International diploma in Computing Student name:

Computer security (C2025) Student ID:

Assignment
Term Two 2008
Cyber security

International Diploma in Computing

Computer security (C2025)
Assignment
Term Two 2008

Student name:
Student ID:
Title: Cyber security

Contents

1. Introduction

2. Cyber Security

3. Cyber attack

4. Cyber Security technologies

5. Conclusion

1. Introduction

It seems that everything relies on computers and the internet nowadays from
communication, education, entertainment etc. No doubt that computers and
telecommunications provide a lot of convenient for our life. Unfortunately, although
most people use the Internet as a powerful and beneficial tool for communication and
education, some individuals exploit the power of the Internet for criminal or terrorist
purposes

Cyber world is a space created by electronic communication with computers virtual

space. It is not a real world, but everything is happening as real time. This virtual world
enhances our quality of life, saves us much time and makes the world closer. In the cyber
world, you can do anything that you want, and all that are real happening. Cyber world
seems to be another area where all human behavior is mimicked from the real world.
Activities and behaviors in the cyber world can be positive and negative – mimic real
world activities and behaviors. All negative activities and behaviors may affect others in
the cyber world.

Page 1
International diploma in Computing Student name:
Computer security (C2025) Student ID:
Assignment
Term Two 2008
Cyber security

Page 2
International diploma in Computing Student name:
Computer security (C2025) Student ID:
Assignment
Term Two 2008
Cyber security
2. Cyber Security

Everyone can connect to cyber world with computer by internet. Internet provides 24
hours services a day for information access, providing credit and financial services, and
shopping. The Internet lets us communicate around the world.

Unfortunately, many computer systems and networks are not designed with security in
mind. As a result, some individuals exploit the Internet to perform criminal actions and
other harmful acts. It is vulnerable to gain unauthorized access to your computer, and use
that access to steal your identity, commit fraud, or even launch cyber attacks against
others. Therefore, there are varieties of cyber security technologies have been invented to
defend the increasing threats of cyber attack.

Many attacks on internet have no particular target. The attacker simply sends a large
broadcast that uses any unprotected system as a staging point from which to launch an
attack. Using computers without basic protections like firewall, anti-virus software and
user education not only affects your own business, but also causes virus spread around
the internet.

System’s lack of protection makes you become a target: it can destroy your computer,
your network and can contribute to a virus distribution that slow or halts portions of the
internet. All of us, who use the Internet, have responsibilities to maintain a culture of
security in order to increase consumer and business confidence.

Security scheme should be adopted to protect the cyber world. Cyber world is a
combination of computer and network. Cyber security has to protect these two main
items to provide services with confidentiality, integrity and availability.

Confidentiality - Cyber security protects information that should be available only to

those who rightfully have access to it. Private and sensitive information are safely to be
stored and transferred to somebody who has right to access.

Integrity - Cyber security protects information that should be modified only by those who
are authorized to do so. Information can be confirmed that it is come from a trusted
media.

Availability - Cyber security protects information that should be accessible to those who
need it. Timely and uninterrupted service can be provided.

Cyber security technologies are the process of preventing and detecting cyber attack.
Some security attacks arise from the possibility of user misuse to infect virus, which can
be detected and filter. Other attacks from intruder unauthorized access and denial of
service can also be prevented by security network design. Although cyber security
technologies cannot prevent every possible attack, cyber security plan can help to reduce
the risk of being attacked and reduce the time for backup and recovery.

Page 3
International diploma in Computing Student name:
Computer security (C2025) Student ID:
Assignment
Term Two 2008
Cyber security

3. Cyber Attack

Cyber attack is describing crimes that occur in a virtual world as opposed to tangible
attacks such as war. A targeted cyber attack means the attacker specifically targets
someone or a company to attack. A successful attack will typically allow attacker to gain
access to the victim’s assets, allowing stealing of sensitive internal data and possibly
cause disruption and denial of service. Victims of such attacks typically suffer financial
losses and might also lose credibility.

Most attacks on the Internet consist of opportunistic attacks rather than attacks targeted
for some specific entity. An opportunistic attack is when an attacker targets various
different parties by using one or various generic ways to attacks such parties, in hope that
some of them will be vulnerable to attack. In an opportunistic attack, an attacker will
have a large number of targets and will not care that much on who the victim is, but
rather on how many victims there are.

On the other hand, various individual organizations are still potential victims to targeted
attacks. A targeted attack is much more effective and damaging for the victim since the
actions performed by the malicious hacker are tailored.

