Unit-6 : System Security

A intruder is anyone or anything that tries to get access to any part of your computer system. An intruder is typically referred to as a hacker. Hackers are known to use automated computer programs to compromise your computer’s security system.

Types of intruders in network security

Computer intruders are basically divided into the following three categories:


These intruders are not authorized to use the system but still find ways to exploit the user’s privacy and confidential information.


A misfeasor is authorized to use the system but misuses its access and privileges. 

Clandestine User

These intruders have supervision powers over the entire system and misuse this control. Clandestine users typically use their power for financial gains.

No matter the type of intruder, each one can cause severe damage to your computer and your personal information.

various ways used by intruders

ntruders can get into your computer in a number of ways. One common method is through the use of malware, which is software designed to infiltrate your system and give attackers access to your data.

Another way intruders can gain access to your computer is through phishing attacks, which involve tricking you into revealing sensitive information such as your login credentials.

Finally, intruders can also take advantage of security vulnerabilities to gain access to your system. Once they have gained access, intruders can then install programs that allow them to spy on your activities or even take control of your computer.

Hackers also use other means to try to get into computers. This can include:

  • Using default passwords
  • Using personal information such as names, family members’ names, addresses, phone numbers, etc.
  • Attacking the host’s connection and remote user to gain entry through the connection gateway
  • Trying combinations of all applicable information relevant to the user

Knowing the different ways that hackers can get into your computer is important so that you can take action to prevent them. This can include creating stronger passwords and better protecting your files.

What is a Computer Virus?

A computer virus is a malicious code or program that is written to change the way a computer operates. It is designed to spread from host to host and can replicate itself.

It inserts or attaches itself to a legitimate program or document that supports macros to execute the code. By doing this, a virus can damage the software and destroy data.

How to check if your computer has a virus

You may want to check if your computer has a virus if you begin to notice one or several of these symptoms:

  • Frequent pop-up windows

These pop-ups may want you to visit unusual sites or encourage you to download bogus software programs.

  • Mass emails being sent from your account

When you notice emails are being sent out to many people without your knowledge, your computer may have a virus.

  • Frequent crashes

A virus can severely damage your hard drive and cause it to freeze and crash a lot.

  • Slower than normal performance

When you notice your computer is taking forever to complete a task, you may want to check for a virus.

Different types of viruses

There are many different types of computer viruses. Here are five of the most common ones:

  1. Resident Virus

This one attacks your RAM and system operations.

  1. Multipartite Virus

This infects the entire system by performing unauthorized actions in your folders, programs, and operating system.

  1. Browser Hijacker

This virus infects your browser and redirects you to malicious websites.

  1. Overwrite Virus

By overwriting files to infect entire folders, files, and programs, this virus can do severe damage to your computer.

  1. File Infector

This virus slows down programs and damages system files by targeting executable files.

If you discover your computer has one of these viruses or a different one, you want to get the problem taken care of as soon as possible to prevent even further damage.

How to remove a virus from your computer

One of the easiest ways to get rid of a virus from your computer is to use anti-virus software or service. This works by performing a scan to detect the problem and giving you onscreen instructions to fix it.

You can also remove a virus from your computer by:

  • Using the Task Manager
  • Using a Command Prompt
  • Using Safe Mode

Firewall design principles

Internet connectivity is no longer an option for most organizations. However, while internet access provides benefits to the organization, it enables the outside world to reach and interact with local network assets. This creates the threat to the organization. While it is possible to equip each workstation and server on the premises network with strong security features, such as intrusion protection, this is not a practical approach. The alternative, increasingly accepted, is the firewall.

The firewall is inserted between the premise network and internet to establish a controlled link and to erect an outer security wall or perimeter. The aim of this perimeter is to protect the premises network from internet based attacks and to provide a single choke point where security and audit can be imposed. The firewall can be a single computer system or a set of two or more systems that cooperate to perform the firewall function.

2. Firewall characteristics:

·        All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall.

·        Various configurations are possible.  


·        Only authorized traffic, as defined by the local security policy, will be allowed to pass.

·        Various types of firewalls are used, which implement various types of security policies.  


·        The firewall itself is immune to penetration. This implies that use of a trusted system with a secure operating system. This implies that use of a trusted system with a secure operating system.  

Four techniques that firewall use to control access and enforce the site‟s security policy is as follows:

1.     Service control – determines the type of internet services that can be accessed, inbound or outbound. The firewall may filter traffic on this basis of IP address and TCP port number; may provide proxy software that receives and interprets each service request before passing it on; or may host the server software itself, such as web or mail service.  

2.     Direction control – determines the direction in which particular service request may be initiated and allowed to flow through the firewall.

3.     User control – controls access to a service according to which user is attempting to access it.  

4.     Behavior control – controls how particular services are used.

Capabilities of firewall

A firewall defines a single choke point that keeps unauthorized users out of the protected network, prohibits potentially vulnerable services from entering or leaving the network, and provides protection from various kinds of IP spoofing and routing attacks.  

