Gentle Reader. Your interest in this book is understandable. Computer security has become one of the most important areas in the entire discipline of computing. Basic Computer Security Practices. • Make backups of important files. • Apply patches to the operating system. • Use anti-virus software, update definitions very . The meaning of the term computer security has evolved in recent years. While the definition of computer security used in this book does, therefore, include.
|Language:||English, Spanish, Dutch|
|Distribution:||Free* [*Registration Required]|
This paper introduces some known threats to the computer security, presents some protection mechanisms and techniques for ensuring security of a computer . Why Computer Security? Computer Security is important for protecting the confidentiality, integrity, and availability of computer systems and their resources. In this tutorial, we will treat the concept of computer security which can be a the basics of Computer Security and how to deal with its various components and.
As we tried to make it in time, there may occur a few unwillingly mistakes. If you find any of them, then we are really sorry for that. Last but not least, thanks go to our precious family for their never ending love and inspiration in every stage of our life. Without their continuous support we could not be the persons what we are right now.
Executive summery The information and communications technology ICT industry has evolved greatly over the last half century.
The technology is ubiquitous and increasingly integral to almost every facet of modern society. ICT devices and components are generally interdependent, and disruption of one may affect many others. Over the past several years, experts and policymakers have expressed increasing concerns about protecting systems from cyber-attacks, which many experts expect to increase in frequency and severity over the next several years.
The act of protecting ICT systems and their contents has come to be known as cyber security. A broad and arguably somewhat fuzzy concept, cyber security can be a useful term but tends to defy precise definition. It is also sometimes inappropriately conflated with other concepts such as privacy, information sharing, intelligence gathering, and surveillance.
However, cyber security can be an important tool in protecting privacy and preventing unauthorized surveillance, and information sharing and intelligence gathering can be useful tools for effecting cyber security. Cyber threats have become so much dangerous. In future they are going to be much stronger. Bank robbery, kidnapping, blackmailing etc.
And so that this issue has become the hot topic both in public place and international conference table. There are several processes and stages of the cyber security application. One is personal stage. Where a person need to be more careful about his security issues.
By taking proper steps, one can protect himself from cyber-crime. Another one is business or organizational step. Here an organization takes proper steps to protect themselves from cyber-attacks and keep their information safe. This is more predictable issue because if they lose their data once, then it will be difficult to recover it and they are going to face a very difficult issue. The last one is national step.
Here the nation chefs takes decisions about the security of the total nation. They build their own rules and laws. Table of content Sl.
Content Name Page No. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems and the Internet in most societies, wireless networks such as Bluetooth and Wi-Fi - and the growth of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things. Problem statement The international community has come to new epoch - information society epoch. At present the human activity depends on telecommunication technologies used in almost all fields of people activity Rapid developing of telecommunications and global computer networks has created the reasons, which allow to commit of cybercrimes in the high technologies field easier.
The telecommunication technologies opportunities use by criminal organizations very widely. The typical examples of such kind of crimes are: It is no sense to doubt that the new measures will appear soon, as the cybercrimes weapon modified constantly depending from the protection measures which used by computer networks users: The main features of cybercrimes are: In addition the binding condition is the saving of computer physical integrity, computers system or their network.
Among work failure in the chance of access monopoly condition or static IP address , there happened the information blocking, i.
Besides, during no sanctioning accessing there happened information modification in the Internet network record-statistic database, including information of work time of officially registered user and payment of downloadd time. To say about guilty form, that criminal technical qualification allow to realize unambiguously the society danger of his actions, to foresee the possibility of common danger consequences coming, not to wish but allow these consequences intelligently or take to them indifferently, that demand the premeditated crime commitment.
The practice of production and spreading of harmful programs investigation also discovered some peculiarities, which need of explanation. Besides the material compositions of premeditated crimes in objective side of which included the legally important common dangerous consequences , objective side of which limited by only common dangerous action or inactiveness.
There explained by especially high range of common dangerousness that the criminal law pursue enough harshly for the fact of producing, using or spreading of harmful programs for computers, not saying that any consequences will come.
In these cases the intent formally is the only awareness of action inactiveness common danger and the wish of it committing.
Background of cyber crime Our modern society demands a degree of connectivity between citizens, businesses, financial institutions and governments that must cross political and cultural boundaries.
Digital technology provides this connectivity and gives its users many valuable benefits. But at the same time, it provides a rich environment for criminal activity, ranging from vandalism to stolen identity to theft of classified government information.
Hacking is a term used to describe the activity of modifying a product or procedure to alter its normal function, or to fix a problem.
