Internet Security Section 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 0.10 0.11 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 1.22 1.23 1.24 2.0 2.1 2.2 2.3 2.4 2.5 Topic Three way handshake Understanding O.S.

I. Model at a glance Differentiate between O.S.I. Protocol suite & T.C.P./I.P. Protocol suite. Attacks with reference to the OSI model Node-to-Node, Host-to-Host and Process-to-Process deliveries? Understanding SSL Layer Position of SSL layer in TCP/IP suit TCP Header What is connection oriented and what is connectionless? TCP v/s UTP Introduction: What are Security Truisms? Why require a security? What is a Security Policy What is a Security Policy - Definition Picking a Security Policy, What kind of Security Distinguish between a Hacker and a cracker Strategies for a Secure Network, The Ethics of Computer Security Security threats and levels Security Plan (RFC 2196) What Makes a Good Security Policy? The components of a good security policy Deny all/ Allow all Who Should be Involved When Forming Policy? Security Incident Handling Security breach incident: - Containment Security breach incident: - Eradication Security Approaches Principles of Security Types of attack - Active and passive The Practical Side of Attacks Cookies Specific Attacks: - Sniffing (snooping) Spoofing Chapter Summery: Classes of Attack Stealing Passwords Social Engineering. Bugs and Backdoors Authentication Failures Protocol Failures

1

2.6 2.7 2.8 2.9 2.10 3.0 3.1 3.2 3.3 3.4 3.5 3.6 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10 4.11 5.0 5.1 5.2 5.3 5.4 5.4 5.5 5.6 5.7 5.8

Information Leakages Exponential Attacks - Viruses and Worms Denial-of-Service Attacks Botnets. Active Attacks Computer Security What are viruses, Trojan Horse, Worms Types of Virus How to protect the computer against virus? Life stages of Virus What is the Structure of Viruses? Components of virus Firewalls and Proxy Servers Kinds of Firewalls Packet filters Application-Level Filtering Circuit-Level Gateways Dynamic Packet Filters Distributed Firewalls. What firewalls cannot Do & Filtering Services Reasonable Services to Filter Digging for Worms. Packet Filtering. Implementing policies: (Default allow, Default Deny) on proxy Cryptography Introduction to Basic encryption and Decryption, Diffie – Hellman Key Exchange Concept of Public key and Private key The concept of Hash (Message Digest) Digital Signatures Symmetric Key Cryptography Asymmetric Key cryptography Compare & contrast Symmetric Key Cryptography with Asymmetric key cryptography Pretty Good Privacy (PGP)

Chapter 0 Revision of part of “Data Communication and Networking” syllabus, which is prerequisite for Internet Security.

Chapter Index

2

Section 0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 0.10 0.11

Topic Introduction Three way handshake Understanding O.S.I. Model at a glance Differentiate between O.S.I. Protocol suite & T.C.P./I.P. Protocol suite. Attacks with reference to the OSI model Node-to-Node, Host-to-Host and Process-to-Process deliveries? Understanding SSL Layer Position of SSL layer in TCP/IP suit TCP Header What is connection oriented and what is connectionless? TCP v/s UTP

Chapter 0 Revision of a part of “Data Communication and Networking” syllabus found prerequisite in Internet Security.

0.1 What is Three-way handshake? Why do you need four steps for connection termination? What do you understand by the term “half open” and “half closed”? Connection TCP is a connection-oriented protocol. It establishes a virtual path between the source and destination. All the segments belonging to a message are then sent over this virtual path. Using a single virtual pathway for the entire message facilitates the acknowledgment process as well as retransmission of damaged or lost frames. In TCP, connection-oriented transmission requires two procedures: 1. Connection Establishment and 2. Connection Termination. Connection Establishment TCP transmits data in full-duplex mode. When two TCPs in two machines are connected, they are able to send segments to each other simultaneously. This implies that each party must initialize communication and get approval from the other party before any data transfer. Four steps are needed to establish the connection, as discussed before. However, the second and third steps can be combined to create a three-step connection, called a three-way handshake, as shown in Figure.

3

The client sends the first segment. a SYN segment. it acknowledges the receipt of the first segment. It acknowledges the receipt of the second segment. using the ACK flag and acknowledgment number field. Therefore. When connection in one direction is terminated. It contains the initialization sequence number used to number the bytes sent from the server to the client. Note that the acknowledgment number is the client initialization sequence number plus 1 because no user data have been sent in segment 1. as shown in Figure. Second. The server must also define the client window size. 2. Connection Termination Any of the two parties involved in exchanging data (client or server) can close the connection. 4 . using the ACK flag and acknowledgment number field.The steps of the process are as follows: 1. The client sends the third segment. the other party can continue sending data in the other direction. This segment has a dual purpose. Data can be sent with the third packet. This is just an ACK segment. The segment includes the source and destination port numbers. four steps are needed to close the connections in both directions. The destination port number clearly defines the server to which the client wants to be connected. The server sends the second segment. 3. Note that the acknowledgment number is the server initialization sequence number plus 1 because no user data have been sent in segment 2. a SYN and an ACK segment. The segment also contains the client initialization sequence number (ISN) used for numbering the bytes of data sent from the client to the server. The client must also define the server window size. the segment is used as the initialization segment for the server. First.

This segment is a FIN segment. The TCP on the other side may send a segment with its RST(1) bit set to annul the request. When it does not have any more data to send.) 5 . 2. 3. It may send an RST(1) segment to destroy the connection (Note: 1. The TCP on one side has requested a connection to a nonexistent port.The four steps are as follows: 1. What is RST? RST is one of the flags in the control field of a TCP segment indicating that the connection must be reset. One TCP may want to abort the connection due to an abnormal situation. The TCP on one side may discover that the TCP on the other side has been idle for a long time. an ACK segment. to confirm the receipt of the FIN segment from the client. The server TCP sends the second segment. 2. a FIN segment. 3. The client TCP sends the first segment. to confirm the receipt of the FIN segment from the TCP server. Note that the acknowledgment number is 1 plus the sequence number received in the FIN segment because no user data have been sent in segment 1. Note that the acknowledgment number is 1 plus the sequence number received in the FIN segment from the server. This happens in one of three cases: 1. Connection Resetting TCP may request the resetting of a connection. an ACK segment. It can send an RST(1) segment to close the connection. The client TCP sends the fourth segment. it sends the third segment. The server TCP can continue sending data in the server-client direction. 4. Resetting here means that the current connection is destroyed.

which usually aren't informed of incoming connections until the three-packet handshake is complete.e. There is also a modest security benefit: A connection cannot be fully established until both sides have acknowledged the other's initial sequence number. SYN attacks flood the server with the first packet only. After the server receives the initial SYN packet. Because the initial sequence number for new connections changes constantly. and awaits an acknowledgment. Attackers have gamed this half-open state. the connection is in a half-opened state.. The server replies with its’ own sequence number. The sequence numbers have another function. hoping to swamp the host with half-open connections that will never be completed. In addition. 6 . from previous uses of the same 4-tuple). TCP half opened? A three-step process is shown in Figure above.When is TCP open. the third and final packet of a TCP open. the first part of this three-step process can be used to detect active TCP services without alerting the application programs. it is possible for TCP to detect stale packets from previous incarnations of the same circuit (i.

0. 2 Understanding OSI model at glance: 7 .

Protocol.I. Protocol suite. The The model is just description of protocols are not very protocols. Differentiate between O.S. of layers Diagram Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Transport Layer Internet Layer Host to Network Application Layer O.P.I.I. Parameter Expand the acronym No.3 Differentiate between O. Model Open Interconnect 7 T.P.P.I. Not so good as a popular model but protocols are more useful Both connection oriented Only connectionless in the and connection less in the Network layer Network Layer Only connection oriented Supports both (connection in the transport Layer oriented and connectionless) in the transport layer OSI differentiates clearly Does not clearly distinguish the between specification concepts of Service. Protocol & T. Protocol suite & T.C./I. Made the distinction between the following concepts explicitly: 1.0.S.S. interface and and the implementations protocol O.P. System Transmission Control Protocol / Internet Protocol 4 Protocols Orientation Services Good as a model.S./I./I.Services 8 .C.P.P.C.

Give details of protocols.Suitability Only for TCP/IP protocols Cannot describe “Blue tooth” Physical layer Data Link & Physical are Doesn’t even mention about separate these Top layers Separate Application. PGP (Pretty Good Privacy) applets 3. controlling device and attacks? Which Layer Details of protocols Application Layer Controlling device SMTP: Simple Mail Transfer Application Protocol (1) Gateway (2) MIME (Proxy POP3: Post office Protocol(3) Server) IMAP(4) Applets and (5) Instant Messaging ActiveX Email security Protocols: Java applets 1. PEM (Privacy Enhanced Mail) Signed 2. Change the amount of transaction Spam DNS spoofing SSL Layer Transport Layer Packet Spoofing 9 . TCP/IP does not have separate merged Presentation and session Session and Presentation Layer It is a part of Application Layer layers 2.4 Discuss the attacks with reference to the OSI model. Record Protocol 3.Interface 3. Handshake Protocol 2. Alert Protocol TLS: Transport Layer Security Packet (similar to SSL) Filter TCP: Transmission Control Protocol Gateway UDP: User Datagram Protocol TFTP: Trivial File Transfer Protocol Attacks Application level attacks: Interception Fabrication (Denial of services DOS) Modification (Replay attacks) Interruption (Masquerade) Steal credit card information. S/MIME Secure Mime Java HTTP: Hyper Text Transfer sandbox Protocol Java HTML: Hyper Text Markup security Language Web FTP: File Transfer Protocol browser TELNET(6) Remote Login cookies (7) DNS Domain Name System SHTTP: Secure Hyper Text Transfer Protocol) LDAP(8) Light Weight Directory Access Protocol Secure Socket Layer (9) 1.Protocols More general protocols 0.

8. 2. MIME too is potentially quite dangerous 3. ICQ. More and more sites are using LDAP for supplying information about user SSL much better and safer facilities. IMAP – more secure than POP3.IPSec. A compromised DNS can do havocs.5 What do you understand by Node-to-Node. but still no guarantee against negotiated SSL 0. Host-to-Host and Process-to-Process deliveries? 10 . Packet AH: Authentication Header ESP: Encapsulation Security Filter Gateway Payload IP Sec Key Management IP: Internet Protocol Packet IP: Internet Protocol Filter ICMP: Gateway ARP RARP: IP From spammings to crash of software on target host Killer and ICMP packets SYN Packets Attacks Link Physical inserting a RJ45 socket in your hub! Internet (Network) Layer IP address sniffing (snooping) Source Routing attacks IP sniffing IP spoofing Network Level attacks: IP address spoofing Source Routing attacks Data Layer Physical layer Physical removal of hard disk! Foot notes: 1. 7. but complex 5. Instant Messaging: various proprietary protocols (America on line. Most TELNET sessions come from un-trusted machines. POP3 is simple but insure 4. You do no know for sure who sent the mail based on SMTP. You must use some higherlevel mechanism if you need trust or privacy. Yahoo messenger) False meeting places could be used to attract messaging traffic 6.

Presentation Layer 5. Network Layer 2. Transport Layer 3.OSI Suit Layers 7. Application Layer 6. Data Link Layer 1. Physical Layer TCP/IP Suit Layers Type of Delivery Name of Devices the Data in use unit called APDU PPDU SPDU Segments ------Routers --Application ----Transport Layer (TCP) Network (IP) Process to process Protocols used in this layer SMTP FTP TELNET DNS SNMP TFTP TCP / UDP ICMP IGMP IP ARP RARP Protocols defined by the underlying Networks Host to host Packets Routers Node to node Host-tonetwork Electromagnetic or electro-optical signal Frames Bit by bit Bridges and switches Amplifier Repeater Hub 11 . Session Layer 4.

We need one additional layer to be introduced. X Y L5 L5 L5 data L4 data L3 data S H H H Applicati on SSL L5 L5 L5 data L4 data L3 data S H H H Transpor t Internet Data Link Physical Transmission medium 01010101010001010101001 01010101010001010101001 SECURE SOCKET LAYER (SSL) Application Layer Introduction: The typical TCP/IP suit has the structure as shown in the figure on the right hand side. We need to secure communication between the Web browser and the Web Server. Where should that be? Transport Layer Internet Layer Data Link Layer Application Layer 12 .6.0. Understanding SSL Layer.

Logically. the application layer data is passed to the SSL layer. Since then. the communication between the various TCP/IP protocol layers is now as shown in Fig. as shown in Figure As such.7 The Position of SSL in TCP/IP Protocol Suite Application Layer S. called as SSL Header (SH) to the encrypted data. and also adds its own encryption information header. as usual. the SSL layer performs encryption on the data received from the application layer (which is indicated by a different color). However. All the major Web browsers support SSL. I It provides two basic security services: authentication and confidentiality. Above As we can see. SSL Version 3. unlike what happens in the normal case. the application layer of the sending computer (X) prepares the data to be sent to the receiving computer (Y). it provides a secure pipe between the Web browser and the Web server. the application layer data is not passed directly to the transport layer now. which was released in 1995. The SSL layer is located between the application layer and the transport layer. Here.The Secure Socket Layer (SSL) protocol is an Internet protocol for secure exchange of information between a Web browser and a Web server. Layer Transport Layer Internet Layer Data Link Layer Application Layer SSL can be conceptually considered as an additional layer in the TCP/IP protocol suite. SSL has become the world's most popular Web security mechanism. 13 .S. 0. Instead.L. Netscape Corporation developed SSL in 1994.

In fact. the SSL layer data (L5) becomes the input for the transport layer. The Handshake Protocol. This is quite obvious: if SSL has to encrypt all the headers. decrypts the encrypted data. where to deliver the packets would be a big question. This process happens exactly the way it happens in the case of a normal TCP/IP data transfer. imagine what would happen if we put the address of the sender and the receiver of a letter inside the envelope! Clearly. 14 . the postal service would not know where to send the letter! This is also why there is no point in encrypting the lower layer headers. At the receiver's end. The SSL layer at the receiver's end removes the SSL Header (SH). How SSL Works? SSL has three sub-protocols. To understand the problem. and gives the plain text data back to the application layer of the receiving computer. until it reaches the new SSL layer. The Record Protocol and 3. SSL is required between the application and the transport layers. These three sub-protocols constitute the overall working of SSL. namely: 1. The Alert Protocol. and so on. If SSL encrypted all the lower layer headers. The lower layer headers are not encrypted. Thus. the process happens pretty similar to how it happens in the case or a normal TCP/IP connection. it would lead to problems. receiver. when the data reaches the physical layer. It adds its own header (H4). and become unreadable. Finally. and intermediate nodes) would be encrypted. That would serve no purpose at all. 2. and passes it on to the Internet layer. it is sent in the form of voltage pulses across the transmission medium.After this. it must be I positioned below the data link layer. Therefore. only the application layer data is encrypted by SSL. Thus. even the IP and physical i addresses of the computers (sender.

The header is 20 bytes if there are no options and up to 60 bytes if it contains options. TCP Header The segment consists of a 20-byte to 60-byte header. As we said before. Sequence number. The format of a segment is shown in Figure. 15 . Source port address. TCP is a stream transport protocol. 2. To ensure connectivity.8 The TCP header: Segment The unit of data transfer between two devices using TCP is a segment. each byte to be transmitted is numbered. 3. This is a 16-bit field that defines the port number of the application program in the host that is receiving the segment. This 32-bit field defines the number assigned to the first byte of data contained in this segment.0. This is a 16-bit field that defines the port number of the application program in the host that is sending the segment. Destination port address. The sequence number tells the destination which byte in this sequence comprises the first byte in the segment. 1. We will discuss some of the header fields in this section. followed by data from the application program.

If the byte numbered x has been successfully received. 7. These bits enable flow control. as shown in One or more of these bits can be set at a time. The length of the header can be between 20 and 60 bytes. This 32-bit field defines the byte number that the sender of the segment is expecting to receive from the other party. Control. the value of this field can be between 5 (5 x 4 = 20) and 15 (15 x 4 = 60). Reserved. This is a 6-bit field reserved for future use. 5. Therefore. Example Telephone line Sequential Connectionless A characteristic of network system that allows a computer to send data to any other computer at any time without any prerequisite of destination connection Example: Postal system To transmit data in such a way that each PDU is treated independently of all prior PDUs Nothing of this sort PDU movement Three way Connection establishment 16 . Acknowledgment number. UDP Header UDP Header 0.9 What is Connection Oriented? 0. This 4-bit field indicates the number of 4-byte words in the TCP header. This field defines 6 different control bits or flags. 6.9 What is Connectionless? What is connection oriented v/s connectionless deliveries Parameter Definition Connection oriented A characteristic of a network system that requires a pair of computers to establish a connection before sending data.4. Header length. x + 1 is the acknowledgment number.

handshake Modus Operandi Decision on path Sequence Example Reliable requires “three-way hand shake” Three simple steps: • Connection establishment Agree on : o Syntax. No guaranteed delivery No sequence guarantee Nothing of this sort. CRC acknowledgment. TCP uses four timers— retransmission. Transmission Control Protocol User Datagram Protocol TCP uses a sliding window mechanism for flow control. keep-alive. UDP has no flow control mechanism at all. o Semantics & o Timing • Data Transfer & • Connection termination Only at the beginning Keeps the sequence TCP Reliable Nothing of this sort At every node Can arrive out of sequence UDP Unreliable 0. UDP has no Error control mechanism at all. and time-waited— in its operation. Error detection is handled in TCP by the checksum. datagram.10 Distinguish between TCP and UDP. Parameter Common in both Reliability Connection orientation Overheads Speed Protocol Data unit Expand the acronym Flow control mechanism Error Detection and correction Mechanism Timers TCP UDP UDP and TCP are transport-layer protocols that create a process-to-process communication Reliable UDP is an unreliable protocol Connection oriented Connectionless Considerable Little Slower Faster The TCP packet is called a The UDP packet is called a user segment. No Acknowledgement. 17 . and timeout. persistence.

20 21 22 24 25 27 28 29 30 32 33 34 36 36 39 40 41 45 46 47 48 49 18 .6 1. such as: Transmitting speech or video The UDP header is much smaller than the TCP header DNS No prior connection at all: It is connectionless Chapter 1 Introduction Chapter Index Chapter 1.8 1.13 1. What kind of Security Distinguish between a Hacker and a cracker Strategies for a Secure Network.Eradication Security Approaches Principles of Security Types of attack .1 1.7 1.9 1.16 1.Definition Picking a Security Policy. Example: DNS Where prompt delivery is more important than accurate delivery. The Ethics of Computer Security Security threats and levels Security Plan (RFC 2196) What Makes a Good Security Policy? The components of a good security policy Deny all/ Allow all Who Should be Involved When Forming Policy? Security Incident Handling Security breach incident: .12 1.Active and passive Page No.19 1.Preference & Use TCP is preferred & used for: reliable.11 1.2 1.4 1. byte-stream delivery between processes. client-server type request-reply queries.Containment Security breach incident: .0 1.10 1. Headers & Overheads: Example of application Connection The TCP header is much larger than the UDP header TELNET Required to have explicit connection between the hosts.15 1.20 Section Topic Introduction: What are Security Truisms? Why require a security? What is a Security Policy What is a Security Policy .18 1.17 1. Three Way Handshake UDP is preferred & Used for oneshot.5 1.3 1.0 1.14 1.

22 1. Do not make that as the only protection. It would be stupid to assume that the hacker would not know this (security arrangement). Security is always a question of economics: How much time. Not necessarily the main door! Put your defenses in layers: If the attacker somehow cracks the first layer he should be trapped in the second.) The points to be noted are: § § § § § § § § § § § § § § There is no such thing as absolute security: We can try achieving the best but no one can give 100% (absolute) guarantee.21 1. It should not be the case that the hackers cracks one layer and he directly hits the pot! It’s a bad idea to rely on “security through obscurity”.23 1. The things may be so simple and obvious for you.1 Why require security? 19 .1. Long security sensitive programs have been a constant and reliable source of a security problems Security should be an integral part of the original design. The security should be strong yet as unobtrusive as possible Do not underestimate the value of your assets: Often day-to-day is under estimated. The difficulty increases with size. it does not matter if it has security holes: Exposed machine should run as few programs as possible and the one it runs should be as small as possible. Try to make security into simple and manageable pieces. An attacker doesn’t go through security. the real facts.24 The Practical Side of Attacks Cookies Specific Attacks: . it may not be for the other party. explain and get right. audit. effort and money should be spend on security will depend on the value (monitory or degree of importance) Keep the level of all your defenses at about the same height: There is no point in making one door to the castle highly protective while other doors are week. The security that is added after the initial design is seldom as reliable. The crucial security programmes should be only a page long. 1. A program or protocol is insured unless proven secure: Assuming the other way round that “all protocol are safe unless proved unsafe” would be very dangerous. If you do not run a program. Keep it simple: Complex things are harder to understand. Do not assume such things. Programming is hard: It is hard to write a bug-free program. A chain is only as strong as the weakest link: Security is a trade-off with convenience: One cannot be stronger than the organisation culture would permit.Sniffing (snooping) Spoofing Chapter Summery: 51 52 53 55 Chapter 1 Introduction What are Security Truisms? (What is a truism? Self-evident truth. but around it: Their goal is first to find the weakest hole and then attack it.

