DEC3023 : Computer

Networking Fundamental
Chapter 4: Wireless Technologies
and Basic Security

Noted prepared by:

Pn. Wan Fazlini Idayu binti Wan
Fakari

1
4.1 Wireless Technologies

2
Wireless Technologies
 Wireless technologies use electromagnetic waves to carry information between
devices. An electromagnetic wave is the same medium that carries radio signals
through the air.

 The electromagnetic spectrum includes such things as radio and television

broadcast bands, visible light, x-rays and gamma-rays. Each of these has a specific
range of wavelengths and associated energies as shown in the diagram.

 Some types of electromagnetic waves are not suitable for carrying data. Other
parts of the spectrum are regulated by governments and licensed to various
organizations for specific applications. Certain areas of the spectrum have been set
aside to allow public use without the restriction of having to apply for special
permits.
 The most common wavelengths used for public wireless communications include
the Infrared and part of the Radio Frequency (RF) band.

3
 Wireless Technologies
• Wavelength for each electromagnetic wave

4
Wireless Technologies
Infrared Band (IR)
– Low energy and unable to penetrate walls (line of sight)
– Used for PDAs, PCs, wireless mice, keyboards and remote
controls
– IrDA (Infrared Direct Access) port used for 1 to 1
connections
Radio Frequency (RF)
– Goes through walls and other obstructions, better range
– Different frequencies assigned to different types of
unlicensed devices

5
Comparison: infrared vs. radio transmission
•Infrared •Radio
– uses IR diodes, diffuse light, – typically using the license free ISM
multiple reflections (walls, band at 2.4 GHz
furniture etc.) •Advantages
•Advantages – experience from wireless WAN
– simple, cheap, available in many and mobile phones can be used
mobile devices – coverage of larger areas possible
– no licenses needed (radio can penetrate walls,
– simple shielding possible furniture etc.)
•Disadvantages •Disadvantages
– interference by sunlight, heat – very limited license free frequency
sources etc. bands
– many things shield or absorb IR – shielding more difficult,
light interference with other electrical
– low bandwidth devices

•Example •Example
– IrDA (Infrared Data Association) – WaveLAN, HIPERLAN, Bluetooth
interface available everywhere
types of wireless connections…infrared

 two types of wireless connections used on computer

networks: infrared and wireless LANs. (dua jenis Sambungan
wayarles digunakan pada rangkaian komputer: LAN inframerah dan wayarles)

 Infrared
– transmitted by frequencies in the 300-GHz to 300,000-GHz
range, which is just above the top of the wireless spectrum.
(dihantar dengan julat frekuensi GHz 300 hingga 300.000-GHz, iaitu spektrum wayarles
tertinggi )

– infrared transmission is most often used for

communications between devices in the same room.
(penghantaran inframerah ini paling sering digunakan untuk komunikasi antara peranti
dalam ruangan yang sama)
types of wireless connections…wireless LANs

– infrared signaling requires more power, travels shorter

distances, and transmission around obstacles less
successfully than the wireless technique. (isyarat inframerah lebih
memerlukan kekuatan, jarak pendek, dan penghantaran di sekitar rintangan kurang
berjaya berbanding teknik wayarles)

 wireless LANs
– WLAN relies on lower frequencies in the 2.4-2.4835 GHz
band, more commonly known as the 2.4-GHz band, to send
and receive signals. (WLAN menghantar dan menerima isyarat pada frekuensi
rendah iaitu 2.4 GHz)

– two categories: ad hoc and infrastructure

wireless LANs… ad hoc

 Smaller wireless networks, in which a small number

of nodes closely positioned need to exchange data,
can be arranged in an ad hoc. (Rangkaian wayarles yang lebih kecil, di
mana sejumlah nod berdekatan yang ingin bertukar data, diatur dalam ad hoc)

 In an ad hoc WLAN, wireless nodes, or stations,

transmit directly to each other via wireless NICs
without an intervening connectivity device. (Dalam WLAN
ad hoc, nod atau stesen, menghantar terus antara satu sama lain melalui NIC
wayarles(wireless adapter) tanpa memerlukan peranti sambungan)
infrared and wireless LANs connection

