Network and Information Security(NIS)

Unit.1 Introduction to Computer and Information Security

C22620.a: Identify risks related to Computer security and

Information hazard in various Situations.

1.Foundations of Computer Security: Definition and Need of computer security.
2.Security Basics: Confidentiality, Integrity,Availability,Accountability,Non-
repudiation,Reliability and Information Security.

3.Risk and Threat Analysis: Assets,Vulnerability,Threats, Risks, Counter measures.

4. Threat to Security: Viruses, Phases of Viruses,Types of Viruses Viruses, Types of Virus

5.Dealing with Viruses, Worms,Trojan Horse,Intruders,Insiders.

6.Type of Attacks: Active and Passive attacks,Denial of Service, DDOS, Backdoors and
Trapdoors,
7.Sniffing, Spoofing,Man in the Middle,Replay,
8.TCP/IP Hacking,Encryption attacks.

9.Operating system security: Operating system updates: HotFix,

10.Patch, Service Pack.
11.Information, Need and Importance of Information,information classification,criteria for
information classification,
12.Security,need of security,Basics principles of Information security.
Computer Security
• Computer security is the protection of computer systems and information from
harm, theft, and unauthorized use.
• It is the process of preventing and detecting unauthorized use of your computer
system.
Types of Computer Security
1. Information security is securing information from unauthorized
access, modification & deletion
2. Application Security is securing an application by building security
features to prevent from Cyber Threats such as SQL injection, DoS
attacks, data breaches and etc.
3. Computer Security means securing a standalone machine by keeping it
updated and patched
4. Network Security is by securing both the software and hardware
technologies
5.Cybersecurity is defined as protecting computer systems, which
communicate over the computer networks
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
• The protection of data, networks and computing
power.
• The protection afforded to an automated information
system in order to: attain the applicable objectives of
preserving the integrity, availability and confidentiality
of information system resources (includes hardware,
software, firmware, information/data, and
telecommunications).
• Security is the protection of assets.

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Need for security
• We need to protect
– Our data
– Our ability to use our computers (denial of service attacks)
• We need to provide
– Confidentiality
– Integrity
– availability
– Authentication
– non-repudiation

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 CIA model for computer security
Confidentiality – restrict
access to authorized
individuals
Integrity – data has not been
altered in an unauthorized
manner
Availability – information
can be accessed and
modified by authorized
individuals in an appropriate
timeframe

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Confidentiality

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Integrity

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Authentication

Availability
The goal of availability s to ensure that the data, or
the system itself, is available for use when the
authorized user wants it.
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
 Accountability
It means, every individual who is working with an
information system should have specific
responsibilities for information assurance.

Non-repudiation
It is ability to verify that a message has been sent
and received are the same and that the sender can
be identified and verified. This type of requirement
is for online transaction

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Levels of Impact
• can define 3 levels of impact from a security breach
– Low
– Moderate
– High

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Computer Security Challenges
1. not simple
2. must consider potential attacks
3. procedures used counter-intuitive
4. involve algorithms and secret info
5. must decide where to deploy mechanisms
6. battle of wits between attacker / admin
7. not perceived on benefit until fails
8. requires regular monitoring
9. too often an after-thought
10. regarded as impediment to using system
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
Model for Network Security

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
Secured Communication Model

Alice Bob

DEPARTMENT OF COMPUTER ENGINEERIN

G Mrs.H.A.Shin
 Trusted Server
Example
o b) Pu
(B bK
mm
o b) (A
Co K (B lic
b e)
Pu
Alice Bob

Sign/ SignPrivK(Alice) (“Alice”)

Encrypt Decrypt
PrivK(Alice) SignPrivK(Bob) (“Bob”) Sign/ PrivK(Bob)
Decrypt
Encrypt
Gen Sess Key
EncPubK(Bob) (SessK)
Encrypt Decrypt
EncSessK(Message)
Encrypt DEPARTMENT OF COMPUTER ENGINEERIN Decrypt
G Mrs.H.A.Shin
• using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
Risk and Threat analysis

