COMPUTER SECURITY

MODULE ONE

A security system is a set of mechanisms and techniques that protect a computer system, specifically the assets. They are protected against loss or harm including unauthorized access, unauthorized disclosure, and interference of information.
Assets can be categorized into:
Resources – instances of hardware, software, Communication channels, operating environment, documentation and people.
Data – File, databases, messages in transit etc.
A security attack is the act or attempt to exploit vulnerability in a system.

SECURITY GOALS

In order to meet basic business requirements organizations must Endeavor to achieve the following security goals.

Confidentiality – protect information value and preserve the confidentiality of sensitive data. Information should not disclosed without authority.

Integrity – Ensure the accuracy and reliability of the information stored on the computer systems. Information has integrity if it reflects some real world situation.

Availability – Ensure the continued availability of the information system and all its assets to legitimate users at an acceptable level of service or quality of service.

HAZARDS(Exposure) TO INFORMATION SECURITY

An exposure is a form of possible loss or harm. Examples of exposures include:
Unauthorized access resulting in a loss of computing time
Unauthorized disclosure – information revealed without authorization
Destruction especially with respect to hardware and software
Theft
Interference with system operation.

THREATS TO SECURITY

There are three keywords that come up in discussions of computer security issues: Vulnerabilities, threats and countermeasures.

Vulnerability - Is a point where a system is susceptible to attack. A weakness within the system that can potentially lead to loss or harm.

Threat – Is a possible danger to the system. (Could be a person), a thing (faulty piece of equipment), or an event (fire or flood) – Natural disasters
Circumstances that have potential to cause loss or harm / circumstances that have a potential to bring about exposures.

THREATS TO SECURITY

Human error
Disgruntled employees
Greedy employees who sell information for financial gain.
Outsider access – hackers, crackers, criminals, terrorists, consultants, ex-consultants, ex-employees, competitors, government agencies, spies,(industrial, military), disgruntled customers.
Acts of God/natural disasters – earthquakes, floods, hurricanes
Foreign intelligence
Accidents, Fires, Explosion
Equipment failure
Utility outage
Water leaks, toxic spills
Viruses – these are programmed threats


SECURITY CONTROLS

These include:
1.Administrative controls – they include:

 Policies – a mechanism for controlling security
 Administrative procedures – Ensure that users only do that which they have been authorized to do.
 Legal provisions – serve as security controls and discourage some form of physical threats
 Ethics

2. Logical security controls – Measures incorporated within the system to provide protection from adversaries who have already gained physical access.

3. Physical controls – Any mechanism that has a physical form e.g. lock ups

4. Environmental controls

PHYSICAL SECURITY

Physical access controls are designed to protect the organization from unauthorized access. They reduce exposure to theft or destruction of data and hardware. These controls should limit access to only those individuals authorized by management. This authorization may be explicit, as in a door lock for which management has authorized you to have a key; or implicit, as in a job description that implies a need to access sensitive reports and documents. Examples of some of the more common access controls are:

Bolting door locks – These locks require the traditional metal key to gain entry. The key should be stamped ‘Do not duplicate’

Combination door locks (cipher locks) – This system uses a numeric keypad or dial to gain entry. The combination should be changed at regular intervals or whenever an employee with access is transferred, fired or subject to disciplinary action. This reduces the risk of the combination being known by unauthorized people.

Electronic door locks – this system uses a magnetic or embedded chip – based plastic card key or token entered into a sensor reader to gain access. A special code internally stored in the card or token is read by the sensor device that then activates the door locking mechanism.

Biometric door locks – An individual’s unique body features, such as voice, retina, fingerprint or signature, activate these locks. This system is used in instances where extremely sensitive facilities must be protected such as in the military.

Manual logging – all visitors a should be required to sign a visitor’s log indicating their name, company represented, reason for visiting and person to see.

Identification badges – (Photo IDs) badges should be worn by all personnel. Visitor badges should be a different color from employee badges for easy identification.

Video cameras – cameras should be located at strategic points and monitored by security guards. Sophisticated cameras can be activated by motion. The video surveillance recording should be retained for possible future playback.

Security guards – guards are very useful if supplemented by video cameras and locked doors. Guards supplied by an external agency should be bonded to protect the organization from loss.

Controlled visitor access – all visitors should be escorted by a responsible employee. Visitors include friends, maintenance personnel, computer vendors, suppliers and external auditors.

Not advertising the location of sensitive data - Facilities such as the computer labs should not be visible or identifiable from the outside that has no windows or directional signs.

Computer terminal locks – these lock devices to the desk, prevent the computer from being turned on, or disengage keyboard recognition, preventing use.

Alarm system – an alarm system should be linked to inactive entry points, motion detectors and the reverse flow of enter or exit only doors. Security personnel should be able to hear the alarm when activated.

LOGICAL SECURITY

Logical Security consists of software safeguards for an organization’s systems, including user identification and password access, authentication, access rights and authority levels.
Logical access controls reduce exposure to unauthorized alteration and manipulation of data and programs. Exposures that exist from accidental or intentional exploitation of logical access control weaknesses include technical exposures and computer crime. Technical exposures:
This is the unauthorized (intentional) implementation or modification of data and software.