An ad-hoc WLAN
wireless LANs… infrastructure

 WLANs can use the infrastructure mode, which

depends on an intervening connectivity device called
an access point. (WLAN yang menggunakan mode infrastruktur akan bergantung
kepada peranti sambungan tambahan yang disebut access point)

 AP (access point) is a device that accepts wireless

signals from multiple nodes and retransmits them to
the rest of the network. (AP adalah peranti yang menerima isyarat
wayarles dari beberapa node dan menghantarnya kembali ke seluruh rangkaian)
wireless LANs… infrastructure

 an access point must have sufficient power and be

strategically placed so that stations can communicate
with it. ( access point mesti mempunyai kekuatan yang cukup dan diletakkan secara
strategik sehingga dapat berkomunikasi dengan stesen-stesen)

 like other wireless devices, access points contain an

antenna connected to their transceivers. (seperti peranti
wayarles lain, access point mengandungi antena bersambung kepada transceivers)
wireless LANs… An infrastructure

An infrastructure WLAN
wireless LANs… ad hoc

Wireless LAN interconnection

 Wireless Technologies
• Wireless Body Area Networks
• Wireless Personal Area Networks √
• Wireless Local Area Network √
WWAN
• Wireless Metropolitan Area Network 802.16e-802.20
• Wireless Wide Area Network √
WMAN
802.16/HIPERMAN
• Varies in terms of transmission range
– Up to 1m WLAN
– from 1m to 10m 802.11/HIPERLAN
– From 10 to 500m 802.21 WPAN
– From 500 to 20-50 km 802.15
– Beyond 50km

15
*nota : tulisan merah yg masuk silibus
 Wireless Technologies
*UMTS = Universal Mobile
Telecommunication System

Wireless
Technologies

WPAN WLAN WMAN WWAN

GPRS
Bluetooth HomeRF WIFI HiperLAN I/II WLL WiMAX GSM UMTS
HiperMAN EDGE
802.15.1 802.11 ETSI 802.16 802.16 2G 3G
2.5G

16
 WBAN and WPAN
• A WBAN provides the connectivity among various
devices of wearable computers whose components
are distributed on the body
– E.g. microphones, earphones, etc.
• A WPAN connects one-person’s BAN with the
environment around it (devices around the person)
– Bluetooth is an example of a wireless PAN that allows
devices within close proximity to join together in an ad hoc
fashion to exchange information
– Many cell phones have two radio interfaces: one for the
cellular network and one for PAN connections
– IEEE 802.15 (Bluetooth)

17
WPAN Applications

18
 WLAN
• A WLAN provides a wider range of connectivity with higher
data rate than that of WPAN and WBAN
– Infrastructure mode: requires an AP and provide access to Internet
backbone
– Ad hoc mode: peer-to-peer communication
• Typical applications: hot spots, buildings
• Requirements of a WLAN
– High capacity
– Full connectivity among the attached nodes
– Broadcasting capability
• In terms of standardization
– In US: IEEE 802.11 (WiFi)
– In Europe: HiperLAN II

19
 WWAN
• Wireless wide area networks are wireless networks
that typically cover large areas, such as between
neighboring towns and cities, or city and suburb.
• These networks can be used to connect branch offices
of business or as a public internet access system.
• The wireless connections between access points are
usually point to point microwave links using parabolic
dishes on the 2.4 GHz band, rather than
omnidirectional antennas used with smaller networks.
• When combined with renewable energy systems such
as photo-voltaic solar panels or wind systems they can
be stand alone systems.
• In addition, WAN’s also refer to Mobile Data
Communications, such as GSM, GPRS and 3G.
22
23
wireless LANs devices/components
 A wireless local area network (WLAN) links two or
more devices using some wireless distribution
method and usually providing a connection through
an access point to the wider internet.
 This gives users the mobility to move around within a
local coverage area and still be connected to the
network.
 Most modern WLANs are based on IEEE 802.11
standards, marketed under the Wi-Fi brand name.
Wi-Fi : Wireless Fidelity

24
25
Wireless LANs Devices

26
Wireless LANs Devices/ Components
• Wireless Components
– Wireless Clients or STAs
(Wireless STAtion)
– APs (Access Points)
– Wireless Bridges

