Mahavir Education Trust's

Shah & Anchor Kutchhi Engineering College

UG Program in El
Electronics
ectronics and Telecommunication Engineering

MODULE – 6
SYSTEM SECURITY

INTRODUCTION
Computer data often travels from one computer to another, leaving the safety of its
protected physical surroundings. Once the data is out of hand, people with bad intention could
modify or forge your data, either for amusement or for their own benefit.
Cryptography can reformat and transform our data, making it safer on its trip between
computers. The technology is based on the essentials of secret codes, augmented by modern
mathematics that protects our data in ppowerful ways.

• Computer Security - generic name for the collection of tools designed to protect data and to
thwart hackers
• Network Security - measures to protect data during their transmission

• Internet Security - measures to protect data during their trans

transmission
mission over a collection of
interconnected networks

Security Attacks, Services and Mechanisms

To assess the security needs of an organization effectively, the manager responsible for
security needs some systematic way of defining the requirements for security and characterization
of approaches to satisfy those requirements. One approach is to consider three aspects of
information security:
Security attack – Any action that compromises the security of information owned by an
organization.
Security mechanism – A mechanism that is designed to detect, prevent or recover from a
security attack.
Security service – A service that enhances the security of the data processing systems and the
information transfers of an organization. The services are intended to counter security attacks and
they make use of one or more security mechanisms to provide the service.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

Basic Concepts
Cryptography The art or science encompassing the principles and methods of transforming an
intelligible message into one that is unintelligible, and then retransforming that message back to its
original form

Plaintext The original intelligible message

Cipher text The transformed message

Cipher An algorithm for transforming an intelligible message into one that is unintelligible by
transposition and/or substitution methods

Key Some critical information used by the cipher, known only to the sender& receiver

Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key

Decipher (decode) the process of converting cipher text back into plaintext using a cipher and a
key

Cryptanalysis The study of principles and methods of transforming an unintelligible message

back into an intelligible message without knowledge of the key. Also called code breaking

Cryptology Both cryptography and cryptanalysis

Code An algorithm for transforming an intelligible message into an unintelligible one using a
code-book

Cryptography
Cryptographic systems are generally cclassified
lassified along 3 independent dimensions:
Type of operations used for transforming plain text to cipher text
All the encryption algorithms are based on two general principles: substitution,
substitution in which each
element in the plaintext is mapped into another element, and transposition,
transposition in which
elements in the plaintext are rearranged.
The number of keys used
If the sender and receiver uses same key then it is said to be symmetric key (or)
single key (or) conventional encryption
encryption.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

If the sender and receiver use different keys then it is said to be public key encryption.
encryption
The way in which the plain text is processed
A block cipher processes the input and block of elements at a time, producing output block for
each input block.

A stream cipher processes the input elements continuously, producing output element one at a
time, as it goes along.

Cryptanalysis
The process of attempting to discover X or K or both is known as cryptanalysis. The
strategy
tegy used by the cryptanalysis depends on the nature of the encryption scheme and the
information available to the cryptanalyst.
There are various types of cryptanalytic attacks based on the amount of
information known to the cryptanalyst.
Cipher text only – A copy of cipher text alone is known to the cryptanalyst.
Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding
plaintext.
Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine.
ma They
cannot open it to find the key, however; they can encrypt a large number of suitably chosen
plaintexts and try to use the resulting cipher texts to deduce the key.

Chosen cipher text – The cryptanalyst obtains temporary access to th decryption

the
machine, uses it to decrypt several string of symbols, and tries to use the results to deduce the
key.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

SECURITY SERVICES
The classification of security services are as follows:
Confidentiality: Ensures that the information in a computer sy
system
stem a n d transmitted
information are accessible only for reading by authorized parties.
E.g. Printing, displaying and other forms of disclosure.
Authentication: Ensures that the origin of a message or electronic document is correctly
identified, with an assurance that the identity is not false.
Integrity: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating
and delaying or replaying of transmitted messages.
Non repudiation:: Requires that neither the sender nor the receiver of a message be able to deny
the transmission.
Access control:: Requires that access to information resources may be controlled by or the target
system.
Availability:: Requires that computer system assets be available to authorized parties when
needed.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

SECURITY MECHANISMS
One of the most specific security mechanisms in use is cryptographic techniques.
Encryption or encryption-like
like transformations of informa
information
tion are the most common means of
providing security. Some of the mechanisms are
1 Encipherment
2 Digital Signature

3 Access Control

SECURITY ATTACKS
There are four general categories of attack which are listed below.

