Introduction to Computer and Network Security

1

By: Msc. Karwan M. Kareem2015 - 2016

© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016

Chapter 1: Introduction to Computer and Network Security

Faculty of Physical and Basic EducationComputer Science

Topics

1945

1964


2

History of Computer SecurityWhat is security?Why is information technology security important?Who would want to break into my computer at home?Goals of computer security (security principles)Scope of Computer SecurityComputer security concepts Type of SecurityFamous hackers Hacking and Why do hacker hack? What are some common attacks?

Network Attacks • Packet sniffing tools

Web attacks OS, application and software attacks Social Engineering

Password attack or password crackingComputer security issues Ways to protect computer

History of Computer Security

Rearfinds Navy She l “deb

1945

dmiral Grace Murray Hoppera moth among the relays of acomputer and calls it a “bug.”

ater creates theugging.”

term

1964

AT&T starts monitoring toll calls tocatch “phone freaks,” or “phreakers,”who obtain free phone calls by the use of tone-producing “blue boxes.” The monitoring ends in 1970, resulting in

200 convictions.


3

John Draper, A.K.A. “CaptainCrunch,” discovers that

free phone callscan be made with the use of a blue box and a plastic toy whistle that comes in Cap’nCrunch cereal boxes. The whistle

1972

2600-hertzduplicatesatone to unlock AT&T’snetwork.

phone

1979The first computer “worm” is createdat “ Xerox’s Palo Alto Research Center".The program is meant to make computers more efficient, but later hackers modify worms into computer viruses that destroy or alter data.



4

1983 contactus for vaccination

Fred Cohen, a UniversityofSouthern California doctoral

1986student, comes up

“computerwith term

virus.”

The first PC virus, “the Brain,”is created. The Brain, howeveris not destructive, and the creators included their contactinformationwith it.

1987The Alameda,Cascade, Jerusalem, Lehigh,and Miami viruses are created.



5

1988 A worm is uploaded to ARPANET (AdvancedResearch Projects Agency Network), the ancestor of the Internet, disabling about

6,000 computersby replicating itself and filling their memory banks. Robert Morris, who created and unleashed the virus out of boredom, received

XX

three years’ probation and a $10,000 penalty.

The firstself-modifying viruses are created.1990



6

Concept, the first Microsoft Word-basedvirus, spreads worldwide using macro commands. The virus is spread by

1995opening an infected Word document.

1998

2000“Solar Sunrise” occurs when hackers

500take control of overgovernment, military, and privatecomputer systems. Authorities eventually learn that two California teenagers coordinated the attacks.

Hackers use computersat the University of California-Santa Barbara tocrash Amazon, Yahoo, eBay,and other websites byflooding their sites with trac.



7

2001

$2 billion in damageThe Code Red worm causes

by infecting Microsoft Windows NT and Windows 2000 serversoftware. The virus attempts to use all infected computers to

attack the White House website simultaneously,but the worm’s code is deciphered in time and the attack is blocked.

2005 Users of computers infected with PoisonIvy findtheir computers remotely controlled via the virus.The remote access trojan is used to attack not onlypersonal computers, but chemical and defensecompanies as well.



8

2006

Between 469,000 and 1 millioncomputers are infected by the Nyxem virus,which overwrites files on the third of every month. The virus is spread by email attachmentsand targets files with extensionssuch as .doc, .xls, .ppt, .zip, .pdf, etc.

2007

The Storm Worm virus (actuallya trojan) issent to unsuspectingwith headlines about disaster. Within three

individuals via emailsa recent European daysof its release the

8% of all infections.virus accounts for



9

2008

* * *The Koobface virus spreads through email and socialnetworking sites like Facebook. Once infected, acomputer sends its users ads for phony software.

Money is exchanged but products are never delivered.

2009

The Conficker (a.k.a Downadup or Kido) worm, best known for

stealing financial data and passwords, infect millionsof computers. The complexity and infection rate leads to the assembly of an alliance of experts just to stop the complex virus.



