IAS 2 • Unauthorized Access: Access without permission by

a rightful owner of devices or networks.

Types of Security
➢ Computer Security: A generic term for the collection
of tools designed to protect data and thwart hackers.
➢ Network Security: Measures to protect data during
transmission.
➢ Internet Security: Measures to protect data during
transmission over interconnected networks.
Goals of Security (CIA)
✓ Confidentiality: Prevents unauthorized use or
disclosure of information.
✓ Integrity: Safeguards the accuracy and completeness
of information.
✓ Availability: Ensures authorized users have reliable
and timely access to information.
Terminology
Access Control: Ability to permit or deny the use of an object
by a subject. It provides three essential services:
• Impersonation, Worms, Viruses.
Risk Management vs. Cost of Security
▪ Risk Mitigation: The process of selecting appropriate
controls to reduce risk to an acceptable level.
▪ Level of Acceptable Risk: Determined by comparing
the risk of security hole exposure to the cost of
implementing and enforcing security policy.
▪ Assess the cost of certain losses and avoid spending
more to protect something than it is worth.
▪
Attack Sources
• Active vs. Passive:
o Active: Writing data to the network, often
disguising one’s address.
o Passive: Reading data on the network,
breaching confidentiality.
• On-Path vs. Off-Path:

❖ Identification and Authentication: Who can log in. o On-Path: Routers can read, modify, or remove
❖ Authorization: What authorized users can do. any transmitted datagram.
❖ Accountability: Identifies what a user did. o Off-Path: Hosts can send datagrams appearing
to come from other hosts but cannot receive
AAA datagrams meant for them.
• Insider vs. Outsider: Definition of perimeter/border.
Authentication
Authorization • Deliberate Attack vs. Unintentional Event:
Accountability Configuration errors and software bugs can be as
harmful as deliberate attacks.
Authentication - Validating a claimed identity of an end user
or a device (e.g., host, server, switch, router). Must differentiate Security Aims
between user, device, or application authentication.
✓ Controlling data/network access.
Authorization - Granting access rights to a user, groups of ✓ Preventing intrusions.
users, system, or program, typically done in conjunction with ✓ Responding to incidents.
authentication. ✓ Ensuring network availability.
✓ Protecting information in transit.
Non-Repudiation - A property of a cryptographic system Security Services
preventing a sender from denying later that they sent a
message or performed a certain action. ❖ Authentication
❖ Authorization
Audit - A chronological record of system activities enabling the ❖ Access Control
reconstruction and examination of a sequence of events. ❖ Data Integrity
❖ Data Confidentiality
Vulnerability - A weakness in security procedures, network ❖ Auditing/Logging
design, or implementation that can be exploited to violate a ❖ DoS Mitigation
corporate security policy, such as:
Layer 2 Attacks
✓ Software bugs
✓ Configuration mistakes ▪ ARP Spoofing
✓ Network design flaws ▪ MAC Attacks
▪ DHCP Attacks
Exploit - Taking advantage of a vulnerability. ▪ VLAN Hopping
Risk - The possibility that a vulnerability will be exploited. MAC Flooding
✓ Risk Analysis: The process of identifying security Exploits the limitation of switches – fixed CAM table
risks, determining their impact, and identifying areas size.
requiring protection. CAM (Content Addressable Memory): Stores
Threat - Any circumstance or event with the potential to cause mapping of individual MAC addresses to physical
harm to a networked system, such as: ports on the switch.

