Chapter 1

Introduction and security Trends

Threats to Security
Virus and worms Intruders Insiders Criminal organization Terrorist and information warfare Avenues of Attack Steps in Attack

Virus and Worms

Set of code runs on your computer without permission All virus are manmade Make copy of itself over and over Its uses available memory and system halt. Worms also a type of virus that make a duplicate copy of itself but does not attach itself to other program.

Intruders
Accessing computer system without authorization in different angle. It include scanning of individual system Two types of intruders
Insider Outsider

Insider
Insider are more dangerous than outsider It has a necessary knowledge about organization and their security system. Its has all access. Carry out all criminal activity..(fraud) . it has better knowledge to avoid detection. Physical access to facilities like contractors, partners and also access to computer and n/w

Criminal Organization
Dependent on computer system and networks. Amount of transaction conducted via internet. Criminal physical activity like fraud, extortion, theft. All this criminal activity done via internet.

Terrorist and Information Warfare

It is the process conducted against information and information processing equipment used by opponent. Nation is dependent on computer system and networks. It includes longer period of preparation, large financial banking and large organized group of attackers Military forces are key target. Critical infrastructure of nation are water, electricity, oil, gas refineries distribution, banking, finance and telecommunication .

 This infrastructure are dependent on computer and n/w Ex: railways Several country are capable of conducting such type of warfare Ex: attack on world trade center

Avenues of Attack
Two reasons for computer system attack Specifically targeted by attacker Attacking government system. It is an opportunistic target. Attack against a target of opportunity & it is conducted against a site that has h/w or s/w that is vulnerable to a specific exploit.

 In second case attacker not targeting the organization but they learn about the vulnerability and how to exploit. Targeted attack are more difficult and required more time than target of opportunity.

Steps in attack
Need more & more information. Ex: about organization. Collect info. Like studying own web site, their consulting resources, IP address, phone no. name of individuals and what n/w organization maintain

 Step 1: determine what target system are available & active Ex: ping command is used get the information. Step 2: port scan To determine which port is open Gives the indication of which service is available. Which operating system is running Which application is running

 Different technique can be applied to get the information by sending formatted packet to get a clue Ex: online lottery Collecting the information to carry out the next step. Decide which tools is used to exploit the vulnerability. Ex: guessing of userID and Password combination. Called as brute-force attack

 By different way system can be attack. General process is : gathering the information about target gathering the information about possible exploit to the system. attempting each exploit .

Types of attack
Attack on software like OS Attack on service or protocol

Different types of attack

DOS (Denial of service) Backdoors and Trapdoors Sniffing Spoofing Man in the middle Reply TCP/IP hijacking Encryption attack Malware Viruses Logic bombs

Denial of services
It can exploit the vulnerability in a
Specific application Operating system Attack on features Attack on weaknesses in a specific services.

By attack it block the authorized user to get the specific information or computer system or network

 DOS example is ping-of-death (POD) Attacker send Internet Control Message Protocol (ICMP) ping packet which is equal to or exceeding 64 kb. If system is not able to handle such large size of packet the system is hang or crash. DOS attack normally single attacking system. If DOS attacks using multiple attacking system , called as DDOS (Distributed Denial of Service) The goal of DDOS is to access or deny of a specific service.

 A N/W attack agents called as zombies. One important thing about DDOS attack is that with just few message to the agent, the attacker can have a flood of message sent against the targeted system.

To stop effect of DOS or DDOS attack upgrade system and application running on your system.

Fig. Distributed Denial of services Attack

 Backdoors and Trapdoors: Method used by software developer To gain access of application even if prevent normal access method. Backdoors are used to initial access of the blocked data/application

Sniffer
It is a S/W or H/W device used by software developer. Used to observe the N/W traffic passes through it and also used to view all traffic. Normal N/W device are user friendly & generally ignore all traffic. N/W sniffer ignore this friendly agreement & observe all traffic.

Characteristics of sniffer
To view all traffic Modify the traffic Type of traffic Which segment is used
(data segment, index segment, rollback segment, temporary segment)

Bandwidth Troubleshoot problem List duplicate MAC address

Spoofing
Spoofing is a technique used by computer hackers to gain unauthorized access to our computers by sending a message with an IP address & email Types of spoofing IP Spoofing Email Spoofing

Man in the Middle

Attacker place themselves between the two host that are communicating. All the traffic or message/data are passing through the attacker.

Host A
Communication Send to Attacker

Direct Communications

Host B
Attacker relays message to Destination Host

Attacker
Fig. Man In Middle Attack

Replay
Attacker capture the portion of communication between two parties and retransmit after some time Ex. Financial transaction To avoid such type of attack use encryption.

