Information security has become a continuing concern in all areas of an Information system. Security is neither a product nor a software; it is a discipline that needs to be taken into consideration in any organizational decision. It is indeed true that there is no such thing as a completely secure system. But it is also correct that by increasing the security measures that protect your assets, you are making your system a much more difficult target for intruders, which, in turn, reduces the chances of becoming a victim when the right security technologies are in place.
What Are the Goals for Security?
Security is required to achieve four main goals:
| S NO | Goal | Threat |
|---|---|---|
| 1 | Confidentiality | Exposure to Data |
| 2 | Integrity | Alteration to Data |
| 3 | Availability | Denial of Service |
| 4 | Authenticity | Attacks by viruses |
Confidentiality: This means secret data must remain confidential. This means that if somebody wants some data to be available to certain people, then the operating system must make that data available to those particular people, with no one else allowed to see that data. It prevents unauthorized disclosure of secured information.
Integrity: This means restricting unauthorized modification of secured information. Unauthorized users must not be allowed to modify the data without the owner’s permission. Data modification includes not only changing or deleting data, but also removing data or adding false data to change its behavior.
Availability: This means nobody can disturb the system to make it unusable. It assures that the system works promptly, and that service is not denied to authorized users. This is to restrict unauthorized users by withholding information, causing a denial of service to authorized users.
Authenticity: This means the system must able to verify the identity of users. Users can login to the system by providing a combination of username and password, or matching any other security parameters.
What Assets Should We Protect?
Security is about the protection of assets. For this reason, we must first identify the organizational assets. Information system assets can be categorized as:
Hardware: Includes CPUs, motherboards, hard disks, CD-ROMs, etc., and all other physical devices. Threats can be accidental or deliberate damage to equipment.
Software: Includes operating system, utilities, applications, etc. Several distinct threats need to be considered. Software can be deleted, altered, or changed in behavior.
Data: Includes files and other forms of data. Unauthorized persons can read, modify, or delete data.
Communication Lines: Includes cables and other network communication media. Data in transfer can be read, modified, or deleted.
Who Are the Attackers?
In security literature, people who try to gain unauthorized access to information systems, whether for commercial or non-commercial purposes, are known as intruders, generally referred as hackers or crackers. They act in two different ways: passive and active. The former just wants to read files or data for which they are not permitted, while the latter is more dangerous, wanting to make unauthorized changes to data.
Some common types of intruders are:
1) Casual prying by non-technical users: People who want to read other people’s e-mails or files while they are connected on shared devices.
2) Snooping by insiders: Highly skilled people likes developers, students, or other technical persons, who consider it a personal challenge to break the security of a computer system.
3) Determined attempts to make money: Some developers or others personnel working in banking societies attempt to steal money from their organizations.
4) Attempts at secret military or government data: This is considered to be very serious crime. This category involves attempts made by competing foreign countries to gain a country’s information for the purpose of national defense, attacks, etc.
What Are the Threats?
INSIDER ATTACKS:
Logic Bombs: These are code embedded in a program that is set to explode when certain conditions are met. The conditions used to trigger the bomb can be the presence or absence of certain files, a particular day or date, a particular user running the application, etc. Once triggered, a bomb may alter or delete data or sometimes entire files, causing a machine halt or dealing some other damage. For example, if a developer is fired, the logic bomb will trigger upon not receiving his daily password to a certain portion of code, or when any other set of conditions are satisfied.
Trap Doors: These are login programs written by developers to gain unauthorized access. For example, a developer could add code to a login program to allow anyone using a particular login name (like “student”), no matter the password. If this code is inserted into a working program, the login succeeds by entering the login name as “student” with any password or with a blank password.
Login Spoofing: This is a technique of collecting other users’ passwords. In this method, a false login interface that seems identical to the real thing (which would normally be connected to a safe server) is mounted on an actual login screen. When the user enters their user ID and password, this information is stored in an intruder’s database. Then the dummy login shell is destroyed, and the actual login screen will start asking login parameters again. Most—probably all—users think they have made a mistake in the entering ID or password. They never know about the spoof, and will enter their credentials again and successfully login into the system. Because of this, a login screen will be presented after pressing CTRL+ALT+DEL in most systems.
OUTSIDER ATTACKS:
Trojan Horses: Can look like useful software applications but has hidden malware contained within it. To spread it across networks, it is attached to games, etc., which attract people to eagerly download it. The malware then does whatever it is designed for, such as deleting, modifying, or encrypting files. It can also search for credit card numbers, passwords, or other useful data. Moreover, it will restart automatically when the machine is rebooted and runs in the background. The bottom line is it does not require the author’s involvement; the victim does all the necessary things to infect themselves.
Virus: A program that infects other programs and makes copies of itself, which can spread across the whole file system and take temporary control of operating system. Then a fresh copy of virus is attached to uninfected files when they comes in contact. It can spread from computer to computer when files are shared.
Worm: A worm is a program that replicates itself and sends copies from computer to computer across the network connections. Upon arrival, the worm may be activated and propagates again to perform unwanted functions. It is used as an e-mail virus.
Zombie: A program that secretly takes over an Internet connected computer and uses it to launch attacks that are difficult to trace back to the zombie creators. It is used in denial-of-service attacks against web servers.
Spyware: Software that is loaded onto a PC and runs in the background, causing infections without user’s knowledge.
Adware: An advertisement that is integrated into software. It can result in pop-up ads or redirection of the browser to a commercial site. It also changes the home page of a browser to its redirecting link.
Root kit: A set of tools used to gain root level access after breaking computer security. Root kits can contain any of above malicious software, like virus, worms, spyware, etc.
How Can We Relate These Security Concepts?
All of these basic security concepts can be linked together to calculate the security risk to stored data or data that is being transferred. Asset owners are always worried about their assets being attacked by intruders, as these attackers could cause vulnerabilities using their threats. Therefore, counter security protection can be laid out to increase security or reducing the risk of data being compromised.
