Why is computer security important?

  • Valuable data or infrastructure is held on internet-connected devices
  • Hacking can be used to exploit vulnerabilities in computer systems and extract data, hold infrastructure ransom or cause other disruptions.

Network Managers

  • Responsible for network security
  • Various methods are used to prevent network threats and used to keep networks secure, however there are always vulnerabilities that can be exploited

Threats to networks

Malware

  • Malware is a type of program that can replicate itself and cause a computer to malfunction.
  • It can cause the computer to stop, misbehave or become unresponsive.
  • May delete or corrupt files
Examples of malware
  • Virus
    • Replicates
    • Causes damage
  • Worms
    • Replicates without user intervention
    • Type of virus
  • Trojans
    • User is tricked to install malware
    • The Trojan pretends to be something else
Virus
  • Copied to memory when the host file is executed. Once the virus resides in the memory, any file copied to the memory can be infected.
  • Viruses may reside in macro files:
    • Usually attached to a word processing or spreadsheet file
    • It infects the template when the data file is opened
    • These viruses tend to be less harmful
Worms
  • Worms trick the user to open an infected file or email attachment
  • Worms self-replicate without user action and spread to other users by sending emails to them from the infected computer’s address book.
  • Worms affect the speed of the computer, server and and network by occupying bandwidth
Virus vs Worms
  • Both self replicate
  • Viruses only replicate when the host file is opened or executed
  • Alternatively worms do not require any user action to self-replicate
Trojans
  • Trick the user into opening or executing an infected file by camouflaging in the form of a program.
  • Trojans infect the computer and give access to the trojan creator via a backdoor
  • Backdoors allow outsiders to bypass security checks by opening an access channel.
  • Some actions of a trojan creators are stealing personal information and sending spam email via infected network resources
  • Groups of computers that function like this are called botnets
  • Unlike viruses and worms, trojans do not self-replicate
Malware: Preventative Measures
  • Malware can be prevented by installing antivirus software and avoiding software from unknown sources. Must be updated regularly to avoid becoming vulnerable to new attacks.
  • Backing up a system in an off-site mode will help to retrieve the corrupted data is attacked by malware.
  • Updating the operating system and browser also helps in fixing security vulnerabilities. Browsers identify harmful sites.
Phishing
  • A user might receive emails to gain personal banking details which could be misused

  • The emails look as though they are sent by their bank

  • The user clicks on a link and enters their personal information into a fake banking website, giving the attacker their credentials

  • Not always easily identifiable, some are much better than others

  • It is always important to check the URL and email address before interacting

  • Many email providers filter out a lot of phishing emails using automatic filters

Denial of Service (DoS)

  • Denial of service attacks prevent a user from accessing part of a network such as an Internet server.
  • A user can be prevented from accessing websites, emails and banking applications.
  • Aims to overwhelm the server, does not really work against modern hardware.

Data interception and theft

  • Data packets travelling across a network can be intercepted and read by a third-party
  • This can be prevented by ensuring the communications are encrypted with a secure algorithm
  • Packet sniffing software such as Wireshark can be used to examine packets moving across a network that you are currently connected to.
  • Some protocols such as VoIP can be reconstructed through this method
  • Sometimes it is legitimate to use this software to analyse network trends and detect intrusion attempts. This is done by organisations.
  • In wireless LAN, this is done by using special Wi-Fi adapters
  • It is easy for an attacker to intrude a wireless signal as this can be done from a range of 300m
  • It is important to encrypt data using WPA (Wi-Fi protected access) that uses a key of at least 128 bits.
  • Keys are often regenerated for each packet to avoid intrusion.

Brute force attack

  • An attacker tries many passwords with the hope that he will guess it correctly.
  • The attacker tries all the possible passwords systematically until the correct one is found.
  • Short passwords can be easily determined

Preventative measures

  • A brute force attack is delayed by using a CAPTCHA
  • This requires a user to answer a different question between successive attempts
  • Users are advised to use long, alphanumeric passwords as a measure to improve security.

SQL injection

  • SQL injection is a type of attack in which an attacker executes a malicious SQL statement in a web server’s database
  • Hence, an unauthenticated user may gain access to sensitive information
  • An example would be typing DROP * into a search box (destructive) or something like SELECT * to return the information

Pharming

  • Pharming is a type of attack in which malicious code is installed on the user’s computer or the web server that they access without their knowledge
  • This would then redirect the user to a fake website

Preventative measures

  • A user should ensure that a proper SSL connection is active as this will highlight an issue
  • Ensure relevant anti-spyware software is running
  • Check that the URL matches what is expected

Unpatched software

  • Software applications are constantly upgraded by developers to improve security
  • Users receive patches that update the software
  • Unpatched software may expose you to unnecessary risk

Shoulder Surfing

  • Shoulder surfing is an attack where the password or pin numbers of a user are obtained by the attacker just by observing them.

