COMPUTER SECURITY

Computer security is the protection of the items you value, called the assets of a computer or
computer system. There are many types of assets, involving hardware, software, data, people,
processes, or combinations of these. To determine what to protect, we must first identify what
has value and to whom. A computer device (including hardware, added components, and
accessories) is certainly an asset. Because most computer hardware is pretty useless without
programs, the software is also an asset. Software includes the operating system, utilities and
device handlers; applications such as word processing, media players, or email handlers; and
even programs that you may have written yourself. Much hardware and software is off-the-shelf,
meaning that it is commercially available (not custom-made for your purpose) and that you can
easily get a replacement. The thing that makes your computer unique and important to you is
your content: photos, tunes, papers, email messages, projects, calendar information, ebooks (with
your annotations), contact information, code you created, and the like. Thus, data items on a
computer are assets, too. Unlike most hardware and software, data can be hardif not
impossibletore-create or replace.

DESCRIBE THE FOLLOWING TERMS

Crypto Analysis
Cryptanalysis refers to the study of ciphers, ciphertext, or cryptosystems that is, to secret code
systems with a view to finding weaknesses in them that will permit retrieval of the plaintext from
the ciphertext, without necessarily knowing the key or the algorithm.
It involves of analyzing information systems in order to study the hidden aspects of the systems.
Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of
encrypted messages, even if the cryptographic key is unknown. Cryptanalysis uses mathematical
formulas to search for algorithm vulnerabilities and break into cryptography or information
security. This is known as breaking the cipher, ciphertext, or cryptosystem. Breaking is

sometimes used interchangeably with weakening. This refers to finding a property in the design
or implementation of the cipher that reduces the number of keys required in a brute force attack .
Steganography

It is the practice of concealing a file, message, image, or video within another file, message,
image, or video. Generally, the hidden messages appear to be (or be part of) something else:
images, articles, shopping lists, or some other cover text. For example, the hidden message may
be in invisible ink between the visible lines of a private letter.
To covert information can be embedded into standard file types. One of the most common
steganographic techniques is to embed a text file into an image file. Anyone viewing the image
file would see no difference between the original file and the file with the message embedded
into it. This is accomplished by storing the message using least significant bits in the data file.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence
of third parties called adversaries. More generally, cryptography is about constructing and
analyzing protocols that prevent third parties or the public from reading private messages;
various aspects in information security such as data confidentiality, data integrity, authentication,
and non-repudiationare central to modern cryptography.
Cryptography is closely related to the disciplines of cryptology and cryptanalysis. Cryptography
includes techniques such as microdots, merging words with images, and other ways to hide
information in storage or transit. However, in today's computer-centric world, cryptography is
most often associated with scrambling plaintext into ciphertext (a process called encryption),
then back again .Individuals who practice this field are known as cryptographers.
Asymmetric Encryption
In cryptography, encryption is the process of encoding messages or information in such a way
that only authorized parties can read it. Encryption does not of itself prevent interception, but
denies the message content to the interceptor.

Asymmetric Encryption is a form of Encryption where keys come in pairs. What one key
encrypts, only the other can decrypt. Frequently the keys are interchangeable, in the sense that if
key A encrypts a message, then B can decrypt it, and if key B encrypts a message, then key A can
decrypt it.
Public key cryptography, is any cryptographic system that uses pairs of keys: public keys which
may be disseminated widely, and private keys which are known only to the owner. This
accomplishes two functions that is authentication, which is when the public key is used to verify
that a holder of the paired private key sent the message, and encryption, whereby only the holder
of the paired private key can decrypt the message encrypted with the public key.
In a public key encryption system, any person can encrypt a message using the public key of the
receiver, but such a message can be decrypted only with the receiver's private key. For this to
work it must be computationally easy for a user to generate a public and private key-pair to be
used for encryption and decryption. The strength of a public key cryptography system relies on
the degree of difficulty (computational impracticality) for a properly generated private key to be
determined from its corresponding public key.
Sysmetric Encryption
Symmetric encryption is the oldest and best-known technique. A secret key, which can be a
number, a word, or just a string of random letters, is applied to the text of a message to change
the content in a particular way. This might be as simple as shifting each letter by a number of
places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt
and decrypt all messages that use this key.