Below list some commonly cyber attacks:

Email

The basic email protocols (RFC) do not provide any authentication of the “From”
address. Attacker will use various methods to fool victims into visiting their malicious
website while pretending to be a trusted sender. For example, simulate the common
domain name by altering one letter, exploit vulnerabilities in web browsers, etc. Besides,
attacker will launch his own code on victim’s computer by attaching his executable to
email message. This common attack is known as “Mass Mailing Worms”.

Trojan horse

Trojan horse program is a common way for intruders to trick you (sometimes referred to
as "social engineering") into installing "back door" programs. These can allow intruders
easy access to your computer without your knowledge, change your system
configurations, or infect your computer with a computer virus.

Worms

Worms are viruses that spread through computer networks. They replicate themselves
from machine to machine through network. They can replicate themselves many times
and create next version by their malicious code.

Network Attack

Page 4
International diploma in Computing Student name:
Computer security (C2025) Student ID:
Assignment
Term Two 2008
Cyber security

Attacker can get the location (IP address) of the company by making use of email and
other similar technology, or go through the gateway. The attacker will then enumerate the
IP address pool belonging to the victim, and enumerate the services exposed to the
Internet, such as SMTP, HTTP or VPN. Version information will also help attacker to
determine if the service is running up to date software with all the security fixes; or help
them to audit the software for new unknown security flaws. For example, if the target is
known to be running IIS 6 with a specific commercial or OpenSource Web Application,
the attacker is likely to download that web application and learn all about its default
settings, how the web application implements security or where sensitive files are stored.

Distributed denial of service attacks

DDoS (Distributed Denial of Service) allows attacker to knock off his victims rather than
steal information. This attack typically consists of flooding the network with packets,
reaching its limits. As a result, legitimate requests are lost or at least the service becomes
too slow to work with. The attacker targets a large number of victims by making use of
opportunistic attacks, and through them to direct thousands of systems to attack a single
server or network.

Bypassing security mechanisms

 Bypassing traditional anti-virus

Attacker usually creates custom made program and delivers to victims. The anti-virus
software will try to match the attacker’s program against a list of known virus and will
probably be bypassed.

 Bypassing firewall

Attacker can attack servers that are not fully protected by firewall and hop from server to
server. Some administrators might release firewall to access server to server for
themselves; attackers can follow the administrator’s steps to do the same case.

Page 5
International diploma in Computing Student name:
Computer security (C2025) Student ID:
Assignment
Term Two 2008
Cyber security
4. Cyber Security Technologies:

Public communication networks traditionally have not been secure in the sense of
providing high levels of security for the information that is transmitted. As these
networks are increasingly used for commercial transactions, the need to provide security
becomes critical.

Below describe some commonly used technologies for managing cyber security:

Firewall System

Firewall is a very good security solution especially at covering up vulnerable services

that should never be exposed to aggressive networks such as the Internet. Having a well-
configured firewall minimizes exposure and allows administrator to focus on securing
more sensitive or vulnerable parts of the network.

A firewall is implemented in a computer or a router, and its role is to control external

access to internal information and services. Various fields in arriving packets are
examined to determine whether they should be allowed to pass or to be discarded. These
fields can include source and destination IP addresses and TCP/UDP port numbers,
ICMP message types and fields inside the IP and TCP payloads.

There are three common types of firewall filtering:

 Packet filtering

Page 6
International diploma in Computing Student name:
Computer security (C2025) Student ID:
Assignment
Term Two 2008
Cyber security
Packet filters can filter packets based on protocol, source or destination port number and
source or destination address, or computer name. IP packet filters are static, and
communication through a specific port is either allowed or blocked. Blocked packets are
usually logged, and a secure packet filter denies by default.

 Circuit-level filtering

Circuit-level filters inspect sessions rather than payload data. An inbound or outbound
client makes a request directly against the firewall/gateway, and in turn the gateway
initiates a connection to the server and acts as a broker between the two connections.
With knowledge of application connection rules, circuit level filters ensure valid
interactions. They do not inspect the actual payload, but they do count frames to ensure
packet integrity and prevent session hijacking and replaying.

 Application filtering

Application filters can analyze a data stream for an application and provide application-
specific processing, including inspecting, screening or blocking, redirecting, and even
modifying the data as it passes through the firewall. Application filters protect against
attacks unsafe SMTP commands, attacks against internal DNS servers and HTTP-based
attacks.

Cryptography

Cryptography is the science of using mathematics to encrypt and decrypt data. It enables
users to store sensitive information or transmit it across insecure networks (such as
Internet) so that it cannot be read by anyone except the intended recipient.

