Introduction To Security Threats Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Part 1

1 Introduction

1.1 Introduction to Security Threats

As the technologies and system development stepping in to a new era the services that can be served to the user also improved with respect to the development of new technologies and new concepts. According to the information system the user named as stakeholder which is the person who experiences the service of a well-developed most reliable information system that satisfying the stakeholder's needs and mostly business requirements. But there is a most essential fact regarding to a well-developed information system, it is the way to keep the stakeholder's valuable and secret information not exposed to intruders of him, by making sure they can't view, modify and destroy information , the thing is how to prevent intrusion attacks on this data and how to make the requirement satisfied by most appropriate mechanism and techniques , And that's how the Name and the huge concepts consisting subject came to the picture SYSTEM SECURITY . First when we consider the System security the most important is to keep on alert regarding environmental threats such as

1.1.1Physical Threats- Physically damages done by intruders and turning the System switched off. Due to equipment vulnerability of falling down from a certain height.

1.1.2Natural disasters- Mostly all available naturals' disasters can be taken in to the account and these kinds of threats can't be prevented when it suddenly happening but well organized and well planning applied to any system on establishing a system.

And also there are threats that effects a particular system in logical form conducted by an attacker (intruder), mostly threats involves when that transmission happen between two or more Nodes which is transmitted by utilizing common shared network (internet)

Each information system has many attacks in many ways those are can identified as Threats on a system.

It's good to know about security attack types basically security attacks are two types

1.1.3Active attacks - A third party who intercept the Connectivity of two people and the intruder only attempt to view that massages which are exchanged between above two people, no modifications and destroying done by the intruder , this kind of attacking type is so hard to determine whether someone still under attack with this method.

1.1.4 Passive Attacks - at the same situation the Intruder does the massage capturing and do the modification according to his expectation and later send it to relevant party , but this method can be determine when it happen most of the time.

There are three main System Security Objectives to achieve

Confidentiality - making the stakeholder's data not exposed to any other unauthorized entity that entered to the system. And in this objective basically consider on protecting data flow from analysis and by this an attacker will not able to observe the source and destination and other relevant information that traffic flow consists.

Threats against Confidentiality,

Eavesdropping-is the attacking type of that observing a data flow without doing any modification on it, this type of threat is done by an attacker who analyses the General traffic flow pattern during the Communication between agent and the server in other words Server and Client. Due to this attack the data privacy may lost so all the data that with the data flow can be exposed to the intruder who is interested to analyse. Eavesdropping is a most related to passive attacks which comes under security attacks and it also has 2 types of passive or eavesdropping attacks

Release of massage content - reading the contains of a massage which was transmitted over a data link by a sender and before reaching to the destination an intruder does the massage capturing and read the contain so this type of attacks loses the Confidentiality of data transmitted over communication network link and the data privacy will not gained .


Traffic analysis - an analysis does the monitoring on the data flow general pattern only no massage content reading take place in this situation ,

Integrity - one of major security objective and service that can be introduced, the word integrity explains that whenever the data of significant 2 parties which are exchanging there should not have a vulnerability of Data modification and Destroying without having respective permission on that transmission or at a storage system by an intruder, and by the integrity even a single bit and several bit streams also can be protected.

The idea behind this integrity is making the Transmitted data non modified and destroyed under the Connection oriented connectivity integrity service and connectionless connectivity integrity service. Mostly concerned with violation detection that preventing, when a violation take place simply reported to the relevant authorities

Threats against Integrity

Under this topic there are plenty of threats to discussed, each threats are explained in detail

Ip spoofing-one of most serious threat against data integrity,

Intruders create packets with false IP addresses by adding internal host address as source ip address and exploit applications that used. And there are many ip spoofing methods

Blind , non-blind , man in middle attack, some several DOS attacks related to spoofing activities

By using these type of attacks an attacker can easily capture , Read , and even there is a requirement on modifying captured data and transmit to another user over a communication link, mostly integrity and confidential violation take place during this attack ,

Two of spoofing types can be explained

IP spoofing Non Blind

As the figure explains this scenario explained in IPv4 technology, in IPv4 before a particular sender and receiver communicate with each other there is a protocol to Identify each other by doing three way handshake , when an attacker does the interruption by sending final ACK packet to the relevant receiver by predicting TCP sequence number before the sender transmitting with in the same segment with different MAC address layer 2 address and due to 3rd ACK packet transmitted by the attacker the sender trusts the Layer 2 address to reach Sender's ip address as an example but the Layer two address is different , so the ip Spoofed by the attacker and the Communication happens only between the attacker and the Receiver and the data should be handed over to the sender all the

