SlideShare a Scribd company logo

Chapter 2 comp secu.pptx of computer security

Download as PPTX, PDF
Y
yhalemayalu

it is use to secure any free from malware

Software
1 of 30
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
1 DEBRE MARKOS UNIVERSITY BURIE CAMPUS DEPARTMENT OF COMPUTER SCIENCE Computer Security By: Amare W.
2 Chapter Two: Computer threat 2.1 Malicious Code ♥ Malicious code or rogue programs or malware (short for MALicious softWARE) is the general name for programs or program parts planted by an agent with malicious intent to cause unanticipated or undesired effects. ♥ Malicious code is a set of instructions that cause a site’s security policy to be violated. ♥ It is unwanted files or programs that can cause harm to a computer or compromised data stored on a computer. ♥ Computer viruses, worms, Trojan horses and Spy-wares are effective tools with which to attack computer systems.
04/04/2025 3/2/2018 3 2.1.1 Computer Viruses ♥ A virus is a program that can replicate itself and pass on malicious code to other nonmalicious programs by modifying them. ♥ The term “virus” was coined because the affected program acts like a biological virus: It infects other healthy subjects by attaching itself to the program and either destroying the program or coexisting with it. ♥ This type of virus propagates itself only as specific programs (the compiler and the login program). ♥ When the Trojan horse can propagate freely and insert a copy of itself into another file, it becomes a computer virus. ♥ A computer virus is a program that inserts itself into one or more files and then performs some (possibly null) action.
04/04/2025 3/2/2018 4 Cont’d ♥ It has two phases. The first phase, in which the virus inserts itself into a file, is called the insertion phase. The second phase, in which it performs some action, is called the execution phase. ♥ A virus can be either transient or resident. A transient virus has a life span that depends on the life of its host; the virus runs when the program to which it is attached executes, and it terminates when the attached program ends. ♥ (During its execution, the transient virus may spread its infection to other programs.) ♥ A resident virus locates itself in memory; it can then remain active or be activated as a stand-alone program, even after its attached program
04/04/2025 3/2/2018 5 ♥ Several types of computer viruses have been identified. 2.1.1.1 Boot Sector Infectors ♥ The boot sector is the part of a disk used to bootstrap the system or mount a disk. ♥ Code in that sector is executed when the system “sees” the disk for the first time. ♥ When the system boots, or the disk is mounted, any virus in that sector is executed. (The actual boot code is moved to another place, possibly another sector.) ♥ A boot sector infector is a virus that inserts itself into the boot sector of a disk.
04/04/2025 3/2/2018 6 2.1.1.2 Executable Infectors ♥ An executable infector is a virus that infects executable programs. ♥ The PC variety of executable infectors are called COM or EXE viruses because they infect programs with those extensions. ♥ The virus can prepend itself to the executable or append itself.
04/04/2025 3/2/2018 7 3.1.1.3 Multipartite Viruses ♥ A multipartite virus is one that can infect either boot sectors or applications. ♥ Such a virus typically has two parts, one for each type. When it infects an executable, it acts as an executable infector; when it infects a boot sector, it works as a boot sector infector.
04/04/2025 3/2/2018 8 2.1.1.4 Macro Viruses ♥ A macro virus is a virus composed of a sequence of instructions that is interpreted, rather than executed directly. ♥ Conceptually, macro viruses are no different from ordinary computer viruses. ♥ They can execute on any system that can interpret the instructions.
04/04/2025 3/2/2018 9 2.1.2 Computer Worms ♥ The terms worm and virus are often used interchangeably, but they actually refer to different things. ♥ A computer virus infects other programs. A variant of the virus is a program that spreads from computer to computer, spawning copies of itself on each one. ♥ A computer worm is a program that copies itself from one computer to another through a network. ♥ The primary difference between a worm and a virus is that a worm operates through networks, and a virus can spread through any medium (but usually uses a copied program or data files).
04/04/2025 3/2/2018 10 ♥ The other difference is worm and a virus is that unlike a virus, a worm does not need a host program or software to insert its code into. ♥ Worms are standalone programs that are capable of working on its own. ♥ Also, a virus needs human triggering for replication (i.e. when a user opens/executes the infected file), while a worm replicates on its own and can spread to other computers through the network. ♥ Some prominent examples of worms include Storm Worm, Sobig, MSBlast, Code Red, Nimda, Morris Worm, etc.
