Chapter Three

Types of Attack and ProtectionSchemes

1
Definitions and keyconcepts
➢ Access - a subject or object’s ability to use, manipulate, modify, or affect
another subject or object.

➢ Asset - the organizational resource that is beingprotected.

➢ Attack - an act that is an intentional or unintentional attempt to cause
damage or compromise to the information and/or the systems that
support it.

➢ Control, Safeguard, or Countermeasure - security mechanisms,

policies, or procedures that can successfully counter attacks, reduce
risk, resolve vulnerabilities, and otherwise improve the security within
an organization.
.
2
Cont.…
➢ Exploit - to take advantage of weaknesses or
vulnerability in a system.
➢ Exposure - a single instance of being open to
damage.
➢ Hack - Good: to use computers or systems for
enjoyment; Bad: to illegally gain access to a
computer or system.
➢ Object - a passive entity in the information
system that receives or contains information.
➢ Risk - the probability that something can happen.

3
Cont.…
➢ Security Blueprint - the plan for the
implementation of new security measures in the
organization.
➢ Security Model - a collection of specific security
rules that represents the implementation of a
security policy.
➢ Security Posture or Security Profile - a general
label for the combination of all policies,
procedures, technologies, and programs that make
up the total security effort currently in place.

4
Cont.…
➢ Subject - an active entity that interacts with an information system and
causes information to move through the system for a specific end
purpose

➢ Threats - a category of objects, persons, or other

entities that represents a potential danger to an asset.
➢ Threat Agent - a specific instance or component of a more general
threat.

➢ Vulnerability - weaknesses or faults in a system or protection

mechanism that expose information to attack ordamage.

5
Cont.…
Balancing information security and access
➢ When considering information security, it is
important to realize that it is impossible to obtain
perfect security.
➢ Security is not an absolute; it is a process not a
goal.
➢ Security should be considered a balance
between protection and availability.
➢ To achieve balance, the level of security must
allow reasonable access yet protect against threats.
6
Cont…
Data Responsibilities
Data owner: responsible for the security and
use of a particular set of information.
Data custodian:responsible for storage,
maintenance, and protection of information.
Data users: end users who work with
information to perform their daily jobs
supporting the mission of the organization.

77
 Cont…
➢Information security’s primary mission is to
ensure that systems and their contents
remain the same!
➢“Organizations must understand the
environment in which information systems
operate so their information security
programs can address actual and potential
problems.”

8
 Sources of IS security risks
➢Vandals (Hackers, crackers)
➢Internal traitors
➢Economic spies
➢Non reliability of software
➢Natural disasters: flooding, fire, storms,
➢ earthquake…
➢War and terrorists actions
➢Cyber attacks

9
 IS security threats, types of
Attack and Protection Schemes
➢ Vulnerability: A weaknesses or fault in a system or protection mechanism that
opens Some examples of vulnerabilities package, an system port, it to attack are
a flaw and door. Some unprotected well-known vulnerability have or damage. in a
software an unlocked been examined, documented, and published; others remain
latent (or undiscovered)
➢ A vulnerability is a point where a system is susceptible to attack.

10
 Key Actions to identifyVulnerabilities
➢ Understand common attacks. Attacks on and within your network
come in many different varieties. Many times the attackers do not even
know who they are attacking, but there are instances of networks or
organizations that are specifically targeted. Learning the different
methods used to compromise computers and networks will give you
the necessary perspective to proceed.
➢ Inventory your vulnerabilities. Establish a full list of potential
vulnerabilities. Take special care to identify anything unknown about
your network.
➢ Use vulnerability scanning tools. Many tools exist to check the
existing security state of your network. These tools check for open
ports, unpatched software and other weaknesses. Some of these
programs focus on a specific machine, while others can scan your
entire network.

11
IS security Threats
Threat
➢ A threat is a potential cause of an incident that may result in harm to a
system or organization.
➢ It is something that may happen that may cause some
unwanted consequence.

➢ It is a potential violation of security. The violation need not actually

occur for there to be a threat. The fact that the violation might occur
means that those actions that could cause it to occur must be guarded
against (or prepared for). Those actions are called attacks. Those who
execute such actions, or cause them to be executed, are called attackers.

12
 Cont…
✓ Attack: an intentional or unintentional act that fan cause damage to or otherwise
compromise information and /or the system that support it.
✓ Exposure: A condition or state of being exposed. In information security, exposure
exists when a vulnerability known to an attacker is present.
✓ Risk: The probability that something unwanted will happen. Organizations must minimize
risk to match their risk appetite the quantity and nature of risk the organization is willing
to accept.
✓ Threat: A category of objects, persons, or other entities that presents a danger to an asset.
Threats are always present and can be purposeful or undirected. For example, hackers
purposefully threaten unprotected information systems, while severer storms incidentally
threaten buildings and their contents.

