Introduction to
computer & systems
security
What is security?
Security is management of access to a resource of a
system.
A complete understanding of security should address
the following:
How does the system work?
How is the system vulnerable and what are the
threats?
How do we prevent harm to the system?
How do we detect and respond to attacks on the
system?
An attack on a system is simply an unauthorised
access or an attempt to access a resource where no
access is permitted. 2
Security cont./
Computer security rests on confidentiality, integrity, and
availability.
CONIDENTIALITY
Confidentiality is the concealment of information or
resources.
Access control mechanisms support confidentiality.
One access control mechanism for preserving confidentiality
is cryptography, which scrambles data to make it
incomprehensible.
3
Security cont./
INTEGRITY
Integrity refers to the trustworthiness of data or
resources, and is usually phrased in terms of preventing
improper or unauthorised change.
Integrity mechanisms fall into two classes: prevention
mechanisms and detection mechanisms.
Prevention mechanisms seek to maintain data integrity by
blocking any unauthorised attempts to change the data or
any attempts to change the data in unauthorised ways.
Detection mechanisms do not try to prevent violations of
integrity; they simply report that the data's integrity is no
longer trustworthy. 4
Security cont./
AVAILABILITY
Availability refers to the ability to use the information or
resource desired.
Availability is an important aspect of reliability because an
unavailable system is at least as bad as no system at all.
The aspect of availability that is relevant to security is that
someone may deliberately deny access to data or to a
service by making it unavailable.
DoS (denial of service) is a type of attack that makes
data or a resource unavailable when it’s not supposed to.
5
Concepts
AccessControl : The process of limiting access to the
resources of a system to only authorised persons,
programs, processes, or other systems.
Authentication : The process to verify the identity of a
user, device, or other entity in a computer system,
often as a prerequisite to allowing access to resources.
Non-repudiation : Method by which the sender is
provided with proof of delivery and the recipient is
assured of the sender’s identity, so that neither can
later deny having processed the data.
6
Security appliances & applications
Firewall: A firewall can be either software or hardware that
is installed to separate a trusted network from a less-
trusted network.
Firewalls in form of hardware (with integrated software) are
installed on networks and are usually configurable.
Personal firewalls are in software form and reside on a host.
A firewall monitors traffic entering or leaving either a
network or a machine and either allows or blocks traffic
based on a policy.
A firewall will by default discard all inbound
connections/traffic that's not in response to outbound
connections/traffic. 7
Intrusion Detection/Prevention Systems
A network intrusion is an unauthorised penetration
of a computer/system of an assigned domain.
Intrusion Prevention System (IPS): IPS is an
active device that listens promiscuously to all
incoming traffic to identify intrusions. It works with
the firewall to modify rule templates to block traffic
from the intruder address(es) while the intrusion is
still in progress.
Intrusion Detection System (IDS): IDS is a
passive device that listens promiscuously to all
incoming traffic to record and generate alerts and
issue TCP resets if necessary. 8
Threats
Threats are potential dangers.
Attacks are actions that exploit vulnerabilities.
Attackers are individuals performing attacks.
Hackers are individuals with high technical skills
(can be ethical or malicious).
• White Hat Hackers (Ethical Hackers)
• Black Hat Hackers (Malicious Hackers)
• Gray Hat Hackers
Crackersare malicious individuals focused on
breaking security measures.
9
Types of Attacks
Passive Attacks
• Involves monitoring or eavesdropping on
communication without altering data.
• Information gathering or surveillance.
• Difficult to detect since no changes are made to data
or systems.
Active Attacks
• Involves direct interaction, altering or disrupting data
or systems.
• Modify data, disrupt communication, or take control
of systems.
• Easier to detect due to changes in data or network
operations.
10
Attacks
There are three main classes of attacks that are commonly
found in today’s network environment:
• Access attacks
• Reconnaissance attacks
• Denial of service (DoS) attacks
ACCESS ATTACKS
This is an attempt to access another user account or
network device through improper means.
Unauthorized attacks are attempted via four means, all of
which try to by-pass some facet of the authentication
process:
(1) Password attacks (2) Trust exploitation
(3) Port redirection (4) Man-in-the-middle (MITM)
attacks. 11
Attacks cont./
RECONNAISSANCE ATTACKS
The attacker surveys a network and collects data for a
future attack. Such information includes the following:
Ports open on a server
Ports open on a firewall
IP addresses on the host network
Hostnames associated with the IP addresses
The four main subcategories or methods for gathering
network data:
(1) Packet sniffers (2) Ping sweeps
(3) Port scans (4) Information queries
Examples of utilities/programs that exploit the above
include: Wireshark, Ettercap, BackTrack, nmap etc. 12
Attacks cont./
DENIAL OF SERVICE (DoS) ATTACKS
DoS attacks are often implemented by a attackers as a
means of denying a service that is normally available to a
user or organization.
The three main forms of DoS are:
(1) Distributed DoS (DDoS) attack, (2) TCP SYN attack (3)
Smurf attack.