• Denial of Service (DoS): Attacks that make VLAN Hopping

resources unavailable to intended users.
• An attack on a network with multiple VLANs.
 • Two Primary Methods:
o Switch Spoofing: Attacker initiates a trunking
switch.
o Double Tagging: Packet is tagged twice.
DHCP Attacks
➢ DHCP Starvation Attack: Broadcasting numerous
DHCP requests with spoofed MAC addresses
simultaneously.
➢ Rogue DHCP Server Attacks.
Layer 3 Attacks
• ICMP Ping Flood
• ICMP Smurf
• Ping of Death
TCP Attacks
• SYN Flood: An attacker sends SYN requests in
succession, causing the host to retain bogus half-
connections, exhausting resources for new legitimate
connections.
Routing Attacks
➢ Attempt to poison routing information.
➢ Distance Vector Routing: Announces zero distance
to all nodes, causing blackhole traffic and
eavesdropping.
➢ Link State Routing: Can randomly drop links or claim
direct links to other routers.
➢ BGP Attacks: ASes can announce arbitrary prefixes
or alter paths.
Application Layer Attacks
▪ Applications that don’t authenticate properly.
▪ Authentication Information in Clear: Vulnerabilities
in protocols like FTP, Telnet, and POP.
▪ DNS Insecurity: Includes DNS poisoning and DNS
zone transfer.
Common Types of Application Layer Attacks
❖ Scripting vulnerabilities
❖ Cookie poisoning
❖ Buffer overflow
❖ Hidden field manipulation
❖ Parameter tampering
❖ Cross-Site Scripting (XSS)
❖ SQL Injection
Server-Side Scripting
• Programs executed on the server rather than the
user's browser (e.g., ASP.NET, PHP, mod_perl, CGI,
Ruby, Python).
• Benefits: Cross-platform, no plugin required.
• Disadvantages: Dynamic scripts create security
concerns, exploiting code flaws.
Cross-Site Scripting (XSS)
➢ Enables attackers to inject scripts into webpages
viewed by others.
➢ Types:
o Persistent XSS: More devastating.
o Non-persistent XSS: More common.
o Example: BeEF (Browser Exploitation
Framework).
SQL Injection - A subset of unverified user input vulnerability
that injects malicious code into SQL queries, executed when
passed to the SQL server.
DNS Cache Poisoning - Caching incorrect resource records
from unauthorized sources, redirecting connections (web,
email, network) to a target controlled by the attacker.
Common Types of Attacks
❖ Man-in-the-Middle Attack: Intercepts messages
intended for a valid device.
❖ Ping sweeps and port scans.
❖ Hijacking and Spoofing: Setting up a fake device to
trick others into sending messages.
❖ Sniffing: Capturing packets as they travel through the
network.
❖ DoS and DDoS.
Wireless Attacks
WEP: The first security mechanism for 802.11
wireless networks, vulnerable to "FMS attacks"
discovered by Fluhrer, Mantin, and Shamir.
Man-in-the-Middle Attacks (Wireless) - Creates a fake
access point for clients to authenticate, capturing traffic to see
usernames, passwords, etc., sent in clear text.
Cryptography - Has evolved into a complex science in the
field of information security.
What is Cryptography?
Part of a field of study known as cryptology, which includes:
▪ Cryptography: Study of methods for secret writing,
transforming messages into unintelligible form, and
recovering messages using some secret knowledge
(key).
▪ Cryptanalysis: Analysis of cryptographic systems,
inputs, and outputs to derive confidential information.
Key Concepts in Cryptography
✓ Encryption: Process of transforming plaintext to
ciphertext using a cryptographic key.
✓ Symmetric Key Cryptography: Uses a single key for
both encryption and decryption (also known as private
key).
✓ Asymmetric Key Cryptography: Uses separate keys
for encryption and decryption (public and private key
pairs).
✓
Terminology of Cryptography
• Cipher: Cryptographic technique (algorithm) applying
a secret transformation to messages.
• Plaintext/Cleartext: Original message or data.
• Ciphertext: Unintelligible encrypted plaintext.
 • Decryption: Transforming ciphertext back into original
plaintext.
• Cryptographic Key: Secret knowledge used by a
cipher to encrypt or decrypt a message.
Symmetric Key Algorithm
➢ Stream Ciphers: Encrypt bits of the message one at
a time.
➢ Block Ciphers: Takes a block of bits and encrypts
them as a single unit.
Digital Signatures - Sender encrypts the message with their
own private key instead of the intended receiver’s public key.
Message Digests - Produces a condensed representation of a
message (hashing).
Secret Key Algorithms
• DES (Data Encryption Standard):
o Block cipher using shared key encryption
(56-bit).
o Developed by IBM for the US government in
1973-1974, approved in Nov 1976.
o Block size: 64 bits.
• 3DES (Triple DES):
o Applies DES three times to each data block
using a key bundle (K1, K2, K3) of 56 bits
each (excluding parity).
o Disadvantage: Very slow.
• AES (Advanced Encryption Standard):
o Published in November 2001 as a
replacement for DES.
o Symmetric block cipher with a fixed block
size of 128 bits and key sizes of 128, 192, or
256 bits.
o Based on Rijndael cipher developed by Joan
Daemen and Vincent Rijmen.
Hash Functions - A hash function takes an input message of
arbitrary length and outputs a fixed-length code, called the
hash or message digest.
Uses of Hashing
o Verifying file integrity: If the hash changes, the data is
either compromised or altered in transit.
o Digitally signing documents.
o Hashing passwords.
Common Hash Functions
❖ MD5: Outputs a 128-bit fingerprint of an arbitrary-
length input.
❖ SHA-1: Outputs a 160-bit message digest, widely
used in security applications (TLS, SSL, PGP, SSH,
S/MIME, IPsec).
Diffie-Hellman
Protocol: Requires both sender and recipient to have
key pairs.
By combining one’s private key and the other’s public
key, both parties can compute the same shared secret
number.
DH Man-in-the-Middle Attack - Diffie-Hellman is subject to a
man-in-the-middle attack. Digital signatures of the ‘public
values’ can enable each party to verify the authenticity of the
generated value.
Trusted Network
• Standard defensive-oriented technologies:
o Firewall
o Intrusion Detection
• Build trust on top of the TCP/IP infrastructure:
o Strong authentication
o Public Key Infrastructure (PKI)
Strong Authentication
• An absolute requirement involving:
o Two-factor authentication (something you
know and something you have).
• Examples: Passwords, Tokens, Tickets, Restricted
access, PINs, Biometrics, Certificates
Public Key Infrastructure (PKI)
• A framework that builds the network of trust.
• Combines public key cryptography and digital
signatures to ensure:
o Confidentiality
o Integrity
o Authentication
o Non-repudiation
o Access control
• Protects applications that require a high level of
security.
PKI Components
➢ Certificate Authority (CA): A trusted third party.
➢ Registration Authority (RA): Binds keys to users.
➢ Validation Authority (VA): Validates user identities.
Digital Certificates
✓ Basic element of PKI; secure credential that identifies
the owner (also called a public key certificate).
✓ Addresses binding a public key to an entity, which is
crucial for eCommerce.
Components of a Digital Certificate
• User’s public key.
• User’s ID.
• Additional information (e.g., validity period).
• Examples: X.509 (standard), PGP (Pretty Good
Privacy).
X.509
➢ An ITU-T standard for a public key infrastructure for
single sign-on and Privilege Management
Infrastructure (PMI).
➢ Assumes a strict hierarchical system of Certificate
Authorities (CAs).