GROUP NO : 2

Digvijay bhonsale -7
Ashish chaurasia -8
Zaid dalvi -9
Chaitanya divekar -10
Atif ghole -11

MMS -A

CYBER SECURITY
MANAGEMENT INFORMATION SYSTEMS

CYBER SECURITY
Computer security (also known as cyber security or IT security) is information security as
applied to computing devices such as computers and smartphones, as well as computer networks
such as private and public networks, including the whole Internet.
The field covers all the processes and mechanisms by which digital equipment, information and
services are protected from unintended or unauthorized access, change or destruction, and is of
growing importance in line with the increasing reliance on computer systems of most societies
worldwide.

What are the risks?

There are many risks, some more serious than others. Among these dangers are viruses erasing
your entire system, someone breaking into your system and altering files, someone using your
computer to attack others, or someone stealing your credit card information and making
unauthorized purchases. Unfortunately, there's no 100% guarantee that even with the best
precautions some of these things won't happen to you, but there are steps you can take to minimize
the chances.

What can you do?

The first step in protecting yourself is to recognize the risks and become familiar with some of the
terminology associated with them.

Viruses - This type of malicious code requires you to actually do something before it
infects your computer. This action could be opening an email attachment or going to a
particular web page.
Worms - Worms propagate without user intervention. They typically start by exploiting a
software vulnerability (a flaw that allows the software's intended security policy to be
violated), then once the victim computer has been infected the worm will attempt to find
and infect other computers. Similar to viruses, worms can propagate via email, web sites,
or network-based software. The automated self-propagation of worms distinguishes them
from viruses.
Trojan horses - A Trojan horse program is software that claims to be one thing while in
fact doing something different behind the scenes. For example, a program that claims it
will speed up your computer may actually be sending confidential information to a remote
intruder.
Hacker, attacker, or intruder - These terms are applied to the people who seek to exploit
weaknesses in software and computer systems for their own gain. Although their intentions
are sometimes fairly benign and motivated solely by curiosity, their actions are typically
in violation of the intended use of the systems they are exploiting. The results can range
from mere mischief (creating a virus with no intentionally negative impact) to malicious
activity (stealing or altering information).
Malicious code - This category includes code such as viruses, worms, and Trojan horses.
Although some people use these terms interchangeably, they have unique characteristics.
The End

P a g e 1 | 18

Vulnerabilities
To understand the techniques for securing a computer system, it is important to first understand
the various types of "attacks" that can be made against it. These threats can typically be classified
into one of the categories below.

Backdoors
A backdoor in a computer system, a cryptosystem or an algorithm, is a method of bypassing normal
authentication, securing remote access to a computer, obtaining access to plaintext, and so on,
while attempting to remain undetected. A special form of asymmetric encryption attacks, known
as kleptographic attack, resists to be useful to the reverse engineer even after it is detected and
analyzed.
The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a
modification to an existing program or hardware device. A specific form of backdoor is a rootkit,
which replaces system binaries and/or hooks into the function calls of an operating system to hide
the presence of other programs, users, services and open ports. It may also fake information about
disk and memory usage.

Denial-of-service attack
Unlike other exploits, denial of service attacks are not used to gain unauthorized access or control
of a system. They are instead designed to render it unusable. Attackers can deny service to
individual victims, such as by deliberately entering a wrong password enough consecutive times
to cause the victim account to be locked, or they may overload the capabilities of a machine or
network and block all users at once. These types of attack are, in practice, very hard to prevent,
because the behaviour of whole networks needs to be analyzed, not only the behaviour of small
pieces of code. Distributed denial of service (DDoS) attacks are common, where a large number
of compromised hosts (commonly referred to as "zombie computers", used as part of a botnet with,
for example; a worm, trojan horse, or backdoor exploit to control them) are used to flood a target
system with network requests, thus attempting to render it unusable through resource exhaustion.
Another technique to exhaust victim resources is through the use of an attack amplifier, where the
attacker takes advantage of poorly designed protocols on third-party machines, such as FTP or
DNS, in order to instruct these hosts to launch the flood. Some vulnerabilities in applications or
operating systems can be exploited to make the computer or application malfunction or crash to
create a denial-of-service.

