Strictly as per new revised 'I' Scheme w.e.f. academic year 2019-2020 NETWORK INFORMATIO URITY (Code : 22620) (Elective) Semester VI - Computer Engineering Program Group (CO/CM/IF/CW) Shital M. Mate Include + <- TechKnowledge a PublicationsNetwork and Information Security (Elective) (code : 22620) THIRD YEAR DIPLOMA Semester VI - Computer Engineering Program Group (CO/CM/IFICW) Strictly as per new revised ‘I’ Scheme w.e.f. academic year 2019-2020 a Shital M. Mate M. Tech (Information Technology) Sr. Lecturer (Computer Technology Dept. Sou, Venutai Chavan Polyte mbegson, Pune, Meharashira, India. Se TechKnowledge Publications (Book Code : MDE61A) erbi , ‘ 4 «and Information ‘th this book on “Networ! ‘happy to come out wit ithin the chapters have been arranged in a proper also thankful to the staff members of TechKnowledge Publications and others for their efforts to make this book as good as it is. I have made every possible efforts to __sliminate all the errors in this book. However if you find any, please let us know, because - that will help me to improve further, Bie So thankfil to om family members and ftiends for patience andExplain the importance of the given ‘component of computer secury. ‘Explain the characteristics of the given type of threat. Exolain the given type of attacks related win security. Describe the features of given type of update of operating system. Classify Principles of Information Security Information. If, Explain Definition and Need of computer Risk and Threat Analysis : Assets, Vulnerability, Threats, Risks, Counter measures. Threat to Security : Viruses, Phases of Viruses, Types of Virus, Dealing with Viruses, Worms, Horse, Intruders, Insiders. Trojan Type of Attacks: Active and Passive attacks Denial of Service, DDOS, Backdoors and Trapdoors, Sniffing, Spoofing, Man in the Middle, Replay, TCP/IP Hacking, Encryption attacks Operating system security: Operating system updates HotFix, Patch, Service Pack Information, Need and. Importance of information classification, criteria for information classification, Information, Security, need of security, Basics principles of information security Explain techniques of the given | 2.1 type of attack on passwords Explain mechanism of the given type of Biometric. ‘Apply the relevant Authentication method for the given situation with an example. Deseribe features of the given ‘access control policy. an User name and Password, Guessing password, Password attacks-Piggybacking, Shoulder surfing, Dumpster diving, Identification and Authentication Biometrics Retina, Signature Keystrokes Finger Prints, Hand prints, pattems, patterns, and Writing patterns, Voice ‘Access controls : Definition, ‘Authenttcation Mechanism, principle-Authenticationy, Authorization, ‘Audit, Policies : DAC. MAC, RBAC.Introduction: Plain Text, Cipher Text, c lysis, Cryptanalysis, punecn the sven FX) °c yptogrphy eet Decryption. tang drt substan Cryptology, Encryption, won Substitution Techniques : Caesars techniques. : os 2 Oa per text and fied Caesa Convert pl nie em ier cipher, ee 2 vice versa using Teneo Toi ‘ransposition technique. Lian : Convert the even message using | Co proce : eo rie eo jae of| 34 Synmetic and Asyrmetic Explain the given technique ope ean ray wee ‘Symmetric encryption, DE! (Data encryption Standard) algorithm, Asymmetric Key cryptography: Digital Signature. 1d of Firewall, types of 168 of firewall on the | 4.1 Firewall Nee Br ccras) | firewall. Packet Filters, Stateful Packet Be racer fot Ffors Arokaton Greve. Craik :xplain function of the, 2 frewall configuration, gateways. Compare various IDS techniques | 4.2 Firewall Policies, Configuration, on the given perameter(s) limitations, DMZ. Describe features of the given IDS 43 Intrusion Detection System Vulnerability technique. ‘Assessment, Misuse detection, Anomaly Detection, Network- Based IDS, Host- Based IDS, Honeypots Fenn the oven component of | 5.1 Kerberos: Working, AS, TGS, SS Kerberos authentication protocol 5.2 IP Security. Overview, Protocols- Explain the given IP Security ESP, Modes- transport and Tunnel, Protocol with modes. 5.3 Email security. SMTP, PEM, PGP. Explain working of the given | 5.4 Public Protocol for Email security, | AH, key Infrastructure (PKI) Introducton, Certificates, Certificate authority, Registration Authority, XSO9/PKIX certificate format | 55 Cyber Crime : Introduction, Hacking Digital Forgery, Cyber Stalking/Harassment, Cyber Pronogrephy, Identity The and Fraud, ber Defamation Introduction Crime against ing) Property Standards Describe the given component of Public Key Infrastructure, Classify the given Cyber crime. Describe compliane Explain the specitied Cyber ia, | Information Security © Standards for Categories Government, 57 Compliance need, vidual, Implementing Management » 180 20000, as MIL framework, confide Assets, Virus, £ Denial Encryp Inform: Secuti1 Table of Contents ‘Shapter 4 :_ Introduction to Computer & Information Security 4-1 to 1-33 Syllabus : Foundation of Computer Security : Defnition and Need of computer security, Security Basics Confidentiality, Integrity, Availabilty, Accountability, Non - Repudiation and Reliabilty. Risk and Threat Analysis : Assets, Vulnerability, Threats, Risks, Counter measures, Threat to Security : Viruses, Phases of Viruses, Types of Virus, Dealing with Viruses, Worms, Trojan Horse, Intruders, Insiders. Type of Attacks : Active and Passive attacks, Denial of Service, DDOS, Backdoors and Trapdoors, Sniffing, Spoofing, Man in the Middle, Replay, TCP/IP Hacking, Encryption attacks. Operating system security : Operating system updates HotFix, Patch, Service Pack. Information, Need and Importance of Information, information classification, criteria for information classification, Security, need of security, Basics principles of information security 4.4 Foundation of Computer Security... a 44.4 Definition of Security 14 11.2 Need of Security 12 14.3 Security Basics. 12 1.2 Risk and Threat Anatysie. 14 424 Assets. 14 122 Vulnerability 16 123° Threats. 15 124 Risks, 16 1.25 Countermeasures. Ww 13° Thveat toSeouriy 18 13.1 Viruses. 18 4.32 Phases of Viruses (Life Cycle of Viruses), 19 13.3. Types of Viruses 19 4.3.4 Dealing with Viruses. 140 1.35 Worms 1-40 1.36 Trojan Horse. 112, 1.3.7 Intruders. 112 1.9.8 Insiders... 143 ore82 Need and importance of Information... eres Berics Principles of information Security...“Authentication Mechanism. ‘Authenticatien and Authorization Principio, 295 Aud. 2.36 Policies -DAC, MAC, RBAC 4 UNIT 11 St raphy 3110348 ‘Syllabus ; Introduction: Plain Text, Cipher Tex. Cryptography, Cryptanalysis, Cryptology, Encryption, Decryption. ‘Substitution Techniques : Caesar's cipher, Modified Caesars Cipher, Trenspositon Techniques : Simple Columnar ‘Transposition, Steganography : Procedure. Symmetric and Asymmetric cryptography: Introduction to Symmetric encryption, oD a encryption Standard) algorithm, Asymmetric key cryptography: Digital Signature Introduction...on Detection System 44 t0 4.16 Firewall, types of frewal- Packet Fiters, Stateful Packet Fiters, Application Gateways, Circuit Configuration, limitatons, DMZ. Intrusion Detection System Vulnerability Assessment, Network: Based IDS, Host Based IDS, Honeypots MisuseCyber Pronography, Identify Theft and Fraud, Cyber terrorism, Cyber Defamation. Cyber Laws : nee rime against Individual, Government, Property, Compliance standards : implementing and ‘Security Management System, ISO 27001, 180 20000, BS 25999, PCI DSS, ITIL framework, COBIT SAA AS,TGS,SS. BAZ WotkNG none t = 52 62 IP Secutiy...... os - 65 521 Oveniow. 65 5.22 Modes - Transport and Tunnel. : 55 5.2.3 Protocols - AH and ESP. 57 53 Emal Securty 59 5.31 Simple Mail Transfer Protocol (SMTP) 5410 5:32 Privacy Enhanced Mail (PEM). a1 533 _Prety Good Privacy (PGP). e14 54 Pubic Key Infrastructure (PK). 5.15 5.4.1 Introduction 515 542 Cetficetes 5-16 543 Cerificate Authorty (CA). 548 5.44 Registration Authoniy (RA). 19 545 XS09IPKIXCerificate Format... 519 55 cyber Crime 920 [BEA bCUCHOR ainsi " tate os 520 5.52 Hocking. S34 55.3 Digital Forgery. 523 523 554 Cyberstaking or Herassmert56 87 _Network and information Security (MSBTE) 555 Cyber Panograpty.. 55.6 Identity Theft and Fraud 55.7 Cyber Terorism..... 55.8 Cyber Delamation, Cyber Laws 56.1 Introduction ang Need. 562 Categories Compliance Standards 57-1 mplemening and fomatin Securly Management Systom ISMS) 572 18027001 57.3 18020000 574 BS 25909 578 Pcipss $76 ITIL Framework 527 COBIT Framework * Time Management Sheet * Model Question Papers 5% 52 526 Sar 5.28 5.29 53 5:32mont ircaleson Goeonputer- & Information Security Foundations of Computer Security : Definition and Need of computer security, Security Basics : Confidentiality Integrity, Availability, Accountability, Non-Repudiation and Reliability. Risk and Threat Analysis : Assets, Vulnerability, Threats, Risks, Countermeasures. ‘Threat to Security: Viruses, Phases of Viruses, Types of Virus, Dealing with Viruses, Worms, Trojan Horse} 8 Intruders, Insiders. i Type of Attacks : Active and Passive attacks, Denial of Service, 0D0S, Backdoors and Trapdoors, Sniffing, Spoofing} 4 Man in the Middle, Replay, TCP/IP Hacking, Encryption attacks. Operating system security : Operating system updates, HotFix, Patch, Service Pack. 08 Information, Need and Importance of Information, information classification, criteria for information classification, Security, need of security, Basics principles of information security. a 4.4 Foundation of Computer Security 4.1.1 Definition of Security oi (S-17, W-18, 2Marks) (8-18, $-19, 6 Marks) 'Q. What is Computer Security? Q. _ Define security, Describe different types of securities in organizations. —Aomputer security” deals with the prevention and detection of unauthorized actions by users of computer system, = computer Security is nothirg but to provide security to data, computer system, services and supporting procedures. For this purpose various technologies were used Ike access control, mechanism, crYBt98'=Bhy. Is used to ensure the security of a system. Now a day’s computers are — Computer security requires the method: roduces the term network security. It is used to refer to the connected to each other via @ network, which the tiple computers and other devices that are connected together. protection of the mttransfer should be secute. 0 ‘the date d source of insertion, deletion oF re exured from modification so they are also years, the publics becoming dependent on computers and networks, “ofthis rereased attention by the publi, several new terms have become common place in conversations [print ike hacking, virus, TCP/IP, encryption, and firewalls are now frequently seen in mainstream news ss and have found their way into casual conversations. "With more use of computers and networks on deily basis to conduct everything like making purchases etc ensuring ‘computers and networks are secure has become of paramount importance. Medical information, financial information and data relating to the types of purchases are stored in a computer system. Sothis information remains private to the general public, and itis one of the jobs of security to help with the protection of our privacy. | Hence, computer end network security Is essential to function effectively and safely in today's highly automated (S-18, 6 Marks) integrity, and availability-the “CIA” Unauthorized individual cannot be able to view data oF which they are notentited to jorized individual cannot be able to view dat: ich they are notentitied chet ‘the Setrecy orconceaiment of information and r : ‘tis nothing but t infor esource: s,. Intesrity: Integrity is related with the generation and modification of data. Only the authorized individuals can be able to create or change (or delete) information. [aT } —[essece] —[7 8] Fig. 1.1.2: Integrity Sender A send message to B, 8 received ori | message then it maintain the integrity of message but when user C ‘can able to access this message and modify that message this modified message send to receiver B, then integrity of the message Is lost. 3. Availablity : This is used to ensure that the data or the system is available for use when the authorized user wants to access it. 4, Accountability : = Every individual who is working with an information system should have specific responsibiities for information assurance. = The tasks for which an individual is responsible are part of the overall information security plan, = Accountability is the traceability of actions performed on a system toa spect system entity (lke user, process, device). — Audit information must be selectively kept and protected, so that the actions affecting security can be traced to ‘the responsible party. = system need to identify and authenticate various users withthe help ofan aud trail of securty-relevant events, = fa securty violation has occurred, information from the audit trail may help to identify the executor. 5s. Non-Repudiation : iis the ability to verify that a message has been sent and received are the same and thatthe sender can be identified and verified. This type of requirement is for online transactions,Authorization is a process of verifying that a known person has the authority to perform a . Authorization cannot occur without authentication. ing applied “Toall information assets of an enterprise. To the IT infrastructure of an enterprise. To development of new products or system. Risks some incident or attack that can cause damage to system. An zttack a ‘exploiting weak points, until attacker's goal is not accomplished. So, it is tackin terms of amount of damage being done and the possibility of the attack, ‘The process of risk analysis will refer to assets, gainst a system is done by a sequence important to assess the risk caused by wilrerabilities and threats. itis calculated as; = [Assets] ~ [Tiveats *[Valnerabinties Fig. 1.2.1 : Risk CalculationsVulnerability is a weakness in the information infrastructure of a business or organization, It will accidentally or Intentionally damage the asset. = Inanysystem, the vulnerabilities can be, © Account with system privileges where the default passwordshas not been changed. (© Programs with unnecessary privilege. © Program with known faults. © Weak access control settings on resources. © Weak firewall configuration that allows access to vulnerable services etc. Susceptiblities in a system can originate from a variety of sources like hardware, software, Business Process, procedures, pi les, personnel and even mistakes can all spawn flaws In a computer system that malicious users texplolt, The existence of these potential exploits becoming a reality must be mitigated so, tose threats can’t be realized. — _Avuinerabilty scanner gives a systematic and automated way of identifying wulnerabil s. = Vulnerability can be rated according to their system account is more crical then vulnerability where attack gives acess t0 an nprivileged user account. impact. For example - a vulnerability where an attacker takes over 2 4.2.3. Threats TF Aehreats an action by auacker who tres to exploit wuinerabllties to damage assets ‘Threats can be identified by the damage done to assets lke = ‘© Spoofing the identities of users.swith innocent steps ike gathering information required to gain privilege on one ‘to another until the final goal is reached. To get the complete idea of potential th formalized and structured way of analyzing threats. An attack tree is 2 tree in which the no s. The root node of the tree is the goal of an attacker and the leaf node represents the Way: o assign values to the edges in the tree, so it will helpful to calculate the estimated cost of the attack, Guess, ee Spy pperabr Password Fig. 1.2.2: Attack Troe the cheapest attack can be com Hence the attack tree is more formalizes }e computed. Hence the attack tre tree is more formalized andoe ___Introduction to Computer & Information of information systems can be known as an asymmetric threat environment. Conditions are likely to be different for every situation and every organization. How the security challenges evolve is directly related to the organization’s infrastructure, reality and Settings. Preparing for unexpected risk is the key of security assurance. & trickiest task is calculating a risk. Risk Analysis (RA) is the identification and estimation of risks. Risk identification is the process whereby one identifies the sources of risk (In an information security risk analysis, risk identification is the identification of hazards.). There are two fundamental types of risk analyses : quantitative and qualitative. Quantitative Risk Analysis ‘A process for assigning a numeric value to the probability of loss based on known risks, on financial values of the assets and on probability of threats. used to determine potential cirect and indirect costs to the company based ‘on values assigned to company assets and their exposure to risk. For example - the cost of replacingan asset, the cost of lost productivity, or the cost of diminished