29-06-2012, 12:44 PM
Security in Computing
Security in Computing.doc (Size: 1.05 MB / Downloads: 100)
I. SECURITY BASICS
1. INTRODUCTION
Components of a Computer System
A computer-based system has three separate valuable components
• Hardware: Computer hardware is the physical part of a computer, including the digital circuitry. The hardware of a computer is infrequently changed, in comparison with software and data.
• Software: Computer software is a general term used to describe a collection of computer programs, procedures and documentation that perform some task on a computer system. The term includes application software such as word processors which perform productive tasks for users, system software such as operating systems, which interface with hardware to provide the necessary services for application software, and middleware which controls and co-ordinates distributed systems.
• Data: Data in everyday language is a synonym for information. In the exact sciences there is a clear distinction between data and information, where data is a measurement that can be disorganized and when the data becomes organized it becomes information.
Threats to a Computer System
Threats can be defined as a set of circumstances that have the potential to cause loses or harm to a system. A threat may be human initiated, computer initiated or due to some natural disasters.
Different Types of Threats
The threats to a computer system can be classified as follows.
• Interception: - An unauthorized party has gained access to an asset of the System.
• Interruption: - An asset of the System becomes lost or unavailable.
• Modification: - After gaining access, the unauthorized party changes an asset.
• Fabrication: - Some unauthorized parties insert spurious transactions to the network.
Even though the System is designed with much care there may be some weakness.
The main purpose of security system is to device ways to prevent the weakness from being exploited. Information Security, Computer Security and Network Security are the major types of security.
2. ASPECTS OF NETWORK SECURITY
The first step in a Network communication system is the establishment of a logical channel between sender and recipient.
The network security technique has two components.
1. Security based transformation on the information to be sent. Eg: Encryption.
2. Secret information shared by the sender and recipient.
Working of the System
There are four main tasks involved in the design of a network security system.
1. Design an algorithm to perform a security based transformation.
2. Generate secret information to use with the algorithm.
3. Develop methods for distributing and sharing of secret information.
4. Specify a protocol to be used by the sender and the recipient that make use of the security algorithm and the secret information to achieve a particular security services.
At the sender’s side, the message to be transmitted is subjected to a security based transformation using the secret information. That is the message is encrypted. This message is transmitted over the network (secure channel). After receiving the encrypted message the receiver can perform the security based transformation in reverse order to generate the original message.
3. ATTACKS
A human who exploits vulnerability perpetrates an attack on the system. All at¬tack can also be launched by another system, as when one system sends an overwhelm¬ing set of messages to another, virtually shutting down the second system's ability to function.
A malicious attacker must have three things:
Method: the skills, knowledge, tools, and other things required to pull off the attack
Opportunity: the time and access to accomplish the attack
Motive: a reason to want to perform this attack against this system
Different Types of Attacks
To understand the techniques for securing a computer system, it is important to first understand the various types of "attacks" that can be made against it.
Attacks are mainly classified as:
a) Active attacks
b) Passive attacks
c) Denial of service attacks
Active Attacks
An active attack attempts to alter system resources or affect their operation. It involves some modification of the data stream or the creation of a false stream. Active attacks are easier to detect than passive attacks.
Different Types Masquerade
– It takes place when one entity pretends to be a different entity
Example: by capturing authentication sequences and replaying them
Replay
– Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect
Modification of messages
– Some portion of a legitimate message is altered, or that message is delayed or altered to produce an unauthorized effect
Denial of service
– Prevents or inhibits the normal use or management of communications
Passive attacks
Passive attack attempts to learn or make use of the information from the system but does not affect the system resources. Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal is to obtain the information that is transmitted. Two types of passive attacks are
a) Release of message contents
b) Traffic analysis
The release of message contents means to obtain the confidential information of files or messages and make it public. For example telephone conversation, email message, and a transferred file may contain sensitive confidential information.
Traffic analysis means the process of analyzing the message pattern which is transmitting over the network.
Denial of service attacks
Denial of service (DoS) attacks differs slightly from those listed above, in that they are not primarily a means to gain unauthorized access or control of a system. They are instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately guessing a wrong password 3 consecutive times and thus causing the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. These types of attack are, in practice, very hard to prevent, because the behavior of whole networks needs to be analyzed, not only the behavior of small pieces of code.
Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computers") are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion.
Common forms of denial of service attacks are:
i) Buffer Overflow Attacks
The most common kind of DoS attack is simply to send more traffic to a network address than the programmers who planned its data buffers anticipated someone might send. The attacker may be aware that the target system has a weakness that can be exploited or the attacker may simply try the attack in case it might work. A few of the better-known attacks based on the buffer characteristics of a program or system include:
• Sending e-mail messages that have attachments with 256-character file names to Netscape and Microsoft mail programs
• Sending to a user of the Pine e-mail program a message with a "From" address larger than 256 characters