QNS(3 computer security is the process of preventing and detecting unauthorized use of your

computer. It involves the process of safeguarding against intruders from using your computer
resources for malicious intents or for their own gains (or even gaining access to them
accidentally).
Prevention of data theft such as bank account numbers, credit card information,
passwords, work related documents or sheets, etc. is essential in todays communications
since many of our day to day actions depend on the security of the data paths.
Data present in a computer can also be misused by unauthorized intrusions. An intruder
can modify and change the program source codes and can also use your pictures or email
accounts to create derogatory content such as pornographic images, fake misleading and
offensive social accounts.
Malicious intents can also be a factor in computer security. Intruders often use your
computers for attacking other computers or websites or networks for creating havoc. Vengeful
hackers might crash someones computer system to create data loss. DDOS attacks can be
made to prevent access to websites by crashing the server. Above factors imply that your
data should remain safe and confidential. Therefore, it is necessary to protect your computer
and hence the need for Computer Security arises.
Computer security attempts to ensure the confidentiality, integrity, and availability of
computing systems' components.
Confidentiality:- Only authorized users can access the data resources and
information.
Integrity:- Only authorized users should be able to modify the data when needed.
Availability:- Data should be available to users when needed.
Authentication:- are you really communicating with whom you think you are
communicating with
Three principal pieces of a computing system are subject to attacks are:- hardware,
software, and data. These three, and the communications among them, constitute the basis of
computer security vulnerabilities. In turn, those people and systems
compromising a system can devise attacks that exploit the vulnerabilities.

interested in

This chapter has identified four kinds of attacks on computing systems namely: interception,
interruption,modification, and fabrication.
I.

Interception refers to the situation that an unauthorized party has gained access to a
service or data. A typical example of interception is where communication between
two parties has been overheard by someone else. Interception also happens when data
are illegally copied, for example, after breaking into a persons private directory in a

II.

file system.
Modifications involve unauthorized changing of data or tampering with a service so
that it no longer adheres to its original specifications. Examples of modifications
include intercepting and subsequently changing transmitted data, tampering with
database entries, and changing a program so that it secretly logs the activities of its

III.

user.
Fabrication refers to the situation in which additional data or activity are generated
that would normally not exist. For example, an intruder may attempt to add an entry
into a password file or database. Likewise, it is sometimes possible to break into a

IV.

system by replaying previously sent messages.

Interruption is when a file is corrupted or lost. In general, interruption refers to the
situation in which services or data become unavailable, unusable, destroyed, and so
on. In this sense, denial of service attacks by which someone maliciously attempts to
make a service inaccessible to other parties is a security threat that classifies as
interruption.

Four principles affect the direction of work in computer security. By the principle of easiest
penetration, a computing systempenetrator will use whatever means of attack is the easiest;
therefore, all aspects of computing system security must be considered at once. By the
principle of timeliness, a systemmust be protected against penetration only so long as the
penetration has value to the penetrator. The principle of effectiveness states that controls
must be usable and used in order to serve their purpose. And the weakest link principle states
that security is no stronger than its weakest point. Controls can be applied at the levels of the
data, the programs, the system, the physical devices, the communications links, the
environment, and the personnel. Sometimes several controls are needed to cover a single
vulnerability, and sometimes one control addresses many problems at once.

Chapter two has examined the basic processes of encryption and cryptanalysis. It is
describing what might be called "toy cryptosystems" because they illustrate principles of
encryption but are not suitable for real use. Those cryptosystems allowed us to introduce the
two basic methods of encipherment substitution and transposition or permutation as well as
techniques of cryptanalysis.
Then, it has examined three "real" cryptosystems: DES, AES, and RSA, two symmetric
and one asymmetric, which are used daily in millions of applications. We presented the
characteristics of these cryptosystems, focusing on where they come from and how they are
used, but not necessarily how they work.
Finally, it has introduced several very important and widely used applications of
cryptography: hash functions, key exchange protocols, digital signatures, and certificates.
Key exchange, especially with public key cryptography, is used by almost everyone. For
example, any time a user enters "secure" (HTTPS) mode on a browser, a key exchange
protocol is involved. Digital signatures give us a reliable means to prove the origin of data or
code. To support digital signatures, cryptographic hash codes offer a fast, fairly reliable way
of determining whether a piece of data has been modified between sender and receiver.
Finally, certificates and their distribution allow us to trust information fromsomeone or
someplace else, even if we do not have direct interaction. With these tools symmetric
encryption, public key encryption, key exchange protocols, digital signatures, cryptographic
hash codes, and certificates we are ready to study how threats in major application areas
(such as program code, operating systems, database management systems, and networks) can
be countered with controls, some of which depend on cryptography.
Chapter three explains about development issues in computer security: the kinds and
effects of security flaws, both unintentional and in malicious code, and the techniques that
can help to control threats. Malicious code receives a great deal of attention in the media; the
colorfulterminology certainly draws people to stories about it, and the large numbers of
affected systems ensure that major malicious code attacks get wide visibility. But it is
important for us to realize that the seriousness of the threat and the degree of vulnerability
should also cause people to pay attention. The total amount of damage already done is not
measurable, but it is certainly large. Many successful attacks go undetectedfor now, at least.

With the explosive growth in connectivity to massive public networks such as the Internet,
the exposure to threats is increasing dramatically. Yet the public continues to increase its
reliance on computers and networks, ignoring the obvious danger.
In this chapter, the writer considered two general classes of security flaws: those that
compromise or change data and those that affect computer service. There are essentially three
controls on such activities: development controls, operating system controls, and
administrative controls. Development controls limit software development activities, making
it harder for a developer to create malicious programs. These same controls are effective
against inadvertent mistakes made by developers. The operating systemprovides some degree
of control by limiting access to computing systemobjects. Finally, administrative controls
limit the kinds of actions people can take.
These controls are important for more than simply the actions they prohibit. They have
significant positive effects that contribute to the overall quality of a system, fromthe points
of view of developer, maintainer, and user. Programcontrols help produce better software.
Operating systems limit access as a way of promoting the safe sharing of information among
programs. And administrative controls and standards improve systemusability,reusability,
andmaintainability. For all of them, the security features are a secondary but important
aspect of the controls' goals.
Program controls are part of the more general problemof limiting the effect of one user on
another. In the next chapter, we consider the role of the operating systemin regulating user
interaction