Chapter One

Introduction to Information Security

Introduction to Information Security

1
Information Security

 Security: The quality or state of being secure.

 Information systems security(INFOSEC), refers to the processes and

methodologies involved with keeping information confidential, available, and
assuring its integrity.
 It also refers to:

 Access controls, which prevent unauthorized personnel from entering or

accessing a system.
 Protecting information no matter where that information is, i.e. in transit
(such as in an email) or in a storage area.
 The detection and remediation of security breaches, as well as
documenting those events.
2
Information Security(cont.)
 Information security means protecting information and information
systems from unauthorized access, use, disclosure, disruption, modification,
perusal, inspection, recording or destruction.

Information security = confidentiality + integrity + availability +

authentication.
 Confidentiality principle is to keep personal information private

 Integrity protection against unauthorized changes (additions, deletions,

alterations, etc.) to data
 Availability is the protection of a system’s ability to make software systems
and data fully available when a user needs it (or at a specified time)
 Authentication can be accomplished by identifying someone.
3
 Cont.
 Well-informed sense of assurance that the information risks and controls are
in balance.
 Mean that Security should be
 Cost effective, value added and good business sense
 Balance between protection and availability.
 Level of security must allow reasonable access, yet protect against threats

 The terms information security, computer security and information

assurance are frequently incorrectly used interchangeably.

 Computer security can focus on ensuring the availability and correct

operation of a computer system without concern for the information stored
or processed by the computer.
 Network security terms are the foundation for any discussion of network
security and are the elements used to measure the security of a network.

4
 Basic Security Terminology(concepts)
 Some of these terms or concepts include:-

1. Identification:- is simply the process of identifying one's self to another

entity or determining the identity of the individual or entity with whom you
are communicating.

2. Authentication:- is the assurance that the communicating entity is the one

that it claims to be.(Authentication is verifying who you are.)

 Authentication serves as proof that you are who you say you are or
what you claim to be.
 Authentication is required when communicating over a network or
logging onto a network.

5
 Cont.
 When communicating over a network you should ask yourself two questions:

1) With whom am I communicating?

2) Why do I believe this person or entity is who he, she, or it claims to be?

 When logging onto a network, three basic schemes are used for
authentication (Three Authentication Factors(Two-Factor Authentication)):
 Knowledge Factor: Something you know e.g., password, pin , pattern.
 Possession Factor : Something you have e.g., SIM Card, mobile
phone, smart card, hardware token etc.
 Inherence Factor: Something you are e.g., fingerprint, voice
verification., palm scanning, facial recognition etc.

Example: Password + Mobile Push + Fingerprinting

6
 Cont.
3. Access Control(Authorization):- refers to the ability to control the level of access that

individuals or entities have to a network or system and how much information they can

receive.

 Authorization is granting or denying access to a service based on who

you say you are.

 Your level of authorization basically determines what you're allowed to do once you

are authenticated and allowed access to a network, system, or some other resource such

as data or information.

 Access control is the determination of the level of authorization to a system, network,

or information (i.e., classified, secret, or top-secret).

7
 Cont.
4. Confidentiality:- can also be called privacy or secrecy and refers to the protection of

information from unauthorized disclosure. (Accessed only by authorized user)

 Usually achieved either by restricting access to the information or by encrypting the

information so that it is not meaningful to unauthorized individuals or entities. Example:

Student grade

 Confidentiality classified in to the following :

 Data confidentiality: the protection of data from unauthorized disclosure

 Connection confidentiality: the protection of all user data on a connection

 Connectionless confidentiality: the protection of all user data in a single data block

 Selective-Field Confidentiality: The confidentiality of selected fields within the user data on a

connection or in a single data block.

 Traffic Flow Confidentiality: The protection of the information that might be derived from

observation of traffic flows.

8
 Contd.
5. Availability:- refers to whether the network, system, hardware, and software are reliable and can
recover quickly and completely in the event of an interruption in service. Resource accessible/ usable.
 Ideally, these elements should not be susceptible to denial of service attacks (DOS).

