Network Security Mod 1
Network Security Mod 1
⮚ Initial computer applications had no, or very little security as the importance of data was not
realized then.
⮚ When computer applications were developed to handle financial and personal data, the need for
security arose. With this realization, security began to gain prominence and security mechanisms
began to evolve.
● Provide a user id and password to every user, and use that information to authenticate a user
● Encode information stored in the databases, so that it is not visible to users who do not have
the right permissions.
⮚ Organizations employed their own security mechanisms to provide basic security. As technology
improved, newer applications began to be developed and the basic security measures were not
sufficient.
⮚ Further with the evolution of the biggest computer network, Internet, the need for right security
⮚ From the user’s computer, the user details such as user id, order details such as order id and item id
and payment details such as credit card information travel across the
Internet to the merchant’s server. The merchant’s server stores these details in its
database.
● An intruder can capture the credit card details as they travel from the client to the server.
● Once the merchant receives the credit card details and validates them so as to process the order
and later obtain payments, the merchant stores the credit card details into its database. An
attacker can succeed in accessing this database and gain access to all the credit card numbers
stored there.
● Automating attacks: Humans dislike repetitive and difficult tasks. Automating them can cause
destruction more rapidly. Rather than producing fake currency on a mas scale, modern thieves will
excel in stealing a very low amount from million bank accounts in a matter of a few minutes.
● Privacy concerns: Collecting information about people and later misusing it is turning out to be a
huge problem. The data mining applications gather, process and tabulate all sorts of details about
individuals. People can illegally sell this information.
● Distance does not matter: Thieves would earlier attack banks, as banks had money. These days
Money is in digital form and moves around using computer network. It is easier for modern thief to
attempt an attack on the computer system of the bank, sitting at home.
⮚ A trusted system is a computer system that can be trusted to a specified extent to enforce a specified
security policy.
⮚ Trusted system uses the term reference monitor, an entity at the logical heart of the computer
⮚ The reference monitor should be tamperproof, always be invoked and small enough so that it can be
independently tested.
⮚ The mathematical foundation for trusted systems was provided by two independent, yet interrelated
works. In 1974, a technique called as Bell-LaPadula model was devised which was a highly
trustworthy computer system designed as a collection of objects (files, disks and printers) and
subjects (users, processes or threads)
1.2.2 Security Models
An organization can take several approaches to implement its security model. The various approaches are:
b) Security through obscurity: In this model, a system is secure simply because nobody knows about
its existence and contents. This approach cannot work for too long, as there are many ways an
attacker can come to know about it.
c) Host security: In this scheme, the security for each host is enforced individually. This is a safe
approach, but the complexity and diversity of modern sites/organizations makes the task harder
and difficult to scale.
d) Network security: Host security is tough to achieve as organization grows and becomes more
diverse. In this technique, the focus is to control network access to various hosts and their services,
rather than individual host security. This is a very efficient and scalable model.
Two more principles that are linked to the overall system are:
5) Access control
6) Availability
1) Confidentiality
⮚ The principle of confidentiality specifies that only the sender and the intended recipient(s) should
⮚ Here the user of computer A sends a message to the user of computer B. Another user C gets access
to this message, which is not desired, and therefore, defeats the purpose of confidentiality.
⮚ Example:- A confidential email message sent by A to B, which is accessed by C without the
permission or knowledge of A and B. This type of attack is called as interception.
“Interception causes loss of message confidentiality”
2) Authentication:
⮚ The authentication process ensures that the origin of an electronic message or document is
correctly identified.
⮚ For instance, suppose that user C sends an electronic document over the Internet to user B, posing
as user A. How would user B know that the message has come from user C, who is posing as user A.
⮚ Example: User C posing as user A, sends a funds transfer request (from A’s account to C’s account)
to bank B. The bank will transfer the funds from A’s account to C’s account, thinking that user A has
requested for the funds transfer. This type of attack is called as fabrication.
3) Integrity:
⮚ When the contents of a message are changed after the sender sends it, but before it reaches the
⮚ Example: Suppose you write a cheque for $100 to pay for the goods bought from the
store, but in the account statement it is observed that the cheque resulted in a payment of $1000!
This is the case of loss of message integrity.
⮚ Fig 1.4 demonstrates loss of integrity. User C tampers (modifies) a message originally sent by user
4) Non repudiation:
⮚ There are situations where a user sends a message and later refuses that the message was sent.