brand reputation. Qualitative Risk Analysis {tis a collaborative process of assigning relative values to assets, assessing their risk exposure, and estimating the cost of controlling the risk. It differs from quantitative risk analysis in that it utilizes relative measures and appr costs rather than precise valuation and cost determination. In qualitative risk analysis : = Assets can be rated based on criticality - very important, important, not-important etc. — Vulnerabilities can be rated based on how it's fixed fixed soon, should be fixed, fic f suitable ete = Threats can be rated based on scale of likely — likely, unlikely, very likely etc. = better granularity of scaling should be provided like by asigning values from 1 to 10 etc. and proper guidance should be provided for assigning these values for rating 4.2.5 Countermeasures Define Countermeasure in computer system. (S-18, d Marks) The result of risk analysi ica list of threats with priority and the recommended countermeasures to mitigate thers Usually the rsk analysis tools come with a knowledge based of countermeasures for the threats which can detected in analysis. pefore deciding any implementation of security measures, Its good tog through the risk analysis. But this approach is having problems Ike : © Conducting a risk analysis for a larger organization will wake much time because the IT system is changing ‘continuously. o_The cost ofa full risk analysisis difficult to justify to management. v\s 8 potential for Violation of security which exis are divided Into following categories sts when there is a action that might cause selosure | Unauthoriedd retort A Cord \derdied into #10 Intormation, eeaption: Access of wrong data, \ FUPHION | Prevention of correct action, \ Jeurpation : Unauthorized access to system or part of system, Viruses: MSBTE : S-17, W-17, A virus is 9 code or program that attaches itself to another code or program which causes damage to the co ‘system orto the network. it is 3 piece of code which is loaded onto the computer without individual's knowledge and runs against his/t wishes i it ke copy of iself o ; te can replicate them. All computer viruses are manmade. Any simple virus can make a copy renee again. "Amy simple virus can be dangerous because it will quickly use all available memory space ond bring the system to itself across networks and can be able to avoid se capable of transmitting dangerous viruses areotential for violation of security which exists when there is a action that might cause harm to secu following categorie: L Biscrigeck Corti densi! neve + Access of wrong data. aa Prevention of correct action. \~ (S-17, 2 Mark) (W-17, W-48, S-49, 4 Mark) | 5 2 piece of code which is to jaded onto the computer without individual's knowledge ang and runs against his/her{Gil Triggering Phase : The virus activated to perform the function for which it wasintended. Ee Fig. 1.3.2: Phases of Virus (lw) Execution Phase : The function is performed. 4.3.3. Types of Viruses oan [EE Biptainaticast 5 types oF vices (WAT, 5 Marks) 1. Parasitic viruses fe attaches itself to executable code and replicates itself. When the infected code is executed, it will find other ‘executable code or program to infect. 2, Memory resident virus ‘This type of virus lives in the memory after its execution. It inserts themselves 35 2 part of operating system or application and can manipulate any Mile thatIsexecuted, copied or moved Non-resident virus “his type of virus executes itself and terminated or destroyed after specific time, 4, Boot sector virus tie spe oes infects te boot record and spread trough assem when system is booted from disk containing _—Overwritng virus ‘overwrites the code with its own code.rewriting itself every time. It may change their behavior as well as appearance code. Viruses from Viruses is always 3 go0d option. There is no direct way to test/ind the hidden code but we can Ss Fig. 1.3.3 Find out the location of virus ‘dentify the specific virus that has attacked.ana wy Seounity (WSO TY wa Introduction to Computer & Inform "Antivirus software and procedures can reduce the maximum portion : this thieat, Generally, viruses and worms are ‘nondiserinyinating threats that ave released! on the internet in a general fashion and are not targeted at a specific ‘organization When they are released, thoy ace typically highly visiile once released, s0 they aren't the best tools where the secrecy Is important in highly structured attacks. Highly organizes! criminal groups won't use the technology used In-worn propagation 4 virus, but their use ‘normally interested In accomplishing is ited | less eee Le | Fig. 1.3.4: Wor hs i nat same fr terrorist organizations that generally want to ereae a large impact and have I Be highly waite Table 1.3.1 : Dil e botwoon worm and virus = | = m that spread automatically A vius Is 2 piece of code that attaches itself to | ‘worm tsa malicious prow legitimate program, | Virus modifies the code ‘worm doos not modify the code. It does not pleat Hse ievepleate tel ni worm non desruciveinnatue, (SUT ACB Virus isa destructive in nature. : 4 | Aim of worm is to make computer oF network unusable ‘Aim of virus ts to infect the code oF Prot ‘on computer system: a Worm does not infect other les butt accupies memory Virus can infect other Mes | pace by replication ‘Worm does not need any trigger - Virus may need a trigger for execution, rdIntroduction to & Information Secu’ (6-18, 6 Marks) (8-19, 2 Marks) ‘The insiders have the access and necessary knowledge to cause immediate damage to an organization hence, is more dangerous than outside intruders. Insiders Many securities are designed to protect the organization against outside intrud fers and so they lies at the boundary between the organization and the rest of the world. Insiders may already have all the access to carry out criminal activity lke fraud. Also frequently the insiders have knowledge of the security systems in place and will be better able to avoid detection = Employees are not the only insiders within the organization but there are number of ether Indviduals who have physical access to farilities like contractors or partners, may not only have physical facilities but may also have access to computer systems and networks. ss to the organizatics ‘Table 1.9.2 : Comparison between Intruders and Insiders | 7 fan | ineuders insiders +, | intruders are authorized or urauthorized | Insiders ae authorized users whe WY |_| peor al Ta, _ | intruders are hackers or crackers. not hackers 3,__ | intersare legal users ides are leaalusers a | intruders are less dangerous than insiders, Isters 8 more dangerous than Intruders 5. | intruders have to idy/gain knowledge about isiders have knowledge about the security system. the securty system "| Trunders do nothave ccusstosymem. | ml ; | authorized users. ni Tr is no such mechanism to protect system from S| wy sway wectanars we wed to Tre 1 0 eh protect system from Intruders a 4.4 Type of Attacks (GAT, WAT, 2 Marks) G.__ State the types of attacks. (18, 6M 2. explain any fur atigots on Computer System Sees (w-18, 6 Marks) seis a path or way by which hacker can gin 2€C555 to computer system without your knowledge, ‘Attack is a path oF PadEa (S-17, 4 Marks) (W-18, 4 Marks) (@) Interruption (0) FabricationNetwork and information Security (MSBTE) 2, Passive attacks 445 Introduction to Computer & Information Security Passive attacks are ee es a pes where attacker aims to obtain information that is in transit. In passive attack, attacker does iny modifications to the contents of an original message. So, the passive attacks are hard to detect. (2) Release of message contents (Trafic analysis Fig. 1.4.3 : Types of passive attacks (2) Release of message contents : Release of message contents means 2 confide: by authorized user otherwise a message is released against our wishes. (b) Traffic analysis : Traffic anelysis is » pass! tacker may try to find out similarities between encodes message for some clues regarding communication and this analysis is known as traffic analysts 1.4.2 Denial of Service (DOS) rs Explain DOS with neat diagram. (WAT, 4 Marks) tack which can exploit 2 kno ity in a specific application or = Denial of Service (DOS) attack is a ty operating system, or may attack featui s or weaknesses in particular — _Bythis attack, the attacker is attempting to deny authorized users access to specific information or tothe computer system or network itself cor the attack can be used in combination odin Attack = The aim of this attack can be simply prevent access to the target sys snith other actions in order to gain unauthorized access to 3 computer or network. For Example, SYN and POD Attack. — DOS attacks are conducted using a single attacking system. 4. SYN Flooding attack : SYN Flooding attack, used to prevent the services to the system. It takes the advantage of trusted relationship and TCP/IP networks design. This attack uses TCP/IP three-ways handshake for connection between two systems. syn SYNACK 20K system | Fig. 1.4.4: TOPIP 3 - way handshake with which he wants, communication. Then System-tI will send = Here, Syster-1 send SYN packet to the Systerm- SYN/ACK ithe wants to communicate or he is able to ac 1g attack, the sttacker will send fake request of communication cept the request and send ACK packet to System. This is the normal process but in SYN floodin Baer)will never come because answered by target system and waits for responses, svn wn take IP ress) Response to fake address Fig, 1.4.5 : SYN-Flooding Attack st system after time-out period but if attacker sends another request ith requests. So after this system will be ho wants communication will = The connection will be dropping by the tare faster than time-out period then the target system will quickly be filed wit e-sering all connections for fake request. Because of this the legitimate vser W not be able to communicate with target system. Pingof-death (POD) attack: The atacker sends an Internet Control Message Protocol (ICMP) “ping” packet equal to, were not able to handle such cr exceeding 64 KB. This type of packet should net occur naturally. Certain systems large size of packet, and the system would hang or crash. 4.4.3. Distributed Denial of Service (DD0S) Ca @.__Explain DDOS wth neat diagram. (W-17, 4 Marks) | = Denial of Service attacks is using multiple attack ultiple attacking systems which are known as a Distributed Denial of Service (D00s) attack. : The goal of a DOS attack is to deny the use of or access to a specific service or system. Ina DDOS attack, the method used to deny service is sim erwhelm fic From ifferen a y ply to overwhelm the target with traffic from many different Arnetwork of attack 9 i ie % attack agents sometimes known as zombies. The attacker creates it and up iving the attack receiving the attac ecifc type of traffi st er fic against the target. the attac FBe enough;even ordinary web trafficcan quickly overcome te iargest of sites , a ‘command from the attacker, the attack agents start sending a sp: The attack agents are not will S not willing agents-the systems that have been peat been compromised and on which the DOS attack = To compromise these agents, the attack he ized access to the system to run a program that gents, the attacker has to gain the unauthorized : access to the system to run a program th: The ata network may onan ml sep proces which then used as handlers or masters, which in turn cor prot oe See ae first compromises 2 few systems and[Network and Information Security (MSBTE) 7 Introduction to Computer & Information Securty Aiter creation of the at tack’s net twork, the agents wait for an attack message that will indude data on the specific target before launching the e thing of a DDOS attack is that with just a few messages to the attack. One impor rtant thing is ‘agents, the attacker can have a flood of messages sent against the targeted system, : : Zombios Netware messages == uted denial of service attack = To stop or mitigate the effects of a DOS or DDOS attack, one important precaution isto be taken tht is apply the latest patches and upgrades to your systems and the applications running on them. 4.44 Backdoors and Trapdoors GQ. Explain back doors and trap doors attacks. i 2 (WaT, 4 Marks) | ackcoors are the methods used by software developers to make sure that they can gan acs toan were to happen in the futureto prevent normal access methods. 1. Backdoor: application even if somethini ve commonly wed to refer to programs that atackers install after gaining unauthorized access to Backdoor is mo 1 unrestricted access to the system, even if their initial access method is a system to ensure that they can have discovered and blocked stall Backloors inadvertently; they should run software that contains Troan ‘authorized individuals can also horse. Neteus and Back Orfice are we commen backioery and if running on your sjstem then it wil allow an attacker roremately access toe ssteraccss 5 Wl ‘them to perform any function on your system. rootkit and generally instaled at alower lve, closer tothe actual LemeLievel jon on the backdoor lathe FOO 8S pease yt to gain access but to ensure continued root access. ‘of the operating system Rootkits are established not 2, Trapdoors : Trapdoors are Bits “of code errbedded in program to qucky gain acres at later time (.e. during testi 9. Trapdoors : Trapdo phase). erammer purpeselY teaves this code in or simply forgets to remove a potential security hole is = tfeorrupt prosrammer introduced. Faray comprorsced systems 0 67 te access. liable manner. — Hackers often plant a backdoor on = Trap doors can be almostimpossible t0 rem a Ima fe. (8-17, W-17, S-19, 2 Marks) ] | _ Explain sniffing attack. Iso known as network protocol analyzers. ~‘jpsntfer son aplication thatcan capture network packets. Sifters ae also work prod i = Objective of sniffing ito steal ‘© Password {from Email, Web Site FTP, TELNET etc) o EmallText © Files in vansfer = _Anetwork sniffer is software or hardware device that is used to observe traffic as; it passes through a network on shared broadcast media. = These devices can be used to view all traffic, or it can target a specific protocol, service, or even string of characters like logins. = Generally, the network deviee is designed to ignore all traffic that is not destined for that computer. Network sniffers attecks ignore ths flendly agreement and observe alltraffic on the others, as shown in Fig. 1.4.7. twork, whether destined for that computer or ois Router Intomal network Fig. 1.4.7 : Network Sniffer 1.4.6Network and Informatic Ses WSETE ae Introduction to Computer & Information ‘Some n¢ retwork sniffers are not just designed to observe all traffic but also modily the traffic. Network administra traf ninistrators for monitoring network performance can use network sifers, They can be used to perform fic analysis. For example, in order to determine what type of traffic is most commonly carried on the network and to determine which oT Segments are most active. They can abo be used for network bandwidth analysis and to ‘troubleshoot certain problems such as duplicate MAC addresser. Attackers to gather information that can be used in penetration attempts can also use network sniffers like an authorized user's username and password can be viewed and recorded for later use. The contents of email messages can also be viewed as the messages travel across the network. To be most effective, the network sniffers need to be on the internal network hence the chances for outsiders to use them agalast you are extremely limited. = Packet Sniffing is a passive attack. In this attack, att 1 does not hijack the conversation but he will observe the packets as they passed by. To prevent from sniffing attack, the information can be protected in following way (©The information that is travelling can be encoded. © The transmission link can be encoded, 4.4.6 Spoofing Q,__ Explain spoofing attack. (€-47, WAT, $-19, 2 Marks) J spooting is mating deta sinvler to it hax come from a different source, Ths is posible in TCP/IP because of the friendly assumptions behind the protocols. Be pe acsimovion ot the time of proto develorentis that an inital who shaving os 52 network ayer will be privileged users who can be trusted Whe ets sent from one system to another, includes not nly the destination IP address and port but the - en a packet is sent from on source ip adaress as well Thisis one ofthe sevarat forms of spoofing, 4. Spoofing E-mail ral different ways to do it and programs that can —e-mall spoofing can be easily accomplished, and there are several different ways t prog assist you in doing $0. from one source but, it was act nd Jers to emall that appears to have been originated fom 0 but, it was actually se = E-mail spoofing refers to Lo aye re ther source, Best exemple of Eall Spoofing spam Mail and ‘om another source: Bes ass is to telnet to port 25; the port is associated with e-mall on @ poof an e-mail addrt for the from ané to sections of the message, whether or not the simole tie 0 : jou can fill in any address sd whether they actually exist oF nt — Aven system. From there, ¥ es 1 source, but most users leways to determine that a7 e-mail message was probably not sent by the source, There are simple wos f° do not question helt ‘e-mail and will accept it a jo not questi“IP Address Spoofing nt to spoof 50, that e-mail sent from thelr system appears to ey Wal , ker acquires @ URL close to the one th 1d XY2.com, the attackers might gain rc .f XYZ Corporation, which owne " Seee eee A Oe Coca An induldua reeving a message from the spoofed corporation be would not = eon sate Ss iId take it to be official, This same method can be, and has been, used to “normally suspect spoof but wou “spoof web sites. he “Fronv" portion of the packet ‘he IP protocol is designed to work to have the originators own IP address in the “From” port Pi ‘There are nothing that prevents a system from inserting a different address in the “From” porti Iisknown as IP Address Spoofing. 