The End

P a g e 2 | 18

Direct-access attacks
Common consumer devices that can be used to transfer data surreptitiously.
An unauthorized user gaining access to a computer (or part thereof) can perform many functions,
install different types of devices to compromise security, including operating system
modifications, software worms, key loggers, and covert listening devices. The attacker can also
easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or
portable devices such as key drives, digital cameras or digital audio players. Another common
technique is to boot an operating system contained on a CD-ROM or other bootable media and
read the data from the hard drive(s) this way. The only way to defeat this is to encrypt the storage
media and store the key separate from the system. Direct-access attacks are the only type of threat
to Standalone computers (never connect to internet), in most cases.

Eavesdropping
Eavesdropping is the act of surreptitiously listening to a private conversation, typically between
hosts on a network. For instance, programs such as Carnivore and NarusInsight have been used by
the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that
operate as a closed system (i.e., with no contact to the outside world) can be eavesdropped upon
via monitoring the faint electro-magnetic transmissions generated by the hardware such as
TEMPEST.

Exploits
An exploit (from the same word in the French language, meaning "achievement", or
"accomplishment") is a piece of software, a chunk of data, or sequence of commands that take
advantage of a software "bug" or "glitch" in order to cause unintended or unanticipated behaviour
to occur on computer software, hardware, or something electronic (usually computerized). This
frequently includes such things as gaining control of a computer system or allowing privilege
escalation or a denial of service attack. The term "exploit" generally refers to small programs
designed to take advantage of a software flaw that has been discovered, either remote or local. The
code from the exploit program is frequently reused in trojan horses and computer viruses. In some
cases, a vulnerability can lie in certain programs' processing of a specific file type, such as a nonexecutable media file. Some security web sites maintain lists of currently known unpatched
vulnerabilities found in common programs.

Indirect attacks
An indirect attack is an attack launched by a third-party computer. By using someone else's
computer to launch an attack, it becomes far more difficult to track down the actual attacker. There
have also been cases where attackers took advantage of public anonymizing systems, such as the
tor onion router system.

The End

P a g e 3 | 18

Social engineering and human error

A computer system is no more secure than the persons responsible for its operation. Malicious
individuals have regularly penetrated well-designed, secure computer systems by taking advantage
of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending
messages that they are the system administrator and asking for passwords. This deception is known
as social engineering.
In the world of information technology there are different types of cyber-attacklike code injection
to a website or utilizing malware (malicious software) such as virus, Trojans, or similar. Attacks
of these kinds are counteracted managing or improving the damaged product. But there is one last
type, social engineering, which does not directly affect the computers but instead their users, which
are also known as "the weakest link". This type of attack is capable of achieving similar results to
other class of cyber-attacks, by going around the infrastructure established to resist malicious
software; since being more difficult to calculate or prevent, it is many times a more efficient attack
vector.
The main target is to convince the user by means of psychological ways to disclose his or her
personal information such as passwords, card numbers, etc. by, for example, impersonating the
services company or the bank.

The End

P a g e 4 | 18

Top 8 Computer Security Methods

Computer security has never been more important. Our national critical infrastructure, our work
and our private lives depend on a smoothly running digital environment.
This is why it's so important that small businesses and home based networks, as well as large
organizations, establish good computer security practices. Luckily, many of these practices also
serve as good advice to follow in order to limit the effects of disasters, accidents and cybercrimes
other than terrorism.

1. Have a Plan
Prepare actionable steps for yourself and other users of your network to follow if your network is
attacked or appears to have been. Unlike attacks on physical property, cyber-attacks sources can
sometimes be difficult to identify. Response plans, therefore, should go into effect as soon as a
system appears to have been compromised, and then the source of the problem whether accidental
or maliciouscan be sought.

2. Back up Critical Information

Everyone, from the largest corporation to individual users, should have a system for backing up
their critical information and databases. This is so crucial it's worth saying again: everyone should
have a backup system in place!
And yet, it is rarely necessary to back up an entire system. Instead, individuals and small business
will want to select what to back up in case of an attack or disaster.

3. Authenticate Network Users

Make sure your user authentication system is appropriate for your system. If you are a private or
home networked user, make sure you change your passwords at least every 90 days. If you run a
small organization, make sure that you know who goes in and out of your workplace, virtually and
physically. In larger organizations, it is recommended that passwords be combined with physical
hardware and well-implemented biometric systems to ensure that computers are accessible only to
authorized users.

