 Hello. You're watching Computer Science 101 at James Madison University. I'm Chris Mayfield. And this week, we're talking about computer security, also known as cybersecurity. And a lot of this material is not in the book this week, so make sure you grab a copy of these slides off the course website. Just to make a connection to what we talked about last week with the World Wide Web, that's what WW stands for. And here we have a constellation picture of what the internet looks like if each one of these little dots in the constellation is an IP address. But really, another way of looking at WWW is it's the Wild Wild West. Pretty much anything goes on the internet these days. And there's a lot of work and a lot of demand for computer security solutions. So let's have a little bit of a reality check to see why this is the case. One, as we talked about in class, the internet is an open network. Now, that's great. The designs are in the public domain. It's built by the people, for the people. Pretty much anyone can send a packet anywhere they want. Now, on the other end, you don't have to receive those packets. But there's nothing filtering or stopping packets in general. There are, of course, nation states that filter the traffic of their citizens, and that's a different issue. One of the big issues here in the United States is that of network neutrality. And the debate whether all packets on the internet should be treated equally. If ISPs and governments should not discriminate and say, oh, this traffic is more important than that traffic, and we're going to charge more for users of Netflix, for example, because they have to stream all this video. And so that's, you know, but by and large, the internet itself is open and packets flow freely. And this openness is what has driven innovation. A lot of new applications have come up in the last 10, 15 years. Everything ranging from Google, Facebook, Twitter, Amazon, and so forth, because of this openness. And new applications are coming out all the time because nobody has to pay, for example, a royalty fee in order to innovate on the internet. Now, that said, what does security mean in this type of environment? Well, for the purposes of this class, we'll define security as the right to control your information or your property. So if you have files, if you have an identity, if you have a phone, or so forth, that's yours, and you have the right to control that. And other people shouldn't have access unauthorized to either your devices or your identity or your information. So really, in terms of security, we want to allow or restrict access in this wild, wild West anything goes type of environment. Now, computer security itself is a branch of information security, and you can read about all these different things here on Wikipedia, for example. But a simple definition is that we want to defend from unauthorized access, use, disclosure, disruption, et cetera, all of those different words that are described there. Now, typically, security analysts think about three main goals or fundamental aspects of security, and this is called the CIA triad. Note that CIA is not central intelligence agency. That's a different use of the acronym. So you really should memorize all three of these terms because they help us understand what different aspects of security are. So the three fundamental aspects are confidentiality, integrity, and availability. Let me talk a little bit about what each one means. Now, confidentiality means that if you have secret or private information, that should remain confidential, right? So if I'm entering a password into my bank or if I'm sharing some private information in a communication on Facebook or so forth, that should be kept confidential, and if someone's able to eavesdrop or gain that information, then I don't have confidentiality. Integrity means that the data is not only confidential, but I don't want it to be corrupted. So if I send an email, for example, in theory, somebody could intercept that email, change the words, and send it on as if I had sent it. And in a secure system, I would have integrity. Things that are from me truly are from me and haven't been tampered with. This is also the case with, say, bank accounts, right? Banks don't want account balances to be tampered with if the data is put in the bank databases should remain with good integrity and not corrupted or altered. And finally, we have availability, which is that if I have a surface, like a bank, it should be up all the time. I shouldn't allow, say, a hacker to come and take down the website so that my customers can't access their bank accounts or can't log in to edit their schedules or you name it, you know, if Amazon or Facebook goes down, it's like the end of the world, right? So availability is actually an aspect of security. So these three aspects change the way that we store and process and transmit information. These are different dimensions that we think about these security issues. So let's talk a little bit about what can go wrong or what type of solutions we have to these problems. And we'll use the terminology threats and solutions when talking about these different aspects. Now, a lot of these are mentioned in the book. So let's take a look first at chapter three, which talks about operating systems and discuss what kind of threats we have there. So one, unauthorized access that somebody logging in as an administrator who should not be on the computer. Insecure passwords is a threat because if somebody guesses a bad password, then they have access to the system as that user malicious processes. So these are ones that try to disrupt the machine itself. If you can get some malware on a machine and it either destroys information or makes it so your computer is slow, that is a threat. Vulnerabilities in the OS itself. So I guess you may have seen in the news recently about the bash bug and how that's affecting a lot of Linux and Mac servers throughout the internet. And this is a serious issue, right? Because vulnerabilities allow hackers and nation states and others to take advantage of computer systems and cause damage. And finally, we have keyloggers and sniffers, which is a little bit of software running on your computer that monitors all of your keyboard and mouse information. So every time I type it's basically saving all the letters I've typed into a file. And then the attacker could say pick up this file at the end of the day and know everything that was typed, including passwords or bank account information and so forth. So some of the solutions for these problems are features of operating