Internet Security Notes | Transmission Control Protocol | Key (Cryptography)

Ethics of Security Policy

Privacy and Confidentiality To provide the highest level of privacy possible for users of its information technology systems and to assure their rights of free speech and intellectual freedom are protected and uninhibited. Protection of Information The level of security practices required for various information types depends on who has created the information, who is maintaining the information, the nature of the information itself, and whether there are specific laws or requirements or guidelines associated with the use and distribution of the information. Organization Information An Organization has many types of official information including staff records, financial records, personnel records, and other business records. Individual Information Individual information includes academic, research, personal and business correspondence, and other records created and managed by individual staff. As creators and managers of this information, individuals are responsible for securing and protecting their information. Password Security Users are responsible for the security of computer systems passwords, personal account passwords (e.g. Net-ID passwords) and personal identification numbers (PINs) and will be held accountable for any activities linked to their accounts. Users must follow established university standards for maintaining and managing passwords. Security for IT Systems Computer systems can become transmitters of viruses, denial of service attacks, open file exchange services, and other malicious electronic activities. To prevent these malicious activities, individuals are required to be aware of and comply with policies relating to the use of these applications. Reporting Security Breaches Effective security practice includes the prompt and appropriate response to breaches in security. It is a duty upon all individuals to report incidents in which they believe computer or network security is at risk.

Route cipher
In a route cipher, the plaintext is first written out in a grid of given dimensions, then read off in a pattern given in the key. For example, using the same plaintext that we used for rail fence: W R I O R F E O E E E S V E L A N J A D C E D E T C X

The key might specify "spiral inwards, clockwise, starting from the top right". That would give a cipher text of:
EJXCTEDECDAEWRIORFEONALEVSE

Route ciphers have many more keys than a rail fence. In fact, for messages of reasonable length, the number of possible keys is potentially too great to be enumerated even by modern machinery. However, not all keys are equally good. Badly chosen routes will leave excessive chunks of plaintext, or text simply reversed, and this will give cryptanalysts a clue as to the routes.

An interesting variation of the route cipher was the Union Route Cipher, used by Union forces during the American Civil War. This worked much like an ordinary route cipher, but transposed whole words instead of individual letters. Because this would leave certain highly sensitive words exposed, such words would first be concealed by code. The cipher clerk may also add entire null words, which were often chosen to make the cipher text humorous

Difference between Virus, worms and Trojans
Virus
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail. Worm A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely. Trojan horse A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate Trojan horse-It is a program, using this program it will make the victim system to make listen on particular port, so that attacker can do anything on your system, i.e. he can tamper the data, theft the data, destroy the data etc...., trojan horse wont spread in to the system like a virus so it will not affect the system performance. Virus - It is a malicious program, using this program it will damage your system, by injecting the virus in to another programs are files, so that it will degrade your system performance. Virus will come to the system with user interaction only.

worm-It is also one type of virus, using this program it will damage your system like virus, not only system it will spread's throughout the network and checks for honey pot of your os, and entering to the os, it will degrade your system performance and also it will eat your network bandwidth also.

Virus - Technically, a virus infects another file (attaches or inserts itself into it). They usually infect program files or MS Office documents. From there, it can replicate, do damage, etc. Unlike a worm, these do not function as a standalone (except possibly to infect a given file). Worm - This is almost identical to a "true virus", except that it lives on its own and generally doesn't infect other files (although it can replace them). Usually, these copy themselves using e-mail, networks, disks, etc. Again, these are very close to a true virus, and can do the same kind of damage. Trojan Horse - This type of program doesn't copy itself but does do damage to your computer. These types of programs rely on people to pass them around and to run them. They do not e-mail themselves. The idea is to make the program look like it's something harmless, like a screen saver or joke, so it gets sent around. The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not the same. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you to better protect your computer from their often damaging effects. A computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels. Much like human viruses, computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail. A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In more recent worm attacks such as the much-talked-about .Blaster Worm., the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely. A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or

personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.