✓ A threat is a possible danger to the system: e.g. a person, a thing (a faulty piece
of equipment), or an event (a fire or a flood).

13
 Cont…
Security Consequences of Risks
➢ Failure/End of service
➢ Reduction of QoS, down to Denial of Service
(DoS)
➢ Internal problems in the enterprise
➢ Trust decrease from partners (client, providers,
share-holders)
➢ Technology leakage
➢ Human consequences (personal data, sensitive
data - medical, insurances, …)
14
 Cont…
▪ In general Security is about
• Threats(bad things that may happen, e.g.
your
money getting stolen)
• Vulnerabilities (weaknesses in your defenses, e.g.
your front door being made of thin wood and
glass)
• Attacks (ways in which the threats may be
actualized,
• e.g. a thief breaking through your weak front
door while you and the neighbors are on
holiday)

15
IS security threats in Domain of typical
IT infrastructure

16
 Cont…
Common Threats in the User Domain
➢ Lack of user awareness
➢ User apathy toward policies
➢ User violating security policy
➢ User inserting CD/DVD/USB with personal files
➢ User downloading photos, music, or videos
➢ User destructing systems, applications, and data
➢ Disgruntled employee attacking organization or committing
sabotage
➢ Employee blackmail or extortion

17
 Cont…
Common Threats in the Workstation Domain
➢ Unauthorized workstation access
➢ Unauthorized access to systems, applications, and
data
➢ Desktop or laptop operating system vulnerabilities
➢ Desktop or laptopapplication software
vulnerabilities or patches
➢ Viruses, malicious code, and other malware
➢ User inserting CD/DVD/USB with personal files
➢ User downloading photos, music, or videos
18
 Cont…
Common Threats in the LAN Domain

➢ Unauthorized physical access to LAN

➢ Unauthorized access to systems, applications, and data

➢ LAN server operating system vulnerabilities

➢ LAN server application software vulnerabilities and software
patch updates

➢ Mischief users on WLANs

➢ LAN server configuration guidelines andstandards

19
Cont…
Common Threatsin the LAN-to-WAN
Domain
➢Unauthorized searching and port scanning
➢Unauthorized access
➢Internet Protocol (IP) router, firewall, and
network appliance operating system
vulnerability
➢Local users downloading unknown file
types from unknown sources
20
 Cont…
Common Threats in the WANDomain
➢ Open, public, and accessible data
➢ Most of the traffic being sent as clear text
➢ Vulnerable to eavesdropping
➢ Vulnerable to malicious attacks
➢ Vulnerable to Denial of Service(DoS) and Distributed
Denial of Service (DDoS) attacks
➢ Vulnerable to corruption of information and data
➢ Insecure Transmission Control Protocol/Internet
Protocol (TCP/IP) applications
➢ Hackers and attackers e-mailing Trojans, worms,
and malicious software freely and constantly
21
 Cont…
Common Threats in the Remote Access
Domain Internet
➢ Brute force user ID and password attacks
➢ Multiple logon repeats and access control attacks
➢ Unauthorized remote access to IT systems,
applications, and data
➢ Confidential data compromised remotely
➢ Data leakage in violation of data
classification standards

22
Cont…
Common Threats in the Systems/Applications
Domain Cloud Computing
➢ Unauthorized access to data centers, computer rooms, and
wiring closets
➢ Difficult-to-manage servers that require high availability
➢ Server operating systems software vulnerability
Management
➢ Security required by cloud computing virtual
environments
➢ Corrupt or lost data

23
Cont…

24
Cont…

25
 Cont…
Deliberate SoftwareAttacks
➢ Deliberate software attacks occur when an
individual or group designs and deploys software
to attack a system.
➢ Referred to malicious code, malicious software or
malware
➢ Designed to damage, destroy, or deny service
to the target systems.
➢ The more common instances of malicious code are
viruses and worms, Trojanhorses, logic
bombs, and back doors
26
Cont…
Deliberate SoftwareAttacks Virus
➢ Segments of code
➢ Attaches itself to existing program
➢ Takes control of program access
➢ Replication
Worms
➢ Malicious program
➢ Replicates constantly
➢ Doesn’t require another program
➢ Can be initiated with or without the user download

27
Cont…
Deliberate SoftwareAttacks
Other Malware
➢ Trojan Horse
▪ Hide their true nature
▪ Reveal the designed behavior only when activated
➢ Back door or trap door
▪ A virus or worm that installs a back door or trap door
component in a system, which allows the attacker to
access the system at will with special privileges

