Computer Security and Ethical Hacking - Introduction

Deadlines

Group CW Report Submission: November $14$ , $2025$ .
Feedback Date (Group CW): December $5$ , $2025$ .
Lab Test: December $10$ , $2025$ .
Feedback Date (Lab Test): December $30$ , $2025$ .

Note: All assessment materials must be submitted via the Turnitin link. Detailed instructions will be provided at the appropriate time.

Learning Objectives for this Lecture

This lecture aims to discuss:

Computer security concepts, particularly the CIA triad.
Vulnerabilities, Threats, and Attacks, and Countermeasures.
Malware, Viruses, and different Types of Attacks.
Security issues, Security implementation, and relevant Standards.
Overall reflections on key security terms and concepts.

Definition of Computer Security: The CIA Triad

Computer security is fundamentally based on three core objectives for data, information, and computing services, often referred to as the CIA triad.
While the CIA triad is well-established, two additional components are necessary for a complete understanding of security, as illustrated in Fig. 1.

Fig. 1 CIA concepts (Conceptual Diagram)

Security Components Explained

$1.$ Confidentiality

Definition: The act of preserving authorized restrictions on information access and disclosure, including safeguarding personal privacy and proprietary information.
Loss of Confidentiality: Occurs through the unauthorized disclosure of information.

$2.$ Integrity

Definition: Guarding against improper information modification or destruction. This includes ensuring information non-repudiation and authenticity.
Loss of Integrity: Results from the unauthorized modification or destruction of information.

$3.$ Availability

Definition: Ensuring timely and reliable access to and use of information.
Loss of Availability: Characterized by the disruption of access to or use of information or an information system.

$4.$ Authenticity

Definition: The property of being genuine and verifiable. It means building confidence in the validity of a transmission, a message, or its originator.
Practical Application: Verifying that users are who they claim to be and that system inputs originate from a trusted source.

$5.$ Accountability

Definition: A security goal that requires the actions of an entity to be uniquely traceable to that entity.
Purpose: Supports crucial security functions such as non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and aids in after-action recovery and legal proceedings.

Vulnerabilities, Threats, and Attacks

Categories of Vulnerabilities

Corrupted: Indicates a loss of integrity.
Leaky: Indicates a loss of confidentiality.
Unavailable or Very Slow: Indicates a loss of availability.

Threats

Definition: Entities or situations capable of exploiting vulnerabilities.
Nature: Represent potential security harm to an asset.

Attacks

Definition: Carried out threats.
Types:
- Passive Attacks: Attempts to learn or make use of information from a system without affecting system resources.
- Active Attacks: Attempts to alter system resources or affect their operation.
- Insider Attacks: Initiated by an entity located inside the security perimeter.
- Outsider Attacks: Initiated from outside the security perimeter.

Threats - Disclosure, Alteration, and Denial (DAD)

Disclosure (Unauthorized Access):
- Snooping: Covertly observing communications.
- Passive Wiretapping: Eavesdropping on data transmissions.
Deception (Acceptance of False Data):
- Active Wiretapping: Modifying data in transit.
- Man-in-the-Middle Attack: Intercepting and relaying communications to impersonate parties.
- Masquerading or Spoofing: Impersonating another entity.
- Repudiation of Origin: Denying having sent a message.
- Denial of Receipt: Denying having received a message.
Disruption (Prevention of Correct Operation):
- Delay: Introducing latency.
- Infinite Delay $\rightarrow$ Denial of Service (DoS): Causing services to become completely unavailable.
Usurpation (Unauthorized Control): Gaining unauthorized control over a part of a system.

Threats Consequences

Unauthorized Disclosure: Directly impacts confidentiality.
Deception: Primarily impacts system integrity or data integrity.
Disruption: Primarily impacts availability or system integrity.
Usurpation: Primarily impacts system integrity.

Specific Types of Attacks

Denial of Service (DoS): Overwhelming a system with traffic or requests to make it unavailable.
Buffer Overflows: Exploiting errors in system programs by inserting malicious code into a program's buffer, potentially allowing arbitrary code execution.
Malware: Malicious software designed to cause harm.
Brute Force: Systematically trying all possible passwords until the correct one is found.
Port Scanning: Probing a server or host for open ports to identify active services and potential vulnerabilities. To mitigate, disable unnecessary services and close unused ports.
Network Mapping: Discovering the topology and hosts on a network.

Passive vs. Active Attacks (Revisited)

Passive Attack:
- Goal: To learn or make use of information without altering system resources.
- Methods: Eavesdropping or monitoring transmissions.
- Types:
  - Release of message contents.
  - Traffic analysis (observing patterns).
Active Attack:
- Goal: To alter system resources or affect their operation.
- Methods: Modifying data streams or creating false streams.
- Categories:
  - Replay attacks.
  - Masquerade attacks.
  - Modification of messages.
  - Denial of Service (DoS).

Countermeasures

Definition: Any means taken to deal with a security attack.
Primary Goals:
- Prevent: Stop attacks from succeeding.
- Detect: Identify attacks that are occurring or have occurred.
- Recover: Restore systems and data after an attack.
Considerations:
- Countermeasures themselves can introduce new vulnerabilities.
- Residual vulnerabilities may remain even after implementing countermeasures.
- The ultimate goal is to minimize the residual level of risk to assets.

