Ministry of higher education and

Scientific research

University of Technology
Computer Engineering Department

Report about:

Information Security in General

Information Security
‫امنية المعلومات‬

‫عل‬
‫عل سليم صاحب ي‬ ‫ ي‬:‫اسم الطالب‬
‫ فرع تكنولوجيا المعلومات‬/ ‫ هندسة الحاسوب‬:‫االختصاص‬
‫ الثالثة‬:‫المرحلة‬
‫ صباحية‬:‫الدراسة‬
2020 / 7 / 10 :‫تاري خ التسليم‬

:‫التوقيع‬

2019-2020

1
 1. Introduction
With the development of the network and information technology, Information
security has become the key of information technology in 21st Century. Today we
are living in “Information world”. Information is present in everywhere. Information is
so important for us. If we want to handling and doing any work we always want to
up-dated ourselves according to the current and updated information. If we are in
education world or business world or any other type of working world then we all want
the required information in a less wasting time and the second thing of required
information is its “Security”.

Information security sometimes abbreviated to (infosec) is a set of strategies for managing

the processes, tools and policies necessary to prevent, detect, document and counter threats
to digital and non-digital information. Infosec responsibilities include establishing a set of
business processes that will protect information assets regardless of how the information is
formatted or whether it is in transit, is being processed or is at rest in storage.

In other word: is a set of practices intended to keep data secure from unauthorized access
or alterations, both when it's being stored and when it's being transmitted from one
machine or physical location to another.

The field of Information security has grown over the years. It has become increasingly
important and significant in the world of today because the governments of federations,
institutions, and organizations now see the need to protect their valuable assets and data and
mitigate security risks to the barest minimum.

Layers of security

Physical Security: To protect the physical items, objects, or areas of an organization

from unauthorized, access and misuse.

Personal Security: To protect the individual or group of individuals who are authorized to
access the organization and its operations.

2
Operations Security: To protect the details of a particular operation or series of
activities.

Communications Security: To protect an organization’s communications media,

technology, and content.

Network Security: To protect networking components, connections, and contents.

Information Security: To protect of information and its critical elements,
including the systems and hardware.

Cybersecurity is the practice of protecting systems, networks, and programs from digital
attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive
information; extorting money from users; or interrupting normal business processes.

Deference between Cybersecurity and Information security

Information security and cybersecurity are often confused. InfoSec is a crucial part of
cybersecurity, but it refers exclusively to the processes designed for data security. Cybersecurity
is a more general term that includes InfoSec.

2. The Four Most Common Types of Cyber-Attack

There are more than four types of cyber-attacks but the most common are
1- Malware is a term used to describe malicious software, including spyware,
ransomware, viruses, and worms. Malware breaches a network through a
vulnerability, typically when a user clicks a dangerous link or email attachment that
then installs risky software. Once inside the system, malware can do the following:
 Blocks access to key components of the network (ransomware)
 Installs malware or additional harmful software
 Covertly obtains information by transmitting data from the hard drive (spyware)
 Disrupts certain components and renders the system inoperable

3
 2- Phishing :Phishing is the practice of sending fraudulent communications that appear
to come from a reputable source, usually through email. The goal is to steal sensitive
data like
credit card and login information or to install malware on the victim’s machine.
Phishing is an increasingly common cyber threat.

3- Man-in-the-middle attack

Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when

attackers insert themselves into a two-party transaction. Once the attackers interrupt
the traffic, they can filter and steal data. Two common points of entry for MitM
attacks:

1. On unsecure public Wi-Fi, attackers can insert themselves between a visitor’s

device and the network. Without knowing, the visitor passes all information through
the attacker.

2. Once malware has breached a device, an attacker can install software to process all
of the victim’s information.

4- Denial-of-service attack
A denial-of-service attack floods systems, servers, or networks with traffic to exhaust
resources and bandwidth. As a result, the system is unable to fulfill legitimate requests.
Attackers can also use multiple compromised devices to launch this attack. This is known as
a distributed-denial-of-service (DDoS) attack.
Other types like: SQL injection, Zero-day exploit, DNS Tunneling, Ransomware, etc.

