Internet Technologies: Mbeya University of Science and Technology

MBEYA UNIVERSITY OF SCIENCE AND TECHNOLOGY
INFORMATION AND COMMUNICATION TECHNOLOGY DEPARTMENT
INTERNET TECHNOLOGIES
lecture 7
Internet Security
19 th January 2016
COB 4111– Internet

Technology
Intro.. Security vs Access
• It is always a trade-off (a balance between two competing
forces)
 More security means less access
 More access means less security
 Redundancy can be either fatal or vital
 Nothing is perfect!
• Èverything which is not forbidden is allowed’
-- Principle of English Law
• Èverything which is not allowed is forbidden’
-- Common security principle
Technology
security policy
• Data Integrity. Integrity refers to protection from change: is the data that arrives
at a receiver identical to the data that was sent?
• Data Availability. Availability refers to protection against disruption of service:
does data remain accessible for legitimate uses?
• Data Confidentiality. Confidentiality refers to protection against unauthorized data
access (e.g., via snooping or wiretapping): is data protected against unauthorized
access?
• Privacy. Privacy refers to the ability of a sender to remain anonymous: is the
sender’s identity revealed?
• Accountability. Accountability refers to how an audit trail is kept: which group is
responsible for each item of data? How does the group keep records of access and
change?
• Authorization. Authorization refers to responsibility for each item of information
and how such responsibility is delegated to others: who is responsible for where
information resides, and how does a responsible person approve access and
change?

Technology
Threats vs. Attacks
• Threat: A potential for violation of security, which
exists when there is a circumstance, capability,
action, or event that could breach security and
cause harm. That is, a threat is a possible danger
that might exploit a vulnerability.
• Attack: An assault on system security that derives
from an intelligent threat; that is, an intelligent act
that is a deliberate attempt (especially in the
sense of a method or technique) to evade security
services and violate the security policy of a
system.
Technology
Threats
• Internet security threats impact the network, data security and other
internet connected systems. Cyber criminals have evolved several
techniques to threat privacy and integrity of bank accounts,
businesses, and organizations.
• Following are some of the internet security threats:
Mobile worms
Malware
PC and Mobile ransomware
Large scale attacks like Stuxnet that attempts to destroy
infrastructure.
Hacking as a Service
Spam
Phishing (email phishing)
Technology
The OSI security
• The OSI security architecture focuses on security attacks,
mechanisms, and services.
Security attack: Any action that compromises the security
of information owned by an organization.
Security mechanism: A process (or a device incorporating
such a process) that is designed to detect, prevent, or
recover from a security attack.
Security service: A processing or communication service
that enhances the security of the data processing systems
and the information transfers of an organization. The
services are intended to counter security attacks, and they
make use of one or more security mechanisms to provide
the service.
Technology
Privacy & Security
• Cryptography
• The process of converting a message into a secret
code and changing the encoded message back to
regular text
• Encryption
• The original conversion of a message into a secret
code
• Digital Signature
• An encryption technique used for online financial
transactions

Technology
Have a
nice day… Encryption
software
Computer A running on
sending
computer
E%$&:”}{|…
Decryption Have a
software nice day…
running on
Receiving Computer B
computer

