You are on page 1of 52

Chapter 1

Introduction and security Trends

Threats to Security
• • • • • • • Virus and worms Intruders Insiders Criminal organization Terrorist and information warfare Avenues of Attack Steps in Attack

Virus and Worms
• Set of code runs on your computer without permission • All virus are manmade • Make copy of itself over and over • Its uses available memory and system halt. • Worms also a type of virus that make a duplicate copy of itself but does not attach itself to other program.

• Accessing computer system without authorization in different angle. • It include scanning of individual system • Two types of intruders
– Insider – Outsider

• Insider are more dangerous than outsider • It has a necessary knowledge about organization and their security system. • Its has all access. • Carry out all criminal activity..(fraud) . • it has better knowledge to avoid detection. • Physical access to facilities like contractors, partners and also access to computer and n/w

• All this criminal activity done via internet. theft. • Criminal physical activity like fraud. . • Amount of transaction conducted via internet. extortion.Criminal Organization • Dependent on computer system and networks.

• It includes longer period of preparation. gas refineries distribution. large financial banking and large organized group of attackers • Military forces are key target.Terrorist and Information Warfare • It is the process conducted against information and information processing equipment used by opponent. electricity. finance and telecommunication . • Nation is dependent on computer system and networks. banking. oil. . • Critical infrastructure of nation are water.

• This infrastructure are dependent on computer and n/w –Ex: railways • Several country are capable of conducting such type of warfare –Ex: attack on world trade center .

. • Attack against a target of opportunity & it is conducted against a site that has h/w or s/w that is vulnerable to a specific exploit. –It is an opportunistic target.Avenues of Attack • Two reasons for computer system attack –Specifically targeted by attacker • Attacking government system.

• In second case attacker not targeting the organization but they learn about the vulnerability and how to exploit. . • Targeted attack are more difficult and required more time than target of opportunity.

phone no. –Ex: about organization.Steps in attack • Need more & more information. Like studying own web site. Collect info. their consulting resources. name of individuals and what n/w organization maintain . IP address.

• Step 2: port scan –To determine which port is open –Gives the indication of which service is available.• Step 1: determine what target system are available & active –Ex: ping command is used get the information. –Which operating system is running –Which application is running .

– Ex: guessing of userID and Password combination.• Different technique can be applied to get the information by sending formatted packet to get a clue • Ex: online lottery • Collecting the information to carry out the next step. – Called as brute-force attack . • Decide which tools is used to exploit the vulnerability.

.• By different way system can be attack. General process is :  gathering the information about target  gathering the information about possible exploit to the system.  attempting each exploit .

Types of attack • Attack on software like OS • Attack on service or protocol .

Different types of attack • • • • • • • • • • • DOS (Denial of service) Backdoors and Trapdoors Sniffing Spoofing Man in the middle Reply TCP/IP hijacking Encryption attack Malware Viruses Logic bombs .

Denial of services • It can exploit the vulnerability in a – Specific application – Operating system – Attack on features – Attack on weaknesses in a specific services. • By attack it block the authorized user to get the specific information or computer system or network .

called as DDOS (Distributed Denial of Service) • The goal of DDOS is to access or deny of a specific service. • DOS attack normally single attacking system. • If DOS attacks using multiple attacking system . . • If system is not able to handle such large size of packet the system is hang or crash.• DOS example is ping-of-death (POD) • Attacker send Internet Control Message Protocol (ICMP) “ping” packet which is equal to or exceeding 64 kb.

• A N/W attack agents called as zombies. . the attacker can have a flood of message sent against the targeted system. • To stop effect of DOS or DDOS attack upgrade system and application running on your system. • One important thing about DDOS attack is that with just few message to the agent.

Fig. Distributed Denial of services Attack .

–Backdoors are used to initial access of the blocked data/application .• Backdoors and Trapdoors: –Method used by software developer –To gain access of application even if prevent normal access method.

• Normal N/W device are user friendly & generally ignore all traffic. . • Used to observe the N/W traffic passes through it and also used to view all traffic. • N/W sniffer ignore this friendly agreement & observe all traffic.Sniffer • It is a S/W or H/W device used by software developer.

temporary segment) • Bandwidth • Troubleshoot problem • List duplicate MAC address . rollback segment. index segment.Characteristics of sniffer • • • • To view all traffic Modify the traffic Type of traffic Which segment is used – (data segment.

Spoofing • Spoofing is a technique used by computer hackers to gain unauthorized access to our computers by sending a message with an IP address & email • Types of spoofing IP Spoofing Email Spoofing .

. • All the traffic or message/data are passing through the attacker.Man in the Middle • Attacker place themselves between the two host that are communicating.

Man In Middle Attack .Host A Communication Send to Attacker Direct Communications Host B Attacker relays message to Destination Host Attacker Fig.

Replay • Attacker capture the portion of communication between two parties and retransmit after some time –Ex. . Financial transaction • To avoid such type of attack use encryption.

