Inherent Vulnerabilities of Internet

Architecture
Lecture-1
Subject – Network Security & Cryptography
Class – B.E Information Technology
5th Semester

by

Prof. (Dr.) Krishan Kumar Saluja

University Institute of Engineering & Technology

Panjab University, Chandigarh
 Hours
Network Security & Cryptography (IT503)
SECTION-A

Basic Encryption and Decryption

Threats and Types of attacks, Challenges for Information Security, Classical Cryptographic Algorithms: (06)

Monoalphabetic Substitutions such as Caesar Cipher, Cryptanalysis of Monoalphabetic ciphers;

Polyalphabetic Ciphers such as Vigenere,
Vernam Cipher; Transposition Cipher.
Stream and Block Ciphers (07)
Rotor Based System and Shift Register Based System. Block cipher: principles, modes of operations. Data
Encryption Standard (DES), Analyzing and Strengthening of DES, Introduction to Advance Encryption
Standard (AES)
(04)
Number Theory and Basic Algebra
Modular Arithmetic, Euclidean algorithm, Random number generation
(05)
Key Management Protocols:
Solving Key Distribution Problem, Diffie-Hellman Algorithm, Key Exchange with Public Key Cryptography.

SECTION-B

(06)
Public Key Encryption Systems
Concept and Characteristics of Public Key Encryption system, Rivets-Shamir-Adleman (RSA) Encryption,
Digital Signature Algorithms and authentication protocols, Digital Signature Standard (DSA).
(05)
Hash Algorithms
Hash concept, description of Hash Algorithms, Message Digest Algorithms such as MD4 and MD5, Secure
Hash Algorithms such as SH1 and SHA2
(04)
Network Security
Kerberos, IP security: Architecture, Authentication Header, Encapsulating Security Payload
(04)
Web Security
Web security consideration, Secure Socket Layer Protocol, Transport Layer Security, Secure Electronic
Transaction Protocol
(04)
Firewalls
Firewall Design principles, Trusted Systems, Virtual Private Networks.
 Outline
• Computer Network & its goals
• Layered model
• TCP/IP Hybrid Protocol Stack
• What is vulnerability
• Typical Internet Architecture
• Vulnerabilities in Internet
Architecture
• Questions & Feedback
Introduction to Computer Networks

Computer Network
Computer network
connects two or more
autonomous computers.

The computers can be

geographically located
anywhere.
 Network Goals
Resource Sharing
Hardware (computing resources, disks, printers)
Software (application software)
Information Sharing
Easy accessibility from anywhere (files, databases)
Search Capability (WWW)
Communication
Email
Message broadcast
Cost
Scalability
Remote computing
Distributed processing (GRID Computing)
 Network Layers
➭ To make things simple: modularization
➭ Different layer has different functions
➭ Create layer boundary such that
● description of services can be small
● number of interactions across boundary
are minimized
● potential for interface standardized
6
 Protocol Hierarchy

Philosopher-

translator-

secretary

architecture.

7
OSI Reference Models

8
Packet Encapsulation
 The data is sent
down the protocol
stack
 Each layer adds

to the data by
prepending
headers

22Bytes 20Bytes 20Bytes 4Bytes

64 to 1500 Bytes
TCP/IP Protocol Stack for Internet
Packet Switching
 Vulnerability
• A vulnerability is a weakness which can be exploited by an
attacker
• A vulnerability is a hole or a weakness in the application,
which can be a design flaw or an implementation bug, that
allows an attacker to cause harm to the stakeholders of an
application. Stakeholders include the application owner,
application users, and other entities that rely on the
application.
(https://owasp.org/www-community/vulnerabilities/)
• Attacker perform unauthorized actions within the system once
the weakness is exploited
• A network vulnerability is a weakness or flaw in software,
hardware, or organizational processes, which when
compromised by a threat, can result in a security breach.
Internet Architecture
Vulnerabilities
 No authentication, integrity and
traceability

• The Internet was equipped with no inbuilt

mechanism for checking authentic source of
packets initially.
• In fact, on the way to destination routers and
other network devices do not check integrity of
packets even, they just forward at fast rates.
• Network devices do not even maintain any state
of packets forwarded by it, so inherently no
tracing is possible.
 Connectivity & resource sharing

• The Internet has been designed as a open

public infrastructure to share information
resources. Every machine is accessible to other
through routable IP address.
• Internet works mainly on packet switching so by
default resources allocated to connection are
shared which is contrary to circuit switching.
• Service to one user can be disturbed by
behaviour of other user in packet switched
networks.
 Intelligence & resource asymmetry

• Most of intelligence for service guarantees

are at the ends whereas high bandwidth
links and fast network devices are in the
middle.
• Since middle part of Internet is by default
un protected and no or very less
intelligence is present due to absence of
higher layers so it can be exploited by
attackers to launch attacks.
 Internet security is highly
interdependent

• Internet is a huge community. Lot of

machines on Internet are unprotected.
• No one can force other users to protect
their systems.
• Attackers create botnets by exploiting
weakness of unprotected machines to
launch attacks on important sites.
Modus Operandi
 Modus Operandi
Un Patched machines
1. Taking
Control Domain A
Target
domain
"zombies"

X
Un patched
machines
Domain B

Legitimate hosts
Domain C
 Lack of centralized control on
Internet

• Internet is an aggregation of numerous

networks, connected with each other to
provide global access.
• Each network is run by their own local
policies defined by their owners.
• There is no central authority or
management hierarchy which has overall
control on all networks over the Internet.
 A wider Picture
Zombies on
innocent
computers

Infrastructure-level DDoS
attacks

Server-level DDoS attacks

Bandwidth-level DDoS
attacks
Who is vulnerable?
 Financial institutions and banks
 Internet service providers
 Pharmaceutical companies
 Government and defense agencies
 Contractors to various government
agencies
 Multinational corporations
 ANYONE ON THE NETWORK
 Security related URLs
 http://www.robertgraham.com/pubs/
network-intrusion-detection.html
 http://online.securityfocus.com/infocus/1527
 http://www.snort.org/
 http://www.cert.org/
 http://www.nmap.org/
 http://grc.com/dos/grcdos.htm
 http://lcamtuf.coredump.cx/newtcp/
Thank You !
 Feedback is welcome !

 Any suggestions !

 Any Queries !