13
Attacks cont./
DDoS
With Distributed DoS, multiple systems are compromised to send a DoS
attack to a specific target.
The compromised systems are commonly called zombies or slaves.
As a result of the attack, the targeted system denies service to valid
users.
14
Attacks cont./
TCP SYN
In a TCP SYN attack, a SYN request is sent to a device with a
spoofed source IP address. The attacking system does not
acknowledge the resulting SYN-ACK, which causes the session
connection queues to fill up and stop taking new connection
requests.
15
Establishing a Security
Policy
A security policy defines:
◦ Organization’s security requirements
◦ Controls and sanctions needed to meet the
requirements
Security policies are formal rules and
guidelines dictating how an
organization's IT resources and
sensitive data should be protected.
Ensure consistent behavior, guide
employee actions, protect assets, and
mitigate risks.
16
Establishing a Security Policy
(cont’d.)
Areas of concern
◦ Email attachments
◦ Wireless devices
VPN uses the Internet to relay
communications but maintains privacy
through security features
Additional security includes encrypting
originating and receiving network
addresses
17
Establishing a Security Policy
(cont’d.)
Steps in Designing Security Policies:
Identify assets to be protected.
Conduct a risk assessment to identify
potential threats and vulnerabilities.
Define the scope and objectives of the
policy.
Involve stakeholders in the policy
creation process.
Regularly review and update the policy.
18
Educating Employees, Contractors,
and Part-Time Workers
Educate and motivate users to
understand and follow policy
Discuss recent security incidents
Help protect information systems by:
◦ Guarding passwords
◦ Not allowing sharing of passwords
◦ Applying strict access controls to protect
data
◦ Reporting all unusual activity
◦ Protecting portable computing and data
storage devices
19
Detection
Detection systems
◦ Catch intruders in the act
Intrusion detection system
◦ Monitors system/network resources and
activities
◦ Notifies the proper authority when it
identifies:
Possible intrusions from outside the
organization
Misuse from within the organization
◦ Knowledge-based approach
◦ Behavior-based approach
20
Detection Key components
Monitoring Systems
Alerting Mechanisms
Behavioral Analytics
Log Analysis:
21
Prevention
Implement a layered security solution
◦ Make computer break-ins harder
Installing a corporate firewall
◦ Limits network access
Intrusion prevention systems
◦ Block viruses, malformed packets, and other
threats
Installing antivirus software
◦ Scans for sequence of bytes or virus signature
◦ United States Computer Emergency Readiness
Team (US-CERT) serves as clearinghouse
22
Prevention
Access Control
Patch Management
Firewall and Perimeter
Encryption
Security Awareness Training
Regular Security Audits and
Vulnerability Assessments
End point Protection
23
Response
Response plan
◦ Develop well in advance of any incident
◦ Approved by:
Legal department
Senior management
Primary goals
◦ Regain control and limit damage
◦ Not to monitor or catch an intruder
24
Response (cont’d.)
Review
◦ Determine exactly what happened
◦ Evaluate how the organization responded
Weigh carefully the amount of effort
required to capture the perpetrator
Consider the potential for negative
publicity
Legal precedent
◦ Hold organizations accountable for their own
IT security weaknesses
25
Response Key components
Incident Containment
Eradication
Recovery
Communication
Post-Incident Review (Lessons Learned)
26
Key considerations in
Implementing Security Policies
Ensure management buy-in and
support.
Communicate the policy to all
employees.
Provide training on the policy.
Monitor compliance and enforce the
policy.
27
Risk Management
Process of identifying, assessing, and
mitigating security risks to protect an
organization's assets.
28
Key Elements of Risk
Management
• Risk Identification: Identify assets and
potential threats (e.g., cyber-attacks,
insider threats, natural disasters).
• Risk Assessment: Determine the
likelihood and impact of identified risks.
• Risk Mitigation: Implement controls to
reduce risk (e.g., firewalls, encryption,
access controls).
• Risk Monitoring: Continuously monitor
and review risks to address new threats.
29
Vulnerability Assessments
Identify and evaluate security
weaknesses in a system.
◦ Scanning for vulnerabilities (e.g., software
flaws, outdated systems).
◦ Evaluating the impact of discovered
vulnerabilities.
◦ Providing recommendations for fixing
vulnerabilities.
30
Penetration Testing
Simulates real-world attacks to identify
exploitable vulnerabilities.
External (from outside the network) and
internal (from within the network).
◦ Planning and reconnaissance.
◦ Scanning and gaining access.
◦ Maintaining access and exploitation.
◦ Reporting findings and remediation
suggestions.
31
Security Audits
Assess overall security posture and
compliance with policies/regulations.
Internal audits (by the organization)
and
external audits (by third parties).
◦ Review of policies, procedures, and technical
controls.
◦ Assessment of security configurations and
access controls.
◦ Reporting compliance gaps and
recommendations.
32
The End
Questions??