28
Cont…
Forces of Nature
➢ Pose some of most dangerous threats
➢ Unexpected and occur with little or no warning
▪ Fire
▪ Electrostatic discharge
▪ Dust contamination
▪ Flood
▪ Earthquake
▪ Lightning
▪ Landslide
▪ Mudslide
29
Cont…
Acts of Human Error or Failure
➢ Acts performed without intent or malicious
purpose by authorized user
➢ Greatest threat to organization information security
✓ Organization’s own employees
✓ Closest to the data
✓ Mistakes
▪ Revelation of classified data
▪ Entry of erroneous data
▪ Accidental deletion or modification of data
▪ Storage of data in unprotected areas
▪ Failure to protect information
30
Cont…
Acts of Human Error or Failure Prevention
➢Training
➢Ongoing awareness activities
➢Controls
▪ Require user to type a critical command twice
▪ Verification of commands

31
 Acts of Human Error….
➢ Includes acts performed intent without malicious
➢ Causes include:
▪ Inexperience
▪ Improper training
▪ Incorrect assumptions
➢ Employees are amongthe greatest threats to an
organization’s data

32
 Acts of Human Error…
➢Employee mistakes can easily lead to:
▪ Revelation of classified data
▪ Entry of erroneous data
▪ Accidental data deletion or
modification
▪ Data storage in unprotected areas
▪ Failure to protect information
➢Many of these threats can be prevented with
controls

33
Acts of Human Error

34
 Cont…
➢ Missing, Inadequate or Incomplete Planning/policy
and Controls
➢ Missing, inadequate, or incomplete organizational policy
or planning makes an organization vulnerable to loss,
damage, or disclosure of information assets when other
threats lead to attacks.
➢ Similarly, missing, inadequate, or incomplete controls that
is, security safeguards and information asset protection
controls that are missing, misconfigured, antiquated, or
poorly designed or managed make an organization more
likely to suffer losses when other threats lead to attacks.

35
 Cont…
Sabotage orVandalism
➢ Deliberate sabotage of a computer system orbusiness
➢ Acts to destroy anasset
➢ Damage to an image of an organization
➢ Hackterist or cyberactivist
➢ Interfere with or disrupt systems in protest tothe operations, policies, or
actions of anorganization
➢ Cyber terrorism
➢ Cyber terrorists hack systems to conduct terrorist activities via
network or Internet pathways.
➢ Theft

36
Deliberate Acts of Espionage
or Trespass
➢Access of protected information by
unauthorized individuals
➢Competitive intelligence (legal) vs. industrial
espionage (illegal)
➢Shoulder surfing occurs anywhere a person
accesses confidential information
➢Controls let trespassers know they are
encroaching on organization’s cyberspace
➢Hackers uses skill, guile, or fraud to bypass
controls protecting others’ information

37
Shoulder surfing

38
 Deliberate Acts of Theft
➢Illegal taking of another’s physical,
electronic, or intellectual property.
➢Physical theft is controlled relatively
easily.
➢ Electronic theft is more complex
problem; evidence of crime not
readily apparent.

39
Hackers: Hackers are individuals who gain illegal
entry into a computer system, often without
malicious intent but simply to see if they can do it.
It is a term used by some to mean “clever
programmer” and by others, especially those in
popular media, to mean “someone who tries to
break into computer systems. Hackers are
computer experts who spend enormous amount of
time trying to breach the security of networks, web
servers and email servers. Usually they use a
selection of specialist software to identify
weakness, which are then exploited.

40
 Cont.…
➢Threats fall into three main categories:
❖ natural threats
❖ unintentional threats
❖ intentional threats
The intentional threats can come from
insiders or outsiders.
Outsiders can include:
▪ foreign intelligence agents
▪ terrorists criminals corporate raiders
▪ crackers

41
 Inside or Outside?
• Although most security mechanisms protect
best against outside intruders, survey after
survey indicates that most attacks are by
insiders. Estimates are that as many as 80%
of system penetrations are by fully
authorized users.

42
 The Insider
• There are a number of different types of insiders:
disgruntled employee, the coerced employee, and
the greedy employee. One of the most dangerous
types of insiders may simply be lazy or untrained.
He or she doesn’t bother changing passwords,
doesn’t learn how to encrypt files, doesn’t get
around to erasing old disks, and leaves sensitive
printout in piles on the floor.

