COMPUTER SECURITY

What is computer security?

Computer Security is the process of preventing and detecting unauthorized use of your
computer.

It involves the process of safeguarding against intruders from using your computer
resources for malicious intents or for their own gains (or even gaining access to them
accidentally).

The field covers all the processes and mechanisms by which computer-based equipment,
information and services are protected from unintended or unauthorized access, change
or destruction.
Computer security also includes protection from unplanned events and natural disasters.
 Why Is Computer and Network Security Important?
o To protect company assets
o To gain a competitive advantage
o To comply with regulatory requirements and judiciary responsibilities
o To keep your job

Security Threats
Data and resources are the assets that require protection. So what type of damage could
be inflicted on these assets, and who is likely to be responsible?
Accidental threats
Intentional threats

Intentional threats- By definition these are attacks with a purpose. That purpose may
simply be to look at sensitive data.

Types of Attacks
1. Internal Attacks (Attacks can be made either from within a system)
2. External Attacks (from outside the system)
Internal Attacks
a. Front Door Attacks – using this method, a hacker will attempt to gain access to secure
information within the network by repeatedly trying every possible combination to bypass
security checks such as passwords and identity verification.

b. Trapdoor attacks (Back door attacks) – Using this method, a hacker will search out less
secure applications which might allow him entry to more secure areas or give him the
opportunity to look at important information.

c. Buffer Overflow attacks – A buffer is a temporary area for data. When a buffer becomes full
it will overflow into another buffer. This can cause problems as it will corrupt or over write
the data already in that buffer. Hacker can launch buffer overflow attacks with data that
contains instructions to corrupt a system .

d. Trojan horse attacks – s a type of malware that downloads onto a computer disguised as a
legitimate program. The delivery method typically sees an attacker use social engineering to
hide malicious code within legitimate software to try and gain users' system access with their
software.
External Attacks
a. Spoofing (masquerade)
b. Man-in-the-middle
a. Denial-of –service
b. Mail flood – by flooding a server with a procession of emails, a traffic jam can be caused, and this can often
result in the server crashing.
c. Data Flooding – is similar to mail flooding except that the hacker will either cause a great volume of
information to flood the server or he might send a lot of ping packets to the server.
d. Worm (see notes on MALWARE)
 CYBERCRIMES
 Involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief.
 Cybercrime encompasses a broad range of illegal activities. it can be generally divided into five categories:

1.Intrusive Offences
• Illegal Access: “Hacking” is one of the major forms of offences that refers to unlawful access to a computer system.

• Data Espionage: Offenders can intercept communications between users (such as emails) by targeting communication
infrastructure such as fixed lines or wireless, and any Internet service (e.g., e-mail servers, chat or VoIP
communications).

• Data Interference: Offenders can violate the integrity of data and interfere with them by deleting, suppressing, or
altering data and restricting access to them.

2. Content-related offences
Pornographic Material (Child-Pornography): Sexually related content was among the first content to be commercially
distributed over the Internet.
Racism, Hate Speech, Glorification of Violence: Radical groups use mass communication systems such as the
Internet to spread propaganda.

Religious Offences: A growing number of websites present material that is in some countries covered by provisions
related to religious offences, e.g., anti-religious written statements.

Spam: Offenders send out millions of e-mails to users, often containing advertisements for products and services.

3. Copyright and trademark-related offences

Common copyright offences: cyber piracy, software piracy, piracy of music or movies.

Trademark violations: A well-known aspect of global trade. The most serious offences include phishing and domain
or name-related offences, such as cybersquatting.

4. Computer-related offences
Fraud: online auction fraud, advance fee fraud, credit card fraud, Internet banking.

Forgery: manipulation of digital documents.

Identity theft: It refers to stealing private information including Social Security Numbers (SSN), passport numbers,
Date of birth, addresses, phone numbers, and passwords for nonfinancial and financial accounts.
5. Combination offences:
Cyberterrorism: The main purposes of it are propaganda, information gathering, preparation of real-world attacks,
publication of training material, communication, terrorist financing and attacks against critical infrastructure.

Cyberwarfare: It describes the use of ICTs in conducting warfare using the Internet.
Cyber laundering: Conducting crime through the use of virtual currencies, online casinos and etc.

Other Related Attacks

Arson
Primarily affects system availability. Arson is the willful and generally malicious burning or starting of fires. Malicious fires
caused by bombs and incendiary devices could result in damage or destruction of system hardware and loss of data.

Data Entry Errors or Omissions

Could significantly impact data integrity, and to a lesser extent data availability. Data entry errors and omissions are
mistakes in keying or oversight to key data, which could affect system resources and the safeguards that are protecting
other system resources.