Professional Documents
Culture Documents
Security Goals
Confidentiality
• Confidentiality is probably the most common aspect of information security
• We need to protect our confidential information
• Unauthorized reading of data breach confidentiality
Integrity
• Information needs to be changed
• Integrity means that changes need to be done only by authorized entities and through authorized mechanisms.
• Unauthorized modification of data
Availability
• The information created and stored by an organization needs to be available to authorized entities.
• Unauthorized destruction of data
Attacks
Attacks
Thread to Confidentiality
Snooping
Snooping
Thread to Confidentiality
Traffic Analysis
• Traffic analysis refers to obtaining some other type of information by monitoring
traffic.
Thread to Integrity
Masquerade
Packet
Thread to Integrity
Modification or Spoofing
• Original data is altered and then retransmitted (In Replay data is not altered)
DHCP Discovery
Mac = A
IP = ?
Thread to Integrity
DCHP Offer
IP 10.0.0.200
SM 255.0.0.0
DG 10.0.0.1
IP 10.0.0.200
DG 10.0.0.1
Thread to Integrity
IP 10.0.0.200
DG 10.0.0.1
Thread to Integrity
Modification Example
Mac = A
IP = ?
Mac = A
IP = ?
Mac = A
Mac = A IP = ?
IP = ?
Thread to Integrity
Modification Example
DCHP Offer
IP 10.0.0.200
SM 255.0.0.0
DG 10.0.0.101
DCHP Offer
IP 10.0.0.200
SM 255.0.0.0
DG 10.0.0.101
10.0.0.200
DG 10.0.0.101
Thread to Integrity
Also known as Man in the Middle
Modification Example Attack
10.0.0.200
DG 10.0.0.101
DHCP Spoofing Attack Mitigation
• DHCP Spoofing attack mitigation is enable
“DHCP Snooping” on Switches that allow
configuration of ports as Trusted or
Untrusted
• By default all ports parked as Untrusted DCHP Offer
Ports IP 10.0.0.200
SM 255.0.0.0
• Untrusted ports cannot process DHCP DG 10.0.0.101
Replies
Thread to Integrity
Replay Attack
• Passive capture of data units and retransmitted later
Packet
Thread to Integrity
Packet
Packet Packet
Send Authentication Send Authentication
request to the server request to the server
Thread to Integrity
Packet
Packet
Packet
Packet Packet
Username E.Password and Username E.Password and
Session ID Session ID
Thread to Integrity
Packet
Packet
Repudiation
• Viruses * Grayware
• Worms * Ransomware
• Keyloggers
• Viruses attach themselves to legitimate files and can spread across the system, while worms can self-replicate and
spread through networks. Trojans disguise themselves as legitimate software to trick users into downloading them,
while ransomware encrypts the user's files and demands payment to restore access. Adware and spyware collect user
data and display unwanted advertisements. Protecting against malware requires robust antivirus software, firewalls,
intrusion detection system, access-list etc..
Advanced Persistent Threat (APT)
• Advanced Persistent Threat (APT) is a targeted cyber-attack that aims to gain unauthorized
access to sensitive information over a prolonged period.
• APT attackers use sophisticated techniques such as social engineering, malware, and zero-
day exploits to gain access to their target's network and remain undetected for extended
periods.
• APT attacks are often conducted by state-sponsored groups or organized cybercriminals and
can cause significant damage to the targeted organization's reputation, intellectual property,
and financial stability.
• This code can be used to steal personal information like passwords or money.
• People who make websites can stop XSS by being careful with the way they write their code, and by using special tools
that can find and stop bad code.
• SQL injection is a code injection technique that might destroy your database.
• They can put in code that tricks the website into giving them access to the database.
• This can let them steal or change information that's not meant for them. To stop SQL injection, people who make websites
need to be careful when writing their code, and use special tools that can find and block bad code.
Social engineering attacks
• Social engineering attacks are a type of computer problem where bad people try to trick other
people into sharing important information or doing things that can hurt their company's security.
• They might pretend to be someone the victim trusts, or make them feel like they have to act fast.
• Examples of social engineering attacks include phishing and pretexting, Benazir income support
scam. To stop social engineering attacks, people need to be careful and make sure they only share
information with trusted sources, use special codes to protect their accounts, and follow security
rules that their company sets.
Types of Payload & Industrial espionage
• Payloads are the portion of malware that carries out the attacker's malicious objectives.
• Remote access tools (RATs), keyloggers, backdoors, and ransomware are common payloads.
• RATs allow attackers to remotely access the target system, while keyloggers record keystrokes to capture
sensitive information.
• Backdoors provide the attacker with ongoing access to the system, and ransomware encrypts the victim's
data and demands payment to restore access.
• Industrial espionage is when attacjers try to steal secret information from a company, like trade secrets or
business plans. They might do this to gain a competitive advantage, or to sell the information to someone
else.
• Industrial espionage can be done through many different ways, including hacking into computers, briding
employees, or even stealing physical documents.
• To stop industrial espionage, companies need to be careful with who has access to their sensitive
information, use strong passwords and encryption, and make sure employees are trained to recognize and
report any suspicious activity.
How we can Protect ?
• Firewall
• Encryption / Decryption
• Intrusion Detection System
• Intrusion Prevention System
• Digital Signatures
• Routing Control
• Access Control
• Authentication
• Authorization
• Accounting