Interruption
An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on
availability e.g., destruction of piece of hardware, cutting of a communication line or

Disabling of file management system.

Interception

An unauthorized party gains access to an asset. This is an attack on confidentiality.

Unauthorized party could be a person, a program or a
computer.e.g., wire tapping to capture data in the network, illicit copying of files

Sender Receiver

Eavesdropper or forger

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

Modification
An unauthorized party not only gains access to but tampers with an asset. This is an attack on
integrity. e.g., changing values in data file, altering a program, modifying the contents of

messages being transmitted in a network.

Sender Receiver

Eavesdropper or forger

Fabrication
An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity.
e.g., insertion of spurious message in a network or addition of records to a file.

Sender Receiver

Eavesdropper or forger

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

Cryptographic Attacks

Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted. Passive
attacks are of two types:
Release of message contents: A telephone conversation, an e-mail
mail message and a transferred file
may contain sensitive or confidential information. We would like to prevent the opponent from
learning the contents of these transmissions.
Traffic analysis: If we had encryption protection in place, an opponent might still be able to
observe the pattern of the message. The opponent could determine the location and identity of
communication hosts and could observe the frequency and length of messa
messages being
exchanged. This information might be useful in guessing the nature of communication that was
taking place.
Passive attacks are very difficult to detect because they do not involve any alteration of data.
However, it is feasible to prevent the su
success of these attacks.

Active attacks

These attacks involve some modification of the data stream or the creation of a false stream. These
attacks can be classified in to four categories:

Masquerade – One entity pretends to be a different entity.

Replay – involves passive capture of a data unit and its subsequent transmission to produce an
unauthorized effect.
Modification of messages – Some portion of message is altered or the messages are delayed or
recorded, to produce an unauthorized effect.
Denial of service – Prevents or inhibits the normal use or management of communication
facilities. Another form of service denial is the disruption of an entire network, either by disabling
the network or overloading it with messages so as to degrade performance.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

It is quite difficult to prevent active attacks absolutely, because to do so would require physical
protection of all communication facilities and paths at all times. Instead, the goal is to detect them
and to recover from any disruption or delays caused bby them.

Symmetric and public key algorithms

Encryption/Decryption methods fall into two categories.
Symmetric key
Public key
In symmetric key algorithms, the encryption and decryption keys are known both to sender
and receiver. The encryption key is shared and the decryption key is easily calculated from it.
In many cases, the encryption and decryption keys are the same.
In public key cryptography,
yptography, encryption key is made public, but it is
computationally infeasible to find the decryption key without the information known to the
receiver.
A MODEL FOR NETWORK SECURITY

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

A message is to be transferred from one party to another across some sort of internet. The two parties,
who are the principals in this transaction, must cooperate for the exchange to take place. A logical
information channel is established by defining a rroute
oute through the internet from source to destination
and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals.
Using this model requires us to:
– design a suitable algorithm for the security transformation
– generate the secret information (keys) used by the algorithm
– develop methods to distribute and share the secret information
– specify a protocol enabling the principals to use the transformation and secret information
for a security service

MODEL FOR NETWORK ACCESS SECURITY

Using this model requires us to:

 select appropriate gatekeeper functions to identify users
– implement security controls to ensure only authorized users access designated
information or resources

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

• Trusted computer systems can be used to implement this model

CONVENTIONAL ENCRYPTION
• Referred conventional / private
private-key / single-key
• Sender and recipient share a common key

All classical encryption algorithms are private

private-key
key was only type prior to invention of public-
public
key in 1970‟plaintext - the original message
Some basic terminologies used:
• cipher text - the coded message
• Cipher - algorithm for transforming plaintext to cipher text
• Key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to cipher text
• decipher (decrypt) - recovering cipher text from plaintext
• Cryptography - study of encryption principles/methods

