Organization of the Course

Chapter 1 Introduction
Chapter 2 Computer Threat
Chapter 3 Cryptography
Chapter 4 Network security
Chapter 5 Administering Security
 Learning Objective

By the end of this course, students will be able to:

Pinpoint the basic concepts of information security, including
oSecurity attacks/threats, security vulnerabilities, security criteria, security
models, and security mechanisms

Identify malicious code,

o Type of malicious code, and suggestion to secure computer and
operating system.
3
 Cont…

Pinpoint the concepts, principles and practices related to

elementary cryptography, including
oplain-text, cipher-text, different techniques for crypto-analysis,
symmetric cryptography, asymmetric cryptography,

odigital signature, message authentication code, hash functions, and Public

key Infrastructure .

4
 Cont…

Describe threats to networks, and explain techniques for ensuring

network security, including
oSecuring network using different protocols, Firewalls, VPN, and
Intrusion Detection and prevention system.

Pinpoint basic concept of administering security such as

oSecurity Planning, Risk Analysis, Organizational Security Polices and
Physical Security
5
 Assessment

Assessment type Maximum mark

weight
Test 30%
Assignment 20%
Quiz 10%
Final Exam 40%
Total 100%
6
7
Outline

What is Information Security?

Security attack and its consequence
Vulnerabilities of security
Security criteria
Security attack types
Model for Network Security
History of Information security

8
 Objective

At the end of this chapter, the student will be able to:
o Define information security
o Distinguish different types of attacker
o Identify different information security vulnerability
o Describe different consequence of security breaches
o Describe different security requirement with respect to their attack
o Distinguish active and passive attack type
o Identify different attacks on TCP/IP layers
o Distinguish different attack countermeasures
o Describe security model
o Describe history of information security 9
 What is Information and security?
Information Security
Is an organized collection of  The quality or state of being secure-
processed data which gives the -to be free from danger”
complete sense.
 To be protected from adversaries
Information is a data that have been
shaped into a form that is meaningful ꬾ Information security is the protection of
and useful to human beings. information and its critical elements, from
modification, disruption, destruction,
It provides answers to who, what and inspection, and access by unauthorized
when questions. part

10
 Cont…

A rough classification of protection:

Prevention – taking measures that prevent your assets from being
damaged;

Detection– taking measures that allow you to detect when an asset has
been damaged, how it has been damaged, and who has caused the
damage;

Reaction– taking measures that allow you to recover your assets or to

recover from damage to your assets 11
 What is Security?...
Security is about
Threats (bad things that may happen, e.g. your money getting stolen)
Vulnerabilities (weaknesses in your defenses, e.g. your front door
being made of thin wood and glass)

Attacks (ways in which the threats may be actualized,

oe.g. a thief breaking through your weak front door while you and
the neighbors are on holiday)
12
 Attackers

Attackers are individuals or groups who attempt to exploit vulnerability for

personal or financial gain.

Attackers are interested in everything, from credit cards to product designs

and anything with value.
oAmateurs/Script Kiddies- attackers with little or no skill, often using
existing tools or instructions found on the Internet to launch attacks.

13
 Cont…
 Hackers – This breaks into computers or networks to gain
access for various reasons.
o White hat attackers break into networks or computer
systems to discover weaknesses in order to improve the
security of these systems.
o Gray hat attackers are somewhere between white and
black hat attackers. The gray hat attackers may find a
vulnerability and report it to the owners of the system if
that action coincides with their agenda.
o Black hat attackers are unethical criminals who violate
computer and network security for personal gain, or for
malicious reasons, such as attacking networks.

14
Cont…

15
 Cont.…
Organized Hackers-include organizations of cyber criminals,
hacktivists, terrorists, and state-sponsored hackers.
o Cyber criminals are usually groups of professional criminals focused on control,
power, and wealth

o Hacktivists make political statements to create awareness to issues that are important

to them.

o State sponsored attackers steal government secrets, gather intelligence, and sabotage
networks. Their targets are foreign governments, terrorist groups, and corporations.

Insiders-an internal user, such as an employee or contract partner

Cont…

17
 What are the vulnerabilities?

Software or Hardware defect

o Errors in the operating system or application code, buffer overflow
attacks, hardware design flaws.
Non-validated input
o data coming into the program could have malicious content
Weaknesses in security practices
o Not educating people
Access-control problems
o Many security vulnerabilities are created by the improper use of
access controls. 18
 What are the vulnerabilities?