1 of the packet ‘An IP address may be spoofed for several reasons like in a specific DOS attack known as a smurf attack, the ‘attacker sends a spoofed packet to the broadcast address for a network, which distributes the packet to all systems on that network. Spoofing can take advantage of a trusted relationship between two systems. If two systems are configured to accept the authentic by each other, an individual logged on any one system may not be forced to go ‘through an authentication process again to access the other system, An attacker can take advantage of this by sending a packet to one system that appears to have come from a usted system. Since the trusted relationship isin place, the targeted system may perform the requested task without authentication, The reply will be sent once a packet is received, the i impersonate system can interfere with the would recelve an acknowledgment for a request it nev: attack, since it jer made. ‘nitially the attacker will aunch 2 DOS attack totemporriy tate out the spoced yt ‘that the attacker is exploiting the trusted relat Y ofr the period of time tionship. " ‘ the 005 stack onthe spoofed fed eytem wou : ‘administrators for the systems ‘may never notice that the attack occurred. Fig. 1.4.8 ea Includes a SYN flooding attack, : i attack that Fig. 14.8 : Spoofing Attack‘Network and information ‘Security (MSI 424 Introduction to Computer & Information Secu = By this attack, i ds a a administrators are encouraged to strictly imit any trusted relationships between hosts ‘irewalls should also be configured to discard any packe's from outside of the firewall that have from addresses Indicating they originated within the network, = For example -Smruf Attack : © Inthe sm is the smurf attack, the request is sent to all systems on the network, so all systems will respond with an echo reply to the target system, as shown in Fig. 1.4.9. Network Spooted ceoho request » santto broadcast: address rime Fig. 1.4.9 : Spoofing used in smurf © The attacker has sent one packet and able to generate 254 responses at the specific target. Then, an attacker can send several of these spoofed requests to the target, or send them to several different networks, © Then the target system can quickly become overwhelmed with the volume of echo replies receives 4.4.7 Man-in-Middle Attack (Bucket-Bridge Attack) Gil Enpiain Manin-Midale attack with help of iaaram. (W-18, $19, 4 Mars) | Tj, mar-in-the-middle attack, generally occurs when attackers are able to pee themselves in the middle of two other y the traffic. hhosts that are communicating in order to view and/or mod BG wit do by making sure that all coxmmunication going to or from the target host sro ted through the attacker's host. I her the atacher ean be able to observe al wate baforetranertting it and can actuey modify of block trafic To se target ost, communication occuring normaly, ince all expected reples 4° received. Fig, 1.4.10 shows this typeof attack.time. stacker might replay a series of commands and codes used in a financial transaction in order to ction to be conducted multiple times, /atiacks are associated with attempts to avoid authentication mechani isms, like as the capturing andInformation. 423 Introduction to Computer & Information Secu 4.49. TCPIIP Hijacking Tae ~ [aoa oe ae ~ _ TCP/IP hacking is the process of taking control of an already existing session between a client and a server. ‘The main benefit to an attacker of hij in ttacker of hijacking over attempting to enter a computer system or network is that the attacker doesn’t have to avoid any authentication mechanisms, since the user has already authenticated and established the session, When the user has completed its authentication sequence, the attacker can then take the session and carry similar to the attacker, and not the user, had authenticated with the system, To prevent the user from noticing anything unusual the attacker may decide to attack the user’s system and perform a Denial-of-Service attack on it, so that the user and the system, will not notice the extra t fic that is taking place. Generally hack attacks are used against web and telnet sessions. The hijacker will need to provide the correct sequence number to continue the eppropriated sessions, 1.4.10 Encryption Attacks = Cryptography is the art and science of writing secret m .ge and encryption is the process of transforming plaintext Into ciphertext, which is in unreadable format known using a specific technique or algorithm. = inthe encryption process key is used by many encryption techniques. The one key is used in a mathematical process to jumble the original message to unreadable ciphertext and other key is used to decrypt the ciphertext to re-create the original plaintext. The length of the key directly relates to the strength of the encryption. = ryptanalysis isthe process of attempting to break a cryptographic system. This s an attack on the specific method used to encrypt the plaintest. There are many ways cryptegraphic systems can be compromised. Weak Keys — Some encryption algorithms may have poor Keys, or easily decrypted ciphertext = Encryption algorithm that consists of 9 single ¥OR function where, the key was repeatedly used to XOR with the plaintext. Be pereipie a fe where all bts are 0 wil result the heres that ls the same a the onal malnsin That means this will be 2 weak key for this encryption algorithm. Bea sing sires of ' wl eld pordor ofthe peri thet are sare a the lite in is atm there will be many keys that can be considered as @ weak key. = Emeryption algorithms are much more complicated than a simple XOR function, but there are some algorithms which stillfound a weak key that make cryptanalysis easier.and has no weak keys, the key length will still p I as ‘hus 0 40k encryption scheme will be easier to al ‘one | hod. 5, than a 256-bit met keys, one bY tack using a brut if the resulting ciphertext are completely unreadable, ” fey: c ‘at can decrypt the ciphertext, since there are only four way of attacking any system wing encryption b to find weaknesses in mechanisms in the cryptography, sPeor random number generators, unprotected key exchanges, keys stored on h other general programmaticerror, such as buffer overflows, id drives without sufficient attack that targets such types of weaknesses, it is not the Operating System Security ryptographic algorithm that is being attacked, ‘ (w-18, 4 Marks) | ‘tsotware modules written by se veral of separate Ww Functions then the potential for problems with 4 product on w * are occurred after release,‘often contain improvements of additional capabilities and fixes for known bugs, Patches are usually d over a longer period of time, Usually this term is given to a large collection of patches and hotfixes that are rolled into a single, rather large package. Service packs are designed to bring a system up to the latest known, good level all at once, rather than requiring the User or system administrator to download soveral of updates separately = _ like from LINUX to Windows each and every operating system needs software updates, and every operating system has different methods of helping users in keeping thelr system up-to-date. For example, Microsoft provides updates, which needs to be downloaded from web site. © Byselecting Windows Update from the Tools menu in Internet Explorer users will be taken to the Microsoft webs site. ‘© Byselecting Scan for Updates, users can allow their systems to be examined for needed or required updates. and will provide 1 = The web site will identify which updates the user's systern download and install. Although this typically requires admin or pow users. user with the option to ful user level access for update process for mast = Microsoft also provides an eutomated update functionality that will, once configured, locate any required updates, * download that update to your system, and also install the updates. The active Internet connection is required for both the web-based updates and automatic updates to retrieve information and updates from Microsoft's ste, = Not only Microsoft is providing such utilities for users in keeping their systems up-to-date and secure but ako the latest versions of Red Hat Linux contain a utility called the Red Hat Update Agent, which does the same thing. By registering your stern and user profile with Red Hat, you can get a customized st of updates for your specie system. “itis important to keep the system undated, regardless of te method used to update the operating system. Much Ike st “the steps taken to baseline and initially seca a” operating system, keeping every system patched and up-to-date is oes protecting the system and the information.‘4. Data : It is a collection of all types of information which can be stored and used as per requirement, For Example - personal data, medical information, accounting data etc. i "2 Knowledge : Its based on data that s organized, synthesized or summarized and it is carried by experienced employees in the organization. "3. Ration : It is used to pass the required information to a person who ne reds it with the help of information system Information isa important asset and need to be protected all the time. 1.6.2 Need and importance of Information (aia aaa poranc tivomeien = (S-18, 4 Maris) } | ~ Today's world is a | Sseental today to check mals, bank transactions ete. Information Sysiom (1S) Paes fon) ~ Information isa life blood of every moral proces of organization ike fran ss ve mate 10 INormation/data can é } 2US6 disruptions in 8‘wil help organization to ‘employ security policies and information assets jon and more critical. or protection of formation and asset ta" 37 of information classification are as follows = stment to the organization gation to identify which inform: Integrity and Availability. ide what type of protection is applied to which type of mn for security protection. ‘ation Is critical and more sensitive, yrmation classification is a comm Information classification will helP organizs ‘© Information classification supports CIA Con! Information clessification will help ‘organization to decic information. ‘© Information classification will fulfil the legal figentiality, requirement to legal mandates, compliance and regulations. In organization casiicatin should be based on sensitivity of information towards its loss and disclosure. its job of Information owner to define level of sensitivity of the information. This will help to properly implement security ‘controls based on classification of information. yr Criteria for Information Classification in the terms for information classification. (S-17, W-47, 8-18, 6 Marks) xbain ay three criteria for classification of information. (S-49, 6 Marks) ‘Tye information clasification defines what kind of information is stored on a system. Based on that classification, the Information may need additional protections in place. Bevel of formation cassications used in Government or Military are as follows Unclassified information is not classified as well Confidentiality. The information is lowsimpact, an 2 but uncassitied : i Sensitivity ssiied: Information is less sensitive and if gets disclosed then it will not create serious ‘damage to the organization, a i “Se # The unauthorized access to confider ational Secu. This abel is used for information wi 8 not sensitive, Information access is public and will not affect id hence it does not require any security. ial Information wil cause damage or be prejudicial 6 hich is labeled between Sensitive but Unclassified (SBU) and ‘Steret Secret label should b ‘ould cause serious damage ar ; Bi, <7 29> Secrct shat be sppted to information wi ation could cause exceptio A : nally grave damage to th 1 applied to ‘authorized dis Pec ‘rized disclosure of such information er i we the unauthorized disclosure of this type of he national Security. This is the highest level of nan hate commercial see on “need-to-know" criteria: SeNetwork end information (MSBTE) 1.29 Introduction to Computer & Information St 4. Public + It is similar to unclassified information, the information which information can have ps not ft into any level then that 3 public access, because disclosure of such information will not create serious impact on organization, 2. Sensitive : This informatic ae ‘type of information needs higher leve! of classification than normal information. Such type of mation needs security for confidentiality as wel as integrity, 3 Private : This type of inform ee, type of information is personal in nature and used by company only. The disclosure of such information can affect company and its employees, For example - medical information, salary information et. Followingare the criteria used to decide classification of information. 2, Value : It i the common criteria of information classification. When the information is more valuable for orgenization then that information should be classified 2. Age: Age states that the classification of information might be lowered ifthe information's value decreases over time. For example - if the documents are classified and t .en they are automatically declassified after specific time period Useful Lif other reasons then that information ceful Life states that ifthe information has been made out-of-date due to new information or any regularly be declas 4 Personal Association : The information which is personally associated with particular ndhuals oF 1 6 addressed by 0 privacy law then such information should be classified. Security = security the method which makes the accessibility of information ory F security means to protect information or system from unauthorized Users like attackers, who do harm to system oF to network intentionally or unintentionally: fg, butalso allows authorized users to access the system or network — Security is not only to protect system or n= {ies ae important = For protecting any organizations following ™. layers of secu sfessets tke Hard disk, RAM, objects or area from unauthorized Physical Security: It wil protect physica i a i thorized t lors or groups in the organization who are authorized to use © Personal Security : it wil protect ie inaividual users or groups in the Org operations and organization. : 1 operations/series of activities inthe organization. operational Securty : # wil protect details of particul i iy : til protect communication techncloe media and content of communication © Communication Securit Fenner‘Management of Computer and information security data security Fig, 1.8.2: Component of Information Security = Orga system. 1.6.5 Need of Security - rovide security to informatior tion should implement tools like policy, training and education to provid ¥ mandi RNA Aa nformation security's the emerging Neld because of wide use of computers in day to day life, Information security is not only related to computer system or information but it-should apply to all aspects d ‘stepuarding ox protecting information or cata in any form or media, It Nery much important to protect system or network fr om unauthorized access or modification like- insertion & ‘deletion of some part of information, *euy means to protection of information or data In some form from unauthorized ee 1 Pree teormiatons sity ttn, ~ ite repos thet it anagement and Beneral management impler ps Protects the organizational ability to function, : Se — ~ formation ety "y's 4 Part of management than technology. For examp na management than mathematical ‘computations, et ee ae ~ Potent tment en, ma ; ty than technology which is implementing it ered ingen, business impact ana theese che ing information Security must address security in terms of iMerrURtion rather than ae Enables safe Operations of ‘Applications een “urity as a technical problem. fant for applications, 05 platforms ete. ‘he organizations infraNetwork and information Sean sere 134, troduction te Computer ntermation Secu = Hence it is need of a8 organization to create an environment that will protect such applications which are upning under organization's IT system, Such applications can either be purchased or developed by organization itself ~ Hence after setting infrastructure, itis job of management to observe It and hand over the responsibilty of entire infrastructure to IT department of an organization 3. Protects the data collected and used by organization Data fs the most important factor of any organization, without it organization lowes ite records of transac customers ete = Any organiz tion like government, business, educational institutes depend on information system to support various transactions. The valuable data attract attackers to steal or corrupt the data; hence the protections of data in mation oF st are the important for information security. Therefore management should protect the integrity and value of organization's data by implemen information security programs. 