TCP/IP hijacking
It is the process of taking the control of already existing session between client and server. Advantage for Attacker:
No need of authentication

Such type of attack generally used against web.

Encryption Attack
It is the process of writing the secrete message. In this process plain text is converted into encrypted form which is unreadable. In this process key used and according to the key text is encrypted. To convert the encrypted text into actual text is called as decryption. To decrypt the text key is used. Cryptanalysis is a process of attempting to break the cryptographic system. This attack on specific method.

 To decrypt the text key is used. Cryptanalysis is a process of attempting to break the cryptographic system. This attack on specific method. Symmetric
DES RSA ( Digital Encryption Standard)
( Public Key Cryptography)

Asymmetric

(Rivest Shamir Adleman)

Restriction for Encryption

In the encryption method the key should not be weak. If the algorithm contains a weak key then this is called as poor algorithm. If the key is longer the it is hard to attack.

Indirect Attack
Find out the weakness mechanism in algorithm. Unprotected key. The attack who target such type of weakness, it is not a cryptographic algorithm.

Malware
It is also called as malicious code. Specially design to damage all the files of system. Also used to create backdoor in system. Every time the purpose of malware is not same . Different types of malicious software
Trojan horse Logic bomb worm

Viruses
Vital Information Resources Under Siege Boot sector virus Program virus It is attach itself to the executable file like .exe or .com

Micro virus
A macro virus is a computer virus that "infects" a application and causes a sequence of actions to be performed automatically when the application is started A macro virus is often spread as an email virus. A well-known example in March, 1999 was the Melissa virus virus.

Logic bomb
A logic bomb is a piece of code intentionally inserted into a software system It will set off a malicious function when specified conditions are met.

Security Basics
Network Security Some of the information are more important and private like medical information, financial information, data relating to the type of purchase. Data security
We dont want to secure software but want to secure data

Goal of Computer Security

CIA
Confidentially Integrity (generation & modification) Availability (system is available to authorized person)

Operational Model Security

Protection is equated with prevention. We use some prevention technique to address the problems. Prevention technique is nothing but a alert system that signals us when prevention is failed.

 Original security system

Detection + response

But now :Protection = Prevention + ( Detection + Response) Called as Operational

Model Security.

Layer of security
Administrative Logical : (use s/w & data to monitor the access)
Ex. Password, firewalls, access control list, data encryption

Physical :
It control the environment of the workplace and computing facility. Ex: doors, lock, heating and air conditioning, smoke and fire alarm, camera, security guard, cable lock.

 Those layers should include the following: Firewalls:- Firewalls protect the computer from outside intruders. According to Microsoft, there are multiple options for firewall: hardware, software and wireless router firewalls. A traditional scanner, such as antivirus, antimalware, and antispyware software:This protects computers from viruses, Trojans, worms, rootkits and similar attacks.

 A specialized Web-scanning layer to block most of the attacks immediately. The Web application scanner tests Web servers for dangerous files and other problems.
A behavior-monitoring layer:- A new program that installs itself so that it survives a reboot Newest version of your favorite browser:IE8 might not be perfect, but it is a lot safer than IE6.

 Network-based restrictions and user management software.:-One infected computer can destroy the network. Data encryption software:- Keep your data safe by encrypting it. Online backup system:- This gives you access to your data in case of theft or computer malfunctions.

Access control
Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer
Ex: accessing the file, Read/write/execute the file, accessing the printer and so on. Different Access Controls Are:
Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC)

Discretionary Access Control (DAC)

In which a user has complete control over all the programs Determines the permissions other users have files and programs It also assigned the permission to those who need access & provide sharing facility. It also provide restriction to the file, database, directory, device.

Mandatory Access Control (MAC)

It is much more restrictive of what a user is allowed to do. It restricting access to objects based on the sensitive of the information.
Ex:- Military All the information in military are much more sensitive and top secrete Only individuals with a top secret clearance may view top secrete files

Role-based Access Control (RBAC)

It is an alternative method of controlling user access to file system objects Instead of access being controlled by user permissions, the system administrator establishes Roles based on business functional requirements. Before user can interact with files, directories, devices they must be member of RBAC

Certificate
It is the method of establish authenticity of specific object such as an individual public key or downloaded software. Ex:
License key Driving license Library card

Tokens
It is a hardware device which is used in a challenge/response authentication process. The user want to enter into system will first enter their personal authentication. Then system will provide a challenge to enter a functional key.

Multifactor
It is used to describe the use of more than one authentication mechanism at the same time. Ex. ATM The benefit of multifactor is to increase the level of security.

The End