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Risk and Threat analysis
A+T+V=R
• An asset is what we’re trying to protect.
• A threat is what we’re trying to protect
against.
• A vulnerability is a weakness or gap in our
protection efforts.
• Risk is the intersection of assets, threats, and
vulnerabilities.
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
 Viruses
• A computer virus is a computer
program that can copy itself
and infect a computer without
permission or knowledge of
the user.
• “a program that replicates by
“infecting” other programs, so
that they contain a copy of the
virus”
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
 Types of Viruses
 Parasitic Viruses: It attaches itself to executable code and replicates
itself. Once it is infected it will find another program to infect.
 Memory resident viruses: lives in memory after its execution it
becomes a part of operating system or application and can
manipulate any file that is executed , copied or moved.
 Non- resident viruses: it executes itself and terminates or destroys
after specific time.
 Boot sector Viruses: It infects boot sector and spread through a
system when it is booted from disk containing virus.
 Overwriting viruses: It overwrites the code with its own code.
Stealth Virus: This virus hides the modification it has made in the file
or boot record.

DEPARTMENT OF COMPUTER ENGINEERIN

G Mrs.H.A.Shin
 Macro Viruses: These are not executable. It affects
Microsoft word like documents, they can spreads through .
 Polymorphic viruses: it produces fully operational copies of
itself, in an attempt to avoid signature detection.
 Companion Viruses: creates a program instead of
modifying an existing file.
 Viruses: Virus gets executed when attachment is open by
recipient. Virus sends itself to every one on the mailing list
of sender.
 Metamorphic viruses: keeps rewriting itself every time, it
may change their behavior as well as appearance code.

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
Phases of Virus (Life Cycle of Virus)

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Worms
• A computer worm is a program that copies
itself from one computer to another
computer.
Activation
Attacker

Payload

Target Discovery
Carrier

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Virus V/s Worms
Sr. Virus
No
1 A virus is a piece of code that attaches
itself to legitimate program
2 Virus modifies the code.
3 Virus does not replicate itself
4 Virus is a destructive in nature
5 Aim of virus is to infect the code or
program stored on computer system
6 Virus can infect other files
7 Virus may need a trigger for execution
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
Worm
A worm is a malicious program that
spread automatically.
Worm does not modifies the code
Worm replicate itself
Worm is non-destructive in nature
Aim of worm is to make computer or
network unusable
Worm does not infect other files but it
occupies memory space replication.
Worm does not need any trigger
 Intruders V/s Insiders
Sr. Intruders Insiders
No

1 Intruders are authorized or Insiders are authorized users who try to

unauthorized users who are trying to access system or network for which he is
access the system or network. unauthorized.

2 Intruders are hackers or crackers. Insiders are not hackers.

3 Intruders are illegal users. Insiders are legal users.
4 Intruders are less dangerous than Insiders are more dangerous than
Insiders. Intruders.

5 Intruders do not have access to Insiders have easy access to the system
system because they are authorized users

6 Many security mechanisms are used There is no such mechanism to protect

to protect system from Intruders. system from Insider

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Active Attack
modification of the data stream or the creation of a
false stream

Four types of active attacks

1. masquerade,
2. Replay
3. modification of messages,
4. denial of service.