Blagging

  • The attacker creates a situation to trick the user into providing sensitive information or perform actions that are not usually permitted.

Buffer overflow attack

  • Malware uses a buffer overflow attack to write values to memory locations that are larger than it can handle
  • As a result, neighbouring locations are overwritten
  • In this way, an attacker gains access to locations they do not have
  • Now the processor thinks that there are new instructions to execute, and will perform actions as defined by attackers.

Preventing Network Threats

“One single vulnerability is all an attacker needs. - Window Snyder”

Penetration Testing

  • Penetration testing is a testing method to analyse a computer system or network for possible vulnerabilities that an attacker may take advantage of.
  • Penetration testing can be automated by software and involves the following steps:
    • Identifying a vulnerability in the system
    • Setting up an attack to check the vulnerability
    • Carrying out the attack
    • Testing the ability of the system to recover any lost or corrupted data after the attack

Firewalls

  • Hardware and/or software placed between the user’s computer and an external network, such as the internet, to filter data in and out of the computer.

  • Firewalls are installed on servers, computers, or routers depending upon the network requirements

  • A hardware firewall is a computer that consists of two network interface cards, one connected to the internal network and the other connected to the external network.

  • Checks whether the incoming and outgoing data meet the set of requirements imposed by the network administrator.

  • Preventing malware and hackers from accessing the internal network.

  • Prevent Denial of Service attacks.

  • A user is notified when the software in a system tries to access an external source.

  • When a firewall is software based, it is usually integrated into the operating system.

Packet filtering or static filtering

  • A firewall examines the source and destination IP address in a packet
  • Only the data packets with permitted IP addresses are allowed
  • Packets may be filtered based on the protocol being used o the port number it is trying to access
  • If data fails to meet these requirements a warning is issued or the data is dropped and not allowed to pass through

Stateful inspection or dynamic filtering

  • The process of filtering data packets by examining the payload is called stateful inspection or packet filtering
  • Based on the recent conversations, packets will be filtered
  • A data packet is rejected if it does not form a part of a registered communication.

Limitations of firewalls

  • The use of modems by an internal computer to bypass a firewall cannot be prevented
  • Does not take care of password strength and carelessness of an internal user.
  • Firewalls can also be disabled in stand-alone computers according to a user’s choice, the computer is not safe
  • In an organisation, it is important for a network manager to control the firewall.

Proxy server

  • A proxy server installed between a user’s computer and the web server acts as a firewall.

  • Access to certain websites can be blocked

  • Response time for a web browser’s request can be reduced by using a cache

  • During the first visit to a website, its home page is stored in a proxy server cache

  • During the next visit, certain features of the website are loaded from this cache, speeding up access

  • A proxy server hides the IP address of a user, enhancing security

Authentication

  • Authentication is used to provide access to trusted parties. The security is further strengthened using encryption.
  • To login to systems each user is provided with sets of usernames and passwords
  • The various sets of usernames and passwords are stored in a security file. If the user provides the correct set of usernames and passwords they are granted access. If they do not match, their access is refused.
  • Some systems may ask the user to enter only certain characters of the password to shield from potential keyloggers.
Biometric Authentication
  • Biometrics refers to the authentication techniques that rely on measurable physical characteristics.
  • Some examples of such characteristics are fingerprint scans, retina scans, and face and voice recognition.

Security protocols

  • SSL and TLS are two protocols that ensure communication between the user and the webserver is encrypted.

  • Browsers typically display a padlock when this kind of connection is active.

  • TLS is the newest protocol


Encryption

  • Encoding a message in such a way that only allows authorised users to decipher it.
  • When an unauthorised user receives an encrypted message, they cannot decipher it.
  • Public/Private key encryption is typically used here.

Symmetric vs Asymmetric Ciphers

  • Symmetric ciphers use the same method in different directions to encrypt/decrypt
  • Asymmetric ciphers use clock arithmetic to perform a one way function.

Keys

Private keys
  • Only kept by the intended recipient
  • Used to decrypt the message
  • Never transmitted
Public keys
  • Available to all users

Encryption using keys

  • A key making algorithm is responsible for generating public and private keys of the receiver.
  • The public key can be found in a directory.
  • Sender encrypts the message using a public key in this directory.
  • Receiver receives this data and decrypts it using the private key.

Digital signatures

  • Certificates run the same hashing algorithm against packets to assure that a packet has not been altered in transit
  • A hash can be produced by the sender and then encrypted with a private key before being transmitted by the sender.
  • If the receiver decrypts the packet and calculates a different hash, they know that something is wrong.
  • A certificate authority (CA) such as Let’s Encrypt will issue a digital certificate

MAC Address Filtering

  • The router compares the MAC address of the device requesting a connection with a list of approved devices.
  • The list of approved devices is managed by a network administrator
  • MAC address filtering is not completely secure
  • MAC addresses can be filtered
  • A hacker could intercept packets and find the MAC address of an approved device and then imitate it.

‎‎