INFORMATION TECHNOLOGIES (BİLGİ TEKNOLOJİLERİ) - (İNGİLİZCE) - Chapter 5: Computer Security Özeti :
PAYLAŞ:Chapter 5: Computer Security
COMPUTER SECURITY
Modern digital computer is one of the most influential invention in the twentieth century. Proliferation of digital computers and keeping information in digital form has been increasing tremendously. We are using them for many different purposes including sharing photos, applying a job for a company, taking online exams, reading news, operating factories and many more. Computer security has been employed in applications in which sensitive information and privacy is important. The systems, which are implemented through electronic devices, are increasingly becoming the primary targets of attacks since they carry sensitive organizational data, user information that should be kept confidential.
Fundamental terms:
Security: It is a degree of protection of computer hardware and software from intentional or unintentional changes, uses, spoofing, spread of information over unauthorized people.
Reliability: It describes the ability of a system to maintain its function under a given set of conditions for a certain period of time.
Adversary: Any person, group or force that may intentionally infringe on the integrity, confidentiality and availability of information.
Security rules: Necessary regulations to keep the computer secure from malicious attacks.
Security breach: It is a software or hardware failure or incompleteness which could result in a breach of access in computer security
If we consider the relationship between the adversary and the security components of the system, the aim of the security mechanism is to identify and prevent a class of security vulnerabilities when a particular threat model is taken into account. The task of identifying and resolving all threat models and vulnerabilities is never ending process. Therefore, for every new and emerging threat, the system security policy should be continuously improved and the security gaps of the system should be closed so that the attacker cannot access the system.
If we take into account the relationship between the adversary and the security components of the system, the security mechanism aims to define and prevent possible security breaches when a particular threat model is considered. Defining and resolving all threat models and vulnerabilities is a never ending process. For this reason, for every new and emerging threat, the system security policy must be continually improved and the security gaps of the system must be closed and thus the attacker is prevented from reaching the system.
FUNDAMENTAL CONCEPTS OF COMPUTER SECURITY
The principle concepts form the foundation, which is almost all security infrastructures are designed and implemented no matter which hardware platform, software, operating system or application will use to be protected. In order to keep a system secure, fundamental terms and key tools are explained in this section
Let’s start with the basic terms. The meaning of security is the state of being protected of digital information against malicious or accidental threats. In information technology, there are three principle goals of security: (1) confidentiality, (2) integrity, and (3) availability of information. They define fundamental security services in a computer security.
In addition to those three important goals, non-repudiation is also important. Let us briefly recall these four basic security concepts given in the definition of system security.
Confidentiality is the prevention of the disclosure of information to unauthorized persons. The information should be kept secret among persons who authorized to access, no one else can access it.
Integrity is the prevention of the modification of information by unauthorized persons. Integrity service provides correctness and completeness of information as well as the forestalling of unauthorized alteration of information in computers.
Availability is the prevention of unauthorized detention of information or resources. Information and all the assets of the system must be accessible to the users whenever they needed.
Non-repudiation defines a service that provides proof of the integrity and the origin of data. The main purpose of non-repudiation service is to make sure that the recipient cannot deny that the message was delivered after the message was sent.
In order to ensure the security of a system, correctly defining the level and type of security and identifying relevant mechanisms is utmost important. Thus, security is mainly based on the assumptions. It is significantly important what kind of assumptions you make for your system to determine the level and type of security during trustworthiness analysis of a system.
MODERN CRYPTOGRAPHY
Modern cryptography involves several different algorithms that are used to transform a readable message into an encrypted (unreadable) form called ciphertext. Cryptography is the study of techniques and mechanisms used to communicate and/or store information or data privately and securely in the presence of malicious third parties called attackers.
Two important key terms in cryptography is encryption and decryption. Encryption: It is a conversion of data into a ciphertext, which is unreadable and cannot be understood by any means of unauthorized people. Decryption is the reverse transformation of encryption process and it applies the similar steps but employs the key bits in reverse order.
There are mainly two categories of cryptographic algorithms, symmetric and public key (asymmetric) cryptographic algorithms.
Symmetric Key Cryptography
Symmetric cryptography uses only one shared key. Sender and receiver agree on a key and encrypts and decrypts the messages using this key, respectively. The same key is used to encrypt and decrypt the data. In symmetric key cryptography, secure key distribution is required between the sender and the receiver. There are different types of symmetric key cryptography. It is mainly classified as block ciphers and stream cipher. A stream cipher generally adds the plaintext digits with a pseudorandom cipher stream that is called key stream. Some important stream ciphers are RC4, A5/1, SALSA20. A block cipher gets a block of bits and applies an encryption transformation to blocks. They are faster algorithms than public key cryptographic algorithms. For block ciphers, sender requires securely transferring the key to the receivers. The most popular block ciphers are Data Encryption Standard (DES), Triple DES (3DES), and Advanced Encryption Standard (AES).
Asymmetric Key Cryptography
Asymmetric Key Cryptography also known as public key cryptography requires two different keys, private key that is only known by the owner and public key that is delivered anyone freely. Data encrypted by the private key can only be decrypted by its public key counterpart. In public key cryptography, there is no key distribution problem since public key can be accessible to everyone. For this reason, public key cryptography do not require any secure communication channel to send or receive ciphertext.
Digital Signature
Digital signature is used for marking and signing an electronic document. Digital signature helps system to establish authenticity, integrity and non-repudiation. In digital world, signing a document securely is a must in many applications to make sure that the document is originated from the sender. Digital signatures are also used to ensure that the person who signs the document cannot later refuse having done so.
IDENTIFICATION, AUTHENTICATION AND AUTHORIZATION
Only legitimate users have to be granted to access to the resources available in a computer. Identification and authentication will prevent non-legitimate users to be granted for an access.