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
A. Masquerade: It
takes place when
one entity pretends
(i.e. act as ) to be a
different entity.
B. Replay: Involves the
passive capture of a
data unit and its
subsequent
retransmission to
produce an
unauthorized effect.
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
C. Modification of
Messages: The some
portion of a legitimate
message is altered or that
messages are delayed or
reordered, to produce an
unauthorized effect.
D. Denial of Service: It
prevents or inhibits the
normal use or
management of
communications
facilities. This attack may
have a specific target;
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
 backdoors attack
Backdoor Attacks:
– It is secret entry point into program that allows user to gain access
without going through the usual security access procedures.
– It is used legitimately in debugging and testing
– It also refers to the entry and placement of a program or utility into
a network that creates a backdoor entry for attackers.
– This may allow a certain user ID to log on without password a
program or gain of administrative services.
– It becomes threat when programmers use them to gain
unauthorized access.
– There are several backdoor programs and tools used by hackers in
terms of automated tools

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 trapdoors attack
Trapdoor Attacks:
– A trap door is an entrance in an system which circumvents the
normal safety measures.
– It is secret entry point into a program that allows someone who is
aware of gaining access using procedure other that security
procedure.
– It might be hidden program which makes the protection system
ineffective.
– This entry can be deliberately in traduced by the developer to
maintain system in case of disaster management.
– Trapdoor programs can be installed through malware using internet.

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Sniffing
Sniffing :-A network sniffer is a software
or hardware device that is used to
observe the traffic as it passes through
the network on shared broadcast media.
The device can be used to view all traffic,
all it can target a specific protocol,
service or even string of characters.
Normally the network device that
connects a computer to a network is
designed to ignore all traffic that is not
destined for that computer. Network
sniffers ignore this friendly agreement
and observe all traffic on the network
whether destined for that computer or
others.
Packet Sniffing:- It is a technique of
monitoring every packet that crosses the
network
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
 Spoofing
spoofing attack is a situation in which one person or program successfully
masquerades as another by falsifying data, thereby gaining an illegitimate
advantage spoofing involves packet can be captured , data can be modified as per
the requirement of third party and may sent to recipients.
Following are the types of spoofing
 IP Address spoofing
 GPS spoofing
 Caller id spoofing
 Mail spoofing
 Third party may use any spoofing technique as per requirement & may get

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Man- in-Middle Attack
A man in the middle attack occurs
when attackers are able to place
themselves in the middle of two
other hosts that are
communicating in order to view or
modify the traffic. This is done by
making sure that all
communication going to or from
the target host is routed through
the attacker’s host. Then the
attacker is able to observe all
traffic before transmitting it and
can actually modify or block traffic.
To the target host, communication
is occurring normally, since all
expected replies are received
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
 TCP/IP Hacking Attack
TCP/IP hacking is the process of taking control of an already existing session between
a client and server. The main benefit to an attacker of hijacking over attempting to
enter a computer system or network is that the attacker doesn’t have to avoid any
authentication mechanisms, since the user has already authenticated and established
the session. When the user has completed its authentication sequence, the attacker
can then take the session and carry similar to the attacker, and not the user, had
authenticated with the system. To prevent the user from noticing anything unusual
the attacker may decide to attack the user’s system and perform a Denial-of –Service
attack on it, so that user and system, will not notice the extra traffic that is tacking
place.

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Encryption Attack
Encryption is the process of transforming plaintext into an unreadable format
known as cipher text using a specific technique or algorithm.
Most encryption technique use some form of key in the encryption process. The
one key is used in a mathematical process to jumble the original message to
unreadable cipher text and other key is used to decrypt the cipher text to recreate
the original plaintext.
The length of key often directly relates to the strength of the encryption.
Cryptography is the art and science of writing secret message.
Cryptanalysis is the process of attempting to break a cryptographic system.

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Operating system security:Operating system updates
• Security refers to providing a protection system to computer
system resources such as CPU, memory, disk, software
programs and most importantly data/information stored in
the computer system.
• Operating system updates contain new software that helps
keep your computer current.
• Examples of updates
1) service packs 2) version upgrades 3) security updates
4) Drivers 5) Other types of updates.

• Important and high-priority updates are critical to the

security and reliability of your computer. They offer the
latest protection against malicious online activities.
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
A hotfix is a software update designed to fix
a bug or security hole in a program.
Unlike typical version updates, hotfixes are
urgently developed and released as soon as
possible to limit the effects of the software
issue.
They are often released between incremental
version updates.

