Program flaws may be intentional and unintentional. There are 3types of programming flaws. By selecting unintentional or intentional program flaws that persist over the years and are the main cause of today's security breaches.

1) Buffer overflows involves putting more information in space than it can hold; thereby overriding potentially useful or crucial data or data. 2) Incomplete mediation - using non sensible data to gain access to computing systems. 3) Time of check to limo of use error -access control is key principal in computer security...- only those with access rights to a computers resources should be allowed to access that resource. The Separated access should be governed by access policy of who is allowed access of what rescores. And mediated by an access enforcement agent. The time of Check to time of use problem is about" bait and switch" mediation in the middle. It is sometimes called serialization or synchronization it involves the possibility of change in a file or access rights between time of access and time of result, thereby making the result of the check invalid. This condition is a consequence of ineffective access control.

Remedies: 1) Secure parameters from being exposed during loss of control. 2) Allow access checking software to own the request data until the request completes. 3) Allow no interruption during validation 4) Vote validation routine to seal the requested data with a checksum to detect modification.

Most of us do not know what is on our PC of the purpose of each File. Someone or entity could modify, add, or delete certain files on our computer and most of us would not Know. Malicious coder's uses this assumption too infiltrates our computing systems and invades our Privacy, and then steal, modify, or Add to our programs and /or data. Possible effects of malicious code with some example of their use in intercepting or modifying data. Malicious code a rogue program or subprogram designed to cause damage.

The only things that will calm things down is international cooperation as well as better software and political understanding and willingness to listen to and implement appropriate security regulations.

Malicious code: a rogue program or subprogram to cause damage: Malicious code does not include unintentional errors in code. Malicious code runs under the user authority, but it can read, write, delete, modify and append without the users permission or knowledge.

Example: 1) Virus: 2) Worm: unlike a very that can reproduce itself and transmit itself through a network. 3) Trojan horse: program doing something you dent know about. 4) Logic bomb: Time bomb that is activated at a certain time where conditions are met. 5) Trapdoor or a backdoor. Access to a program without your knowledge.

Virus transmission is done through email. Macros, auto-run, helper app. Figure 3-7 in the book shows file directory.

Virus gaining control of a computer-it has to be involved in prefers to a target File.

Appealing qualifies of a virus 1) Hard to detect. 2) Not easily or destroyed or deactivated 3) Spread infection widely 4) Can infect or re infect its home program or other programs even when it looks like it has been removed. 5) Easy to create. 6) Machine and operating independent.

Execution of a virus. 1) one time 2) on system startup & re-boot 3) Every activation of a program.

Convenient places for virus location.

virus recognition: 1) signature & patterns 2) polymorphic viruses 3) encrypted virus The Chinese Wall Model is a security model where read/write access to files is governed by membership of data in conflict-of-interest classes and datasets. This is the basic model used to provide both privacy and integrity for data.Network security:

Chapter 7.

Description of computer networks.

Client Medium/Bus Server Node A Node B

Simplest Network

n2n3

Workstation - end user computing device that often have powerful processors and reasonably large main and auxiliary memory to allow it to perform sophisticated data manipulation.

The biggest difference between a network and a stand alone computer device is the environment in which it operates. A stand alone device typically operate in a protected environment while the operating environment vary.

Typical characteristics of a network operating environment

a) anonymity b) automation c) Distance d) Opaqueness (transparency) e) Routing diversity which is typically dynamic

Network Topology.

The three dimensions of network that have something to do with security. 1) Boundary: where a network stops and another begins 2) Ownership 3) Control.

Modes of communication on computing networks 1) Analog ( continuous data Streams) 2) Digital (discrete date Streams) 3) Mixed (combination of analog and digital data streams accommodated with modem or other analogy to digital on digital to analog converters)

ISDN end-end digital


Chines Wall
The Chinese Wall Model is a security model where read/write access to files is governed by membership of data in conflict-of-interest classes and datasets. This is the basic model used to provide both privacy and integrity for data.
Different types of communication Media 1) cable copper: twisted pair. Unshielded twisted pair. 2) Wireless