An 11-year-old Russian teenager changed the path of the spaceship remotely.) & so also you know the ways in which these things can be stolen. Had just finished a successful spaceship launch. the further questions are: § § What resources should be protected? Who is going to disrupt the systems & How? Consider an example of household security. Threat to national security. Building. hackers or attackers whether from inside or even outside. when the unexpected happened. Hence you protect these items by keeping them in safe & secure places. pin. BARC Group: One of the most sensitive atomic and missile research facilities in India. password. cash / jewellery. Unnecessary worry. 20 . The job of a Network Administrator is similar in the organization that is to protect the resources & information from curious eyes. Now days. NASA: The premier space research agency in the world. etc § To Protect my site from getting blocked by any attack such as DOS § To protect our I/P/ Address: § To protect my e-mails: § To protect Incoming packets so that no virus / worms comes in § To protect outgoing packets so that the secrets does not leak out. Attackers were never caught.com brought down for more than 48 hours! All users across the globe remained disconnected. Amazon. Ebay. This was a DOS (Denial of Services) attack 2. BUY. These kinds of activities are now increasing & there is a computer related security issue worth considering. Loss of sensitive data. Loss of money. Examples: 1. Share values down. In commerce. We would require security to safeguard the information or resources.g. other valuable items etc. Once this consideration is made. 3. Pakistani criminal organizations broke into network and stole sensitive missile info. This would require some policy formulated by the organization to keep protected from these kinds of attacks.We need security to: § To protect our data. There are various ways in which the functionality of computer systems is threatened. however in e-commerce the main assets are considered to be data and information: Data is collection of raw facts where as the processes data is called information. You clearly know what resources to protect (e. Yahoo. assets are: Land. Plant and Machinery. files and folders § To protect our resources § To protect e-commerce transaction information: user-id. we hear that many systems run by Govt. which are assets to the organization. Thus there was Loss of Revenue. & other organizations have been disrupted or penetrated.

o Different priorities o Different needs o Different missions / targets / goals Organisation differ in their: o Culture o Structures o Strategy And thus Security Policy will also differ from organisation to organisation. What resources are you trying to protect? 2. How much security can you afford? Never under-estimate about your own assets! 21 .Another important difference in house security & Computer security is that in later case. Who would be interested in attacking you? 3. The attack in such case is in logical form. Security Policy will decide: o What legal course of action will you follow if attacked? o What will be considered as a cognizable crime? o Can anyone be sued? o Infringing on someone else’s rights? To devise a security policy you must yourself several question? 1.2 What is security Policy? o o o o o o o o o o Set of decisions Rules & regulation Written or verbally understood Which Collectively determines Organisation’s posture towards security Delimits the boundaries Acceptable & non acceptable behaviors What is ethical and what is non-ethical? What is the degree of seriousness of the offence Or is it an offence at all What if it is violated? § A Shares broker § A Corporate body § A Household application whole-seller § A Student § A teacher Etc. will have o Different requirements. many times the attacker is too far away & even unidentified. 1.

A security policy defines the boundaries of acceptable behaviour and what the response to violations should be. Computer security means keeping anyone from doing anything. In general.Definition § § A security policy is the set of decisions that collectively. Naturally. applications etc. to guard against employees exporting valuable data. security policies will differ from organization to organization. A few important steps in this are: 1. If the 22 . What resources are you trying to protect? The answer to this will dictate the host specific measures that are needed. You must first decide what is and is not permitted. Thus. & Logical resources like source & object programs. Your security policy may determine what legal course you have to take if you are ever attacked.3 What is Security Policy? . A security policy differs from organization to organization. methodology to safeguard your assets or what measures / precautions you take (or do not take) in order to keep your assets secured. operating system. drives. determines an organization's attitude toward security.4 Picking a security policy: A 'Security Policy' describes your plan. Other policies may be driven by technological considerations. The first step here is to perform a Risk Analysis. modems etc. All the decisions are then based on this formulated policy. keystroke logging and strict auditing. Machines with sensitive files may require extra security measures: Stronger authentication. It is a process of examining all your risks & then finding a cost-effective decision to recover from it.Data base is the most important asset in e-commerce! 1. 2. this process is driven by the business or structural needs of the organization. or even file encryption. It is the way of protecting your precious assets in terms of information or resources. monitors. To some extent. keyboards. utilities. relating to computers & peripherals. which is unwanted or undesired. Some companies wish to restrict outgoing traffic. 1. data. Finding out what resources you wish to protect: Resources may include: Physical resources like printers. some companies may issue a verdict that bars the personal' use of corporate computers.

May be all such access should be done through a proxy that will perform extra logging. the other one is taking preventive measures so that no mistake occurs. Logical threats such as unauthorized access to data. Who is interested in attacking you? § Outsiders as well as insiders may form the collective answer here. 5. At one end of the scale is a philosophy to correct it only when mistake happens and. resources Unintended disclosure of your information. 4. Finding the proper balance therefore is essential. Often. 4.target of interest is the outgoing connectivity. 1. and so on. and even moderate. High 2. What Stance do you take? The stance is the attitude of the designer. people get frustrated. § What kind of security therefore must be provided differs from the type of attacker you are planning against. How much Security can you afford? Part of the cost of security is direct financial expenditures. Medium 23 . information. 2. the administrative costs are overlooked. however. Find out who can disrupt them & in what ways: The threats to your assets may include § § § Physical threats to the resources such as stealing. Annoyed by increases in security. 3. Open Internet Explorer Click on “tool” Click on “Internet Options” Click on “Security” Click on “Custom Level” Click on “Default levels” Study the following levels. It is determined by the cost of failure and the designer’s estimate of that likelihood. 3. There is another cost. malfunctioning devices. firewalls. 6. It is also based on the designer's opinions of their own abilities. Too much security can hurt as surely as too little can. software packages. a cost in convenience and productivity. 4. the administrator may choose to require certain privileges for access to the network. Experiment in Picking a Security Policy What is a policy should I have while surfing? Let us do a practical experiment 1. such as the extra routers.

3. Low High: The safest way to browse. Medium-low and 4. but also the least functional Less secured feature are disabled Appropriate policy for sites that might have harmful contents Medium-Low Same as Medium but with prompts Most content will run without prompts Unsigned ActiveX controls will be downloaded Appropriate for sites on local Network (Intranets) 24 .

Host Based Security: If a host is connected to a network. and numerous similar attempts are evolving. The hosts that tend to be safer include the commercial firewalls. The SSL (Secure Socket Layer) provides reasonably easy access to encrypted connectiol1s.5 What kind of security? a. It is possible to tighten up a host to a fair degree of security. which are built with security as their primary goal. 1. 25 .Medium Safe browsing & still functional Prompts before downloading potentially unsafe content Unsigned ActiveX controls will downloaded Appropriate for most Internet sites be Low Minimam safeguards and warning promts provided Most content is downloaded and run without prompts All active contents can run Approariate for site that you absolutely trust. it ought to be up to the host to protect itself from network borne abuses.

Y level. This approach would therefore lead to provide perimeter security. (Mnemonics: C for cracker. A hacker may also be an individual who is employed as a security consultant. than a 26 . whether you want a lower. (Thieves know their own ways & methods. or use them for personal gains. why not use a thief to track another?) 1. not satisfied with just running programs. Should be enforceable with security tools wherever appropriate. A hacker is an individual who finds ways of exploiting your systems & looks for known loopholes (vulnerabilities) & further can disclose. The perimeter approach is not effective if the network is too -large. medium or a very tight security. is to go around it and get into the system.. Catches Computer Criminals. Good Guy.e. H for Heck of it!) Qualities of a Cracker: Lots of Knowledge & Experience. Should clearly define the areas of responsibility for users. which describes the acceptable network activity as well as the penalties for misuse of it. The attackers here are normally known as Hackers by the terminology. Never Indulges in Crime. § Qualities of a Hacker: Lots of Knowledge & Experience. i. you must identify what level of security you require. administrators & management. A hacker is technically sound. a security policy is a document. So.7 Strategies for a secure Network: Before you can decide on how to safeguard your network. Should have acceptance within the organization Hence.6 Distinguish between a Hacker and a cracker. Perimeter Security: One way the attackers always would prefer. Accurately define each issue discussed in the policy. Strong Ethics.b. Low Ethics. what resources you have to protect & from whom you need to protect them. Define under what circumstances each issue is applicable. but needs to understand how it works. 1. (For example. you are ready to form your policy to safeguard. Z level etc. famous personalities will require more life security . Mostly Indulges in Crime. if you have tremendous security at the door. C for Criminal) § Once you know why you require security. (Mnemonics: H for Hacker. Is a Computer Criminal himself. A good security policy should have following characteristics: § § § § § § Should define a clear set of security goals. Many companies do that. The network boundaries should not have holes or secret entrances that allows the attacker to get in. Bad Guy.

The common approach is therefore to create a demilitarized zone (DMZ) between two firewalls. But networked machines are also not isolated. then you make it even easier to attack. NIS are not necessary there. it is the endpoints of the network that are threatened. 4. So there is no passwords and associated risks. and vice-versa must pass through the firewall.A good password should be developed using various criteria & safeguarding it as well. The firewall itself is immune to penetration. c. and hence the system's identity. It is not a general purpose host i. it is this way with computer security. without annoying a population of users. c. DMZ's: (Demilitarized Zones): Some servers are difficult to trust because of the size and the complexity of the code they run. arbitrary changes can be made so that it would help security. Authentication of users . there are bugs in the program for networks or in the administration of the system. A Firewall is defined as a collection of components placed between two networks that collectively have the following properties: a. In most situations.) Once this job is done. Usually.using these tools to act like logical security guards to monitor traffic in & out of your local network (protected) & the Internet (unprotected). The reason that a firewall is more secure is simply a. Without users. or by taking over some user account. 2. The various strategies used further to secure the network will include the following: 1. the attacker just has to win once. There are other machines which trust them in some fashion. login. the network is not the resource at risk rather. He will now be able to attack other systems.e. will be allowed to pass. either by taking over root. Host security . 3. This is called transitive trust.securing the prime. Only authorized traffic as defined by the local security policy.It has no normal users. Choosing good passwords & protecting them . Web servers for an example. you are ready to make your strategies to secure your network. It gives professional administration. b.common man. b. It might re therefore a major risk that the intruder can compromise the entire system. If we place Web server inside the firewall then a compromise creates a launch point for further attacks on inside machines. If you place it outside. It is designed for the job. Also making sure it is not reused & changed frequently. host machines by logically isolating them. All Traffic from inside to outside. 27 .checking the identity of valid users keeping the unauthorized users away. Using firewalls & proxy servers while accessing Internet .

A DMZ is an example of general philosophy of defense in depth. Encryption is often considered as the ultimate weapon in. But even these have to be safeguarded from the potential attacker. so long as we stay within the frame of law. Without the DMZ. we must consider the ethics of computer security. There may be several issues of security policy that may affect individuals outside the organization. and the like-lives on machines attached to very large networks. rather than file storage. The ethical issues say even further that there is no harm in monitoring our own systems & equipments and that the counterattacking on the attacker is also possible in self-defense. neither is the data they hold. Involves using various algorithm based on the Data Encryption Standard for this purpose. If people want to be left alone. but not necessarily to the internal network. These are the morals / principles to be followed while using computer security aspects. bank balances. computer security is ethical. 5. A great deal of personal information is stored on computers. The problems caused by bugs in such systems can be devastating. Making use of Encryption techniques . and on the integrity of the programs and data they contain. 28 . the first successful penetration could result in a more serious compromise. some of the most sensitive datacredit histories. There are various encryption techniques like the Conventional Symmetric and Unconventional Asymmetric ones. the computer security wars. That is multiple layers of security always provide better shield. b. even though the policy is formed for the organization. It is a valuable tool but if used improperly it can hurt the real goals of the organization. 1. c. they should be. More and more modem society depends on computers. If an attacker penetrates past the first firewall he or she gains access to the DMZ. Worse yet. Also the consideration to the privacy of the individual should be made. In a technological era. a. especially if the encryption key is generated from a typed password. Encryption is best used to safeguard file transmission. making it harder to crack if intercepted.8 Ethics of Computer security: While we are applying ourselves to keep our assets protected & secured.used to encrypt the sensitive information to be sent out. The Asymmetric Encryption techniques use the Public/Private key concept. computer security is fundamental to individual privacy. Computer security is a matter of good manners. In short. If these computers are not safe prying eyes. These range from obvious (financial industry) to the telephone industry controlled by network of computers to the life critical (medical devices).

which might be an integer in some range. DoD consists of one of the four ratings: 1.Information is not available whenever demanded. A security level (also known as classification). 2. and Top secret. (c) Threat to Confidentiality . This is because the insider has a better knowledge of your system's functioning & hence it is easier to attack. but in the U. where unclassified < confidential < secret < top secret.someone has deliberately tampered the Information. 2.Information illegally accessed by someone.S. Generally. 3. 4.9 Security threats & levels: There are various ways & means in which threats can be given to the security. In general the natures of threats to the system security are found as: (a) Threat to Availability .S. (d) Threat to Authentication . the two main levels in which threats can be given to the system security are: 1. What does it mean for something to be "more sensitive" than something else? We will use a somewhat simplified description of the U. Confidential. Department of Defense (DoD) definitions of levels of security as an example. (b) Threat to Integrity . Unclassified. Levels of Security. It is a reasonably general model and similar to what is done in other contexts.Valid user identity is penetrated. 1. Inside attacks: Studies have shown that around 70% of the attacks come from someone within the organization or someone with inside information. These may be either ex-employees or unsatisfied employees. Attacks from outside: The outsiders who would attack your security may be either your competitors (desperately needing the sensitive internal information of your organization) or someone just making fun or trying out their luck or experimenting by disturbing your systems without any special reasons.10 Security Plan (RFC 2196) 29 .1. Secret.

the basic goals of security are availability. and communication programs. communication lines. As an example. As mentioned above. However. Risk analysis involves determining what you need to protect. and how to protect it. terminals. Hardware: CPUs. but some are overlooked. terminal servers. such as the people who actually use the systems. yet most surveys of computer security show that. boards. for most organizations. personal computers. A full treatment of risk analysis is outside the scope of this document. It is the process of examining all of your risks. disk drives. object programs. operating systems. you should probably not spend more to protect something than it is actually worth. This process involves making cost-effective decisions on what you want to protect. Each threat should be examined with an eye to how the threat could affect these areas. One list of categories is suggested by Pfleeger: [Pfleeger 1989]. 2. and all the various pieces of hardware. diagnostic programs. what you need to protect it from. there is a great deal of publicity about intruders on computers systems. confidentiality. it is possible to be mislead about where the effort is needed.Please refer to the folder RFC 2196 in MS Word for the complete version. utilities. The essential point is to list all things that could be affected by a security problem. then ranking those risks by level of severity. like valuable proprietary information. [Fites 1989] and [Pfleeger 1989] provide introductions to this topic. and integrity. routers. Although this may seem obvious. the actual loss from "insiders" is much greater. printers. there are two elements of a risk analysis that will be briefly covered in the next two sections: (1) Identifying the assets (2) Identifying the threats For each asset. this list is adapted from that source: 1. Identifying the Assets One step in a risk analysis is to identify all the things that need to be protected. however some main points are reproduced here Important words to be remembered from the Risk Assessment General Discussion One of the most important reasons for creating a computer security policy is to ensure that efforts spent on security yield cost effective benefits. keyboards. intellectual property. Software: source programs. 30 . workstations. Some things are obvious.

where appropriate. forms. or other appropriate methods. or preferred. and access to users' files.. 31 . connect messages should provide warnings about authorized usage and line monitoring. hardware. which defines access rights and privileges to protect assets from loss or disclosure by specifying acceptable use guidelines for users. logging of keystrokes. audit logs. and management. Supplies: paper. ribbons. and local administrative procedures. data communications. 6.12 The components of a good security policy include: (1) Computer Technology Purchasing Guidelines. Depending on your site. It helps to consider from what threats you are trying to protect your assets. 4. (3) An Access Policy. (2) A Privacy Policy which defines reasonable expectations of privacy regarding such issues as monitoring of electronic mail. 5. in transit over communication media. connecting devices to a network. Data: during execution.11 What Makes a Good Security Policy? The characteristics of a good security policy are: (1) It must be able to implement through system administration procedures. The following are classic threats that should be considered. stored on-line. and management. and adding new software to systems. and not simply say "Welcome").3. it is necessary to identify threats to those assets. (3) It must clearly define the areas of responsibility for the users. operations staff. and hardware maintainers. and with sanctions. and magnetic media. Unauthorized access to resources and/or information Unintended and/or unauthorized Disclosure of information Denial of service 1. administrators. publishing of acceptable use guidelines. there will be more specific threats that should be identified and addressed. Identifying the Threats Once the assets requiring protection are identified.g. People: users. 1. security features. (2) It must be enforceable with security tools. Documentation: on programs. which specify required. archived off-line. administrators. where actual prevention is not technically feasible. databases. backups. The threats can then be examined to determine what potential for loss exists. systems. It should provide guidelines for external connections. These should supplement existing purchasing policies and guidelines. It should also specify any required notification messages (e.

e.(4) An Accountability Policy. such as company policies and governmental laws and regulations. There may be regulatory requirements that affect some aspects of your security policy (e. It should also include contact information for reporting system and network failures. which sets users' expectations for the availability of resources. as well as specify operating hours and maintenance downtime periods. what to do and who to contact if a possible intrusion is detected).g. (6) An Availability statement.. guidelines on how to handle outside queries about a security incident. legal counsel should review the policy.. and cross-references to security procedures and related information. Finally. One important topic to be addressed here is whether remote maintenance is allowed and how such access is controlled. the people involved.g. (5) An Authentication Policy which establishes trust through an effective password policy. This includes the process.. (8) A Violations Reporting Policy that indicates which types of violations (e. and management. (7) An Information Technology System & Network Maintenance Policy which describes how both internal and external maintenance people are allowed to handle and access technology.g. 32 . A security policy should be (largely) independent from specific hardware and software situations (as specific systems tend to be replaced or moved overnight). At a minimum. and by setting guidelines for remote location authentication and the use of authentication devices (e. It should specify an audit capability. The mechanisms for updating the policy should be clearly spelled out. which defines the responsibilities of users. internal and external) must be reported and to whom the reports are made. privacy and security. your policy should be reviewed on a regular basis to see if it is successfully supporting your security needs. Keeping the Policy Flexible In order for a security policy to be viable for the long term. or information which may be considered confidential or proprietary. and the people who must sign-off on the changes. Having all personnel sign a statement indicating that they have read. understood. Once your security policy has been established it should be clearly communicated to users. and provide incident handling guidelines (i. It should address redundancy and recovery issues. line monitoring). and agreed to abide by the policy is an important part of the process.. and management with contact information for each type of policy violation. and management. Another area for consideration here is outsourcing and how it is managed. operations staff. one-time passwords and the devices that generate them). (9) Supporting Information which provides users. A nonthreatening atmosphere and the possibility of anonymous reporting will result in a greater probability that a violation will be reported if it is detected. staff. it requires a lot of flexibility based upon an architectural security concept. The creators of the security policy should consider seeking legal assistance in the creation of the policy. staff.

but adopt a "deny all" model when setting up information servers. multiple system administrators may know the password and use the root account. but is generally less secure than the "deny all" model. More work is required to successfully implement a "deny all" configuration as well as a better understanding of services. Be careful when mixing philosophies as in the examples above. They are willing to pay the cost of security for 33 . usually the default at the router level. the risk of losing critical information increases when that information is not shared. is much easier to implement. as they are needed. was suddenly ill or left the company unexpectedly). Likewise. usually the default at the host level.13 Deny all/ Allow all There are two diametrically opposed underlying philosophies. Both alternatives are legitimate models to adopt.. It is important to determine what the proper balance is for your site. For example. which will here after be referred to as the "allow all" model. Whenever possible. Each of these models can be applied to different portions of the site. As security holes become apparent. is generally more secure than the other model described in the next paragraph. on systems with a "root" user. 1. the policy should spell out what exceptions to the general policy exist. and the choice between them will depend on the site and its needs for security. site policy. This model. depending on functionality requirements. the policy may be to use the "allow all" model when setting up workstations for general use. an "allow all" policy may be adopted for traffic between LAN's internal to the site.g. which will here after be referred to as the "deny all" model. Allowing only known services provides for a better analysis of a particular service/protocol and the design of a security mechanism suited to the security level of the site. The first option is to turn off all services and then selectively enable services on a case-by-case basis. While the greatest security resides in the minimum dissemination of information." This refers to what would happen to a site if a key person was suddenly unavailable for his/her job function (e. Simply turn on all services. For example. administrative control. like an email hub. The other model. Many sites adopt the theory of a hard "crunchy" shell and a soft "squishy" middle. they are restricted or patched at either the host or network level. under what conditions is a system administrator allowed to go through a user's files. For example. etc. there may be some cases when multiple users will have access to the same userid.It is also important to recognize that there are exceptions to every rule. This can be done at the host or network level as appropriate. but a "deny all" policy can be adopted between the site and the Internet. Also. which can be adopted when defining a security plan. and allow all protocols to travel across network boundaries. Another consideration is called the "Garbage Truck Syndrome.

g. management who have budget and policy authority. The idea is to bring in representation from key stakeholders. In some organizations. and legal counsel who know the legal ramifications of various policy choices. Involving this group is important if resulting policy statements are to reach the broadest possible acceptance. it needs to have the acceptance and support of all levels of employees within the organization.. technical staff who know what can and cannot be supported. but is not necessarily comprehensive. computer science department within a university. staff from computing center) (3) Administrators of large user groups within the organization (e. This works fine as long as the outer defenses are never breached and the internal users can be trusted. but are unwilling or unable to provide similar protections internally. Once the outer shell (firewall) is breached.) (4) Security incident response team (5) Representatives of the user groups affected by the security policy (6) Responsible management (7) Legal counsel (if appropriate) The list above is representative of many organizations. business divisions.14 Who should be Involved When Forming Policy? In order for a security policy to be appropriate and effective. etc. It is especially important that corporate management fully support the security policy process otherwise there is little chance that they will have the intended impact.. The following is a list of individuals who should be involved in the creation and review of security policy documents: (1) Site security administrator (2) Information technology technical staff (e. It is also relevant to mention that the role of legal counsel will also vary from country to country. 1.g. 34 .their external traffic and require strong security measures. it may be appropriate to include EDP audit personnel. subverting the internal network is trivial.

such as those just listed. people who develop patches or workarounds may be sued if the patches or workarounds are ineffective. preparing for the recovery of the system. The result is that when an attack is in progress. Efficient incident handling minimizes the potential for negative exposure. Having both technical and managerial personnel respond to an incident requires considerable resources. Operating systems vulnerabilities apply (in some cases) to several millions of systems. usually pays little attention to how to actually handle an attack once one occurs. unintentional damage. during.Computer security 35 . It is possible that in the near future organizations may be held responsible because one of their nodes was used to launch a network attack. benefits for efficient incident handling is an economic one. should be addressed in advance by adequate contingency plans. A final benefit of efficient incident handling is related to legal issues. or. Traditional computer security. many decisions are made in haste and can be damaging to tracking down the source of the incident. it is vital that all sites with involved parties be informed as soon as possible. The sections in this chapter provide an outline and starting point for creating your site's policy for handling security incidents. is critical to circumventing possible legal problems. and after a computer security incident occurs on a host. Therefore. Knowing about operating system vulnerabilities and patterns of attacks. Each of the possible types of events. or multi-site environment. site. News about computer security incidents tends to be damaging to an organization's stature among current or potential clients. collecting evidence to be used in prosecution efforts. One of the most important. less staff time is required when one occurs. while quite important in the overall site security plan.1. and then taking appropriate measures to counter these potential threats. The operative philosophy in the event of a breach of computer security is to react according to a plan. if the patches or workarounds themselves damage systems. This is true whether the breach is the result of an external intruder attack. Local managers and personnel .15 Security Incident Handling This chapter of the document will supply guidance to be used before. The sections are: (1) (2) Preparing and planning (what are the goals and objectives in handling an incident). network. or a disgruntled employee. resulting in compromise of the systems. Notification (who should be contacted in the case of an incident). Due to the worldwide network most incidents are not restricted to a single site. If trained to handle incidents efficiently. a student testing some new program to exploit software vulnerability. Another benefit is related to public relations. but often overlooked. In a similar vein. and protecting the valuable data contained on the system.Law enforcement and investigative agencies . and much vulnerability are exploited within the network itself.

