COMPUTER SYSTEM SECURITY PDF
zeal and dedication in the unending war of computer security. . nerabilities in operating systems and communications software should be made public. Why Computer Security? Computer Security is important for protecting the confidentiality, integrity, and availability of computer systems and their resources. Basic Computer Security Practices. • Make backups of important files. • Apply patches to the operating system. • Use anti-virus software, update definitions very .
|Language:||English, Spanish, Portuguese|
|Genre:||Health & Fitness|
|ePub File Size:||30.36 MB|
|PDF File Size:||16.80 MB|
|Distribution:||Free* [*Register to download]|
Computer System Security. Lecture 1 notes. 1) What is computer Security? • Something that cannot be bypassed. • Complete mediation. • Not vulnerable to. Intro to computer and network security. t o to co pute a d et o Application and operating system security . browsers, media players, PDF readers, etc.,. p y. systems. The second section presents a classification of security threats, and the last mechanisms and techniques for ensuring security of a computer system.
Cable News Network. Archived from the original on 18 February Retrieved 16 April Archived from the original on 17 October Retrieved 4 November Zellan, Aviation Security. Hauppauge, NY: Nova Science, , pp. Archived from the original on 8 February Archived from the original on 13 October Archived from the original on 12 December Archived from the original on 19 March Archived from the original on 13 March Retrieved 15 June Cybersecurity Firms Are On It". Archived from the original on 11 February Archived from the original on 18 December Breach may have affected 1.
Archived from the original on 21 December Retrieved 21 December Archived from the original on 1 December Retrieved 29 November The New York Times. Archived from the original on 2 November FBI warns healthcare sector vulnerable to cyber attacks". Archived from the original on 4 June Retrieved 23 May Archived from the original on 5 January Retrieved 12 October Infosecurity Magazine.
Archived from the original on 9 November Retrieved 8 November Archived from the original on 27 March Retrieved 29 March Archived from the original on 29 March What we know now". Archived from the original on 4 January Retrieved 4 January Only Released Gigabytes So Far". Business Insider. Archived from the original on 17 December Retrieved 18 December Lee 18 January Archived from the original on 17 March Archived PDF from the original on 9 November It will take a 'major event' for companies to take this issue seriously".
Archived from the original on 20 January Retrieved 22 January The Guardian. Archived from the original on 16 March Berkeley, CA, US: Archived PDF from the original on 21 February Archived from the original on 19 January The Independent.
Archived from the original on 2 February The Telegraph. The Government". Archived from the original on 14 February Archived PDF from the original on 21 January Anonymous' Operation Megaupload explained". Archived from the original on 5 May Retrieved 5 May Autistic 'hacker' who started writing computer programs at 14".
The Daily Telegraph. Archived from the original on 2 June BBC News. Archived from the original on 6 September Retrieved 25 September Archived from the original on 7 March Retrieved 30 January Archived from the original on 5 June Retrieved 5 June Archived from the original on 6 June Archived from the original on 24 June Education Week. Archived from the original on 10 June Archived from the original on 26 June Retrieved 26 June Archived from the original on 27 June Science Fiction or Business Fact?
Harvard Business Review. River Publishers. Archived PDF from the original on 12 October Archived from the original on 14 May Dark Reading.
Archived from the original on 29 May The Daily Beast. Cybersecurity In ". Archived from the original on 29 December Retrieved 29 December Wirtschafts Woche. NBC News. The Register. Archived from the original on 16 November Next dump is sansad. The Indian Express. RT International. CBS Boston. Archived from the original on 29 September Healthcare IT News. The Verge. Archived from the original on 28 December Archived PDF from the original on 29 December Daily Energy Insider.
Retrieved The Economic Impact of Cyber-Attacks. Washington DC: The Library of Congress. Journal of Contemporary Criminal Justice. Archived PDF from the original on 20 November Janalta Interactive Inc. Archived from the original on 3 October Retrieved 9 October Archived from the original on 13 July Archived from the original on 20 August Retrieved 13 July Archived from the original on 25 September Vulnerability Management , page 1.
