Electronic Business

Lecture 9
Syed Asim Jalal
Department of Computer Science
University of Peshawar
 Security Goals
• Confidentiality
– Concealment of information or resources
• Integrity
– Trustworthiness of data or resources
• Availability
– Ability to use information or resources
 Confidentiality
• Need for keeping information secret
arises from use of computers in sensitive
fields such as government, electronic-
commerce, and banking
• Mechanisms, such as cryptography,
support confidentiality
– Example: encrypting account or personal
information
 Integrity

• Integrity means preventing unauthorized

changes to information or data
• It includes data integrity (content) and origin
integrity ( source of data, also called
authentication)
• It includes both correctness and trustworthiness
 Availability

• It is an aspect of reliability. It means that

information or data should be always
accessible.
• Any attempts to block availability is called
denial of service (DoS) attacks.
 The Need for Security

• Computer Security
– They are the collection of tools designed
– to protect data and
– to prevent hackers’ attacks

• Network security or internet security

– They are security measures needed to
protect data during their transmission
• We need security
– To safeguard the confidentiality, integrity,
authenticity and availability of data transmitted over
insecure networks
– Internet is not the only insecure network in this world
– Many internal networks in organizations are also prone
to insider attacks
– In fact, insider attacks are greater both in terms of
likelihood of happening and damage caused
 Attacks, Services and
Mechanisms
• Security Attack:
– Any action that compromises the security of
information.
• Security Mechanism:
– A mechanism that is designed to detect, prevent,
or recover from a security attack.
• Security Service:
– A service that enhances the security of data
processing systems and information transfers. A
security service makes use of one or more
security mechanisms
Security Attacks
 Security Attacks

• Interruption:
– This is an attack on availability of services
– Disrupting traffic
– It could also mean Physically breaking communication
line
• Interception:
– This is an attack on confidentiality
– Overhearing, eavesdropping over a
communication line
 Security Attacks (continued)

• Modification:
– This is an attack on integrity of data
– Corrupting transmitted data or tampering
with it before it reaches its destination
• Fabrication:
– This is an attack on authenticity
– Faking data as if it were created by a
legitimate and authentic party
 Threats and Attacks

• Threat
– A potential for violation of security or a possible
danger that might exploit a vulnerability
• Attack
– An assault on system security- an intelligent act
that is a deliberate attempt to evade security
services and violate the security policy of a
system.
Passive and Active Attacks

13
– Passive Attack

 In a passive attack the attacker monitors unencrypted data

traffic and captures information.
 It includes looking for clear-text passwords and sensitive
information that can later be used in other types of attacks.
 Passive attacks include traffic analysis, monitoring of
unprotected communications, decrypting weakly encrypted
traffic, and capturing authentication information such as
passwords.
 Passive attack does not involve breaking any security
mechanism.

14
Passive Attack Example
Passive Attack Example
– Active Attack
 In an active attack, the attacker tries to break or bypass any
security mechanisms implemented to secure a system or
network.
 The attacker gains access to information or resources after
breaking some security mechanism.
 Active attacks result in the disclosure or dissemination of
data files, Denial of Service (DoS) attacks or modification of
some data.
 Such attacks can be carried out through viruses, worms,
Trojan horses or any programming code.
 For example, Denial-of-service attacks, spoofing.

17
Active Attack Example

pretend to be someone one is not

Active Attack Example
Attack Types

21
 Phishing Attack

 In phishing attack a hacker creates a fake web site that

looks exactly like a popular website such as a online bank
website or email service.
 The phishing part of the attack is that the hacker then
sends an e-mail message trying to trick the user into
clicking a link that leads to the fake website. When the
user attempts to log on with their account information, the
hacker records the username and password and then tries
that information on the real website.
 In phishing the victims provides security details
themselves after being fooled.

22
23
24
 Spoof attack/Masquerading 
– The term spoofing usually refers to a category of
scam in which the sender poses as somebody else.
 Pretending to be someone else, usually in an email or any
other communication using fake IP address.

25
– Attackers poses as original person or organization by using
similar URL or email addresses.
– One aim is to deceive a recipient of a message to download
harmful content or provide sensitive information in return.
– In a spoof attack, the hacker may modify the source address
of the packets he or she is sending so that they appear to be
coming from someone else in order to attempt to bypass a
firewall.
 IP Spoofing

– Posing as original is Spoof Attack,

– deceiving or fooling user to give security details is
Phishing.
26
 Eavesdropping

27
– Eavesdropping is the process of examining packets as they
are in transit between a source and destination device.
– A hacker typically uses a protocol-analyzer tool (packet
sniffer) to perform eavesdropping.
– In general, the majority of network communications occur in
an unsecured or "clear text" format, which allows an attacker
who has gained access to data paths in your network to "listen
in" or interpret (read) the traffic.

 To prevent eavesdropping, your best solution is to use some

form of encryption on your packets.

28
 Denial of service attacks
– In this kind of attack, an attacker floods servers with data
packets in an attempts to make a machine or network resource
unavailable for users.
– The goal is interrupted or suspended services that connect to
the Internet.

29
 Viruses
– Computer programs that corrupt or delete files
– Virus is sent as attachments or embedded in other files.

 Worm
– A worm is a program that replicates itself over a network with
some malicious intent in mind, such as crashing a system or
using up all the resources on the system.
– A worm doesn’t need to be sent.

– Trojan horse
– A malicious program that hides within a friendly program,
waiting for the user to activate it through normal computer
and application activity.
 The easiest way to protect a network from an outside
attack is to close it off completely from the outside
world.

 A closed network provides connectivity only to

trusted known parties and sites; a closed network
does not allow a connection to public networks.

31
Network security

 The goal of network security is to allow authorized

users to access information and services while
preventing unauthorized users from gaining access to
the network and resources in order to prevent any
damage to the network and resources.

32
 Network security measures would:
– Allow only authorized users to access resources in
a network
– Prevent unauthorized users from obtaining access

 There is a trade-off between network security and

network performance.
– Higher security measures would negatively impact
performance and efficiency.

33
Firewall: to prevent networks from attacks

34
 A firewall is a network security system that
monitors and controls the incoming and outgoing
network traffic based on predetermined security
policy (rules).

 Firewall decides to either allow or block

incoming data traffic from outside the network.
 Firewall can be a Software or hardware-software
combination.

35
 – It protects local area network (LAN) from outside
intruders.
– It offers Safety barrier for data flowing in and out.

 A firewall system is usually located at a gateway point,

such as the place where a site connects to the Internet

36
 Basic Principles of firewall

– All traffic must pass through it

– Only authorized traffic will be allowed to pass
and blocks others
– Immune to attacks from outside to break into
the network

37
Firewall limitation
 Firewalls do not protect you from internal security threats to your
local area network.

 Internal attacks are common and can be extremely damaging.

– For example, an unhappy employees with network access can break
in to the organization network or steal valuable , proprietary
information.

38