Having written plans eliminates much of the ambiguity which occurs during an incident. v. Protection also includes preparing incident handling guidelines as part of a contingency plan for your organization or site. The remainder of this chapter will detail the issues involved in each of the important topics listed above. v. (Note: a tiger team is a team of specialists that try to penetrate the security of a system.Notification (who should be notified about the incident). attention must be paid to a set of goals for handling an incident.) Learning to respond efficiently to an incident is important for a number of reasons: i. ii. iv. Figure out how it happened. ii.Protecting evidence and activity logs (what records should be kept from before. . and provide some guidance as to what should be included in a site policy for handling incidents. A team might even consider hiring a tiger team to act in parallel with the dry run.(3) (4) (5) (6) incidents handling teams . and will lead to a more appropriate and thorough set of responses. iii. iii. during. 36 . 1 Preparing and Planning for Incident Handling Part of handling an incident is being prepared to respond to an incident before the incident occurs in the first place. iv. Assess the impact and damage of the incident. Protecting the assets which could be compromised Protecting resources which could be utilized more profitably if an incident did not require their services Complying with (government or other) regulations Preventing the use of your systems in attacks against other systems (which could cause you to incur legal liability) Minimizing the potential for negative exposure As in any set of pre-planned procedures. Find out how to avoid further exploitation of the same vulnerability. This includes establishing a suitable level of protections as explained in the preceding chapters. Avoid escalation and further incidents. Recover from the incident. and after the incident) Containment (how can the damage be limited) Eradication (how to eliminate the reasons for the incident) Recovery (how to reestablish service and systems).Affected and involved sites .Follow Up (what actions should be taken after the incident) Aftermath (what are the implications of past incidents).Internal communications Public relations and press releases Identifying an incident (is it an incident and how serious is it). A specific set of objectives can be identified for dealing with incidents: i. These goals will be prioritized differently depending on the site. It is vitally important to test the proposed plan before an incident occurs through "dry runs". Handling (what should be done when an incident occurs). Administrative response to incidents. Doing this should help your site prevent incidents as well as limit potential damage resulting from them when they do occur.

damage to disk drives. An important implication for defining priorities is that once human life and national security considerations have been addressed. Damage to systems can result in costly down time and recovery. networks or sites. it is generally more important to save data than system software and hardware.vi. Prevent exploitations of other systems. the following suggested priorities may serve as a starting point for defining your organization's response: (1) Priority one -.g. Although it is undesirable to have any damage or loss during an incident. because loss of data is costly in terms of resources.protect classified and/or sensitive data. (4) Priority four -.protect human life and people's safety. the loss or compromise of data (especially classified or proprietary data) is usually not an acceptable outcome under any circumstances. (5) Priority five -. systems can be replaced. vii. Find out who did it (if appropriate and possible). It is better in many cases to shut a system down or disconnect from a network than to risk damage to data or systems. managerial and other data. networks or sites about successful penetrations. priorities are essential. but all involved parties must be aware that without analysis the same incident may happen again. It is also important to prioritize the actions to be taken during an incident well in advance of the time an incident occurs. Although priorities will vary from institution to institution.. Inform affected classified and/or sensitive systems. this is an important management decision. There may be service agreements in place that may require keeping systems up even in light of further damage occurring. However. beyond the systems and networks where the incident occurs. (Be aware of regulations by your site or by government) (3) Priority three --protect other data. Within the limits imposed by government regulations it is always important to 37 . and staying up. Of course.minimize disruption of computing resources (including processes). Update policies and procedures as needed.). Due to the nature of the incident. Sometimes an incident may be so complex that it is impossible to do everything at once to respond to it. Prevent exploitation of classified and/or sensitive systems. loss or alteration of system files. scientific. etc. Overall goals (like assuring the integrity of critical systems) might be the reason for not analyzing an incident. (2) Priority two -.prevent damage to systems (e. Sites will have to evaluate the trade-offs between shutting down and disconnecting. However. Another important concern is the effect on others. networks or sites about already occurred penetrations. networks or sites and inform already affected systems. including proprietary. there might be a conflict between analyzing the original source of a problem and restoring systems and services. the damage and scope of an incident may be so extensive that service agreements may have to be over-ridden. human life always has precedence over all other considerations.

15 Notes of Security breach incident: .). This is especially important when a quick decision is necessary and it is not possible to first contact all involved parties to discuss the decision. disconnect from a network. For example. Any plan for responding to security incidents should be guided by local policies and regulations. shut the system down if the information is classified. set traps. Bear in mind that removing all access while an incident is in progress obviously notifies all users. In other cases. An essential part of containment is decision making (e. The policies chosen by your site on how it reacts to incidents will shape your response. including the alleged problem users.. 1. this may have a deleterious effect on an investigation. the person in charge of the incident will often not have the power to make difficult management decisions (like to lose the results of a costly experiment by shutting down a system). it should be included in the planned procedures to avoid further delays and uncertainties for the administrators. it is prudent to remove all access or functionality as soon as possible. that the administrators are aware of a problem. A final activity that should occur during this stage of incident handling is the notification of appropriate authorities. for example. disable functions such as remote file transfer. Telephone companies often release information about telephone traces only to law enforcement agencies. Your organization or site should. faxing. define acceptable risks in dealing with an incident. To free the technical staff it may be helpful to identify support staff who will help with tasks like: photocopying. etc. it is worthwhile to risk some damage to the system if keeping the system up might enable you to identify an intruder.Eradication 38 . In the absence of predefined procedures.containment Containment The purpose of containment is to limit the extent of an attack. Other organizations may have policies that affect your plans. or proprietary. monitor system or network activity. sensitive. Government and private sites that deal with classified material have specific rules that they must follow. determining whether to shut a system down.inform affected parties as soon as possible. 1.16 Notes of Security breach incident: .g. Due to the legal implications of this topic. and then restore normal operation in limited stages. Handling incidents can be tedious and require any number of routine tasks that could be handled by support personnel. and should prescribe specific actions and strategies accordingly. In some cases. etc. it may make little sense to create mechanisms to monitor and trace intruders if your site does not plan to take action against the intruders if they are caught. This stage should involve carrying out predetermined procedures. Sometimes this decision is trivial.

Finally. It may be necessary to go back to the original distribution media and re-customize the system. as they will likely be lost when cleaning up the system. The complexity and the diversity of a modem sites/organizations make the task even harder. In the case of a network-based attack. Many systems infected with viruses become periodically reinfected simply because people do not systematically eradicate the virus from backups. such as anti-virus software. the approach could be a decision to implement no security at all. This is a very safe approach. as there are many ways on attacker can come to know about it. The key to removing vulnerabilities is knowledge and understanding of the breach. Removing all vulnerabilities once an incident has occurred is difficult. a system is secure simply because nobody knows about its existence and content. 'This is a very efficient and scalable model. If any bogus files have been created. a new backup should be taken. rather than individual host security. In the case of virus infections. In this technique. a record of the original system setup and each customization change should be maintained. it is important to clean and reformat any media containing infected files. Security through obscurity: In this model. 1. it is important to install patches for each operating system vulnerability. but the trouble is that it cannot scale well. archive them before deleting them. Network Security: Host security is tough to achieve as organizations grow and become more diverse. which was exploited. the focus is to control network access to various hosts and their services. But before eradicating the cause. Software may be available to help you in the eradication process. This approach cannot work for too long. To facilitate this worst-case scenario. it is time to eradicate the cause. Host Security: In this scheme. ensure that all backups are clean.17 Security Approaches: Security Models: No security: In this simplest case.Eradication Once the incident has been contained. After eradication. the security foe each host is enforced individually. great care should be taken to collect all necessary information about the compromised system(s) and the cause of the incident. 39 .

and later on refuses that she had sent that message. which is actually destined for user B. Non-repudiation There are situations where a user sends a message. User A also does not know about this change. the user of computer A sends a message to the user of computer B. The principle of non-repudiation defeats such possibilities of denying something. If user C tampers with a message originally sent by user A. This type of attack is called as interception. which is not desired. defeats the purpose of confidentiality. but before it reaches the intended recipient. Whereas. an administrator may be able to view as well as update or modify the contents because of the authority that he has. User B has no way of knowing tbt the contents of a the message were changed after user A had send it. This would defeat the principle of availability. having done it. 40 . an authorized user A may not be able to contact a server computer B. Authentication Authentications mechanisms help establish proof of identities. However. Such an attack is called interruption. For instance. and therefore. we say that the integrity of the message is lost. the employee within an organization may be able to see the data records in the database. The authentication process ensures that the origin of an electronic message or document is correctly identified. For e.18 Principles of Security: The principle of confidentiality specifies that only the sender and the intended recipient should be able' to access the content of a message. due to the intentional actions of another unauthorized user C.g.1. Another user C gets access to this message. For instance. Access Control The principle of access control determines who should be able to access what. suppose that user C sends an electronic document over the Internet to user B. the trouble is that user C had posed as user A when sent this document to user B. Here. Availability The principle of availability states that resources should be available to authorized parties at all times. Integrity When the contents of a message are changed after the sender sends it. This type of attack is called as modification. Example of compromising the confidentiality of a message is shown. This type of attack is called fabrication. Confidentiality gets compromised if an unauthorized person is able to access a message. But he may not be permitted to update.

the general approach to deal with passive attacks is to think about prevention. b. this is also why passive attacks are hard to detect. so that only desired parties may understand the message. Release of Message Contents Traffic Analysis. § Active Attacks.18 Types of attack Attacks can be grouped into two types: § Passive Attacks. Otherwise. In other words. b. a. Active Attacks: Unlike passive attacks. The term passive indicates that the attacker does not attempt to perform any modifications to the data. Interruption attacks are called as masquerade attacks. 41 . Using certain security mechanisms. Passive attacks do not involve any modifications to the contents of an original message. rather than detection or corrective actions.1. If many such messages are' passing though. Passive Attacks: Passive attacks are those. or on creation of a false message. In fact. a passive attacker could try to figure out the similarities between them to come up with some sort of pattern that provides her some clues regarding the communication that takes place. we can prevent release of message contents like. These attacks can be in the form of interruption. They can be classified into two sub categories: a. we desire that only she be able to access it. Release of Message Contents When we send a confidential email message to our friend. wherein the attacker indulges in eavesdropping or monitoring of data transmission. Traffic Analysis. they can be detected with some effort and attempts can be made to recover from them. These attacks cannot be prevented easily. modification and fabrication. Thus. the active attacks are based on modification of the original message in some manner. Such attempts of analyzing encoded message are the work of traffic analysis attack. encoding messages using a code language. However. the attacker aims to obtain information that is in transit. Masquerade is cause when an unauthorized entity pretends to be another entity. the contents of the message are release against our wishes to someone else.

it must identify itself to the server in the next HTIP request. In replay attack. Otherwise. Suppose that the client sends an HTTP request for a Web page to the server. Fabrication causes Denial of Service (DOS) attacks. so as to flood the network and deny other legitimate users an access to the network. For instance. Network level attacks: These attacks generally aim at reducing the capabilities of a network by a number of possible means. or some data units. an unauthorized user might send too many login requests to a server using random user ids one after the other in quick succession. a computer network. and resends them. or completely bring to halt. and completely forgets about this interaction. which they are eligible for. 1.20 Cookies: Cookies are born as a result of specific characteristics of the Internet. because once someone is able to gain access to a network. If the client wants to continue this interaction. For this. sends it back to the client. Note that this automatically can lead to application level attacks. or the application itself. the server would not know that this same client and sent an HTIP request earlier. 42 .Modification attacks can be classified into replay attacks and alteration of messages. identifying a client to a server. Example of this are trying to obtain someone's credit card information on the Internet. Since a typical application is likely to involve a number of interactions between the client and the server. causing havoc. The Internet uses HTTP protocol. Application Level Attacks: These attacks happen at an application level in the sends that the attacker attempts to access. 1. usually she is able to access/modify at least some sensitive information. 2. Alteration of messages involves some change to the original message. cookies are used.e. which is stateless. They are a popular mechanism of maintaining the state information i. These attacks generally make an attempt to either slow down. modify or prevent access to information of a particular application. there must be some mechanism for the client to identify itself to the server each time it sends a HTIP request to the server. etc. The web server locates that page on its disk. DOS attacks make an attempt to prevent legitimate users from accessing some services. a user captures a sequence of events. or' changing the contents of a message to change the amount in a transaction.19 The Practical Side of Attacks 1.

sniff packets as they pass by. So it may put that host's address as the forged source address and send the 43 . . computers exchange messages with each other in the form of small groups of data called as packets. like a postal envelope contains the actua1 data to be sent and the addressing information. Web browser. other names for these two attacks are: (a) IP sniffing and (b) IP spoofing. but instead. ii. the information that is passing needs to be protected in some ways. A packet. the attacker need not bother about the reply. the attacker need not see the reply-If the attacker's intention was a Denial of Service(DOS) attack. the receiver i. Since the protocol used in this communication is called as Internet Protocol (IP). x. Clearly. The transmission link itself can be encoded.e.A cookie is just one or more pieces of information stored as text strings in a text file on the disk of the client computer i.The attacker could simply be angry with the host. An attacker need not hijack a conversation. 1. The data that is traveling can be encoded in some ways. The attacker can intercept the reply. an attacker sends packets with an incorrect source address. On the Internet. These attacks take two main forms: (a) Packet Sniffing (also called as snooping) (b) Packet Spoofing. (b) Packet Spoofing: In this technique. Attackers target these packets. This can lead to three possible cases: viii.e. as they travel from the source computer to the destination computer over the Internet. ix.If the attacker is between the destination and the forged source. can simply observe i. When this happens. The meaning remains the same.Sniffing (snooping) Spoofing. to prevent an attacker from sniffing packets. This can be done at two levels: i. the party who receives the packets containing a false source address would inadvertently send replies back to the forged address (called as spoofed address) and not to the attacker. the attacker can see the reply and use that information for hijacking attacks.21 Specific Attacks: . The attacker does not want the reply. (a) Packet Sniffing: Packet sniffing is a passive attack on an ongoing conversation.e.

a special server computer called as DNS server maintains the mappings between domain names and the corresponding IP address. it is with the Internet Service Provider (ISP) of the users. people can identify Websites with human readable names such as www. as conducting business using these technologies has become very crucial.com and computers C<lJ1 continue to treat them as IP addresses such as 120. Suppose that there is user A whose site domain name is www. providing it the domain name.A. Usually. believing that he is communicating with A.com l00. o Integrity.A.9. The DNS Server could be located anywhere. the DNS spoofing attack works as follows: i.10.10. (C) DNS Spoofing: With DNS (Domain Name System). iii. The attacker does not want a reply from the destination.com l00. For this. § § § § 44 .10.20.20 When C wants to communicate with A's site.e.20.20 in the DNS server maintained by the ISP of user C. the Web browser queries the DNS server maintained by the ISP for A's IP address.32. (B's IP address) which is 100.20. 100.yahoo.packet to the destination. C gets the replaced i. C starts communicating with B. Confidentiality specifies that only the sender and the intended recipients should be able to access the contents of a message. So.22 Chapter Summery: § § Network and Internet Security has gained immense prominence in the last few years. Now. It is compromised if the message is modified during transit. Authentication identifies the user of a computer system. o Non-repudiation. The principles of any security mechanism are: o Confidentiality.com and the IP address is 100.20. ii.20. o Authentication.10. 1. Integrity of a message should be preserved as it travels from the sender to the recipient. the DNS Server maintained by the ISP of A has the following entry: www. and builds a trust with the recipient of a message. o Access control and o Availability.A. all the DNS servers entry is maintained as: www. as it wants the host with the forged address to receive it and get confused. A protocol called as DNSSec (Secure DNS) is being used to overcome such attacks.23).20. With this background.10 The attacker B manages to hack and replace the IP address of A with his own ie. Therefore. Non-repudiation ensures that the sender of a message cannot refute the fact of sending that message in case of disputes.10. iv.20.

Attacks can also be classified into passive and active attacks.2 2.7 2. worms. . the attacker does not modify the contents of a message. The first objective of an attacker is to gain an entry into the system 45 . and ActiveX control can practically cause attacks on a computer system.10 Topic Classes of Attack Stealing Passwords Social Engineering. Availability ensures that computer and network resources are always available to the legitimate users. the different techniques used by the intruders to attack the security of the systems shall be considered.1 2.8 2. Bugs and Backdoors Authentication Failures Protocol Failures Information Leakages Exponential Attacks . Viruses.4 2. and o Interruption. Attacks on a system can be classified into: o Interception. o Modification. Release of message contents and traffic analysis are types of passive attacks. Chapter 2 Classes of Attacks Chapter Index Section 2. Java applets.§ § § § § § § § § § Access control specifies what users Can do with a network or an Internet system. replay attack.9 2. Another way to classify attacks is application level attacks and network level attacks. Masquerade. In passive attacks.5 2. alteration of message and Denial of Service attacks are types of active attacks. Active attacks involve modification of the contents of a message. Active Attacks Chapter 2 Classes of attack 2.0 Classes of Attack In this chapter. Trojan horses. o Fabrication.0 2.6 2.3 2.Viruses and Worms Denial-of-Service Attacks Botnets.

2. When someone logins. which is available for the attacker. 46 .sometimes.using the service if it's a web service password. if the attacker is insider. § A password stealer's main motto is to get unauthorized access into a genuine user's account and use the service illegally. he gets an invalid login message. of digits & comparing or applying them to guess passwords. 3. Hackers may use the tools such as Ethereal for this purpose.using the financial resources of the user. by requiring Ctrl-Alt-Del keys before login. Brute force attacks . Of course this is most tedious and time consuming. . which may be grabbed by attackers sniffing the packets. if the password is of some financial institution etc. Another way to protect is to always lock the terminal while going away from it. Still. for a specific no. and the password is meanwhile collected somewhere. It may deal with the stealing of one user's password.Hackers may use ready-made dictionaries for checking the passwords of systems. intruders use this as the first method & try their luck & then go for more difficult ones. but not very sure. This may lead to the stealer .before carrying out any further activities.This involves using several combinations of keys such as alphabets. Packet sniffing . 4. using special software. This method is somewhat difficult and time consuming. which feels legitimate to unknown users. Some protocols let out the passwords in clear text while transmitting. Direct Approach: Although this is very easy.1 Stealing Passwords Passwords to the systems are something like the keys to the front doors. A front door is likely to be the first that is attacked by an intruder. attackers may intercept the packets flowing through the network. special characters etc. but surer method of getting passwords. Using login-name & password is an easy & cheap method of authentication. Although this is also tedious. The different techniques used by intruders to steal password include the following: 1. it is obviously fruitless. . but is followed most commonly. since nobody is going to disclose the password easily to anyone. may keep a fake login program running on a terminal. Dictionary based attacks . or can get a direct access.As another attempt.using the resources of the user if its the system password. numbers. Stealing Passwords is related to being able to retrieve the password of some different user using a service and accessing the service on that user's behalf. The various common ways of attacking the systems are as discussed below: 2. Using fake / login . it may work out sometimes. Windows prevents from this attack. 5.

§ §

But this activity may take a major advancement if the stealer happens to access the entire password file for all users of a given system or service. This means that the passwords of many different users go into wrong hands, leaving the service providers in a fix. Yet another password stealing aspect is when some user provides his password of service A to a friend Most of the times the user would have used the same password even for service B. Now its upto the friend to find out, how many services of user maintain the same password? Usually, passwords are simple. Either they are day-to-day usage terms or some words with which the user is associated \vith. For an attacker keen on stealing password, a simple brute force attack, covering different words from the dictionary is enough.

§

Hence, necessary precautions have to be taken in order to avoid important passwords from getting stolen. For that we should: § § § § Never reveal our password to anybody. More so, when that same password coincides with the password of some different service which is very important. Password files should be placed separately in a different server (Password server) and not be a part of the Web Server. Passwords should be a mixture of alphabets, numbers and special symbols such that it is not a part of the daily usage dictionary, which can be detected through brute force attack. As network administrators a minimum of say 3 attempts must be kept for a user entering wrong password. This will cut down the chances of brute force to a greater extent.

