Chapter 16 Protection & Security

<aside> 💡

</aside>

Computer security refers to protection from theft, damage, disruption, or misdirection of services.
Protection consists of mechanisms and policies ensuring confidentiality, integrity, availability, and authenticity of data and services.
Security can be compromised via attacks targeting hardware, software, or communication channels.

The key types of security violations and their consequences:

Violation	Definition	Typical Consequences
Information Disclosure	Unauthorized release of information (theft or deliberate leakage).	Breach of confidentiality/privacy.
Information Modification	Unauthorized data/program changes by intruders or legitimate users.	Loss of data integrity and potential future violations.
Information Destruction	Deliberate or accidental deletion of data or damage to hardware.	Loss of data or service access.
Unauthorized Use	Circumventing authentication to access services.	Financial loss for service providers.
Denial of Service (DoS)	Preventing legitimate users from accessing a service.	System unavailability, financial loss.
User Deception	Manipulating a user into trusting false information.	Leads to additional security breaches.

Legitimate users can intentionally compromise security for financial gain, revenge, or malice.
Common insider attack methods:
- Logic Bomb: Malicious code that executes destructively at a set time (often for blackmail or revenge).
- Backdoor (Trapdoor): A hidden method of bypassing authentication (e.g., modified login utilities).
- Information Leaking: A high-security user downgrading file permissions to allow unauthorized access.
- Login Spoofing: Presenting a fake login screen to steal credentials (mitigation: requiring a key sequence like CTRL-ALT-DEL before login).

Trojan Horse: A program that appears legitimate but contains hidden malicious code.
Virus: A self-replicating program that embeds in software to spread and execute harmful actions.
- Viruses may use compression, encryption, and mutation to evade antivirus detection.
- Common infection methods: Downloaded software, email attachments, file transfers.
- Antivirus software scans for known viruses in databases and detects suspicious modifications.

Buffer Overflow Attack: A technique where unvalidated input overflows a buffer, overwriting memory and potentially allowing arbitrary code execution.
Worms: Self-replicating malware that exploits system vulnerabilities to spread across networks.
- Worms often use buffer overflow attacks as their entry method.
- Primary goals: Data destruction, system disruption (DoS), unauthorized access.

Challenges: Running external code (e.g., applets, mobile agents) risks introducing malware.