10

2010Stuxnet, a virus created for industrial andeconomic attacks, is discovered. The worm targets systems used to run nuclear power plants and water facilities and is so large andcomplex, estimates suggest it was developedby the U.S. or Israeli governments and

took more than 10 years to develop.

The Ramnit virus is used to steal over2011 45,000 passwords and accounts

on Facebook. The virus attaches itself toa legitimate file, infects a computer, and runs an invisible browser to connect witha hacker.

********



11

2012

The Heartbleed bug takes advantage ofa flaw in the OpenSSL security software library in order to access passwords, encrypted communications, and other sensitive data. Millions of secure servers are exposed to the virus, which in turna ects billions of people.

Between Nov. 27 - Dec. 15, the

personal data of 70million F B customers

2013

is stolen when hackers gain access to Targets’servers. Target discovers the breach on Dec. 13,the event is leaked on Dec. 18, and Target publicly announces it the next day.

********



12

2014

One dozen Russian hackers steal more than

1.2 billion matching passwords and usernames, and over 500 million email address.The heist is accomplished using viruses to test and exploit vulnerabilities in websites’ SQL code.

*******



13


What is security?

Computer Security

Computer security is the process of preventing and detecting unauthorized use ofyour computer.

Prevention measures help you to stop unauthorized users (also known as"intruders") from accessing any part of your computer system.

Detection helps you to determine whether or not someone attempted to breakinto your system, if they were successful, and what they may have done.

Data Security

Data security is the practice of keeping data protected from corruption andUnauthorized access. The focus behind data security is to ensure privacy whileprotecting personal or corporate data.

Information technology security

Information technology security is the process of protecting computers, networks,programs and data from unintended or unauthorized access, change or destruction.

14


Why is information technology security important?

Why should I care about computer security?

We use computers for everything from banking and investing to shopping andcommunicating with others through email or chat programs.

Governments, military, corporations, financial institutions, hospitals and otherbusinesses collect, process and store a great deal of confidential information oncomputers.

Transmit that data across networks to other computers.

With the growing volume and sophistication of computer and network attacks.

ongoing attention is required to protect sensitive business and personalinformation, as well as safeguard national security.

During a Senate hearing in March 2013, the nation's top intelligence officialswarned that information technology attacks and digital spying are the top threat tonational security, eclipsing terrorism.

15


Who would want to break into my computer at home?

Who would want to break into my computer at home?

Intruders (also referred to as hackers, attackers, or crackers)may not care about your identity.

they want to gain control of your computer so they canuse it to launch attacks on other computer systems.

Having control of your computer gives them the ability tohide their true location as they launch attacks.

Even if you have a computer connected to the Internetonly to play the latest games or to send email to friends andfamily, your computer may be a target.

Intruders may be able to watch all your actions on the computer, or cause damage toyour computer by reformatting your hard drive or changing your data.

16


Goals of computer security (security principles)

Coals of Computer security (security principles)

Integrity المعلوماتصحةمنالتأكد

Assurance that the information is authentic and complete.Integrity is the principle of protecting information againstimproper modification.

Confidentiality المعلوماتسريّة

The information must just be accessible to the authorized people.Confidentiality is the principle of protecting information from disclosure tounauthorized entities.Access control, and cryptographic encryption of data over a network or on astorage device are common techniques for achieving confidentiality.

Availability المعلوماتتوفر

Assurance that the systems responsible for delivering, storing and processinginformation are accessible when needed, by those who need them.

Reliability Computers should work without having unexpected problemsAuthentication Guarantee that only authorized persons can access to the resources

17


Scope of Computer Security

Scope of computer security

18


Computer security concepts


Passive Attack attempts to learn or make use

of information from the system

but does not affect system

resources.

Two types of passive attacks are:• Release of message contents • Traffic analysis.

Active AttackModification of the data streamor the creation of a false stream

Four types of active attacks• Masquerade• Replay• Modification of messages• Denial of service.

19



Computer security conceptsComputer security risk

A computer security risk is any event or action that could cause a loss of ordamage to computer hardware, software, data, information, or processingcapability.

Computer crimeAny illegal act involving a computer generally is referred to as a computer crime.