6. Data Integrity:- refers to the assurance of data received are exactly as sent by an authorized entity.
 Integrity is the process of validating that the data provided by an authenticated source has not been
changed. 
 Data integrity is achieved by preventing unauthorized or improper changes to data, ensuring
internal and external consistency, and ensuring that other data attributes (such as timeliness and
completeness) are consistent with requirements.

7. Accountability:- refers to the ability to track or audit what an individual or entity is doing on a
network or system.
 Does the system maintain a record of functions performed, files accessed, and information altered?

Example: if the system have activity log it records every activity performed on the system to achieve
accountability of the system and user.

9
 Cont.

8. Non-Repudiation:- refers to the ability to prevent individuals or

entities from denying (repudiating) that information, data, or files were
sent or received or that information or files were accessed or altered,
when in fact they were.
 Protection against denial by one of the parties in a communication.
 is crucial to e-commerce.

10
 Computer Security
 Computer security basically is the protection of computer systems and
information from harm, theft, and unauthorized use.
 It is the process of preventing and detecting unauthorized use of your
computer system.
 While computer systems today have some of the best security systems ever,
they are more vulnerable than ever before.
 Computer and network security comes in many forms, including encryption
algorithms, access to facilities, digital signatures, and using fingerprints and
face scans as passwords.
 The Open Systems Interconnection (OSI) security architecture provides a
systematic frame work for defining security attacks, mechanisms and
services.
11
 Computer Security(cont.)
 The OSI security architecture focuses on security attacks, mechanisms and services.
 Security attack:- Any action that compromises the security of information
owned by an organization.
 Security mechanism:- A process (or a device incorporating such a process) that
is designed to detect, prevent, or recover from a security attack.
 Security service:- A processing or communication service that enhances the
security of the data processing systems and the information transfers of an
organization.
 The services are intended to counter security attacks, and they make use of one or
more security mechanisms to provide the service.
 Security service: Confidentiality, Authentication Integrity, Non repudiation ,Access
control and Availability

12
 Cont.
 Network Security:- measures to protect data during their transmission over
the network.

 Internet Security:- measures to protect data during their transmission over

a collection of interconnected networks(network of networks)

13
 Why Is Computer and Network Security Important?
1. To protect company assets:- One of the primary goals of computer and network security

is the protection of company assets (hardware, software and/or information).

2. To gain a competitive advantage:- Developing and maintaining effective security

measures can provide an organization with a competitive advantage over its competition

3. To comply with regulatory requirements and fiduciary responsibilities:- organizations

that rely on computers for their continuing operation must develop policies and

procedures that address organizational security requirements.

 Such policies and procedures are necessary not only to protect company assets but

also to protect the organization from liability

4. To keep your job:- Security should be part of every network or systems administrator's

job. Failure to perform adequately can result in termination.

14
 Vulnerabilities(Attack Surface)
 Are weak points or loopholes in security that an attacker can exploit in order to gain access to the
network or to resources on the network.
 There are three main types of attack surfaces:

I. Digital attack surface: encompass applications, code, ports, servers and websites, as well as
unauthorized system access points.
 Vulnerabilities left by poor coding, weak passwords, default operating system settings, exposed application
programming interfaces or poorly maintained software are all part of the digital attack surface.
II. Physical attack surface: it comprise all endpoint devices, such as desktop systems, laptops, mobile
devices and USB port.
 Improperly discarded hardware that may contain user data and login credentials, passwords on paper or
physical break-ins are also included.
III. Social engineering attack surface: Social engineering is the term used for a broad range of malicious
activities accomplished through human interactions.
 It involves attackers sending emails and messages that trick users into performing actions that may
compromise their security or divulge private information. Attackers manipulate users using
psychological triggers like curiosity, urgency or fear.
 It uses psychological manipulation to trick users into making security mistakes or giving away sensitive
information.

15
 Cont.
 The vulnerability is not the attack, but rather the weak point that is
exploited. 
 Vulnerability is the intersection of three elements:

1. A system susceptibility or flaw,

2. attacker access to the flaw, and
3. attacker capability to exploit the flaw
 To be vulnerable, an attacker must have at least one applicable tool
or technique that can connect to a system weakness.
 A security risk may be classified as a vulnerability. But there are
vulnerabilities without risk, for example when the affected asset has
no value.
16
 Contd.
  The basic strategies of attack surface reduction include the
following:
I. Reduce the amount of code running,
II. Reduce entry points available to untrusted users, and
III. Eliminate services requested by relatively few users.