It is the use of the same cryptographic keys for both encryption of plaintext and decryption of
ciphertext. The keys may be identical or there may be a simple transformation to go between the
two keys. The keys, in practice, represent a shared secret between two or more parties that can be
used to maintain a private information link. This requirement that both parties have access to the
secret key is one of the main drawbacks of symmetric key encryption, in comparison to publickey encryption

In symmetric-key encryption, each computer has a secret key (code) that it can use to encrypt
a packet of information before it is sent over the network to another computer. Symmetric-key
requires that you know which computers will be talking to each other so you can install the key
on each one. Symmetric-key encryption is essentially the same as a secret code that each of the
two computers must know in order to decode the information. The code provides the key to
decoding the message.

TAXONOMY OF COMPUTER SECURITY

Computer security is frequently associated with three core areas, which can be conveniently
summarized by the acronym "CIA". Computer security is not restricted to these three broad
concepts. There are additional ideas that are often considered part of the taxonomy of computer
security.
Confidentiality
Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure confidentiality
are designed to prevent sensitive information from reaching the wrong people, while making sure
that the right people can in fact get it: Access must be restricted to those authorized to view the
data in question. It is common, as well, for data to be categorized according to the amount and
type of damage that could be done should it fall into unintended hands. More or less stringent
measures can then be implemented according to those categories.
Integrity
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its
entire life cycle. Data must not be changed in transit, and steps must be taken to ensure that data
cannot be altered by unauthorized people (for example, in a breach of confidentiality). These
measures include file permissions and user access controls. Version control maybe used to
prevent erroneous changes or accidental deletion by authorized users becoming a problem. In
addition, some means must be in place to detect any changes in data that might occur as a result
of non-human-caused events
Availability
Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs
immediately when needed and maintaining a correctly functioning operating system environment
that is free of software conflicts. Its also important to keep current with all necessary
system upgrades. Providing adequate communication bandwidth and preventing the occurrence
of bottlenecks are equally important. Safeguards against data loss or interruptions in connections

must include unpredictable events such as natural disasters and fire. To prevent data loss from
such occurrences, a backup copy may be stored in a geographically-isolated location, perhaps
even in a fireproof, waterproof safe.
Individual accountability (authentication)
These entities are (human) users or (computer) systems, collectively called principals. A user is a
person, but a system requires some explanation. A computer system is comprised of hardware
(e.g., a computer) and perhaps software (e.g., an operating system). Systems implement other
systems, so, for example, a computer implements an operating system which implements a
database management system which implements a user query process. As part of authenticating a
system, it may be necessary to verify that the system that implements it is trusted to do so
correctly.
Access control
Ensuring that users access only those resources and services that they are entitled to access and
that qualified users are not denied access to services that they legitimately expect to receive
Nonrepudiation
Ensuring that the originators of messages cannot deny that they in fact sent the messages
Availability
Ensuring that a system is operational and functional at a given moment, usually provided through
redundancy; loss of availability is often referred to as "denial-of-service"
Privacy
Ensuring that individuals maintain the right to control what information is collected about them,
how it is used, who has used it, who maintains it, and what purpose it is used for

BIOMETRIC AUTHENTICATION MECHANISM

The biometric technologies involved are based on the ways in which individuals can be uniquely
identified through one or more distinguishing biological traits, such as fingerprints, hand
geometry, earlobe geometry, retina and iris patterns, voice waves, keystroke dynamics, DNA and
signatures. Biometric authentication is the application of that proof of identity as part of a
process validating a user for access to a system. Biometric technologies are used to secure a wide
range of electronic communications, including enterprise security, online commerce and banking
-- even just logging in to a computer or smartphone.
Biometric authentication systems compare the current biometric data capture to stored,
confirmed authentic data in a database. If both samples of the biometric data match,
authentication is confirmed and access is granted. The process is sometimes part of a multifactor
authentication system. For example, a smartphone user might log on with his personal
identification number (PIN) and then provide an iris scan to complete the authentication process.

