Information Security

(Week 1 & 2)

Instructor: Muhammad Noman Sohail

 Muhammad Noman Sohail
MS Information Security- COMSATS University Islamabad, 2021.
BS Information Technology- University of Sargodha, 2018.

Recently Joined University of Lahore

 About the course

 To provide a survey and exposure of both principle and practice of

information security.
 To determine threats to a network and how to protect organization’s
systems and data from attacks.
 The course will also help you understand and learn counter measures
used to prevent, detect and correct security violations in a computer
network.
You will NOT learn…

• How to do computer hacking

• Break in a computer server and gain access to sensitive data
 Books and Resources
• Managing Information Security by John R. Vacca
• Computer and Network Security Essentials, Kevin Daimi
• Principles of Information Security, 6th edition by M. Whitman and H. Mattord
How this course will be run

The course is comprised of 48 lectures and is divided in following parts:

 Part-1: Computer/System Security

 Part-2: Network Security
 Part-3: Internet Security
Part-1: Computer/System Security

 The main concepts that are discussed in this part are:

Security concepts, security violation categories, security measure levels,

methods of violate security, types of attacks and firewalls.

 This part will be covered in

 Lecture 1 to lecture 9
Part-2: Network Security

 This part will cover most of the contents of the course. It has been further divided in
following sub-parts:

a) Analysis of network security

b) Cryptography as a network security tool

c) Symmetric key cryptography

d) Asymmetric key cryptography

e) Incorporating security in other parts of the network

Part-2(a): Analysis of network security

 Here we will discuss:

• Network threats (viruses, worms, Trojan horse), countermeasures of the
threats, network security model, access control, principles and techniques of
network security with examples of how they are applied in practice.

• The topics will be covered in

• Lecture 10 – Lecture 20
Part-2(b): Cryptography as a network security tool

 Topics covered in this part are:

• Cryptography as classical security tool, basic terminologies, steganography, substitution and

transposition ciphers, Ceaser cipher

• The topics will be covered in

› Lecture 20 – Lecture 30
Part-2 (c): Symmetric Key cryptography

 Topics covered in this part are:

• Feistel cipher, Data Encryption Standard (DES), basic rounds, double
and triple DES, Advanced Encryption Standard (AES) and limitations of
the symmetric key cryptography.

• The topics will be covered in

• Lecture 30 – Lecture 35
Part-2 (d): Asymmetric key cryptography

 This part will cover the following topics:

• Requirements and challenges for asymmetric key, Diffi-Hellman key exchange,
Rivest Shamir & Adleman (RSA), attacks against RSA, hybrid cryptosystems
and quantum cryptography.

• The topics will be covered in

• Lecture 35 – Lecture 40
Part-2 (e): Incorporating security in other parts
of the network

 This part will discuss the following topics:

• Overview of the network security protocols, e.g., Simple Network
Management Protocol (SNMP), securing email, wireless security.

• The topics will be covered in

• Lecture 40 – Lecture 43
Part-3: Internet Security

 This is the last part of the course. The main concepts that are discussed in this
part are:

Tools and techniques to protect data during transmission over the

internet, Sobig F worm, grappling Hook attack, Morris Internet worm,
Overview of the internet security protocols such as https and ssh.

 This part will be covered in

• Lecture 43 – Lecture 46
 The last two lectures, i.e., Lecture 47 & 48 are reserved for the revision of the
course.
 What is security

Outlines Security violations

categories

Security measure level

Objectives

 To describe the basics of a computer/systems security

 To understand and distinguish between different breaches of security.
The Security Problem

“A system is secure if resources are used and accessed as intended under all
circumstances”
(Sillberschatz, Galvin and Gagne)
There are four things to notice here
1. Resources
2. Used and accessed
3. As intended
4. In all circumstances
Information security involves the protection of organizational assets from the
disruption of business operations, modification of sensitive data, or disclosure of
proprietary information.
Some Examples