They discovered ways to change certain functions without re-engineering the entire device. These curious individuals went on to work with early computer systems where they applied their curiosity and resourcefulness to learning and changing the computer code that was used in early programs. The malicious association with hacking became evident in the s when early computerized phone systems became a target.
They impersonated operators, dug through Bell Telephone company garbage to find secret information, and performed countless experiments on early telephone hardware in order to learn how to exploit the system. They were hackers in every sense of the word, using their resourcefulness to modify hardware and software to steal long distance telephone time.
This innovative type of crime was a difficult issue for law enforcement, due in part to lack of legislation to aid in criminal prosecution, and a shortage of investigators skilled in the technology that was being hacked.
It was clear that computer systems were open to criminal activity, and as more complex communications became available to the consumer, more opportunities for cybercrime developed. In the systems administrator at the Lawrence Berkeley National Laboratory, Clifford Stoll, noted certain irregularities in accounting data. Inventing the first digital forensic techniques, he determined that an unauthorized user was hacking into his computer network. In , during a project dubbed Operation Sundevil, FBI agents confiscated 42 computers and over 20, floppy disks that were allegedly being used by criminals for illegal credit card use and telephone services.
This two-year effort involved agents. Despite the low number of indictments, the operation was seen as a successful public relations effort by law enforcement officials. Garry M.
Jenkins, the Assistant Director of the U. It is a collection of technologists, lawyers and other professionals who act to defend and protect consumers from unlawful prosecution. A Brief history of Cybercrime i.
He is convicted and sentenced to a year in jail. He posts them on a website after the attempted extortion fails. Different types of websites contains different contents and explanations. Where one website differs from another. So it was a bit difficult to analyze them properly to get the best from them.
As for example, some website says that cybercrime was first occurred in , which is nothing but a crap story. Actually the first cybercrime started at the beginning of the seventies. So the exact method was here to research through the internet and compare them to find out the best and actual result. In the time of analysis of the data, we discussed for what will be the exact one. Whatever, we faced some problems with them.
Again there were some websites which were really good to study. Those helped so far to make this report. Limitations Actually we got so many information about cyber security and cybercrime. We got confused about which data is appropriate or not. But as this report submission time is before our final exam and other course teachers also forced us with their assignments and other studies, so we got a bit short time to complete this large report.
But with the grace of Almighty Allah we have finished the report in time. There were various websites describing their cyber-attack histories. But unfortunately we got almost no information about what Bangladesh is up to for checking security. It is not what we expected. As it sector of Bangladesh is growing so early, they should keep updates of these records. Without updated records, there will be no proof that we are improving. Over 60 per cent of all internet users are in developing countries, with 45 per cent of all internet users below the age of 25 years.
A limited number of acts against the confidentiality, integrity and availability of computer data or systems represent the core of cybercrime. Certain definitions are required for the core of cybercrime acts.
Computer Crime: New Investigative Needs for an Emerging Crime Area As we move forward into the 21" century, technological innovations have paved the way for us to experience new and wonderful conveniences in the how we are educated, the way we shop, how we are entertained and the manner in which we do business. Our day to-day lives have been forever changed thanks to rapid advances made in the field of computer technology.
These changes allow us to communicate over great distances in an instant and permit us, almost effortlessly, to gather and organize large amounts of information, tasks that could, otherwise, prove unwieldy and expensive.
The technological treasures that have improved the quality of our lives, however, can reasonably be viewed as a doubled-edged sword. While computer technology has opened doors to enhanced conveniences for many, this same technology has also opened new doors for criminals.
Criminals can now easily encrypt information representing evidence of their criminal acts, store the information and even transmit it with little fear of detection by law enforcement. Due to the extraordinary impact of the Internet, a computer crime scene can now span from the geographical point of the victimization e. And, as stated above, the presence of new computer technology aids cyber criminals in situations in which the computer's role is incidental to the crime; situations in which the computers used to house and protect information that is evidence tying the offender to criminal acts.
A commonality among these types of crimes is that the offender, to a great degree, depends upon the lack of technological skills of law enforcement to successfully committee offenses and escape undetected. Only select parts of our population had direct access to computers, building the mystical aura surrounding computers, what they did and the type of knowledge needed to operate them.
The lure of the Internet has enticed over million in the U. The process of criminalization of human behavior judged to be harmful to the public is typically one that builds slowly in common law jurisdictions. In the case of computer crime, legislators grew increasingly attentive in the s as businesses became more dependent upon computerization and as catalyst event cases exposed significant vulnerabilities to computer crime violations.
