SlideShare a Scribd company logo

Network and Information security_new2.pdf

A
AyanMujawar2

This document discusses computer security and network security basics. It covers the need for security to protect data confidentiality, integrity, and availability. The key principles of security - confidentiality, integrity, authentication, and non-repudiation - are explained. Risk analysis parameters like assets, vulnerabilities, threats, and countermeasures are defined. Common security threats like viruses, worms, Trojan horses, intruders, and insiders are described. Different types of attacks such as passive attacks involving traffic analysis and active attacks like masquerading and replay attacks are also outlined.

Technology
1 of 69
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
Network and Information security • Code : 22620 • Sem – VI • Computer Engineering
Computer Security • Definition : The generic name for collection of tools designed to protect data & to thwart hackers is called computer security.
Need of computer security • For prevention of data theft such as bank account numbers, credit card information, password, work related documents etc • To make data remain safe & confidential. • To provide confidentiality which ensures that only those individual should ever be able to view data • To provide integrity which ensures that only those individual should ever be able to change the information • To provide availability which ensures that the data is available for use when authorized user want it • To provide authentication which deals with individual identity • To provide non repudiation which deals with the assurance that someone cannot deny something
Security Basics or key principles • Confidentiality : The principle of confidentiality specifies that only the sender & the intended recipients should be able to access the contents of a message • Confidentiality gets compromised if an unauthorized person is able to access the contents of message. • Integrity The principle of integrity specifies that assets are modifiable only by authorized parties
• Availability : The principle of availability state that resources(information) should be available to authorized parties at all times. • Authentication: The Authentication process ensures that the origin of message is correctly identified • Non- Repudiation: The ability of a system to confirm that a sender cannot convincingly deny having sent a message
Risk & Threat Analysis • Risk: Risk is some incident or attack that can cause damage to the system • Risk analysis have following parameters are there : 1. Asset : In computer security assets are any data , device, or other component that supports information related security. Asset can be Hardware : computer components, network, communication channel , mobile device Software : applications, OS, programs Data : files, folders - Goal of computer security is to protect valuable assets. - We protect assets by methods
2. Vulnerability : Vulnerability is a weakness in the information infrastructure of a business or organization. It will accidentally or intentionally damage the asset. • In any system , the Vulnerability can be : programs with known faults weak access control settings on resources weak firewall configuration that allows access to vulnerable services 3. Threats : A set of circumstances (incident)that has the potential to cause loss. Threats are Natural threat- earthquake, Intentionally threat – cyber attack
4. Countermeasure : (control) Action taken to off another action That is the action, device, procedure or techniques that eliminates or reduces a vulnerability The conclusion is that Threat are blocked by controlling vulnerability.
Threat to security • Viruses • Phases of Virus • Dealing with virus • Worms • Trojan horse • Intruders • Insiders
virus • A virus is a code or program that attaches itself to another code or program which causes damage to the computer system or to the network • It is a piece of code which is loaded onto the computer without individuals knowledge and run against his/her wishes • It can not replicate them. All computer viruses are man made. • Virus modifies the program and damage the system
Phases of Virus A typical virus goes through the following four phases: 1. Dormant Phase : The virus is idle and eventually activated by some event 2. Propagation Phase : The virus places an identical copy of itself into another programs or into certain system areas on the disk 3. Triggering Phase: The virus is activated to perform the function for which it was intended. 4. Execution Phase : The function is performed
Types of Viruses • Parasitic Virus : It attach itself to executable code and replicate itself. When the infected code is executed, it will find other executable code or program to infect. • Memory resident virus: It insert themselves as a part of operating system or application and can manipulate any file that is executed, copied or moved. • Non-resident virus : This type of virus executes itself and terminated or destroyed after specific time
• Boot sector virus: this virus infects the boot record and spread through a system when system is booted from disk containing virus. • Overwriting virus: It overwrites the code with its own code. • Stealth virus : It hides the modification and it has made in the file or boot record. • Macro Virus : These viruses are not executable , it affects Microsoft word like documents. They can spread through email
• Polymorphic Virus : It produces fully operational copies of itself , in an attempt to avoid signature detection. • Companion Virus : This virus creates new program instead of modification an existing file. • Email Virus : virus gets executed when email attachment is open by recipient Virus sends itself to everyone on the mailing list of sender. • Metamorphic virus : This virus keeps rewriting itself every time. It may change their behavior as well appearance code.
Dealing with virus • Preventing from the virus we can attempt to detect, identify Remove viruses. 1. Detection : Find out the location of virus 2. Identification : Identify the specific virus that has attacked. 3. Removal : After identification, it is necessary to remove all traces of the virus & restore affected file to its original state with the help of anti – virus.
Worms • A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs • Any simple virus can be dangerous because it will quickly use all available memory space and bring the system to a halt
Virus and Worm Sr. No Virus Worm 1 A program or code that attach itself to another program & runs whenever that application runs A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs 2 Virus modifies the code Worm does not modify the code 3 It does not replicate itself It replicate itself 4 Virus is destructive in nature Worm is non destructive in nature 5 Virus modifies the functionality Worm is to make computer or network unusable 6 Virus infect other files Worm does not infect the code but it occupies memory space by replication 7 Virus may need trigger for execution Worm does not need any trigger
Trojan Horse • Trojan horse is a hidden piece of code, it allows an attacker to obtain confidential data. • The main purpose of Trojan horse is to reveal confidential information to an attacker. • Example : The Trojan horse can hide in code for login screen. When user enters the user id and password the Trojan horse captures these details and send this information to the attacker without knowledge of authorized user. The attacker can then use this information to gain access to the system.
Intruder • Intruders are authorized or unauthorized users who are trying access the system or network • There are three classes of Intruders : 1. Masquerader : An individual who is not authorized to use the computer & who enters a system access controls to use a legal users account. Is an outsider 2. Misfeasor : A legitimate user who access the data, programs or resources for whom these access is not authorized. Is an Insider 3. Secret user : an individual who hold managerial control of system. Is can be either insider or outsider.