4. Create Mechanisms for Reporting Problems in the Workplace.

Developers, researchers and employees may hesitate to report system problems in environments
where they know they will be held responsible for failing to fix them. Both formal reporting
mechanisms and an atmosphere of support for full reporting will save companies potentially
critical and costly losses.

The End

P a g e 5 | 18

5. Reduce the System's Vulnerability in an Attack Situation

The object of an attack plan must be to reduce the system's vulnerability. As the Computer Science
and Telecommunications Board has noted, "making systems do less" is the primary way to make
them less vulnerable: Reduce the number of users, run less software and limit communication
between systems. All of these actions close off possible places where the system has been or can
be breached further.

6. Make Sure that Everyone Knows What to Do and Expect

The day of an apparent attack should not be the first time system operators, managers, and
employees see instructions on how to respond. Response plans need to be practiced and made part
of an overall prevention strategy. Staging mock attacks or "red teaming" is an excellent way to
identify weaknesses and areas to be strengthened in existing response strategies, while reinforcing
proper response methods.

7. Prevent Public Relations Crises by Preparing Communications Strategies

CSTB has noted that attacks need to be public: "Researchers, developers, and operators need this
information to redesign systems and procedures to avoid future incidents, and national security
and law enforcement agencies need it to defend the nation ...." Fearing for their reputations, many
organizations keep attacks under wraps. This is detrimental to the safety of all. Instead, a wellplanned communications strategy can both ensure future safety and protect organizations'
reputations.

8. Report Attacks to Government Authorities

If you suspect that a terrorist attack is the source of a slowdown or disruption in your system, it
should be reported to the United States Computer Emergency Readiness Team (US-CERT).
Reports can be made via telephone at 1-888-282-0870 or through their Internet Incident Reporting
System. For the purposes of reporting to the government, an incident is defined as "the act of
violating an explicit or implied security policy."

The End

P a g e 6 | 18

The cyber security job market

Cyber Security is a fast-growing field of IT concerned with reducing organizations' risk of hack or
data breach. Commercial, government and non-governmental all employ cyber security
professional, but the use of the term "cyber security" is government job descriptions is more
prevalent than in non-government job descriptions, in part due to government "cyber security"
initiatives (as opposed to corporation's "IT security" initiatives) and the establishment of
government institutions like the US Cyber Command and the UK Defense Cyber Operations
Group.
Typical cyber security job titles and descriptions include:
1. Security Analyst
a. Analyzes and assesses vulnerabilities in the infrastructure (software, hardware,
networks), investigates available tools and countermeasures to remedy the detected
vulnerabilities, and recommends solutions and best practices. Analyzes and
assesses damage to the data/infrastructure as a result of security incidents, examines
available recovery tools and processes, and recommends solutions. Tests for
compliance with security policies and procedures. May assist in the creation,
implementation, and/or management of security solutions.
2. Security Engineer
a. Performs security monitoring, security and data/logs analysis, and forensic
analysis, to detect security incidents, and mounts incident response. Investigates
and utilizes new technologies and processes to enhance security capabilities and
implement improvements. May also review code or perform other security
engineering methodologies.
3. Security Architect
a. Designs a security system or major components of a security system, and may head
a security design team building a new security system.
4. Security Administrator
a. Installs and manages organization-wide security systems. May also take on some
of the tasks of a security analyst in smaller organizations.
5. Chief Information Security Officer
a. A high-level management position responsible for the entire information security
division/staff. The position may include hands-on technical work.
6. Security Consultant/Specialist
a. Broad titles that encompass any one or all of the other roles/titles, tasked with
protecting computers, networks, software, data, and/or information systems against
viruses, worms, spyware, malware, intrusion detection, unauthorized access,
denial-of-service attacks, and an ever increasing list of attacks by hackers acting as
individuals or as part of organized crime or foreign governments.
Student programs are also available to people interested in beginning a career in cyber security.

The End

P a g e 7 | 18

Vulnerable areas
Computer security is critical in almost any technology-driven industry which operates on computer
systems. The issues of computer based systems and addressing their countless vulnerabilities are
an integral part of maintaining an operational industry.