In , the Economic Espionage Act of was signed into law to, in large part, stunt the affect that the incredible Scope of the Problem Recent statistics on the frequency of computer there crimes point to the value of the enactment of computer crime-specific laws and their enforcement and demonstrate how computer crime has moved towards the front of crime concern priorities for the nation. A vulnerability is a system susceptibility or flaw, and many vulnerabilities are documented in the Common Vulnerabilities and Exposures CVE database and vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities as they are discovered.
An exploitable vulnerability is one for which at least one working attack or "exploit" exists. To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below: Backdoors A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls.
They may exist for a number of reasons, including by original design or from poor configuration. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the motives for their existence, they create a vulnerability. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once.
While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of Distributed denial of service DDoS attacks are possible, where the attack comes from a large number of points — and defending is much more difficult.
Such attacks can originate from the zombie computers of a botnet, but a range of other techniques are possible including reflection and amplification attacks, where innocent systems are fooled into sending traffic to the victim. Direct-access attacks An unauthorized user gaining physical access to a computer is most likely able to directly copy data from it.
They may also compromise security by making operating system modifications, installing software worms, key loggers, covert listening devices or using wireless mice. Even when the system is protected by standard security measures, these may be able to be by-passed by booting another operating system or tool from a CD-ROM or other bootable media.
Disk encryption and Trusted Platform Module are designed to prevent these attacks. Eavesdropping Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. Even machines that operate as a closed system i. Spoofing is most prevalent in communication mechanisms that lack a high level of security.
Tampering Tampering describes a malicious modification of products. So-called "Evil Maid" attacks and security services planting of surveillance capability into routers are examples. Privilege escalation Privilege escalation describes a situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level.
So for example a standard computer user may be able to fool the system into giving them access to restricted data; or even to "become root" and have full unrestricted access to a system. Phishing Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Preying on a victim's trusting, phishing can be classified as a form of social engineering. Click jacking Click jacking, also known as "UI redress attack or User Interface redress attack", is a malicious technique in which an attacker tricks a user into clicking on a button or link on another webpage while the user intended to click on the top level page.
This is done using multiple transparent or opaque layers. The attacker is basically "hijacking" the clicks meant for the top level page and routing them to some other irrelevant page, most likely owned by someone else. Carefully drafting a combination of style sheets, frames, buttons and text boxes, a user can be led into believing that they are typing the password or other information on some authentic webpage while it is being channeled into an invisible frame controlled by the attacker.
Social engineering Social engineering aims to convince a user to disclose secrets such as passwords, card numbers, etc. A popular and profitable cyber scam involves fake CEO emails sent to accounting and finance departments. In May , the Milwaukee Bucks NBA team was the victim of this type of cyber scam with a perpetrator impersonating the team's president Peter Feign, resulting in the handover of all the team's employees' W-2 tax forms.
In computing, a hacker is any highly skilled computer expert. Depending on the field of computing it has slightly different meanings, and in some contexts has controversial moral and ethical connotations. In its original sense, the term refers to a person in any one of the communities and hacker subcultures. Today, mainstream usage of "hacker" mostly refers to computer criminals, due to the mass media usage of the word since the s.
This includes what hacker slang calls "script kiddies," people breaking into computers using programs written by others, with very little knowledge about the way they work. This usage has become so predominant that the general public is unaware that different meanings exist.
While the self-designation of hobbyists as hackers is acknowledged by all three kinds of hackers, and the computer security hackers accept all uses of the word, people from the programmer subculture consider the computer intrusion related usage incorrect, and emphasize the difference between the two by calling security breakers "crackers" analogous to a safecracker.
As someone who is able to subvert computer security; if doing so for malicious purposes, the person can also be called a cracker. Although the Department of Defense DOD has articulated its requirements for controls to ensure confidentiality, there is no articulation for systems based on other requirements and management controls discussed below —individual accountability, separation of duty, auditability, and recovery. This committee's goal of developing a set of Generally Accepted System Security Principles, GSSP, is intended to address this deficiency and is a central recommendation of this report.
In computing there is no generally accepted body of prudent practice analogous to the Generally Accepted Accounting Principles promulgated by the Financial Auditing Standards Board see Appendix D. Managers who have never seen adequate controls for computer systems may not appreciate the capabilities currently available to them, or the risks they are taking by operating without these controls.
Faced with demands for more output, they have had no incentive to spend money on controls. Reasoning like the following is common: "Can't do it and still stay competitive"; "We've never had any trouble, so why worry"; "The vendor didn't put it in the product; there's nothing we can do. However, computers are active entities, and programs can be changed in a twinkling, so that past happiness is no predictor of future bliss.
