Course Code :

BISF 1104

Course Description:
Installation and Customization
Lesson 7a : Computer Security

Lecturer Name: Eric G Kariuki

Email: ekariuki@kcau.ac.ke
Tel: 0721487915
 Course Code :
BSD 1106

Course Description:
Installation and Customization
Lesson 4 : Computer Security
Lecturer Name: Eric G Kariuki
Email: ekariuki@kca.ac.ke
Tel: 0721487915
Computer and Network
Security Requirements
 Confidentiality
 Requires information in a computer system only be
accessible for reading by authorized parties
 Integrity
 Assets can be modified by authorized parties only
 Availability
 Assets be available to authorized parties
 Authenticity
 Requires that a computer system be able to verify the
identity of a user
Types of Threats
 Interruption
 An asset of the system is destroyed of becomes
unavailable or unusable
 Attack on availability
 Destruction of hardware
 Cutting of a communication line
 Disabling the file management system
Types of Threats
 Interception
 An unauthorized party gains access to an asset
 Attack on confidentiality
 Wiretapping to capture data in a network
 Illicit copying of files or programs
Types of Threats
 Modification
 An unauthorized party not only gains
access but tampers with an asset
 Attack on integrity
 Changing values in a data file
 Altering a program so that it performs
differently
 Modifying the content of messages being
transmitted in a network
Types of Threats
 Fabrication
 An unauthorized party inserts counterfeit objects
into the system
 Attack on authenticity
 Insertion of spurious messages in a network
 Addition of records to a file
Computer System Assets
 Hardware
 Threats include accidental and deliberate damage
 Software
 Threats include deletion, alteration, damage
 Backups of the most recent versions can maintain
high availability
Computer System Assets
 Data
 Involves files
 Security concerns fro availability, secrecy, and
integrity
 Statistical analysis can lead to determination of
individual information which threatens privacy
Computer System Assets
 Communication Lines and Networks –
Passive Attacks
 Release of message contents for a telephone
conversion, an electronic mail message, and a
transferred file are subject to these threats
 Traffic analysis
 encryption masks the contents of what is transferred
so even if obtained by someone, they would be unable
to extract information
Computer System Assets
 Communication Lines and Networks – Active
Attacks
 Masquerade takes place when one entity pretends to
be a different entity
 Replay involves the passive capture of a data unit and
its subsequent retransmission to produce an
unauthorized effect
 Modification of messages means that some portion of
a legitimate message is altered, or that messages are
delayed or reordered, to produce an unauthorized
effect
Computer System Assets
 Communication Lines and Networks – Active
Attacks
 Modification of messages means that some
portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce
an unauthorized effect
 Denial of service prevents or inhibits the normal
use or management of communications facilities
 Disable network or overload it with messages
User-Oriented Access Control
 Log on
 Requires both a user identifier (ID) and a
password
 System only allows users to log on if the ID is
known to the system and password associated
with the ID is correct
 Users can reveal their password to others either
intentionally or accidentally
 Hackers are skillful at guessing passwords
 ID/password file can be obtained
Data-Oriented Access Control
 Associated with each user, there can be a
user profile that specifies permissible
operations and file accesses
 Operating system enforces these rules
 Database management system controls
access to specific records or portions of
records
Access Matrix
 Subject
 An entity capable of accessing objects
 Object
 Anything to which access is controlled
 Access rights
 The way in which an object is accessed by a
subject
Malicious Programs
 Those that need a host program
 Fragments of programs that cannot exist
independently of some application program, utility,
or system program
 Independent
 Self-contained programs that can be scheduled
and run by the operating system
Trapdoor
 Entry point into a program that allows
someone who is aware of trapdoor to gain
access
 used by programmers to debug and test
programs
 Avoids necessary setup and authentication
 Method to activate program if something wrong
with authentication procedure
Logic Bomb
 Code embedded in a legitimate program that
is set to “explode” when certain conditions
are met
 Presence or absence of certain files
 Particular day of the week
 Particular user running application
Trojan Horse
 Useful program that contains hidden code
that when invoked performs some unwanted
or harmful function
 Can be used to accomplish functions
indirectly that an unauthorized user could not
accomplish directly
 User may set file permission so everyone has
Viruses
 Program that can “infect” other programs by
modifying them
 Modification includes copy of virus program
 The infected program can infect other programs
 A computer virus is a computer program that can
copy itself and infect a computer without the
permission or knowledge of the owner.
 One of the first detected virus was the Creeper
virus in the early 70’s
 Before computer networks became widespread,
most viruses spread on removable media,
particularly floppy disk.
Worms
 Use network connections to spread form
system to system
 Electronic mail facility
 A worm mails a copy of itself to other systems
 Remote execution capability
 A worm executes a copy of itself on another system
 Remote log-in capability
 A worm logs on to a remote system as a user and
then uses commands to copy itself from one system to
the other
Zombie
 Program that secretly takes over another
Internet-attached computer
 It uses that computer to launch attacks that
are difficult to trace to the zombie’s creator
Virus Stages
 Dormant phase
 Virus is idle
 Propagation phase
 Virus places an identical copy of itself into other
programs or into certain system areas on the disk
Virus Stages
 Triggering phase
 Virus is activated to perform the function for which
it was intended
 Caused by a variety of system events
 Execution phase
 Function is performed
Types of Viruses
 Parasitic
 Attaches itself to executable files and replicates
 When the infected program is executed, it looks
for other executables to infect
 Memory-resident
 Lodges in main memory as part of a resident
system program
 Once in memory, it infects every program that
executes
Types of Viruses
 Boot sector
 Infects boot record
 Spreads when system is booted from the disk
containing the virus
 Stealth
 Designed to hide itself form detection by antivirus
software
 May use compression
Types of Viruses
 Polymorphic
 Mutates with every infection, making detection by
the “signature” of the virus impossible
 Mutation engine creates a random encryption key
to encrypt the remainder of the virus
 The key is stored with the virus
Macro Viruses
 Platform independent
 Most infect Microsoft Word
 Infect document, not executable portions of
code
 Easily spread
Macro Viruses
 A macro is an executable program embedded in
a word processing document or other type of file
 Autoexecuting macros in Word
 Autoexecute
 Executes when Word is started
 Automacro
 Executes when defined event occurs such as opening or
closing a document
 Command macro
 Executed when user invokes a command (e.g., File Save)
Antivirus Approaches
 Detection
 Identification
 Removal
E-mail Virus
 Activated when recipient opens the e-mail
attachment
 Activated by open an e-mail that contains the
virus
 Uses Visual Basic scripting language
 Propagates itself to all of the e-mail
addresses known to the infected host
Signs Your Computer is
Infected
 Functions slower than
normal
 Responds slowly and
freezes often
 Restarts itself often
 See uncommon error
messages, distorted
menus, and dialog boxes
 Notice applications fail to
work correctly
 Fail to print correctly
 First half of the 70'Late 60,s, early 70,s- "Rabbits" cloned
themselves occupied system resources, slowing down the productivity.
 -"The Creeper" capable of entering a network by itself and transferring a
copy of itself to the system.
 Early 80,s-Increasing number of programs written by individuals not by
software companies. Programs caused miner viruses called "Trojan horses".
 1986'Brain virus' - by Amjad and Basit Farooq Alvi.
- spread through floppy disks,
- infected boot records and not computer hard drives
 Lahore, Pakistani Brain, Brain-A and UIUC virus
-took over free space on the floppy disk and hid from detection
”disguised itself by displaying the uninfected boot sector on the disk.”
 1987-Lehigh virus
- the first memory resident file infector that attacked executable files and
took control when a file was opened