17 Fig Threat agents, attack vectors, weakness, controls, IT asset and business
impact
 Vulnerability Classification
 Vulnerabilities are classified according to the asset class they

related to:
1. Hardware
 Susceptibility to humidity
 Susceptibility to dust
 Susceptibility to soiling
 Susceptibility to unprotected storage

2. Software
 Insufficient testing
 Lack of audit trail

18
 Contd.
3. Network
 Unprotected communication lines
 Insecure network architecture
4. Personnel
 Inadequate recruiting process
 Inadequate security awareness
5. Site
 Area subject to flood
 Unreliable power source
6. Organizational
 Lack of regular audits
 Lack of continuity plans

19
 That's enough for today.
If you have a question, you can ask me.

?
20
 What are the basic security measures?
1. External security: is about protection of computer systems from
environmental damages such as floods and heat, physical security such as
locking rooms and computers and electrical protection such as power surge
and electromagnetic interfaces.
2. Operational security: is about deciding who has access to what, limiting
access time and location
3. Surveillance: proper placement of a security cameras and can deter theft
and vandalism
4. Passwords/authentication: the most common form of security. There are
some simple rules for password security systems like:
a) Change your password often
b) Pick a good, strong and random password
c) Don’t share password or write down them
d) Don’t select/use names and familiar objects as password
e) Authentication: the process of reliably verifying the identity of
someone/something by means of a secret (password), an object (smart card),
physical characteristics (finger print) and trust.
21
 What are the basic security measures?
5. Auditing: used to detect wrong doing
6. Access rights: determines the security by means of who and
how. Who do you give access right to? (No One, Group of Users,
entire set of Users). How a user/group of users does have access?
(Read, write, delete, print, copy, execute).
7. Viruses/worms and antivirus tools
8. Firewalls
9. Encryption and Decryption Techniques
10. Digital Signature
11. Security Policy

22
 Categories of attacks
 Interruption: An attack on availability
 Interception: An attack on confidentiality
 Modification: An attack on integrity
 Fabrication: An attack on authenticity

23
 Some Types of Attacks
 What are some common attacks?
1. Network Attacks
 Packet sniffing,
 man-in-the-middle
2. Web attacks
 Phishing,
 Cross Site Scripting
3. OS, applications and software attacks
 Virus, Trojan, Worms, Rootkits, Buffer Overflow
 Not all hackers are evil wrongdoers trying to steal your info
 Ethical Hackers, Consultants, Penetration testers, Researchers

24
 Network Attacks
 Packet Sniffing
 Internet traffic consists of data “packets”, and these can be
“sniffed/(read data packets)”
 Leads to other attacks such as password sniffing, cookie stealing
session hijacking, information stealing
 Man in the Middle
 Insert a router in the path between client and server, and change the
packets as they pass through

25
 Web Attacks
 Phishing
 An evil website pretends to be a trusted website
 Example: You type, by mistake, “mibank.com” instead of
“mybank.com”
 mibank.com designs the site to look like mybank.com so the user
types in their info as usual
 BAD! Now an evil person has your info!
 Cross Site Scripting
 Writing a complex JavaScript program that steals data left by other
sites that you have visited in same browsing session

26
 Computer Security Components
 Vulnerability is a point where a system is susceptible to attack.
 A threat is a possible danger to the system. The danger might be
a person (a system cracker or a spy), a thing (a faulty piece of
equipment), or an event (a fire or a flood) that might exploit a
vulnerability of the system.
 Countermeasures are techniques for protecting your system