Insider • The Insider have the access and necessary knowledge to cause damage to an organization hence, Insider is more dangerous than outside Intruder. • Many security are designed to protect the organization against outside Intruders. • But the Insider may already have all the access to carry out criminal activity like fraud. Also they have the knowledge of security system in place. • Insider not only have physical access to the organization facilities but may also have access to the computer system and network
Comparison between Intruder and Insider Sr no. Intruder Insider 1 Intruders are authorized or unauthorized users who are trying access the system or network Insiders are authorized users who try to access system or network 2 Intruders are hackers or crackers Insiders are not hackers 3 Are less dangerous Are more dangerous 4 Are illegal users Are Legal users 5 They have to study or knowledge about the security system They have knowledge about the security system 6 They do not have access to system They have easy access to the system bcz they are a 7 Many security mechanisms are used to protect system from Intruders There is no such mechanism to protect system from Insider
Security Attack • Definition : When someone tries to access, modify or damage the system is referred to as Attack • There are different types of attack 1. Passive Attack : • Passive attack are those where attacker monitoring of data transmission • The goal of attacker is to obtain information that is being transmitted • The term passive indicates that the attackers does not modify the data
Passive attack • There are two types of attack 1. Release of message contents 2. Traffic analysis
Release of message contents •BOB is sending some important message to Alia. This message may contain sensitive or confidential information. •If Darth read the contents of message then the communication is harmed
Traffic Analysis
Active Attack • Active Attack perform some modification of the data or creation of false data stream • It is divided into 1. Masquerade 2. Replay 3. Modification of message 4. Denial of service
Masquerade
Masquerade • A 'masquerade' takes place when one entity pretends to be a different entity. • A masquerade attack usually includes one of the other forms of active attack. • For example, Where Darth pretend to be BOB & sends a message to Alice
Replay Attack
Replay Attack • In Replay attack, a user captures a sequence of events or some data units and resend them • Example : If Alice wants to authenticate Bob before communicating with him. for that Bob sends password to Alice. This password is captured by Darth & in future he may transmit this password to Alice so that Darth can easily masquerade Bob.
Modification of message
Modification of message • It simply means that some portion of a authorized message is altered, or that messages are delayed or reordered, to produce an unauthorized effect.
Denial of service
Denial of service attack • DOS attack make an attempt to prevent legitimate users from accessing some services, which they are eligible for. • For instance an unauthorized user might send too many login request to the server using random user ids one after the other in quick succession, so as to flood the network & deny other authorized users from using the network facilities
Example of DOS attack • A typical mechanism to launch a DOS attack is with the help of SYN request. • This attack uses TCP/IP protocol to create connection between client and server by Using TCP/IP handshake as follows: 1. First, the client sends a SYN packet to the server in order to initiate the connection. 2. The server then responds to that initial packet with a SYN/ACK packet, in order to acknowledge the communication. 3. Finally, the client returns an ACK packet to acknowledge the receipt of the packet from the server. After completing this sequence of packet sending and receiving, the TCP connection is open and able to send and receive data.
TCP/IP handshake This attack uses TCP/IP protocol to create connection between client and server by Using TCP/IP handshake as follows: 1. First, the client sends a SYN packet to the server in order to initiate the connection. 2. The server then responds to that initial packet with a SYN/ACK packet, in order to acknowledge the communication. 3. Finally, the client returns an ACK packet to acknowledge the receipt of the packet from the server. After completing this sequence of packet sending and receiving, the TCP connection is open and able to send and receive data.
SYN flooding attack • The attacker sends fake communication request to the targeted system • Each of this request is answered by targeted system & waits for the response, which will never come because the request are fake • The targeted system will drop these connections after a specific time out period, if the attacker sends requests faster than time out period eliminates them, the system will quickly be filled with request. • So, after this system will be reserving all connections for fake request. Because of this the authorized user who want to communication will not be able to communicate target system.
Types of attacks • DDOS attack • Backdoors • Sniffing • Spoofing • TCP/IP hijacking • Man in middle • Replay attacks
Distributed Denial of Service Attacks (DDoS) • In Distributed Denial of Service (DDoS) attacks, an attacker is able to recruit a no. of host throughout the internet to simultaneously or in coordinated fashion. • The 1st step in DDOS attack is that the attacker to infect number of machines with zombie s/w that ultimately be used to carry out the attack • The software must be able to run on a large no. Of machine. • For this attacker must become aware of a vulnerability that many that enables the attacker to install zombie s/w & also locating vulnerable machine is called scanning . • In the scanning process, the attacker 1st seeks out a no. Of vulnerable machines & infect them
Distributed Denial of Service Attacks (DDoS) • Then Zombie s/wis installed & repeats same scanning process, until a large distributed n/w of infected machines is created. • After infecting a large distributed n/w, the target system goes down & do not give response to their service request • Example : 1. Distributed SYN Flood attack 2. Distributed ICMP attack
1. Distributed SYN Flood attack
2. Distributed ICMP attack
Backdoor or Trapdoor • Secret entry point into a program • Allows those who know access bypassing usual security procedures • They have been commonly used by developers • A threat when left in production programs allowing exploited by attackers • It is very hard to block in O/S • It requires good s/w development & update
Sniffing Attack • Sniffing attack means capturing the data packets when it flows through a computer network. • Packet sniffer is the device or medium used to do this sniffing attack. • They are called network protocol analyser can be used by a n/w or system administrator to monitor & troubleshoot N/w traffic
Packet Sniffing • A packet sniffer is a program that can see all the information passing over the N/W it is connected • When a packet sniffer is setup on a computer sniffer N/W interface is looking at everything the come through • A packet sniffer can usually be set up in one of the two ways: 1. Unfiltered – Captures all the packets 2. Filtered - Captures only those packets containing specific data elements • The packet that contain targeted data are copied as they pass through. The program stores the copies in memory depending on programs configuration.
Packet Sniffing • These copies can then be analyzed carefully for specific information or pattern • When users connect to the internet, they joining a N/W maintained by their ISP • A packet sniffer located at one of the servers of users ISP would be able to monitor all the online activities such as 1. Which web site the user visit? 2. What user look at one site? 3. To whom user sends email etc?
Spoofing • Spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data • The attacker must monitor the packets sent from sender to receiver & then guess the sequence no. of the packets • When packet is sent from one system to another it includes not only IP address & port of destination but the source IP address as well • Example : 1. Email spoofing 2. Caller ID Spoofing 3. IP address Spoofing
Email spoofing • Email spoofing refers to email that appears to have been originated from one source but it was actually sent from another source • Example : Spam email, Junk mail • A simple method of spoofing an email address is to telnet to port 25, the port is associated with email on system from one can fill from & to sections of message
