SE205 - Unit 1: Attacks on Computers and Computer Security

Glossary of Terms

A security mechanism used to stop unattended/unauthorized access to data or resources. Techniques include passwords, firewalls, and PINs.

An attack where the attacker directly interacts with and attempts to alter system resources or affect their operation. Examples include modification of messages, replay, denial of service, and masquerade.

Advanced Research Projects Agency Network. An early packet switching network and the first network to implement the protocol suite TCP/IP. Considered the foundation of the modern internet.

One of the three core principles of the CIA Triad. Ensures that systems and data are accessible and usable upon demand by authorized users.

A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam or conduct DDoS attacks (like the Mirai botnet).

A model designed to guide policies for information security within an organization, focusing on three core principles: Confidentiality, Integrity, and Availability.

One of the three core principles of the CIA Triad. Ensures that sensitive information is not disclosed to unauthorized individuals, entities, or processes.

A security mechanism used to ensure that data has not been altered in an unauthorized manner during transmission or storage. Often involves appending a check value created from the data itself.

An active attack where multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.

An active attack intended to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash.

A security mechanism used to verify the authenticity and integrity of digital data. It typically involves cryptographic techniques (often asymmetric) to bind a sender's identity to the data.

A security mechanism that deals with hiding or covering data to ensure confidentiality, making it unreadable without authorization. Achieved using cryptography (encryption algorithms).

The protection afforded to an automated information system to preserve the Confidentiality, Integrity, and Availability (CIA) of system resources (hardware, software, firmware, data, telecommunications).

One of the three core principles of the CIA Triad. Ensures the accuracy and completeness of data, preventing unauthorized modifications, deletions, or additions.

A system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. Often targeted in botnet attacks like Mirai.

An active attack where one entity pretends to be a different entity. For example, an attacker might impersonate an authorized user to gain access.

An active attack where an attacker intercepts a message and alters its content before forwarding it to the intended recipient, violating data integrity.

A framework describing how security services are implemented in a network to protect information during transmission between sender and receiver, considering potential opponents and trusted third parties.

A framework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying them. Focuses on security attacks, mechanisms, and services.

An attack where the attacker attempts to learn or make use of information from the system but does not affect system resources. Examples include eavesdropping (release of message content) and traffic analysis.

A type of passive attack involving eavesdropping on communications to obtain message content (e.g., reading an email, listening to a phone call).

An active attack where an attacker passively captures data units from a legitimate transmission and retransmits them later to produce an unauthorized effect.

An attack where either the sender or receiver of a message attempts to deny the transmission or reception of the message. Security services like digital signatures help prevent this.

Any action that compromises the security of information owned by an organization. Categorized broadly as passive or active.

A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. Examples include encipherment, digital signatures, access controls.

A service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. Often defined in terms of the CIA Triad (Confidentiality, Integrity, Availability).

Any type of malicious activity or attack (physical or digital) that could potentially cause harm or damage to an organization, its data, or its personnel. Examples include theft, vandalism, malware, ransomware.

A security model emphasizing that security is based on three key activities: Prevention, Detection, and Response. These should form the foundation for security policies.

A type of passive attack involving the observation of traffic patterns (source, destination, frequency, length of messages) even if the content is encrypted, to infer information.

A security mechanism that involves inserting bogus data into a data stream to thwart traffic analysis attempts by masking actual traffic patterns.

An entity trusted by two or more parties in a distributed system, often used in network security models to facilitate the distribution of secret information (like keys).

Key Concepts from Unit 1

Information Security Definition

Information Security involves protecting information systems to preserve their Confidentiality, Integrity, and Availability (CIA). This protection extends to all system resources:

Hardware
Software
Firmware
Information/Data
Telecommunications

The CIA Triad

These three principles form the cornerstone of information security:

Confidentiality: Preventing unauthorized disclosure of information. Ensuring only authorized individuals can access sensitive data. Measures aim to maintain privacy.
Integrity: Preventing unauthorized modification or deletion of data. Ensuring data is accurate, trustworthy, and has not been tampered with.
Availability: Ensuring authorized users can access systems and data when needed. Concerns the functionality and responsiveness of hardware, software, and network infrastructure.

All security controls and program elements should aim to achieve one or more of these principles.

Security Threats vs. Security Attacks

Security Threat: Any potential danger or malicious activity (physical or digital) that could harm an organization, its data, or personnel. Examples: theft, malware, ransomware, vandalism.

Security Attack: An action that actively compromises the security of information. Attacks exploit vulnerabilities to realize threats.

Types of Security Attacks

Attacks are broadly categorized into two types:

Passive Attacks

Involve observing or monitoring transmissions to obtain information without affecting system resources. The primary goal is learning information.

Release of Message Content: Eavesdropping to read the contents of a message (e.g., email, phone call). Violates Confidentiality.
Traffic Analysis: Observing patterns (who is talking to whom, how often, message lengths) even if content is hidden. Can reveal sensitive information indirectly. Violates Confidentiality.

Passive attacks are difficult to detect but easier to prevent (e.g., through encryption).

Active Attacks

Involve modification of the data stream or the creation of a false stream. These attacks directly harm systems or alter data.

Masquerade: One entity pretends to be another (e.g., logging in with stolen credentials).
Modification of Messages: Changing, deleting, or delaying parts of a legitimate message. Violates Integrity.
Replay: Capturing a data unit and retransmitting it later to produce an unauthorized effect (e.g., resending a login sequence).
Denial of Service (DoS): Preventing or inhibiting the normal use or management of communication facilities (e.g., flooding a server with requests). Violates Availability.

Active attacks are harder to prevent completely but easier to detect.

Security Mechanisms

Methods or technologies used to detect, prevent, or recover from security attacks. Key types include:

Encipherment (Encryption): Hiding data content to ensure confidentiality.
Access Control: Preventing unauthorized use of resources (e.g., passwords, firewalls).
Data Integrity: Ensuring data hasn't been altered (e.g., using checksums, hash functions).
Digital Signature: Providing authentication of the source and data integrity, often ensuring non-repudiation.
Traffic Padding: Inserting bogus data to confuse traffic analysis.
Routing Control: Selecting specific network routes to avoid insecure paths.
Notarization: Using a trusted third party to assure properties of data exchange (e.g., timestamping).

Network Security Model

A model describing secure network communication involves several key components:

Sender & Receiver: The communicating parties.
Information Channel: The medium used for transmission (e.g., the Internet), potentially vulnerable to opponents.
Opponent (Attacker): Human or software attempting to compromise security.
Security Transformation: Encrypting the message and/or adding codes for verification before sending.
Secret Information (Key): Information shared securely (often via a Trusted Third Party) used in the security transformation (e.g., encryption key).
Trusted Third Party: An entity responsible for securely distributing secret information (keys) between sender and receiver.

Four basic tasks in designing security services:

Design a suitable security algorithm (e.g., encryption).
Generate the secret information (keys) needed.
Develop methods for secure distribution and sharing of secret information.
Specify a protocol for how the communicating parties use the algorithm and secret information.

Two main threat categories in the network access model:

Information Access Threats: Intercepting or modifying data illegitimately.
Service Threats: Exploiting flaws to inhibit legitimate use (e.g., viruses, worms).

Security Trinity

A fundamental approach to security based on three pillars:

Prevention: Measures taken to stop attacks from succeeding (e.g., firewalls, access controls, encryption).
Detection: Measures taken to identify when an attack is occurring or has occurred (e.g., intrusion detection systems, log monitoring).
Response: Actions taken after an attack is detected to contain damage, eradicate the cause, recover, and learn from the incident (e.g., incident response plan).

This trinity should underpin all security policies.