SlideShare a Scribd company logo

Network and Information security_new2.pdf

A
AyanMujawar2

Networking and information technology

Technology
1 of 69
Download to read offline
Network and Information security • Code : 22620 • Sem – VI • Computer Engineering
Computer Security • Definition : The generic name for collection of tools designed to protect data & to thwart hackers is called computer security.
Need of computer security • For prevention of data theft such as bank account numbers, credit card information, password, work related documents etc • To make data remain safe & confidential. • To provide confidentiality which ensures that only those individual should ever be able to view data • To provide integrity which ensures that only those individual should ever be able to change the information • To provide availability which ensures that the data is available for use when authorized user want it • To provide authentication which deals with individual identity • To provide non repudiation which deals with the assurance that someone cannot deny something
Security Basics or key principles • Confidentiality : The principle of confidentiality specifies that only the sender & the intended recipients should be able to access the contents of a message • Confidentiality gets compromised if an unauthorized person is able to access the contents of message. • Integrity The principle of integrity specifies that assets are modifiable only by authorized parties
• Availability : The principle of availability state that resources(information) should be available to authorized parties at all times. • Authentication: The Authentication process ensures that the origin of message is correctly identified • Non- Repudiation: The ability of a system to confirm that a sender cannot convincingly deny having sent a message
Risk & Threat Analysis • Risk: Risk is some incident or attack that can cause damage to the system • Risk analysis have following parameters are there : 1. Asset : In computer security assets are any data , device, or other component that supports information related security. Asset can be Hardware : computer components, network, communication channel , mobile device Software : applications, OS, programs Data : files, folders - Goal of computer security is to protect valuable assets. - We protect assets by methods
2. Vulnerability : Vulnerability is a weakness in the information infrastructure of a business or organization. It will accidentally or intentionally damage the asset. • In any system , the Vulnerability can be : programs with known faults weak access control settings on resources weak firewall configuration that allows access to vulnerable services 3. Threats : A set of circumstances (incident)that has the potential to cause loss. Threats are Natural threat- earthquake, Intentionally threat – cyber attack
4. Countermeasure : (control) Action taken to off another action That is the action, device, procedure or techniques that eliminates or reduces a vulnerability The conclusion is that Threat are blocked by controlling vulnerability.
Threat to security • Viruses • Phases of Virus • Dealing with virus • Worms • Trojan horse • Intruders • Insiders
virus • A virus is a code or program that attaches itself to another code or program which causes damage to the computer system or to the network • It is a piece of code which is loaded onto the computer without individuals knowledge and run against his/her wishes • It can not replicate them. All computer viruses are man made. • Virus modifies the program and damage the system
Phases of Virus A typical virus goes through the following four phases: 1. Dormant Phase : The virus is idle and eventually activated by some event 2. Propagation Phase : The virus places an identical copy of itself into another programs or into certain system areas on the disk 3. Triggering Phase: The virus is activated to perform the function for which it was intended. 4. Execution Phase : The function is performed
Types of Viruses • Parasitic Virus : It attach itself to executable code and replicate itself. When the infected code is executed, it will find other executable code or program to infect. • Memory resident virus: It insert themselves as a part of operating system or application and can manipulate any file that is executed, copied or moved. • Non-resident virus : This type of virus executes itself and terminated or destroyed after specific time
• Boot sector virus: this virus infects the boot record and spread through a system when system is booted from disk containing virus. • Overwriting virus: It overwrites the code with its own code. • Stealth virus : It hides the modification and it has made in the file or boot record. • Macro Virus : These viruses are not executable , it affects Microsoft word like documents. They can spread through email
• Polymorphic Virus : It produces fully operational copies of itself , in an attempt to avoid signature detection. • Companion Virus : This virus creates new program instead of modification an existing file. • Email Virus : virus gets executed when email attachment is open by recipient Virus sends itself to everyone on the mailing list of sender. • Metamorphic virus : This virus keeps rewriting itself every time. It may change their behavior as well appearance code.
Dealing with virus • Preventing from the virus we can attempt to detect, identify Remove viruses. 1. Detection : Find out the location of virus 2. Identification : Identify the specific virus that has attacked. 3. Removal : After identification, it is necessary to remove all traces of the virus & restore affected file to its original state with the help of anti – virus.
Worms • A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs • Any simple virus can be dangerous because it will quickly use all available memory space and bring the system to a halt