Aviation
The aviation industry is especially important when analyzing computer security because the
involved risks include human life, expensive equipment, cargo, and transportation infrastructure.
Security can be compromised by hardware and software malpractice, human error, and faulty
operating environments. Threats that exploit computer vulnerabilities can stem from sabotage,
espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.
The consequences of a successful deliberate or inadvertent misuse of a computer system in the
aviation industry range from loss of confidentiality to loss of system integrity, which may lead to
more serious concerns such as exfiltration (data theft or loss), network and air traffic control
outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military
systems that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or well-funded; for a power outage at an airport
alone can cause repercussions worldwide. One of the easiest and, arguably, the most difficult to
trace security vulnerabilities is achievable by transmitting unauthorized communications over
specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt
communications altogether. These incidents are very common, having altered flight courses of
commercial aircraft and caused panic and confusion in the past Controlling aircraft over oceans is
especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond
the radar's sight controllers must rely on periodic radio communications with a third party.
Lightning, power fluctuations, surges, brownouts, blown fuses, and various other power outages
instantly disable all computer systems, since they are dependent on an electrical source. Other
accidental and intentional faults have caused significant disruption of safety critical systems
throughout the last few decades and dependence on reliable communication and electrical power
only jeopardizes computer safety.

The End

P a g e 8 | 18

Financial cost of security breaches

Serious financial damage has been caused by security breaches, but because there is no standard
model for estimating the cost of an incident, the only data available is that which is made public
by the organizations involved. Several computer security consulting firms produce estimates of
total worldwide losses attributable to virus and worm attacks and to hostile digital acts in general.
The 2003 loss estimates by these firms range from $13 billion (worms and viruses only) to $226
billion (for all forms of covert attacks). The reliability of these estimates is often challenged; the
underlying methodology is basically anecdotal.
Insecurities in operating systems have led to a massive black market for rogue software. An
attacker can use a security hole to install software that tricks the user into buying a product. At that
point, an affiliate program pays the affiliate responsible for generating that installation about $30.
The software is sold for between $50 and $75 per license.

Reasons
There are many similarities (yet many fundamental differences) between computer and physical
security. Just like real-world security, the motivations for breaches of computer security vary
between attackers, sometimes called hackers or crackers. Some are thrill-seekers or vandals (the
kind often responsible for defacing web sites); similarly, some web site defacements are done to
make political statements. However, some attackers are highly skilled and motivated with the goal
of compromising computers for financial gain or espionage. An example of the latter is Markus
Hess (more diligent than skilled), who spied for the KGB and was ultimately caught because of
the efforts of Clifford Stoll, who wrote a memoir, The Cuckoo's Egg, about his experiences.
For those seeking to prevent security breaches, the first step is usually to attempt to identify what
might motivate an attack on the system, how much the continued operation and information
security of the system are worth, and who might be motivated to breach it. The precautions required
for a home personal computer are very different for those of banks' Internet banking systems, and
different again for a classified military network. Other computer security writers suggest that, since
an attacker using a network need know nothing about you or what you have on your computer,
attacker motivation is inherently impossible to determine beyond guessing. If true, blocking all
possible attacks is the only plausible action to take.

The End

P a g e 9 | 18

Computer protection
There are numerous ways to protect computers, including utilizing security-aware design
techniques, building on secure operating systems and installing hardware devices designed to
protect the computer systems.

Security and systems design

Although there are many aspects to take into consideration when designing a computer system,
security can prove to be very important. According to Symantec, in 2010, 94 percent of
organizations polled expect to implement security improvements to their computer systems, with
42 percent claiming cyber security as their top risk.
At the same time, many organizations are improving security and many types of cyber criminals
are finding ways to continue their activities. Almost every type of cyber-attack is on the rise. In
2009 respondents to the CSI Computer Crime and Security Survey admitted that malware
infections, denial-of-service attacks, password sniffing, and web site defacements were
significantly higher than in the previous two years.

Security measures
A state of computer "security" is the conceptual ideal, attained by the use of the three processes:
threat prevention, detection, and response. These processes are based on various policies and
system components, which include the following:

User account access controls and cryptography can protect systems files and data,
respectively.
Firewalls are by far the most common prevention systems from a network security
perspective as they can (if properly configured) shield access to internal network services,
and block certain kinds of attacks through packet filtering. Firewalls can be both hardwareor software-based.
Intrusion Detection Systems (IDSs) are designed to detect network attacks in progress and
assist in post-attack forensics, while audit trails and logs serve a similar function for
individual systems.
"Response" is necessarily defined by the assessed security requirements of an individual
system and may cover the range from simple upgrade of protections to notification of legal
authorities, counter-attacks, and the like. In some special cases, a complete destruction of
the compromised system is favored, as it may happen that not all the compromised
resources are detected.

