Module Eight: Introduction to Information Security (Notes)
Information is a term with many meanings depending on the context, but is as a rule closely related to such concepts as meaning, knowledge, instruction, communication, representation, and mental stimulus.
Security is about preventing adverse consequences from the intentional and unwarranted actions of others.
Security can be defined as the state of being free from danger.
Security (computers): Computer security is the effort to create a secure computing platform, designed so that agents (users or programs) can only perform actions that have been allowed.
If we put these two definitions together we can come up with a definition of information security
Measures adopted to prevent the unauthorized use, misuse, modification, or denial of use of knowledge, facts, data, or capabilities.
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
Security attack: Any action that compromises the security of information owned by an organization.
Security mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
Security service: A service that enhances the security of data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service
One useful classification of security services is the following (Security Goals)
Confidentiality: Ensures that the information in a computer system and transmitted information are accessible only for reading by authorized parties.
This type of access includes printing, displaying, and other forms of disclosure, including simply revealing the existence of an object.
Confidentiality prevents the disclosure of information to unauthorized individuals or systems.
The system attempts to enforce confidentiality by encrypting the sensitive information during transmission, by limiting the places where this information might appear (in databases, log files, backups, and so on), and by restricting access to the places where they are stored
Authentication: Ensures that the origin of a message or electronic document is correctly identified, with assurance that the identity is not false. Is the process by which you verify that someone is who they claim they are.
In computing, e-Business and information security it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine.
It is also important for authenticity to validate that both parties involved are who they claim they are.
Integrity: In information security, integrity means that data cannot be modified without authorization.
Modification includes writing, changing status, deleting, creating, and delaying or replaying of transmitted messages.
Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, and so on.
Non repudiation: In law, non-repudiation implies one's intention to fulfill their obligations to a contract.
It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.
Electronic commerce uses technology such as digital signatures and encryption to establish authenticity and non-repudiation.
Availability: Requires that computer system assets be available to authorized parties when needed.
For any information system to serve its purpose, the information must be available when it is needed.
This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly.
High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades.
General categories of attacks
a) Interruption: An asset of the system is destroyed or becomes unavailable or unusable.
This is an attack on availability. Example includes destruction of a piece of hardware, such as a hard disk, the cutting of a communication line, or the disabling of the file management system.
b) Interception: An unauthorized party gains access to an asset.
This is an attack on confidentiality. The unauthorized party could be a person, a program, or a computer. Examples include wiretapping to capture data in a network, and the illicit copying of files or programs.
Modification: An unauthorized party not only gain access to but tampers with an asset.
This is an attack on integrity. Examples include changing values in a data file, altering a program so that it performs differently, and modifying the content of messages being transmitted in a network.
Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. Examples include the insertion of spurious messages in a network or the addition of records to a file.
Passive Attacks:
Are in nature of eavesdropping on, or monitoring of transmissions. The goal of the opponent is to obtain information that is being transmitted. Passive attacks are very difficult to detect because they do not involve any alteration of data.
Active Attacks
This attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories
i. Masquerade
One node pretends to be another node. Tx is fooled into thinking that Rx has received message.
ii. Replay
Captures data and then retransmits to fool Tx into thinking the message was unauthorized.
iii. Modification of Message
The Tx message is intercepted, and modified to the intruders benefit – e.g. Funds Balances etc. Message is forwarded to intended Rx.
iv. Denial of Service
Inhibits or hinders data communications traffic, but targeting the management and communications facilities.
Access control
- Access to protected information must be restricted to people who are authorized to access the information.
- The computer programs, and in many cases the computers that process the information, must also be authorized.
- This requires that mechanisms be in place to control the access to protected information.
- The sophistication of the access control mechanisms should be in parity with the value of the information being protected the more sensitive or valuable the information the stronger the control mechanisms need to be.
- The foundation on which access control mechanisms are built start with identification and authentication.
Identification
Identification is an assertion of who someone is or what something is. If a person makes the statement "Hello, my name is Mohamed Dewa." he is making a claim of who he is. However, his claim may or may not be true.
Before Mohamed Dewa can be granted access to protected information it will be necessary to verify that the person claiming to be Mohamed Dewa really is Mohamed Dewa.
Authentication
- Authentication is the act of verifying a claim of identity.
