Chapter 3: Security Threats to

Computer Networks
Guide to Computer Network Security
Status of Computer Networks
In February, 2002, the Internet security
watch group CERT Coordination Center
disclosed that global networks including the
Internet, phone systems, and the electrical
power grid are vulnerable to attack because
of weakness in programming in a small but
key network component. The component, an
Abstract Syntax Notation One, or ASN.1, is a
communication protocol used widely in the
Simple Network Management Protocol
(SNMP).
Kizza - Guide to Computer Network Securi 2
ty
This is one example of what is
happening and will continue to
happen.
The number of threats is rising daily,
yet the time window to deal with them
is rapidly shrinking.
Hacker tools are becoming more
sophisticated and powerful. Currently
the average time between the point at
which a vulnerability is announced and
when it is actually deployed in the wild
is getting shorter and shorter.
Kizza - Guide to Computer Network Securi 3
ty
 Sources of Security Threats
Design Philosophy – “Work in progress” - the philosophy
was not based on clear blueprints, new developments
and additions came about as reactions to the shortfalls
and changing needs of a developing infrastructure. The
lack of a comprehensive blueprint and the demand-
driven design and development of protocols are causing
the ever present weak points and loopholes in the
underlying computer network infrastructure and
protocols.
– In addition to the philosophy, the developers of the network
infrastructure and protocols also followed a policy to create an
interface that is as user-friendly, efficient, and transparent as
possible so that all users of all education levels can use it
unaware of the working of the networks, and therefore, are not
concerned with the details.
– Making the interface this easy and far removed from the details,
though, has its own downside in that the user never cares about
and pays very little attention to the security of the system.
Kizza - Guide to Computer Network Securi 4
ty
Weaknesses in Network Infrastructure
and Communication Protocols
– The Internet is a packet network that works
by breaking data, to be transmitted into
small individually addressed packets that
are downloaded on the network’s mesh of
switching elements. Each individual packet
finds its way through the network with no
predetermined route and the packets are
reassembled to form the original message
by the receiving element.
– To work successfully, packet networks need
a strong trust relationship that must exist
among the transmitting elements.
Kizza - Guide to Computer Network Securi 5
ty
– As packets are di-assembled, transmitted, and re-
assembled, the security of each individual packet
and the intermediary transmitting elements must
be guaranteed. This is not always the case in the
current protocols of cyberspace. There are areas
where, through port scans, determined users
have managed to intrude, penetrate, fool, and
intercept the packets.
– The cardinal rule of a secure communication
protocol in a server is never to leave any port
open in the absence of a useful service. If no such
service is offered, its port should never be open
– In the initial communication between a client and
a server, the client addresses the server via a port
number in a process called a three-way
handshake.
Kizza - Guide to Computer Network Securi 6
ty
– The process begins by a client/host sending a TCP
segment with the synchronize (SYN) flag set, the
server/host responds with a segment that has the
acknowledge valid (ACK) and SYN flags set, and
the first host responds with a segment that has
only the ACK flag set. This exchange is shown in
Figure 3.1. The three-way handshake suffers from
a half-open socket problem when the server
trusts the client that originated the handshake
and leaves its port door open for further
communication from the client.
– As long as the half-open port remains open, an
intruder can enter the system because while one
port remains open, the server can still entertain
other three-way handshakes from other clients
that want to communicate with it.
Kizza - Guide to Computer Network Securi 7
ty
Rapid Growth of Cyberspace –
– There is always a security problem in numbers.
– At a reported current annual growth rate of 51%
over the past 2 years, this shows continued
strong exponential growth, with an estimated
growth of up to 1 billion hosts in a few years, if
the same growth rate is sustained.
– As more and more people join the Internet, more
and more people with dubious motives are also
drawn to the Internet.
– Statistics from the security company Symantec
show that Internet attack activity is currently
growing by about 64% per year. The same
statistics show that during the first 6 months of
2002, companies connected to the Internet were
attacked, on average, 32 times per week
compared to only 25 times per week in the last 6
months of 2001.Kizza - Guide to Computer Network Securi
ty
8
The Growth of the Hacker Community
– the number one contributor to the
security threat of computer and
telecommunication networks more than
anything else is the growth of the hacker
community.
– Hackers have managed to bring this
threat into news headlines and people’s
living rooms through the ever increasing
and sometimes devastating attacks on
computer and telecommunication systems
using viruses, worms, and distributed
denial of services. The Big “Bungs” (1988
through 2003):
Kizza - Guide to Computer Network Securi
ty
9
The Internet Worm - On November 2, 1988 Robert T.
Morris, Jr., a Computer Science graduate student at Cornell
University, using a computer at MIT, released what he
thought was a benign experimental, self-replicating, and
self-propagating program on the MIT computer network.
Michelangelo Virus - 1991. The virus affected only PCs
running MS-DOS 2.xx and higher. Although it
overwhelmingly affected PCs running DOS operating
systems, it also affected PCs running other operating
systems such as UNIX, OS/2, and Novell
Melissa Virus -1999 It affected the global network of
computers via a combination of Microsoft's Outlook and