systems, like having different permissions for user accounts, having different password policies. When you have to change your password on our school registration system, my Madison, it forces you to have certain types of features like a letter and a number and a character and so forth. And there's also auditing that makes sure that your account was accessed in particular patterns. If all of a sudden you had to log in 300 times in a single minute, that's probably an indication to the system that a human being is not doing that type of activity. We'll talk about CPU privileged instructions in class. So this is an OS security machine level mechanism that's in place to allow only the operating system to execute certain instructions on the machine and that prevents other processes from becoming as privileged as the operating system. Of course, we all know about security updates. We're always installing those on our phones and on our desktops and whatever and trying to keep these vulnerabilities patched. And in terms of malicious software like Keyloggers, it's important that we install software from trusted sources. So typically on a phone or on a Linux machine or on a Mac, there's repositories where we download all of our software from. We don't just go to random websites and download software. We usually get them out of the App Store or the Play Store or some kind of repository that has been digitally signed and maintained by a committee of people that keep an eye on the source code. And that's a lot better nowadays in terms of software distribution of what we used to have 10 years ago and it prevents people from getting sort of these random pieces of software. That's not to say though that people won't put malicious code into the App Store. We have to be vigilant about that and it's an ongoing battle that we'll have forever. Let's talk a little bit about network security. So now that we have computers plugged in together over the internet, we have to worry about unauthorized access, the spread of viruses and worms, Trojan horses, spyware, phishing, denial of service. And we mentioned each of these in class briefly yesterday. Let me just define them again in the video. So unauthorized access is somebody hacking into your machine and running software as if they were you. A virus is a computer program that attaches itself to another program and then goes around effecting you want to get those programs to run so that the virus code will actually run. A worm on the other hand is not attached to a running program. It's an independent program and they're designed to spread very quickly. So once they infect your account, they'll look at all of your contacts or your friends list and send itself to all of your friends and other contacts. A Trojan horse is a program that looks desirable, something that you would want to install. Sometimes you see these sites on the internet and your computer's at risk. You need to install this free security software that will help keep you secure. Really all it is is a Trojan horse. If you download and run it, now it's infected your computer and allows attackers to control your computer remotely and while at the same time telling you that you're safe. Spyware is software that like sniffers and key loggers is trying to track what you're doing and try to use that either for commercial or legal purposes. Phishing is giving you a website like it looks like your bank and it wants you to log in and confirm your password or change something and really all they're doing is collecting your login information. Denial of Service is having an attack where you overwhelm a server and it no longer can perform its function and serve legitimate users because all of the millions or more of computers that were taken over by hackers are now hammering the website. So here's some solutions for these types of problems. Of course, this list is not exhaustive. I just want to give you a general idea of what sort of things are out there and what techniques we have. You've heard of firewalls. Firewalls essentially filter packets. So for example, JMU has a firewall that prevents traffic to its internal systems from off campus, right? You can't actually access certain machines on JMU unless you're on a JMU IP address. And firewalls can be implemented as a hardware device or as a software program. In fact, most operating systems now have firewalls built into them at the software level. Antivirus software may or may not help you about viruses. I've heard all sorts of different percentages of how effective they are anywhere from 20 to 80%. Some claim 90 something percent on certain types of viruses, but really we don't know how effective they are because the viruses that go undetected it's not like you can say how many of those you're catching, right? So you really have to, you should use antivirus software, but you should also recognize that they're not 100% effective, particularly for unknown threats. Intrusion detection is another method that you can use to monitor network access patterns. And an IT administrator typically keeps an eye on intrusion so I can tell a funny story. One of the high schools where we're offering this 101 course, all were trying to do their very first lab with SSH and because their high school has a single IP address for all of their machines, when they started trying to connect to JMU campus, JMU shut them down and they were unable to connect anymore because it appeared that 10 people were trying to SSH from the same IP address in a very short amount of time. So intrusion detection systems help block both unauthorized access and Trojan horse and other suspicious activities that open up communications channels or have an access pattern that doesn't look typical. Content filtering software keeps an eye on not only the packet patterns, but what's in the packets and trying to look for suspicious binary signatures of known malware. There's also education, which I would say is a huge aspect of all of this. And part of taking this course for you is to become educated to what types of attacks and security issues there are so that you can make informed choices about your own computer usage. And you know when you have to change your password, at least at JMU, you have to go through security training for 10 or 15 minutes, well in theory, if you don't just click next, next, next, so that you can become educated about protecting your username and password. And finally, for denial of service, some firewalls will redirect or drop packets at random, but it's really hard to drop the right packets and not deny service for legitimate users.