04/04/2025 3/2/2018 11 2.1.3 Trojan Horses ♥ A Trojan horse is a program with an overt (documented or known) effect and a covert (undocumented or unexpected) effect. ♥ Dan Edwards was the first to use this term [25]. Trojan horses are often used in conjunction with other tools to attack systems. ♥ A propagating Trojan horse (also called a replicating Trojan horse) is a Trojan horse that creates a copy of itself. ♥ Trojan horse malware slips inside a program undetected and produces unwelcome effects later on. ♥ A computer Trojan horse, consider a login script that solicits a user’s identification and password, passes the identification information on to the rest of the system for login processing, but also retains a copy of the information for later, malicious use.
04/04/2025 3/2/2018 12 2.1.4 Spyware ♥ It is a type of malware that spies on a person or an organisation by gathering information about them, without the knowledge of the user. ♥ It records and sends the collected information to an external entity without consent or knowledge of the user. ♥ Spyware usually tracks internet usage data and sells them to advertisers. ♥ They can also be used to track and capture credit card or bank account information, login and password information or user’s personal identity.
04/04/2025 3/2/2018 13 2.2 Class of Attacks ♥ The three types of network attacks are: Reconnaissance attacks Access attacks Denial of Service attacks 2.2.1 Reconnaissance ♥ Reconnaissance is an unauthorized user’s attempt to discover and map network system devices, services available on those systems, and the vulnerabilities of those systems.
04/04/2025 3/2/2018 14 ♥ It is also known as information gathering and, in most cases, precedes an actual access or Denial of Service (DoS) attack. ♥ The malicious intruder typically ping sweeps the target network first to determine what IP addresses are active and responsive. ♥ This can lead to the intruder finding information about what services or ports are active on the live IP addresses. ♥ From the active IP address information, the intruder queries the application ports to determine the application type and version as well as the type and version of operating system running on the target host.
04/04/2025 3/2/2018 15 2.2.2 Access attacks ♥ Access is a broad term that refers to the capability of a specific source (that is, a user on a computer, connected to a network that is connected to the Internet) to connect to a specific destination (that is, a computer on a network that is connected to the Internet). ♥ When a destination has been targeted, the attacker will attempt to use some software application to reach the destination. ♥ An access attack can come in the form of unauthorized data retrieval and manipulation, system access, or privileged escalation. ♥ Access attacks can also be used to gain control of a system and install and hide software that will be used later by the hackers.
04/04/2025 3/2/2018 16 2.2.3 Denial of Service, etc. ♥ DoS is when an attacker disables or corrupts networks, systems, or services in order to deny the service to its intended users. ♥ It usually involves crashing the system or slowing it down to the point that it is unusable. ♥ DoS attacks can also be as simple as wiping out or corrupting information necessary for business. ♥ In most cases, performing the attack simply involves running a hack, script, or tool.
04/04/2025 3/2/2018 17 ….cont’d ♥ The attacker does not need prior access to the target, only a path to the target. Once the path is realized, great paralyzing damage can be caused. ♥ Because many DoS attacks are relatively easy to initiate and can be performed anonymously, it is the most feared attack on the Internet. ♥ A Distributed Denial of Service (DDoS) attack is one in which the source of the attack is many computers (usually spread across a large geographic area) making it very difficult to find and stop the source(s).
04/04/2025 3/2/2018 18 2.3 Program flaws ♥ When a human makes a mistake, called an error, in performing some software activity, the error may lead to a fault, or an incorrect step, command, process, or data definition in a computer program, design, or documentation. ♥ For example, a designer may misunderstand a requirement and create a design that does not match the actual intent of the requirements analyst and the user. ♥ This design fault is an encoding of the error, and it can lead to other faults, such as incorrect code and an incorrect description. Thus, a single error can generate many faults, and a fault can reside in any development or maintenance product.
04/04/2025 3/2/2018 19 ♥ A failure is a departure from the system’s required behavior. It can be discovered before or after system delivery, during testing, or during operation and maintenance. ♥ Since the requirements documents can contain faults, a failure indicates that the system is not performing as required, even though it may be performing as specified. ♥ Thus, a fault is an inside view of the system, as seen by the eyes of the developers, whereas a failure is an outside view: a problem that the user sees. ♥ Security engineers use flaw to describe both faults and failures. A program flaw can be a fault affecting the correctness of the program’s result—that is, a fault can lead to a failure. Incorrect operation is an integrity failing.
