Unit - 1
Unit - 1
Information Security
Information security defines protecting information and information
systems from unauthorized access, use, acknowledgment, disruption,
alteration or destruction. Governments, military, financial institutions,
hospitals, and private businesses amass a big deal of confidential data
about their employees, users, products, research and monetary status.
The need for Information security:
Information security is essential for protecting sensitive and valuable data
from unauthorized access, use, disclosure, disruption, modification, or
destruction. Here are some of the key reasons why information security is
important:
Protecting Confidential Information
Protecting Customer Trust
Preventing Cyber-attacks
Protecting Employee Information
Maintaining Business Continuity
• Protecting Confidential Information: Confidential information, such as personal data,
financial records, trade secrets, and intellectual property, must be kept secure to
prevent it from falling into the wrong hands. This type of information is valuable and
can be used for identity theft, fraud, or other malicious purposes.
• Protecting Customer Trust: Customers expect organizations to keep their data safe
and secure. Breaches or data leaks can erode customer trust, leading to a loss of
business and damage to the organization’s reputation.
• Preventing Cyber-attacks: Cyber-attacks, such as viruses, malware, phishing, and
ransomware, are becoming increasingly sophisticated and frequent. Information
security helps prevent these attacks and minimizes their impact if they do occur.
• Protecting Employee Information: Organizations also have a responsibility to protect
employee data, such as payroll records, health information, and personal details. This
information is often targeted by cybercriminals, and its theft can lead to identity theft
and financial fraud.
• Maintaining Business Continuity: Information security helps ensure that critical
business operations can continue in the event of a disaster, such as a cyber-attack or
natural disaster. Without proper security measures in place, an organization’s data and
systems could be compromised, leading to significant downtime and lost revenue.
Basic Security Terminologies
Hardware Vulnerability:
A hardware vulnerability is a weakness which can used to attack the system
hardware through physically or remotely.
Old version of systems or devices
Unprotected storage
Unencrypted devices, etc.
Software Vulnerability:
A software error happen in development or configuration such as the execution
of it can violate the security policy. For examples:
Lack of input validation
Unverified uploads
Cross-site scripting
Unencrypted data, etc.
Network Vulnerability:
A weakness happen in network which can be hardware or software.
Unprotected communication
Malware or malicious software (e.g. Viruses, Key loggers, Worms, etc.)
Social engineering attacks
Misconfigured firewalls
Exploit
An exploit is a program, or piece of code, designed to find and take advantage of a security flaw
or vulnerability in an application or computer system, typically for malicious purposes such as
installing malware. An exploit is not malware itself, but rather it is a method used by
cybercriminals to deliver malware.
Basic Principal of Information Security(CIA)
In network security, the CIA triad is one of the most important models
which is designed to guide policies for information security within an
organization.
C-Confidentiality
I- Integrity
A-Availability
Authentication
Non-Repudiation
Confidentiality: Confidentiality refers to protecting sensitive information from
unauthorized access or disclosure. This involves keeping confidential data
secure and accessible only to those who are authorized to access it.
Example
methods used to ensure confidentiality is requiring an account number or
routing number when banking online. Data encryption is another common
method of ensuring confidentiality.
Availability
This means that the network should be readily available to its users. This
applies to systems and to data. To ensure availability, the network
administrator should maintain hardware, make regular upgrades, have a plan
for fail-over, and prevent bottlenecks in a network.
Example
The ATM and bank software enforce data integrity by ensuring that any
transfers or withdrawals made via the machine are reflected in the
accounting for the user’s bank account
The machine provides availability because it’s in a public place and is
accessible even when the bank branch is closed
Integrity: Integrity refers to the accuracy and completeness of
information and the prevention of unauthorized or accidental
modification of data. This ensures that data is not tampered with and
remains trustworthy.
Example − Customers who shop online demand precise product and
price information, as well as the assurance that quantity, pricing,
availability, and other details will not change after they make an order
Authentication: Authentication is a crucial aspect of the principle of Information
Security and is used to verify the identity of individuals or systems attempting to
access sensitive information or systems. It is a process of verifying that a person
or system is who or what it claims to be. Authentication is a critical component
of Confidentiality and Availability as it helps prevent unauthorized access to
sensitive information and systems.
There are three basic types of authentication.
The first is knowledge-based — something like a password or PIN code that only
the identified user would know.
The second is property-based, meaning the user possesses an access card, key,
key fob or authorized device unique to them.
The third is biologically based. This type of authentication might be a physical
trait like a user’s fingerprint or retinal pattern. It could also be a behavioral
process unique to each user, like their voiceprints or keystroke dynamics.
