Professional Documents
Culture Documents
CH 1,2,3
CH 1,2,3
BE_CE Sem 7
LDRP-ITR
►
➢What Is Information Security???
►
What is a Security Attack?
►
➢Why Information Security???
► Increased rate of cyber crime issues.
►
Cyber Crime Techniques
➢ Data Scavenging
➢Piggy Backing
➢ Man In the middle
➢ Social Engineering
➢ Password Sniffing
➢ Web Jacking
➢Online Fraud
➢Software Piracy
►
➢Information Security threats
► Denial of Service (DoS)
► Making system unavailable to legitimate users.
► Impersonation
►Assuming someone else’s identity and enjoying his privileges.
► Salami Technique
► Diverting small amount of money from a large number of
accounts maintained by the system.
► Small amounts go unnoticed.
► Spoofing
► Configuring a computer to assume some other computers
identity.
Types of attacks
Spear Phishing Attacks:-
❖ Spear phishing is an email aimed at a particular individual or organization, desiring
unauthorized access to crucial information. These hacks are not executed by random
attackers but are most likely done by individuals out for trade secrets, financial gain,
or military intelligence.
❖ Spear phishing emails appear to originate from an individual within the recipient’s
own organization or someone the target knows personally. Quite often, government-
sponsored hacktivists and hackers perform these activities. Security criminals also
carry out these attacks with the aim of reselling confidential data to private companies
and governments. These attackers employ social engineering and individually-
designed approaches to effectively personalize websites and messages.
Phishing Attacks:-
❖ Phishing is a type of social engineering usually employed to steal user data such as
credit card numbers and login credentials. It happens when an attacker, posing as a
trusted individual, tricks the victim to open a text message, email, or instant message.
The victim is then deceived to open a malicious link that can cause the freezing of a
system as part of a ransomware attack, revealing sensitive information, or installation
of malware.
❖ This breach can have disastrous results. For an individual, this includes identity theft,
stealing of funds, or unauthorized purchases.
Whale Phishing Attack:-
❖ A whale phishing attack is a type of phishing that centers
on high-profile employees such as the CFO or CEO. It is
aimed at stealing vital information since those holding
higher positions in a company have unlimited access to
sensitive information. Most whaling instances manipulate
the victim into permitting high-worth wire transfers to the
attacker.
❖ The term whaling signifies the size of the attack, and
whales are targeted depending on their position within the
organization. Since they are highly targeted, whaling
attacks are more difficult to notice compared to the
standard phishing attacks.
❖ In a business, system security administrators can lessen
the effectiveness of such a hack by encouraging the
corporate management staff to attend security awareness
training.
Malware Attacks:-
❖Malware is a code that is made to stealthily affect a
compromised computer system without the consent of the
user. This broad definition includes many particular types
of malevolent software (malware) such as spyware,
ransom ware, command, and control.
❖Many well-known businesses, states, and criminal actors
have been implicated of and discovered deploying
malware.
❖Malware differs from other software in that it can spread
across a network, cause changes and damage, remain
undetectable, and be persistent in the infected system. It
can destroy a network and bring a machine’s performance
to its knees.
Drive-by Attack:-
❖ A security attacker looks for an insecure website and
plants a malicious script into PHP or HTTP in one of
the pages. This script can install malware into the
computer that visits this website or become an
IFRAME that redirects the victim’s browser into a site
controlled by the attacker. In most cases, these scripts
are obfuscated, and this makes the code to be
complicated to analyze by security researchers. These
attacks are known as drive-by because they don’t
require any action on the victim’s part except visiting
the compromised website. When they visit the
compromised site, they automatically and silently
become infected if their computer is vulnerable to the
malware, especially if they have not applied security
updates to their applications.
Ransomware:-
❖Ransomware blocks access to a victims data,
typically threating delete it if a ransom is paid. There
is no guarantee that paying a ransom will regain
access to the data. Ransomware is often carried out
via a Trojan delivering a payload disguised as a
legitimate file.
Trojan Horses:-
❖A Trojan is a malicious software program that
misrepresents itself to appear useful. They spread by
looking like routine software and persuading a victim
to install. Trojans are considered among the most
dangerous type of all malware, as they are often
designed to steal financial information
Goals of Security
• To save data from external threats.