 A transmit a file (containing sensitive information) to B. C, who is not authorized to read

the file, is able to monitor the transmission

 Administrator D sends a message to computer E for updating an authorization file F

intercept the message, alters its content to add or delete entries, and then forwards the
message to E. E accept the message and update the authorization file

 Rather than intercept, F construct its own message and send it to E

Security Violation Categories

There are three pillars of information security on which its operations are based
which are Confidentiality, Integrity, and availability.
 Breach of confidentiality
• Unauthorized reading of data
 Breach of integrity
• Unauthorized modification of data
 Breach of availability
• Unauthorized destruction of data
 Theft of services
• Unauthorized use of resources
 Denial of service (DOS)
• Prevention of legitimate use
Security Violation Methods

 Active attacks: A cybersecurity attack in which attacker alter, modify, destroy or disrupt the
operations of system.
• Masquerading or impersonating attack
• Repudiation
• Man-in-the-middle attack (MITM)
• Replay attack
• Denial of Service (DoS)
 Passive attacks: Attacker attempt to learn or capture the information without disrupting
the system operations.
• Eavesdropping
• Network monitoring
• Traffic analysis
• Social Engineering
Security Violation Methods

 Masquerading (breach authentication)

• Pretending to be an authorized user to escalate privileges
 Replay attack
• As is or with message modification
 Man-in-the-middle attack
• Intruder sits in data flow, masquerading as sender to receiver and vice versa
 Session hijacking
• Intercept an already-established session to bypass authentication
Standard Security Attacks
Security measure level

 Impossible to have absolute security, but make cost to perpetrator

sufficiently high to deter most intruders
 Security must occur at four levels to be effective:
• Physical
o Data centers, servers, connected terminals
• Human
o Avoid social engineering, phishing, dumpster diving
• Operating system
o Projection mechanisms, debugging
• Network
o Intercepted communications, interruption, DOS
 Security is as weak as the weakest link the chain
 But can too much security be a problem?
A case study

Read the following incident and try to find which security breach/breaches occurred, and what
can go wrong.

“In U.S The Department of Energy (DOE) has confirmed a recent cyber incident that occurred at
the end of July 2013 and resulted in the unauthorized disclosure of federal employee Personal
Identifiable Information (PII) may have been affected.
The incident included the compromise of 14 servers and 20 workstations. The data that was
exposed includes names, date of births, blood types, Social Security Number, other government-
issued identification numbers and contact information.”
At the time officials blamed Chinese hackers, but two weeks later a group calling itself Parastoo
(a common girls name in Farsi) claimed they were behind the breach, posting data that was
hacked from a DOE webserver
Another case study

Read the following incident and try to find which security breach/breaches
occurred, and what can go wrong.
"In early February a hotel franchise management company that manages 168
hotels in 21 states suffered a data breach that exposed hundreds of guests
debit and credit cards information in 2013.
White Lodging Services Corporation maintains hotel franchises for some of the
top names in lodging such as Hilton. Marriott Westin and Sheraton Sources
reported that the data breach centered mainly around the gift shops and
restaurants within these hotels managed by White Lodging, not necessarily the
front desk computers where guests pay for their rooms
Findings about case studies

• There are hundreds and hundreds of security

breaches accruing around us.
• All companies, organizations and individual needs
to be vigilant.
• Security must be deployed at multiple levels
Security needs and objectives

• Authentication (who is the person, server, software etc.)