04/04/2025 3/2/2018 20 ♥ Program security flaws can derive from any kind of software fault. That is, they cover everything from a misunderstanding of program requirements to a one-character error in coding or even typing. ♥ The security flaws can reflect code that was intentionally designed or coded to be malicious or code that was simply developed in a sloppy or misguided way. ♥ Thus, it makes sense to divide program flaws into two separate logical categories: human errors, intentionally induced flaws (malicious). ♥ They further divide intentional flaws into malicious and
04/04/2025 3/2/2018 21 Nonmalicious Program flaws: ♥ Being human, programmers and other developers make many mistakes, most of which are unintentional and nonmalicious. ♥ Many such errors cause program malfunctions but do not lead to more serious security vulnerabilities. ♥ In this section we consider three classic error types that have enabled many recent security breaches. ♥ We explain each type, why it is relevant to security, and how it can be prevented or mitigated.
04/04/2025 3/2/2018 22 1. Buffer Overflow Attack ♥ A buffer is a temporary area for data storage. When more data (than was originally allocated to be stored) gets placed by a program or system process, the extra data overflows. ♥ It causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding. ♥ In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or exposes private information. ♥ Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a user’s input.
04/04/2025 3/2/2018 23 2. TIME-OF-CHECK TO TIME-OF-USE FLAWS ♥ In software development, time of check to time of use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. ♥ This is one example of a race condition. Time-of-check, time of- use race conditions occur when between the time in which a given resource is checked, and the time that resource is used, a change occurs in the resource to invalidate the results of the check.
04/04/2025 3/2/2018 24 ♥ Consider a Web application that allows a user to edit pages, and also allows administrators to lock pages to prevent editing. ♥ A user requests to edit a page, getting a form which can be used to alter its content. Before the user submits the form, an administrator locks the page, which should prevent editing. ♥ However, since editing has already begun, when the user submits the form, those edits (which have already been made) are accepted. ♥ When the user began editing, the appropriate authorization was checked, and the user was indeed allowed to edit.
04/04/2025 3/2/2018 25 3. INCOMPLETE MEDIATION:: ♥ Incomplete mediation is another security problem. Attackers are exploiting it to cause security problems. ♥ Supplying wrong type of data in wrong length. ♥ It is easy to exploit, but it has been exercised less often than buffer overflows, nevertheless, unchecked data values represent a serious potential vulnerability.
04/04/2025 3/2/2018 26 Security Defences ♥ In defending against network attack, there are broadly speaking four sets of available tools. 1. First is management — keeping your systems up-to-date and configured in ways that will minimise the attack surface; 2. Next is filtering — the use of firewalls to stop bad things like Trojans and network exploits, and to detect signs of attack and compromise if any- thing gets through; 3. Next is intrusion detection — having programs monitoring your net- works and machines for signs of malicious behaviour; 4. Finally there’s encryption — protocols such as TLS and SSH that enable you to protect specific parts of the network against particular attacks.
04/04/2025 3/2/2018 27 Database management systems security ♥ Database security involves protecting the database from unauthorized access, modification, or destruction. ♥ Since the database represents an essential corporate resource, database security is an important subcomponent of any organization’s overall information systems security plan. ♥ In addition to the need to preserve and protect data for the smooth functioning of the organization, database designers have a responsibility to protect the privacy of individuals about whom data is kept.
04/04/2025 3/2/2018 28 Fundamentals of Access Control ♥ In any organization, access control methods should be defined to restrict access to company resources as well as employee and client data. ♥ Access control is a fundamental component in the support of confidentiality and integrity. ♥ Access control must be addressed in the context of physical security as well as information system access control. ♥ To protect the information system, the database administrator is responsible for the following major tasks:
04/04/2025 3/2/2018 29  Installing the database management system and configuring it securely  Creating and securing user accounts and developing appropriate access controls for users  Developing and enforcing standards for applications programs that access the database.  Encrypting sensitive data  Ensuring that network connections to the data are secure  Establishing appropriate audit mechanisms for the database  Protecting the database against intruders by identifying and guarding against security threats and applying security controls and security updates as needed.
30 Thank you