Types of biometric authentication technologies:

Retina scans produce an image of the blood vessel pattern in the light-sensitive surface lining
the individual's inner eye.
Iris recognition is used to identify individuals based on unique patterns within the ring-shaped
region surrounding the pupil of the eye.
Fingerscanning, the digital version of the ink-and-paper fingerprinting process, works with
details in the pattern of raised areas and branches in a human finger image.
Finger vein ID is based on the unique vascular pattern in an individual's finger.
Facial recognition systems work with numeric codes called faceprints, which identify 80 nodal
points on a human face.

Voice identification systems rely on characteristics created by the shape of the speaker's mouth
and throat, rather than more variable conditions.
STRENGTHS OF BIOMETRIC AUTHENTICATION MECHANISM
Increased Security
Biometric technology can provide a higher degree of security compared to traditional
authentication methods. biometrics is preferred over traditional methods for many reasons which
include the fact that the physical presence of the authorized person is required at the point of
identification. This means that only the authorized person has access to the resources.
Increased Convenience
One major reason passwords are sometimes kept simple is because they can be easily forgotten.
To increase security, many computer users are mandated to manage several passwords and this
increases the tendency to forget them. Card and tokens can be stolen and forgotten as well even
though attaching them to keyholders or chains can reduce the risk. Because biometric
technologies are based on something you are, it makes them almost impossible to forgot or
manage. This characteristic allows biometrics to offer much convenience than other systems
which are based on having to keep possession of cards or remembering several passwords.
Increased Accountability
Traditional authentication methods such as tokens, passwords and PINs can be shared thereby
increasing the possibility of unaccountable access, even though it might be authorized. Many
organizations share common passwords among administrators for the purpose of facilitating
system administration. Unluckily, because there is uncertainty as to who at a particular point in
time is using the shared password or token, accountability of any action is greatly reduced. Also,
the user of a shared password or token may not be authorized and sharing makes it even hard to
verify, the security (especially confidentiality and integrity) of the system is also reduced.

WEAKNESES BIOMETRIC AUTHENTICATION MECHANISM

Like all technology however, biometrics also comes with some disadvantages.
Cost
Different biometric technologies need the use of different devices that have a range of costs.
Because a biometric system alone is not effective, it must be combined to a system supporting
smart cards. The cost of implementation of both system together can reach sum of hundreds of
thousands of dollars. In addition, the training cost of employees to the new system and the
temporary loss of productivity due the training program are added up to the implementation of
the new system
People aversion of using a new system.
In term of privacy concerns, people will not likely be willing to accept a system which records
and stores their physical and personal traits. Moreover, people often assimilate fingerprints and
others physical records to criminal contexts. Common people are more susceptible to reject
biometric system while real criminals would refuse it in the fear to be discovered.
Lack of reliability
The last but not the least disadvantage of biometric system is the lack of reliability of some of its
aspect. First, biometric devices can be fooled. It has been found that by making moulds out of
gelatine people can reproduce a fingerprint that would fool finger print readers. On the other
hand, as fingerprints or any other physical traits are compromised due to falsification, they
cannot just be replaced like a password or smart card. Finally, a major inconvenient of biometric
system is the lack of durability of biometric devices. After a frequent use of biometric devices,
readers lose their reliability and their accuracy leading to repetitive false rejection and false
authorization
Disadvantages from the iris-scan
The iris-scan from some individuals are difficult to capture. Also the iris can be easily obscured
by eyelashes, eyelids, lens and reflections from the cornea. There is also a lack of existing data
which deters the ability to use for background or watch list checks.
Face recognition

Face recognition also has disadvantages that come along with it. The face can be obstructed by
hair, glasses, hats, scarves, etc. Also changes in lighting or facial expressions can throw off the
device. A third disadvantage related to face recognition is that peoples faces change over time.
In order for face recognition to be accurate images are most accurate when taken facing the
acquisition camera and not sharp angles. The users face must be lit evenly, preferably from the
front.This is not always possible and can be very hard to do in some environments.