Today, computer security comprises mainly "preventive" measures, like firewalls or an exit
procedure. A firewall can be defined as a way of filtering network data between a host or a network
and another network, such as the Internet, and can be implemented as software running on the
machine, hooking into the network stack (or, in the case of most UNIX-based operating systems
such as Linux, built into the operating system kernel) to provide real time filtering and blocking.
The End

P a g e 10 | 18

Another implementation is a so-called physical firewall which consists of a separate machine

filtering network traffic. Firewalls are common amongst machines that are permanently connected
to the Internet.
However, relatively few organizations maintain computer systems with effective detection
systems, and fewer still have organized response mechanisms in place. As result, as Reuters points
out: Companies for the first time report they are losing more through electronic theft of data than
physical stealing of assets. The primary obstacle to effective eradication of cybercrime could be
traced to excessive reliance on firewalls and other automated "detection" systems. Yet it is basic
evidence gathering by using packet capture appliances that puts criminals behind bars.
Difficulty with response
Responding forcefully to attempted security breaches (in the manner that one would for attempted
physical security breaches) is often very difficult for a variety of reasons:

Identifying attackers is difficult, as they are often in a different jurisdiction to the systems
they attempt to breach, and operate through proxies, temporary anonymous dial-up
accounts, wireless connections, and other anonymizing procedures which make
backtracking difficult and are often located in yet another jurisdiction. If they successfully
breach security, they are often able to delete logs to cover their tracks.
The sheer number of attempted attacks is so large that organizations cannot spend time
pursuing each attacker (a typical home user with a permanent (e.g., cable modem)
connection will be attacked at least several times per day, so more attractive targets could
be presumed to see many more). Note however, that most of the sheer bulk of these attacks
are made by automated vulnerability scanners and computer worms.
Law enforcement officers are often unfamiliar with information technology, and so lack
the skills and interest in pursuing attackers. There are also budgetary constraints. It has
been argued that the high cost of technology, such as DNA testing, and improved forensics
mean less money for other kinds of law enforcement, so the overall rate of criminals not
getting dealt with goes up as the cost of the technology increases. In addition, the
identification of attackers across a network may require logs from various points in the
network and in many countries, the release of these records to law enforcement (with the
exception of being voluntarily surrendered by a network administrator or a system
administrator) requires a search warrant and, depending on the circumstances, the legal
proceedings required can be drawn out to the point where the records are either regularly
destroyed, or the information is no longer relevant.

The End

P a g e 11 | 18

Reducing vulnerabilities
Computer code is regarded by some as a form of mathematics. It is theoretically possible to prove
the correctness of certain classes of computer programs, though the feasibility of actually
achieving this in large-scale practical systems is regarded as small by some with practical
experience in the industry; see Bruce Schneier et al.
It is also possible to protect messages in transit (i.e., communications) by means of cryptography.
One method of encryptionthe one-time padis unbreakable when correctly used. This method
was used by the Soviet Union during the Cold War, though flaws in their implementation allowed
some cryptanalysis; see the Venona project. The method uses a matching pair of key-codes,
securely distributed, which are used once-and-only-once to encode and decode a single message.
For transmitted computer encryption this method is difficult to use properly (securely), and highly
inconvenient as well. Other methods of encryption, while breakable in theory, are often virtually
impossible to directly break by any means publicly known today. Breaking them requires some
non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission),
or some other extra cryptanalytic information.
Social engineering and direct computer access (physical) attacks can only be prevented by noncomputer means, which can be difficult to enforce, relative to the sensitivity of the information.
Even in a highly disciplined environment, such as in military organizations, social engineering
attacks can still be difficult to foresee and prevent.
In practice, only a small fraction of computer program code is mathematically proven, or even
goes through comprehensive information technology audits or inexpensive but extremely valuable
computer security audits, so it is usually possible for a determined hacker to read, copy, alter or
destroy data in well secured computers, albeit at the cost of great time and resources. Few attackers
would audit applications for vulnerabilities just to attack a single specific system. It is possible to
reduce an attacker's chances by keeping systems up to date, using a security scanner or/and hiring
competent people responsible for security. The effects of data loss/damage can be reduced by
careful backing up and insurance.