• Cryptanalysis (code breaking) - the study of principles/ methods of deciphering cipher text
without knowing key
• Cryptology - the field of both cryptography and cryptanalysis

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

Here the original message, referred to as plaintext, is converted into apparently random nonsense,
referred to as cipher text. The encryption process consists of an algorithm and a key.
ke The key is a
value independent of the plaintext. Changing the key changes the output of the algorithm. Once the
cipher text is produced, it may be transmitted. Upon reception, the cipher text can be transformed
back to the original plaintext by using a decryption algorithm and the same key that was used for
encryption. The security depends on several factors. First, the encryption algorithm must be powerful
enough that it is impractical to decrypt a message on the basis of cipher text alone. Beyond
Bey that, the
security depends on the secrecy of the key, not the secrecy of the algorithm.
• Two requirements for secure use of symmetric encryption:
– A strong encryption algorithm
– A secret key known only to sender / receiver
Y = EK(X)
X = DK(Y)

• assume encryption algorithm is known

• implies a secure channel to distribute key
A source produces a message in plaintext, X = [X1, X2… XM] where M are the number of
letters in the message. A key of the form K = [K1, K2… KJ] is generated. If the key is
generated at the source, then it must be provided to the destination by means of some secure
channel.
With the message X and the encryption key K as input, the encryption algorithm forms the
cipher text Y = [Y1, Y2, YN]. This can be expressed as
Y = EK(X)
The intended receiver, in possession of the k e y , is able to invert the
transformation:
X = DK(Y)
An opponent, observing Y but not having access to K or X, may attempt to recover
X or K or both. It is assumed that the opponent knows the encryption and decryption algorithms.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

INTRUDERS
One of the most publicized attacks to security is the intruder, generally referred to as hacker or
cracker. Three classes of intruders are as follows:
 Masquerader – an individual who is not authorized to use the computer and who penetrates a
system’s access controls to exploit a legitimate user’s account.
Misfeasor – a legitimate user who accesses data, programs, or resources for which such
access
cess is not authorized, or who is authorized for such access but misuse his or her privileges.
Clandestine user – an individual who seizes supervisory control of the system and uses
this control to evade auditing and access controls or to suppress au
audit collection.
The masquerader is likely to be an outsider; the misfeasor generally is an insider; and the clandestine
user can be either an outsider or an insider.
Intruder attacks range from the benign to the serious. At the benign end of the scale, there
th are many
people who simply wish to explore internets and see what is out there. At the serious end are
individuals who are attempting to read privileged data, perform unauthorized modifications to data, or
disrupt the system. Benign intruders might be tolerable, although they do consume resources and may
slow performance for legitimate users. However there is no way in advance to know whether an
intruder will be benign or malign.
An analysis of previous attack revealed that there were two levels of hack
hackers:
The high levels were sophisticated users with a thorough knowledge of the technology.
The low levels were the ‘foot soldiers’ who merely use the supplied cracking
programs with little understanding of how they work.
one of the results of the growing awareness of the intruder problem has been the establishment of a
number of Computer Emergency Response Teams (CERT). these co
co- operative ventures collect
information about system vulnerabilities and disseminate it to systems managers. Unfortunately,
hackers
rs can also gain access to CERT reports.
In addition to running password cracking programs, the intruders attempted to modify login software to
enable them to capture passwords of users logging onto the systems.
Intrusion techniques