• To protect our data from vulnerabilities.
• To protect our data from fishing.
• To restrict data from unauthorised activities.
• To imply properly configured rule in to
systems
• Analyze every suspicious activities happed
over system by viewing its logs.
Why Information Security???
* Cookies
* Cross Site Scripting (XSS)
► SPAM
* Salami Attack
* Virus / Worms/ Trojans
* Spyware / Adware
* Phishing
* Email Spoofing..........................Etc.
►
Elements of Information Security
► Three basic elements of Information Security.
► Confidentiality
► Integrity
► Availability
►
Confidentiality
► It is the principle that information will not be
disclosed to unauthorized subjects.
* Examples:
► Unauthorized network data sniffing
► Listening a phone conversation.
Integrity
► It is the protection of system information or process from intentional or
accidental unauthorized changes.
Availability
► In another words.......
►
Other Elements of Info. Sec.
► Identification - recognition of an entity by a system.
* Vulnerability
* It is the weakness within a system. It is the degree of
exposure in view of threat.
* Countermeasures
* It is a set of actions implemented to prevent threats.
►
Information Security Services
►
UNIT 2
Date:-8/7/2020
Information Systems Concepts
& Security Attacks
BECE Sem 7
LDRP-ITR
LDRP_ITR, BE,CE By Janak Tank
UNIT 2
►
➢Information Security threats
➢Denial of Service (DoS)
➢Impersonation
➢ Salami Technique
➢Spoofing
➢Whale Phishing Attack
➢Internal Threats
➢External threats
➢Ransomeware
➢SQL injection and more….
•Goals for Security
➢Series of events
• Computer Forensics
• Forgery
• Fraud/Theft
• Copyright Violations
• Identity Theft
• Threats
Types of Computer Forensics attacks
• Burglary
• Homicide
• Administrative Investigations
• Cyber Terrorism
– Internet Crime Complaint Center (IC3): Logged 1 000 000+ consumer complaints
about alleged online fraud or cyber crime and referred 460,000+ complaints to law
enforcement agencies
– 2007 Computer Security Institute (CSI) survey: 46% detected security breach; 91%
suffered financial loss as a result. The average annual loss reported in this year’s survey
shot up to $350,424 from $168,000 the previous year.
• Confidentiality
• Integrity
• Availability
• Authenticity
• Encryption
• Integrity
– The ability to ensure that information being displayed on a web site or transmitted or
received over the internet has not been altered in any way by an unauthorized party
• Nonrepudiation
– The ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online
actions
• Authenticity
– The ability to identify the identity of a person or entity with whom you are dealing in the
internet
• Confidentiality
– The ability to ensure that messages and data are available only to those who are authorized
to view them
• Privacy
– The ability to control the use of information about oneself
• Availability
– The ability to ensure that an e-commerce site continues top function as intended
Security Threats in the E-commerce Environment
Phishing Attacks:-
❖ Phishing is a type of social engineering usually employed to steal user data such as
credit card numbers and login credentials. It happens when an attacker, posing as a
trusted individual, tricks the victim to open a text message, email, or instant message.
The victim is then deceived to open a malicious link that can cause the freezing of a
system as part of a ransomware attack, revealing sensitive information, or installation
of malware.
❖ This breach can have disastrous results. For an individual, this includes identity theft,
stealing of funds, or unauthorized purchases.
Whale Phishing Attack:-
❖ A whale phishing attack is a type of phishing that centers
on high-profile employees such as the CFO or CEO. It is
aimed at stealing vital information since those holding
higher positions in a company have unlimited access to
sensitive information. Most whaling instances manipulate
the victim into permitting high-worth wire transfers to the
attacker.
❖ The term whaling signifies the size of the attack, and
whales are targeted depending on their position within the
organization. Since they are highly targeted, whaling
attacks are more difficult to notice compared to the
standard phishing attacks.
❖ In a business, system security administrators can lessen
the effectiveness of such a hack by encouraging the
corporate management staff to attend security awareness
training.
Malware Attacks:-
❖Malware is a code that is made to stealthily affect a
compromised computer system without the consent of the
user. This broad definition includes many particular types
of malevolent software (malware) such as spyware,
ransom ware, command, and control.