Word programs, takes advantage of Word documents to act
as surrogates and the users' e-mail address book entries to
propagate it.
The Y2K Bug
The Goodtimes E-mail Virus - was a humorous and a
chain e-mail virus annoying every one in its path because of
the huge amount of “email virus alerts” it generated. Its
humor was embedded in prose.
Kizza - Guide to Computer Network Securi 10
ty
Distributed Denial-of-Service (DDoS) – 2000.
Was created by a 16-year-old Canadian hacker
nicknamed “Mafiaboy” Using the Internet’s
infrastructure weaknesses and tools he
unleashed a barrage of remotely coordinated blitz
of 1-gigabits-per-second IP packet requests
from selected, sometimes unsuspecting victim
servers which , in a coordinated fashion,
bombarded and flooded and eventually
overcame and knocked out servers at Yahoo
eBay, Amazon, Buy.com, ZDNet, CNN, E*Trade,
and MSN.
Love Bug Virus - 2000- By Onel de Guzman, a
dropout from a computer college in Manila, The
Philippines.
Anna Kournikova virus – 2001 – named after
Anna Kournikova, the Russian tennis star. Hit
global computer networks hard.
Kizza - Guide to Computer Network Securi 11
ty
Vulnerability in Operating System
Protocol -
– This an area that offers the greatest security
threat to global computer systems
– An operating system plays a vital role not
only in the smooth running of the computer
system in controlling and providing vital
services, but it also plays a crucial role in the
security of the system in providing access to
vital system resources.
– A vulnerable operating system can allow an
attacker to take over a computer system
and do anything that any authorized super
user can do, such as changing files, installing
and running software, or reformatting the
hard drive.
Kizza - Guide to Computer Network Securi 12
ty
The Invisible Security Threat -The Insider
Effect
– Research data from many reputable agencies
consistently show that the greatest threat to
security in any enterprise is the guy down the
hall.
Social Engineering –
– An array of methods an intruder such as a
hacker, both from within or outside the
organization, uses to gain system
authorization through masquerading as an
authorized user of the network. Social
engineering can be carried out using a variety
of methods, including physically
Kizza - Guide to Computer Network Securi 13
ty
Physical Theft
– As the demand for information by businesses to stay
competitive and nations to remain strong heats up,
laptop computer and PDA theft is on the rise.
– There is a whole list of incidents involving laptop
computer theft such as the reported disappearance
of a laptop used to log incidents of covert nuclear
proliferation from a sixth-floor room in the
headquarters of the U.S. State Department in
January, 2000. In March of the same year, a British
accountant working for the MI5, a British national
spy agency, had his laptop computer snatched
from between his legs while waiting for a train at
London's Paddington Station.
– And according to the computer-insurance firm
Safeware, some 319,000 laptops were stolen in
1999, at a total cost of more than $800 million for
the hardware alone [7]. Thousands of company
executive laptops and PDA disappear every year
with years of company secrets.
Kizza - Guide to Computer Network Securi 14
ty
 Security Threat Motives
Terrorism -
– Our increasing dependence on computers and
computer communication has opened up the can of
worms, we now know as electronic terrorism.
– Electronic terrorism is used to attack military
installations, banking, and many other targets of
interest based on politics, religion, and probably hate.
– Those who are using this new brand of terrorism are a
new breed of hackers, who no longer hold the view
of cracking systems as an intellectual exercise but as
a way of gaining from the action.
– The “new” hacker is a cracker who knows and is
aware of the value of information that he/she is
trying to obtain or compromise. But cyber-terrorism is
not only about obtaining information; it is also about
instilling fear and doubt and compromising the
integrity of the data.
Kizza - Guide to Computer Network Securi 15
ty
Military Espionage
For generations countries have been competing
for supremacy of one form or another. During
the Cold War, countries competed for military
spheres. After it ended, the espionage turf
changed from military aim to gaining access to
highly classified commercial information that
would not only let them know what other
countries are doing but also might give them
either a military or commercial advantage
without their spending a great deal of money
on the effort..
Our high dependency on computers in the
national military and commercial establishments
has given espionage a new fertile ground.
Electronic espionage has many advantages
over its old-fashion, trench-coated, sun-
glassed, and gloved Hitchcock-style cousin.
Kizza - Guide to Computer Network Securi 16
ty
Economic Espionage
– The end of the Cold War was supposed to bring to
an end spirited and intensive military espionage.
However, in the wake of the end of the Cold War,
the United States, as a leading military, economic,
and information superpower, found itself a
constant target of another kind of espionage,
economic espionage.
– In its pure form, economic espionage targets
economic trade secrets which, according to the
1996 U.S. Economic Espionage Act, are defined as
all forms and types of financial, business,
scientific, technical, economic, or engineering
information and all types of intellectual property
including patterns, plans, compilations, program
devices, formulas, designs, prototypes, methods,
techniques, processes, procedures, programs,
and/or codes, whether tangible or not, stored or
not, compiled orKizza -not.
ty
Guide to Computer Network Securi 17
Targeting the National Information
Infrastructure
– The threat may be foreign power-
sponsored or foreign power-coordinated
directed at a target country, corporation,
establishments, or persons.
– It may target specific facilities,
personnel, information, or computer,
cable, satellite, or telecommunications
systems that are associated with the
National Information Infrastructure.