There has to be only one Internet worm incident to signal a larger problem. Experience since the Internet worm involving copy-cat and derivative attacks shows how a possibility once demonstrated can become an actuality frequently used.
A recent informal survey conducted on behalf of the committee shows a widespread desire among corporate system managers and security officers for the ability to identify users and limit times and places of access, particularly over networks, and to watch for intrusion by recording attempts at invalid actions see Chapter Appendix 2.
Ad hoc virus checkers, well known in the personal computer market, are also in demand. However, there is little demand for system managers to be able to obtain positive confirmation that the software running on their systems today is the same as what was running yesterday.
Such a simple analog of hardware diagnostics should be a fundamental requirement; it may not be seen as such because vendors do not offer it or because users have difficulty expressing their needs.
Although threats and policies for addressing them are different for different applications, they nevertheless have much in common, and the general systems on which applications are built are often the same.
Furthermore, basic security services can work against many threats and support many policies. Thus there is a large core of policies and services on which most of the users of computers should be able to agree.
On this basis the committee proposes the effort to define and articulate GSSP. For example, the adverse effects of a system not being available must be related in part to requirements for recovery time.
A system that must be restored within an hour after disruption represents, and requires, a more demanding set of policies and controls than does a similar system that need not be restored for two to three days. Likewise, the risk of loss of confidentiality with respect to a major product announcement will change with time.
Early disclosure may jeopardize competitive advantage, but disclosure just before the intended announcement may be insignificant. In this case the information remains the same, while the timing of its release significantly affects the risk of loss.
Confidentiality Confidentiality is a requirement whose purpose is to keep sensitive information from being disclosed to unauthorized recipients. The most fully developed policies for confidentiality reflect the concerns of the U. Since the scope of threat is very broad in this context, the policy requires systems to be robust in the face of a wide variety of attacks.
The specific DOD policies for ensuring confidentiality do not explicitly itemize the range of expected threats for which a policy must hold. Instead, they reflect an operational approach, expressing the policy by stating the particular management controls that must be used to achieve the requirement for confidentiality.
Thus they avoid listing threats, which would represent a severe risk in itself, and avoid the risk of poor security design implicit in taking a fresh approach to each new problem. The operational controls that the military has developed in support of this requirement involve automated mechanisms for handling information that is critical to national security.
Within each level and compartment, a person with an appropriate clearance must also have a "need to know" in order to gain access. These procedures are mandatory: elaborate procedures must also be followed to declassify information. Some commercial firms, for instance, classify information as restricted, company confidential, and unclassified Schmitt, Even if an organization has no secrets of its own, it may be obliged by law or common courtesy to preserve the privacy of information about individuals.
Medical records, for example, may require more careful protection than does most proprietary information. A hospital must thus select a suitable confidentiality policy to uphold its fiduciary responsibility with respect to patient records.
In the commercial world confidentiality is customarily guarded by security mechanisms that are less stringent than those of the national security community. For example, information is assigned to an "owner" or guardian , who controls access to it.
With Trojan horse attacks, for example, even legitimate and honest users of an owner mechanism can be tricked into disclosing secret data. The commercial world has borne these vulnerabilities in exchange for the greater operational flexibility and system performance currently associated with relatively weak security. Integrity Integrity is a requirement meant to ensure that information and programs are changed only in a specified and authorized manner.
It may be important to keep data consistent as in double-entry bookkeeping or to allow data to be changed only in an approved manner as in withdrawals from a bank account.
It may also be necessary to specify the degree of the accuracy of data. Some policies for ensuring integrity reflect a concern for preventing fraud and are stated in terms of management controls. For example, any task involving the potential for fraud must be divided into parts that are performed by separate people, an approach called separation of duty. A classic example is a downloading system, which has three parts: ordering, receiving, and payment.
Someone must sign off on each step, the same person cannot sign off on two steps, and the records can be changed only by fixed procedures—for example, an account is debited and a check written only for the amount of an approved and received order. In this case, although the policy is stated operationally—that is, in terms of specific management controls—the threat model is explicitly disclosed as well.
Other integrity policies reflect concerns for preventing errors and omissions, and controlling the effects of program change. Integrity policies have not been studied as carefully as confidentiality policies. Computer measures that have been installed to guard integrity tend to be ad hoc and do not flow from the integrity models that have been proposed see Chapter 3. Availability Availability is a requirement intended to ensure that systems work promptly and service is not denied to authorized users.
From a security standpoint, it represents the ability to protect against and recover from a damaging event. The availability of properly functioning computer systems e. Contingency planning is concerned with assessing risks and developing plans for averting or recovering from adverse events that might render a system unavailable.