Introduction

Tanzillah Wahid
What is Computer Security?
• "Computer security, cyber security or information technology security
(IT security) is the protection of computer systems and networks from
the theft of or damage to their hardware, software, or electronic
data, as well as from the disruption or misdirection of the services
they provide." - Wikipedia.
The C.I.A. Triad
• Computer security addresses three areas:
❖ Confidentiality
❖ Integrity
❖ availability.
• These are known as the CIA triad (sometimes called the AIC triad to
avoid confusion with the U.S. Central Intelligence Agency).
The C.I.A. Triad
• Confidentiality: The term covers two related topics:
❖ Data Confidentiality: Private or confidential information has not been
disclosed to unauthorized people.
❖ Privacy:the right of an individual to have some control over how his or her
personal information is collected, used, and/or disclosed.
• Integrity: This term covers two related topics.
❖ Data Integrity: Information and programs has not been modified or altered
without proper authorization.
❖ System Integrity:a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of
the system.
• Availability: Information is able to be stored, accessed, or protected at all
times.
Some Keywords
• Security Vulnerability: A flaw or weakness in a system’s design,
implementation or operation and management that could exploit the
system’s security policy.
• Attack: An attack is any action that violates security.
• Threat: A malicious act that aims to corrupt or steal data or disrupt an
organization’s system or the entire organization.
• Countermeasure:An action, procedure, or technique that reduces a
threat, a vulnerability, or an attack by eliminating or preventing it, by
minimizing the harm it can cause, or by discovering and reporting it
so that corrective action can be taken.
Some Keywords
• Security Policy: A set of rules and practices that specify or regulate
how a system or organization provides security services to protect
sensitive and critical system resources.
• Risk: The probability of exposure or loss resulting from a attack on an
organization.
Security Objectives
• Prevention: prevent attackers from violating security policy.
– Implement mechanisms that users cannot override.
– Example: ask for a password.
• Detection: detect & report attacks
– Important when prevention fails – Indicates & identifies weaknesses
with prevention.
– Also: detect attacks even if prevention is successful.
• Recovery: stop the attack, repair damage
– Or continue to function correctly even if attack succeeds.
– Forensics: identify what happened so you can fix it.
– Example: restoration from backups.
AAA of Security
• Authentication: When a person’s identity is established with proof and
confirmed by a system

● Something you know

● Something you are
● Something you have
● Something you do
● Somewhere you are

• Authorization: Occurs when a user is given access to a certain piece of data

or certain areas of a building
• Accounting: Tracking of data, computer usage, and network resources
Non-repudiation occurs when you have proof that someone has taken an
action.
Types of threats
• Malware:This is a generic term for software that has a malicious
purpose. It includes virus attacks, worms, adware, Trojan horses, and
spyware. This is the most prevalent danger to the system.
• Security breaches: This group of attacks includes any attempt to gain
unauthorized access to the system. This includes cracking passwords,
elevating privileges, breaking into a server…all the things associates
with the term hacking.
• DoS attacks: These are designed to prevent legitimate access to the
system. This includes distributed denial of service (DDoS) attack.
• Web attacks: This is any attack that attempts to breach your website.
Two of the most common such attacks are SQL injection and
cross-site scripting.
Types of threats
• Session hijacking: These attacks are rather advanced and involve an
attacker attempting to take over a session.
• Insider threats: These are breaches based on someone who has access to
your network misusing his access to steal data or compromise security.
• DNS poisoning: This type of attack seeks to compromise a DNS server so
that users can be redirected to malicious websites, including phishing
websites.
• Virus: A computer virus is a malicious program that is loaded into the user’s
computer without the user’s knowledge. It replicates itself and infects the
files and programs on the user’s PC. The ultimate goal of a virus is to ensure
that the victim’s computer will never be able to operateproperly or even at
all.
• Worm: A computer worm is a software program that can copy itself from
one computer to another, without human interaction. The potential risk
here is that it will use up your computer's hard disk space because a worm
can replicate in greater volume and with great speed.
Attack Techniques

• Social engineering attack: Manipulating, influencing, or deceiving

targets to get them to take some action that isn’t in their best
interest.
– E.g. download software, plug in an infected USB device
– Phishing & spear phishing are forms of social engineering attacks.
• Phishing
– Email that looks reputable sent to a broad group of people.
– Often from bank or shipping company asking you to click on a link
and fill out a form – or has a malicious attachment.
Attack Techniques

• Spear Phishing
– Small, focused attack via email on a particular person or organization
– Often contains highly specific information known to the target: account
number, name of friend
• Compromised access, code/command injection
– Exploit known credentials
– Take advantage of coding errors to provide input to execute arbitrary
code
– Includes keystroke logging, camera monitoring, content upload,
ransomware
Attack Techniques
• File based
-A file-based attack is an attack where threat actor use certain file types,
usually those bearing document file extensions like .DOCX and .PDF, to entice
users to open them. The file in question is embedded with malicious code;
thus, once opened, this code is also executed.
• malicious content
- Any type of viruses, Malware, ransom ware, trojan horses, computer codes
or any software or hardware designed to disrupt or destroy any operations
partially or as a whole
– Example: execute Visual Basic programs from Microsoft Office documents
• Web sites
– Offer free downloads: software, books, movies
– Reputable sites can get infected
– Drive-by downloads
Attack Techniques

• Social Media
– Not an attack but a great source of information for hackers
– E.g., post when you’re going on vacation or going on a conference .
– Adversary can use this info for impersonation or spear phishing .
Attack Surface
• The total number of all possible places in a system that an attacker
might use to try to get into an environment.
• These places may or may not have vulnerabilities.
Mitigating Threats
• Physical Controls: Alarm systems, locks, surveillance cameras,
identification cards, and security guards.
• Technical Controls: Smart cards, encryption, access control lists
(ACLs), intrusion detection systems, and network authentication.
• Administrative Controls: Policies, procedures, security awareness
training, contingency planning, and disaster recovery plans
( User training is the most cost-effective security control to use.)
Threat Actors
• Script Kiddies:Hackers with little to no skill who only use the tools and
exploits written by others.
• Hacktivists: Hackers who are driven by a cause.
-like social change, political agendas, or terrorism.
• Organized Crime: Hackers who are part of a crime group that is
well-funded and highly Sophisticated.
• Advanced Persistent Threats: Highly trained and funded groups of
hackers (often by nation states) with covert and open-source
intelligence at their disposal.
Thank you