Technology
Security Technologies

Technology
Security Technologies Cont..
• PGP (Pretty Good Privacy). A cryptographic system that applications
can use to encrypt data before transmission.
• SSH (Secure Shell). An application-layer protocol for remote login
that guarantees confidentiality by encrypting data before transmission across the
Internet.
• SSL (Secure Socket Layer). A technology originally designed by
Netscape Communications that uses encryption to provide authentication and
confidentiality.
• TLS (Transport Layer Security). TLS builds on version 3 of SSL. Both SSL and TLS are
available for use with HTTPS. HTTPS combines HTTP with either SSL or TLS and a
certificate mechanism to provide users with authenticated, confidential
communication over the Web. HTTPS uses TCP port 443 instead of port 80.
• RADIUS (Remote Authentication Dial-In User Service). A protocol used to provide
centralized authentication, authorization, and accounting. RADIUS is popular with
ISPs that have dialup users and with VPN systems that provide access to remote
users
Technology
TCP protocols
• The Need for Stream Delivery
Out of order packet delivery
Packet delay
Packet loss
Packet duplicates
Technology
Properties of TCP
• Stream Orientation
 TCP thinks of the data as a stream of bits, divided into 8-bit octets
 The stream delivery service on the destination machine passes to the receiver
exactly
• Virtual Circuit Connection
• Buffered Transfer
• Unstructured Stream
 TCP does not honor structured data streams.
 Application programs must understand stream content and agree on stream
format before they initiate a connection.
• Full Duplex Connection: transfer in both directions
• Reliability
 Positive Acknowledgement with Retransmission.

Technology
TCP Attack
• SYN Flooding
An attacker sends many SYN packets to create
multiple connections without ever sending an ACK to
complete the connection.
The victim has to keep the half-opened connection
in its memory for certain amount of time (e.g. 75
seconds).
If there are so many of these malicious packets, the
victim quickly runs out of memory.
Denial of Service (DoS) attack.
Those SYN packets usually use spoofed IP addresses.
Technology
TCP Attack cont…
• TCP Session Hijacking (Mitnick Attack)
• Discussion: Machine A and B. If a user rlogin from B to A,
A will not ask for a password (e.g. .rhosts). You are an
attacker. Can you login to A from your own machine?
Hint 1: sequence number
Hint 2: B’s role
• Guessing the sequence numbers Session Hijacking
• SYN flooding B.
• Defense methods
Encryption is the only complete defense
Checksum carry a keyed hash.
Technology
Firewalls
• Firewalls- A method of preventing unauthorized access
between a company’s computers and the Internet (looks at
the header of a packet)
• Firewalls can be implemented in both hardware and
software, or a combination of both.
• All messages entering or leaving the intranet pass through
the firewall, which examines each message and blocks
those that do not meet the specified security criteria.
• Assured pipeline -An Internet security method that looks at
the entire request for data and then determines whether
the request is valid.

Technology
Types of firewall techniques:
• Packet filter: Looks at each packet entering or leaving the
network and accepts or rejects it based on user-defined
rules. Packet filtering is fairly effective and transparent to
users, but it is difficult to configure. In addition, it is
susceptible to IP spoofing.
• Application gateway: Applies security mechanisms to specific
applications, such as FTP and Telnet servers. This is very
effective, but can impose a performance degradation.
• Circuit-level gateway: Applies security mechanisms when a
TCP or UDP connection is established. Once the connection has
been made, packets can flow between the hosts without
further checking.
• Proxy server: Intercepts all messages entering and leaving the
network. The proxy server effectively hides the true network
addresses.
Technology
Virtual Private Network (VPN)
• Virtual Private Network (VPN)
• A secure connection between two points across the Internet.
• VPN a network that is constructed by using public wires to connect
nodes
• Tunneling
• The process by which VPNs transfer information by encapsulating
traffic in IP packets and sending the packets over the Internet.
• Tunneling works by encapsulating a network protocol within packets
carried by the second network. For example, Microsoft's PPTP technology
enables organizations to use the Internet to transmit data across a virtual
private network (VPN).
• It does this by embedding its own network protocol within the TCP/IP
packets carried by the Internet. (Note: PPTP = point-to-point tunneling
protocol)

Technology
Technology
Website Security
• Security Considerations
Updated Software
SQL Injection
Cross Site Scripting (XSS)
Error Messages
Validation of Data
Passwords
Upload files
SSL, It is good practice to use SSL protocol while passing
personal information between website and web server or
database.
Technology
E-Mail Hacking
• E-Mail hacking can be done in one of the following:-
 Spam
• E-mail spamming is an act of sending Unsolicited Bulk E-mails
(UBI) which one has not asked for. Email spams are the junk mails sent
by commercial companies as an advertisement of their products and
services.
 Virus
• Some emails may incorporate with files containing malicious script which
when run on your computer may lead to destroy your important data.
 Phishing
• Email phishing is an activity of sending emails to a user claiming to be a
legitimate enterprise. Its main purpose is to steal sensitive information
such as usernames, passwords, and credit card details.

