PRINCE MOHAMMAD BIN FAHD UNIVERSITY

COLLEGE OF COMPUTER ENGINEERING AND SCIENCE

ITAP 3431 NETWORK SECURITY
ASSIGNMENT 1#

1. Explain the type of active attacks that takes place on the network.

Attempts to update the system without permission are considered an active attack. For
example, the transmission or storage of data may be altered, or new data streams can be
generated.

Masquerade attacks: When an entity (typically a computer or a human) assumes a

fake identity in order to get or manipulate information, it is referred to as a masquerade
attack. Other types of attacks may also be used in masquerade attacks.

Message replay:An attacker may utilise the information he has taken to repeat an
operation that will benefit him, such as capturing and replaying a command to transfer
cash from one bank account into another that is under the control of the attacker. This
might be circumvented by verifying that a message is still current.

Message modification: There are several ways to edit a message, such altering a
packet header address to send it to a different location or altering the user data.

Denial-of-service attacks: These attacks disrupt the regular usage or administration

of communications services and may be either targeted at a specific service or wide in
scope. Networks may be overwhelmed by messages, resulting in a decrease in service or
even a total breakdown, as an example. Another example is preventing authorised users
from accessing a web server because of excessive and repetitive queries. Internet-
connected services are commonly targeted by denial-of-service attacks.

2. Explain the Network Security Access Model

Efforts to secure a network include a wide range of techniques and procedures.

Usefulness, dependability, integrity and safety of network and data are all protected by it.
Many hazards are identified and prevented from entering or propagating on the network
through good network security. Access to databases and other information resources,
such as networks, must be restricted to authorised users and programmes in order to
 maintain network security. It also guarantees that only authorised users have access to the
resources they're meant to have access to. The Internet is a major source of network
security concerns nowadays. The following are the most often encountered: Viruses,
worms, and Trojan Horses Anti-spyware and anti-adware programmes Zero-hour attacks,
or zero-day assaults, are also known as zero-hour attacks. Attacks by hackers Instances of
denial-of-service Data theft and eavesdropping Theft of a person's identity The
components of a network security system are often diverse. As a result, there is less
downtime and greater security when all components function in harmony. components of
network security include: Virus and spyware protection To prevent unwanted access to
your network, use a firewall. It's important to keep an eye out for fast-spreading dangers,
such zero-day or 0-hour assaults, using intrusion prevention systems (IPS). Provide
secure remote access using virtual private networks (VPNs). In order to secure resources,
the network security uses a range of resources, including passwords, encrypted smart
cards, biometrics, and firewalls.

3. Give example of Security Requirement related to confidentiality, Integrity and

Availability

Confidentiality:
Protection against unauthorised access is a key component of confidentiality. The CIA
trio stresses the importance of protecting information. There must be safeguards in place
to guarantee that only those who have a legitimate need to know may access the data. As
an example, if a computer file is accessible only to those who are permitted to view it,
then the file is secure. In the CIA security triangle, confidentiality is linked to information
security since data protection requires tight control over who has access to what.

Integrity:
It is the purpose of the CIA's triangle of integrity to ensure that information is accurate
and consistent until permitted alterations are made. Errors in the system or illegal access
might cause information to be altered. CIA integrity is maintained when the information
is unaltered throughout storage, transmission, and use that does not alter the information.
Integrity is linked to data security since correct and consistent data is a byproduct of
adequate security. Monitoring and control of permitted access, use, and transfer of
information is essential to the CIA triad's information security procedures

Availability:
The CIA triad's purpose of availability is to ensure that information is accessible when
and where it is required. Information must be accessible to authorised users at all times in
the CIA triad, which is the most important consideration. It is possible to sustain
availability if all of the information system's components are functioning as they should.
It is conceivable that problems with the information system might render information
inaccessible. Effective security measures safeguard system components while also
 ensuring that data is readily accessible, all three components of the CIA trinity are
intertwined.

4. Give a brief explanation of passive attack and active attack

Passive and active attacks are the two forms of security-related attacks. As part of an
active attack, an attacker attempts to alter the message's contents. Attackers copy texts
they see in order to carry out passive attacks.

Active Attacks:
Attackers might use a network exploit to change or alter material while also affecting a
system resource throughout the course of an active assault. Victims will suffer financial
losses as a result of this. The attackers might use passive attacks to collect information
before launching a full-fledged assault on the victim's location. The attackers attempted
to disrupt the system and caused the system to lock down. Victims may be notified about
the ongoing assault if they want to do so. This kind of assault has the potential to
compromise their integrity and accessibility. When opposed to a passive attack, a strong
attack is more difficult to execute.
Denial-of-Service (DoS) assaults are one in every active attack sample. A denial-of-
Service attack occurs when an attacker shuts down a tool or network. This may prevent
the initial user from accessing the device or network. The attackers may spam the target
device or network until it stops responding or burning. Emails, websites, and online
banking are all impacted. Dos assaults may be launched from anywhere.
A DoS attack involves flooding or burning the device or network. A buffer overflow
attack is a typical DoS attack. This kind of attack floods the network with traffic that
exceeds the capacity of a buffer. The system will then be flambed. ICMP flood, often
known as ping flood, is another kind of flooding assault. Spoofed packets containing
ICMP echo requests may be sent. The network must respond to all accusations. This may
make the device inaccessible to regular traffic.
SYN flood is also a kind of flooding attack. The attackers may send SYN packets to any
or all of the server's ports. Fake informatics addresses are common. The unaffected server
may then respond to the SYN-ACK messages. The server might crash if it cannot access
the shoppers. Applied math methods may build attack detection strategies for SYN flood
threats.

Passive Attacks:
A passive attack may monitor, observe, or make use of the system's data for specific
purposes via monitoring, observing, or building upon it. However, it has no effect on the
system's resources, and the data may continue to be used as before. Passive assaults are
difficult to detect since they are carried out in secrecy, making it difficult for the victim to
identify them. The goal of a passive assault is to get data or to search the network for
open ports and vulnerabilities.
An eavesdropping assault is a passive attack. An eavesdropping attack steals data sent
between two linked devices. Eavesdropping includes traffic analysis. The attackers inject
a software package onto the network route to collect future network traffic. To collect
network traffic, attackers must get access to the network channel between the endpoint
and the UC system. It will be easier for the offender to implant a software package if
there are more network paths and the network paths are longer.
Messages are also a kind of passive assault. The attackers use a virus or malware to
install a package on the device to monitor its activity such as texts, emails, or files that
contain personal information. The hackers will utilise the data to infiltrate the system.
Other attacks resulting from the exponential interconnectedness of insecure devices like
IoT infrastructure include protocol-specific and wireless device network-based assaults.