Virus and Worm Sr. No Virus Worm 1 A program or code that attach itself to another program & runs whenever that application runs A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs 2 Virus modifies the code Worm does not modify the code 3 It does not replicate itself It replicate itself 4 Virus is destructive in nature Worm is non destructive in nature 5 Virus modifies the functionality Worm is to make computer or network unusable 6 Virus infect other files Worm does not infect the code but it occupies memory space by replication 7 Virus may need trigger for execution Worm does not need any trigger
Trojan Horse • Trojan horse is a hidden piece of code, it allows an attacker to obtain confidential data. • The main purpose of Trojan horse is to reveal confidential information to an attacker. • Example : The Trojan horse can hide in code for login screen. When user enters the user id and password the Trojan horse captures these details and send this information to the attacker without knowledge of authorized user. The attacker can then use this information to gain access to the system.
Intruder • Intruders are authorized or unauthorized users who are trying access the system or network • There are three classes of Intruders : 1. Masquerader : An individual who is not authorized to use the computer & who enters a system access controls to use a legal users account. Is an outsider 2. Misfeasor : A legitimate user who access the data, programs or resources for whom these access is not authorized. Is an Insider 3. Secret user : an individual who hold managerial control of system. Is can be either insider or outsider.
Insider • The Insider have the access and necessary knowledge to cause damage to an organization hence, Insider is more dangerous than outside Intruder. • Many security are designed to protect the organization against outside Intruders. • But the Insider may already have all the access to carry out criminal activity like fraud. Also they have the knowledge of security system in place. • Insider not only have physical access to the organization facilities but may also have access to the computer system and network
Comparison between Intruder and Insider Sr no. Intruder Insider 1 Intruders are authorized or unauthorized users who are trying access the system or network Insiders are authorized users who try to access system or network 2 Intruders are hackers or crackers Insiders are not hackers 3 Are less dangerous Are more dangerous 4 Are illegal users Are Legal users 5 They have to study or knowledge about the security system They have knowledge about the security system 6 They do not have access to system They have easy access to the system bcz they are a 7 Many security mechanisms are used to protect system from Intruders There is no such mechanism to protect system from Insider
Security Attack • Definition : When someone tries to access, modify or damage the system is referred to as Attack • There are different types of attack 1. Passive Attack : • Passive attack are those where attacker monitoring of data transmission • The goal of attacker is to obtain information that is being transmitted • The term passive indicates that the attackers does not modify the data
Passive attack • There are two types of attack 1. Release of message contents 2. Traffic analysis
Release of message contents •BOB is sending some important message to Alia. This message may contain sensitive or confidential information. •If Darth read the contents of message then the communication is harmed
Traffic Analysis
Active Attack • Active Attack perform some modification of the data or creation of false data stream • It is divided into 1. Masquerade 2. Replay 3. Modification of message 4. Denial of service
Masquerade
Masquerade • A 'masquerade' takes place when one entity pretends to be a different entity. • A masquerade attack usually includes one of the other forms of active attack. • For example, Where Darth pretend to be BOB & sends a message to Alice
Replay Attack
Replay Attack • In Replay attack, a user captures a sequence of events or some data units and resend them • Example : If Alice wants to authenticate Bob before communicating with him. for that Bob sends password to Alice. This password is captured by Darth & in future he may transmit this password to Alice so that Darth can easily masquerade Bob.
Modification of message
Modification of message • It simply means that some portion of a authorized message is altered, or that messages are delayed or reordered, to produce an unauthorized effect.
Denial of service
Denial of service attack • DOS attack make an attempt to prevent legitimate users from accessing some services, which they are eligible for. • For instance an unauthorized user might send too many login request to the server using random user ids one after the other in quick succession, so as to flood the network & deny other authorized users from using the network facilities
Example of DOS attack • A typical mechanism to launch a DOS attack is with the help of SYN request. • This attack uses TCP/IP protocol to create connection between client and server by Using TCP/IP handshake as follows: 1. First, the client sends a SYN packet to the server in order to initiate the connection. 2. The server then responds to that initial packet with a SYN/ACK packet, in order to acknowledge the communication. 3. Finally, the client returns an ACK packet to acknowledge the receipt of the packet from the server. After completing this sequence of packet sending and receiving, the TCP connection is open and able to send and receive data.
TCP/IP handshake This attack uses TCP/IP protocol to create connection between client and server by Using TCP/IP handshake as follows: 1. First, the client sends a SYN packet to the server in order to initiate the connection. 2. The server then responds to that initial packet with a SYN/ACK packet, in order to acknowledge the communication. 3. Finally, the client returns an ACK packet to acknowledge the receipt of the packet from the server. After completing this sequence of packet sending and receiving, the TCP connection is open and able to send and receive data.