2.2 Social Engineering Social Engineering is hacker – speak for tricking a person into revealing some vital information. OR Social Engineering is a practice of conning people into revealing sensitive data on a computer system, often on the Internet. This is like an art, a special tool at the hand of the attacker in which he plays the psychological tricks at the target in order to gain the important information. All this happens without the knowledge of the target, I.e. target does not know at all that he is giving the vital information to the hacker. For social engineering, the hacker must have: 1.Some information about the target 2. Good social skills 3. Lot of patience. There are various methods, which are used by hackers for social engineering as described below: 1. Using personal conversation: By talking directly with the target hacker tries to grab some important information. Of course, this is more dangerous since the hacker may be revealing

47

himself in the process. 2. Through Telephonic conversation: Using this, the hacker may pose as a top official, network administrator & may persuade the target in giving vital information about them. This is somewhat easier than first method and much widely used method. 3. By- chatting with the target Alternatively, hacker keeping himself secret, can chat & make good friendship with the target & then using trickier questions, can gain the required information. 4. By- sending anonymous mails: It is possible to send mails without needing a sender's address or by using some address, which looks official and legitimate enough to fool the target in giving key information. This is also widely used technique and is surprising how many people would fall for this. Social Engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what used to be called a "con game". For example, a person using social engineering to break into a computer network would try to gain the confidence of someone who is authorized to access the network in order to get them to reveal information that compromises the network's security. They might call the authorized employee with some kind of urgent problem; social engineers often rely on the natural helpfulness of people as well as on their weaknesses. Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate in the field of computer security Social Engineering is the practice of cunning people into relieving sensitive data on a computer system often on the Internet. With the profusion of poorly secured computers with known security holes connected to the Internet, the majority of security compromises are now done by exploiting such; however, social engineering attacks remain extremely common. Perhaps the simplest, but still effective attack is tricking a user into thinking one is an administrator and requesting a password for debugging purposes. Users of the Internet systems frequently receive messages that request password or credit card information in order to "set up their account" or "reactivate settings" or some other benign operation. Social Engineering is hacker-speak for tricking a person into revealing their password.

48

A classic social engineering trick is for a hacker to send email claiming to be a system administrator. The hacker will claim to need your password for some important system administration work, and ask you to email it to him/her. It's possible for a hacker to forge email, making it look like It came from somebody you know to be a legitimate system administrator. Often the hacker will send this message to every user on a system, hoping that one or two users will fall for the trick. Another common trick is known as "shoulder surfing". This simply means that somebody looks over your shoulder while you type in your password. Sometimes it's impossible to guarantee that nobody can see your keystrokes.

2.3 Bugs and Backdoors Practically, no computer software ever made is free of bugs. A bug may mean some problem in the software, which is undesired by its author. It may mean some kind of limitation in the software, which does not allow it to do the appropriate work. These are the loopholes or vulnerabilities in the program, which make it less secure. Hackers, who know about these loopholes, can misuse it or use it for their own benefit whereas some of them may disclose it to make everyone aware about it. One solution for this is to keep the software always updated With bug fixes, which are normally provided by its developer. e. g. added virus databases in an antivirus utility, service packs for operating systems etc. One should use them regularly in order to stay away from the new viruses or vulnerabilities. There are people who post the known vulnerabilities in the software to make everyone aware of it. Another security vulnerability is due to the backdoors (also called trapdoors). These are the programs which when stored on the target systems, may allow easy access to hackers or give them sufficient information about the target to carry out the attacks. There are several backdoor programs used by the hackers. These are like automated tools, which carry out the destructive jobs for the hackers. Trojan horse programs may also come into this category. In order to save from the backdoors, cleaner solutions are also available (which work in similar manner as the antivirus utilities). A back door is a feature of a program that call be used to make it act in some way that the person who is running it did not intend. A backdoor can be more or less "powerful", according to how much access to your client's features and/or account it gives to an intruder. In the worst cases, a backdoor will let an intruder execute arbitrary commands on the machine your client or bot is running, allowing full access to your account. This can in turn allow an intruder to compromise your whole system's security, by cracking passwords or otherwise. They can also make you send mail, post to Usenet, etc. One of the ways the Internet Worm spread was by sending new code to the finger daemon. Naturally, the daemon was not expecting to receive such a ting, and there were no provisions in the protocol for receiving one. But the program did issue a gets call, which does not specify a maximum buffer length. The Worm filled the read buffer and more with its own code, and continued on until it had overwritten the return address in gets's stack frame. When the subroutine finally returned, it branched into that buffer and executed the invader's code.

49

It is not even possible in many computer languages. and it is the most common way attackers subvert programs. They are thus particularly hard to model because. prepare for memory or file system exhaustion. We should not give network daemons any more power than they need. The effect of a bug is not necessarily limited to ill effects or abuses of the particular service involved. user-id and password continue to be the most popular method of authentication. the entire system can be penetrated because of one failed component. and proper recovery strategies. how would the machine verify it? 50 . Yours mothers maiden name Your pet’s name These are simple to use and require no special hardware. but many people have done it. especially on firewall machines. A bug is something in a program that does not meet its specfication. The administrator should be checking for all the input correctness at every point. which may need memory or disk space. The next rule is least privilege. but there are steps one can take to shift the odds. then it should be made sure that they do not overflow. Very few need to run as the super user. It takes some care to craft the code because the overwritten characters are machine code for the target host. The history of computing and the literature is filled with designs to avoid or frustrate buffer overflows. 2. If the program has fixed size buffers of any sort. too. Rather. If we use dynamic memory allocation. which assumptions if any will fail.4 Authentication Failures Authentication: Authentication is the method of validating the identity of genuine or authorized users. a number of C compilers and libraries use a variety of approaches to frustrate or detect stack-smashing attempts. In addition. PINS (Personal identification Number) in ATM is very common However. by definition. Authentication Something that you know Something that you Have Something that you Are Someplace where you Are Ø Something that you know The very first and the foremost is your user-id and password The next can be your personal matters such as Your date of birth. There is no perfect defense.This buffer overrun is called stack smashing.

telnet are vulnerable to this. In order to keep your authentication method foolproof. intruders may keep retrying till they are lucky and get a chance to penetrate these systems. Firstly the passwords have to be properly designed using all the available rules. Hence. Sometimes. Hackers too can locate that database! Ø Something that you have Image of person’s face. Each connection is waiting for the 51 . One more form of authentication attack may come from the remote login programs. But even then eavesdroppers can easily pick up a plain password on an unencrypted session and they may take a shot at single time passwords also. Most of the attacks that take place are as a result of some authentication failure. Retina. For this we assume an example of a password that contains only digits and is of known length. normally it is advised to turn oftenremote login features for added security. still the authentication failure is one of the ways in which the intruders can penetrate into the systems. But. which terminates any fake login program being run there. but the most commonly used one is by way of login name and passwords. if the password is stored in some user database in clear text.We need to keep the data in the machine. Windows 2000 prevents this attack by requiring the combination of Ctrl-Alt-Del before actual login. then the intruder can easily intercept it another example of authentication failure is by way of a fake login program run on a terminal. There are various methods used for this purpose. or iris Fingerprints Hand geometry Digital Signature Footprint and walking style Ø Something that you Have Pattern of blood vessels in the retina Thumb impression DNA pattern Voice Prints Handwriting characteristics Typing characteristics. some strict policy have to be adopted. Usually a one-time password is a good technique of ensuring that the password even if intercepted and understood will not have any significance since its not going to be used again. The attacker initiates ten connections to the desired service. Protocols like rlogin. If these are available on for your host. But authentication failures or authentication race refers to the tactic of beating a one-time password scheme that works with many security systems.

2.ssh directory in the user's home directory. Here. still it cannot be relied on. consider the case in which someone uses the ssh to log into a host. so the valid user will be rejected. More often. we consider the reverse: areas where the protocols themselves arc buggy and inadequate. it wins the race. if the client knows the private key. The valid user connects and starts typing the correct password. The attack program watches this.6 Information Leakage 52 . Ssh has a feature where a user can specify a trusted public key by storing it in a file called authorized keys (local file). When anyone digit remains to be entered. thus denying the application the opportunity to do the right thing. This is called source address spoofing. the user can log in without having to type a password. If a user gets a new account environment he typically copies all of the important files there from an existing including the . which prevent the applications from doing the appropriate things. No guarantee of delivery of packets can be given for it. Proving the correctness of cryptographic exchanges is a difficult business and is the subject of much active research.san1e unknown password. in this case the attacker needs to know the length of the password. and relays the correct characters to its ten connections as they arc typed. in a new account. The attackers checking for the packets can get information about the source IP. Because the computer is faster. TCP provides the circuits or paths for the I P datagrams. the holes arise because of different assumptions. the user may not realize that copying the authorized keys file means that account can be accessed by any key trusted to access the previous account. Since they work from behind the applications.ssh keys are available from the new However. These authentication schemes often allow only a single login with each password. Secure protocols must rest on a secure foundation. the protocol used in the networks also has certain limitations or problems contained in them. Of course. and one of the connections is validated.ssh directory. the program sends a different digit to each of its connections. and will have to try again. so that all of the . this new 2. this file typically resides in the . Now. this may increase the vulnerability. The authorized keys file introduces another vulnerability. Consider ssh which is a fine protocol for secure remote access. but trustworthy authentication was not possible. Then. in Protocol failures.5 Protocol Failures Sometimes. It is possible for attackers to send packets using any known or valid source address. before the valid user can type the last digit. Sometimes the creators simply make mistakes. an attacker can spoof the replies to inject a bogus authorized keys file. An example of such failure is the TCP protocol failure. These may be sent across the network. Similarly the IP is a stateless and unreliable protocol. All the classes of attacks discuss situations in which everything was working properly. Although the operating system controls this. IN UNIX. In the cryptographic world finding holes in protocols is a popular game. account.

A typical mechanism to launch a DOS attack is with the help of the SYN requests. etc. Finger is the protocol. Desperate hackers may send such viruses Using various ways into the system to create havoc. network connections. protocols also give away some information. This involves the creation 53 .Many times. Network topology and structure. users are advised to use the scanners developed especially for this purpose. the attacker simply goes on sending a flood of packets to the server/network being attacked.7 Exponential Attacks – Viruses and Worms These types of attacks are normally made by the hackers when they become desperate after trying several techniques and are not successful. Attackers may also use the social engineering skills on the basis of the information given by these protocols. to get further vitally important information. A DOS attack can be launched in many ways. Similarly worms are the snippets of codes in different forms.) and come to a grinding halt after a while. In order to safeguard from viruses. and is actually not a legitimate user of the system. host names etc. and not from a legitimate user. worms or Trojan horse programs. which gives the information about the users connected to the live hosts. The reason it is not easy to detect a DOS attack is because there is nothing apparent to suggest that a user is launching a DOS attack. An example of worms used by hackers is the infamous 'I love you' worm. The basic purpose of a DOS attack is simply to flood/overhaul a network so as to deny the authentic users services of the network. In case of the internal attacks. This is not an easy task. Failing this. 2. or change in the configurations of routers on the network. It is up to the server to detect that certain packets are from an attacker. This information may include internal lP addresses. This is because in a DOS attack. the hackers may even use viruses or worms as their tools. the attackers rely on the information leakage which is due to various reasons and helps them to get the inside information about the victim. a client and a server communicate using the TCP/IP protocol. Sometimes. Viruses are the malicious codes attached to the legitimate programs. which spread and created havoc through the Internet. The antivirus utilities if used & updated frequently allow users to stay away from these kinds of attacks. For exponential attacks. Obviously the purpose here is not to gain information. On the Internet. 2. the server would fall short of resources (memory. The end result is the flooding of a network. passwords. but to destroy it. which spread across the network and create destruction. user names etc. and take an appropriate action. login names. Obviously the defense against any such kind of information leakage is to use good firewalls and keep them properly configured. One may be surprised to know that this worm was taken out of a project made by a 23 year old student! Sometimes the attackers may also use the 'Trojan horse' programs for exponential attacks. It is also possible to use the information given on the websites such as phone numbers. either the information is directly available to the attacker or is passed on from inside.8 Denial – of – Service Attacks The Denial Of Service (DOS) attack has gained a lot of attention in the last few years. These look like and behave as if they are legitimate programs but internally are working in destructive ways for which they have been designed.

and must wait for a response (i. An attacker interested in launching a DOS attack on a server. The client is then expected to acknowledge the server's SYN ACK. the server could come to a halt! Distributed Denial – Of – Service Why use your own machine for such things when you can use hundreds of other people's machines? 1. 3. The client sends a SYN request to the server. 2. The server responds back to the client with an acknowledgement.of a TCP connection between the client and the server. 3. which is technically called as SYN ACK. and does not perform step 3 in any of the requests. Attacker takes control of a less secure network say X. 2. she simply keeps quiet. they can start exchanging the actual application data. The server performs step 2. Now. the attacker) is not at all interested in executing step 3. a lot of incomplete SYN requests would be pending in the server's memory. This is shown in the Figure below: Only after all the three steps above are completed that a TCP connection between a client and a server is considered as established. and if these are too many. Let us assume that there are 100 systems in X’s network. Acknowledge SYN ACK Clearly.e. As a result. 54 . imagine that the client sends many such SYN requests to the same server. performs step 1. The client (i. However. step 3) from the client. This means that the TCP connection is not complete. A SYN (abbreviation of synchronization) request indicates to the server that the client is requesting for a TCP connection with it. The sequence of these interactions is as follows: 1. At this juncture. the attacker does not perform step 3. Instead. the server needs to keep the entry for the connection request from the client as incomplete. before they can exchange any data.e.

of course. Botnet is usually an executable file made by someone to infect a computer and gain control over your computer Packeting: When your connection is used to send a PING packet to an IP at certain intervals causing the receiving IP to stop responding. Hence. The attacker waits. A botnet refers to a type of bot running on an IRC network that has been created with a Trojan. Internet Relay Chat (IRC) is a form of real-time communication over the Internet. but also allows one-to-one communication Crackers benefit from this situation and use it for their own advantage. so to do the number of potential victims of attacks. The attacker uses common users to install a zombie program on as many machines on the Internet. (Note : What is PING? Packet Internet Groper) These days. instead of one attacker. they install a so called IRC bot . zombies. when the time comes it controls all the machines and makes all the machines to flood the target 2. Especially machines with broadband connection that are always on are a valuable target for attackers. Most of these systems run Microsoft Windows and often are not properly patched or secured behind a firewall. 5. there are 100 attackers. But they also use them for distributed vulnerability scanning. and so on-that they can use for a variety of nefarious purposes. A botnet is a network of compromised machines that can be remotely controlled by an attacker. 55 .3. This allows an attacker to remotely control this bot and use it for fun and also for profit. When an infected computer is on the Internet. Once these attackers have compromised a machine.also called zombie. With automated techniques they scan specific network ranges of the Internet searching for vulnerable systems with known weaknesses. The attacker can use your machine to launch virus on other networks without you realising it. 6. leaving them vulnerable to attack. The bot joins a specific IRC channel on an IRC server and waits there for further commands. It is mainly designed for group (one-to-many) communication in discussion forums called channels. they pose a severe threat to the community. Attacker uses all these 100 systems to attack the actual target T. The most obvious. home PCs are a desirable target for attackers. As broadband connections increase. Many hackers have constructed botnets: groups of bots-robots. is the DDoS attacks described earlier. Due to their immense size (tens of thousands of systems can be linked together). 4. the bot can then start up an IRC client and connect to an IRC server.9 Botnets The zombies used for DDoS attacks are just the tip of the iceberg.

These 1000 bots have a combined bandwidth (1000 home PCs with an average upstream of 128 Kb/s can offer more than 100 Mb/s) that is probably higher than the Internet connection of most corporate systems. as does the bot used by Google ("GoogleBot").botnets can consist of several ten thousand compromised machines. Uses of Botnets: The most common uses were criminally motivated (i. commenting on certain phrases uttered by the participants (based on pattern 56 . Such a structure. of hits) Attacking IRC Chat Networks (clone attack) . monetary) or for destructive purposes. 2. is called a botnet. Distributed denial-of-service (DDoS) attacks are one such threat. The most common bots are those that covertly install themselves on people's computers for malicious purposes. as by exploiting or locating arbitrage opportunities for financial gain. Due to their immense size . Good Botnets and Bad Botnets A bot is common parlance on the Internet for a software program that is a software agent. and that have been described as remote attack tools. launch huge numbers of Denial of Service attacks against the IRC servers causing them to go down. Botnets pose serious threats.e. Ø Ø Ø Ø Artificially increments the click counter (No. 4. ask their intended victims to go online and submit their private information. 3. Even a relatively small botnet with only 1000 bots can cause a great deal of damage. Distributed Denial-of-Service Attacks Spamming (bulk email ) Sniffing Traffic Spreading new malware for using them A botnet is nothing more then a tool. Web crawlers or spiders are web robots that recursively gather web-page information.Attackers even go a step further and bring different bots together. An additional role of IRC bots may be to lurk in the background of a conversation channel. Multiple bots can join in one channels and the person who has made them can now spam IRC chat rooms. One typical use of bots is to gather information. consisting of many compromised machines which can be managed from an IRC channel. More generally they are web software agents that interface with web pages.the victim is flooded Manipulating online polls/games Mass identity theft: Bogus emails that pretend to be legitimate. 1. A bot interacts with other network services intended for people as if it were a person. They may also be used to interact dynamically with a site in a particular way. there are as many different motives as there are people.

modify it. with an attacker in the middle. The number. These bots can often handle many tasks. size. 57 . The first is a passive adversary. One ploy is to divert to a PC . or the launch of a new product. optical and microwave signals can be similarly intercepted covertly. Every message (packet) goes to the attacker. and then break the link with a ‘ line out of order – try again ‘ instruction. Passive attacks. This is sometimes used as a help service for new users. § Introduce packets into the message stream. Ø Re – routing: The message is diverted to elsewhere than its intended destination. drop it. in many circumstances. with the goal learning as much confidential information as possible. The other is an active intruder. such as SmarterChild AOL. who can log it. an analysis of the traffic down the line can. gather the password.matching). The attacker can also manufacture messages and send them as though they are coming from anyone else. for example an impending take – over bid. After a while all the passwords can be collected from an entirely unsuspecting organization. who can § Modify messages at will.10 Active Attacks In the cryptographic literature. etc.. including reporting weather. there are two types of attacker Passive and Active. Many theoretical papers model a system as a star network. or § Delete messages. Radio. duplicate it. who can eavesdrop on all network communication. reveal much to an outsider. Active Attacks. Others are used for entertainment.Instant Messenger and Jabberwacky on Yahoo! Messenger.g. Ø Eavesdropping: the unauthorized capture of transmitted data either by some form of line tapping or from the compromising emanations broadcast by the electrical signals in the line. their sources and their destination can indicate. or even for mild censorship (e. sports scores. frequency and times of messages sent. zip-code (pin code) information. 2. and so on. As the name suggests. profanity). converting currency or other units. the attacker takes active steps to interfere with the data being transmitted down a communication channel: Ø Modification: The message contents can be deliberately changed. Ø Traffic Analysis: Even if the message has been protected by enciphering.

such as when he or she has remained logged on during the lunch break. The web server locates that page on its disk. or' changing the contents of a message to change the amount in a transaction. which is stateless. Example of this are trying to obtain someone's credit card information on the Internet. a computer network. because once someone is able to gain access to a network. Ø Piggy – in – the – middle: The attacker cuts into the link between two communication parties. etc. the server would not know that this same client and sent an HTIP request earlier. perhaps many times. Cookies: Cookies are born as a result of a specific characteristics of the Internet. there must be some mechanism for the client to identify itself to the server each time it sends a HTIP request to the server. usually she is able to access/modify at least some sensitive information. identifying a client to a server. and thus never reaches its destination. or the application itself. Ø Jamming Radio: optical and microwave links can be interfered with by signal jamming – the creation of a stronger signal to down the intended transmission. Ø Between lines penetration: is made on legitimate user’s communication channel when the valid user is not using it. and by this impersonation obtains use of the system as normally befitting only an authorized user. or completely bring to halt. These attacks generally make an attempt to either slow down. Ø Delay: The message is deliberately delayed. Network level attacks: These attacks generally aim at reducing the capabilities of a network by a number of possible means. so too will any replays of it. 58 . and conducts two conversation. Note that this automatically can lead to application level attacks. If the client wants to continue this interaction. cookies are used. Otherwise.Ø Injection of false messages: A bogus message is sent. Ø Re – play: The attacker causes the message to be repeated over again. modify or prevent access to information of a particular application. They are a popular mechanism of maintaining the state information i. The Internet uses HTIP protocol. Since the original message was found by the recipient as entirely acceptable. For this.e. Ø Masquerade: An attacker masquerades as an authorized user of the communication channel. Suppose that the client sends an HTIP request for a Web page to the server. while convincing each they are talking to the other. one with each party. sends it back to the client. and completely forgets about this interaction. Ø Deletion: the message is deleted. causing havoc. Practical side of attacks: Application Level Attacks: These attacks happen at an application level in the sends that the attacker attempts to access. Since a typical application is likely to involve a number of interactions between the client and the server. it must identify itself to the server in the next HTIP request.

