Individual users, organizations, and enterprises use the computers for keeping their data that is critical to their business and personal use. Also, they use the network (Internet) for the transmission of data. Since data is critical to the owner, there is a need to keep the computers storing the data and the network (Internet) over which the data is transmitted, secure. You should be aware of—from whom to secure your data, and also about the security mechanisms to ensure security. Computer security includes security of, both, the computer and the Internet. The purpose of this chapter is to introduce you to “Computer Security”.
We all like to be secure in our home, office, locality, city, country, and in this world. We use different mechanisms to ensure our security. Inside our homes, we keep our valuables safely locked in a cupboard that is accessible by the elders of the house; we keep the gates of our house bolted and even have an intrusion-detection system installed. We have high walls and gates surrounding our locality and also a watchman who guards the open gates. We have police for our security within a city and armed forces for the country. We take all these measures to make ourselves and our valuables, resources, possessions secure.
The widespread use of computers has resulted in the emergence of a new area for security—security of computer. Computer security is needed to protect the computing system and to protect the data that they store and access. Transmission of data using network (Internet) and communication links has necessitated the need to protect the data during transmission over the network. Here, we use the term computer security to refer to both the computer security and the network security.
Computer security focuses on the security attacks, security mechanisms and security services.
The purpose of computer security is to provide reliable security services in the environments suffering security attacks, by using security mechanisms. The security services use one or more security mechanism(s).
This chapter discusses the different security threats and security attacks from malicious software and hackers. The chapter highlights the security services. The security mechanisms like cryptography, digital signatures, and firewalls are discussed in detail. The need for security awareness and the security policy in an organization is also emphasized.
A threat is a potential violation of security and causes harm. A threat can be a malicious program, a natural disaster or a thief. Vulnerability is a weakness of system that is left unprotected. Systems that are vulnerable are exposed to threats. Threat is a possible danger that might exploit vulnerability; the actions that cause it to occur are the security attacks. For example, if we leave the house lock open—it is vulnerable to theft; an intruder in our locality (might exploit the open lock)is a security threat; the intruder comes to know of the open lock and gets inside the house—This is a security attack.
A security attack may be a passive attack or an active attack.
Figure 14.1 Passive attack
Figure 14.2 Active attack (masquerade)
Security attacks can be on users, computer hardware and computer software (Figure 14.3).
This chapter will discuss the malicious software and hacking in detail.
Figure 14.3 Security attacks
Malicious users use different methods to break into the systems. The software that is intentionally included into a system with the intention to harm the system is called malicious software. Viruses, Trojan horse, and Worms are examples of malicious programs. Javascripts and Java applets written with the purpose of attacking, are also malicious programs.
Virus is a software program that is destructive in nature. Virus programs have the following properties:
Some examples of viruses are—“Melissa” and “I Love You”.
Worm is self-replicating software that uses network and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. A worm is however different from a virus. A worm does not modify a program like a virus, however, it replicates so much that it consumes the resources of the computer and makes it slow. Some examples of worms are—“Code Red” and “Nimda”.
Trojan horse is destructive programs that masquerade as useful programs. The name “Trojan horse” is given because of the Greek soldiers who reached the city of Troy by hiding themselves inside a large wooden horse (Figure 14.4). The people of the city of Troy themselves pulled the horse inside their city, unaware of the fact that the Greek soldiers were hiding inside the horse. Similarly, users install Trojan horses thinking that it will serve a useful purpose such as a game or provide entertainment. However, Trojan horses contain programs that corrupt the data or damage the files. Trojan horses can corrupt software applications. They can also damage files and can contain viruses that destroy and corrupt data and programs. Trojan horse does not replicate themselves like viruses.
Figure 14.4 Trojan horse
Applets (Java programs), and ActiveX controls are used with Microsoft technology, which can be inserted in a Web page and are downloaded on the client browser for execution. Applets and ActiveX controls are generally used to provide added functionality such as sound and animation. However, these programs when designed with a malicious intention can be disastrous for the client machine. Java Applets have strong security checks that define what an applet can do and what it cannot. ActiveX controls do not have such security checks. Normally, ActiveX controls must be kept disabled while working on the Internet (Figure 14.5).
Figure 14.5 (a) Making security settings in Windows XP (b) ActiveX control popup in Internet
Javascript is a scripting language generally nested within HTML code. The client-side scripts on a HTML page execute inside the Web browser on the client computer. Javascript codes can be used to transfer files, send e-mails and write to local files. If used with a maligned intention, the scripts can be dangerous for the client machine.