A cryptographic algorithm, or cipher, is a mathematical function used in the encryption

and decryption process. A cryptographic algorithm works in combination with a key
(word, number or phase) to encrypt the plaintext. The same plaintext encrypts to different
ciphertext with different keys. The cryptographic algorithm, all possible keys and all the
protocols that make it work comprise a cryptosystem.

 Data Encryption Standard (DES)

Page 7
International diploma in Computing Student name:
Computer security (C2025) Student ID:
Assignment
Term Two 2008
Cyber security
DES is the most widely used shared key cryptosystem. In the encryption process, DES
first divides the original message into blocks of 64 bits. Each block is then separately
encrypted into a block of 64-bit ciphertext. DES uses a 56-bit secret key and the
encryption algorithm has 19 steps. The decryption basically runs the algorithm in reverse
order.

Each step in DES algorithm takes a 64-bit input from the preceding step and produces a
64-bit output for the next step. The first step performs an initial permutation of 64-bit
plaintext that is independent of the key. The last step performs a final permutation that is
the inverse of the initial permutation.

The next-to-last stage swaps the 32 bits on the left with the 32 bits on the right. Each of
the remaining 16 iterations performs the same function but uses a different key. The key
at each iteration is specifically generated from the key at the preceding iteration. First a
56-bit permutation is applied to the key. Then the result is partitioned into two 28-bit
blocks, each of which is independently rotated left by some number of bits. The
combined result undergoes another permutation. Finally a subset of 48 bits is used for the
key at given iteration.

 Pretty Good Privacy (PGP)

Page 8
International diploma in Computing Student name:
Computer security (C2025) Student ID:
Assignment
Term Two 2008
Cyber security
PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first
compresses the plaintext and creates a session key, which is a one-time-only secret key.
This session key works with a very secure, fast conventional encryption algorithm to
encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key
is then encrypted to the recipient's public key. This public key-encrypted session key is
transmitted along with the ciphertext to the recipient.

Decryption works in the reverse. The recipient's PGP uses his or her private key to
recover the temporary session key, and PGP then uses the key to decrypt the
conventionally-encrypted ciphertext.

Content Filtering

Content filtering is the technique to block or allow content based on analysis of its
content, rather that its source or other criteria. It is widely used on the Internet to filter
email and web access. Content filtering can be divided into Web filtering, the screening
of Web sites or pages, and e-mail filtering, the screening of e-mail for spam or other
objectionable content.

 Content filtering of email

Page 9
International diploma in Computing Student name:
Computer security (C2025) Student ID:
Assignment
Term Two 2008
Cyber security
Content filtering of email is the most common methods to filter spam. Content filters act
on the email content, the information contained in the mail body or on the mail headers to
classify, accept or reject a message

Usually anti-virus methods can be classified as content filters too, since they scan
simplified versions of either the binary attachments of mail or the HTML contents.
Content filters can also analyze data and either restrict the data or change the data.

 Content filtering of web content

Web filter is a program that screens an incoming Web page to determine whether some
or all of it should not be displayed to users. The filter checks the origin or content of a
Web page against a set of rules provided by company or person who has installed the
Web filter. A Web filter allows an enterprise or individual user to block out pages from
Web sites that are likely to include objectionable advertising, pornographic content,
spyware, viruses, and other objectionable content.

Some Web filters also provide reporting function so that the installer can see what kind
of traffic is being filtered and who has requested it. They provide soft blocking (in which
a warning page is sent to the user instead of the requested page while still allowing
access to the page) and an override capability that allows an administrator to unlock a
page.

Separate Network

When a network attack occurs on an open network, the attacker will be able to attack
other hosts on the same network. The solution is to physically separate different networks
and apply access control between different sections of the network.

Page 10
International diploma in Computing Student name:
Computer security (C2025) Student ID:
Assignment
Term Two 2008
Cyber security
5. Conclusion

Everyone should be aware of cyber security, and has responsibility to protect the
confidentiality, integrity, and availability of information. In today's highly networked
systems environment, all individuals require:

• Understand their roles and responsibilities related to the security mission

• Understand the organization's information technology security policy, procedures,
and practices
• Have at least adequate knowledge on various management, operational and technical
controls required and available to protect the IT resources/network environment of
their responsible areas

It aims to produce security behaviors that are automatic. The goal is to make "thinking
security" becomes a natural reflex for everyone in the organization. Awareness activities
can be built under these reflexes for both the security professional and everyday user.

-- End of Document --

Page 11