Internet Security

Network and Internet Security

 Introduction
• What is Information Security?
Information Security is simply the
process of keeping information secure:
protecting its availability, integrity, and
Confidentiality / privacy
 Confidentiality
• Computer related assets are only available to
authorized parties. Only those that should have access
to something will actually get that access.

– Access isn't limited to reading. But also to viewing, printing

– Simply even knowing that the particular asset exists

• Straight forward concept but very hard to implement.

 Integrity
•Can mean many things; Something has integrity if it is:
• Precise
• Accurate
• Unmodified
• Consistent
• Meaningful and usable
• Three important aspects towards providing computer
related integrity:
– Authorized actions
– Separation and protection of resources
– Error detection and correction.
 Availability
– There is a timely response to our requests

– There is a fair allocation of resources (no starvation)

– Service can be used easily and in the manner it was

intended to be used.

– Controlled concurrency, support for simultaneous

access with proper deadlock and access management.
Email and Document Security
 Phishing Email
• Information asked for in a phishing email may
• include:
– Username, userid, email id, email identity
– Password
– ID number
– Birthday
• Or there may just be a link to click on that
takes you to an official looking web site to
enter information.
 Attachments
• Computer viruses and other malicious
software are often spread through email
attachments.
• Don’t open email attachments unless you
know whom it is from and you were
expecting it.
• Attachments with suspicious or unknown
file extensions (e.g., .exe, .vbs, .bin, .com,
.pif, or .zzx)
 Spam
• Spam is anonymous, unsolicited junk email sent
indiscriminately to huge numbers of recipients.
• What for?
– Advertising goods and services
– Quasi-charity appeals
– Financial scams
– Chain letters
– Phishing attempts
– Spread malware and viruses
 How spammers find our addresses?

• From posts to UseNet with your

email address
• From mailing lists
• From web pages
• From various web forms
Web Security
 Background
• Many sensitive tasks are done through web
– Online banking, online shopping
– Database access
– System administration

• Web applications and web users are targets of

many attacks
– Cross site scripting
– SQL injection
– Cross site request forgery
– Information leakage
– Session hijacking
 Web Security Issues
• Secure communications between client & server
– HTTPS (HTTP over SSL)
• User authentication & session management
– Cookies & other methods
• Active contents from different websites
– Protecting resources maintained by browsers
• Web application security
• Web site authentication (e.g., anti-phishing)
• Privacy concerns
 Cookies
• Stored by the browser
• Used by the web applications
– used for authenticating, tracking, and maintaining
specific information about users
• e.g., site preferences, contents of shopping carts
– data may be sensitive
– may be used to gather information about specific users

• Cookie ownership
– Once a cookie is saved on your computer, only the
website that created the cookie can read it
 Client Side Scripting
• Web pages (HTML) can embed dynamic contents
(code) that can executed on the browser

• JavaScript
– embedded in web pages and executed inside browser
• VBScript
– similar to JavaScript, only for Windows
• Java applets
– small pieces of Java bytecodes that execute in browsers
Firewall Architecture
 Firewall
• An internetwork gateway that restricts data
communication traffic to and from one of the
connected networks and thus protects that
network's system resources against threats
from the other network
Intrusion Detection System - IDS
 What is IDS?
• An intrusion detection system (IDS)
inspects all inbound and outbound
network activity and identifies
suspicious patterns that may indicate a
network or system attack from someone
attempting to break into or compromise
a system.
Physical Security
 Physical Access
• Physical access negates all other security
measures.
• Physical access allows an attacker to plug into
an open Ethernet jack.
– Hand-held devices that run operating systems
with full networking support make this attack
feasible.
 Electronic Access Control
• Electronic access control systems manage
opening and closing doors.
– A centralized system can instantly grant or refuse
access.
– The system works with a software package
running on a computer.
– It should not be on a network.
 Closed Circuit Television (CCTV)
• CCTVs can be very effective, but should be
implemented carefully.
• IP-based CCTVs should be on their own
network and accessed by security personnel
only.
 Biometrics
• Biometrics is the measurement of biological
factors for identifying a specific person.
– These factors are based upon parts of the human
body that are unique. When used for
authentication, a computer takes the image of the
factor and reduces it to a numeric value.
Biometrics
Computer Viruses and Worms
 Definition of Virus
• A virus is a small piece of software that
distract on real programs in order to get
executed which commonly known as a
malicious software.
• Once it’s running, it spreads by inserting
copies of itself into other executable code or
documents
Types of Computer Virus
•Time Bomb
•Logical Bomb
•Worm
•Boot Sector Virus
•Macros Virus
•Script Virus
•Trojan Horse
 Worm Virus
A worm is also a destructive
program that fills a computer
system with self-replicating
information, clogging the system so
that its operations are slowed
down or stopped
 Boot Sector Virus
A boot sector virus infects boot
sector of computers. During system
boot, boot sector virus is loaded
into main memory and destroys
data stored in hard disk
 Macro Virus
A macro virus is associated with
application software like word and
excel. When opening the infected
document, macro virus is loaded
into main memory and destroys the
data stored in hard disk
 Script Virus
Commonly found script viruses are
written using the Visual Basic
Scripting edition (VBS) and the
JavaScript programming languages
 Trojan Horse
Trojan Horse is a destructive
program. It usually pretends as
computer games or application
software. If executed, computer
system will be damaged.
 Time Bomb