SYN flooding attack • The attacker sends fake communication request to the targeted system • Each of this request is answered by targeted system & waits for the response, which will never come because the request are fake • The targeted system will drop these connections after a specific time out period, if the attacker sends requests faster than time out period eliminates them, the system will quickly be filled with request. • So, after this system will be reserving all connections for fake request. Because of this the authorized user who want to communication will not be able to communicate target system.
Types of attacks • DDOS attack • Backdoors • Sniffing • Spoofing • TCP/IP hijacking • Man in middle • Replay attacks
Distributed Denial of Service Attacks (DDoS) • In Distributed Denial of Service (DDoS) attacks, an attacker is able to recruit a no. of host throughout the internet to simultaneously or in coordinated fashion. • The 1st step in DDOS attack is that the attacker to infect number of machines with zombie s/w that ultimately be used to carry out the attack • The software must be able to run on a large no. Of machine. • For this attacker must become aware of a vulnerability that many that enables the attacker to install zombie s/w & also locating vulnerable machine is called scanning . • In the scanning process, the attacker 1st seeks out a no. Of vulnerable machines & infect them
Distributed Denial of Service Attacks (DDoS) • Then Zombie s/wis installed & repeats same scanning process, until a large distributed n/w of infected machines is created. • After infecting a large distributed n/w, the target system goes down & do not give response to their service request • Example : 1. Distributed SYN Flood attack 2. Distributed ICMP attack
1. Distributed SYN Flood attack
2. Distributed ICMP attack
Backdoor or Trapdoor • Secret entry point into a program • Allows those who know access bypassing usual security procedures • They have been commonly used by developers • A threat when left in production programs allowing exploited by attackers • It is very hard to block in O/S • It requires good s/w development & update
Sniffing Attack • Sniffing attack means capturing the data packets when it flows through a computer network. • Packet sniffer is the device or medium used to do this sniffing attack. • They are called network protocol analyser can be used by a n/w or system administrator to monitor & troubleshoot N/w traffic
Packet Sniffing • A packet sniffer is a program that can see all the information passing over the N/W it is connected • When a packet sniffer is setup on a computer sniffer N/W interface is looking at everything the come through • A packet sniffer can usually be set up in one of the two ways: 1. Unfiltered – Captures all the packets 2. Filtered - Captures only those packets containing specific data elements • The packet that contain targeted data are copied as they pass through. The program stores the copies in memory depending on programs configuration.
Packet Sniffing • These copies can then be analyzed carefully for specific information or pattern • When users connect to the internet, they joining a N/W maintained by their ISP • A packet sniffer located at one of the servers of users ISP would be able to monitor all the online activities such as 1. Which web site the user visit? 2. What user look at one site? 3. To whom user sends email etc?
Spoofing • Spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data • The attacker must monitor the packets sent from sender to receiver & then guess the sequence no. of the packets • When packet is sent from one system to another it includes not only IP address & port of destination but the source IP address as well • Example : 1. Email spoofing 2. Caller ID Spoofing 3. IP address Spoofing
Email spoofing • Email spoofing refers to email that appears to have been originated from one source but it was actually sent from another source • Example : Spam email, Junk mail • A simple method of spoofing an email address is to telnet to port 25, the port is associated with email on system from one can fill from & to sections of message
Email spoofing
Caller ID Spoofing • Caller identification (Caller ID) is a service that allows the receiver of a phone call to determine the identity of the caller. • Caller ID is initially sent over at the start of the phone call and identifies the incoming caller before the receiver answers the phone. • Caller ID is not associated with the actual phone number but is part of the initial call setup, which allows the caller to manipulate the Caller ID to display a different number from the number that is calling.
Caller ID Spoofing • If you have ever received a call where the caller said that you called them when you have not, then your number was most likely spoofed by another person. • There are many phone scams that use Caller ID spoofing to hide their identity because Caller ID spoofing makes it impossible to block the number. • The caller ID spoofing is done by services & gateways that interconnect VOIP(Voice Over IP) with other public phone N/W
IP address spoofing • IP address Spoofing is the process of replacing the source IP address with a fake IP address from the IP packet to hide the real identity of sender • The technical mechanism to achieve IP spoofing attack as follows : 1. The attacker creates IP packet to be sent to the server with SYN request. 2. As usual, the server responds back with a SYN ACK response 3. The attacker has to get hold of the SYN ACK response by disconnecting the user using DOS attack & resumes communication fake IP address of disconnected user 4. Once this is done, the attacker can try various commands on server computer
Man in middle attack • Man-in-the-middle attacks (MITM) occurs when attacker are able to place themselves in the middle of two other hosts that are communicating in order to view or modify the traffic • This is done by making sure that all communication going to or from the target host is routed through the attackers host • Then attacker is able to observe all traffic before transmitting it & can actually modify or block traffic.
Man in middle attack
Replay attack • A replay attack occurs when an unauthorized user captures n/w traffic and then sends the communication to its original destination, acting as the original sender