• Types of Antennas
– Omni send all
directions
• Used in APs
– Directional send in one
direction
• Used for longer links
to bridge distances
WLANs Form And Service Set Identifier (SSID)
There are Two forms of WLAN Installations:
1. Ad-hoc (IBSS) Equal Peer-to-peer & No AP
2. Infrastructure (BSS) STAs communicate
through APs

28
Advantages and limitations of the wireless
technology
 Advantages
– Mobility Allows for easy connection of both stationary and
mobile clients.
– Flexibility Ability to provide anytime, anywhere
connectivity
– Cost Wireless technology is fairly easy and inexpensive
to install.
– Scalability Enables networks to be easily expanded,
without the limitations of cabled connections.
– Reduced installation time Installation of a single piece of
equipment can provide connectivity for a large number of
people.
29
Advantages Wireless Technologies

• Provide a backup communications link in case

of normal network failure.
• Span a distance beyond the capabilities of
typical cabling.
• Remotely connect mobile users or networks.
• Avoid obstacles such as physical structures.
• Link portable or temporary workstations.

30
Advantages and limitations of the wireless
technology
 Limitations
– Interference Wireless technology is susceptible to
interference from other devices that produce
electromagnetic energies. (Interferensi teknologi Wireless terdedah
terhadap gangguan dari peranti lain yang menghasilkan tenaga elektromagnet)

– Wireless provides ease of access. It does this by

broadcasting data in a manner that allows anyone the
ability to access it.
– Wireless LAN technology does not currently provide the
speed or reliability of wired LAN's.

31
Types of wireless networks and their boundaries

 Type of wireless networks

Wireless Personal Area networks This is the smallest wireless network used
(WPAN) to connect various peripheral devices such
as mice, keyboards and PDAs to a
computer.

Wireless Local Area networks WLAN is typically used to extend the

(WLAN) boundaries of the local wired network
(LAN). An Access Point provides a
connection between wireless hosts and
hosts on an Ethernet wired network.
Wireless Wide Area networks WWAN networks provide coverage over
(WWAN) extremely large areas.

32
Types of wireless networks and their
boundaries

33
Types of wireless networks and their
boundaries
 Wireless networks boundaries

*CDMA = Code Division

Multiple Acces

34
 FE Dis 14 & Jun 15: cth scenario
Activity
SCENARIO
1. Charlene uses the IrDA port to connect her PDA to her laptop to
upload files.
2. Natasha calls her friend Carlos on her cell phone.
3. Trisha uses her laptop computer at a wireless HotSpot to check her
email.
4. Burt uses a wireless Bluetooth headset to listen to music from his
MP3 player.
5. Jim connects to the wireless network at his school to do research
on a new technology.
6. Ragu uses his cell phone to view a web page on the Internet.

Select answer for question 1 to 6:-

WPAN WLAN WWAN

35
4.2 Networking Threats

36
 FE Dis 14: types of threat

Risks of network intrusion

 Once the hacker gains access to the network, four types of threat may arise:
– Information theft Breaking into a computer to obtain
confidential information. Information can be used or sold
for various purposes.

– Identity theft A form of information theft where personal

information is stolen for the purpose of taking over
someone's identity.

Confidential = sulit/rahsia
Intrusion - pencerobohan
Risks of network intrusion

– Data loss / manipulation  Breaking into a computer to

destroy or alter data records.

– Disruption of service  Preventing legitimate users from

accessing services.

Disruption = gangguan
Sources of network intrusion FE December 2013

 External Threats
– External threats arise from individuals working outside of
an organization
– They do not have authorized access to the computer
systems or network.

 Internal Threats
– occur when someone has authorized access to the network
through a user account or have physical access to the
network equipment.
Sources of network intrusion
 Scenario
– There are three hosts connected via a switch. A hacker
working from inside the building is attempting to access
the network, via the switch.