Physical vulnerabilities
o (E.g. Computer can be stolen, Hard disks can be stolen)

Communication vulnerabilities (Ex. Wires can be tapped)

Human vulnerabilities (Eg. Insiders)
Poorly chosen passwords(eg. 123/ abc)

19
 Consequences…
Failure/End of service

Reduction of QoS, down to Denial of Service (DDoS)

Internal problems in the enterprise

Trust decrease from partners (client, providers, share-holders)

Technology leakage

Human consequences (personal data, sensitive data - medical,

insurances, …)
20
 Security Criteria(objective)
This will help us to
ounderstand the attacks better and
oThink about the possible solutions to tackle them.
Three fundamental objectives, namely:
oconfidentiality, integrity, and availability (CIA).
Other security requirement are:
o Authentication, Authorization, non- repudiation and etc.
21
 Confidentiality
Ensures that computer-related assets are accessed only by authorized parties.
Confidentiality is sometimes called secrecy or privacy.
Confidentiality gets compromised if an unauthorized person is able to access
a message.

Example of this could be a confidential email message sent by A to B, which

is accessed by C without the permission or knowledge of A and B.

This causes loss of message confidentiality.

22
 Integrity
It requires that messages should be modified or altered only by authorized
parties.
oModification includes writing, changing, deleting, and creating the message that is
supposed to be transmitted across the network.

Integrity guarantees that no modification, addition, or deletion is done to the

message;

The altering of message can be malicious or accidental.

23
 Cont…
For example, suppose you write a check for $100 to pay for the goods
bought from the US. However, when you see your next account
statement, you are startled to see that the check resulted in a payment of
$1000!

This is the case for loss of message integrity.

24
 Availability

Assets are accessible to authorized parties at appropriate times.

oIn other words, if some person or system has legitimate access to a
particular set of objects, that access should not be prevented.

For this reason, availability is sometimes known by its opposite, denial

of service.

For example, due to the intentional actions of an unauthorized user C,

an authorized user A may not be able to contact server computer B.

This would defeat the principle of availability. 25

 Security criteria...
Authentication
oIt means that correct identity is known to communicating parties.
oThis property ensures that the parties are genuine not impersonator.
 For instance, suppose that user C sends an electronic document over the
Internet to user B. However, the trouble is that user C had posed as user A
when she sent this document to user B. How would user B know that the
message has come from user C, who is posing as user A?

26
 Cont…
Authorization
oThis property gives access rights to different types of users.
 For example a network management can be performed by network administrator
only.
Non-repudiation:
oNon-repudiation is a mechanism to guarantee that the sender of a message cannot
later deny having sent the message and that the recipient cannot deny having
received the message.
For instance, user A could send a funds transfer request to bank B over the Internet. After
the bank performs the funds transfer as per A’s instructions, A could claim that she never
sent the funds transfer instruction to the bank! 27
Examples of threats

28
 Computer and Network Security
Attacks
Categories of Attacks based security criteria
oInterruption: An attack on availability
oInterception: An attack on confidentiality
oModification: An attack on integrity
oFabrication: An attack on authenticity

29
 Computer and Network Security Attacks…
• Categories of Attacks/Threats
Source

Destination
Normal flow of information
Attack

Interruption Interception

Modification Fabrication
30 30
 Security attack types
 The following criteria can also classify the attacks.
oPassive or active,
oInternal or external,
oAt different protocol layers.
Passive vs. active attacks
A passive attack attempt to learn or use the information without changing the
message's content and disrupting the communication's operation.