The attacker could simply be angry with the host. the attacker need not bother about the reply. computers exchange messages with each other in the form of small groups of data called as packets. The meaning remains the same. iii. the receiver i. like a postal envelope contains the actua1 data to be send and the addressing information. Attackers target these packets.e. ii. Since the protocol used in this communication is called as Internet Protocol (IP).e.A cookie is just one or more pieces of information stored as text strings in a text file on the disk of the client computer i. When this happens. A packet. The attacker does not want a reply from the destination. The attacker can intercept the reply. as they travel from the source computer to the destination computer over the Internet. so it may put that host's address as the forged source address and send the packet to the destination. as it wants the host with the forged address to receive it and get confused. Web browser. other names for these two attacks are: (a) IP sniffing and (b) IP spoofing. sniff packets as they pass by.e. the party who receives the packets containing a false source address would inadvertently send replies back to the forged address (called as spoofed address) and not to the attacker. can simply observe i. (a) Packet Sniffing: Packet sniffing is a passive attack on an ongoing conversation. The attacker does not want the reply. to prevent an attacker from sniffing packets. Clearly. the transmission link itself can be encoded. an attacker sends packets with an incorrect source address. DNS Spoofing: 59 . the attacker need not see the reply-If the attacker's intention was a Denial of Service(DOS) attack. This can be done at two levels: i. the information that is passing needs to be protected in some ways. . An attacker need not hijack a conversation.If the attacker is between the destination and the forged source. Specific Attacks: On the Internet. These attacks take two main forms: (a) Packet Sniffing (also called as snooping) (b) Packet Spoofing. (b) Packet Spoofing: In this technique. but instead. This can lead to three possible cases: i. The data that is traveling can be encoded in some ways. the attacker can see the reply and use that information for hijacking attacks. ii.

2 3.23). providing it the domain name. C gets the replaced i. there still exist few more destructive programs.e. believing that he is communicating with A.yahoo. worms as well as Trojan horses in 60 .20 3.A.32.10.10.1 3. For this.20. which impose threats to our systems in various ways. We shall discuss in this chapter about such programs viz. the DNS Server maintained by the ISP of A has the following entry: www.20.20. Chapter 3 Computer Security Chapter Index Section 3. Therefore. the DNS spoofing attack works as follows: 1.20.20. So. With this background. 4.com and the IP address is 100.10.4 3. Their creators develop these programs with the sole objective of 'Destruction'. Trojan Horse. a special server computer called as DNS server maintains the mappings between domain names and the corresponding IP address.10 2.10.10. people can identify Websites with human readable names such as www.com and computers C<lJ1 continue to treat them as IP addresses such as 120. The DNS Server could be located anywhere.A. all the DNS servers entry is maintained as: www. Now. Worms Types of Virus How to protect the computer against virus? Life stages of Virus What is the Structure of Viruses? Components of virus 3. computer viruses. Suppose that there is user A whose site domain name is www.3 3.5 3.0 3. Usually. C starts communicating with B.20.20 in the DNS server maintained by the ISP of user C.com l00. it is with the Internet Service Provider (ISP) of the users. When C wants to communicate with A's site.1 What are computer viruses. The attacker B manages to hack and replace the IP address of A with his own ie 100.20.com l00. (B's IP address) which is 100.With DNS (Domain Name System). worms and Trojan horses? Apart from the various types of attacks to the security aspects discussed earlier. A protocol called as DNSSec (Secure DNS) is being used to overcome such attacks.6 Topic Computer Security What are viruses. the Web browser queries the DNS server maintained by the ISP for A's IP address.9.A.

or just to prove someone's knowledge. This will enable us to take precautionary measures in order to save ourselves from these additional threats. this program is not available separately. A program is not a virus unless it has the ability to replicate itself. A trigger can be made to set off at a given time. Computer Viruses: General Concept: There is nothing magical about computer viruses. But unlike the other programs. The first stage is called Pre-trigger stage or the dormant stage. which is stored somewhere on the disk. specific date or time. There are several ways and intentions with which the viruses are written. There are other harmful programs like worms. given number of times a program is run. 61 . to simply make fun out of it & so forth. These range from complete destruction of host system. to simple pass-time nuisance activities. In this stage viruses lie dormant. There is very much similarity between a computer virus and a biological virus. Sometimes viruses are used to stop from copying legitimate programs. There are specific stages in viruses. As biological viruses may use animals. the computer viruses also require some carriers. insects. It will try to hide itself by attaching to some legitimate program. it is to be called a computer program. any other event or just anything which might have been thought of by its developer. A virus is simply a computer program. Partition tables etc. A virus cannot do anything that was not written into its program. physical condition of disk. they monitor the activity of the host in order to replicate themselves. computer viruses need carriers like some legitimate executable programs. called the Life Cycle of a virus. water or air as a medium for propagation. Why viruses are developed? The virus programs are normally written with an objective of destructive effects. It is the creation of intelligent computer programmer but with the harmful intentions.detail.) It is hard to detect a virus in this stage. the virus launches itself into memory and performs according to its program. to carry them to the host for further destruction and replication. Still. (This act is also similar in the biological virus. boot sectors. Trojan horses etc. The second stage called trigger stage is the one in which virus performs any destruction. How do they work? Similar to their biological counterpart. and does not do any destruction. When infected code gets executed by some means (using these carriers). Both invade the body/machine and attach to cell / program and once lodged.

Memory – resident virus : Lodges in main memory as part of a resident system program from that point on. executes the virus code. Die Hard 2. Afterwards few other classes have also included as the new breed of viruses started coming in.exe. the replication activity of viruses is transparent to the user. Pentagon.Boot sector/partition table viruses and 2. These may even be targeted in the destruction stage of other viruses. Monkey. Print screen etc. But this does not mean that the data files are totally secure from viruses.Polymorphic viruses. The two major classes of viruses are: 1. Boot sector/partition table viruses: Infect the boot sector. because they are not executed. the destructive action mentioned in the virus program executes to carry out the destruction. Master Boot Record (MBR) or the partition table of the disks. Examples are Jerusalem. 4. This is said to be the final stage as it causes actual damage it is supposed to do. Virus programs enter into the system either by way of copying the carrier programs (exe. Stealth viruses and 6. In general viruses do not infect data files. . which then executes the copy of the boot sector it has saved elsewhere. When the computer is booted from the infected disk. These newer classes of viruses include: 3. 5. the virus infects every program that executes.bat etc.Multipartite viruses. Working of each of these types is as explained below: 1. Brain. Boot Sector viruses copy the boot sector program to another location on write a copy of their own code to the boot sector. . Concept. Also. These files normally include executable files such as . 2. Stoned. 3. these viruses infect files. These are the sensitive areas of the system which when controlled.com. sys & similar files) or copying anything from a disk with infected boot sector or partition table or even through E-mail or Website contents. The code in these locations gets loaded in memory at the system startup and hence is a good target for these viruses. it becomes much more easier for the viruses to carry out further replication. bat. File viruses: As the name implies. Cascade etc.File viruses. com. 3. Examples of this type include Michelangelo. 62 . They are classified according to what they infect.Macro viruses.Once this trigger goes off.2 Types of Virus Virus classifications: There are several classes / types of viruses with some of them discovered recently.

by finding other executable files to infect. When new files are created. 5. the virus then locates the actual program and executes it. Dir-2 is an example of this type of virus. or keep the infected file's size and date the same as original and so on. Whenever the infected document/template is run. based on this template the virus infects them all.4. The virus then installs itself underneath everything. A parasitic virus attaches itself to executable files and replicates. Some anti-virus programs will attempt to detect this and then reinstall themselves under the virus. which sits in the background looking for specific actions that might signify the presence of a virus. so that it appears differently with each infection. A tunneling virus attempts to backtrack down the interrupt chain in order to get directly to the DOS and BIOS interrupt handlers. Obviously these will be more difficult to detect. DOS first loads and execute the virus code. Examples include Phoenix. when the infected program is executed. including the interception program. which infect the macros (small stored procedures to carry out multiple jobs at a keystroke) within a document or template. Evil. Stimulate etc. Examples are Tequila. Multi-parasite viruses: These types of viruses are a combination of both boot sector as well as file viruses. Stealth viruses: Viruses using certain techniques to avoid detection by antivirus utilities are of this type. Such viruses may hide themselves in some other position than the detectable one. 7. Word concept etc. 10. This might cause an interrupt war between the anti-virus program and the virus and result in problems on your system. which encrypt its code in various ways. Frodo. Parasitic Virus : The traditional and still most common form of virus. Invader etc. Generally for word processing the template used is the file called normal. Poly-morphic viruses: These are newer type of viruses. the viruses further infect the boot sectors/partition tables. Nuclear. They first infect the executable files and when these files are run. Thus they can infect in both the ways. 63 . Some anti-virus programs also use tunneling techniques to bypass any viruses that might be active in memory when they load. 8. Flip. Macro viruses: This is newer type of viruses. Examples are Whale. Cluster Viruses: There is a type of virus known as a "cluster" virus that infects your files not by changing the file or planting extra files but by changing the DOS directory information so that directory entries point to the virus code instead of the actual program. Examples indude W 32. dot. Tunneling Viruses: One method of virus detection is an interception program. When you run a program. 6. Joshi etc. To do this it must intercept interrupts and monitor what's going on. the macro virus activates. Proud. 11.

the entire current directory will be infected and. Never download mail attachments. 64 . As a result. Thus we see a new generation of malware that arrives via e-mail and uses e-mail software features to replicate itself across the Internet. Melissa was one of the first rapidly spreading e-mail viruses which made use of a Microsoft Word macro embedded in an attachment. While it is difficult to protect the system totally.The interesting thing about this type of virus is that even though every program on the disk may be "infected." because only the directory pointers are changed there is only one copy of the virus on the disk. all directories on the path will typically be infected. Keep floppies Write-protected (especially if they are bootable. If the recipients open the e-mail attachment.) Do not copy anything in your system from any unknown source. This makes it very difficult for antivirus software to respond before much damage is done. 3. Ø The virus does local damage. prevention and recovery: There are several precautions one can take in order to safeguard from virus infection. if the DOS path must be searched. Restrict the use of machine to only authorized users. Then Ø The e-mail virus sends itself to everyone in the mailing list in the users email contact list. they now do in hours. The virus propagates itself as soon as activated (either by opening an e-mail attachment or by opening the e-mail) to all of the email addresses known to the infected host. the Word macro is then activated. unknown content from Internet.3 How to protect the computer against virus Virus detection. One can also usually classify this type of virus as a fast infector. whereas viruses used to take months or years to propagate. The safety measures or precautions for virus prevention are rightly called the Golden Rules or the Commandments as given below. The virus uses the Visual Basic scripting language supported by email package. using these rules one may prevent from the virus infections to a great extent The Golden Rules for virus prevention: 1 2 3 4 5 Always keep backup of your data/programs. 12. Even then if the virus still creeps in. For instance. On any file access. one has to follow the detection and elimination procedures further. E-mail Viruses: The e-mail virus can be activated merely by opening an email that contains the virus rather than opening an attachment.

Norton. But then. This gave rise to the recent Melissa or I Love You worms. If you use the Anti-virus softwares. worms do not require any type of carriers. 9 Change in data/program file sizes is observed. 7 Unusual error messages appear on screen 8 Programs take more time to load than normal. if the virus creeps into your system. hackers considered this as a tool for destruction purposes and the development on the other side continued. This is due to the indicating or symptoms given out by their existence. This term was coined from the word Tapeworm. one must create a Rescue disk that should be a clean.6 Even after using these precautions. Virus Symptoms: 1 Computer system seems to be running too slow than normal 2 Floppy disk or hard disk is accessed suddenly without any reason. and Activex. 4 System crashes often without any reason 5 Computer does not boot completely at all 6 System memory or disk space reduces without logical reason. Apart from using the tools. To eliminate virus when observed or detected in the system. Recovery procedure (virus): If these symptoms are observed. One must ensure to update these utilities frequently. which keep coming. folders disappear mysteriously or contain garbage.the virus. How do they work? (worms) Worms are normally observed in Networked environment rather than in stand-alone environments and spreads itself by replication similar to that in virus. The recent developed 65 . These include the following. detect & eliminate viruses from the system. it can be detected in various ways apart from using a virus scanner for it. to stay safe from the newer viruses. Those days the worm code was considered harmless and was used for just fooling-around with others. an infected bootable disk with required set of tools. This can be used to diagnose. which created havoc through the Internet across the world. Many such products exist including McaFee. AVG & so on. they will do this job for you. Unlike its cousin . F-prot. one should carry out some specific steps called as Recovery procedure. they may indicate the presence of virus in your system. VBScript. Some of the worms are coded using the scripting tools such as Java-script. there exists one more type of malicious program in computer world called as a Worm. Worms: General concept: (worms) Apart from the virus programs discussed above. Programs do something unusual or do not work normally 3 Files. which used to copy itself in tapes (used in older computer systems) way back in 1000s.

not opening any content from unknown source. Worms can choke or congest the network. actual file name CORETEST. in fact it is a malicious one. which came out and fought with the enemy taking them by surprise. HTML scripts. rather one would not copy or try it out! It may say it is a new game released. It is also possible that the Trojan horse program may be working normally for some time. prevention and recovery of Worms: Normally. which include some form of self-destruction which means the Trojan program itself gets deleted after triggering condition along with other destruction. They may work either like a Time Bomb (based on some value. although there are several other reasons for this. If it were not a genuine program. It is supposed to do something useful while all it does is totally different and that is destructive. In the Greek kingdom. web page sources etc. The name has a funny history behind it. Worms do not modify a program nor attach themselves to it and hence may be seen or detected separately unlike the virus. some newer type of Worms hide themselves inside the Email source. a wooden horse was gifted to the enemy and taken inside their fort. How do they work? (Trojan Horse) Trojans . Trojan horses: General concept: Yet another type of malicious program observed is a Trojan horse.worms carry out their destruction through widespread use of Internet. sometimes simply called Trojan. always claim to be a genuine program. just to fool the user that it is doing something useful.ZIP (claims to be an antivirus public domain utility!) 66 . Even if it claims to be a genuine program. Once lodged on to a system. resource eating etc. Once copied/downloaded on to a host and executed. This actually contained soldiers inside it. it may be possible to prevent from their attacks. to remain undetected. using some safety measures like detection tools. actually it may do something like formatting hard disk.as specified. (Can this be very much analogous to a human bomb!) Examples of Trojan horse program include 12 tricks Trojan. Our Trojan horse in computer works with a similar principle. filename NORTSTOP. undesirably disclosing your valuable information to the world. They use the network to copy from one node to other. As far as the prevention is concerned. some kind of a utility program newly developed. The destructions caused by worms include . erasing files/folders and so on.COM (claims as hard disk benchmarking program!) Nortstop Trojan. The indication of worms may be the terrible slowness of the network. using your address book to send anonymous mails to other hosts. or something similar. There are some types of Trojans. number as triggering condition) or like a Logic Bomb (destructing after satisfying some logical event or condition). EXE or NORTSTOP. all the recent anti-virus utilities are capable of detecting most of the worm codes as well as disinfect them. thus bringing it to a crawling speed! Detection. worms keep replicating themselves by placing themselves in the memory of various infected systems. Still.bringing down your network's speed.

Hence it is possible to find out that the harm is caused by the running program. one can try it (if it is absolutely necessary) on some separated machines and then using on regular once confirmed. never download/copy any content from unknown source. if you have a PC in order to get real work done. Don't boot off floppies. don't do it! 5. sometimes using shareware or games copied from bulletin boards. In such case. Frequently run virus checkers. The elimination is obviously the deletion of the program identified as a Trojan. If you run a game with a virus. 4. When your system puts up a warning saying that something is dangerous. and you also want to play games. In those circumstances. What can we do today? Given that there is no foolproof method to test a program for hidden bad side effects. and save old backups for a long time. prevention and elimination of Trojan horse: One major difference between Trojan horse and worms or viruses is that the Trojans do not selfreplicate. you'll only wipe out your games. but there are some precautions that are worth taking: 1. Unless one tries out a Trojan program. unless using some good utility. 3. Another limitation of them is that they are available separately. like bulletin boards or people who aren't as careful as you are. it is hard to know whether it is genuine or not. such as the first time you unpack your machine and turn it on. Try to run programs in the most limited possible environments. Now a days. Don't run software from suspicious sources. 6. be extremely careful about what floppy you boot from. The prevention mechanism says. But beware! It is also possible that the Trojan horse programs may be working like Backdoors and passing the valuable information from your system back to hackers! It is hence difficult to detect a Trojan. 2. label it as Trojan and discard it. many antivirus utilities also check for them as well. Do frequent backups. except in an extreme circumstance. 3. or when in doubt. have two machines.Detection. For instance. we can't be completely safe. This reduces the amount of destruction caused by them compared to other malicious programs. Have the industry employ people whose job it is to keep up with virus technology and come up with vaccines.4 Life Stages of a virus: 67 . A somewhat more practical way to accomplish this is to have a machine with multiple disks and a physical switch that connects only one of them at a time.

then the virus gets a chance to replicate every time. What's often not clearly understood is precisely when it will infect the other programs. Polymorphic techniques also help viruses to infect yet avoid detection. before it infects anything. so that its strength is increased enough to attack the system and over come the system's protective resources. Hence. 68 . Infection Phase b. which the viral code needs to trigger its duplicate. a counter within the virus. an external event on your PC. This makes viruses more difficult to analyze since it's hard to guess what trigger condition they use for their infection. This technique is called stealth. because with proper replication. etc. a day or time. since every time if the system boots and the boot sector is where the viral code is placed.Life Stages of a Virus There arc 3 stages to a Virus Life Cycle: a. This trigger could be anything. the virus will be able to replicate only if the executable file is executed. or execute a progran1. In order to do this. Resident viruses frequently take over portions of the system software on the PC to hide their existence. Virus writers want their programs to spread as far as possible before anyone notices them. replication is planned around some trigger. the attack phase also has its own trigger. Replication Phase. Replication is an important phase. You can never be sure the virus simply hasn't yet triggered its infection phase. Attack Phase: Many viruses do unpleasant things such as deleting files or changing random data on your disk. copy a file. TSRs are programs that executed under DOS but stayed in memory instead of ending. simulating typos or merely slowing your PC down. Replication Phase: This is the phase where the virus replicates or duplicates or infects more system files. This means the virus can wait for some external event before it infects additional programs. Hence. The virus may silently lurk in memory waiting for you to access a diskette. other viruses infect only upon a certain trigger. Attack Phase Infection Phase: When the virus executes it has the potential to infect other programs. Many viruses go resident in the memory of your PC in the same or similar way as terminate and stay resident (TSR) programs. virus is placed in an executable file or the system sector. Some viruses infect other programs each time they are executed. Usually in an executable file. Just as the infection phase can be triggered by some event. the system sector is a good bet. c. the attack phase of the virus can become that much more lethal.

If the 69 . If it has. or even years after the initial infection. When the program is invoked.executable-file: if(first-line-of-file=1234567) then goto loop else prepend V to file. will first execute the virus code and then execute the original code of the program. months. The virus program first seeks out uninfected executable files and infects them.random. and it is assumed that the entry point to the program. } subroutine do-damage := { whatever damage is to be done} subroutine trigger-pulled := {Return true if some condition holds} Main: main-program: = {Infect executable. then the virus unleashes the attack phase and starts doing what it is meant to do. control is immediately transferred to the main virus program. viruses can be also triggered to attack under the arrival of a specific time. In this case. or it can be embedded in some other fashion. the virus constantly checks whether the pre-decided time of attack has arrived or not. The key to its operation is that the infected program. This action could be performed every time the program is invoked. when invoked. the virus may perform some action.} next: } do damage. 3. An infected program begins with the virus code and works as follows. Next.5 Structure of Viruses A virus can be pre-pended or post-pended to an executable program. This means the attack could be delayed fur days. In that case. if trigger pulled then goto next. the virus code. file : = get. or it could be a logic bomb that triggers only under certain conditions. Usually. Program V: = { goto main . the virus transfers control to the original program.executable : = { loop. usually detrimental to the system. V. The first line of code is a jump to the main virus program. The second line is a special marker that is used by the virus to determine whether or not a potential victim program has already been infected with this virus. is prepended to infected programs.Viruses often delay revealing their presence by launching their attack only after they have had ample opportunity to spread. when invoked is the first line of the program. 1234567. weeks. Finally. subroutine infect.

A virus such as the one just described is easily detected because an infected version of a program is longer than the corresponding uninfected one. Subroutine infect-executable: = {Loop: File: = get-random-executable-file. In the infected binary. and uncompress before execution and pad with bytes so that the check sum comes out to be what it was. 01234567.infection phase of the program is reasonably rapid. Here is a simple structure of a virus. A way to thwart such a simple means of detecting a virus is to compress the executable file so that both the infected and uninfected versions are of identical length. if(triggered( )) { doDamage( ). } void infectExecutable( ) { file = chose an uninfected executable file. if(first-line-of-file = 01234567) then goto loop. } Main: main-program: = {If ask-permission then infect-executable. } jump to main of infected program. It is also possible to compress the original executable code like the typical Zip programs do. (1) Compress file. a user is unlikely to notice any difference between the execution of an infected and uninfected program. } } } The above virus makes the infected file longer than it was. (4) Run uncompressed file. at a known byte location in the title. (2) prepend CV to file. many executable tiles often contain long sequences of zero bytes. There are many techniques to leave the tile length and even a check sum unchanged and yet infect. making it easy to spot.} } Figure: Logic for a Compression Virus 70 . For example. V() { infectExecutable( ) . Program CV: = {goto main. (3) Uncompress rest-of-file. a virus inserts a signature byte used to determine if a potential carrier program has been previously infected. which can be replaced by the virus and re-generated. prepend V to file/void doDamage( ) { int triggered( ) { return (some test? 1: 0).

8 Topic Firewalls and Proxy Servers Kinds of Firewalls Packet filters Application-Level Filtering Circuit-Level Gateways Dynamic Packet Filters Distributed Firewalls.6 Components of Virus: There are 3 parts: a.2 4. Replicators are crucial in deciding the strength of the virus overall. That happens when the virus enters a system first. Payload: This the section.1 4. Usually it is a direct implication of the Replicator. the virus goes into the attack phase. Because replicator will be able to replicate a specific number of times. which can determine the amount of damage or harm the virus can cause to the system or its resources. Chapter 4 Firewall and Proxy Servers Chapter Index Section 4.0 4. the virus gets a chance to replicate.3 4. What firewalls cannot Do & Filtering Services Reasonable Services to Filter 71 . Depending on how much the payload is. which has the Job of making the virus replicate or duplicate such that every time the viral code is triggered or executed.4 4.3. Replicator: The Replicator is that section of the virus. Replicator c. b. c. Infector: This is the section of the viral code. which infects some part of the system when triggered for the first time. Usually the infection at a proper place like the system sector leaves a better chance of replication more number of times. Infector b. so the payload will be greater.5 4.7 4. Usually a higher payload means that the virus can easily overcome the system and its resources can be easily overcome by the virus.6 4. Payload a. The infector part may decide to infect a file system or a system sector or an application.