– A hacker is working from his home. The hacker connects to

the server via the Internet, and performs an attack on the
server, causing it to stop working, or become unavailable.
Social engineering
 The ability of someone or something to influence
behavior of a group of people.
 Used to deceive internal users to get confidential
information.
 Hacker takes advantage of legitimate users
 FE December 2013 & Jun 15

Forms of Social Engineering

 Pretexting
 Phishing
 Vishing/Phone Phising

Voice mail instruction

 FE December 2013 & Jun 15

Forms of Social Engineering

 Pretexting
– Typically accomplished over the phone
– scenario used on the victim to get them to release
confidential information
– gaining access to your social security number
 EC301:FE December 2013 & Jun 15
DEC3023:FE December 2015

Forms of Social Engineering

 Phishing
– Phishing is the attempt to acquire sensitive
information such as usernames, passwords,
and credit card details (and sometimes,
indirectly, money), often for malicious
reasons, by masquerading as a trustworthy
entity in an electronic communication.
– typically contacted via email (or IM, or fake
websites)
– attacker pretends to represent legitimate
organization
 FE December 2013 & Jun 15

Forms of Social Engineering

 Vishing/Phone Phising
– User sends a voice mail instructing them to call a
number which appears to be legitimate
– Call intercepted by thief

Voice mail instruction

46
4.3 Security on a Wireless LAN

47
 How To Avoid WLAN Attack
1. Limited access to a WLAN
2. Authentication on a WLAN
3. Encryption on a WLAN
4. Traffic filtering on a WLAN

Authentication = pengesahan / ketulenan

48
Encryption = penyulitan
Wireless LAN Security - Limiting Access
 MAC Address Filtering
– MAC address filtering uses the MAC address to identify
which devices are allowed to connect to the wireless
network.
– Only devices whose MAC addresses have been prerecorded
in the router's database will be allowed to connect.

MAC=Media Access Control

49
Wireless LAN Security - Limiting Access

• Controls exactly which devices

have access to the LAN
• Uses MAC addresses to ID
clients authorized to access
WLAN.
• Limitations:
– MAC addresses for authorized
clients must be input manually.
– This makes adding new clients
difficult
– MAC Address cloning or
spoofing can allow an
unauthorized user to get into
the WLAN.
Wireless LAN Security - Authentication
• This process requires a client to
present credentials in order to use the
network.
• Most common is a username and
password, but for a wireless network,
this is handled differently.
• Because the transaction is wireless
and can be “heard” by anyone, the
authentication is done before
connecting.
• Three Types of Authentication:
– Open
• Used for Public Networks
• Networks where another method
of authentication is used.
– PSK
– EAP
Wireless LAN Security - Authentication
• PSK (Pre-Shared Key)
– Both client and AP are configured
with a shared key
– Password is encrypted by client
using shared key, then sent to AP,
where it is decrypted using the
same key.
– Doesn’t authenticate AP or User,
only one way
• EAP (Extensible Authentication
Protocol)
– Authentication is 2-way
– Client communicates through AP
to (usually) a RADIUS server which
has list of authorized users and
clients.
– Both user and client must
authenticate.
Wireless LAN Security – Data Encryption

• Encryption prevent unauthorized users from

accessing and transmitted data over network.
• Encryption is the process of encoding data and
messages transmitted or communicate over
network.
• It translate data into a secret code. To read the
data, the authorized user must have secret key
or password that enables user to decrypt it.
Wireless LAN Security – Data Encryption
Wireless LAN Security – Data Encryption

• Use of Wireless Authentication

– Authentication can prevent unauthorized users
from accessing WLAN, but data is still transmitted
to anyone with a receiver.
– Encryptions methods were developed to encrypt
wireless communications to prevent snooping by
outsiders.

• Two main encryption methods:

– WEP (Wired Equivalency Protocol)
– WPA (Wi-FI Protected Access)
Wireless LAN Security – Data Encryption
 WEP (Wired Equivalency Protocol)
– Uses pre-configured 64, 128, or 256 bit keys to encrypt data
before transmission.
– WEP keys are just a string of letters or numbers and can also be
automatically generated using a passphrase.
– WEP is not a secure protocol and can easily be cracked by a
knowledgeable wireless hacker.
 WPA (Wi-Fi Protected Access)
– Also uses a 64 to 256 encryption key.
– WPA doesn’t always use the same key, but generates new,
dynamic keys each time a client connects.
– WPA is considered the current standard of encryption for
wireless networks.
56
 • The following steps occur
• WEP Open System when two devices use Open
System Authentication:
Authentication 1. The station sends an
authentication request to
the access point.
2. The access point
authenticates the station.
3. The station associates with
the access point and joins
the network.

57
 4. The access point decrypts the encrypted text using
its configured WEP key that corresponds to the
station’s default key. The access point compares
the decrypted text with the original challenge text.
If the decrypted text matches the original challenge

WEP Shared Key

text, then the access point and the station share
the same WEP key, and the access point
authenticates the station.

