Chapter 1 Notes – Introduction to Computer Security

Objectives

  • Identify the top threats to a network: security breaches, denial of service attacks, and malware
  • Understand essential security concepts
  • Assess the likelihood of an attack on your network
  • Define key terms such as cracker, penetration tester, firewall, and authentication
  • Compare and contrast perimeter and layered approaches to network security
  • Use online resources to secure your network

Introduction

  • Real-world systems and networks we rely on: e-commerce websites, internet-connected cars, smartphones and wearables, Internet of Things (IoT), smart homes, and smart medical devices

Introduction (cont.)

  • Important questions to guide security thinking:
    • How is information safeguarded?
    • What are the vulnerabilities to these systems?
    • What steps are taken to ensure that these systems and data are safe?
    • Who can access my information?
    • How is that information used?
    • Who is this information shared with? Third parties?

Risk Quantification for Threats

  • How seriously should threats be taken? Use basic risk formulas:
    • SLE=AV×EFSLE = AV \times EF
    • ALE=SLE×AROALE = SLE \times ARO
  • Where:
    • AV = Asset Value
    • EF = Exposure Factor
    • ARO = Annual Rate of Occurrence

Identifying Types of Threats

  • Threat categories include:
    • Malware (malicious software)
    • Security breaches
    • Denial of Service (DoS) attacks
    • Web attacks
    • Session hijacking
    • Insider threats
    • DNS poisoning
    • New attacks: doxing

Malware

  • Malware = software with a malicious purpose
  • Major types:
    • Viruses
    • Trojan horses
    • Spyware
    • Logic bombs
  • Purpose: to damage, steal, or take control of systems

Malware: Viruses

  • One of the two most common types of malware
  • Designed to replicate and spread
  • Often spreads via email
  • Consumes system resources, leading to network slowdowns or stoppages

Malware: Trojan Horses

  • The other most common type of malware
  • Named after the wooden horse of ancient history
  • Appears benign but secretly downloads malware onto a computer from within

Malware: Spyware and Logic Bombs

  • Spyware: rapidly growing category
    • Techniques include cookies and key loggers
  • Logic Bombs: lie dormant until a logical condition is met (often a specific date)

Compromising System Security

  • Attacks that breach a system’s security include:
    • Hacking
    • Cracking
    • Social engineering
    • War-driving
    • War-dialing

Denial of Service (DoS) Attacks

  • The attacker does not need to access the target system
  • The attacker blocks access to authorized users
  • Distributed DoS (DDoS) uses multiple machines to attack the target

Web Attacks

  • In a web attack, the attacker breaches a web application
  • Common attacks:
    • SQL injection
    • Cross-site scripting (XSS)

Session Hijacking

  • A complex form of attack
  • The attacker takes over an authenticated session between client and server
  • Not a common form of attack, but potentially serious when successful

Insider Threats

  • A type of security breach
  • Occurs when someone inside an organization misuses their access or accesses data they are not authorized to access

DNS Poisoning

  • Altering Domain Name System (DNS) records on a DNS server
  • Redirects client traffic to malicious websites
  • Typically used for identity theft

Doxing (New Attacks)

  • Doxing = locating personal information about an individual and broadcasting it, often via the Internet
  • Can include any personal information; most often used against public figures
  • This attack is becoming more prevalent

Basic Security Terminology: People

  • Hackers:
    • White hat
    • Black hat
    • Gray hat
  • Script kiddies
  • Penetration testers
  • Ethical hackers

Basic Security Terminology: Devices and Activities

  • Devices:
    • Firewall: filters network traffic
    • Proxy server: disguises IP address of internal host
    • Intrusion Detection System (IDS): monitors traffic for attempted attacks
  • Activities:
    • Authentication
    • Auditing

Concepts and Approaches to Protecting Your Network

  • Key concepts and approaches include:
    • CIA Triangle (Confidentiality, Integrity, Availability)
    • Least privileges
    • Perimeter security approach
    • Layered security approach
    • Proactive versus reactive security
    • Hybrid security approach

Legal Issues and Network Security

  • The Computer Security Act of 1987
  • OMB Circular A-130
  • State computer crime laws (see law resources)
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Online Security Resources

  • CERT (www.cert.org)
  • Microsoft Security Response Center (MSRC) (https://www.microsoft.com/en-us/msrc?rtc=1)
  • F-Secure (www.f-secure.com)
  • SANS (www.sans.org)

Summary

  • Network security is a complex and constantly changing field
  • You need three levels of knowledge:
    • Take courses to learn basic terminology and techniques
    • Be proactive in assessing risk and protecting the network
    • Stay on top of new threats and solutions

Key Concepts and Significance (quick reference)

  • CIA Triangle: confidentiality, integrity, availability—foundational goals of security
  • Least Privileges: restrict users to the minimum access needed to perform their functions
  • Perimeter vs Layered Security: perimeter focuses on boundary controls; layered (defense-in-depth) uses multiple overlapping controls
  • Proactive vs Reactive: proactive aims to prevent attacks; reactive detects and responds to incidents
  • Hybrid Security: combines multiple strategies for resilience
  • DoS vs DDoS: DoS targets availability by overwhelming a single source; DDoS uses many sources
  • SQL Injection and XSS: common web-app vulnerabilities that enable data breach or defacement
  • Doxing: social/identity threat, increasing relevance in the privacy vs safety debate
  • Legal frameworks: compliance and governance shape security practices (e.g., HIPAA for health data)