Only the traffic authorized as per the local security policy should be allowed to pass through. But this facility usually may be a nightmare for network support staff. Apart from the danger of the insider information leaking out. At a broad level. 3. This is where a firewall is needed.12 4.13 Digging for Worms. 2.10 4. Packet Filtering. all the access to the local network must first be physically blocked. As a result of these dangers. and also prevents the outsider attackers from entering inside a corporate network. Leaking of this critical information to competitors can be a great setback.9 4. Most corporations have large amounts of valuable and confidential data in their networks.0 Firewalls and Proxy Servers: Using the Internet we can get connected to any other computer. Specific attacks: Packet sniffing v/s Packet spoofing Implementing policies: (Default allow. The word 'firewall' has come from a kind of arrangement in automobiles. The firewall decides if the traffic can be allowed to flow. a firewall is specialized version of a router. The firewalls in computers also work with similar concept. therefore.4. there is a great danger of the outside elements (such as viruses and Worms) entering a corporate network to create havoc. and access only via the firewall should be permitted. so as to render attacks on it useless. 2. 72 . To achieve this. Default Deny) on proxy Notes of DMZ Chapter 4 Firewalls and Proxy Servers 4. there are two kinds of attacks: 1. The characteristics of a good firewall can be described as follows: 1. All traffic between the network and the Internet in either direction must pass through the firewall. to prevent the passengers from engine components. Apart from the basic routing functions and rules. we must have mechanisms which can ensure that the inside information remains inside. All traffic from inside to outside.11 4. Technically. which can guard a corporate network by standing between the network and the outside world. A firewall acts like a guard. The firewall itself must be strong enough. or whether it must be stopped from proceeding further. which is left with a very difficult job of trying to protect the corporate networks from a variety of attacks. no matter how far the two are located from each other on the network. a router can be configured to perform the firewall functionality with the help of additional software resources. and vice versa must pass through the firewall.

DMZ is required only if an organization has servers that it needs to make available to the outside world (e. Alternatively. If. Firewalls come in various categories. the firewall cannot prevent such an attack.It is defined as 'the collection of components that are placed between the local (unprotected) private network / workstation and the Internet (unprotected) which is the external public network. The firewall cannot. Firewalls can be arranged to form a DMZ. One interface connects to the internal private network. configurations. 4. For this. Demilitarized Zone (DMZ) networks: The concept of a Demilitarized Zone (DMZ) networks is quite popular in firewall architectures. and the third connects to the public servers (which form the DMZ network). the firewalls have been classified as per the work carried out by them. to enable both the features out of the box. 3. obviously be expected to take care of such situations. some vendors bundle their firewall products with anti virus software. set of devices and products which run on the hosts in the network. This is because a firewall cannot be expected to scan every incoming file or packet for possible virus contents. Therefore. instead. the second connects to the external public network (i. a user can bypass the firewall and exchange information with the Internet via the other entry exit points. They work like logical security guards which keep an eye on the outgoing and incoming traffic. Limitation of the Firewall: The main limitations of a firewall can be listed as follows: 1. Therefore. This can open up the possibilities of attacks on the internal network through those points. the Internet). They have two basic types: (1) Packet Filtering and (2) Application Level.1 Kinds of Firewalls: In general. Insider's intrusion: A firewall system is designed to thwart outside attacks. Virus attacks: A firewall cannot protect the internal network from virus threats. Web Servers or FTP servers). 2.e. a separate virus detection and removal mechanism is required for preventing virus attacks. a firewall has at least three network interfaces. 73 . if an inside user attacks the internal network in some way. Direct Internet traffic: A firewall must be configured very carefully.g. It is effective only if it is the only-entry point of an organization's network. the firewall is one of the entry-exit points.

This is the first line of defense against the intruders. Using packet filters may be complex as graphical interface is not available in most of the cases. 7. Faster in operation. As the name suggests. 3. This is because it acts like a proxy i. 5. An application gateway typically works as follows: 1. In order to allow certain access. All the applications on Internet may not be fully supported by packet filtering firewalls. 2.Two more types have also resulted based on these two primary types. Advantages of packet filters: 1. An internal user contacts the application gateway using a TCP/IP application. such as HTTP or TELNET. some exceptions to the rules need to be added. Disadvantages of packet filters: 1. this firewall checks for each and every IP packet individually. . 74 . It has to be combined with other techniques as well. Rule-sets to be defined for a packet filter may be very complex to specify as well as to test. These do not possess any auditing capabilities and auditing is considered to be of major importance in security. to strengthen the security. Simple and straightforward mechanism.e deputy or substitute. They are: (3) Circuit level gateways and (4) Stateful Multi-layer inspection (Dynamic).2 Packet Filters: This is the basic level of the firewalls. and decides about the flow of application level traffic. Some packet filters do not filter on the source TCP/UDP ports at all. and is not totally foolproof. 4. This may add further to the complexity. According to the selected policies (called Rule-sets or Access Control Lists or ACLs) it determines whether to accept a packet or reject it. 6. 3. 4.3 Application level filtering: An application gateway is also called as a proxy server. Each type is discussed below in detail. which may increase the flaws in the filtering system. 2. either coming in or going out of private network. Operation is totally transparent to the users. These type of firewalls do not attempt to hide the private network topology to the outside network and hence it gets exposed. 4.

Hence. The application gateway asks the user about the remote host with which the user wants to set up a connection for actual communication (i. They do not need to check each and every packet but rather check an application as a whole and determine whether it should be allowed the access of a network both in-bound as well as out-bound. The Application level firewalls work at the topmost layer in the network i. IBM firewall. Local network clients refer to it using its local I P address whereas anyone from the Internet uses its external lP address for communication. we simply detect whether a user is allowed to work with a TCP/IP application or not. These are also called Application level gateways as they are between the local network and the Internet. and another between the application gateway and the remote host. and the traffic going between them. the Application Layer. The user provides the information to the application gateway.one towards the local network (with an internal I P address) and another towards the Internet (using an external lP address). This means that the actual communicating internal host is under an illusion.e. DNS. The application gateway has to manage these two sets of connections. The disadvantage is the overhead in terms of connections. in fact it is routed always through the proxy server. 4. The services which are proxied include FTP. TELNET. local network. Advantages of Application level fire walls: 75 . Squid proxy server. These are the hosts which make/receive the requests to/from the Internet to the local network which they do on behalf of the local clients.2. because rather than examining every packet against a number of rules. The application gateway now accesses the remote host on . Application gateways are generally more secure than packet filters. they can monitor the flow of information in great details. Winproxy and many more with various facilities and configurations. There are actually two sets of connections now: one / between the end user and the application gateway. which is similar to the coin with two sides. the application gateway allows the clients to think or believe that they are getting the direct connection to the Internet. and Zone Alarm-Pro.behalf of the user. e. Norton Firewall. These provide a single point of entry for Internet traffic into the. Thus. The Proxy servers work with two faces . and passes the packets of the user to the remote host. Linux based Mitel Networks SME server. SMTP and so on. they are more secure than the packet filters. Mc-A’fee Firewall. HTTP. Another variation in them is called a Proxy server. Wingate. Hence. 3. They require the policies to be set up by using specific software and hence are NOT transparent to the end users. Examples of Application level firewalls include Zone Lab's Zone Alarm. its domain name or IP address) The application gateway also asks for the user id and the password required to access the services of the application gateway.

which is an important aspect of security. and thinks that there is a direct connection between itself and the remote host. The SOCKS client runs on the internal host. A circuit gateway. 4. It is hence possible to enable/disable these services through the circuit gateways. They neither check individual packets nor the entire applications for filtering purpose. But in the process. and. The SOCKS server is an example of the real life implementation of a circuit gateway. the SOCKS server runs on the firewall. 6. changing the Rule-sets is easier in this case. 3. 5. the circuit gateway changes the source IP addresses in the packets from the end user's IP address to its own. they tend to break the standard client-server model. topology and other sensitive information of the private network from the external parties.1. 76 . Ability to hide the structure. Operation may be slower since it has to check the traffic in more detail. 3. No need to check each and every packet. 4. Thus. They are not transparent to the end users. These are available as software with Graphical interface. but checks application as a whole. Normally they relay the services such as Telnet or FTP for the users. This check for the specific sessions or services for filtering. setup and operate from the point of users (also called as personal firewalls sometimes) Disadvantages of Application level firewalls 1. 2. 4. But they provide the facility to control these services. and similarly in reverse way. Has capability of complete auditing/logging of events. in fact. Checks traffic in greater details than the packet filters. creates a new connection between itself and the remote host. there will be two connections to be set-up: one from the client machine to the firewall. The software products used may be costly to procure. In some cases. Easier to install. This way the IP address of the internal network are hidden from the outer world.4 Circuit level Gateways: Another variation of firewalls is called the Circuit Level Gateways. Provides more security than the packet filters. These are set to run on the Transport level of TCP/IP model (or Session layer in case of the OSI model). setup may be difficult and require administrative help. Also. and may have to be set up specifically on the client nodes. The user is not aware of this. 2. It is a client server application. It performs some additional functions as compared to those performed by an application gateway. 7. and the second between the firewall to the external server. They are sometimes called as the Relays which relay the sessions / services (also called circuits) for the users. hence specifying. for every request/response.

especially and can be expensive. This facility is not available in any of the earlier types. More flexible in its operation due to its dynamic nature Combines most of the advantages of first three types of firewalls. More secure than packet filters since work on higher level. Transport as well as Internet layer. Scans the traffic in three different layers in great details Provides much more security than in first three types of firewalls Facility to adapt to the changes in the stage of network. 2. the firewall can modify itself or can adapt to changes in situations and can change the rules dynamically. Hence. Advantages of Dynamic Firewalls: 1. Breaks the client-server model. multi-layer inspection type. Operation much slow may reduce the overall performance. Can hide internal network structure to the external entities. 3. For this purpose the firewall needs to maintain some historical information about all the transactions in a form called state tables. Flexibility to enable or disable sessions or services is available. checks for valid sessions at the Transport layer and evaluates the application at the topmost layer. 6. Disadvantages of Dynamic Firewalls: 1. These state tables are updated as and when new events are generated. 3. This means. Another difference between this type and earlier ones is the awareness of a State and the Dynamic nature of them. As the name suggests it checks the traffic in multiple layers viz. Examples of this type of firewall include Checkpoint's Firewall-1. 77 . Operation is transparent to the endusers Disadvantages of Circuit level gateways: 1. Application. 5. Applications need to be procured. 5. 2. These are the recent type of firewalls being used. which make this a more efficient. 3. 4. 2. 2. Requires two dedicated connections to be set up for each service / response.Advantages of Circuit level gateways: 1. They check the individual packets at the Internet layer.5 Dynamic (Stateful Multi-layer Inspection) Firewalls: The last category of firewalls is the Dynamic also known as the Stateful. Sun's SunScreen etc. Less expensive compared to the Application level products. it combines all the advantages of the first three categories of firewalls. Less secure compared to application level gateways. and hence they are known to be Stateless. These are used by the firewall to modify or update the Rule-sets in different situations. 4. 4. Do not check individual packets inbound or outbound.

internal network as well as the individual terminal. Presently. one can provide separate level of security to the Web. Possible to prevent inside attacks more secure implementation Servers can be outside perimeter More flexibility in operation Different security levels possible The Distributed firewalls are the host-resident security solutions which protect the enterprise network's critical end points against the intrusion. These can also prevent the malicious inside attacks also within the network.6 Distributed Firewalls: Provide multiple checkpoints less prone (is in multiple forms). since most of the attacks are initiated from inside the network. even the perimeter firewalls need not be installed at all when distributed firewalls are deployed. A packet filtering router and 78 . These are the prime features considered for implementation of firewalls in larger enterprises. . Traditional Firewalls § Provide single entry point into the network § More prone to attacks § Cannot prevent inside attacks § Less secure implementation § Servers have to be inside perimeter § Has less flexibility of operation § Provides same level of security Firewall Configuration: 1. I n some cases. Single homed Bastion configuration: A firewall set up consists of two parts: i. Setup or implementation may be more difficult. These are like the personal firewalls but the additional features include the centralized management. logging and a fine access-control granularity. These are meant to provide higher security to the corporate networks. Application servers or individual nodes in the setup. This is more important advantage.3. As the name suggests. organizations of various types that are security conscious are deploying the Distributed type of firewalls and has a scope of unlimited scalability even keeping the same performance. the firewall implementation is distributed over multiple points rather than providing a single-point-entry into your network in case of traditional firewalls. With distributed firewalls. precious servers of the enterprise. Screened Host firewall. 4. as they treat all traffic as unfriendly whether it is originating from the Internet or your Local network. These protect remote employees. Mail servers. These firewalls also guard the individual machines the same way as the perimeter firewall guards the entire network. Some key differences between the Traditional Firewall implementations and the Distributed Firewall Implementations are as stated below.

direct connections between the internal host and the packet filter are avoided. It is an improvement over the previous scheme. the packet filter connects only to the application gateway.e. Screened subnet firewall: This configuration offers the highest security among the possible firewall configurations.e. from the corporate network to the Internet) is allowed only if it is originating from the application gateway. has a separate connection with the internal hosts. as the things the firewalls cannot do. from the internet to the corporate network) is allowed only if it is destined for the application gateway. by examining the source address field of every outgoing IP packet. one big disadvantage here is that the internal users are connected to the application gateway. and another one between the application gateway and the internal network. An application gateway. there are three levels of security for an attacker to break into. The packet filter ensures that the incoming traffic (i. 4. one between the Internet and the application gateway. Screened Host Firewall. as well as to the packet filter. by examining the destination address field of every incoming IP packet Similarly.ii. But there are certain aspects not covered or protected by any general form of a firewall. only if the application gateway is visible to the attacker. now even if the packet filter is successfully attacked. The application gateway performs authentication and proxy functions. These are named. because he doesn't know about the internal network.7 What Firewalls cannot do? As seen normally. Dual Homed Bastion configuration: This type of configuration is a improvement over the previous one. Instead. The internal hosts are protected. then the whole internal network is exposed to the attacker. Here. This configuration increases the security of the network by performing checks at both packets and application levels. Here. Their purposes are as follows: a. in turn. firewalls provide good amount of security to the private network. if the packet filter is somehow successfully attacked and its security compromised. Therefore. 3. Therefore. b. However. 2. This also gives more flexibility to the network administrators to define better security policies. two packet filters are used. This makes it difficult. They include following: 79 . which. it also ensures that the outgoing traffic (i. Now. unless he breaks into both the packet filters and the single application gateway standing between them.

4. e. Name service. Does not prevent viruses from entering into the local network. 3. Do not protect any connection that is not going through them or in some way by passing them. Internet Mail Access Protocol) 6. a successful attack on one of these services can produce disaster all out of proportion to the innocence of the basic service. using modems or RAS to connect to Internet directly. cannot prevent from Internal attacks at all. Electronic mail. Authentication / proxy service.g. Firewalls in general. 4. Do not differentiate between users on a single side i. 7. Can be bypassed by users in order to avail of the services normally blocked in which case they fail to provide any security to these connections. (POP3. Telnet Since these are the most frequently used services. 6. Also. and (FTP) 8. if not properly configured or not updated continuously.e. 2. Electronic Mail.8 Filtering Services & Reasonable services to filter: The most popular services are: 1. 3. This means one Internet user can spoof another or one local user can spoof other. 5. Fail to provide enough security. (DNS and NIS – Network Information Service) 2. WWW. 4. Cannot prevent from any new kind of threats or attacks for which the firewalls may not have been configured. (SMTP) – Simple Mail Transfer Protocol 5. Query response 1. IMAP) (Post Office Protocol. DNS Allow Filter Block Internal info 80 . NFS. (World Wide Web) 7. 1 Name Servers (DNS and NIS (+)) What is DNS? Domain Name System What is NIS? Network Information Service Inbound and outbound queries can be summarised as: S. TCP (Transmission Control Protocol) 10. Protocol Outbound Inbound Comment No.1. Password / key service. They only try to differentiate between local and the External members. either the Internet side or the Local side. (Network File Service (or System)) 9. NTP (Network Time Protocol) 11. ssh 12. they are the most obvious points of attack. File transfer.

and even those hosts should only be able to access the service (i. routine traffic can be diverted to a compromised system to be monitored. the information returned from a query could not be checked for modification or verified that it had come from the name server in question. DNS Allow DMZ What is DMZ: De-militarised zone The Internet uses the Domain Name System (DNS) to perform address resolution for host and network names. Protocol Outbound Inbound Comment No. should not be allowed by anyone other than administrators).. Traditionally. However. Work has been done to incorporate digital signatures into the protocol which. Name-to-address resolution is critical to the secure operation of any network.e. In particular. Query response 2. The Network Information Service (NIS) and NIS+ are not used on the global Internet. For example.Inbound and outbound queries can be summarised as: S. DNS has had no security capabilities. An organization should create well known. Query response 2. will allow the integrity of the information to be cryptographically verified (see RFC 2065). such as Telnet and FTP. 2 Password / Key Servers (NIS (+) and KDC) What is NIS(+)? Network Information Service What is KDC? Key Distribution Center. Telnet Allow Allow Only for the administrator 81 . protected sites to act as secondary name servers and protect their DNS masters from denial of service attacks using filtering routers.. but are subject to the same risks as a DNS server. users can be tricked into providing authentication secrets. general services. It is therefore necessary to ensure that these servers are not accessible by hosts. Protocol Outbound Inbound Comment No. Inbound and outbound queries can be summarised as: S. Password and key servers generally protect their vital information (i. when deployed.e. An attacker who can successfully control or impersonate a DNS server can re-route traffic to subvert security protections. which do not plan to use them for the service. or. the passwords and keys) with encryption algorithms. even a one-way encrypted password can be determined by a dictionary attack (wherein common words are encrypted to see if they match the stored encryption).

an email server requires access to the outside world. If a Web server is available to the Internet community.Inbound and outbound queries can be summarised as: S. 82 . The general rule of limiting access only to those hosts. Query response 1. Since email is delivered to all users. etc. It allows sites to concentrate services through a specific host to allow monitoring. This opens several security holes. Such implementations are generally considered more secure. but still require careful installation to avoid creating a security problem. and is usually private. An email server generally consists of two parts: a receiving/sending agent and a processing agent. Inbound and outbound queries can be summarised as: S. and limiting access by those hosts to only those services. which need the services. There are some implementations available which allow a separation of the two agents. the processing agent typically requires system (root) privileges to deliver the mail. by it's very nature. which this document will not describe. The type of protection required for a proxy server depends greatly on the proxy protocol in use and the services being proxied. SMTP Allow Filter 5 World Wide Web (WWW) The Web is growing in popularity exponentially because of its ease of use and the powerful ability to concentrate information services. Query response 2. FTP Allow Allow Only for the administrator 3 Authentication / Proxy Servers (SOCKS) A proxy server provides a number of security enhancements. Protocol Outbound Inbound Comment No. which means the receiving agent also has system privileges. Protocol Outbound Inbound Comment No. Also. is a good starting point. most email servers accept input from any source. hiding of internal structure. Most WWW servers accept some type of direction and action from the persons accessing their services. Most email implementations perform both portions of the service. In fact. The most common example is taking a request from a remote user and passing the provided information to a program running on the server to process the request. 4 Electronic Mail Electronic mail (email) systems have long been a source for intruder break-ins because email protocols are among the oldest and most widely deployed services. it is especially important that confidential information not be co-located on the same host as that server. This tunneling of services creates an attractive target for a potential intruder. Some of these programs are not written with security in mind and can create security holes.

the rule looks like: Inbound and outbound queries can be summarized as: S. Query response 1. Query response 1.g. Protocol Outbound Inbound Comment No. TFTP should be avoided as much as possible. TFTP) FTP and TFTP both allow users to receive and send electronic files in a point-to-point manner. they could result in modifications to the information your site is publishing to the web) and in themselves make the security considerations for each service different. if you require insiders to use an internal web proxy. replace and delete files at will. Some sites choose to co-locate FTP with a Web server. Web Allow Block Put Web Server in DMZ An alternative rule set. But this should only occur for anon-ftp servers that only provide information (ftp-get). might be dangerous (e. in combination with WWW.. For this reason. and the introduction of Trojan horses are just a few of the potential security holes that can occur when the service is configured incorrectly. so it is very important to configure this service correctly. Protocol Outbound Inbound Comment No. Protocol Outbound Inbound Comment No. Query response 1. Access to encrypted passwords and proprietary data. 83 . However. Anon-ftp puts. Inbound and outbound queries can be summarized as: S. since the two protocols share common security considerations However. FTP requires authentication while TFTP requires none. the practice isn't recommended. 6 File Transfer (FTP. FTP Passive Block Put FTP server in DMZ Improperly configured FTP servers can allow intruders to copy. In this case. anywhere on a host. Web Filter Block Put Web Server in DMZ Many sites may want to co-locate FTP service with their WWW service. FTP servers should reside on their own host. which is not "trusted" by other internal hosts. is to permit only it to talk directly to the world.it is recommended that the server have a dedicated host. Inbound and outbound queries can be summarised as: S.

and then it should be configured in a restricted way so that the server only has access to a set of predetermined files (instead of every worldreadable file on the system). Although the insiders might be trusted. NFS is frequently used by diskless hosts who depend on a disk server for all of their storage needs.g. Inbound and outbound queries can be summarized as: S. etc. Ideally. This is achieved by specifying which hosts the file system is being exported to and in what manner (e.especially when the FTP service allows the deposit of files section on WWW above). Query response 1. Unfortunately. it is not always certain that the code they are running is behaving properly. TFTP does not support the same range of functions as FTP. Probably the most common usage of TFTP is for downloading router configuration files to a router. Assume that the mail filter is weeding out viruses and worms. That only works if users obtain their mail via POP3 or IMAP. is it okay to allow outgoing TCP connections? Not completely. It is therefore necessary that the NFS server be accessible only by those hosts. File systems should not be exported to any hosts outside the local network since this will require that the NFS service be accessible externally. which are using it for service. read-write. Protocol Outbound Inbound Comment No. and has no security whatsoever. TFTP Block Block TFTP has no security what so ever 8 NFS The Network File Service allows hosts to share common disks. This service should only be considered for internal use. 84 . Query response 1.). Each should have its own host. NFS Block Block NFS has no built-in security 9 TCP Because insiders are trusted. TFTP should reside on its own host. There are ways that bad things can originate from the inside. external access to NFS service should be stopped by a firewall. and should not be installed on hosts supporting external FTP or Web access. Protocol Outbound Inbound Comment No. read-only. NFS has no built-in security. Applets running on users' machines are considered insiders.. Services offered internally to your site should not be co-located with services offered externally. Inbound and outbound queries can be summarized as: S.