Technology
Cryptography
• Data integrity and privacy on the Internet primarily
concern on using cryptography.
• The design and implementation of cryptography
requires deep understanding of discrete mathematics
and number theory.
• A cryptographic encryption algorithm, also known
as cipher, transforms a "plain text" (e.g., human
readable) pt and outputs cipher text ct as the output,
• ct = cipher(pt, key), so that it is possible to re-generate
the pt from the ct through a decryption algorithm.

Technology
The terminology used with
encryption
• Plaintext — an original message before it has
been encrypted
• Cyphertext — a message after it has been
encrypted
• Encryption key — a short bit string used to
encrypt a message
• Decryption key — a short bit string used to
decrypt a message
Technology
Technology
Symmetric-Key Cryptography
• Symmetric-key cryptography is an encryption system in
which the sender and receiver of a message share a
single, common key to encrypt and decrypt the
message.
• Symmetric-key systems are simpler and faster, but
their main drawback is that the two parties must
somehow exchange the key in a secure way.
• Symmetric-key cryptography is sometimes also
called secret-key cryptography.
• If ct = encryption (pt, key), then pt = decryption (ct,
key).
Technology
Data Encryption Standard (DES)
• The most popular symmetric-key system is the
DES.
• DES was developed in 1975 and standardized
by ANSI in 1981 as ANSI X.3.92.
• DES encrypts data in 64-bit blocks using a 56-
bit key.
• The algorithm transforms the input in a series
of steps into a 64-bit output
Technology
International Data Encryption
Algorithm (IDEA)
• IDEA, is a block cipher which uses a 128-bit
length key to encrypt successive 64-bit blocks of
plain text.
• The procedure is quite complicated using
subkeys generated from the key to carry out a
series of modular arithmetic and XOR operations
on segments of the 64-bit plaintext block.
• The encryption scheme uses a total of fifty-two
16-bit subkeys.
Technology
Blowfish
• Blowfish is a symmetric block cipher that
can be used as a drop-in replacement for
DES or IDEA.
• It takes a variable-length key, from 32
bits to 448 bits, making it ideal for both
domestic and exportable use.
• Blowfish is unpatented and license-free,
and is available free for all uses.
Technology
Public-Key Encryption
• Public key cryptography uses two keys -- a public key known
to everyone, and a private or secret key that is safe guarded.
• Public key cryptography was invented in 1976 by Whitfield
Diffie and Martin Hellman. For this reason, it is sometimes
also called Diffie-Hellman encryption.
• It is also called asymmetric encryption because it uses two
keys instead of one key. The two keys are mathematically
related, yet it is computationally infeasible to deduce one
from the other.
• Unfortunately, public-key cryptography is very slow, about
1000 times slower than symmetric key cryptography.