DEPARTMENT OF COMPUTER ENGINEERIN

G Mrs.H.A.Shin
• A software patch or fix is a quick-repair job for a piece of programming
designed to resolve functionality issues, improve security and add new features.
• Patches may do any of the following:
• Fix a software bug
• Install new drivers
• Address new security vulnerabilities
• Address software stability issues
• Upgrade the software
Types of software patches
• Bug fix patches correct problems in the software. These patches help the
software run more smoothly and reduce the likelihood of a crash.
• Security patches address known security vulnerabilities, making the software
more secure.
• Feature patches add new functionality to the software. Microsoft, for example,
provides Windows feature updates twice per year, adding new capabilities to the
Windows 10 operating system.

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
• A service pack (SP) is a patch and upgrade suite that
complements an established operating system (OS)
and its software programs.

An SP is a small set of applications with

software patches or security loops removing errors
and bugs, modifying components or adding new
features.
Its purpose is to improve user productivity from
earlier versions.
Most major software vendors release application
service packs annually or as required.

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Information System Security or INFOSEC refers to
the process of providing protection to the computers,
networks and the associated data. With the advent of
technology, the more the information is stored over wide
networks, the more crucial it gets to protect it from the
unauthorized which might misuse the same. Every
organisation has the data sets that contain confidential
information about its activities.
The major reason of providing security to the information
systems is not just one fold but 3 fold:
1. Confidentiality 2. Integrity 3. Availability
Together, these tiers form the CIA triangle that
happened to be known as the foremost necessity of securing
the information system. These three levels justify
the principle of information system security.
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
 The Needs & Importance of Information

• The users of various professions and vocations like doctors, engineers,

scientists, scholars etc. acquire and apply information in order to do their
job more effectively and efficiently. i.e. application of information for
practical purposes.
• Information supports research in order to obtain effective and fruitful
results.
• Information helps in better management of manpower, materials,
production, finance, marketing etc.
• State-of-art kind of information of a subject helps in identifying the gaps/
shortcomings in in the subject field and to identify the research problems
to be explored or undertaken.
• Information helps in avoiding the duplication of research.
• Information stimulates the thought process of the users, particularly the
scholars.
• Information helps the scientists, engineers, scholars, etc. to get well
informed with the current advancements in their subjects, and to keep them
up-to-date.
DEPARTMENT OF COMPUTER ENGINEERING
Mrs.H.A.Shinde
Classification of information
• ISO 27001 does not prescribe the levels of classification
– this is something you should develop on your own,
based on what is common in your country or in your
industry. The bigger and more complex your
organization is, the more levels of confidentiality you
will have – for example, for a mid-size organization you
may use this kind of information classification levels
with three confidential levels and one public level:
• Confidential (top confidentiality level)
• Restricted (medium confidentiality level)
• Internal use (lowest level of confidentiality)
• Public (everyone can see the information)

DEPARTMENT OF COMPUTER ENGINEERING

Mrs.H.A.Shinde
 Assignment 1
1. State the need for computer security.
2. Define virus and logic bomb.
3. Describe the following attacks: A) Sniffing B) Spoofing C) Man-in-
the middle D) TCP/IP Hijack
4. Describe CIA model for computer security with example. OR
Describe the basic principles of computer security.
5. Explain worm and virus. Differentiate between worm and virus.
6. List types of attacks. Explain backdoors and trapdoors attack. OR
State the types of attacks and describe Active and Passive attack with
at least one example each.
7. Explain threat to security in detail w.r.t virus, worms, intruders,
insiders.
8. What is a Virus? Describe various phases of virus.
9. Describe with the neat diagram model for security.
10. What is Risk? How it canOFbe
DEPARTMENT analyzed?
COMPUTER List various assets.
ENGINEERING
Mrs.H.A.Shinde