Security by design
Security by design, or alternately secure by design, means that the software has been designed
from the ground up to be secure. In this case, security is considered as a main feature.
Some of the techniques in this approach include:

The principle of least privilege, where each part of the system has only the privileges that
are needed for its function. That way even if an attacker gains access to that part, they have
only limited access to the whole system.
Automated theorem proving to prove the correctness of crucial software subsystems.
Code reviews and unit testing, approaches to make modules more secure where formal
correctness proofs are not possible.
The End

P a g e 12 | 18

Defense in depth, where the design is such that more than one subsystem needs to be
violated to compromise the integrity of the system and the information it holds.
Default secure settings, and design to "fail secure" rather than "fail insecure" (see fail-safe
for the equivalent in safety engineering). Ideally, a secure system should require a
deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities
in order to make it insecure.
Audit trails tracking system activity, so that when a security breach occurs, the mechanism
and extent of the breach can be determined. Storing audit trails remotely, where they can
only be appended to, can keep intruders from covering their tracks.
Full disclosure of all vulnerabilities, to ensure that the "window of vulnerability" is kept as
short as possible when bugs are discovered.

Security architecture
The Open Security Architecture organization defines IT security architecture as "the design
artifacts that describe how the security controls (security countermeasures) are positioned, and
how they relate to the overall information technology architecture. These controls serve the
purpose to maintain the system's quality attributes: confidentiality, integrity, availability,
accountability and assurance services".
Techopedia defines security architecture as "a unified security design that addresses the necessities
and potential risks involved in a certain scenario or environment. It also specifies when and where
to apply security controls. The design process is generally reproducible." The key attributes of
security architecture are:

The relationship of different components and how they depend on each other.
The determination of controls based on risk assessment, good practice, finances, and legal
matters.
The standardization of controls.

The End

P a g e 13 | 18

Hardware protection mechanisms

While hardware may be a source of insecurity, such as with microchip vulnerabilities maliciously
introduced during the manufacturing process. Using devices and methods such as dongles, trusted
platform modules, intrusion-aware cases, drive locks, disabling USB ports, and mobile-enabled
access may be considered more secure due to the physical access (or sophisticated backdoor
access) required in order to be compromised. Each of these is covered in more detail below.

USB dongles are typically used in software licensing schemes to unlock software
capabilities,[15] but they can also be seen as a way to prevent unauthorized access to a
computer or other device's software. The dongle, or key, essentially creates a secure
encrypted tunnel between the software application and the key. The principle is that an
encryption scheme on the dongle, such as Advanced Encryption Standard (AES) provides
a stronger measure of security, since it is harder to hack and replicate the dongle than to
simply copy the native software to another machine and use it. Another security application
for dongles is to use them for accessing web-based content such as cloud software or
Virtual Private Networks (VPNs).[16] In addition, a USB dongle can be configured to lock
or unlock a computer.

Trusted platform modules (TPMs) secure devices by integrating cryptographic capabilities

onto access devices, through the use of microprocessors, or so-called computers-on-a-chip.
TPMs used in conjunction with server-side software offer a way to detect and authenticate
hardware devices, preventing unauthorized network and data access.

Computer case intrusion detection refers to a push-button switch which is triggered when
a computer case is opened. The firmware or BIOS is programmed to show an alert to the
operator when the computer is booted up the next time.

Drive locks are essentially software tools to encrypt hard drives, making them inaccessible
to thieves. Tools exist specifically for encrypting external drives as well.

Disabling USB ports is a security option for preventing unauthorized and malicious access
to an otherwise secure computer. Infected USB dongles connected to a network from a
computer inside the firewall are considered by Network World as the most common
hardware threat facing computer networks.

Mobile-enabled access devices are growing in popularity due to the ubiquitous nature of
cell phones. Built-in capabilities such as Bluetooth, the newer Bluetooth low energy (LE),
Near field communication (NFC) on non-iOS devices and biometric validation such as
thumb print readers, as well as QR code reader software designed for mobile devices, offer
new, secure ways for mobile phones to connect to access control systems. These control
systems provide computer security and can also be used for controlling access to secure
buildings.