3. The Difference between Threat and Attack

Threat and attack are two important events from a security perspective. It is really important
to understand the difference between both from the perspective of network security.

4
Threat is a possible security violation that might exploit the vulnerability of a system or
asset. The origin of threat may be accidental, environmental (natural disaster), human
negligence or human failure. Difference types of security threats are interruption,
interception, fabrication and modification.

Attack is a deliberate unauthorized action on a system or asset. Attack can be classified

as active and passive attack. An attack will have a motive and will follow a method when
opportunity arise.

Difference between Them

N Attack Threat

1 Threats can be intentional like Is intentional The attack is a

human negligence/failure or
unintentional like natural
disaster.
2 The threat may or may not
malicious.
3 A threat is difficult to detect.
4 Can be initiated by system itself
as well as outsider
5 A threat can be prevented by
controlling the vulnerabilities.
6 Information may or may not be
altered or damaged
deliberate action. An attacker
have a motive and plan the attack
accordingly.
The attack is always malicious.
An attack is comparatively easy
to detect.
Is always initiated by outsider
(system or user)
An attack cannot be prevented by
merely controlling the
vulnerabilities. Other measures
like backup, detect and act etc
are required to handle a cyber-
attack.
Chance for information alteration
and damage is very high

5
 4. DDoS attack

in a computer network, denial of service (DoS) takes place when any resource of interest
such as operating system, application, processing bandwidth, communications, routing
services and memory or queue position is not available to intended user . hen multiple
sources are involved in DoS attack traffic, then it is called Distributed Denial of Service
(DDoS) attack . In DDoS attack, the attacker also known as bot master exploits any
vulnerability in the protocols at the respective layers shown. In this way it compromises

different systems in the same/different networks. These systems are called zombies
or bots. With the help of hundreds of thousands or more of such zombies, the
attacker launches a massive attack to deplete the resources of the victim and gets it down.

Types of DDoS Attack

 Flooding: Available bandwidth is one of the "goods" that attackers try to consume by
flooding the network with useless packets.

 Protocol Violation Attacks: It Includes SYN floods, fragmented packet attacks, Ping of
Death, Smurf DDoS etce. This type of attack consumes actual server resources, or
intermediate communication equipment, such as firewalls and load balancers, and is
measured in packets per second (Pps).

 CPU Power and Service: By generating several thousands of useless processes on the
victim's system, attackers managed to fully occupy memory and process tables. In this way
the victim's computer breaks down. Attackers can try to occupy victims’ services so that no
one else can access them. Fig. below shows the Different types of DDoS attacks.

6
Classification of DDoS Attacks

The DDoS attacks, being distributed in nature makes them exceptionally tough to
battle or traceback. Knowing and understanding all the characteristics of DDoS attacks
is one of the essential steps towards the development of effective and efficient DDoS defence
mechanism.

7
 5. The General Structure of DDoS Attack

The basic structure of a DDoS attack is presented in Figure below it comprises three different
phases and four different components. The components are known as an attacker, multiple
control masters or handlers, multiple slaves, agents, or zombies, and a victim or target
machine.

In the first phase, the attacker spends a lot of its time to create a significant amount of
compromised machines which are called the masters or handlers as they appoint and control
other machines in the attack army. The creation of the master army is usually an automated
process where a continuous scanning is performed to look for machines with security
loopholes. The malicious codes installed by the attacker into these master armies work further
to add more infected machines into the attack army. The slave machines are directly controlled
by the masters and indirectly controlled by the attacker through these masters.

The second phase starts if a sufficient number of devices have joined as a compromised army.
This compromised army is known as botnet.19 In the second phase, the attacker transfers all
necessary information such as codes and commands to the master armies which in turn send
those to all slave armies to get ready for the attack.