Replay attack
TCP/IP hacking attack • TCP/IP Hijacking is the process of taking control of an already existing session between a client & server • In TCP/IP Hijacking’ • The attacker monitors the n/w transmission & analyze the source and destination IP address of the two computers. • Once the attacker discovers the IP address of one of the user, the attacker can logically disconnecting the client by using DOS attack & then resume communication by spoofing IP address of disconnecting user & attacker is able to communicate with Host machine as if the attacker was the victim. • The host machine will not known that he is talking with the unauthorized user & will respond
TCP/IP hacking attack
Example
Operating System Security • Operating systems are large & complex mixture of interconnected software modules • When operation system is continually growing and introduces new functions then the potential for problems with that code will also increase. • It is almost not possible for an operating system vendor to test their product on each possible platform under every possible situation, so the functionality & security issue are occurred after released of operating system • To standard user or system administrator is constant stream of updates designed to correct problems, replace sections of code or even add new features to an installed operating system
Hot fix • Vendor typically follows a hierarchy for software updates given below: 1. Hot fix : • A hotfix is a single, cumulative package that includes one or more files that are used to address a problem in a software product (i.e. a software bug). • Typically, hotfixes are made to address a specific customer situation and may not be distributed outside the customer organization. • In a Microsoft Windows context, hotfixes are small patches designed to address specific issues, most commonly to freshly-discovered security holes. • These are small files, often automatically installed on the computer with Windows Update (although some may only be able to be obtained via Microsoft Support) and could contain a hot patch eliminating the need for a reboot. • update to fix a very specific issue, not always publicly released
2. Patch • A patch is a program that makes changes to software installed on a computer. • Software companies issue patches to fix bugs in their programs, address security problems, or add functionality. • Currently Microsoft releases their security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches • Publicly released update to fix a known bug/issue
3. Service pack • A service pack (in short SP) is a collection of updates, fixes and/or enhancements to a software program delivered in the form of a single installable package. • Many companies, such as Microsoft or Autodesk, typically release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit. • Installing a service pack is easier and less error-prone than installing a high number of patches individually, even more so when updating multiple computers over a network. • Service packs are usually numbered, and thus shortly referred to as SP1, SP2, SP3 etc • Large Update that fixes many outstanding issues, normally includes all Patches, Hotfixes, Maintenance releases that predate the service pack.
Information Security • Information Security is not only about securing information from unauthorized access. • Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. • Information can be physical or electronic one. • Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc.
Need of Information security • Protecting the functionality of the organization • Enabling the safe operation of applications • Protecting the data that the organization collect and use • Safeguarding technology assets in organizations
Information classification • The information classification defines what kind of information is stored on system. • Level of Information classification used in Government or Military are as follows 1. Unclassified : Information access is public and will not affect confidentiality 2. Sensitive but unclassified : Information is sensitive & if gets disclosed then it will not create serious damage to the organization 3. Confidential : Keep the information confidential 4. Secret : It is applied to the information where the u authorized disclosure of such information could cause serious damage to the national security 5. Top secret : It is applied to the information where the u authorized disclosure of such information could cause serious damage to the national security .It is highest level of classification
• Level of Information classification used in Organization are as follows: 1. Public : The information which is not fit into any level then that information can have a public access because disclosure of such information will not create serious impact on organization 2. Sensitive : This type of information needs higher level of classification than normal information .This type of information needs confidential as well as Integrity 3. Private : This type of information is personal in nature and used by company only. The disclosure of such information can affect company and its employees example : salary information etc
Criteria for Information classification • Following are the criteria used to decide classification of information: 1. Value : Value means means when the information is more valuable then that information should be classified. 2. Age : Age state that the classification of information might be lowered if the information value decreases over time 3. Useful Life : Useful Life state that if the information has been made out-of- date due to new information or any other reasons then that information can regularly be classified 4. Personal Association : The information which is personally associated with particular individuals or it is addressed by a privacy law then such information should be classified
Basic Principles of Information Security • The Basic principle of Information security are also called CIA security are as follows : 1. Confidentiality 2. Integrity 3. Authentication