Email spoofing
Caller ID Spoofing • Caller identification (Caller ID) is a service that allows the receiver of a phone call to determine the identity of the caller. • Caller ID is initially sent over at the start of the phone call and identifies the incoming caller before the receiver answers the phone. • Caller ID is not associated with the actual phone number but is part of the initial call setup, which allows the caller to manipulate the Caller ID to display a different number from the number that is calling.
Caller ID Spoofing • If you have ever received a call where the caller said that you called them when you have not, then your number was most likely spoofed by another person. • There are many phone scams that use Caller ID spoofing to hide their identity because Caller ID spoofing makes it impossible to block the number. • The caller ID spoofing is done by services & gateways that interconnect VOIP(Voice Over IP) with other public phone N/W
IP address spoofing • IP address Spoofing is the process of replacing the source IP address with a fake IP address from the IP packet to hide the real identity of sender • The technical mechanism to achieve IP spoofing attack as follows : 1. The attacker creates IP packet to be sent to the server with SYN request. 2. As usual, the server responds back with a SYN ACK response 3. The attacker has to get hold of the SYN ACK response by disconnecting the user using DOS attack & resumes communication fake IP address of disconnected user 4. Once this is done, the attacker can try various commands on server computer
Man in middle attack • Man-in-the-middle attacks (MITM) occurs when attacker are able to place themselves in the middle of two other hosts that are communicating in order to view or modify the traffic • This is done by making sure that all communication going to or from the target host is routed through the attackers host • Then attacker is able to observe all traffic before transmitting it & can actually modify or block traffic.
Man in middle attack
Replay attack • A replay attack occurs when an unauthorized user captures n/w traffic and then sends the communication to its original destination, acting as the original sender
Replay attack
TCP/IP hacking attack • TCP/IP Hijacking is the process of taking control of an already existing session between a client & server • In TCP/IP Hijacking’ • The attacker monitors the n/w transmission & analyze the source and destination IP address of the two computers. • Once the attacker discovers the IP address of one of the user, the attacker can logically disconnecting the client by using DOS attack & then resume communication by spoofing IP address of disconnecting user & attacker is able to communicate with Host machine as if the attacker was the victim. • The host machine will not known that he is talking with the unauthorized user & will respond
TCP/IP hacking attack
Example
Operating System Security • Operating systems are large & complex mixture of interconnected software modules • When operation system is continually growing and introduces new functions then the potential for problems with that code will also increase. • It is almost not possible for an operating system vendor to test their product on each possible platform under every possible situation, so the functionality & security issue are occurred after released of operating system • To standard user or system administrator is constant stream of updates designed to correct problems, replace sections of code or even add new features to an installed operating system
Hot fix • Vendor typically follows a hierarchy for software updates given below: 1. Hot fix : • A hotfix is a single, cumulative package that includes one or more files that are used to address a problem in a software product (i.e. a software bug). • Typically, hotfixes are made to address a specific customer situation and may not be distributed outside the customer organization. • In a Microsoft Windows context, hotfixes are small patches designed to address specific issues, most commonly to freshly-discovered security holes. • These are small files, often automatically installed on the computer with Windows Update (although some may only be able to be obtained via Microsoft Support) and could contain a hot patch eliminating the need for a reboot. • update to fix a very specific issue, not always publicly released
2. Patch • A patch is a program that makes changes to software installed on a computer. • Software companies issue patches to fix bugs in their programs, address security problems, or add functionality. • Currently Microsoft releases their security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches • Publicly released update to fix a known bug/issue
3. Service pack • A service pack (in short SP) is a collection of updates, fixes and/or enhancements to a software program delivered in the form of a single installable package. • Many companies, such as Microsoft or Autodesk, typically release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit. • Installing a service pack is easier and less error-prone than installing a high number of patches individually, even more so when updating multiple computers over a network. • Service packs are usually numbered, and thus shortly referred to as SP1, SP2, SP3 etc • Large Update that fixes many outstanding issues, normally includes all Patches, Hotfixes, Maintenance releases that predate the service pack.
Information Security • Information Security is not only about securing information from unauthorized access. • Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. • Information can be physical or electronic one. • Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc.
Need of Information security • Protecting the functionality of the organization • Enabling the safe operation of applications • Protecting the data that the organization collect and use • Safeguarding technology assets in organizations
Information classification • The information classification defines what kind of information is stored on system. • Level of Information classification used in Government or Military are as follows 1. Unclassified : Information access is public and will not affect confidentiality 2. Sensitive but unclassified : Information is sensitive & if gets disclosed then it will not create serious damage to the organization 3. Confidential : Keep the information confidential 4. Secret : It is applied to the information where the u authorized disclosure of such information could cause serious damage to the national security 5. Top secret : It is applied to the information where the u authorized disclosure of such information could cause serious damage to the national security .It is highest level of classification
• Level of Information classification used in Organization are as follows: 1. Public : The information which is not fit into any level then that information can have a public access because disclosure of such information will not create serious impact on organization 2. Sensitive : This type of information needs higher level of classification than normal information .This type of information needs confidential as well as Integrity 3. Private : This type of information is personal in nature and used by company only. The disclosure of such information can affect company and its employees example : salary information etc
Criteria for Information classification • Following are the criteria used to decide classification of information: 1. Value : Value means means when the information is more valuable then that information should be classified. 2. Age : Age state that the classification of information might be lowered if the information value decreases over time 3. Useful Life : Useful Life state that if the information has been made out-of- date due to new information or any other reasons then that information can regularly be classified 4. Personal Association : The information which is personally associated with particular individuals or it is addressed by a privacy law then such information should be classified
Basic Principles of Information Security • The Basic principle of Information security are also called CIA security are as follows : 1. Confidentiality 2. Integrity 3. Authentication