Find Hidden Vulnerabilities Synopsys".
Archived from the original on 27 February Retrieved 22 February A Pocket Guide, 3rd Edition. Formal verification at Intel.
Looking for other ways to read this?
IEEE Press. Archived from the original PDF on 21 May Retrieved 19 May Cyber Security Inoculation. The Next Security Threat". Scientific American. Archived from the original on 12 March Archived from the original on 20 March Retrieved 20 March White Paper" PDF.
Intel Corporation. Archived PDF from the original on 11 June Lock Down Your Data". Archived from the original on 21 June Fox Business Network. Archived from the original on 3 December Retrieved 1 December Archived from the original on 2 May Retrieved 9 March Dunn, Owen S.
Hofmann, Michael Z. Proceedings of the Usenix Annual Technical Conference. Usenix Technical Conference. CS1 maint: Multiple names: CSO Online. IBM Security Intelligence. The Coruscan Project. TalaTek, LLC. Archived from the original on 27 September Retrieved 12 December MyFox Twin Cities, 29 March Archived from the original on 9 May Cyber-Attack on Iran Nukes? CBS News. Archived from the original on 16 October Retrieved 18 February Stars and Stripes.
Retrieved 30 October IO Journal. Archived from the original PDF on 19 December Archived from the original on 16 August Retrieved 16 August ARD interview with Edward Snowden".
La Foundation Courage. Archived from the original on 14 July Retrieved 11 June IEEE Spectrum. Archived from the original on 1 February National Institute of Standards and Technology. Archived from the original on 27 January CBS Interactive.
Archived from the original on 9 December Archived from the original on 28 February Retrieved 25 February The Wall Street Journal. Archived from the original on Archived from the original on 10 July New York Times. Network Security. In the commercial world confidentiality is customarily guarded by security mechanisms that are less stringent than those of the national security community.
For example, information is assigned to an "owner" or guardian , who controls access to it. With Trojan horse attacks, for example, even legitimate and honest users of an owner mechanism can be tricked into disclosing secret data. The commercial world has borne these vulnerabilities in exchange for the greater operational flexibility and system performance currently associated with relatively weak security.
Integrity Integrity is a requirement meant to ensure that information and programs are changed only in a specified and authorized manner. It may be important to keep data consistent as in double-entry bookkeeping or to allow data to be changed only in an approved manner as in withdrawals from a bank account. It may also be necessary to specify the degree of the accuracy of data.
Some policies for ensuring integrity reflect a concern for preventing fraud and are stated in terms of management controls. For example, any task involving the potential for fraud must be divided into parts that are performed by separate people, an approach called separation of duty. A classic example is a downloading system, which has three parts: ordering, receiving, and payment. Someone must sign off on each step, the same person cannot sign off on two steps, and the records can be changed only by fixed procedures—for example, an account is debited and a check written only for the amount of an approved and received order.
In this case, although the policy is stated operationally—that is, in terms of specific management controls—the threat model is explicitly disclosed as well. Other integrity policies reflect concerns for preventing errors and omissions, and controlling the effects of program change.
Integrity policies have not been studied as carefully as confidentiality policies. Computer measures that have been installed to guard integrity tend to be ad hoc and do not flow from the integrity models that have been proposed see Chapter 3. Availability Availability is a requirement intended to ensure that systems work promptly and service is not denied to authorized users. From a security standpoint, it represents the ability to protect against and recover from a damaging event.
The availability of properly functioning computer systems e. Contingency planning is concerned with assessing risks and developing plans for averting or recovering from adverse events that might render a system unavailable.
Traditional contingency planning to ensure availability usually includes responses only to acts of God e. However, contingency planning must also involve providing for responses to malicious acts, not simply acts of God or accidents, and as such must include an explicit assessment of threat based on a model of a real adversary, not on a probabilistic model of nature.
