Topics
1945
1964
2
 History of Computer Security
What is security?
Why is information technology security important?
Who would want to break into my computer at home?
Goals of computer security (security principles)
Scope of Computer Security
Computer security concepts
Type of Security
Famous hackers
Hacking and Why do hacker hack?
What are some common attacks?
 Network Attacks
• Packet sniffing tools
 Web attacks
 OS, application and software attacks
 Social Engineering
Password attack or password cracking
Computer security issues
Ways to protect computer

History of Computer Security
 Rear
finds
Navy
She l
“deb
1945
dmiral Grace Murray Hopper
a moth among the relays of a
computer and calls it a “bug.”
atercreatesthe
ugging.”
term
1964
 AT&T starts monitoring toll calls to
catch “phonefreaks,” or “phreakers,”
who obtain free phone calls by the use
of tone-producing “blue boxes.” The
monitoringends in 1970, resulting in
200 convictions.
3

 John Draper, A.K.A. “Captain
Crunch,” discovers that
free phone calls
can be made with the use of a
blue box and a plastic toy
whistle that comes in Cap’n
Crunch cereal boxes. The whistle
1972
2600-hertzduplicatesa
tone to unlock AT&T’s
network.
phone
1979
The first computer “worm” is created
at “Xerox’s Palo Alto Research Center".
The program is meant to make
computersmore efficient, but later
hackers modify worms into computer
viruses that destroy or alter data.
4

1983 contact
us for
vaccination
 Fred Cohen, a Universityof
Southern California doctoral
1986student, comes up
“computer
with term
virus.”
The first PC virus, “the Brain,”
is created. The Brain, however
is not destructive, and the
creators included their contact
informationwith it.
1987The Alameda,
Cascade,
Jerusalem, Lehigh,
and Miami viruses
are created.
5

1988
 Aworm is uploaded to ARPANET (Advanced
Research Projects Agency Network), the
ancestor of the Internet, disabling about
6,000 computers
by replicating itself and filling their memory
banks. Robert Morris, who created and
unleashed the virus out of boredom, received
X
X
three years’ probation and a $10,000 penalty.
 The first
self-modifying
viruses are created.
1990
6

 Concept, the first Microsoft Word-based
virus, spreads worldwideusing macro
commands. The virus is spread by
1995
opening an infected Word document.
1998
2000“Solar Sunrise” occurs when hackers
500take control of over
government, military, and private
computer systems. Authorities
eventually learn that two California
teenagers coordinated the attacks.
Hackers use computers
at the University of
California-Santa Barbara to
crash Amazon,Yahoo, eBay,
and other websites by
flooding their sites with tra
c.
7

2001
$2 billion in damageThe Code Red wormcauses
by infecting Microsoft Windows NT and Windows2000 server
software. The virus attempts to use all infected computersto
attack the White House website simultaneously,
but the worm’s code is deciphered in time and the attack is blocked.
2005  Users of computers infected with PoisonIvy find
their computers remotely controlled via the virus.
The remote access trojan is used to attack not only
personal computers, but chemicaland defense
companies as well.
8

2006
Between 469,000 and 1 million
computers are infected by the Nyxem virus,
which overwrites files on the third of every
month. The virus is spread by email attachments
and targets files with extensions
such as .doc, .xls, .ppt, .zip, .pdf, etc.
2007
The Storm Worm virus (actuallya trojan) is
sent to unsuspecting
with headlines about
disaster. Within three
individuals via emails
a recent European days
of its release the
8% of all infections.virus accounts for
9

2008
* * *
The Koobface virus spreads through email and social
networking sites like Facebook. Once infected, a
computer sends its users ads for phony software.
Money is exchanged but
products are never delivered.
2009
The Conficker (a.k.a Downadup or Kido) worm, best known for
stealing financial data and passwords, infect millions
of computers. The complexity and infection rate leads to the
assembly of an alliance of experts just to stop the complex virus.
10

2010Stuxnet, a virus created for industrial and
economic attacks,is discovered. The worm
targets systems used to run nuclear power
plants and water facilities and is so large and
complex, estimates suggest it was developed
by the U.S. or Israeli governments and
took more than 10 years to develop.
The Ramnit virus is used to steal over
2011 45,000 passwords and accounts
on Facebook. The virus attaches itself to
a legitimate file, infects a computer, and
runs an invisible browser to connect with
a hacker.
********
11