43
 Security Threats
MalwareAttack:
A generic term for that has
malicious purpose software
Examples
Viruses Trojan
horses Spy-
wares
New ones: Spam/scam , identity theft, e-
payment frauds, web phishing….. etc.
44
Types of Threats/Attacks …
(Chuck Easttom)
➢ Hacking Attack:
▪ Any attempt to gain unauthorized access to
your system
➢ Denial of Service (DoS) Attack
▪ Blocking access from legitimate users
➢ Physical Attack:
▪ Stealing, breakingor damaging of
computing devices

45
Malicious Software

46
 Malware Attack
Worms
▪ An independent program that
reproduces by copying itself from one
computer to another
▪ It can do as much harm as a virus
▪ It often creates denial of service
▪ Harm the network by consuming the
bandwidth

47
 Malware Attacks…
Trojan horses
▪ (Ancient Greek tale of the city of Troy
and the wooden horse) - ??
▪ Secretly downloading a virus or some other typeof
mal-ware on to your computers.
▪ Popularmechanism for disguising a virus or
a worm

48
Cont…
• Trojan Horses: A destructive program that masquerades as a benign
application. Unlike viruses, Trojan horses do not replicate themselves
but they can be just as destructive. It is generally a non- self-
replicating type of malware program containing malicious code

that, when executed, carries out actions determined by the nature

of the Trojan, typically causing loss or theft of data,and possible
system harm. One of the most insidious types of Trojan horse is a
program that claims to rid your computer of viruses but instead
introduces viruses onto yourcomputer.

49
 Cont…
Viruses: A Computer Virus is a small program designed to cause some
kind of damage in the infected computer, by deleting data,
capturing information, or by altering the normal operation of the
machine. It is a self-replicating program that spreads by inserting
copies of itself into other executable code or documents. It could steal
or delete information, make the computer slower, or simply mess with
the Operating System. In present days the most common are viruses
which steal information from Internet Banking, so the attacker can
transfer your money to his account, pay bills or buy something on the
Internet

50
 Backdoors
➢ Backdoor is a program or a set of related programs that a hacker

installs on a target system to allow access to the system at a later time.

➢ A backdoor can be embedded in a maliciousTrojan.

➢ The objective of installing a backdoor on a system is to give hackers

access into the system at a time of their choosing.

➢ The key is that the hacker knows how to get into the backdoor

undetected and is able to use it to hack the system further and look for

important information.

51
 Malware Attack…
➢Spy-wares
▪ “A software that literally spies on what you do onyour
computer.”
▪ Example: Simple Cookies and Key Loggers
➢ Logic Bomb
one of oldest types of malicious software
code embedded in legitimate program (Trojan horse)
activated when specified conditions met
eg presence/absence of some file particular date/time
particular user
particular series of keystrokes
when triggered typically damage system
modify/delete files/disks

52
 Malware Attack…
Zombie
▪ Program which secretly takes over another networked
computer
▪ then uses it to indirectly launch attacks

▪ often used to launch distributeddenial of

Service (DDoS) attacks
▪ Exploits known flaws in network systems

53
 Social Engineering
➢ Social Engineering is a kind of attacks that uses the
weakest link. (one of the security principles – secure
the weakest link)
➢ It takes advantage of our human characteristics to
exploit us, tricking us to break normal security
procedures
➢ Social Engineering succeeds because people are
people- want to, be advantageous/get something
the shortest way.(egoistic)

54
 Social Engineering
➢ Social-engineering schemes use 'spoofed‘ e-mails to lead
consumers to counterfeit websites designed to trick recipients into
divulging financial data such as credit card numbers, account
usernames, passwords and social security numbers by Hijacking
brand names of banks, e-retailers and credit card companies.
➢ Phishing is an attempt to criminally and fraudulently acquire
sensitive information, such as usernames, passwords and credit
card details, by masquerading as a trustworthy entity in an
electronic communication. eBay, PayPal and online banks are
common targets.
➢ Phishers often convince recipients to respond.
➢ Pharming is crimeware misdirects users to fraudulent sites
or proxy servers (bogus website), typically through DNS
hijacking or poisoning.

55
 Cont…
Eavesdropping: Alternatively referred to
as ear wigging, is a used to describe the
process of listening, term or examining
someone without their monitoring, or
knowledge. For example, a user could
eavesdrop on someone’s e-mail or chat
conversation. Eavesdropping is secretly
listening to the private conversation of others
without their consent.

56
 Cont…
• It is the unauthorized real-time interception of a private
communication, such as a phone call, instant message,
video conference or fax transmission. The term eavesdrop
derives from the practice of actually standing under the
eaves of a house, listening to conversations inside. This is
commonly thought to be unethical and there is an old
saying that "eavesdroppers seldom hear anything good of
themselves...eavesdroppers always try to listen to matters
that concern them.
57
Cont…
Sniffing: is the use of a network interface to receive
data not intended for the machine in which the
interface resides. A variety of types of machines
need to have this capability. A token-ring bridge, for
example, typically has two network interfaces that
normally receive all packets traveling on the media
on one interface and retransmit some, but not all, of
these packets on the other interface.