Cracker A cracker is someone with extensive computer knowledge who accesses acomputer or network illegally , someone whose purpose is to destroy data, stealinformation, or other malicious actionThe general view is that, while hackers build things, crackers break things.

Cyber terroristA cyber terrorist is someone who uses the Internet or network to destroy ordamage computers for political reasons.

RootkitA rootkit is a program that hides in a computer and allows someone from aremote location to take full control of the computer.

20


Type of Security

Types of Security Network SecuritySystem and software securityPhysical Security

Network security Network security refers to any activities designed to protect your network.Specifically, these activities protect the usability, reliability, integrity, and safety ofyour network and data.Effective network security targets a variety of threats and stops them fromentering or spreading on your network.

Physical security Physical security is the protection of personnel, hardware, programs, networks,and data from physical circumstances and events that could cause serious losses ordamage to data. This includes protectionFrom fire, natural disasters,burglary, theft, vandalism,and terrorism.

21

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=GLbvF2axTDXcJM&tbnid=o6NurP4J8Q3DCM:&ved=0CAUQjRw&url=http://www.diycontrols.com/t-Sensaphone-Applications-Data-Center.aspx&ei=gIeXU5HmJ-Kt0QX47YGgBg&bvm=bv.68693194,d.d2k&psig=AFQjCNHyHrXPWY5fq1CGuBtwzQAWpJD2Ew&ust=1402525757343854

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=GLbvF2axTDXcJM&tbnid=o6NurP4J8Q3DCM:&ved=0CAUQjRw&url=http://www.diycontrols.com/t-Sensaphone-Applications-Data-Center.aspx&ei=gIeXU5HmJ-Kt0QX47YGgBg&bvm=bv.68693194,d.d2k&psig=AFQjCNHyHrXPWY5fq1CGuBtwzQAWpJD2Ew&ust=1402525757343854


Type of computer hackers

Hacker In the computer security context, a hacker is someone who seeks and exploitsweaknesses in a computer system or computer network. “a clever programmer“.

Hackers may be motivated by a multitude of reasons, such as profit, protest,challenge or enjoyment.

Type of computer hackers

white hat hacker The term "white hat" refers to an ethical computer hacker, or a computersecurity expert, who specializes in hack testing to ensure the security of anorganization's information systems.White hat hacker breaks security for non-malicious reasons, perhaps to test theirown security system .

Black hat hacker Black hat hacker known as crackers or dark-side hackers. someone violatingcomputer or Internet security maliciously or for illegal personal gain.

Gray hat hacker A gray hat hacker is a combination of a black hat and a white hat hacker.

22


Famous hackers

Some of most famous hackers Kevin Mitnick

An American computer securityconsultant, Kevin David Mitnick is oneof the most notorious hackers of the20th century. He got involved in several computerand communications-related crimes andeven became one of the most wantedcomputer criminals in the United States. At a very young age of 12, KevinMitnick begun to use his socialengineering skills to circumvent thepunch card system used in Los Angelesbuses.

Kevin Poulsen

A news editor at Wired.com,Kevin Lee Poulsen is a formerhacker. He hacked the telephone lines ofthe Los Angeles-based radiostation KIIS-FM. After he was released fromprison, he decided to leave thecomputer programming world andbecome a journalist to distancehimself from his criminal past.

23


Famous hackers

Mike Calce

Michael Demon Calce, alsoknown as the MafiaBoy ofcyberspace, was a high schoolapprentice at West Island. He got involved in a series ofpublicized denial-of-service attacksagainst some of the largestcommercial websites, includingYahoo!, eBay, CNN, Amazon.comand Dell, Inc.

Chad Davis

An American hacker who isamong the most notoriouscybercriminals of the 20th century. He founded Global Hell, andauthored the hacking of thewebsites of some of the largestorganizations and corporations inthe United states. He was the man behind thevandalism of the homepage of TheWhite House and the US Army witha message saying “Global Hell willnot die.”

24


Hacking and Why do hacker hack?

Why do Hackers hack? For things. Yes, breaking into a computer is great forgetting information.