4, Safeguard the technological assets of an organization To work effectively, an organization should add secure infrastructure services whereas large organiz _ small businesses can use ISP and personal encryption tool for eral seri certificate to check confidentiality of the ran ructure (PKI) which uses digi vation erows, more rabust and secure technologies are required to replace previous S66 Hence, 2s organization grows, programs like Firewall 446.5/ Basics Principles of Information Security ee (s-17, 4 Marks) ancia Tie eo ay (S-17, $-19, 4 Marks) Explain GIA sony mode ‘dese, wer, 8-18, 849, 6 Marks) are ofinormation sec, Desebe wih neat Explain the three ol | ity with neat sketch, a Deserve pincipesofintrmaton security win Ns = [a Describe principles formation security ee goals of Fig. 1.6.3 snows the thrFig. 1.6.3: Security Goal are key requirement for security andit is also known 2s “Pillars of information Security”. the ideal approach for security. It is a layered security mechanism hence if failure of any of the security the aset is not completely ‘unsecure means ‘defense-in-depth’. 1s the concept of protecting an information assets and system with 2 series of defensive sin such way that fone mechanism fai, another will already be in place to stop an attack tion security, a system can be :Network and Information Security (MS8TE) 33, Introduet Review Questions to Computer & info Q.1 Describe the following terms, (@) Overwrting viruses (b) Stealth viruses Q.2 — Withneat sketch diagram, explain the follewing ()__ SYN flood attack. (ii) Bucket-Bridge attack - also known as man in middle atta Q.3 Describe different phases of viruses, Q.4 — Whatis computer security ? Describe any three functions of computer security @.5 Describe the term virus and worms wih example @.6 Compare Iniruders and insiders 0.7 Explain derial of service att Q.8 — Whatare diferent ways of spooting ? Explain @.9 Define term- Hotfix, Patch, Service P. @.10 Explain reply attack withthe help of diagram Q.11 Explain diferent crteria's used for classification of information @.12 Explain three pitas of information secur Q.13 Explain, why Information System is important? Q.14 Explain different levels used in classification of information Q.48 Explain terms - Asset, Threat and Vulnerebiltios aaaUser pass Guessin Pass Gen HerNetwork and Information Security (MSBTE) 2 This ‘mechanisms widely accepted because itis not ver dificut to implement ‘Authentication & Access Control A password must be set to user account or else attack ‘Or else attacker can ‘© Intercept the password when a new user account is created © Attempt to guess the password, © Get password from user through attacks like spoofing or phishing © Get password from system by social engineering attack or by accessing password file User plays an important role in password protection. Authentication can be compromised w passwords eit her by telling to someone or by writing it down in some place where peopl n find it. Guessing Password = Password selection is critical iss because of attacks of guessing a valid password. = Generally attackers are following two bi ic password guessing strategies Exhaustive Search : Here attacker possible combinations of valid symbols till certain length For Example - Brute Force attack © Intelligent Search ; Here attacker searches @ password with the help of user's personal inform umber etc, Many times attack tries popular passwords birth dat rds from dictionary) trying all pas: For Example - Dictionary attack cchniques which can be used by users = Hence, following are some prot the default accounts ike admin has default passwords lik © Default password : Many time: passwords are not changed by system admin then it wil help attacker to enter into the system easily © Length of Password : To avoid exhaustive search, set the length of password like in UNIX system password length is @ characters long > _ Format of Password : Password should have atleast combination ofthe following elements: 4. One or more uppercase letters (A-2) 2. one or more lowercase letters (3-2) 3, One or more numerals (0 - 9) ‘4, One of more special characters or punctuation marks (1@#S%Aand passwords : May attackers have lst of popular passwords and they can use dictionary attacks to © Avoid obvious hence itis best practice to avoid such kind of passwords. catch the obvious passwords, oe‘Authentication & Accoss Contry sword security: re Friguesthat system cn follow 0 ION" ‘* oe aoe wun password cracker Program £0 fd oy ally une its 0 periotcally it, Here System cap tem Iasword checkers In tis scene Ne SIM PET passotd then system cancels sth scheme wil prevent dictionary attacks agalng resource intensive if the job full CPU time to the task for hours op uessable or woak passwords. the system electing suc ber of drawbacks - It word file can dedicate ord ee is done right. Because g a notify and prevents the user from s the system. This method has a num strong-minded opponent who is able to steal # Pa even days er-generated passwords. The passwords Many opesting systems can produce Comput ve and can be proncunceable. In schem .sword Is pronounceable, the ser may have © Password Generator allowed to select their are reasonably random in natur wack ofthis scheme is Even though the pa own passwords, Draws Aificulty in remembering i Password Aging: n many systems the password can be set with is expiry dates, In such systems, they fore theie users to change passwords at regular intervals Some additional mechanisms can be provided to prevent users from selecting previous password. For Example- list previous 10 passwords used by us ‘© Limit login attempts : in many systems, monitoring meckanisms can be used unsuccessful login attempts if founé, then lock the user account completely or at least for certain time period. This will prevent ‘and disccurage further attempts. = Many time uses not infavour of remembering long and complicated passwords, Hi f paper which is Kept near the computer, where it is useful for both legitimate user al intruders ~ So, this will add a task to securty manager to search for such eee Such password notes posted on computer terminals and Wher passwords are Passwoids are changing frequently and users who find it dificult to ch ult to change password are t word are tempted to choose asswords whith are easy to remember, '¥ password is forgotten by user ond ney er sh a : Y User and asked for new password then : oe en user should follow all © to type it several times as well as not to ch ord precautions. When 'o change password before weekends 24.2 Password Attacks (817,548, w.48, s.49, 4 wars) S- ($17,848, w-16, 5-19, 4 marks) —W7, W18, 4 Marks) Toate Wore Piggyback Play! PIN to In this Ean shoulder shoul observ This at Both 0 isina| Dumpster ump: of info Dumps writter recyele Attacke the a Passwo hange lucky di Even th From hi on theAuthentication & Access Control Shoulder Surfing ~ Shoulder surfing is a similar procedure, where an attackers po: observe the authorized user entering the correct access code. jon themselves in such a way that he is able to “TW attacks by drect observation techniques ke looking over some one when he ls entering PIN or password ete Both of these attacks can be easly countered by using simple procedures to ensure nobody follows you to closely or Is ina postion to observe your actions. Dumpster Diving Dumpster diving is the process of going through a target’s trash in order to find litte bits of information. In the world of information technology, dumpster diving is 2 technique used to ratrieve information that could be used to carry ‘out an attack on a computer network. = Dumpster diving isn’t limited to searching through the trash for obvious ures like access codes or passwords written down on sticky notes. Innocent inforn tion like a phone list, calendar, or o jganizational chart can be used to assist an attacker to gain access to the network = Toprevent dumpster divers from learning anything valuable from the trash, experts recommend that the company ‘establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media Is eresed, and ell staif is educated about the danger of untracked trash = Attackers always need a certain amount of information before attack. ithe attacker is in the surrounding area of the trash in order to find litle bits of target, one common place to find this information is to go through the targ information that could be useful. This process of going through a target’ trash is known as dumpster diving. procedures are very poor, they may actually find user 10s and = Ifthe attackers are very lucky, and the target's secu! fords. We have studied earlier that the users sometimes write their passw ssw = ritten on without shredding i and in this way the changed, lucky dumpster diver can get @ valuable clue. rd down, When the password Is they discard the paper where the old password was wi ven though the attacker isnot lucky enoush to obtain @ pasword directly, they can found the name of employee and from that it’s not hard to determine user IDs for attackers. rom hardware or sofware manuals, which Is purchased by user may aso provide cues wht norbltes eet he target's computer systems and networks LIke this by many ways the attacker may gather 2 variety of ‘on the target's computer 5\ information, which can be useful in a socal engineeringattack. bresNetwork _ fer ena tiometr —bepend 2.2.4 Typ acto mete unuthrized acess to the aster. SOMe NeW SPBroath ig ing unique about he nda, a Q.__ Enlist isknown as biometrics. Jeto ws bate implementation in every fit orale, Thediady) = The idea of biometric is very sil to as, ag alysis of these measures. Other actual measurements but from the analysis 0} ‘does not come from the gathering of the act sethods to accomplish biometrics include handwriting analysis, retinal scans, iris scans, voiceprints, hand geome analysis, retinal scans, iris scans, voiceprints, ry, inch iting ssed to control access to computer systems and networks and also serve Ranges ‘end fil geometry etc. Biometrics can be used to cont _as.a physical acess control device. i Bia = _ Biometrics is the idea to map measurements of human physical characteristics to human uniqueness. If this can be Aine accomplished i 2 rela, repetabe fashion, the verifieation and identification of human incividuals By machine wae Become: @ resity. To that end, biometric is @ combination of human physiology, pure mathematics, and engineering. Fingerer DLs met regces fel large device. Ths device can be easly placed outside of a door to control access to eens Fe eran 1 com czas to a computer system, because a reader need te placed ae wit each compateror wth groups of comouters This is th network Limitations 1. Using the Feature extractor =] Ee] 2. The cost o Matcher 3. Using the 4 Itteanmak 2.2.1(B) Ha Fie. 221: Bio Fe ert someones uy 10-22.1:Biometic system ~ Handprint e's identity is muy ‘Might seem lke semantics, bur ee NUE less complex than id tify combines t recogni wt think about the ditier "tifVing a person, MAS toremne 80m wha yo, ee M ~ These syst ~ — Handprints ‘ational se —E2.2. 2.2.4(A) Fingerp: a Qa = Authentication & Access Control = For example, verification involve es telling a biometric system that she is Mary and then uses one or more set of _ biometric information to verify tha pees t she is act. eae ard see oenind as hry, ually Marry. Identification will be Marry walking up to a set of Biometric Depending on the application and objective, different “form facto 1 Types of Biometric FS" are more appropriate, = ee ‘Describe the classification of Biometric characteristics __ Enlist types of Biometrics. Explain any one Biometrics type in detail (8-18, 6 Marks) \t MSBTE : W-17, $-18,5-19 Explain fingerprint in biometric. (W-17, 5-19, 4 Marks)| Explain working of fingerprint mechanism and ts limitations (8-48, 4 Marks) {A fingerprint is the pattern of ridges and furrows on the surface of the fingertip and itis unique across the entire human population. Fingerprint involves a finger size identification sensor with a very low cost tric chip ‘Automated fingerprint recognition and matching system extract a number of features from the fingerprint for storage as anumerical substitute for the full fingerprint patter. This is the best option for most uses of biometric verification and its specially attached to specific computer and network assets. Limitations 1 2 4 en a person physically changes Using the fingerprint scanner does not take into consideration the cost of computer hardware and software programs can be expensive Using the fingerprint scanner can lea to fle rejections and fase acceptance sstakes with the dryness or dirty of the finger’ sin, as well as withthe ase Itcan make 2.2.1(B) Hand Print appropriate for fixed physical locations requiring very high assurance to identify, since it Handprint is usually most tially five different fingerprints biometrics. combines the hand biometric with essen Bese serns identify featuresofthe hand, incuding shops, and lengths and widths of fingers tare ae cee foe the raion anpleatons like data rooms, sensitive office zones/buildings, national ecuritfinteligence faites, and vaults ee FenKato will increase the possiblity to protect remote data reporting applications and hence tin the criminal justice and healthcare industries. bbermade much more reliable if each criminal had to call in Periodically to provide updated The entry could be authenticated via his or her uni : que voice pattern and recorded. Any offends} !2.2.4(F) Keystrokes _ Keystroke biometrics refers to the art and scence of recognizing an individual based on an analysis of his typing Biometric authentication and classifi ication procedures have traditional iological res have ly beon implemented usin 3 ‘such as fingerprints, retinas, and face, or using behavioural trai a oe hhas arisen as a hot topic of research only in the past two decodes, such as voice. The concept of keystroke biometrics Biometrics based on typing ‘more, ‘unobtrusive than conventional biometric procedures. : a Collecting data ri 3 person’ e ig data regarding 2 person's typing patterns simply requires a keyboard and some basic software to collect Ps Collection software is easily replicable whereas hardware is not. Because the primary hardware requirement for ceystroke metrics Is @ keyboard, keystroke biometrics can be collected from virtually enywhere throughout the world via an Internet connection without requiring an individual to be at certain locations with access to specialized hardware — Moreover, because each keystroke ic captured entirely by the key pressed, the press time, and the release time, the data can also be transmitted using low bandwidth The growth of Internet connectivity thus makes distributed mechanisms for authertication increasingly feasible and attractive = Afinal advantage of keystroke biometrics is that itis a relatively unremarkable measure. Fingerprint, retina, and fece ‘a particular body feature either within or in-ront of some scans all inconvenience the user by requiring him to pla eyboard is already a dally activity for many people; thus, keystroke biometrics machinery. By contrast, typing on 2 can be easily integrated into 2 person’ s dally rout 2.3 Access Control nS (S-17, 4 Marka)} Euplan the Access Control w.rt to security (w-18, 4 Marks)} ‘What s access control 7 same as that of computer and network access controls - to restrict access to = Use of physical access controls is the introls can be based on following points unauthorized users. Physical access col () Something the individual has, (li) Something they know, oF (ii) Something they 2”authentication & Access Contry oa are depends on something the . key. Each of tion Jocks jack. combina ce individual has f 1 deve #2 something th The most common physical eccess contte ee. individual knows i. combination and the tocks witl ‘has some advantages and disadvantages : sign-in logs. ~— security devices tke vide cameras and sign-in log al depend * = nadation to ocks, there are some other common physic pee en these are used i” ‘combination with T sigrin ogs provides arecord of access, and whe eee jes from attempting tO gain ace! f potential adverse individuat's identity, they can put of — Most common access control mechanism is 2 human security guard. a level of checking of individuals whO want access. A human — Many organizations employ 2 guard to provide an er have been unexpected but other devices are limited to their guard can apply common sense to situations that might Gesigned function, Having secuty guards also addresses the common Practice of piggybacking. | suppose one employee enters the combination and then opens the door another individual may follow the employee before the door doses to avoid re-entry of the combi tion. A security guard checking each individuals identification will eliminate such a type of problem. 