⮚ Example: User A could send a fund transfer request to bank B over the internet. After the bank
performs the funds transfer as per A’s request, A could claim that he never sent the fund transfer
request to the bank.
⮚ The principle of non-repudiation defeats such possibilities of denying something, having done it.
“Non repudiation does not allow the sender of a message to refuse the claim of not sending
that message”.
5) Access control:
⮚ The principle of access control determines who should be able to access what.
⮚ For instance, we should be able to specify that user A can view the records in a database, but
cannot update them. However, another user B might be allowed to make updates as well. An
access control mechanism can be set up to ensure this.
⮚ Access control is broadly related to two areas: role management and rule management.
⮚ Role management concentrates on the user side (which user can do what)
⮚ Rule management focuses on the resources side (which resource is accessible, and under what
circumstances).
⮚ Based on the decisions taken here, an access control matrix is prepared, which lists the users
against a list of items they can access (it can say that user A can write to file X, but can only update
files Y and Z).
⮚ The principle of availability states that resources (information) should be available to authorized
⮚ Example: Due to the intentional actions of another unauthorized user C, an authorized user A may
⮚ The ethical issues in security systems are classified into four categories:
⮚ While dealing with legal issues, there is a hierarchy of regulatory bodies that govern the legality of
⮚ Criminal attacks –
In this, the aim of attackers is to maximize financial gain by attacking computer systems. Some of the
criminal attacks are listed below:
Attack Description
Fraud Modern fraud attacks concentrate on manipulating some aspects
of electronic currency, credit cards, electronic stock certificates, cheques,
letters of credit, purchase order, ATMs etc.
Scams Some forms of scams are sales of services, auctions, multi- level marketing
schemes, general merchandise and business opportunities etc. People are
tempted to send money in return of
great profits, but end up losing their money.
Destruction The main motive behind these attacks is some sort of grudge. Example:
Some unhappy employees attack their own
organization; terrorists strike at bigger levels
Identity theft An attacker does not steal anything from a legitimate user, instead he
becomes that legitimate user!
Example, it is much easier to manage to get the password of someone
else's bank account or to actually be able to get a credit card on someone
else's name. That privilege can be misused
until it gets detected.
Intellectual Intellectual property theft ranges from stealing companies' trade secrets,
property theft databases, digital music and videos, electronic documents and books,
Identity theft, Intellectual property theft
software and etc.
Brand theft It is quite easy to set up fake Web sites that look like real Web sites. It is
difficult for a common user to know if she is visiting the real Bank site or
an attacker's site?
Innocent users end up providing their secrets and personal details on
these fake sites to the attackers.
The attackers use these details to then access the real site,
causing an identity theft.
⮚ Publicity Attacks
● Occurs because the attackers want to see their names appear on television news channels and
newspapers for publicity. These types of attackers are usually not hardcore criminals.
● They are people such as students in universities or employees in large organizations, who seek
publicity by adopting a novel approach of attacking computer systems.
⮚ Legal attacks
● This form of attack is quite novel and unique. The attacker tries to make the judge or jury doubtful
about the security of a computer system.
● The attacker attacks the computer system and the attacked party (Bank or organization) manages
to take the attacker to the court. The attacker tries to convince the judge that there is inherent
weakness in the computer security system and exploits the weakness of the judge.
The types of attacks on computers and network systems can be classified into two categories:
(a) Theoretical concepts behind these attacks
(b) Practical approaches used by the attackers.
a) Theoretical Concepts
The principles of security face threat from various attacks. These attacks are classified into four
categories, as mentioned namely:
⮚ Interception -
⮚ Modification –
● This attack results from violating Integrity. The attacker may modify the values in a database.
⮚ Interruption
⮚ Passive attacks
⮚ Active attacks
Passive attacks
● Passive attacks are those, wherein the attacker indulges in eavesdropping or monitoring of data
transmission.
● The attacker aims to obtain information that is in transit.
● The term passive indicates that the attacker does not attempt to perform any modifications to the
data.
● Passive attacks are harder to detect.
● The general approach to deal with passive attacks is to think about prevention, rather than detection
or corrective actions.
Passive attacks do not involve any modifications to the contents of an original message.
Passive attacks can be further classified into two sub-categories. These categories are:
● Release of message contents
● Traffic analysis.
⮚ Release of message contents:
● When a confidential email message is sent, it is desired that only the recipient is able to access it.