58
 Cont…
➢ Another example of a device that incorporates sniffing is
one typically marketed as a “network analyzer.” A network
analyzer helps network administrators diagnose a variety of
obscure problems that may not be visible on any one
particular host. These problems can involve unusual
interactions between more than just one or two machines
and sometimes involve a variety of protocols interacting in
strange ways.
➢ Sniffing programs could be used to gather passwords, read
inter-machine e-mail, and examine client-server database
records in transit.

59
Wiretaps: refers to listening in on electronic communications on
telephones, computers, and other devices. Many governments us it as a
law enforcement tool, and it is also used in fields like corporate
intelligence to gain access to privileged information. Depending on
where in the world one is, wiretapping may be tightly controlled with
laws that are designed to protect privacy rights, or it may be a widely
accepted practice with little or no protections for citizens. Several
advocacy organizations have been established to help illegal wiretapping.
There are a number of ways to carry out a wiretapping operation,
ranging from concealing electronic devices in a phone to tapping into a
telecommunications line somewhere along its travel from the device to
a routing or exchange center. In many countries, governments have
agreements with telecommunications companies which ensure easy
access to lines of communication for this purpose. It is used to monitor
websites that presumably contain dangerous or sensitive materials, and
the people that access them

60
 Control
Control: A means to prevent vulnerability from being exploited.
Security controls
➢ Once threat vectors are considered, organizations rely on various controls to accomplish in-depth
defense as part of their security architecture. A security control is any mechanism that you put in
place to reduce the risk of compromise of any of the three CIA objectives: confidentiality, integrity,
and availability.

➢ There are several ways to classify these security controls; one of them is based on the nature of the
control itself. These controls fall into one of three categories:

Administrative Controls
➢ Administrative controls are largely policy and procedure driven. You will find many of the
administrative controls that help with an enterprise’s information security in the human resources
department. Some of these controls are as follows:

➢ Security-awareness training

➢ Security policies and standards

61
 Cont…
Technical Controls
Technical controls are extremely important to a good information security program, and
proper configuration and maintenance of these controls will significantly improve
information security. The following are examples of technical controls:

✓ Firewalls

✓ Intrusion prevention systems (IPS)

✓ Virtual private network (VPN) concentrators and clients

✓ Smart cards

✓ Biometric authentication devices

✓ Network Admission Control (NAC) systems

✓ Routers

62
 Cont…
Physical Controls
While trying to secure an environment with good technical and administrative controls, it is
also necessary that you lock the doors in the data center. This is an example of a physical
control. Other examples of physical controls include the following:

➢ Intruder detection systems

➢ Security guards

➢ Locks

➢ Uninterruptible power supplies (UPS)

➢ Fire-suppression systems

➢ Positive air-flow systems

63
 A Model for Internetwork Security
 While computer systems today have some of the best security systems ever, they are more vulnerable
than ever before.
 Computer and network security comes in many forms, including encryption algorithms, accessto
facilities, digital signatures, and using fingerprints and face scans as passwords.
 The OSI security architecture provides a systematic frame work for defining security attacks,
mechanisms and services.

The OSI security architecture focuses on security attacks, mechanisms and services.
 Security attack:-Any action that compromises the security of information owned by an
organization.
 Security mechanism:- A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a securityattack.

 Security service:-A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization. The services are intended to
counter security attacks, and they make use of one or more security mechanisms to provide the
service.

64
 Security attacks, Mechanisms and Services

▪ Security attack: any action that will compromise the security of

information.
– These attacks take many forms, but in most cases, they seek to obtain
sensitive information, destroy resources, or deny legitimate users access to
resources.

▪ Security mechanism:- is a mechanism that is designed to detect

, prevent, or recover from a securityattack.
▪ Security services: A service that enhances the security of
data
processing systems and information transfers.
– A security service makes use of one or more securitymechanisms.
65
Security Attacks is an assault on system security- an intelligent act that is a
deliberate attempt to evade security services and violate the security policy
of a system

• Categories of Attacks/Threats
Source
Destination
Normal flow of information Attack

Interruption Interception

Modification Fabrication75
66
 Cont…

Interruption

▪ The system is destroyed or becomes unavailable

▪ This is an attack on availability.
▪ This could be a destruction of a piece of hardware or
cutting a communication line.
67
 Cont…

Interception

▪ Unauthorized party gets access to information

▪ This is an attack on confidentiality
• Overhearing, eavesdropping over a
communication line
▪ The attacker could be a person or program.
• Eg. of this could be unauthorized copying of files.
68
 Cont…
Modification

▪ An unauthorized party gains access to information

and also modifies it.
▪ This is an attack on integrity of information.
▪ Modification of program or date files to operate or contain
different information.
▪ Corrupting transmitted data or tamperingwith it
before it reaches its destination
69
 Cont...