Technology
RSA
• RSA, widely used for secure data transmission
• The encryption key is public and differs from
the decryption key which is kept secret.
• A user of RSA creates and then publishes a public key
based on two large prime numbers, along with an
auxiliary value.
• Breaking RSA encryption is known as the RSA problem;
• The un-breakability of the algorithm is based on the
fact that there is no efficient way to factor very large
numbers into their primes.
Technology
• Encryption is done as follows.
• Consider the entire message to be encrypted as a
sequence of bits. Suppose the length of n in bits is b. Split
the message into blocks of length b or b-1. A block viewed
as a b-bit number should be less than n; if it is not, choose
it to be b-1 bits long. Each block is separately encrypted,
and the encryption of the entire message is the
catenation of the encryption of the blocks. Let m stand
for a block viewed as a number. Multiply m with itself e
times, and take the modulo n result as c, which is the
encryption of m.
• That is, c = mê mod n.
• Decryption is the "inverse" operation: m = c^d mod n.
Technology
The Digital Signature Algorithm (DSA)
• DSA, is a United States Federal Government
standard for digital signatures.
Choose a prime q. Choose a prime modulus p such that p - 1 is
a multiple of q.
Choose g, a number whose multiplicative order modulo p is q.
(This may be done by setting g = h^((p - 1)/q) mod p for some
arbitrary h (1 < h < p-1), and trying again with a different h if
the result comes out as 1. Most choices of h will lead to a
usable g; commonly h=2 is used. )
Choose x by some random method, where 0 < x < q.
Calculate y = g^x mod p.
Public key is (p, q, g, y), and the private key is x.
Technology
Secure Communication Using Public Keys
• Public-key systems, such as Pretty Good Privacy
(PGP), are popular for transmitting information via
the Internet. They are extremely secure and
relatively simple to use. You need to retrieve the
recipient's public key from one of several world-
wide registries of public keys that now exist to
encrypt a message.
• When John wants to send a secure message to Jane,
he uses Jane's public key to encrypt the message.
Jane then uses her private key to decrypt it.

Technology
Digital Signatures
• A digital signature is a way to authenticate to a
recipient that a received object is indeed that of the
sender.
 Alice computes a one-way hash of a document.
 Alice encrypts the hash with her private key. The encrypted hash
becomes the document's signature.
 Alice sends the document along with the signature to Bob..
 Bob produces the one-way hash of the document received from
Alice, decrypts the signature with Alice's public key, and
compares the two values. If they match, Bob knows that: (i) the
document really came from Alice and (ii) the document was not
tampered with during transmission.
• Man-in-the-Middle (MiTM) Attack
Technology
Digital Certificates
• A package containing a person's name (and possibly some other
information such as an E-mail address and company name) and his
public key and signed by a trusted third party is called a digital
certificate (or digital ID).
• An independent third party that everyone trusts, whose
responsibility is to issue certificates, is called a Certification
Authority (CA).
• A digital certificate serves two purposes. First, it provides a
cryptographic key that allows another party to encrypt information
for the certificate's owner. Second, it provides a measure of proof
that the holder of the certificate is who they claim to be - because
otherwise, they will not be able to decrypt any information that
was encrypted using the key in the certificate.

Technology
Viruses
• Viruses are executable code pieces
that modify other programs on a
computer, inserting copies of
themselves. In this sense, viruses are
not programs -- they cannot run on
their own, and need to become part of
some host program. When such an
infected program is executed, the virus
attaches itself to another and so on.
Technology
Types of Virus
• Parasitic Virus - attaches itself to executable files as part of
their code. Runs whenever the host program runs.
• Memory-resident Virus - Lodges in main memory as part of
the residual operating system.
• Boot Sector Virus - infects the boot sector of a disk, and
spreads when the operating system boots up (original DOS
viruses).
• Stealth Virus - explicitly designed to hide from Virus
Scanning programs.
• Polymorphic - Virus - mutates with every new host to
prevent signature detection.
Technology
Viruses – Classification by Infection
Targets
• System sector/Boot viruses
– Infect the system sectors of disks & hard drives
• File/Parasitic viruses
– .COM and .EXE files, most typical
• Batch file & Macro viruses
– Use text batch files or Word/Excel macros
• Cluster viruses
– Infect the directory structures
• Companion/Spawn viruses
– Adds infected file to system startup
• Source code viruses
– Add additional code to program source code
• VB Script viruses
– Use Windows Scripting Host to control the machine

