Ethics of Security Policy

Privacy and Confidentiality

To provide the highest level of privacy possible for users of its information technology systems and to assure their rights
of free speech and intellectual freedom are protected and uninhibited.

Protection of Information
The level of security practices required for various information types depends on who has created the information, who
is maintaining the information, the nature of the information itself, and whether there are specific laws or requirements
or guidelines associated with the use and distribution of the information.

Organization Information
An Organization has many types of official information including staff records, financial records, personnel records, and
other business records.

Individual Information
Individual information includes academic, research, personal and business correspondence, and other records created
and managed by individual staff. As creators and managers of this information, individuals are responsible for securing
and protecting their information.

Password Security
Users are responsible for the security of computer systems passwords, personal account passwords (e.g. Net-ID
passwords) and personal identification numbers (PINs) and will be held accountable for any activities linked to their
accounts. Users must follow established university standards for maintaining and managing passwords.

Security for IT Systems

Computer systems can become transmitters of viruses, denial of service attacks, open file exchange services, and other
malicious electronic activities. To prevent these malicious activities, individuals are required to be aware of and comply
with policies relating to the use of these applications.

Reporting Security Breaches

Effective security practice includes the prompt and appropriate response to breaches in security. It is a duty upon all
individuals to report incidents in which they believe computer or network security is at risk.

Route cipher
In a route cipher, the plaintext is first written out in a grid of given dimensions, then
read off in a pattern given in the key. For example, using the same plaintext that we
used for rail fence:

W R I O R F E O E
E E S V E L A N J
A D C E D E T C X

The key might specify "spiral inwards, clockwise, starting from the top right". That would give a cipher text of:

EJXCTEDECDAEWRIORFEONALEVSE

Route ciphers have many more keys than a rail fence. In fact, for messages of reasonable length, the number of possible
keys is potentially too great to be enumerated even by modern machinery. However, not all keys are equally good. Badly
chosen routes will leave excessive chunks of plaintext, or text simply reversed, and this will give cryptanalysts a clue as
to the routes.
An interesting variation of the route cipher was the Union Route Cipher, used by Union forces during the American Civil
War. This worked much like an ordinary route cipher, but transposed whole words instead of individual letters. Because
this would leave certain highly sensitive words exposed, such words would first be concealed by code. The cipher clerk
may also add entire null words, which were often chosen to make the cipher text humorous

Difference between Virus, worms and Trojans

Virus
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving
infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying
effects while others can damage your hardware, software or files.
Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually
cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be
spread without a human action, (such as running an infected program) to keep it going.
People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with
viruses as attachments in the e-mail.

Worm
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to
computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or
information transport features on your system, which is what allows it to travel unaided.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending
out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One
example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm
replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on
down the line.
Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the
worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and
individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the
worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.

Trojan horse
A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first
glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on
the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate
software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some
Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons)
or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to
create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or
personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files
nor do they self-replicate

Trojan horse-It is a program, using this program it will make the victim system to make listen on particular port, so that
attacker can do anything on your system, i.e. he can tamper the data, theft the data, destroy the data etc...., trojan
horse wont spread in to the system like a virus so it will not affect the system performance.

Virus - It is a malicious program, using this program it will damage your system, by injecting the virus in to another
programs are files, so that it will degrade your system performance. Virus will come to the system with user interaction
only.
worm-It is also one type of virus, using this program it will damage your system like virus, not only system it will spread's
throughout the network and checks for honey pot of your os, and entering to the os, it will degrade your system
performance and also it will eat your network bandwidth also.

Virus - Technically, a virus infects another file (attaches or inserts itself into it). They usually infect program files or MS
Office documents. From there, it can replicate, do damage, etc. Unlike a worm, these do not function as a standalone
(except possibly to infect a given file).

Worm - This is almost identical to a "true virus", except that it lives on its own and generally doesn't infect other files
(although it can replace them). Usually, these copy themselves using e-mail, networks, disks, etc. Again, these are very
close to a true virus, and can do the same kind of damage.

Trojan Horse - This type of program doesn't copy itself but does do damage to your computer. These types of programs
rely on people to pass them around and to run them. They do not e-mail themselves. The idea is to make the program
look like it's something harmless, like a screen saver or joke, so it gets sent around.

The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse
as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not the same. Viruses,
worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences
among the three, and knowing those differences can help you to better protect your computer from their often
damaging effects.

A computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as
it travels. Much like human viruses, computer viruses can range in severity: Some viruses cause only mildly annoying
effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file,
which means the virus may exist on your computer but it cannot infect your computer unless you run or open the
malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an
infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing
infecting files or sending e-mails with viruses as attachments in the e-mail.