Autentication
5. The station connects to the network.

• The following steps occur when • If the decrypted text does not match
the original challenge text (that is, the
two devices use Shared Key access point and station do not share
Authentication: the same WEP key), then the access
1. The station sends an authentication request to the point will refuse to authenticate the
access point.
2. The access point sends challenge text to the station. station, and the station will be unable
3. The station uses its configured 64-bit or 128-bit to communicate with either the 802.11
default key to encrypt the challenge text, and it sends network or Ethernet network.
the encrypted text to the access point.

58
59
60
Wireless LAN Security – Traffic filtering
• Allows control of traffic types • Filtered using
sent across WLAN – MAC Addresses
• Blocks undesirable traffic from – IP Addresses
entering or leaving network – Port Numbers
 WLAN Security Measures

• Security should be
planned and configured
before installing into
network or ISP
• Basic measures:
– Change Defaults for SSID,
usernames, and Psswrds
– Disable SSID broadcast
– MAC Address Filtering
• Advanced Measures
– WPA or WEP Encryption
– Authentication
– Traffic Filtering
4.4 Methods of Attacks

64
Methods of Attack

• Viruses, worms and Trojan Horses are all

malicious programs that can cause damage to
your computer, but there are differences
among the three.
Methods of Attack ~ virus

• Virus is a program written to enter to your computer and

damage/alter your files/data. A virus might corrupt or delete data on
your computer. Viruses can also replicate themselves.
• A computer Virus is more dangerous than a computer worm as it
makes changes or deletes your files while worms only replicates itself
with out making changes to your files/data.
• Examples of virus are: - W32.Sfc!mod
ABAP.Rivpas.A
Accept.3773
• Viruses can enter to your computer as an attachment of images,
greeting, or audio / video files.
• Viruses also enters through downloads on the Internet.
• They can be hidden in a free/trial software or other files that you
download.
Methods of Attack ~ worm

• Worms are malicious programs that make copies of

themselves again and again on the local drive, network
shares, etc. The only purpose of the worm is to reproduce
itself again and again. It doesn’t harm any data/file on the
computer. Unlike a virus, it does not need to attach itself to
an existing program. Worms spread by exploiting
vulnerabilities in operating systems
• Examples of worm are: - W32.SillyFDC.BBY
Packed.Generic.236
W32.Troresba
• Due to its replication nature it takes a lot of space in the
hard drive and consumes more cpu uses which in turn
makes the pc too slow also consumes more network
bandwidth.
Methods of Attack ~ Trojan Horse
• A Trojan horse is not a virus. It is a destructive program that
looks as a genuine application. Unlike viruses, Trojan horses
do not replicate themselves but they can be just as
destructive. Trojans also open a backdoor entry to your
computer which gives malicious users/programs access to
your system, allowing confidential and personal
information to be theft.
• Example: - JS.Debeski.Trojan
• Trojan horses are broken down in classification based on
how they infect the systems and the damage caused by
them. Trojan Horses are sneaky: while they
appear harmless, they really are
programs that hide all sorts of malicious
goodies, just like when the Greeks gave
a huge wooden horse to their foes, the
Trojans.

Methods of Attack
Virus
• Propagates by inserting a
copy of itself into and
becoming part of another
program.
• Almost virus attached to an
executable file, but will not
be active (need to be
activated)
• or able to spread until a user
runs or opens the malicious
host file or program (cannot
start by itself)
Worm
• Replicate functional copies
of themselves (does not
attach itself to an existing
program)
• Are standalone software and
do not require a host
program or human help to
propagate (no human
activation needed)
FE December 2013
FE December 2017
Trojan Horse
• Is a harmful piece of
software that looks
legitimate.
• User are typically tricked
into loading and executing it
on their systems.
• Do not reproduce by
infecting other files nor do
they self-replicate.
• Trojan must spread through
user interaction such as
opening an e-mail
attachment or downloading
and running a file from the
internet.
DoS (Denial of Service) Attacks

Its an attack to
make a machine or
network resource
unavailable to its
intended users.
DoS (Denial of Service) Attacks
 Intended to deny services to users
– floods network with traffic
– disrupts connections between client and server
 Types of DoS Attacks
– SYN (synchronous) Flooding
 packets sent with invalid IP addresses
 server tries to respond
– Ping of Death
 larger packet size sent than allowed
 leads to system crashing