Otherwise, the contents of the message are released against our wishes to someone else.
● Using certain security mechanisms, we can prevent release of message contents. For example, we
can encode messages using a code language, so that only the desired parties understand the
contents of a message, because only they know the code language.
● However, if many such messages are passing through, a passive attacker could try to figure out
similarities between them to come up with some sort of pattern that provides the attacker some
clues regarding the communication that is taking place.
● Such attempts of analysing (encoded) messages to come up with likely patterns are the work of the
traffic analysis attack.
Active attacks
● The active attacks are based on modification of the original message in some manner or the creation
of a false message. These attacks cannot be prevented easily.
● They can be detected with some effort and attempts can be made to recover from them. These
attacks can be in the form of interruption, modification and fabrication.
● In active attacks, the contents of the original message are modified in some way.
● Trying to pose as another entity involves masquerade (interruption) attacks.
● Modification attacks can be classified further into replay attacks and alteration of messages.
● Fabrication causes Denial Of Service (DOS) attacks.
● This Classification can be shown as follows:
● Masquerade is caused when an unauthorized entity pretends to be another entity.
● Example: User C might pose as user A and send a message to user B. User B might be led to
believe that the message indeed came from user A. In masquerade attacks, an entity poses as
another entity.
● Example, the attack may involve capturing the user's authentication sequence (e.g. user ID and
password). Later those details can be used to gain illegal access to the computer system.
● Replay attack is caused when a user captures a sequence of events or some data units and re-sends
them.
● For instance, suppose user A wants to transfer some amount to user C's bank account.
● Both users A and C have accounts with bank B. User A might send an electronic message to bank
B, requesting for the funds transfer.
● User C could capture this message and send a second copy of the same to bank B. Bank B would
have no idea that this is an unauthorized message and would treat this as a second and different,
funds transfer request from user A.
● Therefore, user C would get the benefit of the funds transfer twice: once authorized, once
through a replay attack.
● Denial Of Service (DOS) attacks make an attempt to prevent legitimate users from accessing some
services, which they are eligible for.
● For instance, an unauthorized user might send too many login requests to a server using random
user ids one after the other in quick succession, so as to flood the network and deny other
legitimate users from using the network facilities.
1.4.3 The Practical Side of Attacks
● The security attacks can happen at the application level or the network level and can be classified
into broad categories : Application-level attacks and Network-level attacks
⮚ Application-level attacks:
These attacks happen at an application level, i.e. the attacker the attempts to access, modify or prevent
access to information of a particular application or the application itself.
Example: Trying to obtain someone’s credit card information on the Internet or changing
the contents of a message to change the amount in a transaction, etc.
⮚ Network-level attacks:
These attacks generally aim at reducing the capabilities of a network by a number of possible means.
These attacks generally make an attempt to either slow down or completely bring to halt, a computer
network.
This can lead to application-level attacks, because once someone is able to gain access to a network, they
can access/modify at least some sensitive information, causing havoc.
● In this example, after deleting all the files from the current user's computer, the virus self-propagates
by sending its code to all users whose email addresses are stored in the current user's address book.
● Viruses can also be triggered by specific events (e.g. a virus could automatically execute at 12 PM
every day). Usually, viruses cause damage to computer and network systems to the extent that it can
be repaired, assuming that the organization deploys good backup and recovery procedures.
2) Worm:
● A worm is similar to a virus, but different in implementation. A virus modifies a program (i.e. it
attaches itself to the program under attack) whereas a worm does not modify a program. Instead, it
replicates itself again and again.
● The replication grows so much that the computer or the network on which the worm resides,
becomes very slow, finally coming to a halt.
● The basic purpose of a worm attack is different from that of a virus. A worm attack attempts to make
the computer or the network under attack unusable by eating all its resources. This is illustrated in
figure 1.7
● A worm does not perform down any destructive actions and instead, only consumes system
resources to bring it down.
Figure 1.7 Worm
3) Trojan Horse
● A Trojan horse is a hidden piece of code, like a virus. The main purpose of a virus is to make some
sort of modifications to the target computer or network whereas a trojan horse attempts to reveal
confidential information to an attacker.
● The name (Trojan horse) is due to the Greek soldiers, who hid inside a large hollow horse, which
was pulled by troy citizens, unaware of its contents. Once the Greek soldiers entered the city of Troy,
they opened the gates for the rest of Greek soldiers.
