Professional Documents
Culture Documents
•We need security to:
•To protect our data, files and folders
•To protect our resources
•To protect e-commerce transaction information: user-id,
password, pin, etc
•To Protect my site from getting blocked by any attack such
as DOS
•To protect our I/P/ Address:
•To protect my e-mails:
•To protect Incoming packets so that no virus / worms
comes in
•To protect outgoing packets so that the secrets does not
leak out.
• There are various ways in which the functionality of
computer systems is threatened.
• In commerce, assets are: Land, Building, Plant and
Machinery;
• however in e-commerce the main assets are considered
to be data and information:
• Data is collection of raw facts where as the processes
data is called information.
• We would require security to safeguard the information
or resources, which are assets to the organization.
• Now days, we hear that many systems run by Govt. & other organizations have
been disrupted or penetrated.
• Examples:
• Yahoo, Amazon, Ebay, BUY.com brought down for more than 48 hours! All users
across the globe remained disconnected. Attackers were never caught. Thus
there was Loss of Revenue. Share values down. This was a DOS (Denial of
Services) attack
• NASA: The premier space research agency in the world. Had just finished a
successful spaceship launch, when the unexpected happened. An 11-year-old
Russian teenager changed the path of the spaceship remotely. Loss of money.
Unnecessary worry.
• BARC Group: One of the most sensitive atomic and missile research facilities in
India. Pakistani criminal organizations broke into network and stole sensitive
missile info. Loss of sensitive data. Threat to national security.
• In 1999 , a Swedish hacker broke in to
Microsoft's Hotmail website and created a
mirror site. This site allowed anyone to enter
any hotmail user’s email id and read her mails.
Modern Nature of Attack
• Salient features of the Modern Nature of Attack
• 1) Automating attacks:The speed of computers make
several attacks: for example, in real world ,suppose
some one mange to create a machine that can
produce counterfeit coins, how many such coins
would able attackers be able to get in markets.
• The attackers some how steals a very low amount(20
rupess) from a million bank account in a matter of few
minutes.This would gave the attacker a half milllions
dollars possibly without any major
Privacy concerns
• Collecting information about people and later
misusing it is turning out to be a huge problem
The so called data mining applications gather,
process and tabulate all sorts of details about
individuals. People can then illegally sell this
information
Distance doesnot matter
In 1995 , a Russian hacker broke into Citibank’s
computer remotely, stealing 1.2 millions
dollars. Although the attacker was traced, it
was very difficult to get him extradited for the
court case
Principles of security
• Confidentiality
• Integrity
• Authentication
• Non-repudiation
• Access control
• Availablity
Confidentiality
• The principle of a Confidentiality specifies that
only the sender and the intended recipients
should able to access the content of the message
• Confidentiality get compromised if an
unauthorized is able to access a message
• Example Confidential email message sent by A to
b, which is accessed by C without the permission
of knowledge of A and B . This type is called as
interception
Authentication
• Authentication mechanisms helps establish proof of
identities. The Authentication process ensures that
the origin of the electronic message or document is
correctly identified
• Example it could be case of user C, posing as user A,
sending a funds transfer request(from A’s account to
C’s Account) to bank B. The banks B happily transfer
the funds from A’s account to C’ Account- it would
thinks that user A has requested for the funds
transfers. This type of attrack is called as fabrication
Integrity
• When the content of a message are changed
after the sender sends it, but before it reaches
the intended recipients. We say that the
integrity of the message is lost
• Cookies arc perhaps the most popular mechanism of maintaining the state
information (i.e. identifying a client to a server).
javaScript, VBScript and jScript
• These scripts can be dangerous at times. Since
these scripts are small programs. they can
perform a lot of actions on the client's
computer.
• Of course, there arc restrictions as to what a
scripting program can and cannot do. However,
still incidents of security breaches have been
reported, whose blame was put to such
scripting languages
Java Security
• Java was designed in such a way that Java programs
are considered safe as they cannot install, execute,
or propagate viruses, and because the program itself
cannot perform any action that is harmful to the
user's computer.
• As we know, one of the key attributes of Java is the
ability to download Java programs over a network
and execute these programs on a different computer
within the context of a Java-enabled browser.
• Different developers were attracted to Java with
different expectations. As a result, they brought
different ideas about java security.
