III B.Sc.
Computer Science Information Security SCSJA63 UNIT - II
NEED FOR SECURITY
BUSINESS NEEDS FIRST
Each of an organization's communities of interest must address information security in terms
of business impact and the cost of business interruption, rather than isolating security as a
technical problem. Safeguards these applications, particularly those that are important elements
of the organization's infrastructure operating system platforms, electronic mail (e-mail), and
instant messaging (IM) applications. Information systems and the data they process enable the
creation and movement of goods and services. Therefore, protecting data in motion and data at
rest are both critical aspects of information security. The value of data motivates attackers to steal,
sabotage, or corrupt it. An effective information security program implemented by management
protects the integrity and value of the organization's data.
Threats to Information Security
DELIBERATE SOFTWARE ATTACKS
When an individual or group designs and deploys software to attack a system. Most of this
software is referred to as malicious code or malicious software, or sometimes malware.
More common instances of malicious code are viruses and worms, Trojan horses, logic
bombs, and back doors. The British Internet service provider Cloudnine is believed to be the first
business“hacked out of existence” in a denial-of-service attack in January 2002. This attack was
similar to denial-of-service attacks launched by Mafiaboy in February 2000.10
1
�III B.Sc. Computer Science Information Security SCSJA63 UNIT - II
Virus
A computer virus consists of segments of code that perform malicious actions. The code
attaches itself to an existing program and takes control of that program’s access to the targeted
computer. The virus-controlled target program then carries out the virus’s plan by replicating
itself into additional targeted systems. Computer viruses are passed from machine to machine
via physical media, e-mail, or other forms of computer data transmission. The current software
marketplace has several established vendors, such as Symantec Norton Anti-Virus and McAfee
Virus Scan,that provide applications to assist in the control of computer viruses.
Worms
A worm is a malicious program that replicates itself constantly, without requiring another
program environment. Worms can continue replicating themselves until they completely fill
available resources, such as memory, hard drive space, and network bandwidth. Code Red,
Sircam, Nimda (“admin” spelled backwards), and Klez are examples of a class of worms that
combines multiple modes of attack into a single package. News-making attacks, such as MS-
Blaster, MyDoom, and Netsky, are variants of the multifaceted attack worms and viruses that
exploit weaknesses in the leading operating systems and applications. The complex behavior of
worms can be initiated with or without the user downloading or executing the file. Once the
worm has infected a computer, it can redistribute itself to all e-mail addresses found on the
infected system. Worms also take advantage of open shares found on the network in which an
infected system is located, placing working copies of the worm code onto the server so that users
of those shares are likely to become infected.
Trojan Horses
Trojan horses are software programs that hide their true nature and reveal their designed
behavior only when activated. Trojan horses are frequently disguised as helpful, interesting, or
necessary pieces of software, such as readme.exe files often included with shareware or freeware
packages. Trojan horse attack. Around January 20, 1999, Internet e-mail users began receiving e-
mail with an attachment of a Trojan horse program named Happy99.exe. The program continued
to propagate itself by following up every e-mail the user sent with a second e-mail to the same
recipient that contained the Happy99 Trojan horse program
.
Back Door or Trap Door
2
�III B.Sc. Computer Science Information Security SCSJA63 UNIT - II
A virus or worm can have a payload that installs a back door or trap door component in a
system, which allows the attacker to access the system at will with special privileges.
Polymorphic Threats
These viruses and worms actually evolve, changing their size and other external file
characteristics to elude detection by antivirus software programs.
Virus and Worm Hoaxes
More time and money is spent on resolving virus hoaxes. When people fail to follow virus-
reporting procedures, the network becomes overloaded, and much time and energy is wasted as
users forward the warning message to everyone they know, post the message on bulletin boards,
and try to update their antivirus protection software
DEVIATIONS IN QUALITY SERVICE
Deviations in quality service can result from incidents such as a backbone taking out a fiber-
optic link for ISP. This degradation of service is a form of availability disruption. Irregularities in
Internet service, communications, and power supplies can dramatically affect the availability of
information and systems.
Internet service issues
Internet service provider failures can considerably undermine the availability of information.
These Web hosting services are usually arranged with an agreement providing minimum service
levels known as a Service Level Agreement (SLA). When a service provider fails to meet the SLA,
the provider may accruefines to cover losses incurred by the client, but these payments seldom
cover the losses generated by the outage.
Communications and Other Service Provider Issues
Other utility services can affect organizations as well. Among these are telephone, water,
wastewater, trash pickup, cable television, natural or propane gas, and custodial services. The
loss of these services can impair the ability of an organization to function.
Power Irregularities
When voltage levels spike (experience a momentary increase), or surge (experience a
prolonged increase), the extra voltage can severely damage or destroy equipment. Equally
disruptive are power shortages from a lack of available power. A momentary low voltage or sag,
or a more prolonged drop in voltage, known as a brownout, can cause systems to shut down or
reset, or otherwise disrupt availability. Complete loss of power for a moment is known as a fault,
and a more lengthy loss as a blackout. The more expensive uninterruptible power supply (UPS)
can protect against spikes and surges as well as against sags and even blackouts of limited
duration.
Espionage or Trespass
When an unauthorized individual gains access to the information an organization is trying
to protect, that act is categorized as espionage or trespass. When foreign governments are
3
�III B.Sc. Computer Science Information Security SCSJA63 UNIT - II
involved, these activities are considered espionage and a threat to national security. Some forms
of espionage are relatively low tech. One example, called shoulder surfing, When someone can
see another person entering personal or private information into a system, the first person should
look away as the information is entered. Failure to do so constitutes not only a breach of etiquette,
but an affront to privacy as well as a threat to the security of confidential information.
Acts of trespass can lead to unauthorized real or virtual actions that enable information
gatherers to enter premises or systems they have not been authorized to enter. Sound principles
of authentication and authorization can help organizations protect valuable information and
systems. These control methods and technologies employ multiple layers or factors to protect
against unauthorized access.
The classic perpetrator of espionage or trespass is the hacker. Hackers are “people who use
and create computer software [to] gain access to information illegally.There are generally two
skill levels among hackers. The first is the expert hacker, or elite hacker, who develops software
scripts and program exploits used by those in the second category, the novice or unskilled
hacker. The good news is that if an expert hacker can post a script tool where a script kiddie or
packet monkey can find it, then systems and security administrators can find it, too. The
developers of protection software and hardware and the service providers who keep defensive
systems up to date also keep themselves informed of the latest in exploit scripts. As a result of
preparation and continued vigilance, attacks conducted by scripts are usually predictable and
can be adequately defended against.
The term cracker is now commonly associated with an individual who cracks or removes
software protection that is designed to prevent unauthorized duplication. With the removal of
the copyright protection, the software can be easily distributed and installed. The terms hacker
and cracker in current usage denote criminal intent.
A phreaker hacks the public telephone network to make free calls or disrupt services.
Phreakers grew in fame in the 1970s when they developed devices called blue boxes that enabled
free calls from pay phones.