23.1 Definition DSS [lo Deserbe tem Aczess L (W-18, 4 Mark) Access is the ability of subject to in act with an objec. Authenticatio a ication, deals with verifying the identity of 2 = Access Control isthe at Lis the ability to specify, to control and to limit the acce: he access to th availability integrity and confidentiality, host systems or application in terms of = Thisis used f0 prevent the unauthorize thorized user to access or modify the data ‘ter authentication, an individual can act ally access a system a F applicatioy ee, en individual attempting his, taverifyto the computer sstem or ee vetwork that the inc ate ‘through the use of a user 1D and Password, am "ha en mt to login to 6 in to acomputer system oF net ¥ claim to be. ~The most common method 2.3.2 Author Becess controls re nticat ‘ gulate wha ion Mechanism the individual can, actually ‘ally do on the system. \e‘Network and Information NSB) Access Corti, y Generally there are three methods used in authentication. fo) somethingyorknow : The most common authentetion mechanism ito provide «user 0 and Poseword should not be shored with anybody else, only You should know your password : {b) Something-you-have : This method involves the use of something that only vali users should have We lock and key. Only those individuals wth the correct key can be able to open the key {@) Something-about-you : This method involves something thats unique about you tke finger pint, ONA samples ete. 23.3 Authentication and Authorization @ Explain the following w.rt. to security () Authentication ()_Atthorizaton (S-17, W-18, $-19,4 Marks) = Access tells that the subject/principal is accessing a object with some access operations. — Reference monitor is used to grant or deny the access permissions. Subject r Operation Fig. 23.1 : Fundamental model of access control Object Monitor — Access control mainly consists of two steps © Authentication : Verification that the credentials ofa user or other system entity are valid. act ae erating of « right or perianon to x rer ema £2 Reet ENS resource. Ths function determines who is trusted for a given purpose: 2.3.4 Principle imate user of a computer system can = The purpose of access control is to limit the actions or operations that a le perform. cating on behalf of the users are allowed = pecess control Kits what a user can do directly, as well what D8 sms executing on behal todo. vn specifically assigned for an individual or the © Principle of Least Privilege : It states (hat if nothing has bé groups, then the user should notbe abe to access thot ‘resource Le. Default no access scp ot curios sates ett something DS Bo specicay assigned for annual ofthe gFOUPS then the air should be abe to acess hat resource ont ae 1 areal a: the asin shalt DF ven acces t the specie Information hat they job duties. absolutely require In order to perform thelt‘and access decisions determined, implement a policy. ‘tions which can be configured to imp of the environment which ‘oF programs execut if ‘An object is a passive entity that contains # executing on behialf of users. An objet ae typically users x an ane Of access rights depends upon the Execute and Own, ‘ensure that i i achieved by my rations authorize Subjects on ob = 'd by the access control matrix that © monit : re 'nitor, Which is TesPonsible for mediating all ‘executed, Th *Perations by BH Only those ope, INS Of a refeyInformation Securty (MSBTE) 2. 12 Authentication & Access Control int: in Table 2.32, the systems having a track of two processes two files, and one hardware device. ~ John can read both File 1 and Fite 2, ‘but can write only to File 2, John cannot access Process 2, but he can have ‘the ability to write to the printer. AYE: Fat eae Process’ and Process 2. ace can reid ds wal ad wit both fies: Im alorge system the access matri willbe huge in =», and most ofits cells are likely to be empty. ‘The access Control matricis rarely used in computer systems because its extremely costly in terms of storage space and processing. 2. Access Control List (ACL) Theimplementation of access controls ina system may vary, but the Access Control Lists (ACLs) are common. ‘An ACL is nothing more than a list that contains the subjects that have access rights to a particular object as shown in Fig, 2.3.2, The list will identify not only the subject but also the specific access for the object. Process ohn Alice AWE E “ RE | File {———+_dohn pee xe aw | RW E ma Alice File 2 by es = RW a Alice Price" 20 a w Fig. 23.2: Access Control Listthe ening ACL wth an empty 0 to do access review with respect each object in the system to examine the ACL of Used to implement access contos in a computer system or network is not important but ty shouldbe based on a specific access model. ities in order to test for adequacy of system to detect breaches in security, and to* one poly states that» parla access mut be ‘need to be resigned by negotiations at an appropriate level of $ Control (DAC) o aes pa ba “9 moans of restricting access to objects based on the identity of subjects = _ It controls the access based on the identity of the requestor and on access rules (authorizations) stating what requestors are or are not allowed to do, Discretionary protection policies decide the access of users to the information on the basis of the user's identity and authorizations (or rules) that specify, for each user (or group of users) and each object In the system, the access modes (e.g., read, wite, or execute) the user is allowed on the object, Each request of a user to access an ‘object is checked against the specified authorizations. ‘The controls are discretionary in the sense that a subject with certain access permission s capable of passing that ‘permission indirectly on to any other subject. = ifthe system is having discretionary access controls then, the owner of an object can decide which other subjects may have access to the object and what speci yecoss they may have, = The permission bit used in UNDCbased systems & the common method to accomplish this. The owner of 9 fle tan specify what permissions (read/ wrte/execute) members in the same group may have and also what permissions all others may have. = ccess Control Lists (ACL) Is another common mechanism used to implement discretionary access contol pe fesiatey of ciscretionary access control pollcles makes them suitable for a varity of syHems and applications. Bc chess ressons they hove been whiely sed Ina variety of Inplemensations, ‘especially in the commercial and industrial environments. However, discretionary access control policies have the drawback that they do not provide real assurance on the flow of information in a system. ttis easy to bypass the aecess restrictions stated through the authorizations. For example, a user who Is able to read data can Past it to other users not authorized to read it without the = For example, knowledge of the owner. 2, Mandatory Access Control (MAC) es decide aces on the basis of cassifeation of subeets and obec In te system Each user i ~ ade rom is assigned security level. ‘and each object in the sys" nd is 4 in environments where afferent levels of sect clasifiations are there a = Generally, this system Is use ‘of what a user is allowed to do.ys the label attached to every subject and object and this label will identify the level of classificatig ct and the level that the subject is entitled to. ‘consider an example of military where the security classifications are Secret and Top Secret. On with @ Top Secret clearance may view Top Secret file. It is up to the access control mechanism tq thatan individul with only a Secret clearance never gains access oa file labeled as Top Secret. Similar, | eared for Top Secret access will not be allowed by the access control mechanism to change the ‘lasification of a file labeled as Top Secret to Secret or to send that Top Secret file to a user cleared only for | ‘Secret information, ~ Mandatory secess control can as well be applied forthe protection of information integrity. ‘Access Control (RBAC)Cryptography Introduction : Plaintext, Ciphertey Plaintext, Ciphertext, Cryptography, Cryptanalysis, Cryptology, Encryption, Decryption Substitution Techniques : Caesar's cipher, Modified Cac: 1's Cipher. ‘Transposition Techniques : Simple Columnar Transposition, Steganography : Procedure, Symmetric and Asymmetric cryptography : introduction to Symmetric encryption, DES (Data Encryption Standard algorithm, Asymmetric key cryptography : Digital Signature. 3.1 Introduction Because of Internet, millions of computers are interconnected. It allows nearly instantaneous communication and transfer of information, around the world. People use email to communicate with one another. The World Wide Web (WWW) is used for online business, data sharing, marketing, research, learning, and many more other activities. Here, the main issues about the security of data which s being shared. Hence, the Cryptography is used to makes the web sites and electronic transmissions secure 3.1.1. Plaintext CSA @,__Define term Paint aS (WAT, $194 Mi - nt wt mean anyone who knows the language can easly read the message. The Plaintext is also known as cleartext mean any’ me wn as plaintext: ~ The original message Is known 9 3.4.2 Ciphertext (W.17, W-46, 8 -10,4 Mark) Define term Ciphertext. the Plsntet i colfied withthe help of any suitable scheme, then the resultant’ message Is known a Wher Ophertext. The coded message is known as Ciphertext(Ea sent art and scence of wing in secret message. In areas like data and telecommuni nee communicating over any un-trusted medium; it includes - any n Unreadable message 7 sn the original M17, W18, 8.18, 2 Mark NSS2RC itselt ig ‘able for Mat without kn q z owing howNetwork and information Security (MSBTE) 3.4.8 Cryptology (ene : (aa (WAT, W48, 8-19, 2 Marks) 33 ~ _ Itis a combination of cryptography and cryptanalysis, Ey - ee) - [Eom] Incryptography, a cipher (or cypher) isan algorithm for performing eneryption and decryption. ames | peas = Fig. 3.3 : Conventional Cryptosystem Model 3.4.6 Encryption Q,__Define term Encryption (WAT, $-48, 2 Marks} = The encrypting procedure is varied depending on the key, which changes the detailed operation ofthe algorithm A Key must be selected before using a cipher to encrypt @ messate, Without knowledge of the key, if should be dificut it not nearly impossible to decrypt the resuting cipher into readable plaintext ~ ntechnical term process of encoding Plaintext into Cphertext message i known as encryption, ee cae Fig. 3.1.4 : Eneryption Process 3.1.7 Decryption (W7, 2 Maris] Q.__ Define term Decrypiion. process of transforming Cipertext messages into Paisex or original text message is known 35 Cipherien’ } —+C Decrypt Paaintext Fig. 3.1.5 : Decryption Process+ transforms a Plaintext message nto Ciphertext with the kations, the sender’s compute message s sent to the recelver over anetwork Le. Internet: st receiver's end then takes this encrypted message, and perform the reverse of encryption decryption process to get original Plaintext message. For encrypting aplaintext message, the sender performs encryption with the help of different encryption algorithms, | For decypting a received encrypted message, the recipient performs the decryption with the help of decryptigy Receiver ae jae Plaintext > tf Fig. 3.4.6 : Encryption and ind Decryption 32 Substitution and Transposition Technique (S-18, 4 Mar ‘Substitution andThis method isinvented c Gpher. by Jullus Caesar, who used it to communicate with his generalshence the name Caesar's The transformation ‘othing but the ln eee PAG on Ge, a age aie habet rotated left or right by some number of positiors. For example - a Caesar cipher Using a left rotation of three places ie. shin=2, For Examples : () Plain: ABCDEFGHUKLMNOPaRSTUYWxyZ Cipher : DEFGHUKLMNOPORSTUVWxYZABC (i) Plaintext: “come Home TOMORROW” Ciphertext : “FRPH KRPH WRPRUURZ” To encrypt a message, simply lock up each letter of the message in the “plain” line and write down the corresponding letter in the “cipher” line. To decipher, do the reverse. (i) Plaintext : “the quick brown fox jumps over the lazy dog”. Ciphertext : WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRI. (Pk fent : "HAPPY BIRTH DAY TO YOU". Ciphertext : "KDSSB ELUWK GDB WR BRX". = The encryption can also be represented using modular arithmetic by first transforming the letters into numbers, according to the scheme, A = 0,8 = 1,2 5. Encryption of a letter x by a shift m can be described mathematically as, E,@) = (+n) md 26 = Decryption is performed similarly, Da (x) = (x=) mod 26 2. Modified Caesar’s Cipher jn this version an alphabet A’ canbe replacad by any other alphabet inthe English alphabet sete, Bt Z.$0 for = Inthis version an alphal each alphabet in string we have 25 possiblities ofrelacement Jc on a Ciphertest message, wherein the attacker attempts to use all possible permutations and = An attack on ‘combinations is known as a Brute-force attack. Convert plaintext into cipher text by using simple columnar technique of the following sentence jonve' Basak: Conver re oe exale Planted —“ALL IS WELL FOR YOUR EXAM: it with the help of Caesars i i @ | AM A HACKER’. Encrypt Consider a plain text messag ‘technique with steps. + Consider plain text “INFORMATION= and convert given plain text into cj ‘Cipher wits shift of postion three-wrte down Steps in encryption,Network and information Security (MSBTE} a7 Cryptogran ‘The word ZEBRAS {Is of length 6 ($0 the rows are of length 6), ‘and the permutation is defined by the alphabetical order of the letters in the keyword, ne {In this case, the order would be "6 3.2.41 5" Plaintext = WELCOME HOME with Key = ZEBRAS (Length s 6 Consider the rectangle with 6 columns because the length of key is 6 = Write the message in rectangle in row-by-row manner 1 aang 4 5 = w L c | o M ie 4 o | E | BIT Now, read with sorne random order of 4, 63,2, 5,3 The Ciphertex is CMMWEEHOELO" Plaintext = Come Home Tomorrow withkey STAs length of key is 6 the rectangle should be of 6 columns. Now write Plantes mesioge In these columns row by-r0W, cotumn a columa 2|estumnn | estunn | column 3| Column 6 eee ie ies £ Tab |eolw | Luuh|ana a a | o | wl a} =~ Now, read the text of column inrandom order lke (4, 6, 1, 2, 5,3) Ciphertext = “EOWOOCMROERHMMTO™ Algorithm. row ina rectangle of a pre-defined size. Write the Plaintext message row-by “ Bi read fressene coluran-y-colurm. However, (tran be any order We 2,3, ec 3. The message thus obtained Is the Ciphertext messoee.Transposition Cipher = fe | in cryptography, a transposition cipp ion cipher is a method o ‘ In cryptography, a substitution ciph encypion by whch unis of intext aerepoced wth | method of encryption by Which the pop Fe sangros onda ser held by uits of plaintext - 2. | Method of substitution is used, | Method of transposition is used, z Sele. | Plaintext : ABCDEFGHUK | WE ARE DISCOVERED. FLEE AT ONCE, 4 f Eee | cate , Fomlace WECRLTeERO Soee# enaca DEN q Where, =5 a i: (S-17,4Meh RR (W-17, W-18, 4 MatNetwork and information Secunty (MSBTE} a9 crples Think of alll the bits that ‘Fepresent the same. color ‘els repeated in a row. By applying the encrypted data to this way, the result willbe data that appears te have the “noise” non-encrypted data. A trademark or other sometimes known as @ watermark, ‘redundant data in some random or non-conspicuous fecarts of Teaular, Identifying symbol hidden in software code is Disadvantage isit requires a lot of overhead to hide afew bits of information Once the system is discovered, it becomes some sort of key. ually worthless. This problem is solved by insertion method which uses ternative is, frst encrypt the message and then hide using Steganography. Advantage is that it can employed by parties who have something to lose should the fact of their secret ‘communication be discovered. Encryption flags are important or secret or may identity the sender as someore with something to hide. Terminologies used in steganography : 1, Cover-medium : Data within which 2 messages to be hidden. 