Identification is the process of claiming user, group or system’s identity. Providing a username to the computer security control mechanism is an example of identification process. Authentication is the process of how one proves that they are who they claim that they are. Almost all user access control systems require a password. Providing the password for a particular username is the authentication part. One must prove that he/she is really that person by entering the correct password. After a person is identified and authenticated to the system, the next step is to determine what this person is allowed to do on the computer system. Authorization is responsible which resources this person can access.
Considering the identification and authentication process, there are critically important key concepts in security such as spams, phishing and spoofing. Spams are known as unsolicited bulk e-mail messages. Any e-mail messages which is regardless of the content that is unrequested by the user is considered as a spam. Phishing is a specialized type of spam that attempts to trick you to get the confidential information. Spoofing is the forgery of an email header so that the message seems to be sent from someone or somewhere other than the original source. Spoofing attempts to trick you to think the e-mail has a legitimate source.
Most of the time simple actions listed below are enough to overcome those threats.
- Never give your confidential information in a website which is linked from an email.
- Never click a web site links asking to download a free software from an email
- Install a strong and updated antivirus software.
RISK MANAGEMENT
Risk management involves assessing, prioritizing, analyzing and accepting risks or addressing the risks to guarantee individuals or organizations accomplish their goals at a minimal cost before potential risks can happen.
In risk analysis, there some fundamental key terms like asset, threat, vulnerability and risk. Asset can be considered what it is aimed to be protected from malicious events or attacks. Threat can be considered what it is aimed to be protected against. Vulnerability is defined as a weakness point in the protection efforts that is provided in the system. Risk is the intersection of assets, threats, and vulnerabilities.
Risk = Assets x Threats x Vulnerabilities
Considering this equation, risk can also be defined as a function of threats utilizing vulnerabilities in the system to obtain, modify, damage or destroy the available assets of the system.
Security Risk Analysis
In risk analysis, the first step is to determine all the assets to be protected from malicious attacks in a given system. it is also important to identify how much cost in terms of time, effort and money is required to secure these assets. In order to understand what the potential risks for the assets of the system are, it is required to correctly assess the threats which are possible to attack the system using the potential vulnerabilities in the system.
After completing the risk assessment, all possible risks that are mostly far more than one can possibly address or defend against should be listed. Then, security analyst rank these risks in a way that deciding which is mitigated, which is insured against, and which is simply accepted. Most commonly deciding which risks to address and which risks to accept is done by means of a cost-benefit analysis.
Security and Cost Analysis
The cost of the security system is also need to be evaluated. This phase is called risk assessment. Costbenefit calculation needs a way of accurately identifying the security costs.
Cost-benefit analysis requires four basic processes:
- For each possible loss, corresponding cost must be assigned.
- It is required to determine the costs for defending against them.
- The probability that the loss will occur should also be identified.
- Finally, it is determined if the cost of defending against the risk outweighs the benefit or not.
Best practices can be considered as “rule of thumb” to implement security measures to defense the computer. Because of the problem that there is no one set of best practices which is suitable to all users and systems, it is highly recommended that users and systems use a combination of risk analysis and best practices.
SOFTWARE AND HARDWARE SECURITY
Both software and hardware parts of the system play important role in securing the computer. Hardware is the name given to the whole host and peripheral components that make up the physical and electronic infrastructure of the computer. Software is a set of instructions that run on these hardware components and tells each hardware units what to do.
There are malicious software programs that can be infected to a computer such as Viruses, worms, spyware, Trojan horses. Some of them are really dangerous for the computer that might cause a data or identity loss or even worse.
Today, viruses have influenced the computers more and more by the spread of the internet. The most dangerous and relatively easy to spread viruses are network based viruses, named as worms. Worms are malicious software designed to automatically copy itself from one computer to another, which can consume high bandwidth on the local drive or on the network, affecting the speed of the computer and/or causing the computer to crash.
Spywares are malicious software programs that sends important personal information of the user and the actions taken by the user on the computer to the malicious persons without the knowledge of the user.
Trojan horses can be considered as a kind of spyware. Trojan horses may not have visible damages on the system. The most obvious thing that Trojan horses do on a computer is to open a TCP or UDP port, which allows another malicious entity to reach the entire system through these ports.
Prevention against such malicious softwrae involves installing an up-to-date antivirus program. Importantly, it is required to delete all the attachments that come from emails where their sources are not known or suspected.
In securing computer, securing hardware components also plays a significant role since the hardware architecture of a computer may have security vulnerabilities.
Hardware Trojan can be any malicious changes made on a circuit at possibly any phase of the design and production life cycle. Recently, Trojans have been concerned by both semiconductor design and fabrication facilities, international organizations and governments because many companies and countries are involved in the design, fabrication and testing of silicon chips. One of the entities in the design and fabrication process may insert such a circuitry in the hardware leading an attacker to gain access to the system when certain triggering mechanisms are provided.
KEY STEPS TO AVOID SECURITY THREATS IN COMPUTERS
To protect a computer-based system from malicious software,
- Install the latest updates of the programs on the computer;
- Check the entries of users entering the system and change your password policy so that strong password usage is required;
- Monitor incoming traffic to your computer and intercept unauthorized system access;
- Control remote access to the system and use a strong access infrastructure,
- Install powerful security software that includes your computer’s versatile and security wall,
- Do not open e-mails from whom you do not know,
- Make sure to back up the important data to another memory.
Computer security policy should include methods to detect and protect the misuse of the software and hardware. It is highly recommended to limit access to the computer and confidential information about the users. It is also suggested to keep unauthorized people physically away from the critical hardware components. Strong authentication is a must in a computer security. Thus, it is very important to use multifactor authentication. It is important to investigate anomalous activities on the computer and take necessary action when something malicious happened.