Prevention From Worms
Use up-to-date antivirus software Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software, such as Microsoft Security Essentials, that is updated with the latest signature files. Use caution when opening attachments and accepting file transfers Exercise caution with e-mail and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources. Use caution when clicking on links to Web pages Exercise caution with links to web pages that you receive from unknown sources, especially if the links are to a Web page that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in your system simply by visiting a Web page with harmful content. Avoid downloading pirated software Threats may also be bundled with software and files that are available for download on various torrent sites. Downloading "cracked" or "pirated" software from these sites carries not only the risk of being infected with malware, but is also illegal. For more information, see 'The risks of obtaining and using pirated software'. Protect yourself from social engineering attacks While attackers may attempt to exploit vulnerabilities in hardware or software in order to compromise a system, they also attempt to exploit vulnerabilities in human behavior in order to do the same. When an attacker attempts to take advantage of human behavior in order to persuade the affected user to perform an action of the attacker's choice, it is known as 'social engineering'. Essentially, social engineering is an attack against the human interface of the targeted system. Use strong passwords Attackers may try to gain access to your Windows account by guessing your password. It is therefore important that you use a strong password – one that cannot be easily guessed by an attacker. A strong password is one that has at least 8 characters, and combines letters, numbers, and symbols.

Protocol Failures:
It means that “Changing the Set of Rules/Functionality of Layers”. Going to the lower level programming & changing the Set of Rules/Functionality of Layers so it might leak the Information or Corrupt the data.

Three Way Handshake
The TCP connection is set up via three-way handshaking: * This begins with a SYN (Synchronize) segment (as indicated by the code bit) containing a 32-bit Sequence number A called the Initial Send Sequence (ISS) being chosen by, and sent from, host 1. This 32-bit sequence number A is the starting sequence number of the data in that packet and increments by 1 for every byte of data sent within the segment, i.e. there is a sequence number for each octet sent. The SYN segment also puts the value A+1 in the first octet of the data.

* Host 2 receives the SYN with the Sequence number A and sends a SYN segment with its own totally independent ISS number B in the Sequence number field. In addition, it sends an increment on the Sequence number of the last received segment (i.e. A+x where x is the number of octets that make up the data in this segment) in its Acknowledgment field. This Acknowledgment number informs the recipient that its data was received at the other end and it expects the next segment of data bytes to be sent, to start at sequence number A+x. This stage is often called the SYN-ACK. It is here that the MSS is agreed. * Host 1 receives this SYN-ACK segment and sends an ACK segment containing the next sequence number (B+y where y is the number of octets in this particular segment), this is called Forward Acknowledgement and is received by Host 2. The ACK segment is identified by the fact that the ACK field is set. Segments that are not acknowledged within a certain time span, are retransmitted.

Countermeasures for Social Engineering
Protecting the network from social engineering attacks requires, first and foremost, a set of security policies that lay out the reasons and procedures for responding to these types of requests. Just developing the policies is not enough. In order to be effective: * All members of management must agree to the policies and understand the need to properly prove their identities when making requests for passwords, etc. * The policies must be disseminated to all users of the network, with education and training provided as to why compliance is essential. * There should be explicitly defined consequences for violating the policies. Your security policies should be specific and should address such issues as: * Strong password policies: minimum length, complexity requirements, requirements to change passwords at specified intervals, prohibition on dictionary words, easily guessed numbers such as birthdates and social security numbers, etc., prohibitions on writing down passwords. * Prohibitions against disclosing passwords, to whom (if anyone) passwords can be disclosed and under what circumstances, procedure to follow if someone requests disclosure of passwords. * Requirement that users log off or use password protected screensavers when away from the computer, cautionary instructions on ensuring that no one is watching when you type in logon information, etc. * Physical security measures to prevent visitors and outside contractors from accessing systems to place key loggers, etc. * Procedure for verifying identity of users to IT department and IT personnel to users (secret PINs, callback procedures, etc.). * Policies governing destruction (shredding, incineration, etc.) of paperwork, disks and other media that hold information a hacker could use to breach security. Social Engineering Prevention and Detection Checklist To prevent social engineers from succeeding in gaining the information they need to do their dirty work on your network, and to help detect when a possible social engineering attempt is occurring, the following steps should be taken: * Physically secure the computers and network devices. * Develop a detailed security policy addressing social engineering issues and enforce it throughout the company. * Provide all users with training in how to recognize a social engineering attempt. * Lock up paperwork and magnetic media containing confidential information and destroy it when it is no longer needed.