Types of Malware

Viruses: Malicious code that attaches itself to programs, disks, or memory to propagate.
Worms: Self-replicating programs that install copies of themselves on other machines across a network, often by exploiting credentials.
Trojan Horses: Programs that appear to be legitimate utilities but contain hidden malicious functions, convincing users to install them.
Spyware: Software designed to collect personal information without the user's knowledge.
Hoax: Malicious messages or programs that spread by exploiting user emotions (e.g., fake alerts or chain letters).
Trap Door (Backdoor): An undocumented entry point, often inserted for debugging, that can be exploited for unauthorized access.
Logic Bomb: Malicious instructions embedded in software that trigger when specific conditions or events occur in the future.
Zombie: A compromised computer (often part of a botnet) containing malicious instructions that can be remotely triggered to launch attacks, making it appear the attacks originate from other victims.

Types of Viruses

Boot Sector Virus: Infects the boot sector of storage devices.
Macro Virus: Written in a macro language and embedded in documents (e.g., Word, Excel).
Email Malware: Spread through email attachments or links.
Web Site Malware (JavaScripts): Malicious code embedded in websites, often using scripting languages like JavaScript.

Security Issues

Goals: The overarching objectives of security efforts are Prevention, Detection, and Recovery.
Assurance: Involves providing confidence that security mechanisms work as intended. Requires detailed specifications, design analysis (hardware/software), and proofs or arguments that implementation, operating procedures, and maintenance are effective.
Operational Issues: Balancing the benefits of protection with the cost of designing, implementing, and using security mechanisms.
Risk Analysis: Assessing the likelihood of potential threats and their potential impact.
Laws: Legal frameworks dictate security practices (e.g., historical restrictions on cryptography export from the USA until $2000$ , prohibition of system administrators reading user files without permission).
Customs: Societal norms and practices can impact security (e.g., using DNA samples for authentication, or SSN as passwords).
Organizational Priorities: Security often becomes a priority only after a significant incident occurs.
People Problems (Insider Attacks): A significant threat originating from within an organization.

Security Implementation

Prevention

Ideal Scenario: No attack is successful.
Practicality: While not always achievable, prevention is a reasonable goal for many threats (e.g., using secure encryption algorithms and protecting encryption keys to prevent confidentiality attacks).

Detection

Necessity: When absolute protection is not feasible, detecting attacks becomes crucial.
Examples:
- Intrusion Detection Systems: Identify unauthorized users logged onto a system.
- Denial of Service (DoS) Attack Detection: Identify when communication or processing resources are being consumed to block legitimate users.

Response

Action: If security mechanisms detect an ongoing attack, the system should be able to respond to halt the attack and prevent further damage (e.g., shutting down compromised services).

Recovery

Restoration: After an attack, mechanisms must allow for recovery.
Example: Using backup systems to reload a prior, correct copy of data if data integrity is compromised.

Standards for Computer Security

Various organizations develop standards covering management practices and the architecture of security mechanisms and services.

National Institute of Standards and Technology (NIST)
- Role: A U.S. federal agency focused on measurement science, standards, and technology.
- Purpose: Supports U.S. government use of technology and promotes private sector innovation.
Internet Society (ISOC)
- Role: A professional membership society providing leadership on Internet's future issues.
- Purpose: Houses groups responsible for Internet infrastructure standards.
International Telecommunication Union (ITU-T)
- Role: A United Nations agency.
- Purpose: Governments and the private sector coordinate global telecom networks and services.
International Organization of Standardization (ISO)
- Role: A nongovernmental organization.
- Purpose: Facilitates international agreements published as International Standards.

Overall Reflections on Key Security Concepts

Vulnerability: A weakness that allows an attacker to reduce a system's information assurance. It is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and the attacker's capability to exploit it. Exploiting a vulnerability requires at least one applicable tool or technique that can connect to the system weakness.
Vulnerability Management: A cyclical practice involving identifying, classifying, remediating, and mitigating vulnerabilities.
Backdoors: A method of bypassing normal authentication to gain remote access to a computer, obtain plaintext, or perform other unauthorized actions while attempting to remain undetected. Backdoors can be installed programs (e.g., Back Orifice) or modifications to existing programs/hardware, and may fake system resource usage information.
Eavesdropping: The act of surreptitiously listening to a private conversation, typically between hosts on a network. Examples include FBI/NSA tools like Carnivore and NarusInsight used for monitoring ISP systems.
Spoofing of User Identity: A situation where a person or program successfully masquerades as another by falsifying data, gaining an illegitimate advantage.
Tampering: Intentional modification of products in a way that makes them harmful to the consumer.
Repudiation: A situation where the authenticity of a signature or an action is challenged or denied.
Information Disclosure (Privacy Breach or Data Leak): A situation where information, intended to be secure, is released into an untrusted environment.
Exploits: A piece of software, data, or sequence of commands that takes advantage of a software vulnerability to cause unintended or unanticipated behavior on a computer system.