Recommended

Ch1 cse
Ch1 cseCh1 cse
Ch1 csebhaskard8
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Security
Security Security
Security chian417
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxBernad Bear
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Cyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimeCyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimenidhidgowda185
 

Recommended

Ch1 cse
Ch1 cseCh1 cse
Ch1 csebhaskard8
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Security
Security Security
Security chian417
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxBernad Bear
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Cyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimeCyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimenidhidgowda185
 
Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in securityssuserec53e73
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityparveen837153
 
Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Cyber crime , threats and their security measures
Cyber crime , threats and their security measuresCyber crime , threats and their security measures
Cyber crime , threats and their security measuresshraddhazad
 
Unit 7
Unit 7Unit 7
Unit 7Vinod Kumar Gorrepati
 
Computer security
Computer securityComputer security
Computer securitysruthiKrishnaG
 
CH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfCH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfWajdiElhamzi3
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5JebasheelaSJ
 
COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxArti Parab Academics
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Application security
Application securityApplication security
Application securityHagar Alaa el-din
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdfZeeshanMajeed15
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Lecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfLecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfAsmaaLafi1
 
Thur Venture
Thur VentureThur Venture
Thur VentureSathishkumar Vasudevan
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name BasicsSathishkumar Vasudevan
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name BasicsSathishkumar Vasudevan
 
Regression
RegressionRegression
RegressionSathishkumar Vasudevan
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 

More Related Content

Similar to Network and Information security_new2.pdf

Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in securityssuserec53e73
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Cyber crime , threats and their security measures
Cyber crime , threats and their security measuresCyber crime , threats and their security measures
Cyber crime , threats and their security measuresshraddhazad
 
CH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfCH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfWajdiElhamzi3
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdfZeeshanMajeed15
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Lecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfLecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfAsmaaLafi1
 

Similar to Network and Information security_new2.pdf (20)

Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Computer security
Computer securityComputer security
Computer security
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
Cyber crime , threats and their security measures
Cyber crime , threats and their security measuresCyber crime , threats and their security measures
Cyber crime , threats and their security measures
 
Unit 7
Unit 7Unit 7
Unit 7
 
Computer security
Computer securityComputer security
Computer security
 
CH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfCH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdf
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5
 
COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptx
 
Malicious
MaliciousMalicious
Malicious
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Application security
Application securityApplication security
Application security
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
 
Protection and security
Protection and securityProtection and security
Protection and security
 
Lecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfLecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdf
 
Thur Venture
Thur VentureThur Venture
Thur Venture
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Regression
RegressionRegression
Regression
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Network and Information security_new2.pdf

