Computer Security

BY:Alexa Marilag,Marco Sandigan

Cathlyn Lepalam,Jeniffer Abogador
Jacient Mabayag

computer
Computer security is a branch of Information
security?
Security and
is often used interchangeably
with the term. It encompasses several
security measures such as software
programs like anti-virus suites, firewalls, and
user dependant measures such as
activating deactivating certain software
features like Java scripts, ActiveX and being
vigilant in using the computer and the
network resources or the Internet.

Computer Security is
concerned with four main
areas:
1. Confidentiality:- Only authorized users
can access the data resources and
information.
2. Integrity:- Only authorized users should
be able to modify the data when needed.
3. Availability:- Data should be available to
users when needed.
4. Authentication:- are you really
communicating with whom you think you
are communicating with

Why is computer security so

important?

Prevention of data theft such as bank account

numbers, credit card information, passwords,
work related documents or sheets, etc. is
essential in todays communications since many
of our day to day actions depend on the security
of the data paths.
Data present in a computer can also be misused
by unauthorized intrusions. An intruder can
modify and change the program source codes and
can also use your pictures or email accounts to
create derogatory content such as pornographic
images, fake misleading and offensive social
accounts.

 Malicious intents can also be a factor

in computer security. Intruders often
use your computers for attacking other
computers or websites or networks for
creating havoc. Vengeful hackers
might crash someones computer
system to create data loss. DDOS
attacks can be made to prevent access
to websites by crashing the server.

Common Types of Network

Attacks
Without security measures and controls in place, your
data might be subjected to an attack. Some attacks
are passive, meaning information is monitored; others
are active, meaning the information is altered with
intent to corrupt or destroy the data or the network
itself.

Your networks and data are vulnerable to any of the

following types of attacks if you do not have a
security plan in place.
Eavesdropping

 In general, the majority of network

communications occur in an unsecured or
"cleartext" format, which allows an attacker
who has gained access to data paths in your
network to "listen in" or interpret (read) the
traffic. When an attacker is eavesdropping on
your communications, it is referred to as
sniffing or snooping. The ability of an
eavesdropper to monitor the network is
generally the biggest security problem that
administrators face in an enterprise. Without
strong encryption services that are based on
cryptography, your data can be read by others
as it traverses the network.

Identity Spoofing (IP

Address
Spoofing)
Most networks
and operating
systems use the IP

address of a computer to identify a valid entity. In

certain cases, it is possible for an IP address to be
falsely assumed identity spoofing. An attacker
might also use special programs to construct IP
packets that appear to originate from valid
addresses inside the corporate intranet.

After gaining access to the network with a valid IP

address, the attacker can modify, reroute, or
delete your data. The attacker can also conduct
other types of attacks, as described in the
following sections.

Password-Based Attacks

A common denominator of most operating system and

network security plans is password-based access
control. This means your access rights to a computer
and network resources are determined by who you
are, that is, your user name and your password.

Older applications do not always protect identity

information as it is passed through the network for
validation. This might allow an eavesdropper to gain
access to the network by posing as a valid user.

 When an attacker finds a valid user account,

the attacker has the same rights as the real
user. Therefore, if the user has administratorlevel rights, the attacker also can create
accounts for subsequent access at a later time.

After gaining access to your network with a

valid account, an attacker can do any of the
following:

Obtain lists of valid user and computer

names and network information.

Modify server and network configurations,

including access controls and routing tables.

Modify, reroute, or delete your data.

Denial-of-Service Attack
Unlike a password-based attack, the denial-ofservice attack prevents normal use of your
computer or network by valid users.
After gaining access to your network, the
attacker can do any of the following:

Randomize the attention of your internal

Information Systems staff so that they do not
see the intrusion immediately, which allows the
attacker to make more attacks during the
diversion.

Send invalid data to applications or network

services, which causes abnormal termination or
behavior of the applications or services.

 Flood a Flood a computer or the entire network

with traffic until a shutdown occurs because of
the overload.