A good practice is to create a centralized database that logs social engineering attempts. For example, if a secretary receives a call from someone pretending to be the IT manager and asking for her password, she should be able to report the incident to a designated person or department, where it would be logged. This allows you to detect patterns and to be on guard for security breaches because you know someone is trying to get information that can be used to get into your network.

Algorithm for Implementing Digital signature using RSA Algorithm
With the above considerations, the algorithm below can be used for implementing public key cryptography 1. Encrypt the message using a symmetric key. 2. Concatenate the symmetric key + Hash of symmetric key + Hash of message. 3. Encrypt the concatenated string using the receivers public key. 4. Sign the data to be transmitted (Encrypted symmetric key + Hash of the key + Hash of message). 5. Validate the Signature. 6. Decrypt the message using Receiver private key to get the symmetric key. 7. Validate the integrity of the key using the Hash of the key. 8. Decrypt the actual message using the symmetric key which has been decrypted and parsed and checked for integrity. 9. Compute MessageDigest of data. 10. Validate if the Message Digest of the decrypted text matches the Message Digest of the Original Message.

Spoofing And Sniffing
Spoofing is an active security attack in which one machine on the network masquerades as a different machine. As an active attack, it disrupts the normal flow of data and may involve injecting data into the communications link between other machines. This masquerade aims to fool other machines on the network into accepting the impostor as an original, either to lure the other machines into sending it data or to allow it to alter data. The meaning of “spoof” here is not “a lighthearted parody,” but rather “a deception intended to trick one into accepting as genuine something that is actually false.” Such deception can have grave consequences because notions of trust are central to many networking systems. Sniffing may seem innocuous (depending on just how sensitive and confidential you consider the information on your network), some network security attacks use sniffing as a prelude to spoofing. Sniffing gathers sufficient information to make the deception believable. Sniffing is the use of a network interface to receive data not intended for the machine in which the interface resides. A variety of types of machines need to have this capability. A token-ring bridge, for example, typically has two network interfaces that normally receive all packets traveling on the media on one interface and retransmit some, but not all, of these packets on the other interface. Another example of a device that incorporates sniffing is one typically marketed as a “network analyzer.” A network analyzer helps network administrators diagnose a variety of obscure problems that may not be visible on any one particular host. These problems can involve unusual interactions between more than just one or two machines and sometimes involve a variety of protocols interacting in strange ways.

Sniffing Passwords

Perhaps the most common loss of computer privacy is the loss of passwords. Typical users type a password at least once a day. Data is often thought of as secure because access to it requires a password. Users usually are very careful about guarding their password by not sharing it with anyone and not writing it down anywhere.

Passwords are used not only to authenticate users for access to the files they keep in their private accounts but other passwords are often employed within multilevel secure database systems. When the user types any of these passwords, the system does not echo them to the computer screen to ensure that no one will see them. After jealously guarding these passwords and having the computer system reinforce the notion that they are private, a setup that sends each character in a password across the network is extremely easy for any Ethernet sniffer to see. End users do not realize just how easily these passwords can be found by someone using a simple and common piece of software.

How Virus & Worms Spread
When you execute program code that's infected by a virus, the virus code will also run and try to infect other programs, either on the same computer or on other computers connected to it over a network. And the newly infected programs will try to infect yet more programs. When you share a copy of an infected file with other computer users, running the file may also infect their computers; and files from those computers may spread the infection to yet more computers. If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more floppies. Some viruses, known as 'multipartite' viruses, can spread both by infecting files and by infecting the boot areas of floppy disks. Computer worms which spread through vulnerabilities in network services can best be protected against by keeping upto-date in installing patches provided by operating system and application vendors. This includes worms like SQL Slammer and Blaster. Computer worms which spread like trojan horses can best be defended against by not opening attachments in your email. These infected attachments are not limited to .EXE files. Microsoft Word and Excel files can contain macros which spread infection. Computer viruses are often spread by attachments in e-mail messages or instant messaging messages. That is why it is essential that you never open e-mail attachments unless you know who it's from and you are expecting it. Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread through downloads on the Internet. They can be hidden in illicit software or other files or programs you might download. Worms can replicate in great volume. For example, a worm can send out copies of itself to every contact in your e-mail address book, and then it can send itself to all of the contacts your contact's e-mail address books.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.