Technology
• Blended threats combine the characteristics of viruses, worms,
Trojan Horses, and malicious code with server and Internet
vulnerabilities to initiate, transmit, and spread an attack.
 Causes harm: Launches a Denial of Service (DoS) attack at a target IP address,

defaces Web servers, or plants Trojan Horse programs for later execution.
 Propagates by multiple methods: Scans for vulnerabilities to compromise a
system, such as embedding code in HTML files on a server, infecting visitors to a
compromised Web site, or sending unauthorized email from compromised
servers with a worm attachment.
 Attacks from multiple points: Injects malicious code into the .exe files on a
system, raises the privilege level of the guest account, creates world read and
writeable network shares, makes numerous registry changes, and adds script
code into HTML files.
 Spreads without human intervention: Continuously scans the Internet for
vulnerable servers to attack.
 Exploits vulnerabilities: Takes advantage of known vulnerabilities, such as buffer
overflows, HTTP input validation vulnerabilities, and known default passwords
to gain unauthorized administrative access.

Technology
Worms
• A worm is a malicious program that copies itself from one
computer to another on a network. A worm is an
independent program, in the sense described above, unlike
a virus which is a part-program that must insert itself into a
whole-program. A worm typically does not modify other
programs. A typical worm may carry other code, including
programs and viruses. Copies it self and execute.
The Morris worm has been extensively analyzed as it was
perhaps the first worm to use Internet to spread out.
Popular media often labelled the StuxNet of 2010 as a
virus, but it is a worm.

Technology
Trojans
• Trojans are programs that appear to have one
function but actually perform another function.
• Trojan horses are named after the Trojan horse of
the Greek Trojan War.
• No host is need
• Does not copy it self
• Imposter program

Technology
Technology
Technology
Secure Socket Layer (SSL)
• It is a security protocol developed by

Netscape Communications Corporation. ). It
provides security at transport layer. It
addresses the following security issues:
Privacy
Integrity
Authentication
Technology
Intrusion Detection
• The goal of intrusion detection is to be able to
identify if and when an intrusion has occurred.
• Integrity Verifiers -Integrity protection systems detect when
critical components have changed, and assume that the changes must
have been due to malicious activity such as when backdoors have been
added to system files.
• Log Files - Extensive system logs must be generated recording all
system activity as these logs will contain evidence of an intrusion that can
be discovered at least after the fact. Here are the most common of these
logs
• Intrusion Detection Systems- Intrusion detection systems
(IDSs) have become a major area of research and product development.
• The Linux Intrusion Detection System
Technology
IP Spoofing
• IP Spoofing
– Some Uses of IP Address Forgery
– IP Spoofing in a Blind Attack
– IP Spoofing in a non-Blind Attack
– Route Spoofing
• Detection of IP spoofing
• Prevention of IP Spoofing
• IP Fragment Attacks
Technology
ARP Cache Poisoning
• By sending forged ARP replies, a target system could be
convinced to send frames destined for a computer to
another computer.
• There are various ways to conduct cache poisoning: ARP
“who is” broadcast , ARP reply, gratuitous ARP message, etc.
• According to the tests on Windows 9x, NT, 2000, XP, Solaris
8, Linux kernel 2.2 and 2.4, Cisco IOS 12, Nokia IPSO 3.5
operating systems, there were always at least one kind of
ARP message to poison the cache.
• Moreover, on Windows systems (9x/NT/2K), static ARP entry
can always be overwritten using a fake ARP message.

Technology
ICMP Protocol (Internet Control
Message Protocol
• IP may fail to deliver datagrams because
∗ the destination is not available
∗ the time-to-live counter expires
∗ routers become congested – We need to let the sender
know what has happened – ICMP is a required part of IP.
• ICMP allows routers (and hosts) to send error or control
messages to other routers or hosts
• ICMP provides communication between the Internet
Protocol software on one machine and the Internet
Protocol software on another
Technology
Attacks Using ICMP Messages
• Mapping Network Topology
 Mapping a target network is a very strategic part of most
intelligently planned attacks.
 An attacker then can direct a more focused scan or exploit toward
live hosts only.
 Sending individual ICMP echo: this is what the ping command does. –
 Sending ICMP echo requests to the broadcast addresses of a
network.
 Sending ICMP echo requests to network and broadcast address of
subdivided networks.
 Sending an ICMP address mask request to a host on the network to
determine the subnet mask to better understand how to map
efficiently.