  • 1. Network and Information security • Code : 22620 • Sem – VI • Computer Engineering
  • 2. Computer Security • Definition : The generic name for collection of tools designed to protect data & to thwart hackers is called computer security.
  • 3. Need of computer security • For prevention of data theft such as bank account numbers, credit card information, password, work related documents etc • To make data remain safe & confidential. • To provide confidentiality which ensures that only those individual should ever be able to view data • To provide integrity which ensures that only those individual should ever be able to change the information • To provide availability which ensures that the data is available for use when authorized user want it • To provide authentication which deals with individual identity • To provide non repudiation which deals with the assurance that someone cannot deny something
  • 4. Security Basics or key principles • Confidentiality : The principle of confidentiality specifies that only the sender & the intended recipients should be able to access the contents of a message • Confidentiality gets compromised if an unauthorized person is able to access the contents of message. • Integrity The principle of integrity specifies that assets are modifiable only by authorized parties
  • 5. • Availability : The principle of availability state that resources(information) should be available to authorized parties at all times. • Authentication: The Authentication process ensures that the origin of message is correctly identified • Non- Repudiation: The ability of a system to confirm that a sender cannot convincingly deny having sent a message
  • 6. Risk & Threat Analysis • Risk: Risk is some incident or attack that can cause damage to the system • Risk analysis have following parameters are there : 1. Asset : In computer security assets are any data , device, or other component that supports information related security. Asset can be Hardware : computer components, network, communication channel , mobile device Software : applications, OS, programs Data : files, folders - Goal of computer security is to protect valuable assets. - We protect assets by methods
  • 7. 2. Vulnerability : Vulnerability is a weakness in the information infrastructure of a business or organization. It will accidentally or intentionally damage the asset. • In any system , the Vulnerability can be : programs with known faults weak access control settings on resources weak firewall configuration that allows access to vulnerable services 3. Threats : A set of circumstances (incident)that has the potential to cause loss. Threats are Natural threat- earthquake, Intentionally threat – cyber attack
  • 8. 4. Countermeasure : (control) Action taken to off another action That is the action, device, procedure or techniques that eliminates or reduces a vulnerability The conclusion is that Threat are blocked by controlling vulnerability.
  • 9. Threat to security • Viruses • Phases of Virus • Dealing with virus • Worms • Trojan horse • Intruders • Insiders
  • 10. virus • A virus is a code or program that attaches itself to another code or program which causes damage to the computer system or to the network • It is a piece of code which is loaded onto the computer without individuals knowledge and run against his/her wishes • It can not replicate them. All computer viruses are man made. • Virus modifies the program and damage the system
  • 11. Phases of Virus A typical virus goes through the following four phases: 1. Dormant Phase : The virus is idle and eventually activated by some event 2. Propagation Phase : The virus places an identical copy of itself into another programs or into certain system areas on the disk 3. Triggering Phase: The virus is activated to perform the function for which it was intended. 4. Execution Phase : The function is performed
  • 12. Types of Viruses • Parasitic Virus : It attach itself to executable code and replicate itself. When the infected code is executed, it will find other executable code or program to infect. • Memory resident virus: It insert themselves as a part of operating system or application and can manipulate any file that is executed, copied or moved. • Non-resident virus : This type of virus executes itself and terminated or destroyed after specific time
  • 13. • Boot sector virus: this virus infects the boot record and spread through a system when system is booted from disk containing virus. • Overwriting virus: It overwrites the code with its own code. • Stealth virus : It hides the modification and it has made in the file or boot record. • Macro Virus : These viruses are not executable , it affects Microsoft word like documents. They can spread through email
  • 14. • Polymorphic Virus : It produces fully operational copies of itself , in an attempt to avoid signature detection. • Companion Virus : This virus creates new program instead of modification an existing file. • Email Virus : virus gets executed when email attachment is open by recipient Virus sends itself to everyone on the mailing list of sender. • Metamorphic virus : This virus keeps rewriting itself every time. It may change their behavior as well appearance code.
  • 15. Dealing with virus • Preventing from the virus we can attempt to detect, identify Remove viruses. 1. Detection : Find out the location of virus 2. Identification : Identify the specific virus that has attacked. 3. Removal : After identification, it is necessary to remove all traces of the virus & restore affected file to its original state with the help of anti – virus.