❖Many well-known businesses, states, and criminal actors
have been implicated of and discovered deploying
malware.
❖Malware differs from other software in that it can spread
across a network, cause changes and damage, remain
undetectable, and be persistent in the infected system. It
can destroy a network and bring a machine’s performance
to its knees.
Drive-by Attack:-
❖ A security attacker looks for an insecure website and
plants a malicious script into PHP or HTTP in one of
the pages. This script can install malware into the
computer that visits this website or become an
IFRAME that redirects the victim’s browser into a site
controlled by the attacker. In most cases, these scripts
are obfuscated, and this makes the code to be
complicated to analyze by security researchers. These
attacks are known as drive-by because they don’t
require any action on the victim’s part except visiting
the compromised website. When they visit the
compromised site, they automatically and silently
become infected if their computer is vulnerable to the
malware, especially if they have not applied security
updates to their applications.
Ransomware:-
❖Ransomware blocks access to a victims data,
typically threating delete it if a ransom is paid. There
is no guarantee that paying a ransom will regain
access to the data. Ransomware is often carried out
via a Trojan delivering a payload disguised as a
legitimate file.
Trojan Horses:-
❖A Trojan is a malicious software program that
misrepresents itself to appear useful. They spread by
looking like routine software and persuading a victim
to install. Trojans are considered among the most
dangerous type of all malware, as they are often
designed to steal financial information
UNIT 3
17/07/2020
BECE Sem 7
LDRP-ITR
LDRP_ITR, BE,CE By Janak Tank
Threats
• The people eager, willing and qualified to take an advantage of
each security vulnerability, and continually search for new
exploits and weaknesses.
• Threats can be many like software attacks, theft of intellectual
property, identity theft, theft of information and information
extortion.
• Software attacks means attack by Viruses, Worms, Trojan
Horses etc.
• Malware means malicious software that is program code or a
malicious operations on system.
• Four main classes of threats:
20/07/2020
BECE Sem 7
LDRP-ITR
LDRP_ITR, BE,CE By Janak Tank
• Cyber crime – Mobile security Threats
▪ Types of mobile security Threats:
▪ Web-Based Threats happen when people visit sites
▪ Phishing through links are sent through messages, emails, or
any social media platforms.
▪ Forced Downloads drive-by downloads
▪ Physical Threats physically tries to access your device
▪ No Password Protection
▪ Encryption
▪ Network-Based Threats cybercriminal can steal
unencrypted data while people use public WiFi network
▪ Public WiFi in public provided with public open WiFi
▪ Network Exploits weakness in the OS in user’s mobile device
▪ Types of mobile security Threats:
• 1. Port scan
• 2. Social Engineering
• 3. Reconnaissance
• 4. Operating System and Application finger printing
• 5. Bulletin Boards and chats
• 6. Availability of Documentation
Securing the Insecure network
• Strong Authentication:
• Access Controls:
• Alarms and Alerts:
• Honey Pot
• Firewalls.
• Intrusion Detection System:
Types of Firewalls.
1
1. Introduction
-A network can be defined as a group of computers and other devices
connected in some ways so as to be able to exchange data.
-Each of the devices on the network can be thought of as a node; each
node has a unique address.
-Addresses are numeric quantities that are easy for computers to work
with, but not for humans to remember.
Example: 204.160.241.98
-Some networks also provide names that humans can more easily
remember than numbers.
Example: www.javasoft.com, corresponding to the above numeric
address.
…
2
Addressing
Internet address
Consists of 4 bytes separated by periods
Example: 136.102.233.49
-The R first bytes (R= 1,2,3) correspond to the network address;
-The remaining H bytes (H = 3,2,1) are used for the host machine.
-InterNIC Register: organization in charge of the allocation of the
address ranges corresponding to networks.
-Criteria considered:
→ Geographical area (country)
→ Organization, enterprise
→ Department
→ Host
Domain Name System (DNS)
-Mnemonic textual addresses are provided to facilitate the manipulation
of internet addresses.
-DNS servers are responsible for translating mnemonic textual Internet
3
addresses into hard numeric Internet addresses.
Ports
-An IP address identifies a host machine on the Internet.
-An IP port will identify a specific application running on an Internet host
machine.