Non-Repudiation: Non-repudiation is a principle of Information
Security that refers to the ability to prove that an action or
transaction took place and that it was performed by a specific
individual or system. The term “non-repudiation” implies that an
action or transaction cannot be denied by the individual or system
that performed it.
Example: Notary, Forensic Science
Security attacks and their classifications:
Passive
Security
Attacks
Active
Passive Attack A Passive attack attempts to learn or make use of
information from the system but does not affect system resources.
Passive Attacks are in the nature of eavesdropping on or monitoring
transmission.
The release of
message
content
Passive Attack
Traffic analysis
The release of message content –
Telephonic conversation, an electronic mail message, or a transferred file may
contain sensitive or confidential information. We would like to prevent an
opponent from learning the contents of these transmissions.
Traffic analysis
Suppose that we had a way of masking (encryption) information, so that the
attacker even if captured the message could not extract any information from the
message.
The opponent could determine the location and identity of communicating host
and could observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of the communication that was
taking place.
Active Attacks An active attack attempts to alter system resources or affect their
operations. It is a type of attack in which an attacker attempts to alter, destroy, or
disrupt the normal operation of a system or network.
Masquerade
Modification of messages
Replay
Denial of Service
Masquarde
Masquerade is a type of cyber security attack in which an attacker pretends to
be someone else in order to gain access to systems or data. This can involve
impersonating a legitimate user or system to trick other users or systems into
providing sensitive information or granting access to restricted areas.
There are several types of masquerade attacks, including:
Username and password masquerade
IP address masquerade
Website masquerade
Email masquerade
Modification of messages –
It means that some portion of a message is altered or that message is delayed or
reordered to produce an unauthorized effect. Modification is an attack on the
integrity of the original data. It basically means that unauthorized parties not
only gain access to data but also spoof the data by triggering denial-of-service
attacks, such as altering transmitted data packets or flooding the network with
fake data. Manufacturing is an attack on authentication.
Repudiation –
Repudiation attacks are a type of cyber security attack in which an attacker
attempts to deny or repudiate actions that they have taken, such as making a
transaction or sending a message. These attacks can be a serious problem because
they can make it difficult to track down the source of the attack or determine who
is responsible for a particular action.
Replay –
It involves the passive capture of a message and its subsequent transmission to
produce an authorized effect. In this attack, the basic aim of the attacker is to
save a copy of the data originally present on that particular network and later on
use this data for personal uses. Once the data is corrupted or leaked it is insecure
and unsafe for the users.
Denial of Service –
Denial of Service (DoS) is a type of cybersecurity attack that is designed to make a
system or network unavailable to its intended users by overwhelming it with traffic
or requests. In a DoS attack, an attacker floods a target system or network with
traffic or requests in order to consume its resources, such as bandwidth, CPU
cycles, or memory, and prevent legitimate users from accessing it.
To prevent DoS attacks, organizations can implement several measures, such as:
1.Using firewalls and intrusion detection systems to monitor network traffic and block
suspicious activity.
3.Using load balancers and distributed systems to distribute traffic across multiple servers
or networks.
4.Implementing network segmentation and access controls to limit the impact of a DoS
attack.
BASIS FOR COMPARISON ACTIVE ATTACK PASSIVE ATTACK
Basic Active attack tries to change Passive attack tries to read or
the system resources or affect make use of information from
their operation. the system but does not
influence system resources.
Modification in the information Occurs does not take place
Harm to the system Always causes damage to the Do not cause any harm.
system.
Threat to Integrity and availability Confidentiality
Attack awareness The entity (victim) gets The entity is unaware of the
informed about the attack. attack.
Task performed by the attacker The transmission is captured by Just need to observe the
physically controlling the transmission.
portion of a link.
Prime numbers are used in cryptography because they are difficult to factorize. This means that it is difficult to find
the prime factors of a composite number without knowing the factors to begin with. This makes it difficult for
someone to intercept a message and read it without the proper key.
Relative Prime Number
• Two integers are relatively prime or Coprime when there are no common factors
other than 1. This means that no other integer could divide both numbers
evenly. Two integers a,b are called relatively prime to each other if gcd(a,b)=1
Modular arithmetic
Modular arithmetic is the branch of arithmetic mathematics related with the
“mod” functionality. Basically, modular arithmetic is related with computation of
“mod” of expressions. Expressions may have digits and computational symbols of
addition, subtraction, multiplication, division or any other.
Primitive Roots
One way function