Professional Documents
Culture Documents
(Week 1 & 2)
This part will cover most of the contents of the course. It has been further divided in
following sub-parts:
This is the last part of the course. The main concepts that are discussed in this
part are:
“A system is secure if resources are used and accessed as intended under all
circumstances”
(Sillberschatz, Galvin and Gagne)
There are four things to notice here
1. Resources
2. Used and accessed
3. As intended
4. In all circumstances
Information security involves the protection of organizational assets from the
disruption of business operations, modification of sensitive data, or disclosure of
proprietary information.
Some Examples
There are three pillars of information security on which its operations are based
which are Confidentiality, Integrity, and availability.
Breach of confidentiality
• Unauthorized reading of data
Breach of integrity
• Unauthorized modification of data
Breach of availability
• Unauthorized destruction of data
Theft of services
• Unauthorized use of resources
Denial of service (DOS)
• Prevention of legitimate use
Security Violation Methods
Active attacks: A cybersecurity attack in which attacker alter, modify, destroy or disrupt the
operations of system.
• Masquerading or impersonating attack
• Repudiation
• Man-in-the-middle attack (MITM)
• Replay attack
• Denial of Service (DoS)
Passive attacks: Attacker attempt to learn or capture the information without disrupting
the system operations.
• Eavesdropping
• Network monitoring
• Traffic analysis
• Social Engineering
Security Violation Methods
Read the following incident and try to find which security breach/breaches occurred, and what
can go wrong.
“In U.S The Department of Energy (DOE) has confirmed a recent cyber incident that occurred at
the end of July 2013 and resulted in the unauthorized disclosure of federal employee Personal
Identifiable Information (PII) may have been affected.
The incident included the compromise of 14 servers and 20 workstations. The data that was
exposed includes names, date of births, blood types, Social Security Number, other government-
issued identification numbers and contact information.”
At the time officials blamed Chinese hackers, but two weeks later a group calling itself Parastoo
(a common girls name in Farsi) claimed they were behind the breach, posting data that was
hacked from a DOE webserver
Another case study
Read the following incident and try to find which security breach/breaches
occurred, and what can go wrong.
"In early February a hotel franchise management company that manages 168
hotels in 21 states suffered a data breach that exposed hundreds of guests
debit and credit cards information in 2013.
White Lodging Services Corporation maintains hotel franchises for some of the
top names in lodging such as Hilton. Marriott Westin and Sheraton Sources
reported that the data breach centered mainly around the gift shops and
restaurants within these hotels managed by White Lodging, not necessarily the
front desk computers where guests pay for their rooms
Findings about case studies
Cryptography is the practice and study of techniques for securing communication and data
from adversaries.
Means to constrain potential senders (sources) and / or receivers (destinations) of
messages
• Based on secrets (keys)
• Enables
o Confirmation of source
o Receipt only by certain destination
o Trust relationship between sender and receiver
Cryptanalysis
Secure Communication over Insecure Medium
Encryption and Decryption
Encryption is the process of converting data from plaintext (readable) to ciphertext
(unreadable) form.
Encryption algorithm consists of
• Set K of keys
• Set M of Messages
• Set C of ciphertexts (encrypted messages)
• A function E : K → (M→C). That is, for each k K, E(k) is a function for generating
ciphertexts from messages
Decryption is the process of converting back ciphertext to plain text.
A function D : K → (C→M). That is, for each k K, E(k) is a function for generating
message from ciphertext.
Symmetric Encryption
Same key used to encrypt and decrypt
• E(k) can be derived from ciphertext, and vice versa
DES is most used symmetric block-encryption algorithm (created by US Govt)
• Encrypts a block of data at a time
Triple-DES considered more secure
Advanced Encryption Standard (AES),
RC4 is most common symmetric stream cipher
Asymmetric Encryption
• Vulnerability assessment compares real state of system / network compared to security policy
A firewall acts as a barrier between an internal network and external networks (such as the Internet). It
analyses incoming and outgoing network traffic based on a set of predefined rules and policies. Its primary
function is to block or allow traffic based on these rules, acting as a gatekeeper for network communication.
• A network firewall is placed between trusted and untrusted hosts
• The firewall limits network access between these two security domains
• Can be tunneled or spoofed
• Tunneling allows disallowed protocol to travel within allowed protocol (i.e., telnet inside of HTTP)
• Firewall rules typically based on host name or IP address which can be spoofed
Characteristic:
Functionality: operates at network layer (layer 3) of OSI model, inspect the packets
header and examine the information such as source and destination addresses, port
number, and protocols (TCP, UDP, ICMP etc.)
Decision making: Based on predefined set of rules it allow or block packet transmission
into the network.
Stateless Inspection: It operates in a stateless manner, meaning it evaluates each packet
individually without considering the context of previous packets. It does not maintain
information about the state of connections or sessions.
An application layer firewall operates at the application layer (Layer 7) of the OSI model. It
acts as an intermediary between client and server applications. It provide functionalities
such as:
• Inspection capabilities
• Content filtering
• Protocol validation
• Application-specific security
Application Layer Firewall (Proxy Firewall)
Content Inspection: It can examine the headers as well as payload of data packets.
Protocol validation: validate and verify the legitimacy and correctness of application-layer
protocols.
Application-Specific Security: These firewalls can implement specific security policies for
HTTP, FTP, SMTP, or other application protocols.
Proxy Functionality: often operate as proxies between clients and servers. When a client
initiates a request, the firewall acts as a proxy server, forwarding the request to the actual
server and vice versa for responses.
This proxy functionality allows the firewall to actively inspect, modify, or block data
packets based on detailed content analysis before passing them to their intended
destinations.
Other types of Firewalls
Today we learnt:
• What is security and how different breaches of security can occur
around us.
• We have discussed how security breaches in a computing
environment can occur at different levels
• Symmetric and asymmetric cryptography
• What is firewall and its different types.