2012
The Heartbleed bug takes advantage of
a flaw in the OpenSSL security software
library in order to access passwords,
encrypted communications, and other
sensitive data. Millions of secure servers
are exposed to the virus, which in turn
a ects billions of people.
Between Nov. 27 - Dec. 15, the
personal data of 70
million FB customers
2013
is stolen when hackers gain access to Targets’
servers. Target discovers the breach on Dec. 13,
the event is leaked on Dec. 18, and Target publicly
announces it the next day.
********
12

2014
One dozen Russian hackers steal more than
1.2 billion matching passwords
and usernames, and over 500
million email address.
The heist is accomplished using viruses to test and
exploit vulnerabilities in websites’ SQL code.
*******
13

What is security?
 Computer Security
 Computer security is the process of preventing and detecting unauthorized use of
your computer.
Prevention measures help you to stop unauthorized users (also known as
"intruders") from accessing any part of your computer system.
Detection helps you to determine whether or not someone attempted to break
into your system, if they were successful, and what they may have done.
 Data Security
 Data security is the practice of keeping data protected from corruption and
Unauthorized access. The focus behind data security is to ensure privacy while
protecting personal or corporate data.
 Information technology security
Information technology security is the process of protecting computers, networks,
programs and data from unintended or unauthorized access, change or destruction.
14

Why is information technology security important?
 Why should I care about computer security?
We use computers for everything from banking and investing to shopping and
communicating with others through email or chat programs.
Governments, military, corporations, financial institutions, hospitals and other
businesses collect, process and store a great deal of confidential information on
computers.
 Transmit that data across networks to other computers.
 With the growing volume and sophistication of computer and network attacks.
ongoing attention is required to protect sensitive business and personal
information, as well as safeguard national security.
During a Senate hearing in March 2013, the nation's top intelligence officials
warned that information technology attacks and digital spying are the top threat to
national security, eclipsing terrorism.
15

Who would want to break into my computer at home?
 Who would want to break into my computer at home?
 Intruders (also referred to as hackers, attackers, or crackers)
may not care about your identity.
 they want to gain control of your computer so they can
use it to launch attacks on other computer systems.
 Having control of your computer gives them the ability to
hide their true location as they launch attacks.
 Even if you have a computer connected to the Internet
only to play the latest games or to send email to friends and
family, your computer may be a target.
 Intruders may be able to watch all your actions on the computer, or cause damage to
your computer by reformatting your hard drive or changing your data.
16

Goals of computer security (security principles)
 Coals of Computer security (security principles)
Integrity ‫التأكد‬‫من‬‫صحة‬‫المعلومات‬
 Assurance that the information is authentic and complete.
Integrity is the principle of protecting information against
improper modification.
Confidentiality ‫ّة‬‫ي‬‫سر‬‫المعلومات‬
 The information must just be accessible to the authorized people.
Confidentiality is the principle of protecting information from disclosure to
unauthorized entities.
Access control, and cryptographic encryption of data over a network or on a
storage device are common techniques for achieving confidentiality.
Availability ‫توفر‬‫المعلومات‬
Assurance that the systems responsible for delivering, storing and processing
information are accessible when needed, by those who need them.
Reliability
 Computers should work without having unexpected problems
Authentication
 Guarantee that only authorized persons can access to the resources
17

Scope of Computer Security
 Scope of computer security
18

Computer security concepts
 Computer security concepts
Passive Attack
 attempts to learn or make use
of information from the system
but does not affect system
resources.
 Two types of passive attacks are:
• Release of message contents
• Traffic analysis.
Active Attack
 Modification of the data stream
or the creation of a false stream
 Four types of active attacks
• Masquerade
• Replay
• Modification of messages
• Denial of service.
19