More Related Content

PPTX
What is a Malware - Kloudlearn
KloudLearn
 
PPT
Presentation2
Jeslynn
 
PPTX
Computer security ethics_and_privacy
Ardit Meti
 
PPT
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
PPT
Computer Securityyyyyyyy - Chapter 2.ppt
SolomonSB
 
PPTX
Basics of Network Security
Dushyant Singh
 
PPTX
Malware, Hacker Techniques, and Wireshark.pptx
fovoni
 
DOCX
Computer virus
Dark Side
 
What is a Malware - Kloudlearn
KloudLearn
 
Presentation2
Jeslynn
 
Computer security ethics_and_privacy
Ardit Meti
 
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
Computer Securityyyyyyyy - Chapter 2.ppt
SolomonSB
 
Basics of Network Security
Dushyant Singh
 
Malware, Hacker Techniques, and Wireshark.pptx
fovoni
 
Computer virus
Dark Side
 

Similar to Chapter 2 comp secu.pptx of computer security (20)

PDF
Computer crimes
Muniba Bukhari
 
PPTX
Computer viruses
Dark Side
 
PPTX
Type of Malware and its different analysis and its types !
Mohammed Jaseem Tp
 
PPTX
Dickmaster
DickMaster1
 
PDF
Computer/Cyber/IT Security MCQ Questions
SONU HEETSON
 
PPT
Software security
jes_d
 
PPTX
Chapter 11 Malicious Software - HCMUT.pptx
PHHPHANTHIN
 
PDF
Common Malware Types Vulnerability Management
Muhammad FAHAD
 
PPT
list of Deception as well as detection techniques for maleware
AJAY VISHKARMA
 
PPTX
System_security.pptx
SusmitaSaha812194
 
PPTX
Types of Malware (CEH v11)
EC-Council
 
PDF
Chapter 4 - Data & Application Security Issues Part 2.pdf
aishahmrawy
 
DOCX
Types of Malware.docx
SarahReese14
 
PDF
The process of computer security
WritingHubUK
 
PPTX
viruses.pptx
AsadbekAbdumannopov
 
PPT
computervirus.ppt
PritamSahoo16
 
PPTX
Cybercrime: Virus and Defense
Md.Tanvir Ul Haque
 
PPT
Virus project
Shehrevar Davierwala
 
PPTX
Computer security threats & prevention
PriSim
 
DOC
Malware
zelkan19
 
Computer crimes
Muniba Bukhari
 
Computer viruses
Dark Side
 
Type of Malware and its different analysis and its types !
Mohammed Jaseem Tp
 
Dickmaster
DickMaster1
 
Computer/Cyber/IT Security MCQ Questions
SONU HEETSON
 
Software security
jes_d
 
Chapter 11 Malicious Software - HCMUT.pptx
PHHPHANTHIN
 
Common Malware Types Vulnerability Management
Muhammad FAHAD
 
list of Deception as well as detection techniques for maleware
AJAY VISHKARMA
 
System_security.pptx
SusmitaSaha812194
 
Types of Malware (CEH v11)
EC-Council
 
Chapter 4 - Data & Application Security Issues Part 2.pdf
aishahmrawy
 
Types of Malware.docx
SarahReese14
 
The process of computer security
WritingHubUK
 
viruses.pptx
AsadbekAbdumannopov
 
computervirus.ppt
PritamSahoo16
 
Cybercrime: Virus and Defense
Md.Tanvir Ul Haque
 
Virus project
Shehrevar Davierwala
 
Computer security threats & prevention
PriSim
 
Malware
zelkan19
 
Ad

More from yhalemayalu (6)

PPTX
RM-Chapter 1.pptx and research me andthods
yhalemayalu
 
PPTX
Chapter 3.0.pptx and image processing of security
yhalemayalu
 
PDF
CH-4.pdf image restoration and what are
yhalemayalu
 
PPTX
Chapter 1 compu secur.pptx of security service
yhalemayalu
 
PPTX
CH-5.pptx of image compression of image space
yhalemayalu
 
PPTX
image compressions for development of image
yhalemayalu
 
RM-Chapter 1.pptx and research me andthods
yhalemayalu
 
Chapter 3.0.pptx and image processing of security
yhalemayalu
 
CH-4.pdf image restoration and what are
yhalemayalu
 
Chapter 1 compu secur.pptx of security service
yhalemayalu
 
CH-5.pptx of image compression of image space
yhalemayalu
 
image compressions for development of image
yhalemayalu
 
Ad

Recently uploaded (20)

PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PPTX
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
System and Network Administraation Chapter 3
jaramharo
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 

