SlideShare a Scribd company logo

Cyber Crime and Security Ch 1 .ppt

Download as PPT, PDF
W
waleejhaider1

The document discusses cyber security and computer security. It defines key terms like computer security, network security, and internet security. It describes security attacks like passive attacks involving eavesdropping and active attacks involving modifying data. It also discusses security services like confidentiality, authentication, and integrity, and security mechanisms like encryption and digital signatures that are used to provide these security services and counter security attacks. Finally, it presents models for network security and network access security.

Education
1 of 49
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
CS-7303/CS-6303 Cyber Crime and Security/ TE-7116 Cyber Security Sir Syed University of Engineering & Technology, Karachi Dr. Waeej Haider, DoCS&IT
Roadmap  Computer Security  Cyber Security  Attacks  Mutual Trust  Network Security  Computer Security 2
Background  Information Security requirements have changed in recent times (due to attacks on sensitive info.)  Traditionally provided by physical and administrative mechanisms  Computer use requires automated tools to protect files and other stored information  Use of networks and communications links requires measures to protect data during transmission 3
Cyber Crime and Security Ch 1 .ppt
Definitions  Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers  Network Security - measures to protect data during their transmission  Internet Security - measures to protect data during their transmission over a collection of interconnected networks 5
Computer Security  Can be elaborated as:  The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) 6
Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 7 Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyber- threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems. Farrukh Nizami AIT CEP
Key Security Concepts 8
Examples of Security Requirements  confidentiality – student grades  integrity – patient information  availability – authentication service  authenticity – admission ticket  non-repudiation – stock sell order 9
Aspects of Security  consider 3 aspects of information security:  security attack  security mechanism (control)  security service  note terms  threat – a potential for violation of security  vulnerability – a way by which loss can happen  attack – an assault on system security, a deliberate attempt to evade security services 10
Attacks, Services and Mechanisms  Security Attack: Any action that compromises the security of information.  Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.  Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. 11
Threat Actors Threat Actors  Threat actors are individuals or groups of individuals who perform cyberattacks. They include, but are not limited to: • Amateurs (self-taught) • Hacktivists (use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change) • Organized crime groups • State-sponsored groups • Terrorist groups  Cyberattacks are intentional malicious acts meant to negatively impact another individual or organization.
Cyber Crime and Security Ch 1 .ppt
Security Attacks 14 Learning Assignment: In the notes (below)
Security Attacks  Passive attacks: are in the nature of eavesdropping on, or monitoring of, transmissions  Goal of the opponent is to obtain information that is being transmitted  Active attacks: involve some modification of the data stream or the creation of a false stream 15
Passive Attack - Interception •This is an attack on confidentiality 16
Passive Attack: Traffic Analysis Observe traffic pattern 17
Active Attack: Interruption Block delivery of message •This is an attack on availability 18
Active Attack: Fabrication Fabricate message •This is an attack on authenticity 19
Active Attack: Replay 20
Active Attack: Modification Modify message This is an attack on integrity 21
Handling Attacks  Passive attacks – focus on Prevention • Easy to stop • Hard to detect  Active attacks – focus on Detection and Recovery • Hard to stop • Easy to detect 22
23 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential  The Consequences of a Security Breach • Not feasible to prevent every attack • Attackers will always find new ways • Ruined reputation, vandalism, theft, revenue lost, damaged intellectual property  Security Breach Example - LastPass • An online password manager • Stolen email addresses, password reminders, and authentication hashes • Requires email verification or multi-factor authentication when logging in from an unknown device • Users should use complex master password, change master password periodically, and beware of phishing attacks Organizational Data The Impact of a Security Breach
24 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential  Internal Security Threats • Can be an employee or contract partner • Mishandle confidential data • Threaten the operations of internal servers or network infrastructure devices • Facilitate outside attacks by connecting infected USB media into the corporate computer system • Accidentally invite malware onto the network through malicious email or websites • Can cause great damage because of direct access  External Security Threats • exploit vulnerabilities in network or computing devices • use social engineering to gain access The Profile of a Cyber Attacker Internal and External Threats
25 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Levels of Impact  can define 3 levels of impact from a security breach  Low  Moderate  High 26
Low Impact  The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.  A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might  (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced;  (ii) result in minor damage to organizational assets;  (iii) result in minor financial loss; or  (iv) result in minor harm to individuals. 27
Moderate Impact  The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.  A serious adverse effect means that, for example, the loss might  (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced;  (ii) result in significant damage to organizational assets;  (iii) result in significant financial loss; or  (iv) result in significant harm to individuals that does not involve loss of life or serious, life-threatening injuries. 28
High Impact  The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.  A severe or catastrophic adverse effect means that, for example, the loss might  (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions;  (ii) result in major damage to organizational assets;  (iii) result in major financial loss; or  (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries. 29