Computer security concepts
 Computer security concepts
Computer security risk
A computer security risk is any event or action that could cause a loss of or
damage to computer hardware, software, data, information, or processing
capability.
Computer crime
Any illegal act involving a computer generally is referred to as a computer crime.
Cracker
 A cracker is someone with extensive computer knowledge who accesses a
computer or network illegally , someone whose purpose is to destroy data, steal
information, or other malicious action
The general view is that, while hackers build things, crackers break things.
Cyber terrorist
A cyber terrorist is someone who uses the Internet or network to destroy or
damage computers for political reasons.
Rootkit
A rootkit is a program that hides in a computer and allows someone from a
remote location to take full control of the computer.
20

Type of Security
 Types of Security
 Network Security
System and software security
Physical Security
Network security
 Network security refers to any activities designed to protect your network.
Specifically, these activities protect the usability, reliability, integrity, and safety of
your network and data.
Effective network security targets a variety of threats and stops them from
entering or spreading on your network.
Physical security
 Physical security is the protection of personnel, hardware, programs, networks,
and data from physical circumstances and events that could cause serious losses or
damage to data.
 This includes protection
From fire, natural disasters,
burglary, theft, vandalism,
and terrorism.
21

Type of computer hackers
 Hacker
 In the computer security context, a hacker is someone who seeks and exploits
weaknesses in a computer system or computer network. “a clever programmer“.
Hackers may be motivated by a multitude of reasons, such as profit, protest,
challenge or enjoyment.
 Type of computer hackers
white hat hacker
 The term "white hat" refers to an ethical computer hacker, or a computer
security expert, who specializes in hack testing to ensure the security of an
organization's information systems.
 White hat hacker breaks security for non-malicious reasons, perhaps to test their
own security system .
Black hat hacker
 Black hat hacker known as crackers or dark-side hackers. someone violating
computer or Internet security maliciously or for illegal personal gain.
Gray hat hacker
 A gray hat hacker is a combination of a black hat and a white hat hacker.
22

Famous hackers
 Some of most famous hackers
Kevin Mitnick
 An American computer security
consultant, Kevin David Mitnick is one
of the most notorious hackers of the
20th century.
 He got involved in several computer
and communications-related crimes and
even became one of the most wanted
computer criminals in the United States.
 At a very young age of 12, Kevin
Mitnick begun to use his social
engineering skills to circumvent the
punch card system used in Los Angeles
buses.
Kevin Poulsen
 A news editor at Wired.com,
Kevin Lee Poulsen is a former
hacker.
 He hacked the telephone lines of
the Los Angeles-based radio
station KIIS-FM.
 After he was released from
prison, he decided to leave the
computer programming world and
become a journalist to distance
himself from his criminal past.
23

Famous hackers
Mike Calce
 Michael Demon Calce, also
known as the MafiaBoy of
cyberspace, was a high school
apprentice at West Island.
 He got involved in a series of
publicized denial-of-service attacks
against some of the largest
commercial websites, including
Yahoo!, eBay, CNN, Amazon.com
and Dell, Inc.
Chad Davis
 An American hacker who is
among the most notorious
cybercriminals of the 20th century.
 He founded Global Hell, and
authored the hacking of the
websites of some of the largest
organizations and corporations in
the United states.
 He was the man behind the
vandalism of the homepage of The
White House and the US Army with
a message saying “Global Hell will
not die.”
24

Hacking and Why do hacker hack?
 Why do Hackers hack?
 For things. Yes, breaking into a computer is great for
getting information.
 For fun. Hacking is a game to prove how smart you
are. The more defenses, anti-virus, anti-spyware and
firewalls you can destroy the smarter you are.
 Hacking to steal. Another reason to hack a system is
to steal information or money.
 For vengeance. Destroy enemy’s computer network
during the war
 For guilt.
 For nothing. Sometimes, you hack without meaning
too. Or you join a gang to see what it's like. Before you
know it, you're hooked. Don't do it.
 Hacking The Process of attempting to gain or successfully gaining, unauthorized access
to computer resources is called Hacking “obtaining access to a computer system
without authority”.
25

What are some common attacks?
 What are some common attacks?
 Network Attacks
• Packet sniffing
• man-in-the-middle
• DNS hacking
 Web attacks
• Phishing
• SQL Injection
• Cross Site Scripting
 OS, applications and software attacks
• Virus
• Trojan
• Worms
• Rootkits
• Buffer Overflow
Not all hackers are evil wrongdoers trying to steal your info
Ethical Hackers, Consultants, Penetration testers, Researchers
 Need to know
 Networking
 Web Programming
Operating Systems
Programming languages and compilers
 Social Engineering
(NOT social networking)
26