Fabrication

▪ An unauthorized party injects fabricated information into

the system.
– Thatis, Faking data as if it were created
by a legitimate and authentic party
▪ This is an attack on authenticity.
▪ Examples of this is insertion of spurious
messages, addition of records to a file etc.
70
 Cont….
In general Categories of Attacks
➢Interruption: An attack on
availability
➢Interception: An attack on
confidentiality
➢ Modification: An attack on integrity

➢ Fabrication: An attack on
authenticity
71
 Security attack types
• The attacks can also be classified by the following
criteria.
− Passive or active,
− Internal or external,
− At different protocol layers.
Passive vs. active attacks
• A passive attack attempt to learn or make use of the
information without changing the content of the message
and disrupting the operation of the communication.
• Examples of passive attacks are:
-- Eavesdropping , traffic analysis, and traffic monitoring.

72
 Attack Types

1. Passive attacks:- are the type of attacks which do not change or

modify the information flowing between the parties.

− This type of attacks are hard to detect since it does not

involve the other party or alter the data.
− The objective of the opponent is to obtain the information
that is being transmitted.
− Passive attacks attempt to learn or make use of information
from the system but don’t affect the system resources.
– This kind of attack can be prevented rather than
detected. Examples are Eavesdropping or monitoring of
traffic.

73
 Passive AttackTypes
➢ Passive attacks do not affect system
resources
▪ Eavesdropping, monitoring
▪ The goal of the opponent is to obtain
information thatis being transmitted
➢ Two types of passive attacks
➢ Release of message contents
➢ Traffic analysis
➢ Passive attacks are very difficult to detect
▪ Message transmission apparently normal
▪ No alteration of the data
▪ Emphasis on prevention rather than detection
▪ By means of encryption
74
 Passive AttackTypes

A. Releaseof Message Content:- Messages,such as telephone

conversation, an e-mail, and transferred file, may contain sensitive or confidential
information.

➢ An opponent may get to know the contents of the message.

➢ Prevent the opponent from learning the contents of
these transmission.
B. Traffic Analysis:- Analyzing or determining the location and identity of
hosts and paths to guess on the nature of communication that is/was taking place.
➢ Here, the link traffic profile and information gathering is done by
the opponent.

75
 Cont.…
Release of Message Contents

76
 Cont…
Traffic Analysis

77
 Cont…
•Active attack attempts to interrupt, modify, delete, or fabricate
messages or information thereby disrupting normal operation of
the network.
• Someexamples of active attacksinclude:

• – modification, Jamming, impersonating, denial

(DoS), and message replay. of service

78
 Contd.
2. Active attacks:- are types of attacks which
attempt to alter system resources or affect their
operation
▪ Are easier to detect since the information stream is altered
and involves the other party.

▪ Harder to prevent since no absolute protection is

available with the current buggy systems.

▪ Involves some modification of the data

stream or creation of a false stream.
79
 Active Attack Types
• Active attacks try to alter system resources
or affect their operation
− Modification of data, or creation of false data
• Four categories
− Masquerade of one entity as some other
− Replay previous message
− Modification of messages
− Denial of service (DoS): preventing normal use
• A specific target or entire network
• Difficult to prevent
− The goal is to detect and recover

80
 Cont…
A. Masquerading:- The entity pretends to be a differententity.

▪ It usually includes one of the other forms

B. Replay:- involves the passive capture of a data unit and its

subsequent retransmission to produce an authorizedeffect.

▪ Passive capture of data, alter and then retransmit.

C. Modification of Message:- Means some portion of the legitimate
message is altered, or the messages are delayed or reordered, to
produce an authorized effect.
D. Denial of Service :- Prevents or inhibits the normal use or
management of communication facilities.

81
 Cont…
Masquerade

82
Cont…
Replay

83
 Cont…
Modification of Messages

84
 Cont…
Denial of Service

85
 Security attack types…
Internal vs. External attacks
• External attacks are carried out by hosts that don’t
belong to the network domain, sometimes they are
called outsider.
– E.g.itcan causes congestion by sendingfalse routing
information thereby causes unavailability of services.
• In case of internal attack, the malicious node from the
network gains unauthorized access and acts as a genuine
node and disrupts the normal operation of nodes.
• They are also known as insider.

86
 Security attack types…
• Attacks on different layers of the TCP/IP model:
• The security attacks can also be classified as according to the
TCP/IP layers. Table shows the attack types at each layer.
Layer Attacks
Application layer E-mail bombing, Repudiation, data
corruption, malicious code attack (Trojan,
maleware,virus,...)

Transport layer Session hijacking, Altering checksum, SYN

flooding.