- When Mohamed Dewa goes into a bank to make a withdrawal, he tells the bank teller he is Mohamed Dewa (a claim of identity). The bank teller asks to see a photo ID, so he hands the teller his driver's license.
- The bank teller checks the license to make sure it has Mohamed Dewa printed on it and compares the photograph on the license against the person claiming to be Mohamed Dewa.
- If the photo and name match the person, then the teller has authenticated that Mohamed Dewa is who he claimed to be.
There are three different types of information that can be used for authentication:
1. Something you know
2. Something you have, or
3. Something you are.
Examples of something you know include such things as a PIN, a password, or your mother's maiden name. Examples of something you have include a driver's license or any identity card.
Something you are refers to biometrics. Examples of biometrics include palm prints, finger prints, voice prints and retina (eye) scans.
Strong authentication requires providing information from two of the three different types of authentication information. For example, something you know plus something you have. On computer systems in use today, the Username is the most common form of identification and the Password is the most common form of authentication.
Authorization
After a person, program or computer has successfully been identified and authenticated then it must be determined what informational resources they are permitted to access and what actions they will be allowed to perform (run, view, create, delete, or change). This is called authorization.
What is a computer virus?
- Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation.
- A virus might corrupt or delete data on your computer, use your e-mail program to spread itself to other computers, or even erase everything on your hard disk.
- Computer viruses are similar to biological viruses in the way they multiply in number and in the way they need a host to survive.
- However, in both scenarios there must be a cause, such a weak immune system or an expired anti-virus program, in order for the virus to penetrate and spread.
- The way a computer virus infiltrates your PC depends on the type of virus it is. Because all computers viruses have their own features and factors that make them unique and dangerous to the health of your computer.
Types of viruses
Three basic types of computer viruses are
a) Trojan Horses
b) Worms
c) Email Viruses
a) Trojan Horses
A Trojan horse appears to be nothing more than an interesting computer program or file, such as "saxophone.wav file" on the computer of user who's interested in collecting sound samples but instead facilitates unauthorized access to the user’s computer system.
The Trojan virus once on your computer, doesn't reproduce, but instead makes your computer vulnerable to malicious intruders by allowing them to access and read your files.
Making this type of virus extremely dangerous to your computer's security and your personal privacy.
Therefore, you should avoid downloading programs or files from sites if you're not 100 percent positive of what the file or program does.
b) Worm
A Worm is a virus program that copies and multiplies itself by using computer networks and security flaws.
Worms are more complex than Trojan viruses, and usually attack multi-user systems such as Unix environments and can spread over corporate networks via the circulation of emails.
Once multiplied, the copied worms scan the network for further loopholes and flaws in the network. A classic example of a worm is the ILOVEYOU virus.
c) Email viruses
Email viruses use email messages to spread. An email virus can automatically forward itself to thousands of people, depending on whose email address it attacks.
To avoid receiving virus laden emails, always check that your antivirus software is up to date and also stay clear of opening attachments, even from friends that you weren't expecting or don't know anything about. Also, block unwanted email viruses by installing a spam filter and spam blocker.
Symptoms of a computer virus
- The following are some primary indicators that a computer may be infected:
- The computer runs slower than usual.
- The computer stops responding, or it locks up frequently.
- The computer crashes, and then it restarts every few minutes.
- The computer restarts on its own. Additionally, the computer does not run as usual.
- Applications on the computer do not work correctly.
- Disks or disk drives are inaccessible.
- You cannot print items correctly.
- You see unusual error messages.
- You see distorted menus and dialog boxes.
- There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension.
- An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted.
- An antivirus program cannot be installed on the computer, or the antivirus program will not run.
- New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs.
- Strange sounds or music plays from the speakers unexpectedly.
- A program disappears from the computer even though you did not intentionally remove the program.
Symptoms of worms and Trojan horse viruses in e-mail messages
- When a computer virus infects e-mail messages or infects other files on a computer, you may notice the following symptoms
- The infected file may make copies of itself. This behavior may use up all the free space on the hard disk.
- A copy of the infected file may be sent to all the addresses in an e-mail address list.
- The computer virus may reformat the hard disk. This behavior will delete files and programs.
- The computer virus may install hidden programs.
- The computer virus may reduce security. This could enable intruders to remotely access the computer or the network.
- You receive an e-mail message that has a strange attachment. When you open the attachment, dialog boxes appear, or a sudden degradation in system performance occurs.