27
 Causes of Vulnerabilities
 Complexity: Large, complex systems increase the probability of flaws
and unintended access points
 Familiarity: Using common, well-known code, software, operating
systems, and/or hardware increases the probability an attacker has or
can find the knowledge and tools to exploit the flaw
 Connectivity: More physical connections, privileges, ports, protocols,
and services and time each of those are accessible increase vulnerability
 Password management flaws: The computer user uses weak passwords
that could be discovered by brute force. The computer user stores the
password on the computer where a program can access it. Users re-use
passwords between many programs and websites.
 Internet Website Browsing: Some internet websites may contain
harmful Spyware or Adware that can be installed automatically on the
computer systems. After visiting those websites, the computer systems
become infected and personal information will be collected and passed
on to third party individuals.
28
 Causes of Vulnerabilities
 Software bugs: The programmer leaves an exploitable bug in a
software program. The software bug may allow an attacker to
misuse an application.
 Not learning from past mistakes: for example, most
vulnerabilities discovered in IPv4 protocol software were
discovered in the new IPv6 implementations
 The research has shown that the most vulnerable point in most
information systems is the human user, operator, designer, or
other human:
 so, humans should be considered in their different roles as asset,
threat, information resources. Social engineering is an increasing
security concern.

29
 Vulnerabilities in Common Network Access Procedures & Protocols
 The primary protocol used in operating systems today is the TCP/IP protocol
stack. TCP/IP is a set of standardized rules that allow computers to
communicate on a network such as the internet.
 The wide use of this protocol helps to integrate different operating system
architectures such as Microsoft and UNIX.
 Many organizations make use of this interoperability and use various TCP/IP
utilities to run programs, transfer information, and reveal information.
 Due to the nature of these utilities, various security risks and threats exist.
 Users often use the same passwords for mixed environments.
 Sometimes, passwords are automatically synchronized.
 If hackers can crack the password on systems other than Microsoft systems,
they could also use that password to logon to a Microsoft system.
30
 Telnet
 Telnet is a network protocol used to virtually access a computer and to provide a
two-way, collaborative and text-based communication channel between two
machines.
 It follows a user command (TCP/IP) networking protocol for creating remote
sessions.
 The telnet command provides a user interface to a remote system.
 When using the Microsoft telnet client to log on to the Microsoft Windows 2000
Telnet service, it uses the NTLM(NT LAN Manager) protocol to log the client on.
 Windows New Technology LAN Manager (NTLM) is an outmoded challenge-
response authentication protocol from Microsoft.
 NTLM authenticates clients and servers via a challenge-response method
composed of three messages, as follows:
 Negotiation: Advertises capabilities
 Challenge: Establishes identity
 Authentication: Authenticates the client or server
 In a Windows network, NTLM is a suite of Microsoft security protocols that
provides authentication, integrity, and confidentiality to users.
31
 Cont.
 Problems arise when integrating Microsoft systems and UNIX systems.

 When logging on to a system from a Microsoft telnet client to UNIX

TELNET daemon service or vice versa, the user name and password
are sent over the network in plain text.

 Since the user name and password characters are not encrypted, it is
possible for an electronic eavesdropper to capture a user name and
password for a system for which a telnet connection is being
established.

32
 File Transfer Protocol(FTP)
 It allows users to connect to remote systems and transfer files back and
forth.
 FTP is a standard internet protocol provided by TCP/IP used for transmitting the
files from one host to another.
 It is mainly used for transferring the web page files from their creator to the
computer that acts as a server for other computers on the internet.
 It is also used for downloading the files to computer from other servers.

 As part of establishing a connection to a remote computer, FTP relies on

a user name and password combination for authentication.