 The following describes some of the ways through which any information systems can be attacked. a. Social Engineering b. Viruses / Trojan Horses / Worms c. Denial of Service (DoS) d. IP Spoofing e. Replay Attack How to do an Attack 30
Social Engineering  Social engineering is a technique used by attackers to gain system access or information by exploiting the basic human instinct to be helpful.  Social engineering exploit are successful because the targeted enterprise lacks an awareness program to educate employees of their security- related duties and responsibilities.  A simple phone call by an intruder to a target posing as a network support guy and asking her username and password to rectify a non existing problem.
Viruses / Trojan Horses / Worms  Virus is malicious code that can plant itself into operating systems and programs and modify them.  Trojan-horse is a virus that is hidden inside a legitimate software. Once the software is installed or downloaded, the malicious code does its thing.  Worm is industry nomenclature for a self-contained program that will replicate itself across a network, infecting each server and workstation it can access.
Denial of Service (DoS)  An attack that targets resources within the network with the intention of reserving resource and keeping legitimate users from gaining access.  During a SYN attack, an enemy workstation will generate a flood of session requests using bogus IP addresses.  The target server begins reserving resources for each request while waiting for the completion of the TCP/IP handshake process.  The expected reply from the enemy workstation never comes but the reserved resources results in the denial of service for the legitimate user.
IP Spoofing  IP spoofing is accomplished when an outside hacker uses a discovered IP address to gain access of a trusted environment from outside the network.  A hacker can obtain a valid IP address in a variety of ways such as social engineering.
Replay Attack  A replay attack occurs when a hacker intercepts a communication between two parties and replays the message.  For instance, a hacker might intercept a credit card transaction between a consumer and a Web site. The hacker then replays the transaction multiple times resulting in multiple debits to the consumers credit account.
Security Service  enhance security of data processing systems and information transfers of an organization  intended to counter security attacks  using one or more security mechanisms  often replicates functions normally associated with physical documents • which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed 36
37 Security Services  Confidentiality (privacy)  Authentication (who created or sent the data)  Integrity (has not been altered)  Non-repudiation (the order is final)  Access control (prevent misuse of resources)  Availability (permanence, non-erasure)  Denial of Service Attacks  Virus that deletes files 37
Security Services  X.800: “a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers”  RFC 2828: “a processing or communication service provided by a system to give a specific kind of protection to system resources” 38
Security Services (X.800)  Authentication - assurance that communicating entity is the one claimed  have both peer-entity & data origin authentication  Access Control - prevention of the unauthorized use of a resource  Data Confidentiality –protection of data from unauthorized disclosure  Data Integrity - assurance that data received is as sent by an authorized entity  Non-Repudiation - protection against denial by one of the parties in a communication  Availability – resource accessible/usable 39
Security Mechanism  a.k.a. control  feature designed to detect, prevent, or recover from a security attack  no single mechanism that will support all services required  however one particular element underlies many of the security mechanisms in use:  cryptographic techniques  hence our focus on this topic 40
Security Mechanisms (X.800) specific security mechanisms: (May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services)  encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization pervasive security mechanisms: (Mechanisms that are not specific to any particular OSI security service or protocol layer)  trusted functionality, security labels, event detection, security audit trails, security recovery 41
Specific security mechanisms Encipherment  The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. Digital Signature  Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient). Access Control  A variety of mechanisms that enforce access rights to resources. Data Integrity  A variety of mechanisms used to assure the integrity of a data unit or stream of data units. 42
Cont…. Authentication Exchange  A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding  The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. Routing Control  Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected. Notarization  The use of a trusted third party to assure certain properties of a data exchange. 43
Pervasive security mechanisms: Trusted Functionality  That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). Security Label  The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Event Detection  Detection of security-relevant events. Security Audit Trail  Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery  Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions. 44
Model for Network Security 45
Model for Network Security  using this model requires us to: 1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information 4. specify a protocol enabling the principals to use the transformation and secret information for a security service 46
Model for Network Access Security 47
Model for Network Access Security  using this model requires us to: 1. select appropriate gatekeeper functions to identify users 2. implement security controls to ensure only authorised users access designated information or resources  note that model does not include: 1. monitoring of system for successful penetration 2. monitoring of authorized users for misuse 3. audit logging for forensic uses, etc. 48
Summary  topic roadmap & standards organizations  security concepts:  confidentiality, integrity, availability  X.800 security architecture  security attacks, services, mechanisms  models for network (access) security 49

