privileges that allow a user to read, write or execute a file.
There are three specific permissions as follows
1. Read Permission- If you have read permission of a file, you can see the contents. In case of directory access means that the user can read the contents.
2. Write Permission- If you have write permission of a file, you can modify or remove the contents of a file. In case of directory, you can add or delete files to the contents of the directory.
3. ExecutePermission – If you have execute permission of a file, you can only execute a file.
In case of directory, you must have execure access to the bin directory in order to execute it or cd command.
Intrusion-Detection System- This system monitors real-time network traffic for malicious activity and sends alarms for network traffic that meets. certain attack patterns or signatures.
Secure Socket Layer (SSL)- It is an algorithm that provides application independent security and privacy over the internet. SSL allows both server authentication (mandatory) and client authentication (optional).
IP Security Protocol:
This security protocol suite is used to provide privacy and authentication services at the internet layer. IP security allows authentication, encryption and compression of IP traffic.
Some Security Related Terms:
- Eavesdropping The attacker monitors transmissions for message content.
- Masquerading The attacker impersonates an authorised user and thereby gain certain unauthorised privilege.
- Replay The attacker monitors transmission and retransmits messages as the legitimate user,
- Pretty Good Privacy (PGP) It is a software that encrypts your E-mail as well as digitally signs’ it.
- Hack Bot This is a host exploration tool. simple vulnerability scanner and banner logger.
- Patches It is a piece of software designed to fix problems with a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs and improving the usability and performance.
- Logic Bomb It is a piece of code intentionally inserted into a computers memory that will set off a malicious function when specified conditions are met. They are also called slag code and does not replicate itself.
- Time bomb It is a piece of software, that is used to the explode at a particular time.
- Application Gateway This applies security mechanisms to specific applications such as File Transfer Protocol (FTP) and Telnet Services,
- Proxy Server A proxy server can act as a firewall by responding to input packets in the manner of an application while blocking other packets. It hides the true network addresses and used to intercept all messages entering and leaving the network.