The End

P a g e 14 | 18

Secure operating systems

One use of the term "computer security" refers to technology that is used to implement secure
operating systems. Much of this technology is based on science developed in the 1980s and used
to produce what may be some of the most impenetrable operating systems ever. Though still valid,
the technology is in limited use today, primarily because it imposes some changes to system
management and also because it is not widely understood. Such ultra-strong secure operating
systems are based on operating system kernel technology that can guarantee that certain security
policies are absolutely enforced in an operating environment. An example of such a Computer
security policy is the Bell-LaPadula model. The strategy is based on a coupling of special
microprocessor hardware features, often involving the memory management unit, to a special
correctly implemented operating system kernel. This forms the foundation for a secure operating
system which, if certain critical parts are designed and implemented correctly, can ensure the
absolute impossibility of penetration by hostile elements. This capability is enabled because the
configuration not only imposes a security policy, but in theory completely protects itself from
corruption. Ordinary operating systems, on the other hand, lack the features that assure this
maximal level of security. The design methodology to produce such secure systems is precise,
deterministic and logical.
Systems designed with such methodology represent the state of the art of computer security
although products using such security are not widely known. In sharp contrast to most kinds of
software, they meet specifications with These are very powerful security tools and very few secure
operating systems have been certified at the highest level (Orange Book A-1) to operate over the
range of "Top Secret" to "unclassified" (including Honeywell SCOMP, USAF SACDIN, NSA
Blacker and Boeing MLS LAN). The assurance of security depends not only on the soundness of
the design strategy, but also on the assurance of correctness of the implementation, and therefore
there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies
security strength of products in terms of two components, security functionality and assurance
level (such as EAL levels), and these are specified in a Protection Profile for requirements and a
Security Target for product descriptions. None of these ultra-high assurance secure general
purpose operating systems have been produced for decades or certified under Common Criteria.
In USA parlance, the term High Assurance usually suggests the system has the right security
functions that are implemented robustly enough to protect DoD and DoE classified information.
Medium assurance suggests it can protect less valuable information, such as income tax
information. Secure operating systems designed to meet medium robustness levels of security
functionality and assurance have seen wider use within both government and commercial markets.
Medium robust systems may provide the same security functions as high assurance secure
operating systems but do so at a lower assurance level (such as Common Criteria levels EAL4 or
EAL5). Lower levels mean we can be less certain that the security functions are implemented
flawlessly, and therefore less dependable. These systems are found in use on web servers, guards,
database servers, and management hosts and are used not only to protect the data stored on these
systems but also to provide a high level of protection for network connections and routing services.

The End

P a g e 15 | 18

Secure coding
If the operating environment is not based on a secure operating system capable of maintaining a
domain for its own execution, and capable of protecting application code from malicious
subversion, and capable of protecting the system from subverted code, then high degrees of
security are understandably not possible. While such secure operating systems are possible and
have been implemented, most commercial systems fall in a 'low security' category because they
rely on features not supported by secure operating systems (like portability, and others). In low
security operating environments, applications must be relied on to participate in their own
protection. There are 'best effort' secure coding practices that can be followed to make an
application more resistant to malicious subversion.
In commercial environments, the majority of software subversion vulnerabilities result from a few
known kinds of coding defects. Common software defects include buffer overflows, format string
vulnerabilities, integer overflow, and code/command injection. These defects can be used to cause
the target system to execute putative data. However, the "data" contain executable instructions,
allowing the attacker to gain control of the processor.
Some common languages such as C and C++ are vulnerable to all of these defects (see Seacord,
"Secure Coding in C and C++"). Other languages, such as Java, are more resistant to some of
these defects, but are still prone to code/command injection and other software defects which
facilitate subversion.
Another bad coding practice occurs when an object is deleted during normal operation yet the
program neglects to update any of the associated memory pointers, potentially causing system
instability when that location is referenced again. This is called dangling pointer, and the first
known exploit for this particular problem was presented in July 2007. Before this publication the
problem was known but considered to be academic and not practically exploitable.
Unfortunately, there is no theoretical model of "secure coding" practices, nor is one practically
achievable, insofar as the code (ideally, read-only) and data (generally read/write) generally tends
to have some form of defect.

Capabilities and access control lists

Within computer systems, two security models capable of enforcing privilege separation are access
control lists (ACLs) and capability-based security. Using ACLs to confine programs has been
proven to be insecure in many situations, such as if the host computer can be tricked into indirectly
allowing restricted file access, an issue known as the confused deputy problem. It has also been
shown that the promise of ACLs of giving access to an object to only one person can never be
guaranteed in practice. Both of these problems are resolved by capabilities. This does not mean
practical flaws exist in all ACL-based systems, but only that the designers of certain utilities must
take responsibility to ensure that they do not introduce flaws.