● In the same way, a Trojan horse could silently sit in the code for a Login screen by attaching itself to
it. When the user enters the user id and password. the Trojan horse could capture these details and
send this information to the attacker without the knowledge of the user who had entered the id and
password.
● A Trojan horse allows an attacker to obtain some confidential information about a computer or a
network. The attacker can then use the user id and password to gain access to the system. This is
shown in figure
Figure 1.8 Trojan Horse
Here, the server sends an applet along with the Web page to the client.
● Usually, these programs (applets or ActiveX controls) are used to either perform some processing on
the client side or to automatically and periodically request for information from the web server
using a technology called as client pull.
● For instance, a program can get downloaded on to the client along with the Web page showing the
latest stock prices on a stock exchange and then periodically issue HTTP requests for pulling the
updated prices to the Web server.
● To prevent these attacks, Java applets have strong security checks as to what they can do and what
they cannot. ActiveX controls have no such restrictions.
● A number of checks have been in place to ensure that neither applets nor ActiveX controls can do a
lot of damage and even if they somehow manage to do it, it can be detected.
● Java applets (from Sun Microsystems) and ActiveX controls (from Microsoft Corporation) are small
client-side programs that might cause security problems, if used by attackers with a malicious
intention.
5) Cookies:
● Cookies were born as a result of a specific characteristic of the Internet. The Internet uses HTTP
protocol, which is stateless.
● Suppose that the client sends an HTTP request for a Web page to the server. The Web server locates
that page on its disk, sends it back to the client and completely forgets about this interaction!
● If the client wants to continue this interaction, it must identify itself to the server in the next HTTP
request. Otherwise, the server would not know that this same client had sent a HTTP request earlier.
● Since a typical application is likely to involve a number of interactions between the client and the
server, there must be some mechanism for the client to identify itself to the server each time it sends
an HTTP request to the server.
● For this, cookies are used. Cookies are the most popular mechanism of maintaining the state
information (i.e. identifying a client to a server). A cookie is just one or more pieces of information
stored as text strings in a text file on the disk of the client computer (i.e. the Web browser).
● Actually, a Web server sends the Web browser a cookie and the browser stores it on the hard disk of
the client computer. The browser then sends a copy of the cookie to the server during the next HTTP
request.
● This is used for identification purposes as shown in Figs 1.11 (a) and 1.11 (b).
The main advantage of such software programs is that they are more into virus prevention than virus
detection. In other words, they stop viruses before they can do any damage, rather than detecting them
after an attack.
● The chief job of the Java sandbox is to protect a number of resources and it performs this task so at a
number of levels.
✔ A sandbox in which program can access the CPU, the screen, the keyboard and mouse and its
own memory. This is the basic sandbox. It contains just enough resources for a program to
execute.
✔ A sandbox in which a program can access the CPU and its memory as well as access the Web
server from which it was downloaded. This is often considered as the default state for the
sandbox.
✔ A sandbox in which program can access the CPU, its memory, its Web server and to a set of
✔ An open sandbox, in which the program can access whatever resources the host machine can.
● The broad level aspects of Java security and their relation to each other.
● The bytecode verifier: The bytecode verifier ensures that Java class files obey the rules of the Java
programming language. The bytecode verifier ensures memory protection for all Java programs.
However, not all files are required to go through byte code verification.
● The class loader: Class loaders load classes that are located in Java's default path (called as
CLASSPATH). In Java 1.2, the class loaders also take up the job of loading classes that are not found
in the CLASSPATH.
● The access controller: In Java 1.2, the access controller allows (or prevents) access from the core
JAVA API to the operating system.
● The security manager: The security manager is the chief interface between the core Java API and
the operating system. It has the ultimate responsibility for allowing or disallowing access to all the
operating system resources. The security manager uses the access controller for many of these
decisions.
● The security package: The security package (that is, classes in the java.security package) helps in
authenticating signed Java classes.
● The key database: The key database is a set of keys used by the security manager and access
Controller to validate the digital signature that comes along with a signed class file.
● From version 1.2, the Java platform itself comes with a Security model built for the applications it
runs. Here, the classes that are found in the CLASSPATH may have to go through a security check.
This allows running of the application code in a sandbox defined by a user or an administrator. The
following points are important:
a) Packet sniffing:
● Packet sniffing is a passive attack on an ongoing conversation. An attacker need not hijack a
conversation, but instead, can just observe (i.e. snif) packets as they pass by.