PHYSICAL ISSUES FACED BY A SYSTEM ADMINISTRATOR

PHYSICAL ISSUES
Cable Problem
Cables that connect different parts of a network can be cut or shorted. A short can happen when
the wire conductor comes in contact with another conductive surface, changing the path of the
signal. Cable testers can be used to test for many types of cable problems .
Bad connectors
After a time, most of the connectors may go through physical damage and fatigue. It is true in
more fragile cases such as few fiber optic cables. If it experience an intermittent or complete
shortage of connectivity, for that it is important to audit the connector to ensure that the
connectors are not broken or cracked and that the fiber and wire are properly and securely in
suitable

places.

Performance lower than baseline - The most common reasons for slow or poor performance
include overloaded or underpowered servers, unsuitable switch or router configurations, traffic
congestion on a low-capacity link, and chronic frame loss.
Loss of connectivity - If a cable or device fails; the most obvious symptom is a loss of
connectivity between the devices that communicate over that link or with the failed device or
interface. This is indicated by a simple ping test. Intermittent loss of connectivity can indicate a
loose or oxidized connection.
Network bottlenecks or congestion
If a router, interface, or cable fails, routing protocols may redirect traffic to other routes that are
not designed to carry the extra capacity. This can result in congestion or bottlenecks in those
parts of the network

LOGICAL ISSUES FACED BY A SYSTEM ADMINISTRATOR

Wireless Network Shows Signal but won't Connect

Wireless networking is a terrific way to make sure that your employees are able to move freely
while maintaining access to all their business files. However, some notebooks and computers
occasionally show a strong signal from the wireless router but still don't connect. If you
encounter this problem, try putting the computer right next to the wireless router and see if it
connects then. If it does, then that suggests a problem with the system hardware. A network card
occasionally receives a strong signal but doesn't transmit as effectively. Updating the network
card's drivers might solve this problem, but it is also possible that you may need to replace the
hardware entirely should this occur.

Network Outages and Inaccessible Files

If you experience a high number of network outages at unpredictable times or you find your
employees unable to access files they are supposed to have access to, you might be experiencing
a NetBIOS conflict. This problem tends to be most common on older systems, particularly when
they use Windows NT, but the issue exists in other Windows systems as well. If you have
recently upgraded to a new service pack or received another large system update, you are more at
risk of this happening than previously. You can bypass this problem by disabling WINS/NetBT
name resolution unless it is required by a specific program. You could also rename a computer or
domain to resolve possible naming issues.

IP Conflicts
By default, Windows ensures that only one IP address per device has place on the network at
once. However, sometimes two devices wind up getting assigned the same address. In this case,
the network might wind up blocking one of the devices, which prevents access to protected files

and can cause network lag not only for the conflicting devices but for all connected machines.
You can avoid this problem by reconfiguring your DHCP setup to ensure that static IP addresses
are excluded from the pool. This will reconfigure IP addresses appropriately, which will resolve
the conflict and in return will lead to all machines on the network getting the proper access that
they are supposed to get.
Slow Application Response
A common issue business networks encounter is a slow reaction time for applications, especially
shortly after a computer starts up or connects to a network. This is usually a sign of high
bandwidth use. You should perform a time study of your employees to make sure they aren't
viewing too many videos via streaming or downloading large files. Enforcing proper network use
may be a good way of keeping your bandwidth use in hand. If your employees are already using
the network properly, you might not have the amount of bandwidth you need to operate your
business. In this case, you should look into upgrading your network to properly fit your
expanding business needs.
Poor VoIP Quality
Stutters, delays, and other problems with VoIP can hamper a network's productivity and hurt
telecommunications efforts. The most common issue with business VoIP is a network stutter.
This can be resolved by installing jitter buffers, which cache VoIP packets and allow them to be
accessed during the communication in order to ensure a smooth stream. Jitter buffers can be
customized to fit the needs of your network and are rather easy and inexpensive to install.
Another option you can use to prevent this issue is a new playback codec with a packet loss
concealment feature. Packet loss is the other major cause of stuttering audio and video, and
making sure your codecs and drivers are up to date helps a lot.
Excessive Network Collisions:
These often lead to slow connectivity. The problem can occur as a result of bad network
setup/plan, a user transferring a lot of information or jabbering network card.
Software Problem:

Network problems can often be traced to software configuration such as DNS configuration,
WINS configuration, the registry etc.
Duplicate IP Addressing:
A common problem in many networking environments occurs when two machines try to use the
same IP address. This can result in intermittent communications.