- Someone tells you that they have recently received e-mail messages from you that contained attached files that you did not send. The files that are attached to the e-mail messages have extensions such as .exe, .bat, .scr, and .vbs extensions.
A computer virus infection may cause the following problems
- Windows does not start even though you have not made any system changes or even though you have not installed or removed any programs.
- There is frequent modem activity. If you have an external modem, you may notice the lights blinking frequently when the modem is not being used.
- Windows does not start because certain important system files are missing. Additionally, you receive an error message that lists the missing files.
- The computer sometimes starts as expected. However, at other times, the computer stops responding before the desktop icons and the taskbar appear.
- The computer runs very slowly. Additionally, the computer takes longer than expected to start.
- You receive out of memory error messages even though the computer has sufficient RAM.
- New programs are installed incorrectly.
- Windows spontaneously restarts unexpectedly.
- Programs that used to run stop responding frequently. Even if you remove and reinstall the programs, the issue continues to occur.
- A disk utility such as Scandisk reports multiple serious disk errors.
- A partition disappears.
- The computer always stops responding when you try to use Microsoft Office products.
- You cannot start Windows Task Manager.
- Antivirus software indicates that a computer virus is present.
How to protect your computer against viruses
- To protect your computer against viruses, follow these steps:
- On the computer, turn on the firewall. A firewall is software or hardware that checks information that comes from the internet or from a network. Then the firewall either blocks or passed through depends on your firewall settings.
- A firewall can help prevent malicious software (such as worms) from gaining access to your computer through a network or the internet.
How to turn on the firewall
Note: These steps are only for windows XP.
a) Click Start and then click Control Panel.
b) In the control panel, click Windows Security Center or Windows Firewall.
c) On the general tab, click On (recommended).
d) Click Ok.
Alternatively:
a) Select the START menu and then Control Panel.
b) Click your Network Connection Icon.
c) Right click your “Local Area Network” or wireless network
d) Select the Advanced tab Click Settings.
e) On the general tab, click On.
f) Click Ok.
- Keep the computer operating system up to date.
- Use updated antivirus software on the computer.
- Use updated antispyware software on the computer.
Password Management
Password is a secret word or combination of letters or numbers which is used for communicating with another person or with a computer to prove who you are.
Your password is a simple and effective way to control access to your confidential information.
Choosing a secure password and using it carefully will help ensure your personal information remains secure.
Password length and formation
Some policies suggest or impose requirements on what type of password a user can choose, such as:
> The use of both upper and lower case letters (case sensitivity)
> Inclusion of one or more numerical digits
> Inclusion of special characters
> Prohibition of words found in a dictionary or the user's personal information
> Prohibition of passwords that match the format of calendar dates, license plate numbers, or other common numbers.
Choice of password
- Try to choose a password that you will remember easily, but that will be hard for someone else to guess. For example, you can:
- Take the first letters of each word in a sentence about you and add numbers ("I'm going on vacation on April 27" becomes "Igovo427");
- Join a few words that make up a common phrase (e.g. milk1cow);
- Change the spelling of words (e.g. 120Usdno );
- Use the first letters or part of each word in an expression, song title or proverb ("Early to bed, early to rise" becomes "E2bede2r").
Here are a few more pointers to ensure that your password remains confidential.
- Never tell anyone your password, not even a family member or a person who claims to be a National Bank employee.
- Change your password regularly (at least once a month) so that it more difficult to discover. If you suspect that your password has been discovered, select a new one immediately.
- Use a different password for each of your applications. Don’t use the same password as the one you use to access your computer at work.
- Don’t use a password that contains a portion of your bank access codes (Client Card, credit card, PIN).
- If possible, do not write your password down. If you absolutely have to, write it in such a way that only you will be able to recognize it, and keep it in a safe place.
- Don’t save your password on your computer.
> Never sharing a computer account
> Never using the same password for more than one account
> Never communicating a password by telephone, e-mail or instant messaging
> Changing passwords whenever there is suspicion they may have been compromised
> Operating system password and application passwords are different
> Password should be alpha-numeric.
> Make passwords completely random but easy for you to remember
Changing your password
- When you change your password, please keep the following tips in mind:
- Try to choose one you haven’t used yet and don’t use the same password more than twice in the same year;
- Don’t just choose two passwords and alternate between them;
- Choose a secure password.
Post a Comment