-A port is identified by a number, the port number.
-The number of ports is not functionally limited, in contrast to serial
communications where only 4 ports are allowed.
-There are some port numbers which are dedicated for specific
applications.
Applications Port numbers
HTTP 80
FTP 20 and 21
Gopher 70
SMTP (e-mail) 25
POP3 (e-mail) 110
Telnet 23
Finger 79 4
Data Transmission
-In modern networks, data are transferred using packet switching.
-Messages are broken into units called packets, and sent from one
computer to the other.
-At the destination, data are extracted from one or more packets and
used to reconstruct the original message.
-Each packet has a maximum size, and consists of a header and a data
area.
-The header contains the addresses of the source and destination
computers and sequencing information necessary to reassemble
the message at the destination.
packet
header data
1001….101 00010000111…000000110001100
5
Types of Networks
There are two principle kinds of networks: Wide Area Networks
(WANs) and Local Area Networks (LANs).
WANs
-Cover cities, countries, and continents.
-Based on packet switching technology
-Examples of WAN technology: Asynchronous Transfer Mode (ATM),
Integrated Services Digital Network (ISDN)
LANs
-Cover buildings or a set of closely related buildings.
-Examples of LAN technology: Ethernet, Token Ring, and Fibber
Distributed Data Interconnect (FDDI).
Ethernet LANs: based on a bus topology and broadcast communication
Token ring LANs: based on ring topology
FDDI LANs: use optical fibbers and an improved token ring mechanism
based on two rings flowing in opposite directions.
6
Shared
bus
Dual ring
Ring
7
Network connectivity type Speed Transmission time
for 10 Mbytes
(Telephone) dial-up modem 14.4 Kbps 90 min
Ethernet 10 Mbps 9s
ATM 25Mbps/2.4Gbs
8
Interconnection
-Networks of low capacity may be connected together via a backbone
network which is a network of high capacity such as a FDDI network, a
WAN network etc.
-LANs and WANs can be interconnected via T1 or T3 digital leased
lines
-According to the protocols involved, networks interconnection is
achieved using one or several of the following devices:
→Bridge: a computer or device that links two similar LANs based on
the same protocol.
→ Router: a communication computer that connects different types of
networks using different protocols.
→ B-router or Bridge/Router: a single device that combines both the
functions of bridge and router.
→ Gateway: a network device that connects two different systems, using
direct and systematic translation between protocols.
9
Vancouver branch
Toronto branch
Gateway
Ethernet LAN Router Frame Token Ring LAN
Relay
ATM
T1 line
NY headquaters
Bridge/Route
Bridge/Router Router
Bridge
Ethernet
11
2. Protocols
-Define the rules that govern the communications between two
computers connected to the network.
12
Request For Comments (RFC): specifications of the protocols involved
in Internet Communications.
-Example: sample of RFC 821 describing communications between
SMTP server and client.
S: DATA
R: 354 Beginning of mail; ending by <CRLF>.<CRLF>
Network
14
3. Protocol Layers
-During the sending process, each layer (from top to down) will add
a specific header to the raw data.
-At the reception, headers are eliminated conversely until the data
arrived to the receiving application.
15
OSI Layers
Application layer
(applications connected to the network)
Presentation layer
(provides standard data representations for applications)
Session layer
(manages sessions among applications)
Transport layer
(provides end-to-end errors detection and correction)
Network layer
(handles connection to the network by the higher layers)
Data-link layer
(provides safe communication of data over the physical network)
Physical layer
(defines the physical characteristics of the network) 16
Physical layer: ensures a safe and efficient travel of data; consists of
electronic circuits for data transmission etc.
Layers
Application layer
(applications and processes running on the network)
Transport layer
(provides end-to-end data delivery services)
Internet layer
(makes datagrams and handles data routing)
Network layer
(provides routines allowing access to the physical network)
18
Network layer
-Provides the same functionality as the physical, the data link and
network layers in the OSI model.
-Mapping between IP addresses and network physical addresses.
-Encapsulation of IP datagrams, e.g packets, in format understandable
by the network.
Internet layer
-Lies at the heart of TCP/IP.
-Based on the Internet Protocol (IP), which provides the frame for
transmitting data from place A to place B.