Denial = penafian / tidak membenarkan

DoS (Denial of Service) Attacks - SYN (synchronous)
Flooding
 The SYN flood attack takes advantage of the
TCP three-way handshake. This method
operates two separate ways. Both methods
attempt to start a three-way handshake, but
not complete it.
 The first attack method can be achieved
when the attacker sends a synchronize
request, or SYN, with a spoofed IP address.
When the server tries to send back a SYN-
ACK request, or synchronize-acknowledge
request, it will obviously not get a response.
TCP Three-Way Handshake This means that the server never obtains
• The client requests a connection by
sending a SYN (synchronize) message
the client’s ACK request, and resources are
to the server left half-open.
• The server acknowledges this
request by sending SYN-ACK back to
 Alternatively, the attacker can just choose to
the client not send the acknowledgement request.
• The client responds with an ACK Both of these methods stall the server, who
(acknowledgement) and the
connection is established
is patiently waiting for the ACK request.
 Thankfully, this hole in the three-way
handshake has been patched for years
DoS (Denial of Service) Attacks - SYN Flooding
Example
DDoS (Distributed Denial of Service) Attacks

Its an attack to make a

machine or network
resource unavailable to its
intended users
by using others computer.
DDoS (Distributed Denial of Service) Attack
Some Distributed Denial of Service (DoS) Attacks :
a) Ping broadcast
b) Ping of death
c) Smurf
d) Teardrop
DDoS (Distributed Denial of Service) Attacks -
Ping broadcast
 A ping request packet is sent to a broadcast network address
where there are many hosts.
 The source address is shown in the packet to be the IP address
of the computer to be attacked.
 If the router to the network passes the ping broadcast, all
computers on the network will respond with a ping reply to
the attacked system.
 The attacked system will be flooded with ping responses
which will cause it to be unable to operate on the network for
some time, and may even cause it to lock up.
 The attacked computer may be on someone else's network.
One countermeasure to this attack is to block incoming traffic
that is sent to a broadcast address.
DDoS (Distributed Denial of Service) Attacks -
Ping of death
 The ping of death attack, can cripple a network based on a flaw in
the TCP/IP system. The maximum size for a packet is 65,535 bytes. If
one were to send a packet larger than that, the receiving computer
would ultimately crash from confusion.

 Sending a ping of this size is against the rules of the TCP/IP protocol,
but hackers can bypass this by cleverly sending the packets in
fragments. When the fragments are assembled on the receiving
computer, the overall packet size is too great. This will cause a buffer
overflow and crash the device.

• However, most devices created after

1998 are immune to this kind of attack.
DDoS (Distributed Denial of Service) Attacks -
Smurf
 An attack where a ping request is sent to a broadcast network
address with the sending address spoofed so many ping
replies will come back to the victim and overload the ability of
the victim to process the replies.
 Process:
 attacker sends large amount of ICMP echo traffic to a set of IP
broadcast addresses with victim’s spoofed address
 most hosts accept these ICMP echo requests and respond to them
with an echo reply to the source address, i.e. the targeted victim
 multiplies traffic to the victim by number of responding hosts
 On a broadcast network, potentially hundreds of hosts could reply to
each ICMP Packet
 This process of using intermediate network devices to elicit many
responses to a single packet has been labeled as an “amplifier”
process
 amplifier as well as the target victim are impacted
 This method overloads an entire network
DDoS (Distributed Denial of Service) Attacks -
Smurf
• In a smurf attack, an
attacker broadcasts a
large number of ICMP
packets with the victim's
spoofed source IP to a
network using an IP
broadcast address.
• This causes devices in
the network to respond
by sending a reply to the
source IP address

• Internet Control Message Protocol (ICMP)