Hacking is the act of intruding into someone else’s computer or network. A hacker is someone who does hacking. Hacking may result in a Denial of Service (DoS) attack. The DoS attack prevents authorized users from accessing the resources of the computer. It aims at making the computer resource unusable or unavailable to its intended users. It targets the computer and its network connections, to prevent the user from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer. In a DoS attack, the services of the entire network, an Internet site or service, may be suppressed or disabled. The affected machine is flooded with spurious requests and messages so as to overload the network. As a result, the affected machine cannot process the valid requests. This is a denial of service to the valid users. Generally, the targets of such attacks are the sites hosted on high-profile web servers such as banks and credit card payment gateways.
Packet sniffing, E-mail hacking and Password cracking are used to get the username and password of the system to gain unauthorized access to the system. These methods gather the information when the data is being transmitted over the network.
The data and the address information are sent as packets over the Internet. The packets may contain data like a user name and password, e-mail messages, files etc. Packet sniffing programs are used to intercept the packets while they are being transmitted from source to destination. Once intercepted, the data in the packets is captured and recorded. Generally, packet sniffers are interested in packets carrying the username and password. Packet sniffing attacks normally go undetected. Ethereal and Zx Sniffer are some freeware packet sniffers. Telnet, FTP, SMTP are some services that are commonly sniffed.
Cracking of password is used by hackers to gain access to systems. The password is generally stored in the system in an encrypted form. Utilities like Password cracker is used to crack the encrypted passwords. Password cracker is an application that tries to obtain a password by repeatedly generating and comparing encrypted passwords or by authenticating multiple times to an authentication source.
The e-mail transmitted over the network contains the e-mail header and the content. If this header and the content are sent without encryption, the hackers may read or alter the messages in transit. Hackers may also change the header to modify the sender’s name or redirect the messages to some other user. Hackers use packet replay to retransmit message packets over a network. Packet replay may cause serious security threats to programs that require authentication sequences. A hacker may replay the packets containing authentication data to gain access to the resources of a computer.
The security services provide specific kind of protection to system resources. Security services ensure Confidentiality, Integrity, Authentication, and Non-Repudiation of data or message stored on the computer, or when transmitted over the network. Additionally, it provides assurance for access control and availability of resources to its authorized users.
Security mechanisms deal with prevention, detection, and recovery from a security attack. Prevention involves mechanisms to prevent the computer from being damaged. Detection requires mechanisms that allow detection of when, how, and by whom an attacked occurred. Recovery involves mechanism to stop the attack, assess the damage done, and then repair the damage.
Security mechanisms are built using personnel and technology.
Cryptography is the science of writing information in a “hidden” or “secret” form and is an ancient art. Cryptography is necessary when communicating data over any network, particularly the Internet. It protects the data in transit and also the data stored on the disk. Some terms commonly used in cryptography are:
Cryptography uses different schemes for the encryption of data. These schemes constitute a pair of algorithms which creates the encryption and decryption, and a key.
Key is a secret parameter (string of bits) for a specific message exchange context. Keys are important, as algorithms without keys are not useful. The encrypted data cannot be accessed without the appropriate key. The size of key is also important. The larger the key, the harder it is to crack a block of encrypted data. The algorithms differ based on the number of keys that are used for encryption and decryption. The three cryptographic schemes are as follows:
In all these schemes, algorithms encrypt the plaintext into cipher text, which in turn is decrypted into plaintext.
Figure 14.6 Secret key cryptography (uses a single key for both encryption and decryption)
Figure 14.7 Public key cryptography (uses two keys—one for encryption and other for decryption)
Figure 14.8 Hash function (have no key since plain text is not recoverable from cipher text)
The different cryptographic schemes are often used in combination for a secure transmission. Cryptography is used in applications like, security of ATM cards, computer passwords, and electronic commerce. Cryptography is used to protect data from theft or alteration, and also for user authentication.
Certification Authorities (CA) are necessary for widespread use of cryptography for e-commerce applications. CAs are trusted third parties that issue digital certificates for use by other parties. A CA issues digital certificates which contains a public key, a name, an expiration date, the name of authority that issued the certificate, a serial number, any policies describing how the certificate was issued, how the certificate may be used, the digital signature of the certificate issuer, and any other information.