Active attack attempts to interrupt, modify, delete, or fabricate messages or

information, disrupting the network's normal operation. 31
 Passive Attacks
Passive attacks do not affect system resources
o The goal of the opponent is to obtain information that is being transmitted
Two types of passive attacks
o Release of message contents
oTraffic analysis
Passive attacks are very difficult to detect
o Message transmission apparently normal
oNo alteration of the data
 Emphasis on prevention rather than detection
• By means of encryption
32
 Passive Attacks (1)
Release of Message Contents

33
Passive Attacks (2)
Traffic Analysis

34
 Active Attacks
Active attacks try to alter system resources or affect their operation
oModification of data, or creation of false data
Four categories
oMasquerade of one entity as some other
oReplay previous message
oModification of messages
oDenial of service (DoS): preventing normal use
• A specific target or entire network
Difficult to prevent
oThe goal is to detect and recover
35
Active Attacks (1)
Masquerade

36
Active Attacks (2)
Replay

37
 Active Attacks (3)
Modification of Messages

38
Active Attacks (4)
Denial of Service

39
 Security attack type(Internal vs. External attacks)
External attacks are carried out by hosts that don’t belong to the network
domain, sometimes they are called outsiders.
o E.g. can cause congestion by sending false routing information thereby causing
unavailability of services.
In case of an internal attack, the malicious node from the network domain
gains unauthorized access, acts as a genuine node, and disrupts the normal
operation of nodes.
oThey are also known as insiders.
40
 Security attack type(Attacks on different layers of the
TCP/IP model)

The security attacks can also be classified as according to the TCP/IP

layers. Table shows the attack types at each layer.

41
 Common security attacks and their
countermeasures
Finding a way into the network
oFirewalls TCP hijacking
Exploiting software bugs, buffer oIPSec
overflows Packet sniffing
oIntrusion Detection Systems oEncryption (SSL, HTTPS)
Denial of Service Social problems
oaccess filtering, IDS
oEducation

42
Model for Network Security

43
 Model for Network Security…
 In considering the place of encryption, its useful to use the above model.
 Information being transferred from one party to another over an insecure communications
channel,
o In the presence of possible opponents.
 The two parties, who are the principals in this transaction, must cooperate for the exchange to
take place.
 They can use:
o an appropriate security transform (encryption algorithm),
o with suitable keys (secret information),
o possibly negotiated using the presence of a trusted third party.

44
 Model for Network Security…
Using this model requires to:
1. design a suitable algorithm for the security transformation

2. generate the secret information (keys) used by the algorithm

3. develop methods to distribute and share the secret information (key)

4. specify a protocol enabling the principals to use the transformation and secret
information for a security service

45
Model for Network Access Security…

Access control Antivirus/IDS

Firewalls/ proxy servers

46
 The History Of Information Security

Computer security began immediately after the first mainframes were

developed

Groups developing code-breaking computations during World War II

created the first modern computers

Physical controls were needed to limit access to authorized personnel to

sensitive military locations

Only rudimentary controls were available to defend against physical

theft, espionage, and sabotage 47
 The 1960s

Department of Defense’s Advanced Research Project

Agency (ARPA) began examining the feasibility of a
redundant networked communications

Larry Roberts developed the project from its inception(the

beginning)

48
 The 1970s and 80s

ARPANET grew in popularity as did its potential for misuse

Fundamental problems with ARPANET security were

identified
– No safety procedures for dial-up connections to the ARPANET

– User identification and authorization to the system were non-existent

In the late 1970s the microprocessor expanded computing

capabilities and security threats
49
 R-609 – The Start of the Study of Computer Security

Information Security began with Rand Report R-609

The scope of computer security grew from physical

security to include:
– Safety of the data

– Limiting unauthorized access to that data

– Involvement of personnel from multiple levels of the

organization
50
 The 1990s

Networks of computers became more common, so too did

the need to interconnect the networks

Resulted in the Internet, the first manifestation of a global

network of networks

In early Internet deployments, security was treated as a low

priority
51
 The Present

The Internet has brought millions of computer networks

into communication with each other – many of them
unsecured

Ability to secure each now influenced by the security on

every computer to which it is connected

52
 Exit Exam Question
1. Eavesdropping and packet sniffing are considered to be attacks of_____.
A. Confidentiality C. Integrity
B. Nonrepudiation D. Authentication
2. _________is threat of a Database, which can occur due to creation, insertion, updating,
changing the status of data, and deletion.
A. Loss of accountability C. Loss of confidentiality
B. Loss of integrity D. loss of availability
Assume: computer lab where students demands the administrator access to a window 11
system to install SQL server; but that right should not be given the student unless he/she is
member of an employee. Which principle of cyber security is considered here?
A. Fail-safe C. Open design
B. Least privilege D. Separation privilege
54