Network Attacks
 Network Attacks
 Packet Sniffing
 Internet traffic consists of data “packets”,
and these can be “sniffed”
 Leads to other attacks such as
password sniffing, cookie
stealing session hijacking,
information stealing
 Man in the Middle
 Insert a router in the path between client
and server, and change the packets as they
pass through
 DNS hijacking
 Insert malicious routes into DNS tables to
send traffic for genuine sites to malicious
sites
27

Packet sniffing tools
 Wireshark
 Wireshark is one of the network packet
analyzer. A network packet analyzer will try to
capture network packets and tries to display that
packet data as detailed as possible.
 Attacker can use Wireshark to
analyze network packets, password
sniffing, cookie stealing, session
hijacking and information stealing.
 You could think of a
network packet analyzer as
a measuring device used to
examine what’s going on
inside a network
cable
28

 Wifislax
 Wifislax is a Slackware-based Linux distribution designed for wireless hacking
and forensics.
 It contains a large number of security and forensics tools, which transforms
it into a pentesting (penetration testing).
29
 It can run as a live CD
or installed in your
laptop saving personal
settings.
 By default, the boot
options are in Spanish,
which is not surprising,
considering that the
developers are from
Spain..

Web attacks
 Web attacks
 Phishing
An evil website pretends to be a trusted website.
Example:
You type, by mistake, “mibank.com” instead of
“mybank.com”
mibank.com designs the site to look like
mybank.com so the user types in their info as
usual
BAD! Now an evil person has your info!
 SQL Injection
• Malicious SQL statements are inserted into an
entry field for execution (e.g. to dump the database
contents to the attacker).
• Used to attack data-driven applications.
• Can be used to attack any type of SQL database.
 Cross Site Scripting
Writing a complex JavaScript program that steals
data left by other sites that you have visited in same
browsing session.
 Need to know
Web Programming
 JavaScript
 SQL or PlSQL
30

 Acunetix
 Acunetix Vulnerability Scanner automatically
crawls and scans custom-built websites and web
applications for SQL Injection, XSS, XXE, SSRF, Host
Header Attacks & over 500 other web
vulnerabilities..
 Acunetix Vulnerability Scanner able
to scan and test any application, no
matter what web technology it’s
written in.. Like php, asp, jsp, ajax,
Jqery, java script and so on ..
 Acunetix able to detect SQL
Injection, XSS and over 500
other types of web application
vulnerabilities..
31
 Acunetix provides reports
help developers to quickly
identify a web application’s
threat surface, detect what
needs to be fixed..

OS, application and software attacks
 OS, applications and software attacks
 Computer Virus
• Definition
- Computer program “Piece of code” that
automatically reproduces itself.
- It’s attached to other programs or files, but
requires user intervention to propagate.
• Background
- There are estimated 30,000 computer viruses in
existence
-Over 300 new ones are created each month
-Today almost 87% of all viruses are spread through
the internet
• Infection (targets/carriers)
- Executable files
- Boot sectors
- Documents (macros), scripts (web pages), etc.
• Propagation
is made by the user. The mechanisms are storage
elements, mails, downloaded files or shared folders
 Need to know
 Computer Architecture
 programming
 Viruses can increase their
chances of spreading to other
computers by infecting files on a
network file system or a file
system that is accessed by
another computer..
32

 Computer Virus
• Symptoms of Virus Attack
- Computer runs slower then usual
- Computer no longer boots up
- Screen sometimes flicker
- PC speaker beeps periodically
- System crashes for no reason
- Files/directories sometimes disappear
-Denial of Service (DOS)
• Typical things that some current personal computer
viruses do
- Display a message.
- Erase files
- Scramble data on a hard disk
- Cause erratic screen behavior
- Halt the PC
- Many viruses do nothing obvious at all except
spread!
33

 Halabjay
 Halabjay Virus is an Kurdish malware which is
developed by kurd-intruder to test and analyze
computer virus behaviors..
 It’s attached to other programs or
files, but requires user intervention to
propagate..
 Halabjay virus able to control
hardware parts like cd driver,
USB, mouse and keyboard..
34
 Halabjay virus able to
control logical part of the
computer such as operating
system and computer
applications ..