2. Stego-medium : Data within which a age has been hidden 3, Message : Data that is or will b= hidden within a stego-medium or cover-medium respectively 4 Redundant Bits: Bits of data in co can be modified without compromising that medium's integrity 3.4 Symmetric and Asymmetric Cryptography Sa i Gi Describe symmettic and asymmetric key cryetosraphy (S-17, 4Marks} quences of processes or rul = Gryptographic algorithms are nothing but th which ore used to encode and decode messages in a cryptographic system. = There are two types of cryptographic algorithms, Cryptographic Algorithm () Symmetric Algortin (@) Asymmattic Agorthm Fig, 3.4.1 : Types of cryptographic algorithmstion ? Explain the components of symmetric encryption. hr with suttable cagram. 2 Explain each step in detail with help of diagram. In symmetric algorithm, the same key is used for eneryption and decryption. Hence this is also known as single key op secrete key or shared ey algorithm. This key has to kept secret, sender and receiver uses the same key to reag ‘encrypted data. The keyis only known tosender and receiver and no one else. - vE = The sender and receiver must agree on a key before they communicate. To set up private channels with diferent "Parties, you need a new key for each channel. Maintaining a large number of shared secret key can become a quite = tedious task. = Encryption algorithms ar divided into two types Es 1. Block Cipher : A block cipher encrypts 64 bt blocks of data it blocks of dat, with a complex encryption function. Securty of ‘ese cphers totally depends on the design ofthe enc “i ign ofthe encryption function. block cipher encrypts tothesame document allunder thesame key. eee io 5 teps 2 Stream Gpher: it encrypts small Goher: encrypts smaller blocks of plaints dat, usual isi Paintextunder a continuously changing keys, "a cod Stream, Security of th 2 Initial Per Se Seatt ey Shared 7 | Secret key Sha Senderenteccve | Somer Satedy samen estage Paintet Message Cipher PPe" algorithms. DES wasES consists of 16 steps each of which is called a3 round. _Fach round performs the steps of substitution and transposition techniques for scrambling of the characters, bit Plaintext biock is handed over to an Initial Permutation (IP) function. Initial Permutation is performed on Plantext. Initial Permutation ap)key. 4 wn 5 through 16 rounds of encryption process, each with itso . an eal [Permutation (IP) happens only once. IP replaces the first bit of original Plaintext block with 5 yy Plaintext block, second bit with the 50" bit and so on. Plete transposition table is used by IP and should read from left to right. "Afters done, the resulting 64 bit text blockis divided into two half block, each with 32 bits (LPT and RPT), Now, 16 Rounds are performed on these two blocks, F2ch16 Rounds are consists of following broad level steps,4 Block 2 (bits) Expansion Permutation ~ Next, each 4 bit block of previous step Is expanded to are added. These bits are actually the 1 ® corresponding 6 bit block Le, per 4 bit block, 2 more bits ated First and fourth bits of the 4 bit block, ~ This process results into expansion as wellas permutation of the input bits, While creating the output. ~ 48 bit key is XORed with 48 bit RPT and resulting output ls given to n S-Box Substitution step, = This process accepts the 48 bit input from the and produces a 32-bit output usi XOR operation involving the compressed key and expanded RPT ig substitute technique. = The substitution is performed by & substitution boxes, and it h bit input and 4 bit output = The 48 bit block is divided into & sub-block = The output of each s-Box is combined to form 32 bit block and given to next stage bit sub blood 48 bit pul block bit eub bie ‘S-BOx 'S-BOX. ‘880x 1 2 3 Fig. 9.4.7 : S-Box Substitution P-Box Permutation = The 32 bit outputs are permuted us = This involves simple permutation. the block indicates that the bit at position 16 of the original input moves to abit at position 1 ple 16 in the block indicates thatthe bit at position 16 For example ~ 16 in t in output.4 with the output preduced by P-Box permutation. portion of the intial 64 bit text block s KORE | permutation is the 64 bit encryption block. 2 Original 64 it Plintext block q U ‘S2biLLPT block 82 bit RPT block oe = I 1 Soir] [Rewari] Fig 3.4.8 :XOR and Swap y XOR $42 Asymmetric Key CryptographNetwork and Information Security (MSBTE) er eae = Ifthe user’s secret Key is, in fa messag t, secret, then it follows that the user, and not some impostor, really sent the Receiver Receivor i t Private Koy Public Key == |—[ireveten Decypnon] f= Algorthin ; gout Plairton | “ad menage + Sender. Receiver > ri |. 3.4.9 : Asymmetric Cryptography ~ _ Users can send secret messages by encrypting a message with the recipient's public key, In this case, only the intended recipient can decrypt the message, since only that user should have access to the required secret key ~ _ The key to successful use of Asymmetric Encryption is a Key Management system, which implements 2 Public Key Infrastructure. Without this, it is difficult to establish the reliability of public keys, or even suitable ones. conveniently find = The main advantage of asymmetric cryptography isthe security ofa key. 1, Digital signature = Adigital signature is an tronic signature = tis usedto authenticate the identity of the sender or the signer of a document = thas ability to ensure that the original content of the message or document that has been sent is unchanged | Digital signatures are used with any kind of message and easily transportable. It can be automatically time | stamped. = {fa message with digital signature arrived means thatthe sender cannat easily repudiate it later = -Acigital signature canbe used with encrypted or Paintext message so thatthe receiver can be ensured the | identity ofthe sender and the message received is original or tampered | = Adiga certificate contains the digital signature ofthe crtfiate Issuing authority (CA; hence anyone can verify that the certificate is real or fake. cieital signatures are based upon both hashing fnctions and asymmette eryptography. Both encryption methods play an Important role when signing daital document. sents | _ iy m= _[pear | = HEH HesHse wMessoae cents Fig. 3.4.10 ; Block Diagram of Digital signatureSSC using sender's public key x0 101100110101 = 101100110104 Hash Hash Withe hashes are equal, the signature is validWSETE 37 that information may not be = When ownership of a digital eet that anes “= eae Secret key is bound to a specific user, a valid signature shows that the message 30 ‘ies ortance of high confidence in sender authenticity is especially obvious ina financial = For example, suppose 's fee pose @ Bank's branch office sends instructions to the central office requesting a change in the Be 2c secOUnt. If the central office i not convinced that such s message Is truly sent from an authored Source, acting on such a request could be a grave mistake 2. Integrity In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change ‘an encrypted message without understanding it (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not) = However, if a message is digitally signed, any change in the message will invalidate the signature. — Furthermore, there is no efficient way to modify 2 message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions. Disadvantages = The algorithms and protocols of digital signature will not provide certainty about the date and time st which the underlying document was signed time stamp with the signature, or the document itself might have a = The signer might, or might not, have included a date mentioned on it, but a later reader cannot be Je can be made impracticable by using trusted time stamping in addition to digital stain the signer did rot, for instance, backdate the date or ime of the signature. Such misus signatures. Non-repudiation ic 1c of disctaiming responsiblity for a message. xt, the word repudiation refers to any act of ciscaiming resp = Inaeryptographic context, ure in order to make later repudiation more dificult, since i insist the sender attach a signature in o — Amessege’s recipient may ins 1d message to a third party (e.g, court) to reinforce a claim as tits signatories and the recipient can show the signe Integrity. user's private key will mean that all digital signatures using that key and so ostensibly over a user's pri 2 user cannot repudiate a signed message without repudiating their ~ However, loss of control ‘from’ that user, are signature key. suspect. Nonetheless,4 i the key compromise) can, new documents (after jo new docul ‘invalidation. lic-key so the association user-key is certifieg, of publi was cs rut ctory. It is a matter for the al a Pcs e, period of time if a non-repudiation of data servi . cig | ld certificates the authority to keep ol i Cryptography Asymmetric Key tography and ‘of Symmetric Key Cryp' Asymmetric Key Cryptography S used for encryption and decryption, 2sSingle Key cryptography, Sul be agreed by both. sender and wo separate keys are used for encryption and decryption Known as Public and Private Key encryption. No need to agree on keys. ————_ ~ More Security, pleto implement, ——— ryptography, = Pata Encryption Standara (0&5), For example - Digital Signature, Review Questions Showy, Comanayg and Cry Substitution ang /Ptology, anSstion chniauegy mete ery ptographyjbo Firewall Need of Firewall, types of firewall » Pack atoful Packet fiers, Agpleation 4 gateways ees Firewall Policies, Configuration, limitations, DM Intrusion Detection System, Vulnerability 4 th Host-Based 105, Honeypot emer irowal 4.1.1 Need of Firewall Toa FEIT Esplan need for frowall and explain one oft type of Sea ingran Wal dear sation of both, wich wall nspact etivor rai passing ihrouK = firewall can be hardware, software oF # bated on a set of rile and either accept or reject the mers an betwen private (rusted) aatwonks and public (wn irst 4) notiark and tl inp a The firewall Is # par traffic (packets) which Is passing throuel I = The firewalls should have following atibute 6 Allthe traffic should pos through the firewall The firewall should alow only authorized attic ean stop attacks 6 Thefirewall evortoaved abvaate and at he sare ue shad of pronectinn ® = ithe effective me sliows for accessing tna outude WON! rhe avon rotons ane tereresources of a private ‘own private data resources ide resources that ram - It examines each network packet to determine ists on behalf of workstation users ina network. work hence the incoming I sfreva sins special computer and itis separated from the net pe conie methods - the simple one is to sereen the requests to ensure that the trafficis from. inname and Internet Protocol addresses. users, firewall allows remote access in to the private network with the help of secure logon procedures traffic must passthrough the firewall either from inside to outside, ci access t0 the local network except via the firewall. and vice versa. This is achieved by physicalFirowall & Intrusion Detection System Typically the router ® sonfgured to fter packets going towards and coming fom the iteral network Fitration rules are based on information ofa network packet ioe a onl ress’ Thain adress ofthe system who generates the IP Packet. igs rer aches " public WANS, and the Interne! = Be ceonni ere during transmission. econFig. 6.2.2: IPSec transport mode the transport layer payload, adds IPSec Header and trailer encrypts the whole thing and r Thus, the IP header is not encrypted. ‘encryption of source and destination IP addresses, as well as of the data itself. This provides Transport [Transport layer Payload Newark yer TPAD payaad#23 Protocols - AH and Esp nee A] Ip packet consists of two portions “ {) IPHeader wi) Actual Data = The PSec are implemented by adding the Phe, ler to standard default iP header. = Such extension IP header follows the standard ph = Basically IPSec offers two main services ers © Authentication ‘9 Confidentiality — Every service needs its own extension header. Hence for above header for authentication and another header for confidential s,1PSec defines two IP extension headers ~ one IPSec consists of following two main protocols 1. Authentication Header (AH) Bi mld cm on catainny sures he tery of the da Ho mines ok Ges Ss = ay protecting the non-changing elements in the IP header, the AH protects the P entication. optional anti-replay service ‘address, which enables data origin auth sum for contents of the packet. The AH header is der in an iP packet with a rypLoBraPhic 1d between any subsequent the security resides completely in the contents of — IPSec AH is a heat packet contents. There is no need to changes ted between IP header an simply inser tn this way, the data contents of © pocket a tunnel mode : transport mode and tunnel made can work in two modes t2 ... er (AH) is placed in between the original IP header and the an yt mode : Here, the Authentication Heat transpor “a IP pad origina ToP header of the? P ket is authenticated and the AH is placed between the te original IP aK header has the final source and destination IP address, se inner IP p address. nel mode, complet 1a cane! mode: n 1 net Original 1p Header #r whereas the outer IP hea der may contains ers( Network Securty, Cyber Laws & Standards BB tunnel mode : It encrypts an entire yp Packet. H ong with the ESP taller is encrypted, 1p h ere, the ESP header is ixlormation. Therefore this packet cannot impossible. Therefore, Drefixed to the packet and then the packet fon address as well as intermediate routing wise, the delivery of the packet would be 4 which contains suifcent information for routing, forkey management and exchange, three protocols exis s 'eader contains the destinati be transmitted as it is Oth @ new IP header is adde : 4g. Internet Security Association and Key Management p ocol ISAKMP) o Oakley Secure Key Exchange Mechanism for internet (SkEMI) gis Bay menseement protocols can be eotectively refered to as intemet Key Mariagemént Protocol (WMP] oF Internet Key Exchange (IKE) IPSec does not require any specific security algorithm or method of implementation. It is an open framework, which will allow vendors to implement existing industry-standard algorithms suited for specific tasks. IPSec provides different security technologies which can be combined into a comprehensive solution to provide confidentiality, integrity and authentication for networks. In IPSec security process, it uses cryptographic keys and has both the manual and automatic distribution of keys 2s. part of the protocol series. ‘Automated is the default method of key management and is typically referred to as IKE. IKE authenticates each peer e exchange of session keys. in PSec and consults the security policy, including the exchange of ” 53 Email Security [eens (Sa (wear. & rks] ication on the Internet. Using Emai, user can send a text, jely used appl ‘ete. to other Internet Users J most wid Electronic mail (Email) th 1 sounds messages, pictures, videos and oa ges has becomean ex security for Email essze ee Nowa days security sonsered a wo portions Contents ond ade, sla to Be fea ermal tranemission, the eas © or text Email transmission, .