More Related Content

PPTX
Security
chian417
 
PPTX
23 network security threats pkg
Umang Gupta
 
PPTX
Information security and privacy
Joy Chakraborty
 
PPTX
Information security and privacy
Joy Chakraborty
 
PPTX
Computer security ethics_and_privacy
Ardit Meti
 
PDF
Chapter 2 konsep dasar keamanan
newbie2019
 
PPTX
Basics of Network Security
Dushyant Singh
 
PDF
2.Security (1).pdfccccccccccccccccccccccccccccccccccccccccccccc
jacobdiriba
 
Security
chian417
 
23 network security threats pkg
Umang Gupta
 
Information security and privacy
Joy Chakraborty
 
Information security and privacy
Joy Chakraborty
 
Computer security ethics_and_privacy
Ardit Meti
 
Chapter 2 konsep dasar keamanan
newbie2019
 
Basics of Network Security
Dushyant Singh
 
2.Security (1).pdfccccccccccccccccccccccccccccccccccccccccccccc
jacobdiriba
 

Similar to Network and Information security_new2.pdf (20)

PPT
Computer security and_privacy_2010-2011
lbcollins18
 
PPTX
Security & threats Presentation => (Presenter: Komal Mehfooz)
Komal Mehfooz
 
PPT
Computer security
Merma Niña Callanta
 
DOCX
Unit 7
Vinod Kumar Gorrepati
 
PDF
Computer/Cyber/IT Security MCQ Questions
SONU HEETSON
 
PPTX
Ethical hacking ppt
Nitesh Dubey
 
PDF
Notacd02
cikgushaharizan
 
PPT
COMPUTER SECURITY
Kak Yong
 
DOC
Notacd02
Azmiah Mahmud
 
PDF
Form4 cd2
smktsj2
 
PPTX
Cyber crime , threats and their security measures
shraddhazad
 
PPT
Security issues in the wireless networks.ppt
AvinashAvuthu2
 
PPTX
Network security and viruses
Aamlan Saswat Mishra
 
PPTX
Network security presentation
Kudzai Rerayi
 
PPT
computer security
Azhar Akhtar
 
PPTX
Computer Security Presentation
PraphullaShrestha1
 
PPTX
Security and ethics
Argie242424
 
PDF
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
MohdKhalidShaikh2
 
PDF
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
Yhal Htet Aung
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Computer security and_privacy_2010-2011
lbcollins18
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Komal Mehfooz
 
Computer security
Merma Niña Callanta
 
Unit 7
Vinod Kumar Gorrepati
 
Computer/Cyber/IT Security MCQ Questions
SONU HEETSON
 
Ethical hacking ppt
Nitesh Dubey
 
Notacd02
cikgushaharizan
 
COMPUTER SECURITY
Kak Yong
 
Notacd02
Azmiah Mahmud
 
Form4 cd2
smktsj2
 
Cyber crime , threats and their security measures
shraddhazad
 
Security issues in the wireless networks.ppt
AvinashAvuthu2
 
Network security and viruses
Aamlan Saswat Mishra
 
Network security presentation
Kudzai Rerayi
 
computer security
Azhar Akhtar
 
Computer Security Presentation
PraphullaShrestha1
 
Security and ethics
Argie242424
 
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
MohdKhalidShaikh2
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
Yhal Htet Aung
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Ad

Recently uploaded (20)

PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Ad

Network and Information security_new2.pdf

  • 1. Network and Information security • Code : 22620 • Sem – VI • Computer Engineering
  • 2. Computer Security • Definition : The generic name for collection of tools designed to protect data & to thwart hackers is called computer security.
  • 3. Need of computer security • For prevention of data theft such as bank account numbers, credit card information, password, work related documents etc • To make data remain safe & confidential. • To provide confidentiality which ensures that only those individual should ever be able to view data • To provide integrity which ensures that only those individual should ever be able to change the information • To provide availability which ensures that the data is available for use when authorized user want it • To provide authentication which deals with individual identity • To provide non repudiation which deals with the assurance that someone cannot deny something
  • 4. Security Basics or key principles • Confidentiality : The principle of confidentiality specifies that only the sender & the intended recipients should be able to access the contents of a message • Confidentiality gets compromised if an unauthorized person is able to access the contents of message. • Integrity The principle of integrity specifies that assets are modifiable only by authorized parties
  • 5. • Availability : The principle of availability state that resources(information) should be available to authorized parties at all times. • Authentication: The Authentication process ensures that the origin of message is correctly identified • Non- Repudiation: The ability of a system to confirm that a sender cannot convincingly deny having sent a message
  • 6. Risk & Threat Analysis • Risk: Risk is some incident or attack that can cause damage to the system • Risk analysis have following parameters are there : 1. Asset : In computer security assets are any data , device, or other component that supports information related security. Asset can be Hardware : computer components, network, communication channel , mobile device Software : applications, OS, programs Data : files, folders - Goal of computer security is to protect valuable assets. - We protect assets by methods
  • 7. 2. Vulnerability : Vulnerability is a weakness in the information infrastructure of a business or organization. It will accidentally or intentionally damage the asset. • In any system , the Vulnerability can be : programs with known faults weak access control settings on resources weak firewall configuration that allows access to vulnerable services 3. Threats : A set of circumstances (incident)that has the potential to cause loss. Threats are Natural threat- earthquake, Intentionally threat – cyber attack
  • 8. 4. Countermeasure : (control) Action taken to off another action That is the action, device, procedure or techniques that eliminates or reduces a vulnerability The conclusion is that Threat are blocked by controlling vulnerability.
  • 9. Threat to security • Viruses • Phases of Virus • Dealing with virus • Worms • Trojan horse • Intruders • Insiders
  • 10. virus • A virus is a code or program that attaches itself to another code or program which causes damage to the computer system or to the network • It is a piece of code which is loaded onto the computer without individuals knowledge and run against his/her wishes • It can not replicate them. All computer viruses are man made. • Virus modifies the program and damage the system
  • 11. Phases of Virus A typical virus goes through the following four phases: 1. Dormant Phase : The virus is idle and eventually activated by some event 2. Propagation Phase : The virus places an identical copy of itself into another programs or into certain system areas on the disk 3. Triggering Phase: The virus is activated to perform the function for which it was intended. 4. Execution Phase : The function is performed
  • 12. Types of Viruses • Parasitic Virus : It attach itself to executable code and replicate itself. When the infected code is executed, it will find other executable code or program to infect. • Memory resident virus: It insert themselves as a part of operating system or application and can manipulate any file that is executed, copied or moved. • Non-resident virus : This type of virus executes itself and terminated or destroyed after specific time
  • 13. • Boot sector virus: this virus infects the boot record and spread through a system when system is booted from disk containing virus. • Overwriting virus: It overwrites the code with its own code. • Stealth virus : It hides the modification and it has made in the file or boot record. • Macro Virus : These viruses are not executable , it affects Microsoft word like documents. They can spread through email
  • 14. • Polymorphic Virus : It produces fully operational copies of itself , in an attempt to avoid signature detection. • Companion Virus : This virus creates new program instead of modification an existing file. • Email Virus : virus gets executed when email attachment is open by recipient Virus sends itself to everyone on the mailing list of sender. • Metamorphic virus : This virus keeps rewriting itself every time. It may change their behavior as well appearance code.
  • 15. Dealing with virus • Preventing from the virus we can attempt to detect, identify Remove viruses. 1. Detection : Find out the location of virus 2. Identification : Identify the specific virus that has attacked. 3. Removal : After identification, it is necessary to remove all traces of the virus & restore affected file to its original state with the help of anti – virus.
  • 16. Worms • A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs • Any simple virus can be dangerous because it will quickly use all available memory space and bring the system to a halt