Block traffic, which results in a loss of access

to network resources by authorized users.
computer or the entire network with traffic until
a shutdown occurs because of the overload.

Man-in-the-Middle Attack

As the name indicates, a man-in-the-middle attack

occurs when someone between you and the person
with whom you are communicating is actively
monitoring, capturing, and controlling your
communication transparently. For example, the
attacker can re-route a data exchange. When
computers are communicating at low levels of the
network layer, the computers might not be able to
determine with whom they are exchanging data. Manin-the-middle attacks are like someone assuming your
identity in order to read your message. The person on
the other end might believe it is you because the
attacker might be actively replying as you to keep the
exchange going and gain more information. This attack
is capable of the same damage as an application-layer
attack, described later in this section.

Compromised-Key Attack

A key is a secret code or number necessary to

interpret secured information. Although obtaining a
key is a difficult and resource-intensive process for
an attacker, it is possible. After an attacker obtains
a key, that key is referred to as a compromised
key.

An attacker uses the compromised key to gain

access to a secured communication without the
sender or receiver being aware of the attack.With
the compromised key, the attacker can decrypt or
modify data, and try to use the compromised key
to compute additional keys, which might allow the
attacker access to other secured communications.

Sniffer Attack
A sniffer is an application or device that
can read, monitor, and capture network
data exchanges and read network
packets. If the packets are not encrypted,
a sniffer provides a full view of the data
inside the packet. Even encapsulated
(tunneled) packets can be broken open
and read unless they are encrypted and
the attacker does not have access to the
key.

Using a sniffer, an attacker

can do any of the following:
Analyze your network and gain
information to eventually cause your
network to crash or to become corrupted.

Read your communications.

Application-Layer Attack
An application-layer attack targets
application servers by deliberately
causing a fault in a server's operating
system or applications. This results in
the attacker gaining the ability to
bypass normal access controls. The
attacker takes advantage of this
situation, gaining control of your
application, system, or network,

Can do any of the following:

Read, add, delete, or modify your data or

operating system.

Introduce a virus program that uses your

computers and software applications to copy
viruses throughout your network.

Introduce a sniffer program to analyze your

network and gain information that can
eventually be used to crash or to corrupt your
systems and network.

Abnormally terminate your data applications

or operating systems.

Disable other security controls to enable

future attacks.

1. Boot Sector Virus

types of computer viruseshijacks
certain browser functions, usually in
the form of re-directing the user
automatically to particular sites. Its
usually assumed that this tactic is
designed to increase revenue from
web advertisements.

2. Direct Action Virus

This type of virus, unlike most, only comes into

action when the file containing the virus is
executed. The payload is delivered and then the
virus essentially becomes dormant it takes no
other action unless an infected file is executed
again.

Most viruses do not use the direct action method

of reproduction simply because it is not prolific, but
viruses of this type have done damage in the past.
The Vienna virus, which briefly threatened
computers in 1988, is one such example of a direct
action virus.

3. File Infector Virus

computer virusesMelissa, a Word
document supposedly containing the
passwords to pornographic websites.
The virus also exploited Words link to
Microsoft Outlook in order to
automatically email copies of itself. 3 Top
Ways People Get Infected by An Email
Virus 3 Top Ways People Get Infected

4. Multipartite Virus
While some viruses are happy to
spread via one method or deliver a
single payload, Multipartite viruses
want it all. A virus of this type may
spread in multiple ways, and it may
take different actions on an infected
computer depending on variables,
such as the operating system installed
or the existence of certain files.

5. Polymorphic Virus

types of computer virusesonline video in your

browser, for example, requires the execution of a
specific code language that provides both the
video itself and the player interface. 18 Free Ways
To Download Any Video Off The Internet 18 Free
Ways To Download Any Video Off The Internet Read
More
Of course, this code can sometimes be exploited,
making it possible for a virus to infect a computer
or take actions on a computer through a website.
Although malicious sites are sometimes created
with purposely infected code, many such cases of
virus exist because of code inserted into a site
without the webmasters knowledge.