More Related Content

PDF
Sec0001 .pdf
mah902110
 
PPTX
Information system security Unit 1.pptx
Dr. Pallawi Bulakh
 
PPT
IT-Security Awareness and Training session
sameerroushan
 
PPT
Security Of Information Assets and why it matters.ppt
hellasassin
 
PDF
Cyber Security
JamshidRaqi
 
PPTX
Cloud Security.pptx
Binod Rimal
 
PPTX
Week 01 - Cryptography and Network Security.pptx
DasunNayanashan
 
PPTX
cyber security presentation.pptx
kishore golla
 
Sec0001 .pdf
mah902110
 
Information system security Unit 1.pptx
Dr. Pallawi Bulakh
 
IT-Security Awareness and Training session
sameerroushan
 
Security Of Information Assets and why it matters.ppt
hellasassin
 
Cyber Security
JamshidRaqi
 
Cloud Security.pptx
Binod Rimal
 
Week 01 - Cryptography and Network Security.pptx
DasunNayanashan
 
cyber security presentation.pptx
kishore golla
 

Similar to Cyber Crime and Security Ch 1 .ppt (20)

PPTX
CH01-CompSec4e.pptx
ams1ams11
 
PPTX
chapter1 Introduction to Software Security.pptx
Lina Shimelis
 
PPTX
CS PPT CHP 1 PART 1-Types of attacks and basics of computer security.pptx
ShreyaChavan28
 
PPTX
IS Unit II.pptx
LAVANYAsrietacin
 
PPT
Information System Security(lecture 1)
Ali Habeeb
 
PPT
Iss lecture 1
Ali Habeeb
 
PPTX
Introduction to Computer Security
Kamal Acharya
 
PPTX
Cyber Sequrity.pptx is life of cyber security
perweeng31
 
PPTX
Computer security
sruthiKrishnaG
 
PPTX
Security in Computer System
Manesh T
 
PPTX
Need for security attacks and threats Chap 2.pptx
sania82678
 
PPT
Intro
JustineJohn3
 
PPT
Network Security
Vipul Mosaic
 
PPTX
CYBER LAW & ETHICS (PART OF THE JNTUH SYLLABUS
deepthikamidi
 
PDF
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 
PPTX
iIIBF Cyber Security Presentation 2.pptx
NarinderKumarBhasin
 
PPTX
unit -ii security1.pptx for Information system management
emjalaraju1
 
PPTX
Chapter- I introduction
Dr.Florence Dayana
 
PDF
Chapter-I introduction
Dr.Florence Dayana
 
PPTX
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
CH01-CompSec4e.pptx
ams1ams11
 
chapter1 Introduction to Software Security.pptx
Lina Shimelis
 
CS PPT CHP 1 PART 1-Types of attacks and basics of computer security.pptx
ShreyaChavan28
 
IS Unit II.pptx
LAVANYAsrietacin
 
Information System Security(lecture 1)
Ali Habeeb
 
Iss lecture 1
Ali Habeeb
 
Introduction to Computer Security
Kamal Acharya
 
Cyber Sequrity.pptx is life of cyber security
perweeng31
 
Computer security
sruthiKrishnaG
 
Security in Computer System
Manesh T
 
Need for security attacks and threats Chap 2.pptx
sania82678
 
Intro
JustineJohn3
 
Network Security
Vipul Mosaic
 
CYBER LAW & ETHICS (PART OF THE JNTUH SYLLABUS
deepthikamidi
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 
iIIBF Cyber Security Presentation 2.pptx
NarinderKumarBhasin
 
unit -ii security1.pptx for Information system management
emjalaraju1
 
Chapter- I introduction
Dr.Florence Dayana
 
Chapter-I introduction
Dr.Florence Dayana
 
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
Ad

Recently uploaded (20)

PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Ad

Cyber Crime and Security Ch 1 .ppt

  • 1. CS-7303/CS-6303 Cyber Crime and Security/ TE-7116 Cyber Security Sir Syed University of Engineering & Technology, Karachi Dr. Waeej Haider, DoCS&IT
  • 2. Roadmap  Computer Security  Cyber Security  Attacks  Mutual Trust  Network Security  Computer Security 2
  • 3. Background  Information Security requirements have changed in recent times (due to attacks on sensitive info.)  Traditionally provided by physical and administrative mechanisms  Computer use requires automated tools to protect files and other stored information  Use of networks and communications links requires measures to protect data during transmission 3
  • 5. Definitions  Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers  Network Security - measures to protect data during their transmission  Internet Security - measures to protect data during their transmission over a collection of interconnected networks 5
  • 6. Computer Security  Can be elaborated as:  The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) 6
  • 7. Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 7 Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyber- threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems. Farrukh Nizami AIT CEP
  • 9. Examples of Security Requirements  confidentiality – student grades  integrity – patient information  availability – authentication service  authenticity – admission ticket  non-repudiation – stock sell order 9
  • 10. Aspects of Security  consider 3 aspects of information security:  security attack  security mechanism (control)  security service  note terms  threat – a potential for violation of security  vulnerability – a way by which loss can happen  attack – an assault on system security, a deliberate attempt to evade security services 10
  • 11. Attacks, Services and Mechanisms  Security Attack: Any action that compromises the security of information.  Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.  Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. 11
  • 12. Threat Actors Threat Actors  Threat actors are individuals or groups of individuals who perform cyberattacks. They include, but are not limited to: • Amateurs (self-taught) • Hacktivists (use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change) • Organized crime groups • State-sponsored groups • Terrorist groups  Cyberattacks are intentional malicious acts meant to negatively impact another individual or organization.
  • 15. Security Attacks  Passive attacks: are in the nature of eavesdropping on, or monitoring of, transmissions  Goal of the opponent is to obtain information that is being transmitted  Active attacks: involve some modification of the data stream or the creation of a false stream 15
  • 16. Passive Attack - Interception •This is an attack on confidentiality 16
  • 17. Passive Attack: Traffic Analysis Observe traffic pattern 17
  • 18. Active Attack: Interruption Block delivery of message •This is an attack on availability 18
  • 19. Active Attack: Fabrication Fabricate message •This is an attack on authenticity 19
  • 21. Active Attack: Modification Modify message This is an attack on integrity 21
  • 22. Handling Attacks  Passive attacks – focus on Prevention • Easy to stop • Hard to detect  Active attacks – focus on Detection and Recovery • Hard to stop • Easy to detect 22
  • 23. 23 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential  The Consequences of a Security Breach • Not feasible to prevent every attack • Attackers will always find new ways • Ruined reputation, vandalism, theft, revenue lost, damaged intellectual property  Security Breach Example - LastPass • An online password manager • Stolen email addresses, password reminders, and authentication hashes • Requires email verification or multi-factor authentication when logging in from an unknown device • Users should use complex master password, change master password periodically, and beware of phishing attacks Organizational Data The Impact of a Security Breach
  • 24. 24 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential  Internal Security Threats • Can be an employee or contract partner • Mishandle confidential data • Threaten the operations of internal servers or network infrastructure devices • Facilitate outside attacks by connecting infected USB media into the corporate computer system • Accidentally invite malware onto the network through malicious email or websites • Can cause great damage because of direct access  External Security Threats • exploit vulnerabilities in network or computing devices • use social engineering to gain access The Profile of a Cyber Attacker Internal and External Threats
  • 25. 25 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
  • 26. Levels of Impact  can define 3 levels of impact from a security breach  Low  Moderate  High 26
  • 27. Low Impact  The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.  A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might  (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced;  (ii) result in minor damage to organizational assets;  (iii) result in minor financial loss; or  (iv) result in minor harm to individuals. 27
  • 28. Moderate Impact  The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.  A serious adverse effect means that, for example, the loss might  (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced;  (ii) result in significant damage to organizational assets;  (iii) result in significant financial loss; or  (iv) result in significant harm to individuals that does not involve loss of life or serious, life-threatening injuries. 28
  • 29. High Impact  The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.  A severe or catastrophic adverse effect means that, for example, the loss might  (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions;  (ii) result in major damage to organizational assets;  (iii) result in major financial loss; or  (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries. 29
  • 30.  The following describes some of the ways through which any information systems can be attacked. a. Social Engineering b. Viruses / Trojan Horses / Worms c. Denial of Service (DoS) d. IP Spoofing e. Replay Attack How to do an Attack 30