  • 17. Virus and Worm Sr. No Virus Worm 1 A program or code that attach itself to another program & runs whenever that application runs A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs 2 Virus modifies the code Worm does not modify the code 3 It does not replicate itself It replicate itself 4 Virus is destructive in nature Worm is non destructive in nature 5 Virus modifies the functionality Worm is to make computer or network unusable 6 Virus infect other files Worm does not infect the code but it occupies memory space by replication 7 Virus may need trigger for execution Worm does not need any trigger
  • 18. Trojan Horse • Trojan horse is a hidden piece of code, it allows an attacker to obtain confidential data. • The main purpose of Trojan horse is to reveal confidential information to an attacker. • Example : The Trojan horse can hide in code for login screen. When user enters the user id and password the Trojan horse captures these details and send this information to the attacker without knowledge of authorized user. The attacker can then use this information to gain access to the system.
  • 19. Intruder • Intruders are authorized or unauthorized users who are trying access the system or network • There are three classes of Intruders : 1. Masquerader : An individual who is not authorized to use the computer & who enters a system access controls to use a legal users account. Is an outsider 2. Misfeasor : A legitimate user who access the data, programs or resources for whom these access is not authorized. Is an Insider 3. Secret user : an individual who hold managerial control of system. Is can be either insider or outsider.
  • 20. Insider • The Insider have the access and necessary knowledge to cause damage to an organization hence, Insider is more dangerous than outside Intruder. • Many security are designed to protect the organization against outside Intruders. • But the Insider may already have all the access to carry out criminal activity like fraud. Also they have the knowledge of security system in place. • Insider not only have physical access to the organization facilities but may also have access to the computer system and network
  • 21. Comparison between Intruder and Insider Sr no. Intruder Insider 1 Intruders are authorized or unauthorized users who are trying access the system or network Insiders are authorized users who try to access system or network 2 Intruders are hackers or crackers Insiders are not hackers 3 Are less dangerous Are more dangerous 4 Are illegal users Are Legal users 5 They have to study or knowledge about the security system They have knowledge about the security system 6 They do not have access to system They have easy access to the system bcz they are a 7 Many security mechanisms are used to protect system from Intruders There is no such mechanism to protect system from Insider
  • 22. Security Attack • Definition : When someone tries to access, modify or damage the system is referred to as Attack • There are different types of attack 1. Passive Attack : • Passive attack are those where attacker monitoring of data transmission • The goal of attacker is to obtain information that is being transmitted • The term passive indicates that the attackers does not modify the data
  • 23. Passive attack • There are two types of attack 1. Release of message contents 2. Traffic analysis
  • 24. Release of message contents •BOB is sending some important message to Alia. This message may contain sensitive or confidential information. •If Darth read the contents of message then the communication is harmed
  • 26. Active Attack • Active Attack perform some modification of the data or creation of false data stream • It is divided into 1. Masquerade 2. Replay 3. Modification of message 4. Denial of service
  • 28. Masquerade • A 'masquerade' takes place when one entity pretends to be a different entity. • A masquerade attack usually includes one of the other forms of active attack. • For example, Where Darth pretend to be BOB & sends a message to Alice
  • 30. Replay Attack • In Replay attack, a user captures a sequence of events or some data units and resend them • Example : If Alice wants to authenticate Bob before communicating with him. for that Bob sends password to Alice. This password is captured by Darth & in future he may transmit this password to Alice so that Darth can easily masquerade Bob.
  • 32. Modification of message • It simply means that some portion of a authorized message is altered, or that messages are delayed or reordered, to produce an unauthorized effect.
  • 34. Denial of service attack • DOS attack make an attempt to prevent legitimate users from accessing some services, which they are eligible for. • For instance an unauthorized user might send too many login request to the server using random user ids one after the other in quick succession, so as to flood the network & deny other authorized users from using the network facilities
  • 35. Example of DOS attack • A typical mechanism to launch a DOS attack is with the help of SYN request. • This attack uses TCP/IP protocol to create connection between client and server by Using TCP/IP handshake as follows: 1. First, the client sends a SYN packet to the server in order to initiate the connection. 2. The server then responds to that initial packet with a SYN/ACK packet, in order to acknowledge the communication. 3. Finally, the client returns an ACK packet to acknowledge the receipt of the packet from the server. After completing this sequence of packet sending and receiving, the TCP connection is open and able to send and receive data.
  • 36. TCP/IP handshake This attack uses TCP/IP protocol to create connection between client and server by Using TCP/IP handshake as follows: 1. First, the client sends a SYN packet to the server in order to initiate the connection. 2. The server then responds to that initial packet with a SYN/ACK packet, in order to acknowledge the communication. 3. Finally, the client returns an ACK packet to acknowledge the receipt of the packet from the server. After completing this sequence of packet sending and receiving, the TCP connection is open and able to send and receive data.