A time bomb is a virus program

that performs an activity on a
particular date
 Logical Bomb

A logical bomb is a destructive

program that performs an activity
when a certain action has occurred.
 Distributed Denial of Service
• A denial-of-service attack is an attack that
causes a loss of service to users, typically the
loss of network connectivity and services by
consuming the bandwidth of the victim
network or overloading the computational
resources of the victim system.
 How it works?
• The flood of incoming messages to the target system
essentially forces it to shut down, thereby denying
service to the system to legitimate users.
• Victim's IP address.
• Victim's port number.
• Attacking packet size.
• Attacking interpacket delay.
• Duration of attack.
• MyDoom – SCO Group
DDoS
 Executable Viruses
• Traditional Viruses
• pieces of code attached to a legitimate
program
• run when the legitimate program gets
executed
• loads itself into memory and looks around to
see if it can find any other programs on the
disk
 Boot Sector Viruses
• Traditional Virus
• infect the boot sector on floppy disks and hard
disks
• By putting its code in the boot sector, a virus
can guarantee it gets executed
• load itself into memory immediately, and it is
able to run whenever the computer is on
 Decline of traditional viruses
• Reasons:
– Huge size of today’s programs storing on a
compact disk
– Operating systmes now protect the boot sector
 E-mail Viruses
• Moves around in e-mail messages
• Replicates itself by automatically mailing itself
to dozens of people in the victim’s e-mail
address book
• Example: Melissa virus, ILOVEYOU virus
 Melissa virus
• March 1999
• the Melissa virus was the fastest-spreading virus ever
seen
• Someone created the virus as a Word document
uploaded to an Internet newsgroup
• People who downloaded the document and opened
it would trigger the virus
• The virus would then send the document in an e-mail
message to the first 50 people in the person's
address book
Top 10 safe computing tips
• Patch, Patch, PATCH!
Set up your computer for automatic software and
operating system updates. An unpatched machine is
more likely to have software vulnerabilities that can be
exploited.

• Install protective software.

Sophos is available as a free download for Windows,
Mac, and Linux from IS&T's software grid. When
installed, the software should be set to scan your files
and update your virus definitions on a regular basis.
• Choose strong passwords.
Choose strong passwords with letters, numbers, and
special characters to create a mental image or an
acronym that is easy for you to remember. Create a
different password for each important account, and
change passwords regularly.

• Backups
Backing up your machine regularly can protect you
from the unexpected. Keep a few months' worth of
backups and make sure the files can be retrieved if
needed. Download and install CrashPlan and learn how
to back up your system.
• Control access to your machine.
Don't leave your computer in an unsecured area, or
unattended and logged on, especially in public places.
This includes Athena clusters and Quickstations. The
physical security of your machine is just as important
as its technical security.

• Use email and the internet safely.

Ignore unsolicited emails, and be wary of attachments,
links and forms in emails that come from people you
don't know, or which seem "phishy." Avoid
untrustworthy (often free) downloads from freeware
or shareware sites. Learn more about spam filtering.
• Use secure connections.
When connected to the internet, your data can
be vulnerable while in transit. Use remote
connectivity and secure file transfer options
when off campus.

• Protect sensitive data.

Reduce the risk of identity theft. Securely remove
sensitive data files from your hard drive, which is
also recommended when recycling or
repurposing your computer. Use the encryption
tools built into your operating system to protect
sensitive files you need to retain.
• Use desktop firewalls.
Macintosh and Windows computers have basic
desktop firewalls as part of their operating
systems. When set up properly, these firewalls
protect your computer files from being scanned.

• Most importantly, stay informed.

Stay current with the latest developments for
Windows, Mac, Linux, and Unix systems. IS&T
publishes a monthly Security FYI blog
post or subscribe to the IS&T Security-FYI
electronic newsletter.
Computer Hacking
 WHO IS A HACKER?
• The term hacker is used by MIT train enthusiasts
who hacked their train sets to change how they
work. Later, these same enthusiasts emerge as
the first computer hackers.

• A hacker can be anyone with a deep interest in

computer-based technology it does not
necessarily define someone who wants to do
harm.
 WHAT IS ATTACKER?
• The term attacker can be used to describe a
malicious hacker. Another term for an attacker
is a black hat. Security analysts are often
called white hats, and white-hat analysis is
the use of hacking for defensive purposes.
 FORMS OF ATTACKS
• Attacks on a company or organization's
computer systems take many different forms,
such as spoofing, smurfing, and other types of
Denial of Service (DoS) attacks.

• Attacks are mainly designed to harm or

interrupt the use of your operational systems.
 HACKING TRICKS
• For hacking tricks make use of
hacking tools that are used to test the security
of a network, pc etc.

• It can also be used to

recover lost information where the computer
password has been lost.
 COMPUTER HACKING METHODS OF ATTACK

• Of course attacks can involve far greater levels

of sophistication. Here are some of the more
common techniques used in password
cracking
1. Dictionary Attack
2. Hybrid Attack
3. Brute Force Attack
4. Internal Attack