Protocol Outbound Inbound Comment No.If mail is read through a Web-based server. there are time sources on the Internet. If there is a strong need for access to an internal machine from the outside. and. It is also common to run an external NTP server of your own and use the firewall to restrict insiders' access to that server alone.) Incoming TCP connections should not be allowed. trusted external servers. often from a machine on the DMZ. if possible. The filtering rule for TCP can be summarized as follows: Inbound and outbound queries can be summarized as: S. If possible. this should be handled via a dedicated proxy. It is also best to limit the sets of machines that can be reached. you may want to terminate incoming ssh connections at the firewall. use cryptographically enhanced services such as ssh. Depending on your internal trust policies. there is little to prevent the poor user from infection via these vectors. If you have a close relationship with the outside time server. you may want to use NTP’s built-in authentication mechanisms. it is thus crucial to keep up with bugs and patches. You should limit access to selected. TCP Allow Block Generally trust insider 10 NTP (Network Time Protocol) There are now cheap. (Imagine a dual-mode worm: When it can. the inside machine may generate problematic outgoing TCP connections. Ssh has indeed had some serious security problems in the past. Here you can do strong. and is the best way we know of to allow access through a firewall. If these are not used. It's also attractive to pretend 85 . Query response 1. such as Hotmail or Hushmail. Query response 1. the set of machines that can initiate access. but it also e-mails copies of itself to users behind firewalls. As with Mail. Ssh is one of the things we trust. extremely accurate time devices available based on the Global Positioning System and other radio sources. Protocol Outbound Inbound Comment No. these worms exist. NTP Passive Block Put FTP server in DMZ 11 ssh One of the principles of computer security is to trust as little as possible. centralized authentication. Inbound and outbound queries can be summarized as: S. it spreads by direct attacks on vulnerable systems. Ssh is reasonable to allow through the firewall because it implements cryptographic authentication and encryption. Your imagination won’t be stretched very far. Once hit.

you can configure it to make your outbound mail gateway the MX server for the entire Internet: IN MX 10 mail-gw. obtain your central scanner from the vendor who delivers new patterns rapidly during times of plague and helminthiasis [Reynolds. Many goods ones are out there. and ssh's port forwarding just lets Bad Guys do it a bit more easily. com. 86 . if you can't rely on your users to configure their mailers correctly. Protocol Outbound Inbound Comment No. for both your inside and your outside DNS: example. 1989]. too. Outgoing e-mail should be scanned. it's easy to create back doors. you can "encourage" them by blocking outbound connections to TCP port 25. That will also help guard against worms that do their own SMTP. legal. There's no convenient analog to MX records. but it's just that: a pretense. IN MX IN MX 10 mail-gw.com It's a good idea to use a different brand of virus scanner for your gateway than for your desktop. you really need to filter incoming email. ssh allow allow Stay current on patches 4. That's a good idea. Use MX records to ensure that all inbound e-mail goes to a central place.9 Digging for Worms: E-mail isn't the only way that viruses and worms spread.co Just make sure that you filter out any more-specific inbound records. technically. If you can. too. If you want to be a good citizen of the Net. Windows). you may want to add your own patterns. all virus scanners are subject to false negatives. If your user population runs susceptible software (i.example. One approach. But desktops are often behind in their updates. it's not hard to install a centralized filter for malware.. is to screen each piece of incoming mail on each desktop.example.e.example. Make sure that you include a wildcard MX record. both commercial and open source. but you're under no obligation to allow them inside your organization. given that they are. Query response 1. of course. even if you adopt other measures as well. *. defense in depth generally pays off. Fortunately.example. and getting new pattern files to them now can be difficult. There are some legal worms-spam. The rule for ssh is as follows: Inbound and outbound queries can be summarized as: S. actually-but "legal" because the users consented to their spread by not decrypting the legalese in the license. from the command line. too.com 10 mail-gw. If you run a DNS proxy of some sort. you'll filter outgoing e-mail.com. but it's one of the most common. In some cases.that doing so prevents people or malicious programs from creating back doors. If you permit outbound TCP. Antivirus companies have been hesitant to block them.

For one thing. decide whether to accept of discard the packet based on that rule. and cyclotrimethylenetrinitramine. Usually.71827. many worms used forged sender addresses. If there is a match with one of the set rules. If there is no match with any rule. A more dangerous form of annoyance is the trailer that reads something like this: This piece of e-mail has been scanned.10 Packet Filtering: Packet filtering can also be incorporated in Routers. 3. apart from normal routing decisions. X-rayed. It is safe for consumption by humans and computers. 2. will send an' alert to the sender and all other recipients of that piece of e-mail. the implementation of the firewall begins at the default discard all packets option. It seems civic-minded enough. based on the contents of the IP and transport header fields of the packet. a packet filter can be considered as a router that performs three main actions. and is warranted to be free of viruses. 1. take the default action. Moreover. a router can also be made capable of performing packet filtering. Packet Filters are very fast in their operating speed. modify or apply the specific Rule sets for packet filters. and the lack of support for authentication. In case of Linux operating system. Many routers have this capability in which the Rule sets can be hard-coded into them. notifying other recipients has bad scaling properties when one of the addressees is a mass mailing list. Receive each packet as it arrives. A number of packages." and teaches users bad habits. 87 . or accept all packets. A trailer like that is about equivalent to naming a file "This is not a virus. arthropods. Another implementation of packet filters is kernel based in which the kernel is configured to carry out packet filtering.Some antivirus software annoys as much as it protects. The former policy is more conservative. Conceptually. Thus. The default can be discard all packets. but isn't as big a help as it appears. 4. if they detect a virus on a piece of incoming e-mail. whereas the latter is more: open. However. and screened for excessive nitrogenous compounds by ASCI/phage 2. worms. Attackers can try and break the security of a packet filter by using the following techniques: 1. the two disadvantages of a packet are the difficulties in setting up packet filter rules correctly. exe. command line tools such as ipchains (now replaced with iptables) can also be used to define. Pass the packet through a set of rules. IP address spoofing: An intruder outside the corporate world can attempt to send a packet towards the internal corporate world. notifying the putative sender does no good whatsoever. with the source IP address set equal to one of the IP addresses of the internal users.

'1d the packet is fragmented Packet filtering is simple and straightforward mechanism. In such cases. and does not check the remaining fragments. 4.11 Specific Attacks: Packet sniffing v/s Packet Spoofing On the Internet. These attacks take two main forms: (a) Packet Sniffing (also called as snooping) (b) Packet Spoofing. Many times. This attack can be foiled by discarding all the packets where the (upper layer) protocol type is TCP a. other names for these two attacks are: (a) IP sniffing and (b) IP spoofing. Usually. such as Ethernet. All these networks have predefined maximum file size. the size of the IP packet is greater than this maximum size allowed by the underlying network. which are not trustworthy. Source routing attacks: An attacker can specify the route that a packet should take as it moves along the Internet. A packet. Tiny Fragment Attacks: IP packets pass through a variety of physical networks.2. 4. The attacker hopes that by specifying this option. The meaning remains the same. to prevent an attacker from sniffing packets. This can be done at two levels: 88 . so that after fragmentation. Source TCP/UDP port. etc. Source I P address. Token Ring. can simply observe i. as they travel from the source computer to the destination computer over the Internet. sniff packets as they pass by. Clearly. Since the protocol used in this communication is called as Internet Protocol (IP). but instead. a packet is checked for the following information for filtering: 1. 3. computers exchange messages with each other in the form of small groups of data called as packets. the information that is passing needs to be protected in some ways. Hence using these. the IP packet needs to be fragmented. An attacker need not hijack a conversation. like a postal envelope contains the actua1 data to be send and the addressing information. 3. the packet filter can be fooled to bypass its normal checks.e. Destination TCP/UDP port. 2. The attacker feels that the packet filter can be fooled. it checks only the first fragment. so that it can be accommodated inside the physical frame. Attackers target these packets. a security decision may suggest blocking certain address or a website. This works at the Internet Layer in the TCP/IP model. and carried further. (a) Packet Sniffing: Packet sniffing is a passive attack on an ongoing conversation. Destination I P address.

The attacker could simply be angry with the host. people can identify Websites with human readable names such as www. With this background.com and the IP address is 100. ii. The DNS Server could be located anywhere. (B's IP address) which is 100.20 in the DNS server maintained by the ISP of user C. it is with the Internet Service Provider (ISP) of the users.e. the DNS spoofing attack works as follows: Suppose that there is user A whose site domain name is www. For this. believing that he is communicating with A. a special server computer called as DNS server maintains the mappings between domain names and the corresponding IP address. the Web browser queries the DNS server maintained by the ISP for A's IP address. So. the transmission link itself can be encoded. i.20.com l00.9. The attacker does not want a reply from the destination.10 ii. the attacker can see the reply and use that information for hijacking attacks. When this happens. there are mainly two approaches or methods.20 iii.A. Therefore. providing it the domain name.10. .i.If the attacker is between the destination and the forged source. 4. When C wants to communicate with A's site. The attacker does not want the reply. as it wants the host with the forged address to receive it and get confused.10. C starts communicating with B. the attacker need not bother about the reply.yahoo. C gets the replaced i. ii.12 Implementing Policies (Default Allow.10. First is the Allow All approach and the second one is the Deny All approach. Default Deny) on Proxy: As far as allowing or disallowing the services. the attacker need not see the reply-If the attacker's intention was a Denial of Service(DOS) attack.e 100. The data that is traveling can be encoded in some ways. The attacker B manages to hack and replace the IP address of A with his own ie. iii. the party who receives the packets containing a false source address would inadvertently send replies back to the forged address (called as spoofed address) and not to the attacker. A protocol called as DNSSec (Secure DNS) is being used to overcome such attacks. Now. Usually.10. This can lead to three possible cases: i.10. the receiver i.e.20.20. all the DNS servers entry is maintained as: www. The first 89 .com and computers C<lJ1 continue to treat them as IP addresses such as 120. an attacker sends packets with an incorrect source address.A. The attacker can intercept the reply. DNS Spoofing: With DNS (Domain Name System).20. (b) Packet Spoofing: In this technique. iv.com l00.20. so it may put that host's address as the forged source address and send the packet to the destination.20.20.23).A. the DNS Server maintained by the ISP of A has the following entry: www.32.

first by default everything is 'open'. the rules can be added for whatever you wish to block to the users. by default or in beginning everything is 'blocked and as and when required rules can be added to open up the services/information that is required or is thought as trustworthy.13 Write short notes on DMZ: Some servers are difficult to trust because of the size and the complexity of the code they run. In Default Allow approach. The Internet External Web Server The Corporate LAN 90 . then a compromise creates a launch point for further attacks on inside machines.deny using which specific configurations can be made. or outside? The Internet External Web Server The Corporate LAN If you place it inside. Do you place your external Web server inside the firewall.allow and hosts. On the application level gateways or proxy servers. especially Linux based. Web servers are a classic example. there exists the configuration files called hosts.one is more open while later one is more conservative.allow file will be necessarily allowed and similarly the addresses in the hosts deny file will be prevented. In the second approach. Later on. 4. The addresses added in hosts.

It is important to carefully control administrative access to services on the DMZ. the Internet). but not necessarily to the internal network. You should not fully trust machines that reside in the DMZ-that's the reason we put them there. then you make it even easier to attack. the first successful penetration could result in a more serious compromise. he or she gains access to the DMZ.e. Web servers or FTP servers). All other traffic can be filtered. such as ssh. and preferably over a cryptographically protected connection. – The common approach to this is to create a demilitarized zone (DMZ) between two firewalls. a vital internal database. multiple layers of security provide a better shield. That is.e. The idea is illustrated in Figure: The chief advantage of such a scheme is that the access to any service on the DMZ can be restricted. but some situations need more care (and more defenses) than do others. the second connects to the external public network (i.If you place it outside. Important Web servers may need access to. this should only come from the internal network. Most likely. ports 80 and 443. For this. Without the DMZ. and the third connects to the public servers (which form the DMZ network). the internal private network is 91 . if the Web server is the only required service. One interface connects to the internal private network. Otherwise. but ensure that the database server assumes that queries may come from an un-trusted source. The concept of a Demilitarized Zone (DMZ) networks is quite popular in firewall architectures. We'll stress this point again and again: Nothing is completely secure. If an attacker penetrates past the first firewall. The Internet External Web Server The Corporate LAN A DMZ is an example of our general philosophy of defense in depth. For instance. say. an attacker may be able to steal the crown jewels via the compromised Web server. DMZ is required only if an organization has servers that it needs to make available to the outside world (e. Firewalls can be arranged to form a DMZ. respectively). a firewall has at least three network interfaces.g. we can limit the traffic in/out of the DMZ network to the HTTP and HTTPS protocols (i. More significantly.

8 Cryptography Introduction to Basic encryption and Decryption.2 5. 92 .6 5. Diffie – Hellman Key Exchange Concept of Public key and Private key The concept of Hash (Message Digest) Digital Signatures Symmetric Key Cryptography Asymmetric Key cryptography Compare & contrast Symmetric Key Cryptography with Asymmetric key cryptography Pretty Good Privacy (PGP) Chapter 5 Cryptography 5. converts the 'cipher text' back into the 'plain text' to get the original message back.4 5.1 Introduction to Basic Encryption and Decryption: The term 'Cryptography' means the concept of encryption and decryption together. So.3 5. even if an attacker can somehow manage to hack into the DMZ.e. The receiver then 'decrypts' i. which is then transmitted to the receiver. Cryptography is the technique in which the original 'plain text' message is 'encrypted' i.e.4 5.5 5. and out of the reach of the attacker.1 5. Cryptography is also called as an art or technique to achieve secure communication between the communicating parties by encoding the messages between them such that no third party can gain anything useful out of interception.no way directly connected to the DMZ. Chapter 5 Cryptography Chapter Index Section Topic 5. converted into a coded form called 'cipher text' at the sender's end.0 5. the internal private network is safe.7 5.

which makes use of simple letter substitution to generate cipher text. Modified Caesar Cipher. Specific methods used in this type include 1. Mono-alphabetic cipher. (please refer to section 5. 4.the very basic technique.6 of these notes for details) The techniques used in symmetric key cryptography are as below. Homophonic substitution cipher.in which the 'key' element used. Polygram substitution cipher Polyalphabetic cipher etc. 2. § § Symmetric key cryptography is also known as 'private or secret key cryptography' (please refer to section 5. Substitution technique . Caesar Cipher A cryptographic scheme proposed by Julius Caesar is one special case of substitutional cipher where each alphabet is the message is replaced by an alphabet.Various techniques are utilized for this purpose of cryptography. But this simplicity comes with a cost. Caesar cipher (used by Julius Caesar).5 of these notes for details) whereas Asymmetric key cryptography is also known as 'public key cryptography'. 3. is different for both encryption as well as decryption. Thus “A” becomes “D” and “B” becomes “E” Plain text Cipher Text Plain text Cipher Text A B C D E F G H I J K L D E F G H I J K L M N O O R P S Q T R U S V T W U X V Y W Z X A M P Y B N Q Z C Caesar Cipher is very simple. Obviously it is a very weak scheme. Broadly these techniques fall into two categories. in the alphabetical order. 6. is the 'same' for both encryption as well as decryption and 2) Asymmetric key cryptography . 5. Now let us study them (Substitution Technique) one by one: 1. three places down the line. 1) Symmetric key cryptography: . 93 .in which the 'key' element used.

This can complicate matters a bit. the English language contains 26 alphabets. can be any places down the order. we are now saying that an alphabet A in plain text would not necessarily be replaced by D. Read each alphabet in the cipher text message. our earlier algorithm would not work. It can be replaced by any valid alphabet. and search for it in the second row of the figure above 2. i. but not so good in practice. as shown: 94 . Once the replacement scheme is decided. it would be constant and will be used for all other alphabets in that message. for each alphabet. but instead. Let us now try and complicate the Caesar Cipher to make an attacker's life difficult. replace that alphabet in the cipher text message with the corresponding alphabet in the same column but the first row of the table (e. Let us write a new algorithm to break this version of Caesar Cipher. Cipher text Plain text L I O L R O Y V H E B Y R O X U Caesar Cipher is good in theory. Thus. B through Z). replace it with G). As we know. When a match is found.e. by E or by F or by G. Of course. Thus. an alphabet A can be replaced by any other alphabet in the English alphabet set. to break a message in the modified version of Caesar Cipher. Let Ke be the encryption key and Kd be the decryption key. it is easy to work backwards and obtain the plain text I LOVE YOU as shown below. it does not make sense to replace an alphabet by itself (i. we have 25 possibilities of replacement. and so on. replacing A with A). if the alphabet in cipher text is J.e. Repeat the process for all alphabets in the cipher text message. (i. 2.g. given a cipher text message L ORYH BRX. 3. The process shown above will reveal the original plain text. Thus. Here we have assumed that the value of Ke = 3 and thus Kd would also be 3. Modified Version of Caesar Cipher How can we generalize Caesar Cipher a bit more? Let us assume that the cipher text alphabets corresponding to the original plain text alphabets may not necessarily be three places down the order. Hence. Thus.e.Algorithm to break Caesar cipher 1.

Q. In a plain substitution cipher technique. Trying out all possibilities is called Brute-Force Attack. Whichever makes some sense we keep and the other 24 are rejected.I.P. we replace one alphabet with another. Replace each alphabet in the cipher text message with an alphabet that is k positions down the order. and she is assured of a success. The crucial difference being. Let k be a number equal to 1. It might actually take years to tryout these many combinations even with the most modern computers. if we have decided to replace each A with D. Once we decide to replace an alphabet in a plain text message with an alphabet that is k positions up or down the order. which means (26 x 25 x 24 x 23 x . then go to step 2. Homophonic Substitution Cipher: The Homophonic Substitution Cipher is very similar to Mono Alphabetic Cipher. 4. each B can also be replaced by any other random alphabet (A or C through Z).R. A can be replaced by D. However the cipher text character can be any one of the chosen set. choose the alphabet from a set.1. the difference is that instead of having a fixed substitution. we replace all other alphabets in the plain text message with the same technique. 2.. we need not necessarily replace each B with E-we can replace each B with any other character I To put it mathematically. Mono-alphabetic Cipher The major weakness of the Caesar Cipher is its predictability. Thus. the cryptanalyst has to tryout a maximum of 25 possible attacks. 2) or 4 x 1026 possibilities I This is extremely hard to crack. Increment k by 1. B can be replaced by E. there is no relation between the replacement of B and replacement of A. 5. This means that in a given plain text message. each A can be replaced by any other alphabet (B through Z). Homophonic Substitution Cipher also involved substitution of one plain text character with a Cipher Text character at a time. we can now have any permutation or combination of the 26 alphabets. Read the complete cipher text message.H. The original text message corresponding to the cipher text message is one of the 25 possibilities produced by the above steps. stop the process. We write down all the 25 possibilities and try to make sense. We can. 6.. Now imagine that rather than using a uniform scheme for all the alphabets in a given plain text message. but in this scheme. 95 . 3. 4. Otherwise. 3. and so on. That is.S etc. If k is less than 26. So in this technique. we decide to use random substitution.

After al the keys are used. Simple Columnar Transposition Technique: O R W 96 . In Polygram Substitution Cipher technique. Specific examples include 1. Each of the keys encrypts one plain text character. Example: Original Plain text message: “ Come home tomorrow” 1.5. a block of alphabets is replaced with another block. write it sequentially.Modified version of substitution technique because this not only substitutes letters but also makes some sort of permutation over the plain text in order to generate cipher text. Read the plain text written in step 1 as a sequence of rows. Transposition technique . The first key encrypts the first plain text character. but HELL could be replaced by a totally different cipher text block TEUL 6. The more number of rounds. rather than replacing one plain text alphabet with one cipher text alphabet at a time. Thus if we have 30 one letter keys. Now let us study them (Transposition Technique) one by one: 1. For instance. Poly-alphabetic Substitution Cipher. HELLO could be replaced with YUQQW. they are recycled. In some cases. 4. Rail fence technique Simple columnar transposition Simple columnar transposition with multiple rounds Vemam cipher. Book cipher etc. the mono alphabetic cipher technique is used round after round over already converted plain text and its cipher text. every 30th character in the plain text would be replaced with the same key. it would like as follows: C M H M T M R O E O E O O 2. Rail Fence Technique: It uses a simple algorithm as: 1. Now read the text row by row. 2. and so on. 3. 5. Thus we have: C-M-H-M-T-M-R-O-O-E-O-E-O-O-R-W 2. the second key encrypts the second plain text character. Write down the plain text message as a sequence of diagonals. After we arrange the plain text diagonally. This number is called as the period of the cipher. the more complex the cipher becomes. This cipher uses multiple one character keys. 2. Polygram Substitution Cipher.