Procedures & Steps

for
Network Security

Pay attention to network

security to protect
important company data.
Your computer network is one of the most
important tools in your company. It allows your
employees to do interactive work for a variety of
company departments and clients, and it houses
all of your important company information. To
make sure your organizational computer network
keeps functioning properly, you need to follow
procedures and steps for network security.

Installing
Anti-Virus

Step 1: Click the "Install

Now" button
This should be located in the lower left
hand corner of the web site. Clicking
this button begins the process.

Step 2: Download the

required files
After you click the "Install Now"
button, the required files will
automatically download to your
computer. This may take a while.

Step 3: The Installation

When the Welcome to the
InstallShield Wizard window opens,
click the "Next" button.

 The next step in the installer is the

license agreement. Choose the radio
button that says that you agree with
the license terms, and then click the
"Next" button.

 For the Mail Snap-In Selection,

remove the check from the Microsoft
Exchange/Outlook option, and then
click the "Next" button.

 The default location for the

Destination Folder Selection is
correct, so click the "Next" button.

 Click the "Install" button.

 The installation may take a few

minutes

 The next step in the installer is the

Technical Support information. Click
the "Next" button.

 The installation is complete. Click the

"Finish" button

Step 4: Restart
You may be asked to restart your machine
when the process is complete. Do so if
prompted. When your computer restarts,
Norton AntiVirus will begin a system scan of
your machine.
The Data Encryption Standard (DES, /diis/
or /dz/) is a symmetric-key algorithm for the
encryption of electronic data. Although now
considered insecure, it was highly influential
in the advancement of modern cryptography.

 Developed in the early 1970s at IBM and based

on an earlier design by Horst Feistel, the
algorithm was submitted to the National Bureau
of Standards (NBS) following the agency's
invitation to propose a candidate for the
protection of sensitive, unclassified electronic
government data. In 1976, after consultation
with the National Security Agency (NSA), the
NBS eventually selected a slightly modified
version (strengthened against differential
cryptanalysis, but weakened against brute force
attacks), which was published as an official
Federal Information Processing Standard (FIPS)
for the United States in 1977.

 The publication of an NSA-approved encryption

standard simultaneously resulted in its quick
international adoption and widespread academic
scrutiny. Controversies arose out of classified
design elements, a relatively short key length of
the symmetric-key block cipher design, and the
involvement of the NSA, nourishing suspicions
about a backdoor. The intense academic scrutiny
the algorithm received over time led to the
modern understanding of block ciphers and their
cryptanalysis.

 DES is now considered to be insecure for many

applications. This is mainly due to the 56-bit key size
being too small; in January 1999, distributed.net and
the Electronic Frontier Foundation collaborated to
publicly break a DES key in 22 hours and 15 minutes
(see chronology). There are also some analytical
results which demonstrate theoretical weaknesses in
the cipher, although they are infeasible to mount in
practice. The algorithm is believed to be practically
secure in the form of Triple DES, although there are
theoretical attacks. In recent years, the cipher has
been superseded by the Advanced Encryption
Standard (AES). Furthermore, DES has been withdrawn
as a standard by the National Institute of Standards
and Technology (formerly the National Bureau of
Standards).

How to configure port

security function

Port Security is to protect the switch from the

malicious MAC Address Attack by limiting the
maximum number of MAC addresses that can be
learned on the port. The port with Port Security
feature enabled will learn the MAC address
dynamically/statically. When the learned MAC
address number reaches the maximum, the port
will stop learning. So devices with the MAC
address unlearned cannot access the network
via this port.
Here we will give you a case to tell you how to
configure port security applications.

For example:
A company is using a TL-SL5428E as the
companys access switch. And they
want to achieve this demand:

The port of the switch only can be

connected
with
some
specified
computers, and one computer can only
be connected to a fixed port of the
switch; otherwise the computer cannot

There are two

methods to achieve
this demand:

Method 1: Auto learning

Step 1:
Go to the web management page of the switch,
click on switching->port->port security.
Then select the ports you want to configure,
type in the maximum number of MAC address
learned from individual port. The learn mode
should be Permanent, and the status must be
Enable. After finished that, please click Apply
to apply the configuration (as Figure 2 shows).