  • 37. SYN flooding attack • The attacker sends fake communication request to the targeted system • Each of this request is answered by targeted system & waits for the response, which will never come because the request are fake • The targeted system will drop these connections after a specific time out period, if the attacker sends requests faster than time out period eliminates them, the system will quickly be filled with request. • So, after this system will be reserving all connections for fake request. Because of this the authorized user who want to communication will not be able to communicate target system.
  • 38. Types of attacks • DDOS attack • Backdoors • Sniffing • Spoofing • TCP/IP hijacking • Man in middle • Replay attacks
  • 39. Distributed Denial of Service Attacks (DDoS) • In Distributed Denial of Service (DDoS) attacks, an attacker is able to recruit a no. of host throughout the internet to simultaneously or in coordinated fashion. • The 1st step in DDOS attack is that the attacker to infect number of machines with zombie s/w that ultimately be used to carry out the attack • The software must be able to run on a large no. Of machine. • For this attacker must become aware of a vulnerability that many that enables the attacker to install zombie s/w & also locating vulnerable machine is called scanning . • In the scanning process, the attacker 1st seeks out a no. Of vulnerable machines & infect them
  • 40. Distributed Denial of Service Attacks (DDoS) • Then Zombie s/wis installed & repeats same scanning process, until a large distributed n/w of infected machines is created. • After infecting a large distributed n/w, the target system goes down & do not give response to their service request • Example : 1. Distributed SYN Flood attack 2. Distributed ICMP attack
  • 41. 1. Distributed SYN Flood attack
  • 43. Backdoor or Trapdoor • Secret entry point into a program • Allows those who know access bypassing usual security procedures • They have been commonly used by developers • A threat when left in production programs allowing exploited by attackers • It is very hard to block in O/S • It requires good s/w development & update
  • 44. Sniffing Attack • Sniffing attack means capturing the data packets when it flows through a computer network. • Packet sniffer is the device or medium used to do this sniffing attack. • They are called network protocol analyser can be used by a n/w or system administrator to monitor & troubleshoot N/w traffic
  • 45. Packet Sniffing • A packet sniffer is a program that can see all the information passing over the N/W it is connected • When a packet sniffer is setup on a computer sniffer N/W interface is looking at everything the come through • A packet sniffer can usually be set up in one of the two ways: 1. Unfiltered – Captures all the packets 2. Filtered - Captures only those packets containing specific data elements • The packet that contain targeted data are copied as they pass through. The program stores the copies in memory depending on programs configuration.
  • 46. Packet Sniffing • These copies can then be analyzed carefully for specific information or pattern • When users connect to the internet, they joining a N/W maintained by their ISP • A packet sniffer located at one of the servers of users ISP would be able to monitor all the online activities such as 1. Which web site the user visit? 2. What user look at one site? 3. To whom user sends email etc?
  • 47. Spoofing • Spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data • The attacker must monitor the packets sent from sender to receiver & then guess the sequence no. of the packets • When packet is sent from one system to another it includes not only IP address & port of destination but the source IP address as well • Example : 1. Email spoofing 2. Caller ID Spoofing 3. IP address Spoofing
  • 48. Email spoofing • Email spoofing refers to email that appears to have been originated from one source but it was actually sent from another source • Example : Spam email, Junk mail • A simple method of spoofing an email address is to telnet to port 25, the port is associated with email on system from one can fill from & to sections of message
  • 50. Caller ID Spoofing • Caller identification (Caller ID) is a service that allows the receiver of a phone call to determine the identity of the caller. • Caller ID is initially sent over at the start of the phone call and identifies the incoming caller before the receiver answers the phone. • Caller ID is not associated with the actual phone number but is part of the initial call setup, which allows the caller to manipulate the Caller ID to display a different number from the number that is calling.
  • 51. Caller ID Spoofing • If you have ever received a call where the caller said that you called them when you have not, then your number was most likely spoofed by another person. • There are many phone scams that use Caller ID spoofing to hide their identity because Caller ID spoofing makes it impossible to block the number. • The caller ID spoofing is done by services & gateways that interconnect VOIP(Voice Over IP) with other public phone N/W
  • 52. IP address spoofing • IP address Spoofing is the process of replacing the source IP address with a fake IP address from the IP packet to hide the real identity of sender • The technical mechanism to achieve IP spoofing attack as follows : 1. The attacker creates IP packet to be sent to the server with SYN request. 2. As usual, the server responds back with a SYN ACK response 3. The attacker has to get hold of the SYN ACK response by disconnecting the user using DOS attack & resumes communication fake IP address of disconnected user 4. Once this is done, the attacker can try various commands on server computer
  • 53. Man in middle attack • Man-in-the-middle attacks (MITM) occurs when attacker are able to place themselves in the middle of two other hosts that are communicating in order to view or modify the traffic • This is done by making sure that all communication going to or from the target host is routed through the attackers host • Then attacker is able to observe all traffic before transmitting it & can actually modify or block traffic.
  • 54. Man in middle attack
  • 55. Replay attack • A replay attack occurs when an unauthorized user captures n/w traffic and then sends the communication to its original destination, acting as the original sender