VULNERABLE SECURITY AREAS IN EGERTON UNIVERSITY

In computer security, vulnerability is a weakness which allows an attacker to reduce a system's
information assurance. Vulnerability is the intersection of three elements: a system susceptibility
or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.[1] To exploit a
vulnerability, an attacker must have at least one applicable tool or technique that can connect to a
system weakness. In this frame, vulnerability is also known as the attack surface.
Buffer Overflow
Buffer Overflow is actually an example of software exploitation attack. Buffer overflow can
happen when a program doesnt have proper limitations implemented on how much or what type
of data can be inputted into application. Buffer overflow can cause all sorts of problems,
including Denial of Service (DoS), freezing, rebooting, achievement of unrestricted access, etc.
To protect from Buffer Overflow, programmers have to ensure software boundaries, so that the
program doesnt process improper data. Intrusion detection system can be implemented to
discover when a buffer overflow attack is being performed. Also, we can implement file system
encryption, access control and auditing.
What is Back Door
Back Door is an access method which is not protected, and which is not monitored by our
security system. Back doors can be used for legitimate actions, like updating software, servicing
devices, etc. The problem with this type of feature is that it can be used by an attacker. Back door
can also be implemented in a form of stand alone service or application which provides an
unmonitored pathway into our secure environment. An example of that is a Trojan Horse. This
type of malicious code gives an attacker abilities to control our system remotely and to gain
access to our data. Back Door can also be in a form of a hardware device. Some devices may
have available ports which can be used to connect to secure environment. Such ports can be, for
example, console ports on routers which are used for router administration. An attacker can
connect to the router device by using that port and then change or delete configuration.
To protect from this type of attack we should have very strict auditing measures implemented.
Also, we should have antivirus software in our environment. We should have some sort of access

control methodology. We should control our software deployment. Only legitimate software
should be installed. Every default account on every device should be changed or disabled. We
should also control access to important physical devices such as routers and servers.

Denial of Service
Sending thousands of queries to a system to overload the system, slowing it down or causing it to
crash. While not an attack meant to steal personal information, the attack is meant to be purely
malicious by slowing down a business's online services and commerce.
To avoid this, require users to log on to your site so that you process queries only from legitimate
users. Limit the number of queries within a certain time frame per user. After three log-in
failures, lock out the user for a certain amount of time to thwart a DNS attack on the log-in app.
Unsecured storage
Not protecting stored data using encryption, not properly securing the keys for accessing
encrypted data, and not using effective randomness for passwords.Once a hacker gains access to
a system, non-encrypted data is easily accessed or hacker can find unsecured encryption keys to
gain access to encrypted data.
To reduce this threat do not store data that is not absolutely necessary for the operation of the
business, and minimize use of encryption. If encryption is used, store the master secret to open
the encryption in two locations (say, a configuration file and an external sever) and assemble it at
runtime.
Broken access control
Definition: Access controls determine what a user can access after logging in to his personal
account and blocks access to other accounts.
Problem: About half of all websites have serious access problems because of poor testing during
development.

What you can do: Test all possible permutations of what a user may do to try to access
information that is not his own.
Broken authentication and session management
After logging into a website with a user name and password, you receive a cookie that works like
a hand stamp at a night club, authenticating your identity as you go through the site.Sometimes
companies will customize authentication, inadvertently allowing hackers to infiltrate sessions
and use the ID cookie to access the legitimate user's account.
To reduce this threat, Rely on the built-in authentication schemes in the application; use secured
sockets layer (SSL) to encrypt the session.
Insecure configuration management
Unpatched security flaws on server, use of default passwords or improperly secured passwords,
improper file and directory permissions, and others. A hacker scans for these vulnerabilities, and
if found, gains access to administrative and other sensitive accounts.
To reduce this threat, Create configuration security guidelines that lay out the specific steps that
developers and Web operations staff must check off. Removes the debate between staff on how
to set up proper configuration.