• Authorization (what is that person allowed to do)
• Privacy (controlling one’s personal information)
• Anonymity (remaining unidentified to others)
• Non-repudiation ( user can't deny having taken an acting)
• Audit (having traces of actions in separate systems/places)
Authentication vs Authorization

Authentication is a process of verifying the identity of a user attempting to access

the resource or system. It ensures only authorized user can access the resources.
• Constraining set of potential senders of a message
• Complementary and sometimes redundant to encryption
• Also, can prove message unmodified
Common authentication methods are SSO, Biometric, 2-FA, Multi-Factor, PKIs etc.
• Authorization determine the action of authenticated user can perform.
Safety vs. security

 Safety is about protecting from accidental risks

• Road safety
• Air travel safety

 Security is about mitigating risks of dangers caused by intentional, malicious actions

• Homeland security
• Airport and aircraft security
• Information and computer security

 Easier to protect against accidental than malicious misuse

Threat, Vulnerability and Attack

 Threat: potential dangers or harmful events that could exploit vulnerabilities

 What can go wrong?
• various risks, including cyber threats (such as malware, phishing, or hacking attempts),
natural disasters, physical theft, human errors, or insider threats
 Vulnerability:
• A weakness in the system which allows an attacker to reduce its usage.
• Vulnerabilities can be found in software, hardware, configurations, procedures, or human
factors. Examples include software bugs, misconfigurations, weak passwords, lack of
encryption, or outdated software.
 Attack:
• When something really happen, and the computer system has been compromised.
• An attack is an intentional and malicious action taken by an adversary or attacker to exploit a
vulnerability in a system
Security Tools
Cryptography
Cryptography as a Security Tool

 Broadest security tool available

 Internal to a given computer, source and destination
of messages can be known and protected
 OS creates, manages, protects process IDs,
communication ports
 Source and destination of messages on network
cannot be trusted without cryptography
 Local network – IP address?
 Consider unauthorized host added
 WAN / Internet – how to establish authenticity
 Not via IP address
Cryptography as a Security Tool
Cryptography

Cryptography is the practice and study of techniques for securing communication and data
from adversaries.
 Means to constrain potential senders (sources) and / or receivers (destinations) of
messages
• Based on secrets (keys)
• Enables
o Confirmation of source
o Receipt only by certain destination
o Trust relationship between sender and receiver
Cryptanalysis
Secure Communication over Insecure Medium
 Encryption and Decryption
 Encryption is the process of converting data from plaintext (readable) to ciphertext
(unreadable) form.
 Encryption algorithm consists of
• Set K of keys
• Set M of Messages
• Set C of ciphertexts (encrypted messages)
• A function E : K → (M→C). That is, for each k  K, E(k) is a function for generating
ciphertexts from messages
 Decryption is the process of converting back ciphertext to plain text.
 A function D : K → (C→M). That is, for each k  K, E(k) is a function for generating
message from ciphertext.
Symmetric Encryption
 Same key used to encrypt and decrypt
• E(k) can be derived from ciphertext, and vice versa
 DES is most used symmetric block-encryption algorithm (created by US Govt)
• Encrypts a block of data at a time
 Triple-DES considered more secure
 Advanced Encryption Standard (AES),
 RC4 is most common symmetric stream cipher
Asymmetric Encryption

 Public-key encryption based on each user having two keys:

• public key – published key used to encrypt data
• private key – key known only to individual user used to decrypt data
 Must be an encryption scheme that can be made public without making it
easy to figure out the decryption scheme
Implementing Security Defenses
• Defense in depth is most common security theory – multiple layers of security

• Security policy describes what is being secured

• Vulnerability assessment compares real state of system / network compared to security policy

• Intrusion detection endeavors to detect attempted or successful intrusions

• Signature-based detection spots known bad patterns
• Anomaly detection spots differences from normal behavior
• Can detect zero-day attacks
• False-positives and false-negatives a problem
• Virus protection
• Auditing, accounting, and logging of all or specific system or network activities
Firewalling to Protect Systems and Networks

A firewall acts as a barrier between an internal network and external networks (such as the Internet). It
analyses incoming and outgoing network traffic based on a set of predefined rules and policies. Its primary
function is to block or allow traffic based on these rules, acting as a gatekeeper for network communication.
• A network firewall is placed between trusted and untrusted hosts
• The firewall limits network access between these two security domains
• Can be tunneled or spoofed
• Tunneling allows disallowed protocol to travel within allowed protocol (i.e., telnet inside of HTTP)
• Firewall rules typically based on host name or IP address which can be spoofed