For fun. Hacking is a game to prove how smart youare. The more defenses, anti-virus, anti-spyware andfirewalls you can destroy the smarter you are.

Hacking to steal. Another reason to hack a system isto steal information or money.

For vengeance. Destroy enemy’s computer networkduring the war

For guilt.

For nothing. Sometimes, you hack without meaningtoo. Or you join a gang to see what it's like. Before youknow it, you're hooked. Don't do it.

Hacking The Process of attempting to gain or successfully gaining, unauthorized access to computer resources is called Hacking “obtaining access to a computer system

without authority”.

25


What are some common attacks?

What are some common attacks?

Network Attacks• Packet sniffing• man-in-the-middle• DNS hacking

Web attacks• Phishing• SQL Injection• Cross Site Scripting

OS, applications and software attacks• Virus• Trojan• Worms • Rootkits• Buffer Overflow

Not all hackers are evil wrongdoers trying to steal your infoEthical Hackers, Consultants, Penetration testers, Researchers

Need to know NetworkingWeb ProgrammingOperating SystemsProgramming languages and compilers

Social Engineering(NOT social networking)

26


Network Attacks

Network Attacks

Packet Sniffing

Internet traffic consists of data “packets”, and these can be “sniffed”

Leads to other attacks such aspassword sniffing, cookie stealing session hijacking, information stealing

Man in the Middle

Insert a router in the path between client and server, and change the packets as they pass through

DNS hijacking

Insert malicious routes into DNS tables to send traffic for genuine sites to malicious sites

27


Packet sniffing tools

Wireshark

Wireshark is one of the network packetanalyzer. A network packet analyzer will try tocapture network packets and tries to display thatpacket data as detailed as possible.

Attacker can use Wireshark toanalyze network packets, passwordsniffing, cookie stealing, sessionhijacking and information stealing.

You could think of anetwork packet analyzer asa measuring device used toexamine what’s going oninside a networkcable

28



Wifislax

Wifislax is a Slackware-based Linux distribution designed for wireless hackingand forensics.

It contains a large number of security and forensics tools, which transformsit into a pentesting (penetration testing).

29

It can run as a live CDor installed in yourlaptop saving personalsettings.

By default, the bootoptions are in Spanish,which is not surprising,considering that thedevelopers are fromSpain..


Web attacks

Web attacks

PhishingAn evil website pretends to be a trusted website.Example:

You type, by mistake, “mibank.com” instead of “mybank.com”mibank.com designs the site to look like mybank.com so the user types in their info as usualBAD! Now an evil person has your info!

SQL Injection• Malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).• Used to attack data-driven applications. • Can be used to attack any type of SQL database.

Cross Site ScriptingWriting a complex JavaScript program that steals data left by other sites that you have visited in same browsing session.

Need to knowWeb Programming JavaScript SQL or PlSQL

30



Acunetix

Acunetix Vulnerability Scanner automaticallycrawls and scans custom-built websites and webapplications for SQL Injection, XSS, XXE, SSRF, HostHeader Attacks & over 500 other webvulnerabilities..

Acunetix Vulnerability Scanner ableto scan and test any application, nomatter what web technology it’swritten in.. Like php, asp, jsp, ajax,Jqery, java script and so on ..

Acunetix able to detect SQLInjection, XSS and over 500other types of web applicationvulnerabilities..

31

Acunetix provides reportshelp developers to quicklyidentify a web application’sthreat surface, detect whatneeds to be fixed..


OS, application and software attacks

OS, applications and software attacks Computer Virus

• Definition- Computer program “Piece of code” that automatically reproduces itself.- It’s attached to other programs or files, but requires user intervention to propagate.

• Background- There are estimated 30,000 computer viruses in existence-Over 300 new ones are created each month-Today almost 87% of all viruses are spread through the internet

• Infection (targets/carriers)- Executable files- Boot sectors- Documents (macros), scripts (web pages), etc.

• Propagationis made by the user. The mechanisms are storage elements, mails, downloaded files or shared folders

Need to know Computer Architecture programming

Viruses can increase theirchances of spreading to othercomputers by infecting files on anetwork file system or a filesystem that is accessed byanother computer..