DDoS (Distributed Denial of Service) Attacks -
Teardrop
 a normal packet is sent.
 A second packet is sent which has a fragmentation offset
claiming to be inside the first fragment.
 This second fragment is too small to even extend outside the
first fragment.
 This may cause an unexpected error condition to occur on the
victim host which can cause a buffer overflow and possible
system crash on many operating systems.
 Teardrop attacks involve sending crafted packets with
overlapping, over-sized payloads to the victim system.
Modern operating systems are now immune to this attack, but
because of a deficiency in the TCP fragmentation and
reassembly implementation of older operating systems, this
attack caused a crash of those systems.
DoS (Denial of Service) Attacks
DDoS (Distributed Denial of Service) Attack
 more sophisticated than DoS
 overwhelms networks with useless data simultaneously
DDoS (Distributed Denial of Service) Attack
(Explanation of the picture)
1. He is connected to the Internet cloud. On the other side of
the cloud are two workers. There are two other computers
connected to the Internet cloud, as well as a web server, at
www.q z x bank.com.
2. There are speech bubbles in the diagram, as follows:
The man says, "I have infected computers across the
internet with the DDos code. I will activate them all now."
3. The two workers on the network have the DDoS code
activated and start transmitting packets to the Q Z X bank
server.
4. The server responds, "I am overloaded with too much
traffic."
Brute Force Attack

 Brute force attack is an automated process of trial and error

used to guess a person’s username, password, credit-card
number or cryptographic key.
 Fast PC used to try and guess passwords or decipher data
 Attacker tries a large number of possibilities rapidly.

Brute force attacks

can cause a denial of
With brute force The attacker tries service due to
attacks, a fast a large number of excessive traffic to a
computer is used possibilities in specific resource or
to try to guess rapid succession by locking out user
passwords or to to gain access or accounts.
decipher an crack the code.
encryption code.
Spyware
 Program that gathers personal information
from your PC without permission
 Information sent to advertisers
 Usually installed unknowingly when
downloading a file.
 Spyware works like adware but is usually a
separate program that is installed
unknowingly when you install another
freeware type program or application.
 Can slow down performance of the PC
Spyware
 Tracking Cookies

• A cookie is a plain text file that is stored on your

computer in a cookies folder and it stores data
about your browsing session.
• Cookies are used by many websites to track
visitor information .
• A tracking cookie is a cookie which keeps tracks
of all your browsing information and this is used
by hackers and companies to know all your
personal details like bank account details, your
credit card information etc. which is dangerous .
 Adware

• Adware is a software application in which

advertising banners are displayed while any
program is running.
• Adware can automatically get downloaded to
your system while browsing any website and can
be viewed through pop-up windows or through a
bar that appears on a computer screen
automatically.
• Adwares are used by companies for marketing
purpose.
 Pop- Ups

• Pop-up is a graphical user interface display area,

usually a small window, that suddenly appears
("pops up") in the foreground of the visual interface.
• additional ads displayed when visiting a site
– pop-ups – open in front of browser
– pop-under – open behind browser
cookies, adware, and Pop-up
Spam
 Unwanted bulk e-mail
 Information sent to as many end users as possible
 Can overload servers, ISPs, etc.
 Estimated every Internet user receives over 3000 email
per year
4.5 Security Policy

95
Common security measures
 Identification and Authentication Policies
– only authorized persons should have access to network and
its resources (including access to physical devices)
 Password Policies
– Must meet minimum requirements
– Change passwords regularly
 Acceptable Use Policies
– Determine which applications are acceptable
 Remote Access Policies
– Explanation of how remote users can access the network
Common security measures
 Network Maintenance Procedures
– Explanation of update procedures
 Incident Handling Procedures
– How incidents involving security will be handled
Update software patches

 Use of updates and patches makes it harder for the hacker to gain access.
 Updates
– Includes additional functionality
 Patches
– Small piece of “code” used to fix the problem
Antivirus latest patterns
 Any device connected to a network is susceptible to
viruses
 Warning signs of a virus:
– computer acts abnormal
– sends out large quantities of email
– high CPU usage
 Some Anti-virus programs
– Email checking
– Dynamic scanning
 checks files when accessed
– Scheduled scans
– Automatic updates
Firewall
 a firewall is a software or hardware-based network security system that
controls the incoming and outgoing network traffic by analyzing the data
packets and determining whether they should be allowed through or not,
based on a rule set.

 Used to control traffic between network

 Methods of a Firewall:
– Packet filtering
based on IP or MAC address
– Application/Web site filtering
based on the application or website being used
– SPIC (Stateful Packet Inspection)
incoming packets must be legitimate responses to requests from
hosts