Kizza - Guide to Computer Network Securi 18

ty
– Activities may include:
Denial or disruption of computer, cable, satellite,
or telecommunications services;
Unauthorized monitoring of computer, cable,
satellite, or telecommunications systems;
Unauthorized disclosure of proprietary or
classified information stored within or
communicated through computer, cable, satellite,
or telecommunications systems;
Unauthorized modification or destruction of
computer programming codes, computer network
databases, stored information or computer
capabilities; or
Manipulation of computer, cable, satellite, or
telecommunications services resulting in fraud,
financial loss, or other federal criminal violations.
Kizza - Guide to Computer Network Securi
Kizza - Guide to Computer Network Securi 19
19
ty
Vendetta/Revenge
Hate (National Origin, Gender, and
Race)
Notoriety
Greed
Ignorance

Kizza - Guide to Computer Network Securi 20

ty
 Security Threat Management
Security threat management is a technique
used to monitor an organization’s critical
security systems in real-time to review reports
from the monitoring sensors such as the
intrusion detection systems, firewall, and other
scanning sensors.
These reviews help to reduce false positives
from the sensors, develop quick response
techniques for threat containment and
assessment, correlate and escalate false
positives across multiple sensors or platforms,
and develop intuitive analytical, forensic, and
management reports Ignorance
Kizza - Guide to Computer Network Securi
ty
21
Risk Assessment
– Even if there are several security threats all targeting the
same resource, each threat will cause a different risk and
each will need a different risk assessment.
– Some will have low risk while others will have the opposite. It
is important for the response team to study the risks as
sensor data come in and decide which threat to deal with
first.
Forensic Analysis
– Forensic analysis is done after a threat has been identified
and contained. After containment the response team can
launch the forensic analysis tools to interact with the
dynamic report displays that have come from the sensors
during the duration of the threat or attack, if the threat
results in an attack.
– The data on which forensic analysis is to be put must be kept
in a secure state to preserve the evidence. It must be stored
and transferred, if this is needed, with the greatest care, and
the analysis must be done with the utmost professionalism
possible if the results of the forensic analysis are to stand in
court. Kizza - Guide to Computer Network Securi 22
ty
 Security Threat Awareness
Security threat awareness is meant to bring widespread and
massive attention of the population to the security threat.
Once people come to know of the threat, it is hoped that they
will become more careful, more alert, and more responsible in
what they do.
They are also more likely to follow security guidelines.
A good example of how massive awareness can be planned
and brought about is the efforts of the new U.S. Department
of Homeland Security. The department was formed after the
September 11, 2001 attack on the United States to bring
maximum national awareness to the security problems facing
not only the country but also every individual. The idea is to
make everyone proactive to security. Figure 3.5 shows some
of the efforts of the Department of Homeland Security for
massive security awareness.

Kizza - Guide to Computer Network Securi 23

ty