8
In the final phase, the attacker commands its army to initiate and execute attacks. Thus, it
attacks the victim in a distributed way and sends a large stream of packets which in turn
flood the victim’s system or major resources. In these attacks, the attacker usually uses
spoofed IP addresses which helps him to hide the identity of the compromised devices. In
most cases, this use of spoofed IP addresses also discourages the victims to filter out
malicious traffic to find out the attacker.

Prevention against DDoS attacks

Prevention against DDoS attacks is the most desirable defense technique to fight against the
DDoS attacks. Basically, as mentioned in the previous section, DDoS attacks put an immense
threat to the resources of the victim (CPU, memory) as well as to the network bandwidth and
infrastructure. Therefore, if an attack has been already launched and become successful, it
may cause significant compromise to the victim’s system. Thus, protection against DDoS
attacks is more effective against DDoS attacks since it ensures prevention of the DDoS attack
traffic as well as manages large attack load before it may cause the attack to be successful.
This ensures normal operation of the victim.

6. Differentiate between Man-in-the-middle attack and DDoS attacks

A Man-in-the-Middle (MitM) Attack involves an attacker intruding on an existing

connection, establishing himself or herself as a “man-in-the-middle”, or someone able to
intercept and selectively modify all network traffic between two communicating devices.

In my opinion the difference between DDoS and MitM as below:

9
 DDoS MitM

Performed by many attackers Performed by one attacker

It is not very dangerous on the It is very dangerous on the

personal data of users personal data because the attacker
will be in the middle so he will
see everything between sender
and receiver.
Usually targeting a specific site or Usually targeting a victim
server
Easy to perform Need a hard working to perform

7. Conclusion

As we see that today’s world is much dependent upon the “Information” and its “security”
too. “Information security” is very important for everyone because if someone is
taking any type of Information the taking any type of Information the giving or taking
information must be so much “secure” it means the required information is “authentic”
“protective” “secure” and “much highly appreciated”.

Information security is an ongoing and never ending process. Information security

includes personnel security, privacy, policy and computer security. Information security
is crucial in organization. So it is crucial and important to all staff in an organization to
have knowledge and understanding about the importance information security practice in
an organization to protect the confidential data. Information accessed without
authorization is called a data breach. Data breaches can be intentional or
unintentional.

10
 8. Discussion
When discussing information security issues or situations, it is helpful to have a model by
which to do so. When we look at the threats we might face, it is important to understand the
concept of risk. We only face risk from an attack when a threat is present and we have a
vulnerability which that particular threat can exploit. In order to mitigate risk, we use three
main types of controls: physical, logical, and administrative. Defense in depth is a
particularly important concept in the world of information security. To build defensive
measures using this concept, we put in place multiple layers of defense, each giving us an
additional layer of protection. The idea behind defense in depth is not to keep an attacker out
permanently but to delay him long enough to alert us to the attack and to allow us to mount a
more active defense.

11
 9. References

1.Andress, J. (2014). The Basics of Information Security: Understanding the Fundamentals

of InfoSec in Theory and Practice. Syngress. p. 240. ISBN 9780128008126.

2. V. Jean Shilpa, P. K. Jawahar (2019)”Advanced Optimization by Profiling of Acoustics

Software Applications for Interoperability in HCF Systems”, Journal of Green
Engineering, Alpha publishers,9(3),pp.462-474.

3. P.Radha, B.MeenaPreethi,”Machine Learning Approaches For Disease Prediction From

Radiology And Pathology Reports”, Journal of Green Engineering, Alpha
publishers,9(2),pp. 149-166

4.Liu J, Xiao Y, Ghaboosi K, et al. Botnet: classification,attacks, detection, tracing, and

preventive measures. EURASIP J Wirel Comm 2009; 2009: 692654-1–692654-11.

5. Douligeris C and Mitrokotsa A. DDoS attacks and defense mechanisms: classification and
state-of-the-art. Comput Netw 2004; 44(5): 643–666.

6. Deng J, Han R and Mishra S. Limiting DoS attacks during multihop data delivery in
wireless sensor networks. Int J Secur Network 2006;

External links:

 https://www.cisco.com/

12