 After that, please connect your computer

to the specified port of the switch (in this
case, PC1 should be connected to port 1,
and PC2 should be connected to port 2).
Please note that every computer must
be connected to the correct port. Then
the MAC address of the computer will be
bounded with the specified port.

 Step 2:
The MAC address that the port learned will
be displayed on the MAC address table (as
the Figure 3 shows below). In this case,
the MAC address of PC 1 is 00-19-66-5EEC-A4, and it has been bounded to port 1.
The MAC address of PC 2 is B0-48-7A-C04E-46, port 2 is bounded with it. And from
now on, you have finished the
configuration.

 Note: If you connect your computer to

a non-specified port, the incorrect
MAC address will be learned by the
port. Then you need to remove the
cable, delete the incorrect learned
MAC address information of the port
on the static address table. After
that, please connect the specified
computer to the correct port.

Method 2: Manual
binding
Step 1:
Click on switching->MAC address ->
static address. Now you need to type in the
MAC address information of your computer
(or other devices), the VLAN ID and the port
information that the computer will be
bounded (as the Figure 4 shows). Then click
Create. And the information you typed in
will be shown in the static address table.

 Step 2:
Click onswitching->port->port
security. Now please enable the
port security function, and the max
learned MAC should be set 0. Click
Apply to apply the configuration.

 Step 3:
The bounded static MAC address can
be searched on the MAC address
table page. And we have finished the
configuration of port security.

Note: Please
remember to click
saving config to
save the
configuration you
have done.

Port Security
Anyone can access unsecure network
resources by simply plugging his host into
one of our available switch ports. A user
can also change his physical location in
LAN network without telling the admin.
You can secure layer two accesses as well
as keep users in their tracks by using port
security. Thus port security feature
enhances the LAN security.

 Create a simple topology as illustrate in

following figurev

 Click PC0 and Click Desktop and

Click IP Configuration and select
Static from radio options and assign
the IP address (10.0.0.10) and subnet
mask (255.0.0.0)

 Follow same process to assign IP

address (10.0.0.20) and subnet mask
(255.0.0.0) to PC1.
Click Server0 and click Desktop
and click IP Configuration and
select Static from radio options and
assign IP address (10.0.0.100) and
subnet mask (255.0.0.0)

How to
To configure port
port security
we need to
onfigure
security

access the command prompt of

switch. Click Switch and click CLI and
press Enter Key.

Port can be secure from interface

mode. Use enable
command to move in Privilege Exec
mode. From
Privilege Exec mode use configure
terminal command
to enter in Global Configuration
mode. From global
configuration mode enter in specific
interface.
Port security feature will not work on
three types of
ports.
1.Trunk ports

 3. Switch port analyzer ports

Port security will work on host port. In
order to configure port security we
need to set it as host port. It could be
done easily by switchport mode access
command. You can secure trunk
connections with port security but that
is beyond the scope of this article. I
will cover them in CCNP section.

 Following figure illustrates available

commands for port security.

How to enable switchport

port-security
Port security is disabled by default. switchport
port-security command enables it.
switchport port-security limit maximum number
of hosts
According to our requirements we can limit hosts
that can be associated with an interface. We can
set this limit anywhere from 1 to 132. Maximum
number of devices that can be associated with
the interface is 132. By default it is set to 1.
switchport port-security maximum value
command will set the maximum number of hosts.

switchport port-security
address
We have two mac
options static
and dynamic to
associate mac address with interface.
In static method we have to manually define exact
host mac address with switchport port-security
mac-address MAC_address command. This is the
most secure method but it needs a lot of manual
works. We need to enter all mac addresses
manually that is too much tedious job. In dynamic
mode we use sticky feature that allows interface to
learn mac address automatically. Interface will
learn mac addresses until it reaches maximum
number of allowed hosts.

switchport port-security
violation
We need to specify what action; it should take
in security violation. Three possible modes are
available:
Protect: - This mode will only work with sticky
option. In this mode frames from non-allowed
address would be dropped. It will not make log
entry for dropped frames. Interface will learn
address until it reach maximum allowed
number. Any additionally learned addresses
would be dropped while keeping interface
operational.