F:\Harsha Stuff\DIG\2nd semester study materials\2nd SEMESTER subjects\A350CT Systems Security\A350CT System Security Coursework\ip spoodinf nonblind.jpg

Data will captured by the attacker,

And there are some applications that spoofing can be gained and also the anti-spoofing application and methods

Such as Anti-spoofing with Access Lists , Anti-spoofing with uRPF , Anti-spoofing with IP Source Guard

Threats against Availability of a system

Availability - Simply the word explains any implemented information system should have that capability of providing services to clients at any time that client required the service of it. Because of this availability both Server and Client satisfies the requirements. But against this business there are some significant threats can be raised by an intruder.

Because if this type of threats the efficiency of an information system or the efficiency of a network drastically may decrease so the service providence may not sufficient to relevant clients , after then the client and service provider business collapse due to less trust developed on the provider.

DOS attacks (Denial of Service) - DOS is not about cracking security is not about getting in to a system to see secret data or getting

To change secrete data, it is actually truly denial of service

That mounting attack that stops the legitimate users from accessing intended of legitimate servers

For an example we can take an email Dos attack, in this situation the intruder does not wish or the attempt is

Not to see other user's emails it's more about to preventing the legitimate users from checking their own emails

Or sending and receiving from legitimate users

And it is done by Foot printing the router information such as what kind of router , what if might be susceptible and sending extremely large of legitimate looking requests in many large numbers may exceed thousands of millions of requests.For that kind of servers with this attempt there is a vulnerability of

Overloading the Server Processing memory and deducting the ability of capacity handling received requests

And the Efficiency of the system will degrade.This means practically any legitimate server stops listening to legitimate users and simply denials every Service so these kinds of attacks

Counter measurements on DOS attacks

The way to prevent this attack is to identifying these legitimate looking requests, most of the routers can perform this but not much fast enough,

In Most of well Developed router and switches has the ability of identifying the pattern of DOS attack request with comparing to the legitimate user's requests at instance and performs quick self-freezing so what self-shutting down of any dos attack performed by an identified IP address, and in the next starting up that interacted IP address Blocked and Gives a flag to the network administrator for further investigations. This process named as Active Defence

Threats against Data Authenticity

Authenticity -there is a one of security service that helps to prevent losing confidentiality and integrity of transmitted data between two or more nodes, unauthorized attackers of an information system.

Under the Authentication topic accessing network related resources and Share data is provided to only some legitimate users that interested to share, So to obtain required services from legitimate servers most of the time any legitimate user must log into the server and must use the channel bandwidth also, to gain the access to the server User name password authentication take place to identify the legitimate user by the server to provide service, so the explanation on access gaining to a network node authentication was like that.

1.2 Malwares

Malwares this word means malicioussoftware, a software type that does used to

Disturb a corrupt computer based system operations

Gather or steal some system's secrete data

Gain access to highly restricted computer systems

Simply general term used to refer to a variety of forms of hostile or intrusive software

1.2.1 Malware Terminology with Categorization

All possible malwares are categorized under these Combinations. Whether a Malware need a host program to survive or it can handle it self which means Standalone


Whether the Malware propagation don by spreading with replication or None of malware does not propagate from one to another


Host Program Required

Stand alone

Spreading done by Replicating

Dose not Spread


Key logger


Trojan horse

Mobile code

Trojan horse


Logic bombs

Logic bombs



Back door




1.2.2Malware Types explained


Host Program required

Has a particular structure

Actions performed with identical phases

Overview on viruses

Virus sounds like really creepy yes for human also virus causes many uncomfortable diseases and really it is a threat to a healthy life. In cyber world and computer world virus take place in order to make the system corrupt under the supervision of an intruder that hopes to gain some illegal purposes

Virus is a non-standalone piece of software which needs a host program to get executed while the host program executed, during the virus executing most of the data may modified and the virus replicas may generated by the original virus, mostly virus attack complains related to Operating systems and hardware components, they take the weak points of the OS and others as their advantage.