A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to
computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of
file or information transport features on your system, which allows it to travel unaided. The biggest danger with a worm
is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send
out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to
send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to
everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying
nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too
much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop
responding. In more recent worm attacks such as the much-talked-about .Blaster Worm., the worm has been designed
to tunnel into your system and allow malicious users to control your computer remotely.

A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first
glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on
the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate
software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some
Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons)
or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to
create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or
personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files
nor do they self-replicate.

Prevention From Worms

Use up-to-date antivirus software
Most antivirus software can detect and prevent infection by known malicious software. To help protect you from
infection, you should always run antivirus software, such as Microsoft Security Essentials, that is updated with the latest
signature files.

Use caution when opening attachments and accepting file transfers

Exercise caution with e-mail and attachments received from unknown sources, or received unexpectedly from known
sources. Use extreme caution when accepting file transfers from known or unknown sources.

Use caution when clicking on links to Web pages

Exercise caution with links to web pages that you receive from unknown sources, especially if the links are to a Web
page that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in
your system simply by visiting a Web page with harmful content.

Avoid downloading pirated software

Threats may also be bundled with software and files that are available for download on various torrent sites.
Downloading "cracked" or "pirated" software from these sites carries not only the risk of being infected with malware,
but is also illegal. For more information, see 'The risks of obtaining and using pirated software'.

Protect yourself from social engineering attacks

While attackers may attempt to exploit vulnerabilities in hardware or software in order to compromise a system, they
also attempt to exploit vulnerabilities in human behavior in order to do the same. When an attacker attempts to take
advantage of human behavior in order to persuade the affected user to perform an action of the attacker's choice, it is
known as 'social engineering'. Essentially, social engineering is an attack against the human interface of the targeted
system.

Use strong passwords

Attackers may try to gain access to your Windows account by guessing your password. It is therefore important that you
use a strong password – one that cannot be easily guessed by an attacker. A strong password is one that has at least 8
characters, and combines letters, numbers, and symbols.

Protocol Failures:
It means that “Changing the Set of Rules/Functionality of Layers”. Going to the lower level programming & changing the
Set of Rules/Functionality of Layers so it might leak the Information or Corrupt the data.

Three Way Handshake

The TCP connection is set up via three-way handshaking:
* This begins with a SYN (Synchronize) segment (as indicated by the code bit) containing a 32-bit Sequence number A
called the Initial Send Sequence (ISS) being chosen by, and sent from, host 1. This 32-bit sequence number A is the
starting sequence number of the data in that packet and increments by 1 for every byte of data sent within the segment,
i.e. there is a sequence number for each octet sent. The SYN segment also puts the value A+1 in the first octet of the
data.
 * Host 2 receives the SYN with the Sequence number A and sends a SYN segment with its own totally independent ISS
number B in the Sequence number field. In addition, it sends an increment on the Sequence number of the last received
segment (i.e. A+x where x is the number of octets that make up the data in this segment) in its Acknowledgment field.
This Acknowledgment number informs the recipient that its data was received at the other end and it expects the next
segment of data bytes to be sent, to start at sequence number A+x. This stage is often called the SYN-ACK. It is here that
the MSS is agreed.
* Host 1 receives this SYN-ACK segment and sends an ACK segment containing the next sequence number (B+y where
y is the number of octets in this particular segment), this is called Forward Acknowledgement and is received by Host 2.
The ACK segment is identified by the fact that the ACK field is set. Segments that are not acknowledged within a certain
time span, are retransmitted.

Countermeasures for Social Engineering

Protecting the network from social engineering attacks requires, first and foremost, a set of security policies that lay out
the reasons and procedures for responding to these types of requests. Just developing the policies is not enough. In
order to be effective:

* All members of management must agree to the policies and understand the need to properly prove their identities
when making requests for passwords, etc.
* The policies must be disseminated to all users of the network, with education and training provided as to why
compliance is essential.
* There should be explicitly defined consequences for violating the policies.

Your security policies should be specific and should address such issues as:
* Strong password policies: minimum length, complexity requirements, requirements to change passwords at
specified intervals, prohibition on dictionary words, easily guessed numbers such as birthdates and social security
numbers, etc., prohibitions on writing down passwords.
* Prohibitions against disclosing passwords, to whom (if anyone) passwords can be disclosed and under what
circumstances, procedure to follow if someone requests disclosure of passwords.
* Requirement that users log off or use password protected screensavers when away from the computer, cautionary
instructions on ensuring that no one is watching when you type in logon information, etc.
* Physical security measures to prevent visitors and outside contractors from accessing systems to place key loggers,
etc.
* Procedure for verifying identity of users to IT department and IT personnel to users (secret PINs, callback
procedures, etc.).
* Policies governing destruction (shredding, incineration, etc.) of paperwork, disks and other media that hold
information a hacker could use to breach security.

Social Engineering Prevention and Detection Checklist

To prevent social engineers from succeeding in gaining the information they need to do their dirty work on your
network, and to help detect when a possible social engineering attempt is occurring, the following steps should be
taken:

* Physically secure the computers and network devices.