A signature on a legal, financial or any other document authenticates the document. A photocopy of that document does not count. For computerized documents, the conditions that a signed document must hold are—(1) The receiver is able to verify the sender (as claimed), (2) The sender cannot later repudiate the contents of the message, (3) The receiver cannot concoct the message himself. A digital signature is used to sign a computerized document. The properties of a digital signature are same as that of ordinary signature on a paper. Digital signatures are easy for a user to produce, but difficult for anyone else to forge. Digital signatures can be permanently tied to the content of the message being signed and then cannot be moved from one document to another, as such an attempt will be detectable.
Digital signature scheme is a type of asymmetric cryptography. Digital signatures use the public-key cryptography, which employs two keys—private key and public key. The digital signature scheme typically consists of three algorithms:
The use of digital signatures typically consists of two processes—Digital signature creation and Digital signature verification (Figure 14.9). Two methods are commonly used for creation and verification of the digital signatures.
Figure 14.9 Digital signature
The digital signature accomplish the effects desired of a signature for many legal purposes:
The likelihood of malfunction or a security problem in a digital signature cryptosystem, designed and implemented as prescribed in the industry standards, is extremely remote. Digital signatures have been accepted in several national and international standards developed in cooperation with and accepted by many corporations, banks, and government agencies. In India “Information Technology Act 2000” provides legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involves the use of alternatives to paper based methods of communication and storage of information, to facilitate electronic filing of documents with the government agencies.
A firewall is a security mechanism to protect a local network from the threats it may face while interacting with other networks (Internet). A firewall can be a hardware component, a software component, or a combination of both. It prevents computers in one network domain from communicating directly with other network domains. All communication takes place through the firewall, which examines all incoming data before allowing it to enter the local network (Figure 14.10).
Functions of Firewall—The main purpose of firewall is to protect computers of an organization (local network) from unauthorized access. Some of the basic functions of firewall are:
Figure 14.10 (a) Windows firewall icon in control panel (b) Windows firewall setting (c) Security center
The local network uses a single network interface to interact with the server. Local network clients use IP addresses that are not attached to any computer. When a client sends a packet to the Internet, the masquerading server replaces the IP address of the packet with its own IP address. When a packet is received by local network, the server replaces the IP address of the packet with the masqueraded address and sends the packet to the respective client.
Figure 14.11 Firewall
Working of Firewall—The working of firewall is based on a filtering mechanism. The filtering mechanism keeps track of source address of data, destination address of data and contents of data. The filtering mechanism allows information to be passed to the Internet from a local network without any authentication. It makes sure that the downloading of information from the Internet to a local network happens based only on a request by an authorized user.
Firewall Related Terminology:
All the data that enter a local network must come through a firewall. The type of firewall used varies from network to network. The following are the various types of firewalls generally used:
Packet Filter Firewall is usually deployed on the routers (Figure 14.12). It is the simplest kind of mechanism used in firewall protection.
Figure 14.12 Packet fi Itering
Circuit filter firewalls provide more protection than packet filter firewalls. Circuit filter firewall is also known as a “stateful inspection” firewall.
An application-level gateway or a proxy server protects all the client applications running on a local network from the Internet by using the firewall itself as the gateway (Figure 14.13).
Figure 14.13 Application-level gateway
Identification is the process whereby a system recognizes a valid user’s identity. Authentication is the process of verifying the claimed identity of a user. For example, a system uses user-password for identification. The user enters his password for identification. Authentication is the system which verifies that the password is correct, and thus the user is a valid user. Before granting access to a system, the user’s identity needs to be authenticated. If users are not properly authenticated then the system is potentially vulnerable to access by unauthorized users. If strong identification and authentication mechanisms are used, then the risk that unauthorized users will gain access to a system is significantly decreased. Authentication is done using one or more combinations of—what you have (like smartcards), what you know (Password), and what you are (Biometrics like Fingerprints, retina scans).
We will now briefly discuss the following authentication mechanisms:
Once the user is authenticated, the access controls for the user are also defined. Access controls is what the user can access once he is authenticated.
The combination of username and password is the most common method of user identification and authentication. The systems that use password authentication first require the user to have a username and a password. Next time, when the user uses the system, user enters their username and password. The system checks the username and password by comparing it to the stored password for that username. If it matches, the user is authenticated and is granted access to the system (Figure 14.14).