™ header tines which ae fotowed by the actual message contents means sists of a number 10, Subject and Date. Every Email message © v gepwords are-FFOM, ion. Header a keyword, folowed by # °°! irotocal that specifies how computers exchange electronic inser Protocol (SMTP) is a TCP/IP protocol = ‘Simple Mail Tra Ieworks wth Post Office Protocol (POP). nse” based, which means the.email client software at the se ‘ based, which mes email client SMTP is “request/respor inder's end gives the enay message tothe SMTP server. ‘Adtually, SMTP server transfers the message to the receiver's SMTP se ver. The job of SMTP: mall isto cany ny tenail message botwoon the sender and the receiver, Ifrovdes ama exchange between sender and receiver onthe same or different, computers, © Mean send a single message to one or more recipients, and it also supports © Sending message can include tet, Voce video or graphics, © Reanaiso send the messages on networks outside the internet. SMIP uses TCP port number 25 for his (0 Atthe senders end, an SUP server takes the message sent by auser’s 5 computer. (Ax the sender's end, the SMTP server atthe sender's then t nsfers thi ” Wransfers the message to the SMTP server ofthe receiver 8) The receiver's computer then ‘26s the email message fram SMTP sey Protocos ike p ‘wera the receiver's end, using other emal Ts PetOCOK (POP) or internet, Mail Access Prot tocol (IMAP), pe The PED Fig.Mes itself with "220 Service Ready” Service Reac Bi) Ts Barter eerie Ret with the He. command {€) The receiver accepts the sender's dentiiat ification with *2 00K 12) Wthe mall serice on the destinations not avatabe, the 4 }9t avalable, the dest 10S is terminated, reply in step 2 and the pro on host returns a "421 Service Not Available” 2 Mail transfer: After the connection has SMTP receiver been established, the SNTP sender may send one or more messages to the There are three logical phases to the transfer of a messa (2) AMAIL command identifies the originator of the message (8) One or more RCPT commands identify the recipients ofthis message. (€) ADATAcommand transfers the message text 3. Connection termination : The SMTP sender closes the connection ia the folowing manner; (2) The sender sends a QUIT command and waits fr a reply jor the TCP connection. (b) Sender initiates TCP close operation f after sending is reply to the QUIT command. {c) The receiver initiates its TCP close 63.2 Privacy Enhanced Mail (PEM) eas ing of Fei less onal ae masts internet standard which provides the secure exchange of electron mall ) is a ~ Privacy Enhanced Mail (PEM) allows confidentiality, authentication, and integrty. ic techniques that all eof erypteeraphi wer to make _— isnot modified during transport from the sender. sure that a mess lows the us | camels 1 the PEM message which he has received is truly from the verity tha ys 3 user {0 ~ The sender authentication ol person who claims to have se" ~The confidentiality alo smother people. kept secret fromother peop "M support ain : a ins of encryption, nor-repudation and a cxyptographic functions > PEM supports three m2![1 CaenealConerion_] zp Serie met that has a TCP/IP stack, regal SS only thatthe amet hing is represented di rently in these differe Ste i PPI bay 00 tore the Sender’s digital signature, as | Vee =Senders pevate keys Teation of the sender's digital signature over the email message ‘step 3: Encryption = Here original email and the al signature are encryp Gpher Block Code (CBC) mode is used ny pce Torsyr@yancozm 8 Frome ate ctcoa Suwjea Meeting J Step4 : Base-64 Encoding = This process transforms arbitrary Binary = Inthis step, the binary input is processed In DIOS de up of 4 ets, = These 24 bits are considered a5 made WI character in this process. aT NOOO prorarororo1oooetwe they are unreadable by unauthorized users or in How it works 2 This is used for encryption and decryption of e-mail over the Internet. Tis pct used to send an encrypted cgtal snsture because ofthis the receiver can verily the sends identity and he understands that the message was not changed during transtnission. Pretty Good Privacy (PGP is freely avaiable and cost very low for commercial version. Basically itis Widely used as ¢ Privacy ensuring program by individuals and also by many organizations. Ben's Gevelopet by Philp R. Zimmermann in year 1991 and become a standard for e-mail security, Rican used to encrypt the files which are being stored hen truders, Authentication ‘The sender creates a message, ey and the results pretended to the message. ~ The TSE Sender Pubic ato dept ang ecover the hash code. ~The receiver generates anew 2 Pew hash code fr the mess S8ge and compares it wi eee a “ompares i with the decrypted hash code. i match t Confdentiaty ~ PSP provides one isk ser oom Mee: contdentaity. tis py ay "Y. Its provided by S7aVited message to be transmitied AEM © Rete eects meg, message only, ‘ 88 a session key for this v f aa Wee a54 Public Key Infrastructure (Pxiy Cyber Laws & Standards 541 Introduction _APKlisa structure which provi des all of the eseatial components fr differ ‘communication in a predictable manner, ent types of users and entitles for secure = APKI is made up of diferent components tke -hardwa d = re, a ic isa algorithms, protocols, Users, and utilities, such components work ‘together and allow communication eo TIME SEY CIYEADETephy and syrnmetic keys for deal slgntures, data ‘encryption, and integrity. Plications, policies, services, programming interfaces, ; 1 2 PKI application and protocol because the same type of functionality s provided by different applications and protocols 4.” Hfperson A and B want secure communication, then A can generate his own public/private ley pair and send is Public Key to B or place his public keyin a directory so that will be available to everybody. 2. WB receives A’s public key, either from him or/and from a public directory, then what is a guarantee that it really A’s public key? It may be a possibility that some other person is masked as A and replaced A’s public key with his/her own. if this happened then, B would believe that hisjher messages could only be read by A and that the replies were actually from him/her. However, he/she would really be communicating with C not with A. 3. S, itis necessary to verify an individual's identity, to ensure that a person’s public key is bound to their identity. Registration authorities and certificate authorities in PKI environments are providing a same service like RO. R Directory of pubic keys 8 a ST ae key {Department of Motor Vehicle). 5 Enorypied wah Ce publickoy nerypted with Ke pu Key Wesa0e. R © rig, 64:1 Public Key Infrastructure then the regstration authority wil ask for a proof of identity ee ‘wit validate this information. When there are some ¥ requesting {rom the individuat whe = 244advice of the certificate authority to fenerate 2 corte = aurhorty wil take 2 te using its private key. When 8 receives A's certificate ang ies toe reer nthe certificat 1/she will Believe that “The certificate authority will digitally sign the authority that ha/she trusts, he/ the ate cote aly digtaly signed by a certifi sts the certificate authority verifies that it was actu he/she trusts A, but because he/she tru: - \'s not because | ad ceric s actualy ®'s igital certificate is Publi pee grees horn The component of digta A’sand a ee of certificate authority, ths tells that the certificate is trly A’ and that ie = e ital signature of certficat is public key, +0, when 8 verifies the Soe ‘A's and in this way A's identity is bound to his pt cerifate containing public ough encryption process without prior authenticate himself to B and communicate with 8 throug! 1 2 ia Pro ENC aie isting relationship. Once B is convinced of the legitimacy of 4’s public key, communication or 2 pre-xistin he/she can use to enaypt and decrypt messages between her/him self and A, as shown in Fig, 5.4.2. encrypt es self and A, as sho is as corticate a eS] As pablo fey Fig. 64.2: Public Key in cigital certificate 542 Certificates Adel ceritene combines an indviduats identity 0 a public ke thoes ets be assured stout the pub y. Digital certi 6Y Owner's identi 'Y. The certificates are ¢ ined all the information ‘ated and formatted based on the K509 standard, which tells the necessary fed ssble values that can inserted into the fields. Follows, 1 L700" La & Standeny cei Cert4. Signature Algorithm ; Identifies the hash certificates. ng algorithm and ital signature algorithm used to digitally signed the 4, tensions = functionality. allows additional data Can be encoded into the certificate to expand the certificate's Cerificate Attributes There are four main types of certificates used : End - entity Certificates : These are issued by a CAto a specific subject. Such as accounting department or a Firewall 2, CA Certificate: withi + In the case of stand alone or root CA's, it may be self signed or it may be issued by a superior CA 2 hierarchical model. In this model the superior CA gives the authority and allaws the sub-ordinate CA to accept request for certificate and generate the individual certificates itself. When a company needs to have multiole internal CAs, then this may be necessary. Ditferent departments within an organization need to have thelr own CA servicing their specific end-entities in their section. Cross-certificates : These are used when independent CA's establish peer-to-peer trust relationships. Simply put, they ‘are amechanism through which one CA can issue certificate allowing its users totrust another CA. ‘A. Policy Certificate - A Policy certificate is used for placing poy information. Within sophisticated CAs used for high-security applications, a mechanism isrequird to provide cerraly controlled poy information PX cen Certificate Extensions ed to provide more functionality in a D icatows inserting adetional information within the certificate, which canbe used to prow functionality PKI implementation. = _Certficate extensions can be standard or private remented for every Pt implementation. 1 Standard certfeate extensions are implemented ne sare detned for pec organiations 2 te 2 Private certs oe cates to best fit their business nees is, different, specific uses for digital cerun at can be plemented one bing ay urge extendon, Ker use erent that can be i in be used. oe within the certificate c¢ There are many di 2 state how the public key that is hel stension are > Thekey examples of certificate © ee verify digital signature jsused t0} © _Digital Signature: The FeY rment sThe Keys ution. ae Jata and cannot be St em armen sed tover exces tea ker used‘ rificates. F ‘gn The key is used to verily CA signature on ce - te key used when a non repudiation service is beng provided, 5 fete is et fo Keys and certficates that wil rce the user to register for anew certificate after 3 particular tng pevod. Shorter fetes init the ability of ttacers to cack them, but longer lifetimes have lower system overhead, ‘More sophisticated Pkt implementations perform automated and transparent kev updates to avoid the time ang expense ofthe users for eistration of new certificates when the older certificate expires ~ 50, certicate and key par should be managed because it has a lifecycle. ~ _Cerfcte management inoives administrating ad managing each ofthese phaves, including restrain, cers and key generaton, renewal, and evocation. 5.43. Certificate Authority (CA) Score can am etre nial dents and creating an electronic cocument known asa dig Ceriictewhichingcatethatindviduals ee who they say they are Saget statis a asocaton between the subjects denity and » publ . ey and privat keys stored separately eBid chines t Be of te sotunre, hardware, rocedues, poles, and Individual Sentties and generating the certiicates TOES Se IO aia = Hany on of above Components is compromised, can afec th en ean affect the CA negatively and can 7 ceratcatesit produces lyand can threaten the integrity ofthe ~ Conca Pract Ststement (C3) owtnes how overt Maintain and transmit cerificates, and w ey ne 5 thatthe CA mu Ce hy the CA canbe trusted to ful slows bo rasd te al Hic ng he te, be ure Ww : 44 Registration Authority (Ra) This component accepts a request for » authenticating the person requesting the co ee etork and Information Securty aasisre) “k 19 Netw Laws & Standards The server constructs and populates the pubiickey with the resulting Alga cor ica certiicates. The cerfiate nee neat inlrmaton, {it combines the user’ te is then digital 1e user's ly Signed with CA’s private key. fal certificate a tiflcate and it performs the necessary steps for registering and rtificate. The authentic _ come as . : uthentication requirements are depend on the type of ifferent CA's. Generally, there are following three different {| Glass 1: Generally, this is used to verity an individual i : 's identity through e-mail. A person who receives a Class 1 certificate can use their public/private key pair to digitally sgn e-mail and encrypt message contents Glass 2 : This may be used for software signing, Generally, sofware vendors will register for this type of certificate, so they can digitally sign thei software. This will provide integrity for the software after itis developed and released, and it will allow the receiver of the software to verify originality ofthe software, Class 3 : This type of certificate may be used by a company to set up its own certificate authority, which will allow them to carry out their own identification verification and generate certificates nternaly. =~ Every higher class can carry out more critical and powerful tasks so the different classes have different requirements lassesit provides > ery CA will summarize the certification classesit provi For Class 1 : Name, Email Address and physical address are necessary. re additional data like Drivin license, Passport and company information. For Class 2 : It requi more information and person may need fo Vsit Ra's office for face to face meetings For Class 3 : It may reat 1s and the identification requirements that must be meet to obtain each type of certificate. 545 X.509/PKIX Certificate Format ~ The X.509 certificate format is the most Wi belongs to the user > X509. certificates are used in Secure Sockets Layer (SS-) 5 ‘40 X09 certificate tssued it. standard i ° ety accepted format for pubic Key certificates to very that a public Key tc security applications, inching IP Security (SEC, ee elas in e-Business applications. scactions (SET), and S/MIME, as W A noe a Lo which a certificate is issued and the identity that ‘about the identity & judes en 509 certificate ind rank stinclude| ee inate wi ites wat cata the cerns mus include). 0 the ce jon apples the certificate umber that dlstinguishes i om Version : Which X509 Ver vecanign 9 sera mumbo at tng eatin Serial number : The ident other certificates renation = ™° ign the certificate. wy te issuer t05 Algorithm inforsi @_Valldty period f the certificate: ° tye cpt names The name ofthe entity te cerca a abject publ hey lformation : The publi key assocated with B (0 Eatersions options) tssued to. the identity COE So wre WOT 7 Maca‘go usa3shs 21W0UODS ena 2° uonanasep injasodind e E euon r neu 303 suppey yo 0 saunoue st 31+ BeI0G uy Bupppey yo adr 42104 sueaw | aus gam uonesodso0 40 quauiusano8 €40 3 oo 0 yeap 1098 © payseds ayeindas 03 359q yo AydesSousod seu sdnoi8 ade pue seuepunog yeuoneusa i usoqu YL “1239 ‘mot 3nq “BuUD PIO, stp 10} wmpaus MU group: AudesBOWOd UIUQ 5 asurese smey ove 2/041 Sunnqunsia “AydesBou1od pyy> Bunngussip 40 1yanU09 J3U}O ayy ym ypiyea Buppey sujeBe 20ua}oln 95m 2 ‘asneo sea} 18 40 ‘Ayadosd 20 suosiad 35u tey ynous asned 3502} 3 a j spay ayerauad 0} Ww up 5) ws joayno ujeu Sy: wig ous) asned 03 pouBlsap 51 Buppey jo swe Jo auwoodno Weus 2u -spayyuiuiod ase “239 “wistu0s3} ‘prey 2x9 aw s09fo yo suo) so4no uonym Aq 22 au 5:1 ‘os 352228 \pns Jo asn pazuotnneun Bupjeus Sur yAduiod e 02 $2028 eBay SulUleB Jo De a4 03 Pa es € ‘BWOs pue YOMIDU 10 WO sAdo> Aq paraayo1d ‘asn ay sanjonur yeua exep ayenud 10 foesid yo adky Aue se uMoU tgoq yeusewuy axp pue seinduso> jeuossad ayy -yeraxew payBiskdoo Suudoo 4o 39e aun 03 payejad si SIyL : ADEd TZ P2soWWOD-2, YonpUOD 0} Ayjige sassauisng idrusip aD Syl :jeDUEU “T oUsDIU] atp 40 sBupjOM jeny>e aypadusip o1 siduaNe anjonul yeu SowILD sau 33e as94L “Senmpafgo [eonod 10 youd sayy 404 eyep SUEY Apreioqyep suone7ueBioquauiuo%08 40 suoneod.oo UNM SlenpIMipul saAjoAU AULD Jo adAa sip Jo-edso\ROWN S1 py AgjuuAuoue annejas a re ea ae IW r MH Teanu9 242 2Nq ‘SWRI ayDeds YM sauiLD ayoads aze SOUL aWOS uy ‘Pnely a4] sown paseq uomesuen ase asau you Sano pue Suuapune| Aauou ‘Azeuid jeusip ‘Aydessowod NOP!JO SuilD 3uWOU8 ain si wnnsads aya yo pua siuIIe OY TENPIAIpU 40 Wy © jewry>ey LO} Act io a ue soucwsodap Feu joy uoneWos4 jo AaiB94y oxy Ss cu oan bcd aaa ; Teuossod 9 WORE} JeAUBWEpUr BAoRU eK) Sau aue puD auo ay a aces IANDe Jo ArBUEA & ssone sadue auDseyO3544 9Yf UI pasodxa ay ays a) 40 Bundwoid Aue snouym py IAEI2UINA aun sed94 o ue A anos Bury2ey sae punoy oy s © 471 NOIdxa pines ay suia%shs a S143 J0990y Jo pury ay 30U feu 40 Kew 2} “\210; os pue ‘adewep © Ie woy a8ues ued sasodund sop) Spomau e se Yons ABojouysay Jo asn aip m sworshs Auuno9s somndwo> eu) Buea, $208 94 sonauaym asodind snomyew e sey ay pue Jo PPen ese UNOLY Oe 5 SPP Joadh SUL eH ORE “s29924 [P2142 Ue Se UMOUY ospe 515150) uoNenauad pue suoWSsaSse mas annoarosd qwasaid e (awn ayy ye) ayqenduadus 40 aye 152) UOResDUad UaRa 40 SPjaIYS pue SrOUdD AILNDOS 11 UMO JOM JO 5 241 snd 0} Uem oym sanjaswayr swadxa Ayinoas axe s1a,9eY yey ByYM Jo soquINU OBL} e 42e) U ‘AunD—5 Cul sye019 ay JoNDUDYM asod,nd snorD}eW!-UOU sey OY BUODWOS 5] SIB%PeY Jo O4A) S20p yeu Jey ayYM Ys} 3N0 359) 03 pasty Ayery!2ads 6 a Jee ssasn yausaqut jo st wosy susay! Jo sadAy asoyp jeays 0) 9]qe axe s1OyDeY “saseq “Uonrewi9ju) jeuosiad say0 pue ‘spsomssed yous93U)‘ssaqunU ps9 PO1> nua ue Aonsap 40 umopanys ued reYI Sas10H elo, 91,9p10 ut paronpuo> uayo axe suotsnatul says "worshsseul ’S2I4 2405 y apie IPE pnw jo sosod 1019 130 “AydlesBousod piy> pas2p!suo> 24 sod p2s2p1sua2 2d 02S vas rencas xoxo ut Panton UO/PH ae jaBleul! 243 40§ PENI 149 30 SaBeuy p kems0d 30 1OI4X2 2218 Sop, uy -uauPIt sase2 aos Uh sBousod PII JO SUD ayy uy Aude “Aydesdowiod pup yo wu} © par ‘uoissassod ays sepnPut AU ‘voranpoid ‘40! 40 soBew ydesBousod jo aes 10 vonnaunsip eo (Pee BEM TES) eS AydesB0Ud0d 109K gee wom axe Bupyersioqho 40 SuIRDIA ayy -uaspiiyp pue Uat saerss9q4o 243 “Ayensy whan soup smouy 40241625309) 1 uosiad ayy sexew pue WI 10} PaUI22U09 JO plewe j22} UOs! pue soysqam eypaus 120s 9s S1941235:9q49 AjeadAy 1 pue sasn e ayepruunut 0 soujdue y>s€8s PUE Ajonut BUI}.919q/0 Jo Pury 5 ewe pue saB quo asn e 03 parsaiqns s{sasn auy azaym waUssseseY aUIUO SAAIONU! SULDIEGAD JO Pury sy) _ ‘yew pue saBessaw auyuo asn ‘SONNE 104.10 fe auyjuo uosiad e BuIMo}|oJ SanjOnUI BuDyTeysH 4 514 Buyprpou ‘wr ay moyoy Avena yim 09/21 UL “AsNOWAUOUE OUy Tr aah juowssee} 40 Bupessioqfg yge {aiNI9 20 ‘meig fa109 ‘asaqurarg aqopy ‘doysoroyd aqopy se Y- ue jnyiemod 0 Ayiqeyene ayy yum saumaid poi jemyjos Butssazoud aamid aiqepoye "yawn Amnuap! pue A:9B104 2]UONND—}9 anjoAUI AeW 3] — “98e fevBip sun ur ana 198u0} 0 “fem auios ut pasor2op usaq aney rey3 saBeuH! ods 01 suewny 248 40 e24e fue asneseq Sunyonoai Jo sueaus jeuopuenucs cya DIN Fene Ue 40 UBUBKOAUaNRIMoYM Lana 40 “SaBeU qua2ouuy Woy, Poie2®? 