 Use of FTP poses a security problem similar to use of the Telnet protocol
because passwords typed to FTP are transmitted over the network in plain
text, one character per packet. These packets can be intercepted.
33
 Contd.
 Another problem area for FTP is anonymous FTP.
 Anonymous FTP allows users who do not have an account on a computer to
transfer files to and from a specific directory.
 This capability is particularly useful for software or document
distribution to the public.
 To use anonymous FTP, a user passes a remote computer name as an
argument to FTP and then specifies "anonymous" as a user name.
 Problems with anonymous FTP are:
 There is often no record of who has requested what information.
 The threat of denial-of-service attacks. That is, For deliberate or
accidental denial-of-service attacks, authorized users may be denied
access to a system if too many file transfers are initiated simultaneously.
 It is important to securely set up the anonymous FTP account on the
server because everyone on the network will have potential access.
 If the anonymous FTP account is not securely configured and
administered, crackers may be capable of adding and modifying files.
34
 Trivial File Transfer Protocol(TFTP)
 TFTP is a simple protocol that provides basic file transfer function with no
user authentication.
 TFTP uses the User Datagram Protocol (UDP) to transport data from one end
to another.
 TFTP is mostly used to read and write files/mail to or from a remote server.
 UDP is connectionless or “best-effort delivery” because it does not establish a
connection before sending, it does not sequence packets before sending, and it
does not provide error control through retransmission.
 TFTP is very useful for boot computers and devices that do not have hard disk
drives or storage devices because it can easily be implemented using a small
amount of memory. This characteristic of TFTP makes it one of the core
elements of network boot protocol, or preboot execution environment (PXE).
 Because TFTP has no user authentication, it may be possible for unwanted file
transfer to occur.
 The use of TFTP to steal password files is a significant threat.
35
 Commands Revealing User Information
 Commands that reveal/see-through user and system information
pose a threat because crackers can use that information to break
into a system.
 Some of these commands whose output makes a system
vulnerable to break-ins include:
Finger
Rexec

36
 Finger
 Finger command is a user information lookup command which gives details of all
the users logged in.

 This tool is generally used by system administrators. It provides details like login
name, user name, idle time, login time, and in some cases their email address even. 
 The finger client utility on Windows NT and Windows 2000 can be used to connect
to a finger daemon service running on a UNIX-based computer to display
information about users.
 When the finger client utility is invoked with a name argument, the password file is
searched on a UNIX server.
 Every user with a first name, last name, or user name that matches the name
argument is returned.
 When the finger program is run with no arguments, information for every user
currently logged on to the system is displayed.
 User information can be displayed for remote computers as well as for the local
computer.

37
 Cont.

 Personal information, such as telephone numbers, is often stored in

the password file so that this information is available to other users.
 Making personal information about users available poses a security
threat because a password cracker can make use of this information.
 In addition, finger can expose logon activity.

38
 Rexec
 rexec executes the specified command on a remote host.
 The remote host must be running a rexecd service (or daemon) for
rexec to connect to.
 The rexec utility is provided as a client on Microsoft Windows NT
and Windows 2000.
 The rexec client utility allows remote execution on UNIX-based
systems running the rexecd service.
 A client transmits a message specifying the user name, the
password, and the name of a command to execute.
 The rexecd program is susceptible to abuse because it can be used
to probe a system for the names of valid accounts.
 In addition, passwords are transmitted unencrypted over the
network.

39
 Protocol Design
 Communication protocols sometimes have weak points. Attackers use
these to gain information and eventually gain access to systems. Some
known issues are:
 TCP/IP:- The TCP/IP protocol stack has some weak points that allows:
 IP spoofing is the creation of Internet Protocol (IP) packets with a
false source IP address, for the purpose of impersonating/copying/
mimic another computing system.
 TCP connection request (SYN) attacks
 ATM:- Security can be compromised by what is referred to as
"manhole manipulation“, direct access to network cables and
connections in underground parking garages and elevator shafts.
 Frame relay:- Similar to the ATM issue.

40
 TCP connection request (SYN) attacks
 TCP SYN flood (a.k.a. SYN flood) is a type of Distributed Denial of
Service (DDoS) attack that exploits part of the normal TCP three-way
handshake to consume resources on the targeted server and render it
unresponsive.
 the offender sends TCP connection requests faster than the targeted machine
can process them, causing network saturation.

41
 Modem
 If a computer has a modem connected to the Internet, the user needs to take
appropriate protections because modem connections can be a significant
vulnerability.
 Hackers commonly use a tool known as a "war dialer" to identify the modems
at a target organization.
 A war dialer is a computer program that automatically dials phone numbers
within a specified range of numbers.
 Most organizations have a block of sequential phone numbers.
 By dialing all numbers within the targeted range, the war dialer identifies which
numbers are for computer modems and determines certain characteristics of
those modems.
 The hacker then uses other tools to attack the modem to gain access to the
computer network.
 Anyone can download effective war dialers from the Internet at no cost.
42