• Personal firewall is software layer on given host

• Can monitor / limit traffic to and from the host
• Application proxy firewall understands application protocol and can control them (i.e., SMTP)
• System-call firewall monitors all important system calls and apply rules to them (i.e., this program can
execute that system call)
Packet Filtering firewall
This type of firewall examines individual packets of data based on criteria such as source
and destination IP addresses, port numbers, and protocols. It makes decisions on whether
to allow or block packets based on predefined rules. Packet filtering firewalls are often
implemented in routers or as a part of operating systems.
Packet Filtering firewall

Characteristic:
 Functionality: operates at network layer (layer 3) of OSI model, inspect the packets
header and examine the information such as source and destination addresses, port
number, and protocols (TCP, UDP, ICMP etc.)
 Decision making: Based on predefined set of rules it allow or block packet transmission
into the network.
 Stateless Inspection: It operates in a stateless manner, meaning it evaluates each packet
individually without considering the context of previous packets. It does not maintain
information about the state of connections or sessions.

 Usually implemented on routers

Stateful Inspection Firewall
It operate at the network layer and maintain information about the state of network
connections. They not only examine individual packets but also keep track of the context and
state of connections. By maintaining this state information, stateful firewalls can make more
sophisticated decisions and provide enhanced security

Stateful Firewall State Tables Stateful Firewall Operations

Stateful Inspection Firewall

 Context-Aware Inspection: maintain a record of the state of established connections. It

keeps track of the context of each connection by monitoring the state of sessions, such
as:
• TCP handshake
• session establishment
• teardown
 Stateful Tracking: It maintains a state table or connection table that stores information
such as:
• Active connections
• Source and destination IP addresses
• Port numbers
• Sequence numbers
• Connection status (e.g., established, ongoing, or closed)
Application Layer Firewall (Proxy Firewall)

An application layer firewall operates at the application layer (Layer 7) of the OSI model. It
acts as an intermediary between client and server applications. It provide functionalities
such as:
• Inspection capabilities
• Content filtering
• Protocol validation
• Application-specific security
Application Layer Firewall (Proxy Firewall)

 Content Inspection: It can examine the headers as well as payload of data packets.
 Protocol validation: validate and verify the legitimacy and correctness of application-layer
protocols.
 Application-Specific Security: These firewalls can implement specific security policies for
HTTP, FTP, SMTP, or other application protocols.
 Proxy Functionality: often operate as proxies between clients and servers. When a client
initiates a request, the firewall acts as a proxy server, forwarding the request to the actual
server and vice versa for responses.
 This proxy functionality allows the firewall to actively inspect, modify, or block data
packets based on detailed content analysis before passing them to their intended
destinations.
Other types of Firewalls

• Next-Generation Firewall (NGFW): NGFWs combine the functionalities of traditional

firewalls with additional security features such as deep packet inspection (DPI), intrusion
prevention systems (IPS), application awareness, and threat intelligence.
• Unified Threat Management (UTM) Firewall: UTM firewalls incorporate various security
features, including firewalling, intrusion detection/prevention, antivirus, anti-spam, web
filtering, and virtual private network (VPN) capabilities. UTM firewalls offer a
comprehensive and centralized security solution for small to medium-sized enterprises.
• Virtual Firewall: Virtual firewalls are designed specifically for virtualized environments,
where multiple virtual machines (VMs) share a single physical server. These firewalls
operate within the virtualization layer and provide network segmentation and security for
virtual networks and VM-to-VM communications.
Summary of today’s lecture

 Today we learnt:
• What is security and how different breaches of security can occur
around us.
• We have discussed how security breaches in a computing
environment can occur at different levels
• Symmetric and asymmetric cryptography
• What is firewall and its different types.