 The Jerusalem Virus

-had bugs that re-infected programs that were already infected
 1988: Robert Morris made a worm that invaded ARPANET computers
- disabled 6,000 computers on the network by overflowing their memory banks
with copies of itself
 1991: Norton Anti-Virus software

 1999: "Melissa" virus

-infected thousands of computers very fast by sending copies of itself to 50

names in the address book on Outlook e-mail
- Led to an estimated $80 million in damage and record sales of anti-virus
products.
 2000: "I Love You" virus

-was sent by email and infected 10 % of computers in only one day

-created by a young Filipino computer student who did not get punished
because then the Philippines had no laws against hacking which led to the
European Union's global Cybercrime Treaty.
 2001: "Nimda" virus (days after 9/11)

-had 5 ways of infecting systems

 2004
 MyDoom spreads through emails and file-sharing software faster
than any previous virus or worm.
 Allows hackers to access the hard drive of the infected computer.
 An estimated one million computers running Windows are
affected by the fast-spreading Sasser computer worm.
 The worm does not cause irreparable harm to computers or data, but
it does slow computers and cause some to quit or reboot without
explanation.
 2006
 Discovery of the first-ever malware trojan horse for Mac OS X
 2008
 Torpig is a Trojan horse which affects Windows, turning off anti-
virus applications.
 It allows others to access the computer, modifies data, steals
confidential information and installs malware on the victim's
computer.
 2009
 Conficker infects anywhere from 9 to 15 million Microsoft server
systems.
 French air force, Royal Navy warships and submarines, Sheffield
Hospital network, UK Ministry of Defence, German Bundeswehr
and Norwegian Police were all affected.
Total Number of Viruses by year
January 1985 1
January 1985 1
January 1987 3
January 1989 6
January 1990 142
January 1991 357
January 1992 1,161
January 1993 2,482
January 1994 3,687
January 1995 5,626
January 1996 7,764
January 1997 11,037
January 1998 16,726
January 1999 40,850
January 2000 44,000
January 2001 48,000
January 2002 55,000
January 2003 62,000
Melissa
 Another virus that fired up the media was Melissa, a Word macro
virus.
 When people received the host Word document via email and
opened it, the virus sent a copy of itself to the first 50 people in the
victim's address book.
 Named after a topless dancer in Florida, the Melissa virus crashed
the email servers of corporations and governments in different
spots around the world.
 The Computer Emergency Response Team, set up after Robert
Morris mucked up the Internet with his worm in 1988, estimated that
the virus hit 100,000 computers in its first weekend.
 David L. Smith posted the infected file to an alt.sex usenet group
using a stolen AOL account. Initially he entered a plea of
innocence, but after being confronted with a maximum sentence of
40 years in prison, he eventually pled guilty and received a much-
reduced sentence.
Love You, Love Bug
 By almost any measure, the so-called Love Bug was the most
damaging and costly virus ever. I don't know who comes up
with these whack figures, but according to Reuters the bug
cost the world $15 billion in lost productivity.

 The Love Bug spread far faster than Melissa. Unlike Melissa,
it would mail itself to everyone in your Outlook address book
-- most of whom would probably be delighted to read about
how you love them -- not just the first fifty. Moreover, it would
gobble up certain media files stored on your hard drive.
Did you know?
 One German newspaper
tragically lost 2,000
pictures from its archive.
 The perpetrator turned out
to be a 23-year-old Filipino
computer science student
who more or less
plagiarized all of his code.
 The lack of laws in the
Philippines covering
computer crimes, he pretty
much got away with his
crime.
Prevention
 Upload and use antivirus
software
 Be aware of the e-mails
and attachments you
open
 Check for updates on
antivirus software
regularly
 Make sure antivirus
software is installed
correctly
Questions