 Worm
• Definition
-Piece of code that automatically reproduces itself
over the network. It doesn’t need the user
intervention to propagate (autonomous).
• Infection
-Via buffer overflow, file sharing, configuration
errors and other vulnerabilities.
• Target selection algorithm
-Email addresses, DNS, IP, network neighborhood
• Payload
- Malicious programs
-Backdoor, DDoS agent, etc.
• Anatomy of Worms
- Attack Mechanism
- Payload
- New target selection
35

 Worm
• Harmful effects of Worms
-A worm uses a compromised system to spread through email, file
sharing networks, instant messenger, online chats and
unprotected network shares.
- Infects files, corrupts installed applications and damages the
entire system.
- Steals or discloses sensitive personal information, Valuable
documents, passwords, etc.
- The worm installs a backdoor or drops other dangerous parasite.
- Connection speed & System performance.
• Type of worms
- Conficker Worm
- Email and Instant Message Worms
- Internet Worms (Morris Worm)
- IRC Worms
- File-Sharing Network Worms
- Slapper Worm
36

 Trojans
• A Trojan horse or Trojan, is a destructive program that masquerades as
an application.
- The Trojan Horse, at first glance will appear to be useful software
but will actually do damage once installed or run on your computer.
-Trojans are also known to create a backdoor on your computer that
gives malicious users access to your system.
- Unlike viruses and worms, Trojans do not reproduce by infecting
other files nor do they self-replicate.
- Some well known Trojans: Net-bus, Girl friend, Back orrifice
,Flooder, Vundo Trojan etc.
• Types of Trojans
- Remote access Trojans
- Password sending Trojans
- Key _loggers
- Destructive
- Denial of service(DOS) Attack Trojans
- Mail-Bomb Trojans
- Proxy-Wingate Trojans
- FTP Trojans
- Software Detection Trojans
37

 Trojans
• What Trojans can do?
Use of the machine as part of a Botnet (e.g. to perform automated
spamming or to distribute Denial-of-service.)
Uninstallation of software, including third-party router drivers.
Downloading or uploading of files on the network hdd.
Watching the user’s screen.
Spreading other malware? Such as viruses. In this case? The
Trojan horse is called a dropper or vector.
Modification or deletion of files.
Data theft(e.g. retrieving username or postal code information)
Erasing or overwriting data on a computer.
Encrypting files in a crypto viral extortion attack.
Crashing the computer.
Corrupting files in a subtle way.
Setting up networks of zombie computers in order to launch
Dodos attacks or send spam.
38

Online mobile spy
Spy to mobile...
All the information from the cell phone is sent to your account
over the Internet. If you'd like to track a cell phone in real time,
be sure it has an active Internet connection.
When you sign in, you'll be able to check the phone's incoming
and outgoing SMS messages, call history, contact list, current
location and previous tracks.
39

 you'll be able to check the phone's incoming and
outgoing SMS messages..
40

 you'll be able to check
the phone's call history..
41
 you'll be able to check
the contact list..

 you'll be able to check the current location like accuracy,
speed, altitude and previous tracks..
42

Social Engineering
 Social Engineering
• Definition
- Manipulating a person or persons to detect and steal confidential
data and information.
- It is a way for criminals to gain access to information systems. The
purpose of social engineering is usually to secretly install spyware,
other malicious software or to trick persons into handing over
passwords and/or other sensitive financial or personal information.
• What are they looking for ?
- Obtaining simple information such as your pet's name, where
you're from, the places you've visited; information that you'd give
out freely to your friends.
- Some have a 'secret question' you have to answer, if you cannot
remember your username or password. The questions seem pretty
tough for an outsider looking into trying to hack into your account.
 What's the name of your first pet?
 What is your maiden name?
 When was your mother/father born?
 Where were you born?
43

