FACULTY OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY UNIVERSITY SELANGOR

FUNDAMENTAL OF COMPUTER NETWORK IAD 2313

CYBER WARFARE AND PHYSICAL SECURITY

Nur Fatin Binti Jamal 3112031551 Diploma in Information Technology

INTRODUCTION

Cyber warfare refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation. Government security expert Richard A. Clarke, in his book Cyber War (May 2010), defines "cyber warfare" as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption. The Economist describes cyberspace as "the fifth domain of warfare, and William J. Lynn , U.S. Deputy Secretary of defense, states that "as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare has become just as critical to military operations as land, sea, air, and space. Physical security describes measures that are designed to deny access to unauthorized personnel (including attackers or even accidental intruders) from physically accessing a building, facility, resource, or stored information and guidance on how to design structures to resist potentially hostile acts. Physical security can be as simple as a locked door or as elaborate as multiple layers of barriers, armed security guard and guardhouse placement.

CYBER WARFARE AND PHYSICAL SECURITY Cyber warfare Cyber warfare is Internet-based conflict involving politically motivated attacks on information and information systems. Cyber warfare attacks can disable official websites and networks, disrupt or disable essential services, steal or alter classified data, and cripple financial systems -among many other possibilities. Physical security Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise. Physical security is often overlooked (and its importance underestimated) in favor of more technical and dramatic issues such as hacking, viruses, Trojans, and spyware.

THE HISTORY OF CYBER WARFARE

LITERATURE REVIEW Discussion of cyber warfare tends to focus on weakening or disrupting a physical critical core infrastructure. Critical infrastructures are systems and assets that if destroyed, would have an impact on physical security, economic security, public health or safety. Some have argued that meaningful, sustainable damage to critical infrastructure is likely through cyber warfare tactics. War planners with goals of economics damage or decrease quality of live could achieve these ends at relatively low cost without attempts to physically attack the critical infrastructure itself. Much of the work to carry out attack of non-critical infrastructures could be done by a worldwide network of volunteers who might not even be aware of the motivation of the war planners.

SURVEILLANCE SYSTEM Historically, public health surveillance has combined two different activities: case and statistical surveillances. Case surveillance, which is focuses on individuals, or sometimes small groups of individuals, has been used for communicable diseases capable of causing great harm to the entire population if allowed to spread. In contrast, statistical surveillance uses populations to identify differentials and trends that can inform public health policymaking, including the allocation of resources (STOTO 2008).

SOCIAL ENGINEERING Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what used to be called a "con game." For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network's security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses.

AUTHENTICATION AND ACCESS CONTROL Authentication and access control measures should ensure appropriate access to information and information processing facilities including mainframes, servers, desktop and laptop clients, mobile devices, applications, operating systems and network services and prevent inappropriate access to such resources. Authentication Modern computer systems provide services to multiple users and require the ability to accurately identify the user making request. In traditional systems, the user's identity is verified by checking a password typed during the login the system record the identity and use it to determine what operations may be performed. The process of verifying the user's identity is called authentication. Access Control The purpose of access control is to limit the actions or operations that a legitimate user of a computer system can perform. Access control constrains what a user can do directly, as well as what programs executing on behalf of the users are allowed to do. In this way access control seeks to prevent activity that could lead to a breach of security. Access control relies on and coexists with other security services in a computer system. Access control is concerned with limiting the activity of legitimate users. It is enforced by a reference monitor which mediates every attempted access by a user (program executing on behalf of that user) to objects in the system.

BIOMETRICS APPLICATION Biometrics is the science and technology of measuring and analyzing biological data. In information technology, biometrics refers to technologies that measure and analyze human body characteristics, such as DNA, fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes.

ELECTRONIC PASSPORT, NATIONAL ID, SMART CARD SECURITY An electronic passport is the same as a traditional passport with the addition of small integrated circuit embedded in the back cover. The chips add digital security features that show the passport is authentic and the information in the chip has not been altered. These features prevent counterfeiting and better link the passport to his owner. A national identity card is a portable document, typically a plasticized card with digitallyembedded information, that someone is required or encouraged to carry as a means of confirming their identity. Since the World Trade Center tragedy of September 11, 2001, many countries have discussed issuing national identity cards as a way to distinguish terrorists from the law-abiding population. A smart card resembles a credit card in size and shape, but inside it is completely different. First of all, it has an inside a normal credit card is a simple piece of plastic. The inside of a smart card usually contains an embedded microprocessor. The microprocessor is under a gold contact pad on one side of the card. Think of the microprocessor as replacing the usual magnetic stripe on a credit card or debit card.

BIOMETRICS TEMPLATE PROTECTION AND LIVELINESS DETECTION Template protection: 1. 2. 3. 4. 5. 6. Cross matching Identity theft Hill climbing attack Sensitive private information Legislation Protection of the biometric identity

Liveliness protection Various liveliness detection method have been conceived and indeed implemented in some device. Liveliness detection can be performed in a biometrics device either at the acquisition stage or at the processing stage. Its is generally implemented into a system in one of three ways by adding hardware, by using the information already captured by the device or by using liveliness information inherent to the biometrics. Adding a new hardware is often expensive, bulky, and always not effective as we would expect. 7

CONCLUSION Cyber warfare is a complex, fast-evolving political and technological phenomenon which can only be understood and managed if placed within a framework of national strategy. National strategy must itself be reviewed and adapted if it is to take proper account of cyber warfare. We examined certain peculiarities of cyber warfare, such as the problem of attributing an attack and of establishing the aggressors intent. From government to major corporation, cyber attacks are growing rapidly in scope and frequency across the globe. These attacks may soon be considered an act of war so having the latest information security training is becoming increasingly important.To be prepared for the future, you must also learn from the past.

REFERENCES Micheal A.Vatis(2001) Cyber attacks during the war on terrorism.lyme hanover:retrived september 22,2001. Bori toth(2005) Biometrics liveliness detection,swittzerland:CHI. Margaret Rouse(2006),Social engineering and cyber warfare:retrived october 2006,from searchsecurity techtarget.com/definition/social engineering. T.B.L kirkwood(1977).Biometrics.England:International biometrics society

Nur Fatin Binti Jamal 3112031551 Submitt:1 june 2012