Technology
• Smurf Attack
Ping an IP-directed broadcast address, with
the (spoofed) IP of a victim as the source
address.
IP-directed broadcast addresses are usually
network addresses with the host portion of
the address having all one bits.
For example, the broadcast address for
subnet 192.168.10.0 is 192.168.10.255).

Technology
• ICMP Redirect Attack
Send an ICMP redirect packet to the victim, asking it
to send its packets to another “router”, which can be
a malicious machine.
Impact: man-in-the-middle attacks or denial-of-
service attacks.
Host Requirements RFC states that system MUST
follow ICMP redirects unless it’s a router.
Winfreez(e): in Windows.
∗ ICMP Redirect: Yourself is the quickest link to
host Z.
∗ The victim changes its routing table for Z to itself.

Technology
• Ping of Death
ICMP echo request with fragmented packets
Maximum legal size of an ICMP echo request
packet: 65535 - 20 - 8 = 65507
Fragmentation allows the bypass of the
maximum size. For the last piece of the fragment,
the following is possible: (offset + size) > 65535
Reassembled packet would be larger than 65535
bytes.
Impact: some operating systems will crash.
Same attack with different IP protocols.
Technology
Techniques used in security attacks

Technology
IPsec
• Ipsec build the encryption/authentication logic on
top of layer 3 (IP).
• IPsec is a suite of protocols for securing network
connections
Secure Socket Layer (SSL)- it is easier to deploy something
if you don't have to change the OS.
Many IP stacks are implemented so that layer 4 (e.g. TCP)
and below are implemented in the OS, and anything above
is implemented in a user space.
IPSec's, implementing security within the OS automatically
causes all applications to be protected without the
application having to be modified.
Technology
• Two IPSec headers: AH vs. ESP
AH: Authentication Header. Protocol Type = 51 (this
is one of the fields in IP header)
ESP: Encapsulating Security Payload (Protocol Type =
50)
• Two modes of applying IPsec protection to a packet
Transport mode: end-to-end communication
Tunnel mode: firewall to firewall, or endnode to
firewall, where data are only protected along part of
the path between endpoints.
Tunnel mode can be used instead of transport mode.

Technology
Denial of Service (DoS)
• A Denial of Service (DoS) attack floods a host (usually a
web server) with a stream of packets. Although the
server continues to operate, the attack effectively
consumes all resources, meaning that other users
experience long delays or have their connections
rejected.
• Because a manager can spot and disable a stream of
packets from a single source.
• Distributed Denial of Service (DDoS) attack arranges for
a large set of hosts throughout the Internet to each
send a stream of packets.
Technology
Protecting your System
• Keep update with Patches
• Use firewall
• Use Ant-Virus software
• Use Anti-Spyware
• Filter email
• Be aware of fake alert
• Strong PASSWORD
Technology
PASSWORD
• Should be:
 Long (8 characters or more)
 Not obvious or from a dictionary
 Contain capitals, numerals and non-
alphanumeric characters (!&^*$@.,’[]{}? …)
 Recorded securely somewhere
 Transmitted in encrypted form only
• Older programs such as FTP, Telnet transmit
this in plaintext …
Technology

Internet Technologies: Mbeya University of Science and Technology

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Internet Technologies: Mbeya University of Science and Technology

Uploaded by

Copyright:

Available Formats

MBEYA UNIVERSITY OF SCIENCE AND TECHNOLOGY

INFORMATION AND COMMUNICATION TECHNOLOGY DEPARTMENT

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

 Causes harm: Launches a Denial of Service (DoS) attack at a target IP address,

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

• It is a security protocol developed by

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

COB 4111– Internet

You might also like