32



Computer Virus

• Symptoms of Virus Attack- Computer runs slower then usual- Computer no longer boots up- Screen sometimes flicker- PC speaker beeps periodically- System crashes for no reason- Files/directories sometimes disappear-Denial of Service (DOS)

• Typical things that some current personal computer viruses do

- Display a message.

- Erase files

- Scramble data on a hard disk

- Cause erratic screen behavior

- Halt the PC

- Many viruses do nothing obvious at all except spread!

33



Halabjay

Halabjay Virus is an Kurdish malware which isdeveloped by kurd-intruder to test and analyzecomputer virus behaviors..

It’s attached to other programs orfiles, but requires user intervention topropagate..

Halabjay virus able to controlhardware parts like cd driver,USB, mouse and keyboard..

34

Halabjay virus able tocontrol logical part of thecomputer such as operatingsystem and computerapplications ..



Worm• Definition

-Piece of code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous).

• Infection-Via buffer overflow, file sharing, configuration errors and other vulnerabilities.

• Target selection algorithm-Email addresses, DNS, IP, network neighborhood

• Payload- Malicious programs-Backdoor, DDoS agent, etc.

• Anatomy of Worms - Attack Mechanism- Payload- New target selection

35



Worm

• Harmful effects of Worms-A worm uses a compromised system to spread through email, file sharing networks, instant messenger, online chats and unprotected network shares.- Infects files, corrupts installed applications and damages the entire system.- Steals or discloses sensitive personal information, Valuable documents, passwords, etc.- The worm installs a backdoor or drops other dangerous parasite.- Connection speed & System performance.

• Type of worms- Conficker Worm- Email and Instant Message Worms- Internet Worms (Morris Worm)- IRC Worms- File-Sharing Network Worms- Slapper Worm

36



Trojans • A Trojan horse or Trojan, is a destructive program that masquerades as an application.

- The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer.-Trojans are also known to create a backdoor on your computer that gives malicious users access to your system.- Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.- Some well known Trojans: Net-bus, Girl friend, Back orrifice,Flooder, Vundo Trojan etc.

• Types of Trojans- Remote access Trojans- Password sending Trojans- Key _loggers- Destructive- Denial of service(DOS) Attack Trojans- Mail-Bomb Trojans- Proxy-Wingate Trojans- FTP Trojans- Software Detection Trojans

37



Trojans

• What Trojans can do?

Use of the machine as part of a Botnet (e.g. to perform automated spamming or to distribute Denial-of-service.)Uninstallation of software, including third-party router drivers.Downloading or uploading of files on the network hdd.Watching the user’s screen.Spreading other malware? Such as viruses. In this case? The Trojan horse is called a dropper or vector.Modification or deletion of files.Data theft(e.g. retrieving username or postal code information)Erasing or overwriting data on a computer.Encrypting files in a crypto viral extortion attack.Crashing the computer.Corrupting files in a subtle way.Setting up networks of zombie computers in order to launch Dodos attacks or send spam.

38

Online mobile spy Spy to mobile...

All the information from the cell phone is sent to your accountover the Internet. If you'd like to track a cell phone in real time,be sure it has an active Internet connection.

When you sign in, you'll be able to check the phone's incomingand outgoing SMS messages, call history, contact list, currentlocation and previous tracks.

39© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016


you'll be able to check the phone's incoming and outgoing SMS messages..



you'll be able to check the phone's call history..


you'll be able to check the contact list..


you'll be able to check the current location like accuracy, speed, altitude and previous tracks..




Social Engineering

Social Engineering• Definition

- Manipulating a person or persons to detect and steal confidential data and information.- It is a way for criminals to gain access to information systems. The purpose of social engineering is usually to secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information.

• What are they looking for ?

- Obtaining simple information such as your pet's name, where you're from, the places you've visited; information that you'd give out freely to your friends.- Some have a 'secret question' you have to answer, if you cannot remember your username or password. The questions seem pretty tough for an outsider looking into trying to hack into your account.

What's the name of your first pet? What is your maiden name? When was your mother/father born? Where were you born?