* Develop a detailed security policy addressing social engineering issues and enforce it throughout the company.
* Provide all users with training in how to recognize a social engineering attempt.
* Lock up paperwork and magnetic media containing confidential information and destroy it when it is no longer
needed.
A good practice is to create a centralized database that logs social engineering attempts. For example, if a secretary
receives a call from someone pretending to be the IT manager and asking for her password, she should be able to report
the incident to a designated person or department, where it would be logged. This allows you to detect patterns and to
be on guard for security breaches because you know someone is trying to get information that can be used to get into
your network.

Algorithm for Implementing Digital signature using RSA Algorithm

With the above considerations, the algorithm below can be used for implementing public key cryptography

1. Encrypt the message using a symmetric key.

2. Concatenate the symmetric key + Hash of symmetric key + Hash of message.
3. Encrypt the concatenated string using the receivers public key.
4. Sign the data to be transmitted (Encrypted symmetric key + Hash of the key + Hash of message).
5. Validate the Signature.
6. Decrypt the message using Receiver private key to get the symmetric key.
7. Validate the integrity of the key using the Hash of the key.
8. Decrypt the actual message using the symmetric key which has been decrypted and parsed and checked for
integrity.
9. Compute MessageDigest of data.
10. Validate if the Message Digest of the decrypted text matches the Message Digest of the Original Message.

Spoofing And Sniffing

Spoofing is an active security attack in which one machine on the network masquerades as a different machine. As an
active attack, it disrupts the normal flow of data and may involve injecting data into the communications link between
other machines. This masquerade aims to fool other machines on the network into accepting the impostor as an
original, either to lure the other machines into sending it data or to allow it to alter data. The meaning of “spoof” here is
not “a lighthearted parody,” but rather “a deception intended to trick one into accepting as genuine something that is
actually false.” Such deception can have grave consequences because notions of trust are central to many networking
systems. Sniffing may seem innocuous (depending on just how sensitive and confidential you consider the information
on your network), some network security attacks use sniffing as a prelude to spoofing. Sniffing gathers sufficient
information to make the deception believable.

Sniffing is the use of a network interface to receive data not intended for the machine in which the interface resides. A
variety of types of machines need to have this capability. A token-ring bridge, for example, typically has two network
interfaces that normally receive all packets traveling on the media on one interface and retransmit some, but not all, of
these packets on the other interface. Another example of a device that incorporates sniffing is one typically marketed as
a “network analyzer.” A network analyzer helps network administrators diagnose a variety of obscure problems that
may not be visible on any one particular host. These problems can involve unusual interactions between more than just
one or two machines and sometimes involve a variety of protocols interacting in strange ways.

Sniffing Passwords
Perhaps the most common loss of computer privacy is the loss of passwords. Typical users type a password at least once
a day. Data is often thought of as secure because access to it requires a password. Users usually are very careful about
guarding their password by not sharing it with anyone and not writing it down anywhere.
Passwords are used not only to authenticate users for access to the files they keep in their private accounts but other
passwords are often employed within multilevel secure database systems. When the user types any of these passwords,
the system does not echo them to the computer screen to ensure that no one will see them. After jealously guarding
these passwords and having the computer system reinforce the notion that they are private, a setup that sends each
character in a password across the network is extremely easy for any Ethernet sniffer to see. End users do not realize
just how easily these passwords can be found by someone using a simple and common piece of software.

How Virus & Worms Spread

When you execute program code that's infected by a virus, the virus code will also run and try to infect other programs,
either on the same computer or on other computers connected to it over a network. And the newly infected programs
will try to infect yet more programs.

When you share a copy of an infected file with other computer users, running the file may also infect their computers;
and files from those computers may spread the infection to yet more computers.

If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy
disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy
on the hard disk will try to infect still more floppies.

Some viruses, known as 'multipartite' viruses, can spread both by infecting files and by infecting the boot areas of floppy
disks.

Computer worms which spread through vulnerabilities in network services can best be protected against by keeping up-
to-date in installing patches provided by operating system and application vendors. This includes worms like SQL
Slammer and Blaster.

Computer worms which spread like trojan horses can best be defended against by not opening attachments in your e-
mail. These infected attachments are not limited to .EXE files. Microsoft Word and Excel files can contain macros which
spread infection.

Computer viruses are often spread by attachments in e-mail messages or instant messaging messages. That is why it is
essential that you never open e-mail attachments unless you know who it's from and you are expecting it.

Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files.

Computer viruses also spread through downloads on the Internet. They can be hidden in illicit software or other files or
programs you might download.

Worms can replicate in great volume. For example, a worm can send out copies of itself to every contact in your e-mail
address book, and then it can send itself to all of the contacts your contact's e-mail address books.