● To prevent an attacker from sniffing packets, the information that is passing needs to be protected
in some ways. This can be done at two levels:
(i) The data that is traveling can be encoded in some way or
(ii) The transmission link itself can be encoded.
● To read a packet, the attacker needs to access it. The simplest way to do this is to control a computer
through which the traffic goes. Usually, this is a router. However, routers are highly protected
resources. Therefore, an attacker might not be able to attack it and instead, attack a less protected
computer on the same path.
b) Packet spoofing:
● In this technique, an attacker sends packets with a false source address. When this happens, the
receiver (i.e. the party who receives these packets containing false address) would inadvertently
send replies back to this forged address (called as spoofed address). This can lead to three possible
cases:
i) The attacker can intercept the reply - If the attacker is between the destination and the forged
source, the attacker can see the reply and use that information for hijacking attacks.
ii) The attacker need not see the reply - If the attacker's intention was a Denial Of Service (DOS)
attack, the attacker need not bother about the reply.
iii) The attacker does not want the reply- The attacker could simply be angry with the host, so it
may put that host's address as the forged source address and send the packet to the destination.
The attacker does not want a reply from the destination, as it wants the host with the forged
address to receive it and get confused.
2) Phishing :
● In Phishing , attackers set up fake Web sites, which look like real Web sites. It is simple to create Web
pages as it involves simple technologies such as HTML, JavaScript, CSS (Cascading Style Sheets), etc.
Learning and using these technologies is quite simple. Phishing works as follows.
● The attacker decides to create his own Web site, which looks very identical to a real Web site. For
example, the attacker can clone Citibank's Web site. The cloning is so clever that human eye will not
be able to distinguish between the real (Citibank's) and fake (attacker's) sites now.
The attacker sends an email to the legitimate customers of the bank. The email itself appears to
come from the bank. For ensuring this, the attacker exploits the email system to suggest that the
sender of the email is some bank official (e.g. [email protected]).
● This fake email warns the user that there has been some sort of attack on the Citibank's computer
systems and that the bank wants to issue new passwords to all its customers or verify their existing
PINs, etc. For this purpose, the customer is asked to visit a URL mentioned in the same email.
● When the customer (i.e. the victim) innocently clicks on the URL specified in the email, she is taken
to the attacker's site and not the bank's original site. There, the customer
is prompted to enter confidential information, such as her password or PIN.
● Since the attacker's fake site looks exactly like the original bank site, the customer provides this
information. The attacker gladly accepts this information and displays a Thank you to the
unsuspecting victim. In the meanwhile, the attacker now uses the victim's password or PIN to access
the bank's real site and can perform any transaction as if he/she is the victim!
⮚ This attack was earlier known as DNS spoofing or DNS poisoning is now called as
pharming attack.
⮚ With the Domain Name System (DNS), people can identify Web sites with human- readable names
(such as www.yahoo.com) and computers can continue to treat them as IP addresses (such as
120.10.81.67).
⮚ For this, a special server computer called as a DNS server maintains the mappings between domain
names and the corresponding IP addresses. The DNS server could be located anywhere. Usually, it is
with the Internet Service Provider (ISP) of the users. Example: The DNS spoofing attack works as
follows.
● Suppose that there is a merchant (Bob), whose site's domainname is www.bob.com and the
IP address is 100.10.10.20. Therefore, the DNS entry forBob in all the DNS servers is
maintained as follows: www.bob.com 100.10.10.20
● The attacker (Trudy) manages to hack and replace the IP address of Bob with his own (say
100.20.20.20) in the DNS server maintained by the ISP of a user(say Alice). Therefore, the DNS
server maintained by the ISP of Alice now has the following entry: www.bob.com 100.20.20.20
● Thus, the contents of the hypothetical DNS table maintained by the ISP would be changed. A
hypothetical portion of this table (before and after the attack) is shown in Figure below.
● When Alice wants to communicate with Bob's site, her Web browser queries the DNS server
maintained by her ISP for Bob's IP address, providing it the domain name (i.e. www.bob.com). Alice
gets the replaced (i.e. Trudy's) IP address, which is 100.20.20.20.
● Now, Alice starts communicating with Trudy, believing that she is communicating with Bob! Such
attacks of DNS spoofing are quite common and cause a lot of havoc.