 Restrict: - In restrict mode frames from nonallowed address would be dropped. But in
this mode, switch will make a log entry and
generate a security violation alert.
Shutdown: - In this mode switch will
generate the violation alert and disable the
port. Only way to re-enable the port is to
manually enter no shutdown command.
This is the default violation mode.

switchport port security

example
In our topology PC0 is connected
with F0/1 port of switch. Enter
following commands to secure F0/1
port.

Switchport port security

explained
Command
Switch>enable

Description
Move in privilege
exec mode

Switch#configure Move in global

terminal
configuration mode
Switch(config)#in
Move in interface
terface
mode
fastethernet 0/1

Switch(configAssign port as host

if)#switchport mode
port
access
Switch(configEnable port security
if)#switchport portfeature on this port
security
Set limit for hosts that
Switch(configcan be associated with
if)#switchport port- interface. Default value
security maximum 1 is 1. Skip this command
to use default value.

Switch(configif)#switchport
port-security
violation
shutdown

Set security
violation mode.
Default mode is
shutdown. Skip
this command to
use default mode.

Switch(configif)#switchport
port-security
mac-address
sticky

Enable sticky
feature.

 We have successfully secured F0/1

port of switch. We used dynamic
address learning feature of interface.
Switch will associate first learned mac
address (on interface F0/1) with this
port. You can check MAC Address
table for currently associated
address.

 So far no mac address is associated

with F0/1 port. Switch learns mac
address from incoming frames.
Check our following article to learn,
how a switch learn mac address or
how it build MAC address table.

Switching Methods and

Types Explained in
Computer
Networks
We need
to generate frame
from PC0 that
would be receive on F0/1 port of switch. ping
command is used to test the connectivity
between two hosts. In our scenario we have
connectivity between server and pc. We can
use this utility to generate frames from PC0.
To access command prompt of PC0 click PC0
and click Desktop menu item and click
Command Prompt. Use ping command to
generate frames.

Now check again the MAC

Address table on switch.

Now check again the MAC Address table

on switch.

 One interesting thing that you may

notice here is the type. Switch learns
this address dynamically but it is
showing as STATIC. This is the magic
of sticky option, which we used with
port security command. Sticky option
automatically converts dynamically
learned address in static address.

Switchport port security

testing
In our topology
we have one
additional PC. Assume that, this is
the cracker's PC. To gain
unauthorized access in network he
unplugged the Ethernet cable from
pc (PC0) and plugged in his pc (PC1).

 Click red X button on the right hand

partition of packet tracer window and place
the X over the connection between Switch
and PC0. This will remove the connection.
Click lightning bolt button on the bottom
left-handed corner and click copper
straightthrough connection.
Click PC1 and select FastEthernet port. Next
click Switch and select the same F0/1 port.
From the command prompt of PC1 try to
ping the Server IP.

What happened this time? Why ping

command did not get response from
server? Because switch detected the
mac address change and shutdown the
port.

Verify port security

We have three commands to verify the port
security
show port-security
This command displays port security
information about all the interfaces on switch.
show port-security address
Display statically defined or dynamically
learned address with port security.
show port-security interface interface
Display port security information about the
specific interface.

How to reset an interface

that is disabled due to
When
an interface is
due tosecurity
port security
violation
ofdown
port

violation, we have two options to bring it back. First

is following global configuration mode command
Switch(config)# errdisable recovery cause psecureviolation
This command neither includes in CCNA exam nor
available in packet tracer.
Second option is manually restart the interface.
Unplugged cable from unauthorized pc and plugged
back it to authorized pc.
Run following commands on switch and test
connectivity from pc

THANK

YOU!!!!!