The End

P a g e 16 | 18

Hacking back
There has been a significant debate regarding the legality of hacking back against digital attackers
(who attempt to or successfully breach an individual's, entity's, or nation's computer). The
arguments for such counter-attacks are based on notions of equity, active defense, vigilantism, and
the Computer Fraud and Abuse Act (CFAA). The arguments against the practice are primarily
based on the legal definitions of "intrusion" and "unauthorized access", as defined by the CFAA.
As of October 2012, the debate is ongoing.

Notable computer security breaches

Some illustrative examples of different types of computer security breaches are given below.

Robert Morris and the first computer worm

In 1988, only 60,000 computers were connected to the Internet, and most were mainframes,
minicomputers and professional workstations. On November 2, 1988, many started to slow down,
because they were running a malicious code that demanded processor time and that spread itself
to other computers - the first internet "computer worm". The software was traced back to 23 year
old Cornell University graduate student Robert Tappan Morris, Jr. who said 'he wanted to count
how many machines were connected to the Internet'.

Rome Laboratory
In 1994, over a hundred intrusions were made by unidentified crackers into the Rome Laboratory,
the US Air Force's main command and research facility. Using trojan horses, hackers were able to
obtain unrestricted access to Rome's networking systems and remove traces of their activities. The
intruders were able to obtain classified files, such as air tasking order systems data and furthermore
able to penetrate connected networks of National Aeronautics and Space Administration's Goddard
Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private
sector organizations, by posing as a trusted Rome center user.

TJX loses 45.7 customer credit card details

In early 2007, American apparel and home goods company TJX announced that it was the victim
of an unauthorized computer systems intrusion and that the hackers had accessed a system that
stored data on credit card, debit card, check, and merchandise return transactions.

Stuxnet attack
The computer worm known as Stuxnet reportedly ruined almost one-fifth of Iran's nuclear
centrifuges by disrupting industrial programmable logic controllers (PLCs) in a targeted attack
generally believed to have been launched by Israel and the United States although neither has
publicly acknowledged this.
The End

P a g e 17 | 18

Cyber Security Needs Urgent Attention Of Indian

Government

Cyber security in India has received little attention from our policy makers from time to time.
Successive governments in India have failed to cater the growing needs for robust and effective
cyber security of India. It is clear that India not only lacks offensive and defensive cyber security
capabilities but it is not capable of dealing with sophisticated malware like Stuxnet, Duqu, Flame,
Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus, etc. The cyber security trends in India
(Pdf) are not at all convincing.
Cyber security initiatives and projects in India are negligible in numbers. Even if some projects
have been proposed, they have remained on papers only. Projects like National Cyber Coordination
Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC)
of India, has etc failed to materialise so far. The National Cyber Security Policy of India 2013 also
failed to take off and even if it is implemented it is weak on numerous aspects like privacy violation
in general and civil liberties infringement in particular. It would not be wrong to say that India is
a sitting duck in cyberspace and civil liberties protection regime.
Cyber security breaches are increasing world over and India is also facing this problem. The cyber
security challenges before the Narendra Modi government would not be easy to manage as
everything has to be managed from the beginning. There is a dire need to protect Indian cyberspace
from sophisticated cyber-attacks. For instance, cyber security of critical infrastructures (Pdf) likes
banks, automated power grids, satellites, thermal power plants, SCADA systems, etc are
vulnerable to cyber-attacks from around the world.
According to New Delhi based techno legal law firm Perry4Law, the ultimate solution in this
regard is to formulate a techno legal framework that can safeguard Indian cyberspace in the best
possible manner. A dedicated cyber security law of India and implementable cyber crisis
management plan is also required. Outdated and draconian laws like cyber law and telegraph Act
of India must also be repealed immediately.
In these circumstances cyber security needs urgent attention of Indian government. In a positive
development, the National Cyber Coordination Centre (NCCC) of India may finally see the light
of the day and may become functional very soon. The NCCC would help India is fighting against
national and international cyber threats. Very soon it would be clear how far the BJP government
would go to protect Indian cyberspace.
The End

P a g e 18 | 18