Chapter 2 comp secu.pptx of computer security

  • 1. 1 DEBRE MARKOS UNIVERSITY BURIE CAMPUS DEPARTMENT OF COMPUTER SCIENCE Computer Security By: Amare W.
  • 2. 2 Chapter Two: Computer threat 2.1 Malicious Code ♥ Malicious code or rogue programs or malware (short for MALicious softWARE) is the general name for programs or program parts planted by an agent with malicious intent to cause unanticipated or undesired effects. ♥ Malicious code is a set of instructions that cause a site’s security policy to be violated. ♥ It is unwanted files or programs that can cause harm to a computer or compromised data stored on a computer. ♥ Computer viruses, worms, Trojan horses and Spy-wares are effective tools with which to attack computer systems.
  • 3. 04/04/2025 3/2/2018 3 2.1.1 Computer Viruses ♥ A virus is a program that can replicate itself and pass on malicious code to other nonmalicious programs by modifying them. ♥ The term “virus” was coined because the affected program acts like a biological virus: It infects other healthy subjects by attaching itself to the program and either destroying the program or coexisting with it. ♥ This type of virus propagates itself only as specific programs (the compiler and the login program). ♥ When the Trojan horse can propagate freely and insert a copy of itself into another file, it becomes a computer virus. ♥ A computer virus is a program that inserts itself into one or more files and then performs some (possibly null) action.
  • 4. 04/04/2025 3/2/2018 4 Cont’d ♥ It has two phases. The first phase, in which the virus inserts itself into a file, is called the insertion phase. The second phase, in which it performs some action, is called the execution phase. ♥ A virus can be either transient or resident. A transient virus has a life span that depends on the life of its host; the virus runs when the program to which it is attached executes, and it terminates when the attached program ends. ♥ (During its execution, the transient virus may spread its infection to other programs.) ♥ A resident virus locates itself in memory; it can then remain active or be activated as a stand-alone program, even after its attached program
  • 5. 04/04/2025 3/2/2018 5 ♥ Several types of computer viruses have been identified. 2.1.1.1 Boot Sector Infectors ♥ The boot sector is the part of a disk used to bootstrap the system or mount a disk. ♥ Code in that sector is executed when the system “sees” the disk for the first time. ♥ When the system boots, or the disk is mounted, any virus in that sector is executed. (The actual boot code is moved to another place, possibly another sector.) ♥ A boot sector infector is a virus that inserts itself into the boot sector of a disk.
  • 6. 04/04/2025 3/2/2018 6 2.1.1.2 Executable Infectors ♥ An executable infector is a virus that infects executable programs. ♥ The PC variety of executable infectors are called COM or EXE viruses because they infect programs with those extensions. ♥ The virus can prepend itself to the executable or append itself.
  • 7. 04/04/2025 3/2/2018 7 3.1.1.3 Multipartite Viruses ♥ A multipartite virus is one that can infect either boot sectors or applications. ♥ Such a virus typically has two parts, one for each type. When it infects an executable, it acts as an executable infector; when it infects a boot sector, it works as a boot sector infector.
  • 8. 04/04/2025 3/2/2018 8 2.1.1.4 Macro Viruses ♥ A macro virus is a virus composed of a sequence of instructions that is interpreted, rather than executed directly. ♥ Conceptually, macro viruses are no different from ordinary computer viruses. ♥ They can execute on any system that can interpret the instructions.
  • 9. 04/04/2025 3/2/2018 9 2.1.2 Computer Worms ♥ The terms worm and virus are often used interchangeably, but they actually refer to different things. ♥ A computer virus infects other programs. A variant of the virus is a program that spreads from computer to computer, spawning copies of itself on each one. ♥ A computer worm is a program that copies itself from one computer to another through a network. ♥ The primary difference between a worm and a virus is that a worm operates through networks, and a virus can spread through any medium (but usually uses a copied program or data files).
  • 10. 04/04/2025 3/2/2018 10 ♥ The other difference is worm and a virus is that unlike a virus, a worm does not need a host program or software to insert its code into. ♥ Worms are standalone programs that are capable of working on its own. ♥ Also, a virus needs human triggering for replication (i.e. when a user opens/executes the infected file), while a worm replicates on its own and can spread to other computers through the network. ♥ Some prominent examples of worms include Storm Worm, Sobig, MSBlast, Code Red, Nimda, Morris Worm, etc.