• Simply put, if we expect Java to be free from
introducing viruses, any release of Java should
satisfy our requirements.
• However, if we require special functionalities
such as digital signatures. authentication and
encryption in our programs,
The Java sandbox
• A security measure in the Java development environment. The
sandbox is a set of rules that are used when creating an applet that
prevents certain functions when the applet is sent as part of a Web
page.
• When a browser requests a Web page with applets, the applets are
sent automatically and can be executed as soon as the page arrives
in the browser. If the applet is allowed unlimited access to memory
and operating system resources, it can do harm in the hands of
someone with malicious intent.
• The sandbox creates an environment in which there are strict
limitations on what system resources the applet can request or
access. Sandboxes are used when executable code comes from
unknown or untrusted sources and allow the user to run untrusted
code safely.
Java application security
• byte code verifier -- This is one way that Java
automatically checks untrusted outside code
before it is allowed to run. When a Java source
program is compiled, it compiles down to
platform-independent Java byte code, which is
verified before it can run. This helps to
establish a base set of security guarantees.
• The class loader Class loaders load classes that are located in Java's
default path (called as CLASSPAFH). In Java 1.2, the class loaders also
take tip the job of loading classes that are not found in the
CLASSPATH.
• • The access controller In Java 1.2. the access controller allows (or
prevents) access from the core Java API to the operating system.
• • The security manager The security manager is the chief interface
between the core Java API and the operating system. It has the
ultimate responsibility for allowing or disallowing access to all
operating system resources. The security manager uses the access
controller for many of these decisions.
• • The security package The security package (that is. classes in the
java.security package) helps in authenticating signed Java classes.
Specific Attacks
• On the Internet, computers exchange messages with each
other in the form of small groups of data, called as packets.
• A packet, like a postal envelope contains the actual data to
be sent, and the addressing information. Attackers target
these packets, as they travel from the source computer to
the destination computer over the Internet.
• These attacks take two main forms: (a) Packet sniffing (also
called as snooping) and (b) Packet spoofing.
• Since the protocol used in this communication is called as
Internet Protocol (IP), other names for these two attacks are:
(a) IP sniffing and (b) IP spoofing.
Packet sniffing
• Packet sniffing is a passive attack on an ongoing conversation. An
attacker need not hijack a conversation, but instead, can simply observe
(i.e. sniff) packets as they pass by.
• Clearly, to prevent an attacker from sniffing packets, the nformation that is
passing needs to be protected in some ways. ‘
• This can be done at two levels:
• (i) The data that is traveling can be encoded in some ways, or
• (ii) The transmission link itself can be encoded.
• To read a packet, the attacker somehow needs to access it in the first place.
• The simplest way to do this is to control it computer via which the traffic
goes through. Usually, this is a router. However, routers are highly
protected resources. Therefore, an attacker might not be able to attack it.
and instead, attack a less-protected computer on the same path
Packet spoofing
• In this technique, an attacker sends packets
with an incorrect source address. When this
happens, the receiver (i.e. the party who
receives these packets containing a false
source address) would inadvertently send
replies back to this forged address (called as
spoofed address), and not to the attacker. This
can lead to three possible cases:
• (i) The attacker can intercept the reply-If the attacker is
between the destination and the forged source, the attacker
can see the reply and use that information for hijacking
attacks.
• (ii) The attacker need not see the reply-If the attacker's
intention was a Denial Of Service (DOS) attack, the attacker
need not bother about the reply.
(iii) The attacker does not want the reply-The attacker could
simply be angry with the host, so it may put that host's address
as the forged source address and send the packet to the
destination. The attacker does not want a reply from the
destination, as it wants the host with the forged address to
receive it and get confused.
Phishing
Pharming(DNS spoofing)
• Another attack. known earlier as DNS spoofing or DNS poisoning,
is now called pharming attack. As
• we know. using the Domain Name System (DNS). people can
identify Web sites with human-readable names (such as
www.yahoo.com). and
• computers can continue to treat them as IP addresses (such as
l20.l0.8l .67).
• For this, a special server computer called a DNS server maintains
the mappings between domain names and the corresponding lP
addresses.
• The DNS server could be located anywhere. Usually. it is with the
lntemet Service Provider (ISP) of the users
the DNS spoofing attack works as follows.