  • 16. Worms • A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs • Any simple virus can be dangerous because it will quickly use all available memory space and bring the system to a halt
  • 17. Virus and Worm Sr. No Virus Worm 1 A program or code that attach itself to another program & runs whenever that application runs A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs 2 Virus modifies the code Worm does not modify the code 3 It does not replicate itself It replicate itself 4 Virus is destructive in nature Worm is non destructive in nature 5 Virus modifies the functionality Worm is to make computer or network unusable 6 Virus infect other files Worm does not infect the code but it occupies memory space by replication 7 Virus may need trigger for execution Worm does not need any trigger
  • 18. Trojan Horse • Trojan horse is a hidden piece of code, it allows an attacker to obtain confidential data. • The main purpose of Trojan horse is to reveal confidential information to an attacker. • Example : The Trojan horse can hide in code for login screen. When user enters the user id and password the Trojan horse captures these details and send this information to the attacker without knowledge of authorized user. The attacker can then use this information to gain access to the system.
  • 19. Intruder • Intruders are authorized or unauthorized users who are trying access the system or network • There are three classes of Intruders : 1. Masquerader : An individual who is not authorized to use the computer & who enters a system access controls to use a legal users account. Is an outsider 2. Misfeasor : A legitimate user who access the data, programs or resources for whom these access is not authorized. Is an Insider 3. Secret user : an individual who hold managerial control of system. Is can be either insider or outsider.
  • 20. Insider • The Insider have the access and necessary knowledge to cause damage to an organization hence, Insider is more dangerous than outside Intruder. • Many security are designed to protect the organization against outside Intruders. • But the Insider may already have all the access to carry out criminal activity like fraud. Also they have the knowledge of security system in place. • Insider not only have physical access to the organization facilities but may also have access to the computer system and network
  • 21. Comparison between Intruder and Insider Sr no. Intruder Insider 1 Intruders are authorized or unauthorized users who are trying access the system or network Insiders are authorized users who try to access system or network 2 Intruders are hackers or crackers Insiders are not hackers 3 Are less dangerous Are more dangerous 4 Are illegal users Are Legal users 5 They have to study or knowledge about the security system They have knowledge about the security system 6 They do not have access to system They have easy access to the system bcz they are a 7 Many security mechanisms are used to protect system from Intruders There is no such mechanism to protect system from Insider
  • 22. Security Attack • Definition : When someone tries to access, modify or damage the system is referred to as Attack • There are different types of attack 1. Passive Attack : • Passive attack are those where attacker monitoring of data transmission • The goal of attacker is to obtain information that is being transmitted • The term passive indicates that the attackers does not modify the data
  • 23. Passive attack • There are two types of attack 1. Release of message contents 2. Traffic analysis
  • 24. Release of message contents •BOB is sending some important message to Alia. This message may contain sensitive or confidential information. •If Darth read the contents of message then the communication is harmed
  • 26. Active Attack • Active Attack perform some modification of the data or creation of false data stream • It is divided into 1. Masquerade 2. Replay 3. Modification of message 4. Denial of service
  • 28. Masquerade • A 'masquerade' takes place when one entity pretends to be a different entity. • A masquerade attack usually includes one of the other forms of active attack. • For example, Where Darth pretend to be BOB & sends a message to Alice
  • 30. Replay Attack • In Replay attack, a user captures a sequence of events or some data units and resend them • Example : If Alice wants to authenticate Bob before communicating with him. for that Bob sends password to Alice. This password is captured by Darth & in future he may transmit this password to Alice so that Darth can easily masquerade Bob.
  • 32. Modification of message • It simply means that some portion of a authorized message is altered, or that messages are delayed or reordered, to produce an unauthorized effect.
  • 34. Denial of service attack • DOS attack make an attempt to prevent legitimate users from accessing some services, which they are eligible for. • For instance an unauthorized user might send too many login request to the server using random user ids one after the other in quick succession, so as to flood the network & deny other authorized users from using the network facilities