TCP/IP hijacking • It is the process of taking the control of already existing session between client and server. • Advantage for Attacker: – No need of authentication Such type of attack generally used against web. .

• Cryptanalysis is a process of attempting to break the cryptographic system. • This attack on specific method. • In this process plain text is converted into encrypted form which is unreadable. • In this process key used and according to the key text is encrypted. • To convert the encrypted text into actual text is called as decryption.Encryption Attack • It is the process of writing the secrete message. . • To decrypt the text key is used.

• This attack on specific method. Symmetric  DES  RSA ( Digital Encryption Standard) ( Public Key Cryptography) Asymmetric (Rivest Shamir Adleman) .• To decrypt the text key is used. • Cryptanalysis is a process of attempting to break the cryptographic system.

• If the key is longer the it is hard to attack. • If the algorithm contains a weak key then this is called as poor algorithm.Restriction for Encryption • In the encryption method the key should not be weak. .

• The attack who target such type of weakness. .Indirect Attack • Find out the weakness mechanism in algorithm. it is not a cryptographic algorithm. • Unprotected key.

• Different types of malicious software – Trojan horse – Logic bomb – worm . • Every time the purpose of malware is not same . • Also used to create backdoor in system.Malware • It is also called as malicious code. • Specially design to damage all the files of system.

Viruses • Vital Information Resources Under Siege –Boot sector virus –Program virus • It is attach itself to the executable file like .exe or .com .

. A well-known example in March.Micro virus –A macro virus is a computer virus that "infects" a application and causes a sequence of actions to be performed automatically when the application is started – A macro virus is often spread as an email virus. 1999 was the Melissa virus virus.

Logic bomb • A logic bomb is a piece of code intentionally inserted into a software system • It will set off a malicious function when specified conditions are met. .

financial information.Security Basics • Network Security • Some of the information are more important and private like medical information. data relating to the type of purchase. • Data security – We don’t want to secure software but want to secure data .

Goal of Computer Security • CIA – Confidentially – Integrity (generation & modification) – Availability (system is available to authorized person) .

• We use some prevention technique to address the problems. . • Prevention technique is nothing but a alert system that signals us when prevention is failed.Operational Model Security • Protection is equated with prevention.

• Original security system Detection + response But now :Protection = Prevention + ( Detection + Response) Called as Operational Model Security. .

access control list.Layer of security • Administrative • Logical : (use s/w & data to monitor the access) – Ex. smoke and fire alarm. data encryption… • Physical : – It control the environment of the workplace and computing facility. lock. firewalls. . cable lock. security guard. camera. – Ex: doors. heating and air conditioning. Password.

worms. such as antivirus. . rootkits and similar attacks. According to Microsoft. and antispyware software:This protects computers from viruses. • A traditional scanner. software and wireless router firewalls.• Those layers should include the following: • Firewalls:. Trojans.Firewalls protect the computer from outside intruders. there are multiple options for firewall: hardware. antimalware.

but it is a lot safer than IE6.• A specialized Web-scanning layer to block most of the attacks immediately. The Web application scanner tests Web servers for dangerous files and other problems. . • A behavior-monitoring layer:.A new program that installs itself so that it survives a reboot • Newest version of your favorite browser:IE8 might not be perfect.

• Data encryption software:.:-One infected computer can destroy the network.This gives you access to your data in case of theft or computer malfunctions.Keep your data safe by encrypting it. • Online backup system:. .• Network-based restrictions and user management software.

accessing the printer and so on….Access control • Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer – Ex: accessing the file. Read/write/execute the file. – Different Access Controls Are: • Discretionary Access Control (DAC) • Mandatory Access Control (MAC) • Role-Based Access Control (RBAC) .

.Discretionary Access Control (DAC) • In which a user has complete control over all the programs • Determines the permissions other users have files and programs • It also assigned the permission to those who need access & provide sharing facility. directory. • It also provide restriction to the file. device. database.

• It restricting access to objects based on the sensitive of the information. – Ex:.Military – All the information in military are much more sensitive and top secrete – Only individuals with a top secret clearance may view top secrete files .Mandatory Access Control (MAC) • It is much more restrictive of what a user is allowed to do.

• Before user can interact with files. the system administrator establishes Roles based on business functional requirements. directories. devices they must be member of RBAC .Role-based Access Control (RBAC) • It is an alternative method of controlling user access to file system objects • Instead of access being controlled by user permissions.

• Ex: – License key – Driving license – Library card .Certificate • It is the method of establish authenticity of specific object such as an individual public key or downloaded software.

.Tokens • It is a hardware device which is used in a challenge/response authentication process. • The user want to enter into system will first enter their personal authentication. • Then system will provide a challenge to enter a functional key.

ATM • The benefit of multifactor is to increase the level of security. • Ex.Multifactor • It is used to describe the use of more than one authentication mechanism at the same time. .

The End .