Network layer IP spoofing, ICMP echo,Worm hole, black

hole, gray hole, Byzantine, flooding

Data link layer Traffic analysis, disruption (E.g MAC IEEE

802. 11 Wi-Fi)

Physical layer Jamming, interception, eavesdropping

Cross-layer attack DoS, impersonation, replay, man-in-the-

middle attack
87
 Security attack types…
Denial of Service attack
• This attack aims to attack the availability of message, device or
the entire network service at large.
• The attackermay use radio signal jamming and the
battery
exhaustion method (e.g, in wireless networks)
Impersonation
• If the authentication mechanism is not properly implemented, a
malicious node can act as a genuine node and monitor the
network traffic.

88
 Security Services
▪ A security service is the collection of mechanisms, procedures and

other controls that are implemented to helpreduce the risk

associated with threat.

• For example, the identification and authentication service helps

reduce the risk of the unauthorized user threat.

▪ Some services provide protection from threats, while otherservices

provide for detection of the threat occurrence.

• An example of this would be a logging or monitoringservice.

89
 Security Services Types
A. Confidentiality (privacy):- is the protection of
transmitted data from passive attacks.
❖ The other aspect of confidentiality is the protection of traffic flow
from analysis.
❖ The attacker will not be able to observe the source and
destination, frequency, length or other characteristics of
the traffic on a communications facility.
A. Integrity(has not been altered):-
ensures that the messages are received with
no duplication, insertion, modification,
reordering or replays.
90
 Cont…

▪ Connection oriented service:- addresses DoS and modifications

(duplication, insertion, modification and reordering problems handled).

▪ Connectionless service:- deals with only individual messages and only

assures against modification. This is because it only deals with individual
packets.

C. Access Control:- This service controls who can have access

to a resource, under what conditions access can occur and
what those accessing the resources are allowed to do.
D. Non-repudiation:- Prevents either sender or receiver from denying a transmitted
message.

91
 Cont…

E. Authentication:- is the assurance that the

communicating entity is the one that it claims to be.
I. Peer Entity Authentication:- is used in association with a logical
connection to provide confidence in identity of theentities.
II. Data Origin Authentication:- In a connectionless transfer, it
provides assurance that the source of received data is as claimed
F. Audit:- Recording& analyses of participation, roles and actions
in
information communication by relevant entities..

G. Availability:- having your data accessible and obtainable at all times.

92
 Security Mechanisms
1. Encipherment:- is the use of mathematical algorithms to transform

data into a form that is not readily intelligible.

2. Digital Signature:- is a mathematical scheme for demonstrating the

authenticity of a digital message or document.

– A valid digital signature gives a recipient reason to believethat the message

was created by a known sender, and that it was not altered intransit.

3. Access Control:- a variety of mechanisms that

enforce access rights to resources.

93
 Cont…
4. Data Integrity:- a variety of mechanisms used to assure the integrity of
data unit or stream of data units.

5. Authentication Exchange:- a mechanism intended to ensure the identity of

an entity by means of information exchange.

6. Traffic Padding:- The insertion of bits into gaps in a data stream to

frustrate traffic analysis attempt.
7. Routing Control:- Enables selection of particularly secure routes from
certain data & allows routing changes, especially when a breach of security
is suspended.

94
 Confidentiality

• Protection of information from disclosure to unauthorized entities

(organizations, people, machines, processes).
• Information includes data contents, size, existence,communication
characteristics, etc.

Service Types Protection Mechanisms

– Data Confidentiality / Disclosure
Protection
− Data Encryption
• Connection Oriented • Symmetric (Secret-
• Connectionless Key)
• Selective Field
– Traffic Flow Confidentiality
• Asymmetric (Public-
Key)
• Origin DestinationAssociation
• Message Size
• Transmission Patterns
– Accompanied with Data Integrity
95
 Integrity
▪ Protection of data against creation, alteration,deletion,
duplication, re-ordering by unauthorized entities
(organizations, people, machines, processes).
▪ Integrity violation is always caused by active attacks.
Service Types Protection Mechanisms
− Message Integrity − Message Digests (Hashing)
• Associated with − Sequence Numbers
connectionless − Nonce ID (Random Number)
communication
− Time Stamps
− Message Stream Integrity
• Associated with
connection oriented
communication
96
 Authentication

• Communicating entities are provided with assurance &

information of relevantidentities of communicating
partners
(people, machines, processes).
• Personnel Authentication requires specialattention.