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

The objective of the intruders

truders is to gain access to a system or to increase the range of privileges
accessible on a system. Generally, this requires the intruders to acquire information that should be
protected. In most cases, the information is in the form of a user password.
Typically, a system must maintain a file that associates a password with each authorized user. If such a
file is stored with no protection, then it is an easy matter to gain access to it. The password files can be
protected in one of the two ways:
One way encryption – the system stores only an encrypted form of user’s password.
In practice, the system usually performs a one way transformation (not reversible) in which the
password is used to generate a key for the encryption function and in whi
which
ch a fixed length output is
produced.
Access control – access to the password file is limited to one or a very few accounts.
The following techniques are used for learning passwords.
Try default passwords used with standard accounts that are shipped with the system.
Many administrators do not bother to change these defaults.
Exhaustively try all short passwords.
Try words in the system’s online dictionary or a list of likely passwords.
Collect information about users such as their full names, the name of their spouse and
children, pictures in their office and books in their office that are related to hobbies.
Try user’s phone number, social security numbers and room numbers.
Try all legitimate license plate numbers.
Use a torjan horse to bypass restrictio
restriction on access.
Tap the line between a remote user and the host system. Two principle countermeasures:
Detection – concerned with learning of an attack, either before or after its success.
Prevention – challenging security goal and an uphill bottle at all tim
times.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

INTRUSION DETECTION:

Inevitably, the best intrusion prevention system will fail. A system's second line of defense is intrusion
detection, and this has been the focus of much research in recent years. This interest is motivated by a
number of considerations,
siderations, including the following:

1. If an intrusion is detected quickly enough, the intruder can be identified and ejected from the
system before any damage is done or any data are compromised.

2. An effective intrusion detection system can serve as a deterrent, so acting to prevent intrusions.
Intrusion detection enables the collection of information about intrusion techniques that can be used to
strengthen the intrusion prevention facility.

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a
legitimate user in ways that can be quantified.

Figure 18.1 suggests, in very abstract terms, the nature of the task confronting the designer of an
intrusion detection system. Although the typical behavior ooff an intruder differs from the typical
behavior of an authorized user, there is an overlap in these behaviors. Thus, a loose interpretation of
intruder behavior, which will catch more intruders, will also lead to a number of "false positives," or
authorizedd users identified as intruders. On the other hand, an attempt to limit false positives by a tight
interpretation of intruder behavior will lead to an increase in false negatives, or intruders not
identified as intruders. Thus, there is an element of co
compromise
mpromise and art in the practice of intrusion
detection.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

identifies the following approaches to intrusion detection:

Statistical anomaly detection:: Involves the collection of data relating to the behavior of legitimate users over
a period of time. Then statistical tests are applied to observed behavior to determine with a high level of
confidence whether that behavior is not legitimate user behavior.
a. Threshold detection: This approach involves defining thresholds, independent of user,
for the frequency of occurrence of various events.
b. Profile based: A profile of the activity of each user is developed and used to detect changes in the
behavior of individual accounts.
1. Rule-based detection:: Involves an attempt to define a set of rules that can be used to decide that a
given behavior is that of an intruder.
a. Anomaly detection: Rules are developed to detect deviation from previous usage patterns.

b. Penetration identification:: An expert system approach that searches for suspicious behavior.
In terms
erms of the types of attackers listed earlier, statistical anomaly detection is effective against

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

masqueraders. On the other hand, such techniques may be unable to deal with misfeasors. For
such attacks, rule-based
based approaches may be able to recognize
ize events and sequences that, in context,
reveal penetration. In practice, a system may exhibit a combination of both approaches to be
effective against a broad range of attacks.
Audit Records
A fundamental tool for intrusion detection is the audit record. Some record of ongoing activity
by users must be maintained as input to an intrusion detection system. Basically, two plans are used:
Native audit records:: Virtually all multiuser ooperating
perating systems include accounting software
that collects information on user activity. The advantage of using this information is that no additional
collection software is needed. The disadvantage is that the native audit records may not contain the
needed
ed information or may not contain it in a convenient form.
Detection-specific audit records
records:: A collection facility can be implemented that generates
audit records containing only that information required by the intrusion detection system. One
advantage
vantage of such an approach is that it could be made vendor independent and ported to a variety of
systems. The disadvantage is the extra overhead involved in having, in effect, two accounting packages
running on a machine.