Virus Structure

There are three major components of a virus structure

Infection mechanism - This component enables the virus replication , mostly it depends on the infected host program (i.e. firefox.exe + kissme.dll)

Payload - Payload carries instructions to do the impact and what to be done

Trigger - The time that the virus takes the opportunity to make the payload activated

And a virus that consist with these components may be attached to a host program by mainly three ways either the virus may attached

Prepended - virus attached on the top of the host program

Post pended - virus attached at the end of the host program

Embedded - virus can be inserted to the host program




Figure 2.1 Structure of a virus

This type of source code can be obtained by specially developed debugging software who can observe each and every virus's structure, and it will be so helpful to develop solutions for various types of viruses.

Virus Phases

typical viruses act under four main phases , amoung these four of phases viruses apporches may under single or more phases

Phase 1

Dormant Phase - virus state is ideal under this phase , virus activated eventually when the prepended embedded or post pended host program activated , usually not all viruses take this phase , so this kind of attacks can be introduced as zero day attacks

In practice of really manner when a virus infected or attached host program activated by user (i.e. Ms Excel.exe + Malware1.dll) at once the virus gets triggered to infect other programs according to the payload instructions that generated and stored by an intruder ,

So hard to find these kind of viruses without any anti-virus scanning process involving,

as a counter measurement virus scanning with help of anti-virus program

Phase 2

Propagation-most virus programes very much like to propagate form one host program to another host program and another and another , this sceinario happes under the instructions of the intruder who has stored in payload, mostly the host programs means every service and components related to that particular host program

i.e. user has a USB pen driver who has PDF viewer.exe host program and the malware or the virus also infected can be show like this

PDF viewer.exe + Malware224.dll

Once this USB pen Driver plugged to a Computer and then the host program intend to activate so the virus may remain according to dormant phase and after the triggering the virus will infect another service or component of the same Host program

Like this

PDF viewer.exe + Malware224.dll

PDF viewer.exe double Clicked and the Malware224.dll infects the PDF printer Service

PDF printer.exe + Malware224.dll

Counter measurement on Phase 2 Propagation is to have Residential real-time scanning enabled antivirus software software can be used to prevent this virus propagation.

Phase 3

Trigger - Under this phase the virus intend to do the impact to the system with based on the payload instructions and it can be instructed as condition wise to perform triggering process

As an example when the PDF viewer.exe + Malware224.dll the host program activated trigger if the Internet explorer.exe running and activated, and then release the payload impact constructions.

The final phase is the Execution

Phase 4

Execution- the last stage that take place the attempt to do the impact on the system accoding to the payload instructions, simply BOOM the Disaster happen,

In order to prevent execution there are some significantcounter measurements

1. Mainly some operating systems can interact to prevent these execution by asking from the user when any untrusted software or executions take place to confirmation form the user before proceeding the execution attempt.

2. And deploying access controlling mechanism by using significant software that controls accessing system dedicated files against unauthorized intruders.


Worms are some sort of malicious software type that is a most widely annoying and destructive types of malware that can be transferred within a network if a worm infected pc in that network. A worm might infect a computer without any action from you, or it might pretend you into opening a link from a Web page to infect your computer. Worms are standalone software that does infections. And worms can replicatereally fast, replicating as many as 250,000 times in a typical eight-hour workday. How huge number is it?

Worm Structure has some significant parts only such as payload and other parts help to replicate, worm mainly depends on the Payload which is written code to execute a specific task and Payloads can be written to delete files on an infected computer, launch a viral attack, disrupt network traffic, and attack email and social networks for various aims. For example, worms are often used to disrupt network services or create denial of service (DoS) attacks against businesses

3. Trojan Horse Malware

As the ancientGreek myth story explains truly Trojan horse malwares are some sort of malware types that used to pretend and appear as legitimate programsbut can infiltrate and damage a computer.

Trojan horse malware Circumstances

Victims are cheated into downloading and running the fake software on their computer systems, so it attacks the computer and provides unnecessary popup windows spreading stubborn viruses, stealing personal data or passwords, or deleting programs and files.


Trojan horse does not spread while infecting host programs or by self-Replicating instead of that the malicious thing is it make unsuspecting users to create computer damaged themselves by opening an email attachment or downloading a file from a website offering interesting games, quizzes, or software.If someone allow a Trojan horse access to his/her computer It will be a really disaster , some Trojan has the ability of modifying every system significant files and DDLs in Microsoft basis systems and It can open up a back door to a computer system, and this Trojan strongly violates Confidentiality and integrity of a system

Structure of a Trojan horse Malware


Trojanhorse Dropper in properly speaking is notpart of acore.Since, however, the propagation of a wide rangeof the scale isworthmentioning the roleof, andthe Trojan.