Technical exposures
 Data diddling – involves changing data before or as it is being entered into a computer.

 Trojan horses – involve hiding malicious, fraudulent code in unauthorized computer program. This hidden code will be executed whenever the authorized program is executed. A classic example is the Trojan horse in the payroll – calculating program that shaves a barely noticeable amount off each paycheck and credits it to the perpetrators’ account.

 Rounding down – involves drawing off small amounts of money from a computerized transaction or account and routing this amount to a perpetrators’ account.

 Salami techniques – involves the slicing of small amounts of money from a computerized transaction and are similar to the rounding down technique. The salami technique truncates the last few digits from the transaction amount so 234.39 become 234.30 or 234.00.

 Viruses – are malicious program codes inserted into other executable code that can self replicate and spread from computer to computer, via sharing of removable computer storage devices.

 Worms – are destructive programs that may destroy data or utilize tremendous computer and communication resources but do not replicate like viruses. Such programs do not change other programs, but can run independently and travel from machine to a machine across network connections. Worms may also have portions of themselves running on many different machines.

 Data leakage – involves siphoning or leaking information out of the computer. This can involve dumping files to paper or can be as simple as stealing computer reports and tapes.

 Wire tapping – involve eavesdropping on information being transmitted over telecommunications lines.

VIRUSES

Viruses are a significant and a very real logical access issue. The term virus is a generic term applied to a variety of malicious computer programs. Traditional viruses attach themselves to other executable code, infect the user’s computer, replicate themselves on the user’s hard disk and then damage data, hard disk or files. Viruses usually attack four parts of a computer:

 Executable program files
 File directory system that tracks the location of all the computer’s files
 Boot and system areas that are needed to start the computer
 Data files

Control over viruses

Computer viruses are a threat to computers of any type. Their effects can range from the annoying but harmless prank to damaged files and crashed networks. In todays’ environment, networks are the ideal way to propagate viruses through a system. The greatest risk is from electronic mail (email) attachments from friends and and / or anonymous people through the internet. There are two major ways to prevent and detect viruses that infect computers and network systems.

 Having sound policies and procedures in place
 Technical means, including anti – virus software

POLICIES AND PROCEDURES

Some of the policy and procedure controls that should be in place are:
1. Update virus software scanning definitions frequently
2. Have vendors run demonstrations on their machines, not yours.
3. Enforce a rule of not using shareware without scanning thoroughly for virus
4. Consider encrypting files and then decrypt them before execution

TECHNICAL MEANS

1. Technical methods of preventing viruses can be implemented through hardware and software means. The following are hardware tactics that can reduce the risk of infection:
2. Use boot virus protection(i.e. built-in firmware based virus protection)
3. Use remote booting
4. Use a hardware based password

Software is by far common anti – virus tool. Antivirus software should primarily be used as a preventative control. Unless, updated periodically, anti – virus software will not be an effective tool against viruses.

Examples of anti – virus programs:

• Kerspersky Antivirus
• Norton Antivirus
• Dr.Solomon Tools kit
• Avira

LOGICAL SECURITY FEATURES, TOOLS AND PROCEDURES

1. Logon – IDs and passwords

The logon – ID provides individual’s identification and each user gets a unique logon-ID that can be identified by the system.
Features of passwords
• A password should be easy to remember but difficult for a perpetrator to guess.
• If the wrong password is entered a predefined number of times, typically three, the logon – ID should be automatically and permanently deactivated (or at least a significant period of time)
• Passwords should be changed periodically.
• A password must be unique to an individual

2. Common setup and access rights

Access Rights and Authority Levels are the rights or power granted to users to create, change, delete or view data and files within a system or network. These rights vary from user to user, and can range from anonymous login (Guest) privileges to Superuser (root) privileges. Guest and Superuser accounts are the two extremes, as individual access rights can be denied or granted to each user. Usually, only the system administrator (a.k.a. the Superuser) has the ability to grant or deny these rights.

3. Token devices, one time passwords

A two factor authentication technique such as micro – processor controlled smart cards generates one-time passwords that are good for only one logon session. Users enter this password along with a password they have memorized to gain access to the system. This technique involves something you have (A device subject to theft) and something you know (a personal identification number). Such devices gain their one time password status because of a unique session characteristic (e.g. ID or time) appended to password.

4. Data classification

Computer files, like documents have varying degrees of sensitivity. By assigning classes or levels of sensitivity to computer files, management can establish guidelines for the level of access control that should be assigned. Classifications should be simple, such as high, medium and low. End user managers and the security administrator can use these classifications to assist with determining who should be able to access what.

5. Biometric security control

Biometrics authentication is the measuring of a user’s physiological or behavioral features to attempt to confirm his/her identity. Physiological aspects that are used include fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements. Behavioral aspects that are used include signature recognition, gait recognition, speaker recognition and typing pattern recognition. When a user registers with the system which he/she will attempt to access later, one or more of his/her physiological characteristics are obtained and processed by a numerical algorithm. This number is then entered into a database, and the features of the user attempting to match the stored features must match up to a certain error rate.