  • 31. Social Engineering  Social engineering is a technique used by attackers to gain system access or information by exploiting the basic human instinct to be helpful.  Social engineering exploit are successful because the targeted enterprise lacks an awareness program to educate employees of their security- related duties and responsibilities.  A simple phone call by an intruder to a target posing as a network support guy and asking her username and password to rectify a non existing problem.
  • 32. Viruses / Trojan Horses / Worms  Virus is malicious code that can plant itself into operating systems and programs and modify them.  Trojan-horse is a virus that is hidden inside a legitimate software. Once the software is installed or downloaded, the malicious code does its thing.  Worm is industry nomenclature for a self-contained program that will replicate itself across a network, infecting each server and workstation it can access.
  • 33. Denial of Service (DoS)  An attack that targets resources within the network with the intention of reserving resource and keeping legitimate users from gaining access.  During a SYN attack, an enemy workstation will generate a flood of session requests using bogus IP addresses.  The target server begins reserving resources for each request while waiting for the completion of the TCP/IP handshake process.  The expected reply from the enemy workstation never comes but the reserved resources results in the denial of service for the legitimate user.
  • 34. IP Spoofing  IP spoofing is accomplished when an outside hacker uses a discovered IP address to gain access of a trusted environment from outside the network.  A hacker can obtain a valid IP address in a variety of ways such as social engineering.
  • 35. Replay Attack  A replay attack occurs when a hacker intercepts a communication between two parties and replays the message.  For instance, a hacker might intercept a credit card transaction between a consumer and a Web site. The hacker then replays the transaction multiple times resulting in multiple debits to the consumers credit account.
  • 36. Security Service  enhance security of data processing systems and information transfers of an organization  intended to counter security attacks  using one or more security mechanisms  often replicates functions normally associated with physical documents • which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed 36
  • 37. 37 Security Services  Confidentiality (privacy)  Authentication (who created or sent the data)  Integrity (has not been altered)  Non-repudiation (the order is final)  Access control (prevent misuse of resources)  Availability (permanence, non-erasure)  Denial of Service Attacks  Virus that deletes files 37
  • 38. Security Services  X.800: “a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers”  RFC 2828: “a processing or communication service provided by a system to give a specific kind of protection to system resources” 38
  • 39. Security Services (X.800)  Authentication - assurance that communicating entity is the one claimed  have both peer-entity & data origin authentication  Access Control - prevention of the unauthorized use of a resource  Data Confidentiality –protection of data from unauthorized disclosure  Data Integrity - assurance that data received is as sent by an authorized entity  Non-Repudiation - protection against denial by one of the parties in a communication  Availability – resource accessible/usable 39
  • 40. Security Mechanism  a.k.a. control  feature designed to detect, prevent, or recover from a security attack  no single mechanism that will support all services required  however one particular element underlies many of the security mechanisms in use:  cryptographic techniques  hence our focus on this topic 40
  • 41. Security Mechanisms (X.800) specific security mechanisms: (May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services)  encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization pervasive security mechanisms: (Mechanisms that are not specific to any particular OSI security service or protocol layer)  trusted functionality, security labels, event detection, security audit trails, security recovery 41
  • 42. Specific security mechanisms Encipherment  The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. Digital Signature  Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient). Access Control  A variety of mechanisms that enforce access rights to resources. Data Integrity  A variety of mechanisms used to assure the integrity of a data unit or stream of data units. 42
  • 43. Cont…. Authentication Exchange  A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding  The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. Routing Control  Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected. Notarization  The use of a trusted third party to assure certain properties of a data exchange. 43
  • 44. Pervasive security mechanisms: Trusted Functionality  That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). Security Label  The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Event Detection  Detection of security-relevant events. Security Audit Trail  Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery  Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions. 44
  • 45. Model for Network Security 45
  • 46. Model for Network Security  using this model requires us to: 1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information 4. specify a protocol enabling the principals to use the transformation and secret information for a security service 46
  • 47. Model for Network Access Security 47
  • 48. Model for Network Access Security  using this model requires us to: 1. select appropriate gatekeeper functions to identify users 2. implement security controls to ensure only authorised users access designated information or resources  note that model does not include: 1. monitoring of system for successful penetration 2. monitoring of authorized users for misuse 3. audit logging for forensic uses, etc. 48
  • 49. Summary  topic roadmap & standards organizations  security concepts:  confidentiality, integrity, availability  X.800 security architecture  security attacks, services, mechanisms  models for network (access) security 49