The bandsaround theTrojan dropper, therefore, determine theopticalTrojansspecies, either as anormal Windows application, a JPEG orPDFfile type. Its main purpose is, however, the installation in its ownpayload.Once thedropperis executed, examinesthe new systemto seeif it is agood place to leaveyour load.Ornotin heaven, according to the decisionof the institutionto this informationand informTroy

And after that there are main 3 modules

security module,

damage module

networking module.

Security Module -

The security modules purpose is to protect the Trojan from being detected so the best way ti get safe is disabling every kind of security antivirus software components

So it can be mainly Desktop Firewall bypassing, security service bypassing and some other activities. Due to file analyzation disabling the Trojan can survive so easily and keep infecting the PC

And under this module the Trojan has the ability of updating plugins of it and keep strong and do more flagrant infections

Damage module -

Trojan horse is a standalone software components not only inspect local secrete data but to go beyond from the local host to go over the internet and share the things grabbed from that attacked computer.

So the damage module can e divided in to two parts

Data gathering modules

Networking modules

Data gathering module - performs tasks such as password recovery, data browser history, etc. It collects data from the local system andmakes them ready for the other modulesto transfer data to a touchdown.

Networking module - performs malicious actions of the network .Good illustrative examples of spamand botsorclickD Dosattacks.

Communication module - Any data that is sent over the network, whether the destination is within the local network or via the Internet, a communications module pass. This module, which knows that the network environment and a firewall proxy, he knows how to come in contact with servers on the Internet and he knows how to get around the firewall to avoid triggering alarms

1.2.2 Figure Trojan Horse Malware Structure

Malwares World Overview

1.3 Security Conceptual Framework

[According to Onwubiko and Lenaghan (2007) security conceptual framework is adapted from ISO/IEC 15408. This framework can be defined using seven security concepts namely Owners, Countermeasures, Vulnerabilities, Threat agents, Threats, Risk, Assets and their relationships.

The conceptual framework provides organizations to determine following facts,

• What is required to be protected and it is called assets. Organization would recognize what are required assets to them.

• Identify from what assets should to be protected and can be analyzed the organization security weaknesses on identified assets.

• To assess what can exploit these weaknesses. This identifies threats, which exploit vulnerabilities and risks that associated with vulnerabilities.

• Analyze how they can be protected organization security using countermeasures. Includes, what can be imposed to prevent, detect and correct those identified threats and vulnerabilities.

A conceptual security framework can be used to secure an IT system, where number of units ensures the security of the system. Not only software but also hardware can be introduced to mitigate the risk. However it is nearly impossible to make a 100% secure system but it is possible to be pro active by monitoring and upgrading the security framework often and make it more secure. ]]]

To secure an IT system a conceptual security frame can be used .Where the security of the system is ensured by the number of units. Hardware and software both can be used to mitigate the risk . Even though it s quite impossible to make a secure system but slightly it is possible to be pro active by often monitoring and upgrading the security frame 

2. Vulnerabilities

Under this topic the discussion will continue with the System vulnerabilities which will describe how often a system get attacked and what are the weaknesses of a system or a network. The word Vulnerability explains Vulnerability a weakness in a computer-based system that may be exploited to cause loss or harm.

The course work focused on specific areas of Vulnerabilities that can be available on different Frameworks that applied in order to obtain system security so now onwards the discussion will be on those specific vulnerabilities

Vulnerabilities to Eavesdropping

When data is transmitted though data transmission channels eaves dropping is taken place . there is a possibility of data been stolenwhile transmitting . this is easily done by data transmitting cables through the network or else WiFi interface.

1.when using a bank account the infomation that r entered to the web site or so are connected or transfered between the company web browser and the customer web browser . in this matter it is vulnerable to eaves dropping the attackers are able to steal information high has high value . among the top targets bank electronic payments getways may be an other.

2.employees may tend to use WiFi network access within the bank premises this can be more dangeorous than data passing through wires. the stealer can use eavesdropping to the WiFi network and gain access to all the information through internal systems.