Transport layer
-Based on two main protocols: TCP (Transmission Control Protocol)
and UDP (User Datagram protocol)
Application layer
-Combines the functions of the OSI application, presentation, and
session layers.
-Protocols involved in this layer: HTTP, FTP, SMTP etc. 19
4. Networks Interconnection/Internet
Concept of Network Interconnection
-First implemented in the Defense Advanced Research Project Agency
Network (Arpanet), in 1966 in USA.
-Consists of connecting several computer networks based on different
protocols
-Requires the definition of a common interconnection protocol on top
the local protocols.
-The Internet Protocol (IP) plays this role, by defining unique addresses
for a network and a host machine.
FTP Telnet SMTP SNMP
TCP/UDP
IP
IP
P4 P3
21
Internet Protocol (IP)
Overview
-The IP protocol provides two main functionality:
→Decomposition of the initial information flow into packets of
standardized size, and reassembling at the destination.
→Routing of a packet through successive networks, from the source
machine to the destination identified by its IP address.
-Transmitted packets are not guaranteed to be delivered (datagram
protocol).
-The IP protocol does not request for connection (connectionless)
before sending data and does not make any error detection.
Functions
-Decompose the initial data (to be sent) into datagrams.
-Each datagram will have a header including, the IP address and the
port number of the destination.
-Datagrams are then sent to selected gateways, e.g IP routers, connected
at the same time to the local network and to an IP service provider
22
network.
-Datagrams are transferred from gateways to gateways until they arrived
at their final destination.
packet1
Sender
packet2 Receiver
Routers
23
Structure of an IP packet
-The fields at the beginning of the packet, called the frame header,
define the IP protocol’s functionality and limitations.
-32 bits are allocated for encoding source and destination addresses (32
bits for each of these address fields).
-The remainder of the header (16 bits) encodes various information such
as the total packet length in bytes.
-Hence an IP packet can be a maximum of 64Kb long.
0 10 12 16 20 24
Header
Checksum
Source address
Destination address
Options 24
Data
Transmission Control Protocol (TCP)
Overview
-TCP provides by using IP packets a basic service that does guarantee
safe delivery:
→error detection
→safe data transmission
→assurance that data are received in the correct order
-Before sending data, TCP requires that the computers communicating
establish a connection (connection-oriented protocol).
TCP Server
Client
SYN
SYN_ACK
ACK
DATA
DATA
FIN
ACK
DATA
FIN 25
ACK
-TCP provides support for sending and receiving arbitrary amounts of
data as one big stream of byte data (IP is limited to 64Kb).
-TCP does so by breaking up the data stream into separate IP packets.
-Packets are numbered, and reassembled on arrival, using sequence and
sequence acknowledge numbers.
-TCP also improves the capability of IP by specifying port numbers.
→ There are 65,536 different TCP ports (sockets) through which every
TCP/IP machine can talk.
Structure of a TCP packet
0 2 4 8 12 20
Source port
Destination port
Sequence No.
Sequence Ack. No.
Misc. header
Data 26
User Datagram Protocol (UDP)
Overview
-Datagram protocol also built on top of IP.
-Has the same packet-size limit (64Kb) as IP, but allows for port
number specification.
-Provides also 65,536 different ports.
-Hence, every machine has two sets of 65,536 ports: one for TCP and the
other for UDP.
-Connectionless protocol, without any error detection facility.
-Provides only support for data transmission from one end to the other,
without any further verification.
-The main interest of UDP is that since it does not make further
verification, it is very fast.
-Useful for sending small size data in a repetitive way such as time
information.
27
4.5 Internet Application Protocols
On top of TCP/IP, several services have been developed in order to
homogenize applications of same nature:
-FTP (File Transfer Protocol) allows the transfer of collection of files
between two machines connected to the Internet.
-Telnet (Terminal Protocol) allows a user to connect to a remote host in
terminal mode.
-NNTP (Network News Transfer Protocol) allows the constitution of
communication groups (newsgroups) organized around specific topics.
-SMTP (Simple Mail Transfer Protocol) defines a basic service for
electronic mails.
-SNMP (Simple Network Management Protocol) allows the
management of the network.
FTP Telnet SMTP SNMP
TCP/UDP
IP