  • 57. TCP/IP hacking attack • TCP/IP Hijacking is the process of taking control of an already existing session between a client & server • In TCP/IP Hijacking’ • The attacker monitors the n/w transmission & analyze the source and destination IP address of the two computers. • Once the attacker discovers the IP address of one of the user, the attacker can logically disconnecting the client by using DOS attack & then resume communication by spoofing IP address of disconnecting user & attacker is able to communicate with Host machine as if the attacker was the victim. • The host machine will not known that he is talking with the unauthorized user & will respond
  • 60. Operating System Security • Operating systems are large & complex mixture of interconnected software modules • When operation system is continually growing and introduces new functions then the potential for problems with that code will also increase. • It is almost not possible for an operating system vendor to test their product on each possible platform under every possible situation, so the functionality & security issue are occurred after released of operating system • To standard user or system administrator is constant stream of updates designed to correct problems, replace sections of code or even add new features to an installed operating system
  • 61. Hot fix • Vendor typically follows a hierarchy for software updates given below: 1. Hot fix : • A hotfix is a single, cumulative package that includes one or more files that are used to address a problem in a software product (i.e. a software bug). • Typically, hotfixes are made to address a specific customer situation and may not be distributed outside the customer organization. • In a Microsoft Windows context, hotfixes are small patches designed to address specific issues, most commonly to freshly-discovered security holes. • These are small files, often automatically installed on the computer with Windows Update (although some may only be able to be obtained via Microsoft Support) and could contain a hot patch eliminating the need for a reboot. • update to fix a very specific issue, not always publicly released
  • 62. 2. Patch • A patch is a program that makes changes to software installed on a computer. • Software companies issue patches to fix bugs in their programs, address security problems, or add functionality. • Currently Microsoft releases their security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches • Publicly released update to fix a known bug/issue
  • 63. 3. Service pack • A service pack (in short SP) is a collection of updates, fixes and/or enhancements to a software program delivered in the form of a single installable package. • Many companies, such as Microsoft or Autodesk, typically release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit. • Installing a service pack is easier and less error-prone than installing a high number of patches individually, even more so when updating multiple computers over a network. • Service packs are usually numbered, and thus shortly referred to as SP1, SP2, SP3 etc • Large Update that fixes many outstanding issues, normally includes all Patches, Hotfixes, Maintenance releases that predate the service pack.
  • 64. Information Security • Information Security is not only about securing information from unauthorized access. • Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. • Information can be physical or electronic one. • Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc.
  • 65. Need of Information security • Protecting the functionality of the organization • Enabling the safe operation of applications • Protecting the data that the organization collect and use • Safeguarding technology assets in organizations
  • 66. Information classification • The information classification defines what kind of information is stored on system. • Level of Information classification used in Government or Military are as follows 1. Unclassified : Information access is public and will not affect confidentiality 2. Sensitive but unclassified : Information is sensitive & if gets disclosed then it will not create serious damage to the organization 3. Confidential : Keep the information confidential 4. Secret : It is applied to the information where the u authorized disclosure of such information could cause serious damage to the national security 5. Top secret : It is applied to the information where the u authorized disclosure of such information could cause serious damage to the national security .It is highest level of classification
  • 67. • Level of Information classification used in Organization are as follows: 1. Public : The information which is not fit into any level then that information can have a public access because disclosure of such information will not create serious impact on organization 2. Sensitive : This type of information needs higher level of classification than normal information .This type of information needs confidential as well as Integrity 3. Private : This type of information is personal in nature and used by company only. The disclosure of such information can affect company and its employees example : salary information etc
  • 68. Criteria for Information classification • Following are the criteria used to decide classification of information: 1. Value : Value means means when the information is more valuable then that information should be classified. 2. Age : Age state that the classification of information might be lowered if the information value decreases over time 3. Useful Life : Useful Life state that if the information has been made out-of- date due to new information or any other reasons then that information can regularly be classified 4. Personal Association : The information which is personally associated with particular individuals or it is addressed by a privacy law then such information should be classified
  • 69. Basic Principles of Information Security • The Basic principle of Information security are also called CIA security are as follows : 1. Confidentiality 2. Integrity 3. Authentication