3.even though the stealer cannot secretly steal system passwords the stealer can secretly watch the ATM pin and their credentials these are to vulnerable threats.

eavesdropping is dangerous because it can steam valuble information through sniffing into data transmitting channels and also again it can be used a man in the middle attack.the attacker may use another form and create an connections between the bank and the customer secretly.mostly WiFi is vulnerable for such attacks .

Application Vulnerabilities

Applications are vital to deal with information. A bank should uses plenty of applications in order to deliver their services to the customer and as well as to keep their internal operations going. The applications may be developed by the Bank IT section or brought from the out side. Therefore it is required to make sure to understand threats that the application can be subjected to.

Vulnerabilities in Encryption methods

Even though lengthy keys are used to encrypt data still there is a threat of breaking the security by discovering the keys and therefore

When problems with algorithms are concerned, it can be identified as use of non-standard implementations of cryptographic methods, not selecting the appropriate algorithm, improper use can be identified as vulnerabilities. On the other hand using weak keys, key disclosure can be identified vulnerabilities associated with encryption methods. Problems in Random Number Generation (RNG) which is the base of generating strong keys may cause problems by weakening the whole system. This may occur due to using poor random number generation methods (for example when generating bank payment gateway if the developers used built in java method such as java.util.Random() to generate a random number to generate a key that will associate with more risk of exposing the key after few attempts of an attacker, therefore highly advanced and standard RNG libraries should be used instead). Further using same seeding to generate random number, increase the risk.

Vulnerabilities in configuration

The configuration of the system is consists of software, hardware and live-ware (users).

When software is considered the operating systems that run on the computer system is vulnerable to various treats. Therefore it is required to decide which software runs on the system and what kind of combination should be exercised.

Hardware should be chosen with compatibility of the system and software and vise versa. Further it is good separating the systems using hardware (hardware firewalls), using additional hardware to monitor system parameters. The network which connects the systems is one of the most important. The configuration of the network should mitigate the risk. For an example it is good to separate bank internal system as an intranet and the system which customer uses (website). Therefore it is not possible to outsiders to access to the bank internal system.

Further users management should be done assigning rights to user based on their roles in the system so that ensures information are used and accessed by the right users and not all users can access all information.

Counter measures.

Measure of Compliance

User Authentication

RSA Alogithem

The RSA algorithm involves three steps (key generation, encryption and decryption.

RSA involves private and a public key.

RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted in a reasonable amount of time using the private key. The keys for the RSA algorithm are generated the following way:

Choose two distinct prime numbers p and q.

For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test.

Compute n = pq.

n is used as the modulus for both the public and private keys. Its length, usually expressed in bits, is the key length.

Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1), where φ is Euler's totient function.

Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1; i.e., e and φ(n) are coprime.

e is released as the public key exponent.

e having a short bit-length and small Hamming weight results in more efficient encryption - most commonly 216 + 1 = 65,537. However, much smaller values of e(such as 3) have been shown to be less secure in some settings.[4]

Determine d as d−1 ≡ e (mod φ(n)), i.e., d is the multiplicative inverse of e (modulo φ(n)).

This is more clearly stated as solve for d given de ≡ 1 (mod φ(n))

This is often computed using the extended Euclidean algorithm.

d is kept as the private key exponent.

By construction, d⋅e ≡ 1 (mod φ(n)). The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d, which must be kept secret. p, q, and φ(n) must also be kept secret because they can be used to calculate d.

An alternative, used by PKCS#1, is to choose d matching de ≡ 1 (mod λ) with λ = lcm(p − 1, q − 1), where lcm is the least common multiple. Using λ instead of φ(n) allows more choices for d. λ can also be defined using the Carmichael function, λ(n).

The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that p and q match additional requirements: being strong primes, and being different enough that Fermat factorization fails.


Alice transmits her public key (n, e) to Bob and keeps the private key secret. Bob then wishes to send message M to Alice.

He first turns M into an integer m, such that 0 ≤ m < n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext ccorresponding to

c \equiv m^e \pmod{n} .

This can be done quickly using the method of exponentiation by squaring. Bob then transmits c to Alice.


Alice can recover m from c by using her private key exponent d via computing

m = c^d \pmod{n} .

Given m, she can recover the original message M by reversing the padding scheme.

(In practice, there are more efficient methods of calculating cd using the precomputed values below.)

Program Layout Program Testing]

Source Code

Comparison and Analysis (10 Marks)



Cost estimation