Password attack or password cracking
 Password cracking
 Password cracking is the process of guessing or recovering a
password from stored locations or from data transmission system.
 It is used to get a password for unauthorized access or to recover a
forgotten password.
 In penetration “hack” testing, it is used to check the security of an
application.
 Password cracking methods are Guessing, Dictionary attacks and
Rainbow Tables.
• Guessing
 Find or guess a user’s identifier (Find user ids)
Get encrypted or hashed passwords or password files
 Encrypt or hash the trial passwords
 See if there is a match
• Rainbow Tables
 Uses a large number of hashed passwords without having a
dictionary.
 Innovative algorithm, that can find passwords fast!
e.g. 14 character alphanumeric passwords are found in
about 4-10 minutes of computing using a 1GB rainbow table
Need to know
- Data structures
- Algorithms
- Cryptography
44

Computer security issues
 Computer Security Issues
 Vulnerability is a point where a system is susceptible to attack " is a mistake
in hardware or software that can be directly used by a hacker to gain access to a
system or network”.
 Vulnerabilities can lead to:
- Unauthorized access ( attacker can login, read files, and make changes
to the system).
- Denial of service against host ( attacker can crash the system, disable
services, etc..).
- Denial of services against network ( attacker can disrupt routing, flood
the network, etc..).
 A threat is a possible danger to the system. The danger might be a person (a
system cracker or a spy), a thing (a faulty piece of equipment), or an event (a
fire or a flood) that might exploit a vulnerability of the system.
Countermeasures are techniques for protecting your system.
means used to deal with security attacks like prevent, detect
and recover.
 The relationship among threats, controls, and vulnerabilities:
A threat is blocked by control of a vulnerability.
45

Ways to protect computer
 Ways to protect computer
 Get the latest Anti-Virus Software.
 Update the virus database in your anti-virus program regularly
(each month or by the direction of the manufacturer).
 Not to open any unknown source downloads. To prevent attacks.
 Be sure do a full back up of your system on a regular basis. A backup file is a
copy of a file which is kept in case anything happens to the ..
 original file. Back-up systems often use: Grandfather – Father – Son
principal.
 Use file-level and share-level security.
 Use a Host-Based Firewall as well as Personal firewall software that
analyzes and controls incoming/outgoing packets: A personal firewall is
an application which controls network traffic to and from a computer,
permitting or denying communications. E.g. BlackICE™ PC Protection.
46

 Download files only from trusted sites
 Remember to do a virus scan for them after peripheral devices are connected to
your computer.
 Use disk encryption: There are many third-party products available that will
allow you to encrypt an entire disk. Examples include PGP Whole Disk
Encryption and Drive Crypt.
 Make use of a public key infrastructure: A PKI enables users to securely and
privately exchange data through the use of a public and a private cryptographic key
pair that is obtained and shared through a trusted authority.
 Hide data with steganography: You can use a steganography program to hide
data inside other data.
 Software safeguards include giving users:
A user identity and a password.
Some unique physical trait (biometrics)
47

 Some game cracks and key gens can contain Trojans so beware.
 Avoid downloading attachments with the suffix .exe on the end. These are
executable files, which are often used to send viruses, worms and Trojan horses.
 Don't open unknown attachments in emails or do a virus scan after opening
them.
 Use a Mal-ware and Ad-ware Scanner.
 Don't allow your web browser to automatically run programs, such as MS Word
or other programs through its e-mail program. Configure your browser to launch
WordPad or Notepad instead.
 Configure your web browsers to disable ActiveX, Java, and Javascript.
 A personal firewall should be run on any system that is not behind a corporate
firewall. This should be done on any computer that connects to the internet.
48

Encryption for your calls:
RedPhone : makes private communication simple. Free, world-wide, end-to-
end encryption for your calls, securing your conversations so that nobody can
listen in.
 RedPhone uses your normal phone number to make and receive calls, so
you don't need yet another identifier.
49
 All RedPhone calls are free,
including long distance and
international.
 Free and Open Source,
enabling anyone to verify
its security by auditing
the code.
 RedPhone calls are
encrypted end-to-end.

END
END…
Any questions..?
Hope you have been happy
Thank you
By: Msc. Karwan M. Kareem
2015 - 2016
50

Introduction to Computer and Network Security

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

More from Karwan Mustafa Kareem

More from Karwan Mustafa Kareem (9)

Recently uploaded

Recently uploaded (20)

Introduction to Computer and Network Security

Editor's Notes