Each audit record contains the

he following fields:
Subject: Initiators of actions. A subject is typically a terminal user but might also be a
process acting on behalf of users or groups of users.
Object: Receptors of actions. Examples include files, programs, messages, records, terminals,
termi
printers, and user- or program-created
created structures
Resource-Usage:: A list of quantitative elements in which each element gives the amount
used of some resource (e.g., number of lines printed or displayed, number of records read or written,
processor time,
ime, I/O units used, session elapsed time).
Time-Stamp: Unique time-and
and-date
date stamp identifying when the action took place.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

Digital Immune System

i. The Digital Immune system is a comprehen

comprehensive
sive approach to virus protection developed by IBM. The
motivation for this development has been the rising threat of Internet
Internet-based
based virus propagation.
ii. Traditionally the virus threat was characterized by the relatively slow spread of new viruses and new
ne
mutations. Antivirus software was typically updated on a monthly basis and this has been sufficient to
control the problem.

Figure 6.1 Digital Immune System

iii. Also traditionally, the Internet played a comparatively small role in the spread of viruses. Two major
trends in Internet technology had an increasing impact on the rate of virus propagation in recent years:
 Integrated Mail Systems: Systems such as Lo Lotus
tus Notes and Microsoft Outlook make it very simple to
send anything to anyone and to work with objects that are received.
 Mobile-Program
Program Systems: Capabilities such as Java and ActiveX allow programs to move on their
own form one system to another.
iv. In response to threat posed by these Internet
Internet-based
based capabilities, IBM has developed a prototype
digital immune system. The objective of this system is to provide rapid response time so that viruses can
be stamped out almost as soon as they are introduced.
v. When a new virus enters an organization, the immune system automatically captures it, analyzes it,
adds detection and shielding for it, removes it and passes information about that virus to systems running

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

IBM antivirus so that it can be detected before it is allowed to run elsewhere.

vi. The operation of digital immune system as follows:

 A monitoring program on each PC uses a variety of heuristics based on system behaviour, suspicious
changes to programs or family signature to inform that a virus may be pr present.
esent. The monitoring program
forwards a copy of any program thought to be infected to an administrative machine within the
organization.
 The administrative machine encrypts the sample and sends it to a central virus analysis machine.
 This machine creates an environment in which the infected program can be safely run for analysis.
Techniques used for this purpose include emulation, or the creation of a protected environment within
which the suspect program can be executed and monitored. The virus analysis machine
m then produces a
prescription for identifying and removing the virus.
 The resulting prescription is sent back to the administrative machine.
 The administrative machine forwards the prescription to the infected client.
 The prescription is also forward
forwarded to other clients in the organization.
 Subscribers around the world receive regular antivirus updates that protect them from the new virus.
vii. The success of digital immune system depends on the ability of the virus analysis machine to detect
new and innovative
nnovative virus strains.
viii. By constantly analyzing and monitoring the viruses found in the wild, it should be possible to
continuously update the Digital Immune System software to keep up with the threat.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

Write short notes on Firewall and their design principles.

Ans Firewalls can be an effective means of protecting a local system or network of systems from
network-based
based security threats while at the same time affording access to the outside world via wide area
networks and the Internet. We begin this chapter with an overview of the functionality and design
principles of firewalls. Next, we address the issue of the security of the firewall itself and, in particular,
the concept of a trusted system, or secure operating system

Firewall Design Principles

Information systems in corporations, government agencies, and other organizations have undergone a
steady evolution:

Centralized data processing system, with a central mainframe supporting a number of directly connected
terminals

Local area networks (LANs) interconn

interconnecting
ecting PCs and terminals to each other and the mainframe

Premises network, consisting of a number of LANs, interconnecting PCs, servers, and perhaps a
mainframe or two

Enterprise-wide
wide network, consisting of multiple, geographically distributed premises networks
n
interconnected by a private wide area network (WAN)

Internet connectivity, in which the various premises networks all hook into the Internet and may or may
not also be connected by a private WAN

A firewall is a device installed between the internet network of an organization and the rest of Internet.
When a computer is connected to Internet, it can create many problems for corporate companies. Most
companies put a large amount of confidential information online. Such an information should not be
disclosed to the unauthorized persons. Second problem is that the virus, worms and other digital pests
cann breach the security and can destroy the valuable data.

The main purpose of a firewall is to separate a secure area from a less secure area and to control
communications between the two. Firewall also controlling inbound and outbound communications on
anything
ything from a single machine to an entire network.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

On the Other Hand Software firewalls, also sometimes called personal firewalls, are designed to run on a
single computer. These are most commonly used on home or small office computers that have broadband
access, which tend to be left on all the time.