For example, a simple availability policy is usually stated like this: "On the average, a terminal shall be down for less than 10 minutes per month. This policy means that the up time at each terminal, averaged over all the terminals, must be at least A security policy to ensure availability usually takes a different form, as in the following example: "No inputs to the system by any user who is not an authorized administrator shall cause the system to cease serving some other user.
Instead, it identifies a particular threat, a malicious or incompetent act by a regular user of the system, and requires the system to survive this act. It says nothing about other ways in which a hostile party could deny service, for example, by cutting a telephone line; a separate assertion is required for each such threat, indicating the extent to which resistance to that threat is deemed important.
Examples of Security Requirements for Different Applications The exact security needs of systems will vary from application to application even within a single application. As a result, organizations must both understand their applications and think through the relevant choices to achieve the appropriate level of security.
An automated teller system, for example, must keep personal identification numbers PINs confidential, both in the host system and during transmission for a transaction.
It must protect the integrity of account records and of individual transactions. Protection of privacy is important, but not critically so.
Availability of the host system is important to the economic survival of the bank, although not to its fiduciary responsibility. A telephone switching system, on the other hand, does not have high requirements for integrity on individual transactions, as lasting damage will not be incurred by occasionally losing a call or billing record.
The integrity of control programs and configuration records, however, is critical. Without these, the switching function would be defeated and the most important attribute of all—availability—would be compromised.
A telephone switching system must also preserve the confidentiality of individual calls, preventing one caller from overhearing another. Morris wrote a computer program that could connect to a remote machine and copy data to another computer and repeat this action over the network.
Morris was reprimanded by the U. In the s, the Internet gained momentum. After the Internet became public, millions of users and many organizations, universities, and commercial entities became connected to the Internet as well. As the number of Internet users grew, it became difficult for users to trust the network. Resources shared data on the network with other users, thus causing the Internet to become vulnerable to attacks.
Kevin Mitnick, wrote his first hacking program when he was in high school. When a teacher asked the class to write a program to print the Fibonacci number, Kevin wrote a program that could get the passwords of students.
His teacher gave him an A for writing this program. His passion for writing programs to crack computers continued. However, when companies found out that he hacked into their computer systems without authorization, he became a wanted man by the U.
In , he was convicted of copying software from a Digital Equipment Corporation DEC and was sentenced with twelve months imprisonment and three years of supervised parole. Finally, he was arrested in In , Mitnick confessed to computer fraud and illegally intercepting the communication network and was sentenced to almost four years in prison. Though Mitnick claimed he did not hack the computer systems for monetary gain, it was still considered illegal according to the U.
Despite his run-ins with the law, Mitnick has influenced modern-day hackers, including WikiLeaks. Today, he spends his time advising companies about the security vulnerabilities in their networks.
Scan the network and its devices for vulnerabilities, using probing and similar tools.
IN ADDITION TO READING ONLINE, THIS TITLE IS AVAILABLE IN THESE FORMATS:
Write malicious code: A program or an application that contains harmful code. By installing such an application, your system can be compromised and without your knowledge, it can send your personal data to the remote user. Programs like viruses, worms, and Trojan horses, are a few examples of malicious code. Denial of Service: All your system resources could be exhausted or stopped temporarily. In the early days of the Internet, the user groups were relatively small.
Intruders exploited relatively simple weaknesses, such as passwords or default configurations of the system. The technique was relatively simple and it worked. During those times, organizations did not have the expertise in configuring systems or tools to monitor the security of the network.
Awareness of the scope of the problem was also limited. Today, the importance of security and its awareness has increased among people and networks have become more secure. Consequently, the intruders also have become smarter. Many sophisticated tools have been developed by them and made available to the public.
This has become a day-to-day challenge between the good guys and the bad guys. S Republican Vice Presidential candidate in Bradley Manning exposed the truth about America's wars in the Middle East and how the United States conducts foreign policy.
WikiLeaks allows any user to upload information anonymously. Users can electronically submit the information without revealing their identity. WikiLeaks uses highly sophisticated technology by providing electronic drop boxes fortified by cutting-edge cryptographic information technology. The site also provides maximum security to the information and their sources.