43


Password attack or password cracking

Password cracking Password cracking is the process of guessing or recovering apassword from stored locations or from data transmission system. It is used to get a password for unauthorized access or to recover aforgotten password. In penetration “hack” testing, it is used to check the security of anapplication. Password cracking methods are Guessing, Dictionary attacks andRainbow Tables.

• Guessing Find or guess a user’s identifier (Find user ids)Get encrypted or hashed passwords or password files Encrypt or hash the trial passwords See if there is a match

• Rainbow Tables Uses a large number of hashed passwords without having a dictionary. Innovative algorithm, that can find passwords fast!

e.g. 14 character alphanumeric passwords are found in about 4-10 minutes of computing using a 1GB rainbow table

Need to know- Data structures- Algorithms- Cryptography

44


Computer security issues

Computer Security Issues

Vulnerability is a point where a system is susceptible to attack " is a mistake in hardware or software that can be directly used by a hacker to gain access to a system or network”.

Vulnerabilities can lead to: - Unauthorized access ( attacker can login, read files, and make changes to the system).- Denial of service against host ( attacker can crash the system, disable services, etc..).- Denial of services against network ( attacker can disrupt routing, flood the network, etc..).

A threat is a possible danger to the system. The danger might be a person (a system cracker or a spy), a thing (a faulty piece of equipment), or an event (a fire or a flood) that might exploit a vulnerability of the system.

Countermeasures are techniques for protecting your system. means used to deal with security attacks like prevent, detectand recover. The relationship among threats, controls, and vulnerabilities: A threat is blocked by control of a vulnerability.

45


Ways to protect computer


Get the latest Anti-Virus Software.

Update the virus database in your anti-virus program regularly

(each month or by the direction of the manufacturer).

Not to open any unknown source downloads. To prevent attacks.

Be sure do a full back up of your system on a regular basis. A backup file is a

copy of a file which is kept in case anything happens to the ..

original file. Back-up systems often use: Grandfather – Father – Son

principal.

Use file-level and share-level security.

Use a Host-Based Firewall as well as Personal firewall software that

analyzes and controls incoming/outgoing packets: A personal firewall is

an application which controls network traffic to and from a computer,

permitting or denying communications. E.g. BlackICE™ PC Protection.

46



Download files only from trusted sites

Remember to do a virus scan for them after peripheral devices are connected to

your computer.

Use disk encryption: There are many third-party products available that will

allow you to encrypt an entire disk. Examples include PGP Whole Disk

Encryption and Drive Crypt.

Make use of a public key infrastructure: A PKI enables users to securely and

privately exchange data through the use of a public and a private cryptographic key

pair that is obtained and shared through a trusted authority.

Hide data with steganography: You can use a steganography program to hide

data inside other data.

Software safeguards include giving users:

A user identity and a password.

Some unique physical trait (biometrics)

47



Some game cracks and key gens can contain Trojans so beware.

Avoid downloading attachments with the suffix .exe on the end. These are

executable files, which are often used to send viruses, worms and Trojan horses.

Don't open unknown attachments in emails or do a virus scan after opening

them.

Use a Mal-ware and Ad-ware Scanner.

Don't allow your web browser to automatically run programs, such as MS Word

or other programs through its e-mail program. Configure your browser to launch

WordPad or Notepad instead.

Configure your web browsers to disable ActiveX, Java, and Javascript.

A personal firewall should be run on any system that is not behind a corporate

firewall. This should be done on any computer that connects to the internet.

48



Encryption for your calls: RedPhone : makes private communication simple. Free, world-wide, end-to-end encryption for your calls, securing your conversations so that nobody can listen in.

RedPhone uses your normal phone number to make and receive calls, soyou don't need yet another identifier.

49

All RedPhone calls are free,including long distance andinternational.

Free and Open Source,enabling anyone to verifyits security by auditingthe code.

RedPhone calls are encrypted end-to-end.


END

END…Any questions..?

Hope you have been happyThank you

By: Msc. Karwan M. Kareem2015 - 2016

50

Technology

Introduction to Computer and Network Security