A firewall provides a location for monitoring security related events. Audits and alarms can be implemented on the firewall system.  

A firewall is a convenient platform for several internet functions that are not security related.  

A firewall can serve as the platform for IPsec.  

3. Limitations of firewall

·        The firewall cannot protect against attacks that bypass the firewall. Internal systems may have dial-out capability to connect to an ISP. An internal LAN may support a modem pool that provides dial-in capability for traveling employees and telecommuters.  

·        The firewall does not protect against internal threats. The firewall does not protect against internal threats, such as a disgruntled employee or an employee who unwittingly cooperates with an external attacker.  

·        The firewall cannot protect against the transfer of virus-infected programs or files. Because of the variety of operating systems and applications supported inside the perimeter, it would be impractical and perhaps impossible for the firewall to scan all incoming files, e-mail, and messages for viruses.  

4 Types of firewalls

There are 3 common types of firewalls.

·        Packet filters  


·        Application-level gateways  


·        Circuit-level gateways  

Packet filtering router

A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet. The router is typically configured to filter packets going in both directions. Filtering rules are based on the information contained in a network packet:

·        Source IP address – IP address of the system that originated the IP packet.   Destination IP address – IP address of the system, the IP is trying to reach.   Source and destination transport level address – transport level port number.   IP protocol field – defines the transport protocol.  

·        Interface – for a router with three or more ports, which interface of the router the packet come from or which interface of the router the packet is destined for.

The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header. If there is a match to one of the rules, that rule is invoked to determine whether to forward or discard the packet. If there is no match to any rule, then a default action is taken.

Two default policies are possible:

· Default = discard: That which is not expressly permitted is prohibited.   

· Default = forward: That which is not expressly prohibited is permitted.  

The default discard policy is the more conservative. Initially everything is blocked, and services must be added on a case-by-case basis. This policy is more visible to users, who are most likely to see the firewall as a hindrance. The default forward policy increases ease of use for end users but provides reduced security.

5. Advantages of packet filter router

·  Simple  

·  Transparent to users  

Very fast  

Weakness of packet filter firewalls

·       Because packet filter firewalls do not examine upper-layer data, they cannot prevent attacks that employ application specific vulnerabilities or functions.  

·         Because of the limited information available to the firewall, the logging functionality present in packet filter firewall is limited.  

·         It does not support advanced user authentication schemes.  

·        They are generally vulnerable to attacks such as layer address spoofing.

Some of the attacks that can be made on packet filtering routers and the appropriate counter measures are the following:

·       IP address spoofing – the intruders transmit packets from the outside with a source IP address field containing an address of an internal host.  

Countermeasure: to discard packet with an inside source address if the packet arrives on an external interface.  

·        Source routing attacks – the source station specifies the route that a packet should take as it crosses the internet; i.e., it will bypass the firewall.

·     Tiny fragment attacks – the intruder create extremely small fragments and force the TCP header information into a separate packet fragment. The attacker hopes that only the first fragment is examined and the remaining fragments are passed through.  

Countermeasure: to discard all packets where the protocol type is TCP and the IP fragment offset is equal to 1.  

6. Application level gateway

An Application level gateway, also called a proxy server, acts as a relay of application level traffic. The user contacts the gateway using a TCP/IP application, such as Telnet or FTP, and the gateway asks the user for the name of the remote host to be accessed. When the user responds and provides a valid user ID and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two endpoints.

Application level gateways tend to be more secure than packet filters. It is easy to log and audit all incoming traffic at the application level. A prime disadvantage is the additional processing overhead on each connection.

7 Circuit level gateway

Circuit level gateway can be a stand-alone system or it can be a specified function performed by an application level gateway for certain applications. A Circuit level gateway does not permit an end-to-end TCP connection; rather, the gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outer host. Once the two connections are established, the gateway typically relays TCP segments from one connection to the other without examining the contents. The security function consists of determining which connections will be allowed.

A typical use of Circuit level gateways is a situation in which the system administrator trusts the internal users. The gateway can be configured to support application level or proxy service on inbound connections and circuit level functions for outbound connections.

Basiton host

It is a system identified by the firewall administrator as a critical strong point in the network‟s security. The Bastion host serves as a platform for an application level and circuit level gateway.

Common characteristics of a Basiton host are as follows:

·        The Bastion host hardware platform executes a secure version of its operating system, making it a trusted system.

·        Only the services that the network administrator considers essential are installed on the Bastion host.

·        It may require additional authentication before a user is allowed access to the proxy services.

·        Each proxy is configured to support only a subset of standard application‟s command set.

·        Each proxy is configured to allow access only to specific host systems.  

·        Each proxy maintains detailed audit information by logging all traffic, each connection

·         and the duration of each connection.  

·        Each proxy is independent of other proxies on the Bastion host.  

·        A proxy generally performs no disk access other than to read its initial configuration file.   

·        Each proxy runs on a non privileged user in a private and secured directory on the Bastion host.