A software firewall prevents unwanted access to the computer over a network connection by identifying
and preventing communication over risky ports. Computers communicate over many different
recognized ports, and the firewall will tend to permit these with
without
out prompting or alerting the user.

Firewall

A firewall can serve the following functions:

1- Limit Internet access to e--mail

mail only, so that no other types of information can pass between the
intranet and the Internet

2- Control who can telnet into your intranet (a method of logging in remotely

3- Limit what other kinds of traffic can pass between your intranet and the Internet .

A firewall can be simple or complex, depending on how specifically you want to control your Internet
traffic.
raffic. A simple firewall might require only that you configure the software in the router that connects
your intranet to your ISP. A more complex firewall might be a computer running UNIX and specialized
software.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

Firewall systems fall into two categorie

categories

• network-level

• application-level.

Network-Level Firewalls

It can be used as packet filter. These firewalls examine only the headers of each packet of information
passing to or from the Internet. The firewall accepts or rejects packets based on the packet’s sender,
receiver, and port. For example, the firewall might allow ee-mail
mail and Web packets to and from any
computer on the intranet, but allow telnet (remote login) packets to and from only selected computers.

Packet filter firewall maintains a filtering table that decides which packets are to be forwarded or
discarded. A packet filter firewall filters at the network or transport layer.

As shown in fig. the packets are filtered according to following specificat

specifications
ions :1. Incoming packets from
network 124.56.0.2 are block (* means any).
2. Incoming packets destined for any internal TELNET server (port 23) are blocked.
3. Incoming packets for internal host 156.255.7.8.8 are blocked.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

4. Outgoing packets destined for an HTTP server (port 80) are blocked i.e. employees of organization are
not allowed to browse the internet and cannot send any HTTP request.

Application-Level Firewalls

These firewalls handle packets for each Internet service separately, usually by running
runni a program called a
proxy server, which accepts ee-mail,
mail, Web, chat, newsgroup, and other packets from computers on the
intranet, strips off the information that identifies the source of the packet, and passes it along to the
Internet.

When the replies return,

turn, the proxy server passes the replies back to the computer that sent the original
message. A proxy server can also log all the packets that pass by, so that you have a record of who has
access to your intranet from the Internet, and vice versa.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security
 Mahavir Education Trust's
Shah & Anchor Kutchhi Engineering College
UG Program in El
Electronics
ectronics and Telecommunication Engineering

CLASSES OF HACKERS:

Blackhat Hackers
Hackers with malicious intent. These type of hackers use different methods to tap into a network or
computer for the soul purpose of destroying oor stealing.

Whitehat Hackers These hackers look for security flaws in a network or computer, for research or testing
reasons. The intent of these type of hackers is NOT malicious.

TYPES OF HACKERS
Script Hackers
A script hacker uses existing, well
well-known and easy-to-find
find techniques and scripts to search for and
exploit weaknesses in other computers on the Internet.

An example would be a script hacker creating a program (script), or using an existing script, to send a
simple search request to a server. Thi
Thiss request is not the problem because it's the same request a normal
internet user would use to call up a website from a server. The problem occurs when the hacker sends an
overwhelming number of requests to the same server (CGI script) in an attempt to crashcra the server. This
particular example is call "denial of service". The server gets overwhelmed and will not allow anymore
requests.

Code Hackers
These type of hackers are usually programmers or individuals who have a deep understanding of
computer programming.
mming. Code hackers create programs that exploit holes in a network or computer.
Although all code hackers are not bad, there are others who write code for the single purpose of
destroying a computer and/or network. These type of hackers create what can be referred to as
"malicious code".

Admin Hackers
Admin or Administrative Hackers are very familiar with networking and are commonly network
administrators. These type of hackers use tools to record and collect information such as passwords or
user names. These hackers don't have the kind of programming kknowledge
nowledge the coder has. Admin hackers
are most commonly an inside attacker because they may have access from the inside of the network.

Subject Name: Data Compression and Cryptography Module 6: System Security

Topic: System Security