While Manning was deployed in Iraq, he accessed secure intelligence networks to gather secret military and diplomatic files which he downloaded and passed on to WikiLeaks. This information was published by WikiLeaks and read by millions of people across the world.
Manning was caught when he openly admitted the leaks. According to the U. Prosecutors argued throughout the trial that the published secret information had directly benefited Al-Qaeda. Manning is facing a year jail term for leaking over , military and security documents to WikiLeaks. In June , Edward Snowden a former member of the U. National Security Agency, exposed documents and information about both the Internet and phone surveillance by U.
Snowden with theft of government property, unauthorized communication of national defense information, and willful communication of classified intelligence. Each of the charges carries a maximum of 10 years in prison. Snowden is currently in Russia on temporary asylum. In recent days, WikiLeaks has come under severe attack by many governments, particularly the United States, for publishing confidential information on its web site. WikiLeaks has been questioned on the impact of such leaks.
The most high-profile documents published by WikiLeaks are either U. After the leak of the content of U. Stephen Aftergood, the director of the Federation of American Scientists Project on Government Secrecy explains that, "It has invaded personal privacy. It has published libelous material.
It has violated intellectual property rights. And above all, it has launched a sweeping attack not simply on corruption, but on secrecy itself. And I think that's both a strategic and a tactical error.
It's a strategic error because some secrecy is perfectly legitimate and desirable. It's a tactical error because it has unleashed a furious response from the U. It may become harder to support protection for people who disclose and publish classified information after WikiLeaks. We also discussed how the telephonic lines allowed the computers to be connected with each other and how those who could exploit the telephone lines continued to hack into computers with this knowledge.
We also looked at how bulletin boards and the information on these bulletin boards were misused. We made a passing reference to some of the legendary hackers and how the increasing threats to computer security led to the CERT initiative.
We also explored both verbal communication and non-verbal communication. We looked at how secret communications were being conveyed through a coded language using Caesar cipher from the days of Julius Caesar. We also discussed how, with the advent of telegraphs and radio, the need for coding these messages was necessary to protect the confidentiality of these messages.
We briefly touched upon how the world wars necessitated the securing of messages being relayed and mentioned that most of the current security practices have had their base on the security practices commenced during the world wars. We further explored how the Enigma cipher machine helped Germans in World War II to encode their military messages securely and how the breaking of the Enigma code led to the shortening of World War II.
We introduced the code breakers and discussed how a great Polish mathematician by the name of Alan M.
We discussed two famous categories of computer hackers: Additionally, we discussed WikiLeaks, which is a recent phenomenon in the field of computer security and we explained how WikiLeaks brought to the forefront many political secrets.
You do not have permission under this licence to share adapted material derived from this chapter or parts of it. Skip to main content Skip to sections. Advertisement Hide. Open Access. First Online: This process is experimental and the keywords may be updated as the learning algorithm improves.
Download chapter PDF. Introduction The first events in the history of exploiting security date back to the days of telephony. Cypher Machine: Enigma Telegraphs, telephones, and radios have changed the meaning of communication. In fact, Germans changed the coding keys every three months until , and then monthly until During the war in , keys were changed every eight hours. Without breaking Enigma, World War II would have taken a different course and would have been extended for a few more years.
Figure Alan Turing photograph by Colin Smith The early days of telephone networking witnessed hackers making long-distance calls without actually paying. Hackers used electronic devices to crack into the telephone network to make long-distance calls Figure The telephone network hackers became popularly known as phreakers.
Open image in new window.
Hackers cracked into telephone networks.Firewalls are common amongst machines that are permanently connected to the Internet. Manning was caught when he openly admitted the leaks. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the motives for their existence, they create a vulnerability.
Federal Communications Commission 's role in cybersecurity is to strengthen the protection of critical communications infrastructure, to assist in maintaining the reliability of networks during disasters, to aid in swift recovery after, and to ensure that first responders have access to effective communications services. Retrieved 19 May