Service Types Protection Mechanisms

− Data OriginAuthentication – Password
• Associated with • Manual
Connectionless Communication • One-Time Password
− Peer EntityAuthentication – Key Sharing
• Associated with Connection • Manual
Oriented Communication • Symmetric Key (Tickets)
– Fundamental for access control • Asymmetric Key (Certificates)
hence, confidentiality & integrity – Challenge – Response
• Nonce Based
• Zero Knowledge Proof 97
 Access Control
Protection of information resources or services from access or use by unauthorized entities
(organizations, people, machines, processes).
❖ Privileges – rights to access or use resources or services
❖ Principles – entities own access control privileges
❖ Subjects – entities exercise access control privileges
❖ Objects / Targets – resources or services accessed/used by subjects
❖ Delegation – transfer of access control privileges among principals
❖ Authorization – transfer of access control privileges from principals to subjects

Service Types Protection Mechanisms

– Subject Based − Access Control Lists (ACLs)
Typing
• IdentityBased
• Object Based Specification
• RoleBased Ex.: UNIX File System
– Enforcement Based Typing
– Capabilities
• Mandatory AccessControl
― Management Directed • Subject Based Specification
• Discretionary Access Control― • Issue Tickets/Certificates
Resource Owner Directed 98
 Non-Repudiation
❖Protection against denial of participation by

communicating entities in all or part of a communication.

Service Types Protection Mechanisms

− Non-Repudiation of Origin − Time Stamp

− Non-Repudiation of − Digital Signature

Reception

99
 Audit

➢ Recording & analyses of participation, roles and actions

in information communication by relevant entities.

Service Types Protection Mechanisms
− Off-line Analysis − Intrusion Monitors / Sensors
(Computer Forensic) • Common Intrusion Detection
− On-line Analysis Framework (CIDF)
(Real-time Intrusion • Common Information Model
Detection) (CIM)

100
 Service vs. Layer Mapping

Service /Layer 1 2 3 4 6 7
Confidentiality, Connectionless Y Y Y Y
Confidentiality, Connection Y Y Y Y Y
Confidentiality, Selected Field Y Y
Confidentiality, Traffic Flow Y Y
Authentication, Data Origin ? Y Y Y
Authentication, Peer Entity Y Y Y
Integrity, Message Y Y Y
Integrity, MessageStream Y Y
Access Control ? Y Y Y
Non-Repudiation, Origin Non- ? Y Y Y
Repudiation,Receipt Y

? = difference between IEEE802 and ISO

101
A Model for Network Security

102
 Design Issues in the Model

1. Design an algorithm for performing the security-related transformation.

▪ The algorithm should be such that an opponent cannot defeat its purpose.

2. Generate the secret information to be used with the algorithm.

3. Develop methods for the distribution and sharing of the
secret information.

4. Specify a protocol to be used by the two principles that makes use of the
security algorithm and the secret information to achieve a particular security
service.

103
 Other Considerations

1. Network Design Considerations

− Designing for acceptable risk.
− Use of network models with security (LAN/WAN more secure, Dedicated/non-
dedicated, segregation and isolation)

2. Host hardening
− Firewalls, Packet filtering

3. Choice of network devices

− Choice of routers and other hardware
− Routing protocols
4. Intrusion detection systems (IDS)
− Host based IDS
− Network based IDS

104
 Network Penetration Attacks and Firewalls

Passed Packet Attack

Internet Packet
Firewall
Hardene
d Internet
Client
Attacker
PC
Dropped
Packet
Hardened
Server Internal
Log File Corporate
Network
105
 Intrusion Detection System

1.
4.Alarm Intrusion Suspicious
Detection Packet
Network2. Suspicious System
Internet
Administrator Packet passed
Attacker

3. Log
Packet
Hardened
Server Log File Corporate Network
106
106
 Encryption for Confidentiality

Encrypted Message “100100110001”

Client PC Server
Bob Alice
“100100110001”

Attacker (Eve) intercepts

Original but cannot read Decrypted
Message Message
“Hello” “Hello”
107
 Impersonation and
Authentication

I’m Bob

Prove it!
Client PCAttacker (Authenticate Yourself)Server
Bob (Eve)
Alice

108
 Secure Dialog System

Secure Dialog

Client PC
Bob Automatically Handles Server
Negation of Security Options Alice
Authentication
Encryption
Integrity Attacker cannot read
messages, alter
messages, or
impersonate 109
 Hardening Host Computers
1. The Problem
▪ Computers installed out of the box have known vulnerabilities
• Not just Windows computers
▪ Hackers can take them over easily
▪ They must be hardened—a complex process that involves many actions
2. Elements of Hardening
▪ Physical security
▪ Secure installation and configuration
▪ Fix known vulnerabilities
▪ Turn off unnecessary services (applications)
▪ Harden all remaining applications
▪ Manage users and groups
▪ Manage access permissions
• For individual files and directories, assign access permissions specific users and
groups
▪ Back up the server regularly
▪ Advanced protections

110