  • 11. 04/04/2025 3/2/2018 11 2.1.3 Trojan Horses ♥ A Trojan horse is a program with an overt (documented or known) effect and a covert (undocumented or unexpected) effect. ♥ Dan Edwards was the first to use this term [25]. Trojan horses are often used in conjunction with other tools to attack systems. ♥ A propagating Trojan horse (also called a replicating Trojan horse) is a Trojan horse that creates a copy of itself. ♥ Trojan horse malware slips inside a program undetected and produces unwelcome effects later on. ♥ A computer Trojan horse, consider a login script that solicits a user’s identification and password, passes the identification information on to the rest of the system for login processing, but also retains a copy of the information for later, malicious use.
  • 12. 04/04/2025 3/2/2018 12 2.1.4 Spyware ♥ It is a type of malware that spies on a person or an organisation by gathering information about them, without the knowledge of the user. ♥ It records and sends the collected information to an external entity without consent or knowledge of the user. ♥ Spyware usually tracks internet usage data and sells them to advertisers. ♥ They can also be used to track and capture credit card or bank account information, login and password information or user’s personal identity.
  • 13. 04/04/2025 3/2/2018 13 2.2 Class of Attacks ♥ The three types of network attacks are: Reconnaissance attacks Access attacks Denial of Service attacks 2.2.1 Reconnaissance ♥ Reconnaissance is an unauthorized user’s attempt to discover and map network system devices, services available on those systems, and the vulnerabilities of those systems.
  • 14. 04/04/2025 3/2/2018 14 ♥ It is also known as information gathering and, in most cases, precedes an actual access or Denial of Service (DoS) attack. ♥ The malicious intruder typically ping sweeps the target network first to determine what IP addresses are active and responsive. ♥ This can lead to the intruder finding information about what services or ports are active on the live IP addresses. ♥ From the active IP address information, the intruder queries the application ports to determine the application type and version as well as the type and version of operating system running on the target host.
  • 15. 04/04/2025 3/2/2018 15 2.2.2 Access attacks ♥ Access is a broad term that refers to the capability of a specific source (that is, a user on a computer, connected to a network that is connected to the Internet) to connect to a specific destination (that is, a computer on a network that is connected to the Internet). ♥ When a destination has been targeted, the attacker will attempt to use some software application to reach the destination. ♥ An access attack can come in the form of unauthorized data retrieval and manipulation, system access, or privileged escalation. ♥ Access attacks can also be used to gain control of a system and install and hide software that will be used later by the hackers.
  • 16. 04/04/2025 3/2/2018 16 2.2.3 Denial of Service, etc. ♥ DoS is when an attacker disables or corrupts networks, systems, or services in order to deny the service to its intended users. ♥ It usually involves crashing the system or slowing it down to the point that it is unusable. ♥ DoS attacks can also be as simple as wiping out or corrupting information necessary for business. ♥ In most cases, performing the attack simply involves running a hack, script, or tool.
  • 17. 04/04/2025 3/2/2018 17 ….cont’d ♥ The attacker does not need prior access to the target, only a path to the target. Once the path is realized, great paralyzing damage can be caused. ♥ Because many DoS attacks are relatively easy to initiate and can be performed anonymously, it is the most feared attack on the Internet. ♥ A Distributed Denial of Service (DDoS) attack is one in which the source of the attack is many computers (usually spread across a large geographic area) making it very difficult to find and stop the source(s).
  • 18. 04/04/2025 3/2/2018 18 2.3 Program flaws ♥ When a human makes a mistake, called an error, in performing some software activity, the error may lead to a fault, or an incorrect step, command, process, or data definition in a computer program, design, or documentation. ♥ For example, a designer may misunderstand a requirement and create a design that does not match the actual intent of the requirements analyst and the user. ♥ This design fault is an encoding of the error, and it can lead to other faults, such as incorrect code and an incorrect description. Thus, a single error can generate many faults, and a fault can reside in any development or maintenance product.
  • 19. 04/04/2025 3/2/2018 19 ♥ A failure is a departure from the system’s required behavior. It can be discovered before or after system delivery, during testing, or during operation and maintenance. ♥ Since the requirements documents can contain faults, a failure indicates that the system is not performing as required, even though it may be performing as specified. ♥ Thus, a fault is an inside view of the system, as seen by the eyes of the developers, whereas a failure is an outside view: a problem that the user sees. ♥ Security engineers use flaw to describe both faults and failures. A program flaw can be a fault affecting the correctness of the program’s result—that is, a fault can lead to a failure. Incorrect operation is an integrity failing.