2. is implemented using a random set of nonrepeating characters as the input cipher text. Let us consider a rectangle with S columns. the basic Simple columnar technique is repeated for multiple rounds. Simple columnar transposition technique with multiple rounds: Here.5. Now read the text in the order of the columns. Since. b. The cipher text thus obtained is: E-O-W-O-O-C-M-R-O-E-R-H-M-M-T-O 3. 4. It can be any random order such as 2. The message thus obtained as the cipher text message of round 1 4. it is never used again for any other message (hence the name one-time). Read the message column by column in a random sequence 3. 1. Therefore. Hence. it is used as one-time pad and is discarded after a single use. c. however.6. The more number of rounds.1. The most significant point her is that once an input cipher text for transposition is used. The message thus obtained is the cipher text message. 6. when we write the message into the rectangle row by row it would look as follows: Column 1 C M R Column 2 O E R Column 3 M T O Column 4 E O W Column 5 H M Column 6 O O 2. Original Plain text Message: Secrets have to be kept. Write the plain text message row by row in a rectangle of a pre-defined size.Basic Technique: The idea is to: a.3 3. also called as One-Time Pad.3 etc.2. The Basic algorithm: 1. it is more difficult to crack. The length of the cipher text is equal to the length of the original plain text. Read the message column-by column. Book Cipher / Running Block Key Cipher: 97 . it need not be in the order of columns 1.3 etc. Write the plain text message row-by-row in a rectangle of a pre-determined size 2. Vemam Cipher (One-Time Pad) The Vemam Cipher.1. Use this output as a plain text for the next step 5. this technique is highly secure and suitable for small plain text message. the more complex the cipher becomes. but is impractical for large messages.

The requirement of 'same' key as in case of 'symmetric' key cryptography leads to a common problem called 'problem of key distribution'. i. or send the key along with the locked boxes. This is as described below. In order to come out of this problem.The idea used is quite simple and similar in principle to Vernam Cipher. how the two parties should agree upon a 'common' key that has to be used for the process. talk over open media for the common key.e. symmetric key.g. seal envelopes into locked boxes. the key that has to be used for both encryption and decryption should be the 'same' this leads to a problem that how the two parties requiring secure communication can 'agree' or 'decide' upon a common key. Every process of encryption and decryption is necessarily associated with a 'key'. some specific algorithm should be used for the purpose of encryption/decryption. For producing cipher text.the combination used for encryption and/or decryption. This is called the 'problem of key distribution'. in 1976 have come out with a good solution to the problem of key distribution as mentioned above. but it may not be so. without letting any third person know about it? There can be many ways in which the two parties will try to communicate assuming it is secure. 5. it turns out to be practically non-viable or difficult to implement. and they are added to the input plain text messages. The steps of this algorithm are as given below. ) 98 . some portion of text from a book is used. the rules or steps used for both encryption and decryption. Problem of Key distribution in Symmetric Key cryptography: As in case of symmetric key cryptography. one good solution was given by two scientists jointly known as 'Diffie-Hellman key exchange algorithm'. which serves the purpose of a one-time pad. that this is NOT an encryption or decryption algorithm but is only used for agreeing upon a. This. and an algorithm i. That is to say. even if they exchange letters.2 The Diffie-Hellman Key exchange algorithm: Whitefield Diffie and Martin Hellman. the characters from a book are used as one time pad. (It must be noted.e. e. Once it is done. there are very much chances of intercepting the communication between two parties if any of these methods are used. whatever may be the means used.

4. As it should be required here in symmetric key cryptography. This no. Now. A = g^xmod n. g=7. say y to calculate another number B such that. Example: Let us take an actual example. B is then sent by 'second' to 'first'. 'second' independently calculates the key K2 as: K2 = A^y mod n 9.Steps for algorithm: Assume two parties viz. Also. 'first' calculates the key KI as: KI = B^xmod n 8.) 2. Assuming values such as n= 11. 7. 'First’ chooses another large random no. 99 . x=3 and y=6. to illustrate above algorithm. KI = K2. say n and g. 'Second’ also chooses another large random no. This no. 1. value of x is only known to 'first'!) 3. (Note. A is then sent by 'first' to 'second'. independently. say x to calculate another number A such that.. 'first' and 'second' want to communicate securely. B = g^y mod n. (i. value of y is only known to 'second'!) 6. These need not be kept secured. 5.e. (Note. Let 'first' and 'second' agree upon two large prime nos. everyone can know these values.

This way. Value of B = 7^6mod 11 = 117649 mod 11 = 4. second-third as well as third-first must be secure! This would obviously require three keys! Then assume how many keys would be required to securely communicate between 1000 people that to independently? To find out this answer.We have following equations: 1. we have just seen the situation of only two communicating parties. What would be the situation if a third party say 'third' is added! One must think of the situation when communication between first-second. Thus. Hence in our example for 1000 people. still it does not solve all the problems! This is because the algorithm can fail if a hacker makes what is called as the man-in-the-middle attack. The importance of this scheme is that only one key-pair is required to securely communicate between any number of other parties.3 The concept of Public key and Private key: The Asymmetric key cryptography is also known as a 'public key cryptography'. we find that KI = K2. of keys required. one problem is overcome right away. of keys required to securely communicate between 'n' individuals is = n (n-l) / 2. And. It says. one formula is used. This states that two types of keys would be required. the second technique (mentioned in the beginning) comes into picture. Hence the algorithm is proved.e. Problems with the algorithm: Although. Key K2 = 2^6mod 11 = 64 mod 11 = 9. practically they are in-turn communicating with the hacker as he places himself in between them and switches back and forth the communication. i. The second problem is regarding the no. which uses a key-pair rather than a single key. the total no. it is seen that this algorithm turns out to be a good solution to the above mentioned key distribution problem. 3. 2. of keys that we've seen with earlier method. 4. 5. Key KI = 4^3mod 11 = 64 mod 11 = 9. (unlike the huge no.) Hence. In our example. This is to be followed by everyone who wants to communicate securely. Value of A=7^3mod 11 =343 mod 11 =2. even though the two parties will feel that they are talking to each other. 6. One of these two keys is called public key (which can be announced to the world) and another is private key (obviously to be kept with oneself). one each for encryption and decryption. 100 . In order to recover from these problems. 1000(999)/2 = 499500 keys would be needed. This certainly increases the complications further. 5. the Asymmetric Key cryptography.

On receiving the message. Then. if Y wants to send the message to X. that the message can be encrypted & sent by anyone. X wants to send a message to Y without having to worry about its security. X encrypts with Y's public key (as it is known to everyone) 3. Y decrypts this message using his own private key (known only to Y) [This ensures in this case. § X should inform Y about its public key. any interception will not result in knowing the sensitive information as key is only with Y. § Y should inform X about its public key ( Both now have their own set of keys ready. § X should keep its private key secret. When X wants to send message to Y. If one of the factors is used for encryption process. only the other factor shall be used for decryption. Hence. Shamir and Adleman at MIT in 1978.The working of public and private kevs: Asymmetric key cryptography (using public and private keys) works as under: Suppose. 5. reverse method is performed. Y encrypts the message using X's public key and sends this to X 6. What would happen if your private key were made public???? The answer is in just one word! – Get Bankrupted! – However rich you were! Now popper!! The receiver of your private key can. 4.] Similarly. but can only be decrypted by Y. The basis of this working lies in the assumption of large prime number with only two factors. based on the framework setup by Diffie & Hellman earlier). not only withdraw all that you have but also can also avail credit for banks and enjoy and you keep paying throughout your life! 101 . X can further decrypt it using his own private key. Then X and Y should each have a private key and a public key. on the other side. The best example of an asymmetric key cryptography algorithm is the famous RSA algorithm (developed by Rivest. 1. ) 2. X then sends this message to Y. § Y should keep its private key secret.

The hash function creates a fixed-size digest from a variable-length message. the receiver then checks the signature on the miniature. we use a hash function. as shown in Figure 102 .4 The concept of Hash (Message Digest): Signing the Digest We said before that public-key encryption is efficient if the message is short. Using a public key to sign the entire message is very inefficient if the message is very long. The sender creates a miniature version or digest of the document and signs it.5. The solution is to let the sender sign a digest of the document instead of the whole document. To create a digest of the message.

but are not given any further information. hashing is a one-to-one function. We will see the reason for this condition shortly. if the result is a two-digit number. it is slightly wider in scope. Let us assume that we want to calculate the message digest of a number 7391753. The message digest length is chosen to be so long with a purpose. Requirement of a message digest We can summarize the requirements of the message digest concept. the message digests are not so small and straightforward to compute. Actually. Idea of a Message Digest. the number 4000). which can produce the result 4. The fingerprint of a message (in this case. hashing is one-way. First. not vice versa. Dividing 4000 by 4 will always yield 1000. This is because there are infinite other possible equations. we perform a hashing operation (or a message digest algorithm) over a block of data to produce its hash or message digest. The concept of message digests is based on similar principles. If we change either 4000 or 4. which is smaller in size than the original message. the number 4) does not tell anything about the original message (in this case. For instance. it is encrypted (signed) using the sender's private key. if we are simply given the number 4. This concept is shown in fig. Thus. suppose that we have a number 4000 and we divide it by 4 to get 1000 Thus. Note that a hash function must have two properties to guarantee its success.The two most common hash functions are called MD5 (Message Digest 5) and SHA-I (Secure Hash Algorithm I). the digest can only be created from the message. Message digests usually consist of 128 or more bits. we have one more important concept here. Also for a given message. Then. the message digest must always be the same. Thus. Second. there is little probability that two messages will create the same digest. The encrypted digest is attached to the original message and sent to the receiver. After the digest has been created. we would not be able to trace back the equation 4 x 1000 = 4000. 4 can become a fingerprint of the number 4000. This means that the chance of any two-message digests being the same is anything between 0 and at least 2128. Another important point is. we multiply each digit in the number with the next digit (excluding it if it is 0). the result will not be 1000. The second produces a 160-bit digest. This minimizes that the scope for two messages digests being the same. The first one produces a 120-bit digest. However. and disregarding the first digits of the multiplication operation. as follows: § Given a message. 103 . it should be very easy to find its corresponding message digest. Another simple example of message digest is shown in fig.

§ §

Given a message digest, it should be very difficult to find the original message for which the digest was created. Given any two messages, if we calculate their message digests, the two message digests must be different.

Another basis of message digest is that it should not give any clue or indication of the original message. i.e. it should not be possible to revert back to original message from the digest. Also, for a given message it's digest should be the same always. Different algorithms are used to convert original message into its message digest. The popularly used ones are MD5 or Message Digest 5 (developed by Rivest) a modified version of earlier MD4, MD3 and MD2, while the first one was simply MD, and the SHA (Secure Hash Algorithm) developed by National Institute of Standards and Technology (NISI) in 1993. SHA-l is promoted & prominently used than the MD5 algorithm.

5.5 Digital Signatures: In earlier discussion of Asymmetric key cryptography, we had considered the only situation, in which if X is sender & Y receiver, then X encrypts the message with Y's public key and on receiving, Y decrypts with his own private key. This method only ensures secure communication between the two. Now consider another situation. If X is sender and Y is receiver, X encrypts the message using his own private key! On receiving, Y decrypts it using X's public key. The purpose behind this move is 'authentication'. It is clear that, only X knows his private key. So, when Y receives this message (encrypted with X's private key), it is an indication or proof that it has originated only from X and none else! Remember that in earlier scheme, the purpose was only 'confidentiality' and the origin of message was not the concern.

104

Now, one may say that if someone else wants to intercept this communication it should be easy. i.e. anyone can decrypt the message who knows X's public key. This is true, but then it will not be possible for anyone to again encrypt this message as only X knows his private key. Thus receiver here will not be fooled that message came from X This scheme confirms the origin of the message. So, in this case X cannot deny that he has sent the message to Y, because it was encrypted with X's private key, known only to X The above discussion forms the basis for the concept called ‘Digital Signature’’ In case of our normal operations, we make use of our (handwritten) signatures. These are used to confirm the 'origin' or the 'authentication' of the individual. In the Internet world, it would be difficult to use any such method in practice. Hence the concept of 'Digital signatures' was evolved. This technique is vitally important in the E-commerce concept used in the Internet. It proves as a valid mechanism for 'authenticity' of individual. Most of the financial transactions done over Internet make use of this method. Techniques of Digital signatures: Actual working of Digital signatures involves the use of a concept called 'Message digest' or 'hash'. Message digest is something like the summary of original message. (works similar to the CRC checksum concept) This is basically used to verify the 'integrity' of data i.e. to ensure that the message has not been modified after it was sent by sender and before it reaches the receiver.

The Digital Signature Standard (DSS) was developed by NIST first in 1991. It suggests using the SHA-1 algorithm for calculating the message digest. This digest is further used for performing Digital signatures, by using the algorithm called Digital Signature Algorithm (DSA). In DSA, message digest is encrypted with the sender's private key to form the Digital Signature (DS). This signature is transmitted further along with the original message. It is also possible to use the earlier RSA algorithm for performing digital signatures. RSA is prominently used over DSA as DSA turns out to be more complicated. Steps for the process: Sender’s Side: 1. If X is the sender, the SHA-1 algorithm is used to first calculate the message digest (MD 1) of original message. 2. This MD1 is further encrypted using RSA with X's private key. This output is called the Digital Signature (DS) of X. 3. Further, the original message (M) along with the Digital signature (DS) is sent to receiver. Receiver’s Side:

105

4. Y thus receives the original message (M) and X's digital signature. Y uses the same message digest algorithm used by X to calculate the message digest (MD2) of received message (M). 5. Also, Y uses X's public key to decrypt the digital signature. The outcome of this decryption is nothing but original message digest (MD1) calculated by X. 6. Y, then compares this digest MD1 with the digest MD2 he has just calculated in step 4. If both of them are matching, i.e. MDl = MD2, Y can accept the original message (M) as correctly authenticated and assured to have originated from X. whereas, if they are different, the message shall be rejected. This method turns out to be foolproof. Even if an attacker intercepts anywhere in between, it is not likely for him to again sign the modified/read message, as only X in this case will know the private key! Hence, even if intercepted, this method remains very much secure and reliable!

The Sender’s Side Modus Operandi – Digital Signature: After the digest has been created, it is encrypted (signed) using the sender's private key. The encrypted digest is attached to the original message and sent to the receiver. Figure (on previous page) shows the sender site.

106

and 3. Integrity The integrity of a message is preserved because if Eve intercepted the message and partially or totally changed it. all three security measures are preserved. Bob can show that encrypting and decrypting the saved message with Alice's private and public key can create a duplicate of the saved message.7 shows the receiver site. 2. Properties of Digital Signature: § § Digital signature does not provide privacy. If there is a need for privacy. she must use her own private key for encryption. Authentication. If the two digests are the same. X Digital Signature Public key Cipher # Sender’s Private Key Message Digest Algorithm Message Digest 107 . another layer of encryption/decryption must be applied. He applies the same hash function to the message to create a second digest. Authentication We can use the following reasoning to show how a message can be authenticated. Nonrepudiation. If Alice later denies sending the message. He separates the two. the decrypted message would be unreadable. Nonrepudiation Digital signature also provides for nonrepudiation. If Eve sends a message while pretending that it is coming from Alice. The message is then decrypted with the public key of Alice and will therefore be nonreadable. 1. Integrity. she cannot deny sending the message. Figure 30.The Receiver’s Side The receiver receives the original message and the encrypted digest. Digital signatures can provide 1. He also decrypts the received digest. 2. Bob saves the message received from Alice. Since only Alice knows her private key. Encryption with Eve's private key and decryption with Alice's public key result in garbage. using the public key of the sender. 3.

there needs to be N(N . The sender uses this key and an encryption algorithm to encrypt data. The sender needs to exchange the key to the receiver.KEY CRYPTOGRAPHY We can divide all the cryptography algorithms in the world into two groups: symmetric-key (sometimes called secret-key) cryptography algorithms and public-key (sometimes called asymmetric) cryptography algorithms. Each pair of users must have a unique symmetric key. 5 SYMMETRIC.500 (4 lakhs 99 thousand and five hundred symmetric keys are needed. It may be hijacked in between! 5. 2. 1.5. Symmetric-key algorithms are efficient. 1000 * 999 /2 = 4. Disadvantages of symmetric key: A symmetric-key algorithm has two major disadvantages.99. the same key is used in both directions. the same key is used by both parties. the receiver uses the same key and the corresponding decryption algorithm to decrypt the data In symmetric-key cryptography. Symmetric-key cryptography is often used for long messages. In symmetric-key cryptography. The reason is that the key is usually smaller. The key is shared. In symmetric-key cryptography. In symmetric-key cryptography. Note that the symmetric-key cryptography algorithms are so named because the same key can be used in both directions. The distribution of the keys between two parties can be difficult. for 1 thousand people to communicate. the same key is used by the sender (for encryption) and the receiver (for decryption). This means that if the encryption algorithm uses a combination of addition and multiplication. For this reason. This means that if N people in the world want to use this method. the decryption algorithm uses a combination of division and subtraction. 6 Asymmetric Key Cryptography: 108 . it takes less time to encrypt a message using a symmetric-key algorithm than it takes to encrypt using a public-key algorithm. symmetric-key algorithms are used to encrypt and decrypt long messages. the algorithm used for decryption is the inverse of the algorithm used for encryption.1)/2 symmetric keys. For example.

That is the main reason that public-key cryptography is not recommended for large amounts of text. Public-key encryption/decryption has two advantages. The big disadvantage is the complexity of the algorithm. and the pair of keys created can be used to communicate with any other entity.500. A shared symmetric key is shared by the two parties and cannot be used when one of them wants to communicate with a third party. the algorithm needs large numbers. each entity creates a pair of keys. then Bob must be sure that the public key really belongs to Alice and nobody else. wants to send a message to Bob. and the public one is distributed.. 109 . Public-key algorithms are more efficient for short messages. The public key is available to the public. Alice uses the public key to encrypt the message. Public-key cryptography also has two disadvantages. the public key that is used for encryption is different from the private key that is used for decryption. The private key is kept by the receiver.20. persons) who need to communicate with each other. as was the case in symmetric-key cryptography.In public-key cryptography. The second disadvantage of the public-key method is that the association between an entity and its public key must be verified. If we want the method to be effective. it removes the restriction of a shared symmetric key between two entities (e.99. In this system. Calculating the ciphertext from plaintext using the long keys takes a lot of time. In public-key encryption/decryption. the private key is used to decrypt the message. for I thousand users to communicate. only 1 thousand pairs of keys ie 2000 keys are needed. The public key is announced to the public. as shown in Figure 29. not 4. the private one is kept. The second advantage is that the number of keys needed is reduced tremendously. In public-key encryption! decryption.g. First. When the message is received by Bob. Each entity is independent. the private key is available only to an individual. Imagine Alice. If Alice sends her public key via an email to Bob. there are two keys: a private key and a public key.

different key is used for decryption Kd ≠ Kd Slower More than the original clear text size No problem at all Key used for encryption/decryption Speed of encryption/decryption Size of resulting encrypted text Key agreement / exchange Number of keys required as compared to the number of participants in the message exchange Very fast Usually same as or less than the original clear text size A big problem 6 Equals about the square Same as the number of of the number of participants. No.7 Compare and contrast between Symmetric Key Cryptography and Asymmetric Key Cryptography: S. so scales up quite participants. so well scalability is an issue 110 .One point needs to re-mention that if your private key were made public you would Get Bankrupted in no time! 5. 1 2 3 4 5 Characteristic Symmetric Key Cryptography Same key is used for encryption and decryption Ke = Kd Asymmetric Key Cryptography One key used for encryption and another.

In practice symmetric key cryptography and asymmetric key cryptography are combined to have a very efficient security solutions. Pretty Good Privacy: The implementation of security at the application layer is more feasible and simpler. one secret key. both have some areas where better alternatives are generally desired. integrity. and two private-public key pairs. as in the case of email and TELNET. it uses one hash function. we need to ensure that the following objectives are met. authentication. Specifically. if we can combine the two cryptography mechanisms. How nice it would be. It uses a combination of secret-key and public-key encryption to provide privacy. In this section. and yet do not compromise on any of the features? More specifically. The sender and the receiver can agree to use the same protocol and to use any type of security services they desire. The encryption and decryption processes must not take a long time. 4. 1. The key distribution problem must be solved by the solution. See Figure below 111 . However. 3. without introducing any additional complications. we discuss one protocol used at the application layer to provide security: PGP. and nonrepudiation. Asymmetric key cryptography solves the major problem of key agreement / key exchange as well as scalability. it is far slower and produces huge chunks of cipher text as compared to symmetric key Cryptography (essentially because it uses large keys and complex algorithms as compared to symmetric key cryptography). 5.7 Usage Mainly for encryption and decryption (confidentiality). Pretty Good Privacy (PGP) was invented by Phil Zimmermann to provide all four aspects of security (privacy. The solution should scale to a large number of users easily. particularly when the Internet communication involves only two parties. The generated cipher text should be compact in size. The solution should be completely secure. 2. cannot be used for digital signatures (integrity and nonrepudiation checks) Symmetric key cryptography is often used for long messages Can be used for encryption and decryption (confidentiality) as well as for digital signatures (integrity and non-repudiation checks) 8 Efficiency in usage Public key algorithm are more efficient for short messages The above table shows that both symmetric key cryptography and asymmetric key cryptography have nice features. and nonrepudiation) in the sending of email. Also. authentication. so as to achieve the better of the two. PGP uses digital signature (a combination of hashing and public-key encryption) to provide integrity.

Figure below shows how PGP uses hashing and a combination of three keys to extract the original message at the receiver site. *** 112 . The secret key then is used to decrypt the combination of the message plus digest. The encrypted secret key first is decrypted (using Bob's private key) to get the one-time secret key created by Alice. The message and the digest are encrypted using the one-time secret key created by Alice. The email message is hashed to create a digest.The figure shows how PGP creates secure email at the sender site. The combination of encrypted secret key and message plus digest is received. The secret key is encrypted using Bob's public key and is sent together with the encrypted combination of message and digest. The digest is encrypted (signed) using Alice's private key.

Sign up to vote on this title
UsefulNot useful