Figure 14.14 User authentication page
However, there are several security issues with the use of password, like, any invalid user if gets to know of a valid password can get access to the system, a simple password can be easily cracked etc. According to CERT, approximately 80% of all network security issues are caused by bad passwords. Some actions that can be taken to make the passwords safer are as follows:
Nearly all modern multiuser computer and network operating systems, at the very least, employ passwords to protect and authenticate users accessing computer and network resources. The passwords are not kept in plaintext, but are generally encrypted using some sort of hash scheme. For example, In Unix/ Linux, all passwords are hashed and stored as a 13-byte string. In Windows NT, all passwords are hashed resulting in a 16-byte hash value.
A smart card is in a pocket-sized card with embedded integrated circuits which can process data. With an embedded microcontroller, smart cards have the unique ability to store large amounts of data, carry out their own on-card functions (e.g. encryption and mutual authentication) and interact intelligently with a smart card reader. A smart card inserted into a smart card reader makes a direct connection to a conductive contact plate on the surface of the card (typically gold plated). Transmission of commands, data, and card status takes place over these physical contact points.
The smart card is made of plastic, generally PVC. The card may embed a hologram. Using smart cards is a strong security authentication for single sign-on within large companies and organizations. Smart cards are used in secure identity applications like employee-ID badges, citizen-ID documents, electronic passports, driver license and online authentication devices.
Biometrics is the science and technology of measuring and statistically analyzing biological data. In information technology, biometrics refers to technologies that measures and analyzes human traits for authentication. This can include fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes. Figure 14.15 shows a fingerprint biometric device.
Biometrics is still not widely used, though it may play a critical role in future computers. For example, many PCs nowadays include a fingerprint scanner where you could place your index finger. The computer analyzes the fingerprint to determine your identity and authenticate you. Biometric systems are relatively costly and are used in environments requiring high-level security.
In the Hindi movie Krissh, the computer identified and authenticated the heartbeat (Biometric) of Hrithik Roshan to start working.
Figure 14.15 Biometric device (fingerprint)
In addition to the above discussed security techniques, several other security techniques are used for security purposes. Some of these are listed below:
The aim of the security awareness is to enhance the security of the organization’s resources by improving the awareness of the need to secure the system resources. Staff members play a critical role in protecting the integrity, confidentiality, and availability of IT systems and networks. It is necessary for an organization to train their staff for security awareness and accepted computer practices. Security of resources can be ensured when the people using it are aware of the need to secure their resources. Security awareness of staff includes the knowledge of practices that must be adhered to, for ensuring the security and the possible consequences of not using those security practices. For example, not disclosing your password to unauthorized users is a security practice, but if the users are not aware of the possible consequences of disclosing the password, they may disclose their password to other users, unintentionally, thus making their systems prone to security attack. In order to make the users and people in an organization aware of the security practices to be followed, regular training programs are conducted in organizations. Awareness is also promoted by regular security awareness sessions, videotapes, newsletters, posters, and flyers. Figure 14.16 shows a poster for security awareness.
Figure 14.16 Security awareness (A poster)
Security policies are defined based on an organization’s needs. A security policy includes approaches and techniques that an organization is going to apply or include in order to secure its resources. The steps followed while formulating the security policy are:
Active attack |
Hacking |
Public Key Cryptography |
ActiveX controls |
Hash Function |
(PKC) |
Application-level Gateway |
HTTP Secure (HTTPS) |
RSA |
Asymmetric encryption |
Integrity |
Screening routers |
Authentication |
Intrusion Detection System |
Secret Key Cryptography |
Biometrics |
IP Security (IPsec) Protocol |
(SKC) |
Block ciphers |
Java applets |
Secure Socket Layer (SSL) |
Certification Authorities |
Javascripts |
Security attacks |
(CA) |
Key |
Security awareness |
Cipher |
Malicious software |
Security mechanisms |
Cipher text |
Malware |
Security plan |
Circuit Filter Firewall |
Network Address Translation |
Security policy |
Code |
(NAT) |
Security services |
Computer security |
Non-Repudiation |
Security threat |
Confidentiality |
Packet filter Firewall |
Smart card |
Cryptography |
Packet replay |
Stream ciphers |
Decryption |
Packet sniffing |
Symmetric encryption |
Denial of Service (DoS) |
Passive attack |
Trojan horse |
Digital signature |
Password |
User identification |
Digital Signature Algorithm |
Password cracking |
User name |
(DSA) |
Plaintext |
Viruses |
E-mail hacking |
Private key |
Virus Protection software |
Encryption |
Proxy Server |
Vulnerability |
Firewall |
Public key |
Worms |
Gateway |
|
|
Section 14.2
1. What do you understand by the term Computer security?
2. Define: (i) Security attack, (ii) Security mechanism, and (iii) Security service.
3. Define: (i) Security threat, (ii) Vulnerability, (iii) Passive attack, and (iv) Active attack.
4. A security attack may be a _____ attack or a _____attack.
5. What are the targets of the security attack?
6. List some security attacks that can be made on the users of the computer.
7. List some security attacks that can be made on the computer hardware.
8. What kind of attacks can be made on the computer software?
Section 14.3
9. What is malicious software?
10. Give three examples of malicious programs.
11. List some properties of virus.
12. How can virus harm the computer?
13. Give an example of virus program.
14. Define a worm.
15. Give an example of a worm program.
16. What are Trojan horses?
17. Why is it advisable to keep the active control disabled on your computer?
Section 14.4
18. Define hacking.
19. What is a Denial of Service attack?
20. _____, _____and_____are the methods used to get the username and password of the system to gain unauthorized access to the system.
21. What do you mean by packet sniffing?
22. Name one packet sniffer software.
23. How does a password cracker work?
24. How is e-mail hacked?
Section 14.6
25. Security services ensure_____, _____ _____and _____of the data.
26. Define (i) Confidentiality, (ii) Integrity, (iii) Authentication, and (iv) Non-Repudiation.
27. _____is used for ensuring confidentiality.
28. Name any two methods that are used for authentication.
29. Non-repudiation deals with_____.
30. List three technologies used for implementing the security mechanisms.
Section 14.7
31. Define cryptography.
32. Define (i) Plain text, (ii) Cipher, (iii) Cipher text, (iv) Encryption, and (v) Decryption.
33. Define a key.
34. What is the significance of key in cryptography?
35. Name the three cryptographic schemes.
36. Why secret key cryptography is also called symmetric encryption?
37. Explain the working of Secret key cryptography.
38. What is the difference between a stream cipher and block cipher?
39. Name a secret key cryptography algorithm.
40. In public key cryptography, how is the public key different from the private key?
41. Why public key cryptography is also called asymmetric encryption?
42. Name a public key cryptography algorithm.
43. _____algorithm is used to provide digital signature.
44. What is the purpose of hash function?
45. Name a hash algorithm.
46. What is the function of Certification Authorities (CA)?
Section 14.8
47. What is the use of digital signature?
48. Is digital signature scheme a symmetric cryptography or asymmetric cryptography?
49. Name the three algorithms included in a digital signature scheme.
50. Explain the digital signature creation and verification using hash function.
51. Signer authentication, Message authentication, and Efficiency are three effects accomplished by digital signature. Explain.
Section 14.9
52. What is the purpose of firewall?
53. List the functions of firewall.
54. Explain the working of firewall.
55. Define: (i) Gateway, (ii) Proxy Server, and (iii) Screening Routers.
56. Name the three types of firewall.
57. How does the Packet filter Firewall work?
58. How does the Circuit Filter Firewall work?
59. How does the Application-level Gateway work?
Section 14.10—14.11
60. What is the difference between user identification and user authentication?
61. Name three authentication mechanisms.
62. Explain user identification and authentication.
63. What is the need of user authentication?
64. List some steps to make the password safe.
65. What is a smart card?
66. Name three areas where smart card is commonly used.
67. How does biometric technique help in user authentication?
68. What is the purpose of intrusion detection system?
69. What is the need of installing virus protection software on your computer?
70. What is the need of taking regular data and information backups?
71. How is HTTPS different from HTTP?
72. IPv6 protocol includes network security. Explain.
Section 14.12
73. What is the need of spreading security awareness?
74. What is a security policy?
75. What is the need of a security plan?
76. List the steps followed in formulating the security policy.
77. Explain in detail the formulation of security policy.
78. What IT resources need to be made secure in an organization?
79. What is the purpose of proactive security strategy?
80. What is the purpose of reactive security strategy?
Extra Questions
81. Give full form of the following abbreviations:
82. Write short notes on:
83. Give differences between the following:
3.147.72.74