  • 20. 04/04/2025 3/2/2018 20 ♥ Program security flaws can derive from any kind of software fault. That is, they cover everything from a misunderstanding of program requirements to a one-character error in coding or even typing. ♥ The security flaws can reflect code that was intentionally designed or coded to be malicious or code that was simply developed in a sloppy or misguided way. ♥ Thus, it makes sense to divide program flaws into two separate logical categories: human errors, intentionally induced flaws (malicious). ♥ They further divide intentional flaws into malicious and
  • 21. 04/04/2025 3/2/2018 21 Nonmalicious Program flaws: ♥ Being human, programmers and other developers make many mistakes, most of which are unintentional and nonmalicious. ♥ Many such errors cause program malfunctions but do not lead to more serious security vulnerabilities. ♥ In this section we consider three classic error types that have enabled many recent security breaches. ♥ We explain each type, why it is relevant to security, and how it can be prevented or mitigated.
  • 22. 04/04/2025 3/2/2018 22 1. Buffer Overflow Attack ♥ A buffer is a temporary area for data storage. When more data (than was originally allocated to be stored) gets placed by a program or system process, the extra data overflows. ♥ It causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding. ♥ In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or exposes private information. ♥ Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a user’s input.
  • 23. 04/04/2025 3/2/2018 23 2. TIME-OF-CHECK TO TIME-OF-USE FLAWS ♥ In software development, time of check to time of use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. ♥ This is one example of a race condition. Time-of-check, time of- use race conditions occur when between the time in which a given resource is checked, and the time that resource is used, a change occurs in the resource to invalidate the results of the check.
  • 24. 04/04/2025 3/2/2018 24 ♥ Consider a Web application that allows a user to edit pages, and also allows administrators to lock pages to prevent editing. ♥ A user requests to edit a page, getting a form which can be used to alter its content. Before the user submits the form, an administrator locks the page, which should prevent editing. ♥ However, since editing has already begun, when the user submits the form, those edits (which have already been made) are accepted. ♥ When the user began editing, the appropriate authorization was checked, and the user was indeed allowed to edit.
  • 25. 04/04/2025 3/2/2018 25 3. INCOMPLETE MEDIATION:: ♥ Incomplete mediation is another security problem. Attackers are exploiting it to cause security problems. ♥ Supplying wrong type of data in wrong length. ♥ It is easy to exploit, but it has been exercised less often than buffer overflows, nevertheless, unchecked data values represent a serious potential vulnerability.
  • 26. 04/04/2025 3/2/2018 26 Security Defences ♥ In defending against network attack, there are broadly speaking four sets of available tools. 1. First is management — keeping your systems up-to-date and configured in ways that will minimise the attack surface; 2. Next is filtering — the use of firewalls to stop bad things like Trojans and network exploits, and to detect signs of attack and compromise if any- thing gets through; 3. Next is intrusion detection — having programs monitoring your net- works and machines for signs of malicious behaviour; 4. Finally there’s encryption — protocols such as TLS and SSH that enable you to protect specific parts of the network against particular attacks.
  • 27. 04/04/2025 3/2/2018 27 Database management systems security ♥ Database security involves protecting the database from unauthorized access, modification, or destruction. ♥ Since the database represents an essential corporate resource, database security is an important subcomponent of any organization’s overall information systems security plan. ♥ In addition to the need to preserve and protect data for the smooth functioning of the organization, database designers have a responsibility to protect the privacy of individuals about whom data is kept.
  • 28. 04/04/2025 3/2/2018 28 Fundamentals of Access Control ♥ In any organization, access control methods should be defined to restrict access to company resources as well as employee and client data. ♥ Access control is a fundamental component in the support of confidentiality and integrity. ♥ Access control must be addressed in the context of physical security as well as information system access control. ♥ To protect the information system, the database administrator is responsible for the following major tasks:
  • 29. 04/04/2025 3/2/2018 29  Installing the database management system and configuring it securely  Creating and securing user accounts and developing appropriate access controls for users  Developing and enforcing standards for applications programs that access the database.  Encrypting sensitive data  Ensuring that network connections to the data are secure  Establishing appropriate audit mechanisms for the database  Protecting the database against intruders by identifying and guarding against security threats and applying security controls and security updates as needed.