24 ut2 npuad yoydra Ajenxas ul panjonu (Aydesousod PHD) UosPI Jo sae ‘ojdusexa 104 “i0Ude Md 2G0PY se Yons) axemyos Bulssenoid unphue asouye saye ue> suo (aio Sumpid arqepsoye ‘inyamod jo Ay ‘med [8109 ‘s1onw014 aqopy ‘doysoro AE OLN YIM Puy “Saka s tamara a ue : cape “©79[EN81P 48 w any aM “Aepo4susay PYOHAIUNED 10 SUBLINDOD pay = aaa 18430 uon>npo.d axa apnpuy he mej IndtUeU 40 Suaye A124 J0 auiud aya se Pauyap uaaq sey A100— £ bs Be pis S¥21u29 JO.NU09 owen ste “SUerd Jamod ‘suope JESU Ase “Ansny funjueg ayn 23s gm ayo soqhcy "I p | STenPwipur Ov wey feoshud asnes o1 paufisap Andra a1e Spee wis saghs, “wel aeyun ”. WeYodui! Wes 07 saps0 UI Uossad € anla2@p 0} spuayu yey auZIaqAD € 8quZsap 0) pasn way jesus © pm Yatn Anuap! yBnosys “uoneuoju! annisu95 49410 pue ‘AyuNoas |eDOs ‘sped gap ‘SPIE pa; n Jnoge exep ‘spuomssed BuIpnppul ‘evep [euossad jears sjeuyLdsaqA> YDIYM Ut pes Jo WHO} yp a 28 , Temas uy panjonu ase day “tn Jeadde 2! yew 01 paxaye axe uaspyD jes Jo sydedon ‘SpiepueIS @ SME] Jeqko “AUNOGS YOMIONane sou ate snowen a aah jaye £@ 0002 Py au Aa Ps oy 1124 saauayo yeuad se pase pue yuauuosuduy ym aygeysiund s22u2}0 sa up se UmOU St annua saydeyp ayesedas e sey 71 29949 21 i a jund wowuosaua e 332819 03 5129 jus ous “219045! 101 say sup yo annefgo ut sop smo Ard spieog unajing pue siaueny) © sdnoi8 uojsnosq © 2M aM PLOM © Parqunuoo 29 ueo uonewejap soq/o Yotym fq sumipaui ale BuMOxO}HL = “poysignd uaag sey uonewout x8 uodn Supuedap Anuno9 e jo Awouone axa uo wed YM © Se Aur 1us09 tp 40 azeyiam ayy syoaye uoneweyap 12g) ~ 98 wou ssurede wna 249 pue paysygnd ui SY 05 we jenpwppu aya jo Aarau you pue ue pessdsapy ‘4AM 112038 a4 30 sahg 242 Ul apew uaag sey wuawarers a4 OM 99 38nw uaUEReS Aone, FP 241 Sunjew uosiad aug so uonuata pan pun any pue s44 Pu® 0006 OI Pue ogggz a3iK Peres, Ol BC bes week Re Sue SAL PMOL EINES @ 04 wnaee M10 ayeme AND} 9 01 paou ™o%d 10 wevoduy ue shed Auno9s one ——___ ae Spiepueyg oouryduiog 7g “suonen Ingo “UorstusUeN shu “Bupyey Be sN090 SOILD auyUO awos Auadosd (mi) “orem jos payend pue ‘ws0410), Pey 9PMPUL WOUUaROS yD IsUIeHE soUILD.aqAD Hono OYA YSUFee PanyAWHOD 51 BWIHD 49qA9 # UOMAA wouuarog (1) “youn Aynuapy ‘Buyoods Bupyyen IssexeY 49GA BPN) SOUP OSI. uewiny ‘pnesy pied pao Jenpiaipuy asuyede ows) (I) + sopofiaye9 sofew 9934) O14} Papialp aq wed SOUND I9GAD souobeey 79'9 ‘soumyeuis yendig put 3u0N913 Aonnna pn vonemala NEG. 9g ‘Aadoug eno ieon zion yoo 5 Aueduioa aun adh seoned dura sassauppe y= “ypeaiq nus pue yous aqustuts 03 51 SINSIJO OBL = uonewuoju 0 sassanoid yeuosiag 0 10} a4 SOAJORU SINS — a1 99y01d 0150930 wa sonar, arcs, sence pene xd 02 51 SWI 40 annaafgo ulew aH unde pue sysey aus (anosdult uawaBeuew ayy yey spoyraus pue SWAWNIISH unisks qwowadeveyy Aunoes uopeuionl YE pe wey sate" ysasiay 6 ye ony -(syisi) warshs wuawaBeuen MUO onsyn 483 8 4 th pues 4 ¥ hyn UORe yn ‘ ya duyeap wayshs uawadeuew ayy jo Hed au c GW) Wash wouobeueW Aunseg uoReUUojul pue BuQUEWeIdULmental international hed in year 1997. It is ne estab {| Telecommunication sion (IEC) and the Inte ‘The International Organization fr standard (150) 6 CY _ body that collaborates with the International Electrotechnical ree Union (Ty) on information and Communication Technol0BY (cr) 180 27001 describes following processes : Definition of information Security Policy Definition of Scope of ISMS Security Risk Assessment Manage the identified risk Select controls for implementation a ek wy Prepare SoA (Statement of Applicability) 1SO 27001 uses POCA (Plan-Do-Check-Act) approach and this is used to improve the effectiveness of [{ mantain ana improve 1SMS or TX Co JB Monitor and Review SMS information securityphase includes: bina = ‘Carrying out everything that was planned during the write and implement Risk treatment plan, oe: implement applicable security controls. ‘creck : The purpose of this swhetherthe results meet the set objectives, ing of the ISMS through various “channels, and ch : and check itor different san Pc processes and take regular reviews of effectiveness of ISMS. ‘conduct internal audits. © nets The purpose of this phase isto i “natin phase isto improve everything that was id : 1 previous phi implement identified improvements in SMS. i __ Take corrective actions and preventive actions — communicate with stakeholders about activities and improvements. yws selection of objectives and controls of security which shows the unique security risks and ion is used to prepare SOA and then SoA is used to prepare Risk Treatment Plan. ISMS can De requirements. sdiered by successful implementation of this plan. 73 1SO 20000 Tian E Describe ISO 20000. oss (war, 4Marks) so 20000 is an industry standard like 'SO 9000/900 catification. 1, and like 150 9000/9001, ISO 20000 offers ora rr while establishing audit criteria, It also provides ws IT how to manage and im = 150 20000 standards shot idard to use for measuring IT c auditors with a documented stan tals but 1S 20000 is an orgart ‘onal certification with international | The mt offers certifications for Individ recognition. “ cally developed to use best practice guidance provided in ITIL framework. mber 2008. standard was = 180 20000 was basic: developed/ published in Dece cesses and provides assessment tera Ie defines the ps i er pera ynizational certification uses for those WhO 2 = 150.2000 have two specifications © 180 20000-1 is the sP ‘and recommendation: this section. > tRincludes following sections * 1. Scope 2. Terms and Definitionsvend, several governments have stated that 10 20000 is. requirement for outsourced IT se recognizes the value of ISO 20000, more and more companies Fo 10000 certification. ‘equite their partners and vendors to reach ISO {50 20000 also inclides more than Service Delivery and Service Support. and the business; as sas Gaer udes sections on managing suppliers Management. 50 20000 can assist the of demonstrating an ability to meet ‘Some of the most common benef offers compet on by demonstrating rel 2. Wteives acces demons service providers jons in the public sector mand e compliance wi 3. Itprovides assurat 4, It enforces a meas roverent by enabling service providers to services. 5, Itdrives down the 6. Ithelpsleveray 57.4 BS 25999 = Natural disaster resume business 4 = The Bs 25999 standard i © BS25999-1is a Code of P 0 BS 25999-2's a speci operating and improving a 8CM System (BCMSAR te bees einen of, BCM in the organization: SESE esbily when foced with organizational treat Smemoned competence to maintain critical business services through action pln oan cue eee > _ Shhaness copabiltyto handle disruption and protect brand reputation when incegrated wi - use organization is using a SF Sonsumers i provides : Confidence and trust in the organization’s mein msssten standardized and robust method to assess, monitor and reduce the 'SS 25999 can be used by any org potential risks which may affect their they are prepared to reduce and recover quickly from ‘wants to ensure they are 7.5 PCIDSS “The Payment Card Industry Data Security: indard (PCI DSS) is administered by the PCI Security Standards Council ret and increase credit card data jayment card fraud across the internet e of the Standard is to decrease pay ‘The purposé security. tations that sore ansmi or proces card holder data must comply with PC! DSS. Compliance is regulated and esi 2 chant account “a Pp errr wii cis ny coe tion must have a merchant account. enfore stores cardholder data, hant have subcontracted all PCI DSS at ave the res ensuring all the contracted parties are com, third party, merchant have the resp ensuring all the contracted p: rT standard. transmit or store e: Ming @ software developer, the PCI DSS applies to service provide nt, oF his activities affect the security of the cardholder data Processed, transmitted or stored, ITGovernance can ads onthe applicability ofthe Pc Dss to the organization, 'ole of organization, ‘Or to a subset of the. Organization that ‘transmits or stores the cere dt aveyfomtheretoftheogonnsn, Fee peck, causa tecmooge See rahe the procesing enemies oF storage of cardholder data, ” ome IS not ust the electronic systems by * Includes al systems includ saper ll inctudi Sftems including paper records ‘Such as receipts, mail forms ove conversations, they capture “rdholder data being read out to call centre operat tors,gard basically requires all applicable rorage, processing OF tral Merchants and Member Service Provi Insmitting of cardholder data to. iders (MSPs) who are involved with, d the secure network using firewall ete and maintain it. the stored data of cardholder protect cardholder and transmission encryption to and from the data center : data center across public ‘Maintain 2 program for management of vulnerabili nerability usit en ity using anti-virus software and using patches to secure implement strong access control by restricting the data access of cardholder, by using unique Ds nd access restrictions to the data center and the managed servers ci {Monitoring and testing networks on regular basis by loging and menitrng acres 12 network resources / ‘cardholder data and regula testing of security systems and processes. Theresa need for an up to date and detaled Information Security Policy hence maintains It “516 ITIL Framework mae (6 -47,6 Marks) | iiaaatte im. tromewor Din the early 1980s, the evolu centralized IT organizations to di technology moved from mainframe-centic infrastructure and of comp fted computing and geoera jphically dispersed resources | While the ability to distribute technology provides more flexbilty to the o inconsistent application of processes f technology delivery and SUPPOT: sects of an IT service lifecyde could assstn wn that gave FiSe einto the business of manatins sr services. jement. roach to service Manasemer! somes. series that custmers 2 directly utilize or consume = Miisanap that provides value £2 © A service is somethin are known as business service 0 Service Management i get of specialized ey uenera sed to consolidate nat capabilities for proving valve {2 6 mation, caelate compensation and generat = For example - structure’ services. An infrastructure ay cheque on 2 regular basi een Deonted Ua ares or it tor poy oe wo varies does not area mera wh wut nevertheless this in the backgroune ene service does its eee ofthe overall vale ‘chain tothe business Serice service is necessa"YP " a Network Security. Cyber Laws & Standards Network and Information intaraton’ and sarge administration’ are all examples of Infrastructure "Server administration, ‘database admin! ness service. Seevées aquired forthe succesful delivery of the Peyal business Se A ich as: IML can be adapted and used in conjunction with other Bed Practices Such 2 CCOBIT (a framework for IT Governance and Controls) Six Sigma (a quality methodology) TOGAF (a framework for IT architecture) 150 27000 (a standard for IT security) (© ISO/IEC 20000 (a standard for IT service management) ‘organizations have traditional focused on managing the infrastructure services and technology silos. ITIL suggests ° ° ‘a more holistic approach to managing services from end to end. ive manner ensures that every ith its underlying components in a ‘Managing the entire business service alon aspect of a service is considered so that the required functionality and service levels are delivered to the business ‘customer. ‘MiLis organized around a service lifecycle which includes : ice provi ‘of delivery is consistent with the value delivered to the customer. Rew and changed servic ‘expectations. The chitecture Part of service design, as are the processes tools to adequately moni for measuring | 3. Service transition : Through the into production to enable the bu: changes - cont — Management Of servic fe ron : measur and improve PYOCESSES Used in the overall= Following are the bene! Improve resource Justify the cost of service quality 3 Provide services that mect or exceed busines IML framework can be adopted by many types of ‘o_ Large technological companies Retailers ‘@._ Financial Services Organizations co Entertainment 2 Manufacturing © Life Sciences companies ete Fig. 5.7.3 :ITIL Service Life Cycle with TL framework‘The Control Objectives for informs ‘to business requirements, organizes resources to be leveraged and defines the dit and Control A = COBIT's a framework developed by ISACA (information System Auelt and Ci management and IT governance COBITis a set of guidance materials for ‘of generally accepted information technology ct professionals and assurance. = In COBIT, a control isthe policy, proc reasonable assurance that business detected and corrected, = Control objective is a statement of desired result or pur Particular activity. ‘The COBIT framework i based on t | ~ _Toprovide the information that the org {nand managing and cont the required enterprise information,‘ged controling information are at the heart of / the cosrr requirements. fomewor sal ne : are certain criteria that COBIT refers toas business requirements for information cs IT = Tats pesness proces: major tr It means that the information is 3 ffiency ation is optimal for productive as well as economical F use of resources. 1996 for 4, canientlty : means that the Informations protected from anauthorized on i F ; It means that the information is acc 4 testy curate and compete and valid for business, mational set nanagers, IT externally imposed business criteria as well as internal policies. ity : ft means that the information is appro ee 4. Reliability : It means that the informat jppropriate for management to operate the entity and apply evented of “ coBiT defines IT activ na ‘teqice and impleme’ the COAIT framework provides 2 reference process model and common languge for eveyone an eerie © view and manage IT activities. Ee I cect necessry and eary sep towards good governance ue of an operation model an] acou=222 language ch deliver forall diferent parts of the businessin IT with service providers rovide a structure to measure and monitor the performance of IT, communication corporation of best management. 1s and accountability tobe defined. ~ process model encourages process Om! jectives of COBIT which sho tents and resources of information components show quality, cost a5 xs. show efficiency, effectiveness and consistency of information as well 2 ary control _componet compliance. sie. cA it that need to be managed. They ‘within the COBIT framework, these Pa sacar comncl composts sows sou por To govern IT effectiveh ¥® usally ordered into the resP0™ Cemains are; ry domains of pianetwork Securty, Cyber Laws & Standard (05). This domain typically “Manage investment, quality, project, HRS. — Make sure compliance with external requirements. 2 Acquire and implement (Al) : Provides the solutions and passes them to be turned into services. — Recognize automated solutions. = Acquire and maintain application software and technology infrastructure. ~ Develop as wll a maintain procedures and manage changes. ~ Install and red the system. 3. Deliver and Support (DS) : Receives the solutions and makes them usable for end users. ~ Define service eves, © Mates tenes les thi pary series, performance, capacity, configurations, data, facies, operations, roblems andincidents ~ Ensure secuty of system, ~ Etat and/or train the user, provide assistance and advise tous ~ Recognize and aocate the cost ‘4. Monitor and Evaluate (ME) : Moni Monitor the process assess intFig. 87.5: 1T Governance domain ensuring the connection of business and IT pins, defining and ining as well ses on aligning the operations between IT and enterprise ry cyde. I also ensures that the red benefits against the strategy It concentrates 0° OPOTIINS costs and proving the intrinsic ments and the correet management f0F eal T and people. sement officers. It ES sparency of the m of the enterprise. It focuses on comp! mer Implementation of risk management PO n. i) Performance measurement : It t2ke5 2 follow up and rategic implementat resource usage, process rt of IT governance erformance measurement. COMIN t part of Tr governance w sf st: = The most importan ‘of T processes to deliver and the setting and monitoring of ‘measurable object way to deliver it rue and risks is one of the most transparency & primary achieved through performance measurement = operational management U#5* procesesto oat 1s all the proces process model that repress model understandable f° operational T 208 STE managers: The COBIT PIO ; Ber ernie (OOS er proving 3 bree” rn operational managers need 10 eH ives wish t0 gover” and manage ongoing acts cop provides @ generic jing a common reference 1odel has been mapped tO fecute and what ly found in Tfurions rows execut