  • 35. Example of DOS attack • A typical mechanism to launch a DOS attack is with the help of SYN request. • This attack uses TCP/IP protocol to create connection between client and server by Using TCP/IP handshake as follows: 1. First, the client sends a SYN packet to the server in order to initiate the connection. 2. The server then responds to that initial packet with a SYN/ACK packet, in order to acknowledge the communication. 3. Finally, the client returns an ACK packet to acknowledge the receipt of the packet from the server. After completing this sequence of packet sending and receiving, the TCP connection is open and able to send and receive data.
  • 36. TCP/IP handshake This attack uses TCP/IP protocol to create connection between client and server by Using TCP/IP handshake as follows: 1. First, the client sends a SYN packet to the server in order to initiate the connection. 2. The server then responds to that initial packet with a SYN/ACK packet, in order to acknowledge the communication. 3. Finally, the client returns an ACK packet to acknowledge the receipt of the packet from the server. After completing this sequence of packet sending and receiving, the TCP connection is open and able to send and receive data.
  • 37. SYN flooding attack • The attacker sends fake communication request to the targeted system • Each of this request is answered by targeted system & waits for the response, which will never come because the request are fake • The targeted system will drop these connections after a specific time out period, if the attacker sends requests faster than time out period eliminates them, the system will quickly be filled with request. • So, after this system will be reserving all connections for fake request. Because of this the authorized user who want to communication will not be able to communicate target system.
  • 38. Types of attacks • DDOS attack • Backdoors • Sniffing • Spoofing • TCP/IP hijacking • Man in middle • Replay attacks
  • 39. Distributed Denial of Service Attacks (DDoS) • In Distributed Denial of Service (DDoS) attacks, an attacker is able to recruit a no. of host throughout the internet to simultaneously or in coordinated fashion. • The 1st step in DDOS attack is that the attacker to infect number of machines with zombie s/w that ultimately be used to carry out the attack • The software must be able to run on a large no. Of machine. • For this attacker must become aware of a vulnerability that many that enables the attacker to install zombie s/w & also locating vulnerable machine is called scanning . • In the scanning process, the attacker 1st seeks out a no. Of vulnerable machines & infect them
  • 40. Distributed Denial of Service Attacks (DDoS) • Then Zombie s/wis installed & repeats same scanning process, until a large distributed n/w of infected machines is created. • After infecting a large distributed n/w, the target system goes down & do not give response to their service request • Example : 1. Distributed SYN Flood attack 2. Distributed ICMP attack
  • 41. 1. Distributed SYN Flood attack
  • 43. Backdoor or Trapdoor • Secret entry point into a program • Allows those who know access bypassing usual security procedures • They have been commonly used by developers • A threat when left in production programs allowing exploited by attackers • It is very hard to block in O/S • It requires good s/w development & update
  • 44. Sniffing Attack • Sniffing attack means capturing the data packets when it flows through a computer network. • Packet sniffer is the device or medium used to do this sniffing attack. • They are called network protocol analyser can be used by a n/w or system administrator to monitor & troubleshoot N/w traffic
  • 45. Packet Sniffing • A packet sniffer is a program that can see all the information passing over the N/W it is connected • When a packet sniffer is setup on a computer sniffer N/W interface is looking at everything the come through • A packet sniffer can usually be set up in one of the two ways: 1. Unfiltered – Captures all the packets 2. Filtered - Captures only those packets containing specific data elements • The packet that contain targeted data are copied as they pass through. The program stores the copies in memory depending on programs configuration.
  • 46. Packet Sniffing • These copies can then be analyzed carefully for specific information or pattern • When users connect to the internet, they joining a N/W maintained by their ISP • A packet sniffer located at one of the servers of users ISP would be able to monitor all the online activities such as 1. Which web site the user visit? 2. What user look at one site? 3. To whom user sends email etc?
  • 47. Spoofing • Spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data • The attacker must monitor the packets sent from sender to receiver & then guess the sequence no. of the packets • When packet is sent from one system to another it includes not only IP address & port of destination but the source IP address as well • Example : 1. Email spoofing 2. Caller ID Spoofing 3. IP address Spoofing
  • 48. Email spoofing • Email spoofing refers to email that appears to have been originated from one source but it was actually sent from another source • Example : Spam email, Junk mail • A simple method of spoofing an email address is to telnet to port 25, the port is associated with email on system from one can fill from & to sections of message
  • 50. Caller ID Spoofing • Caller identification (Caller ID) is a service that allows the receiver of a phone call to determine the identity of the caller. • Caller ID is initially sent over at the start of the phone call and identifies the incoming caller before the receiver answers the phone. • Caller ID is not associated with the actual phone number but is part of the initial call setup, which allows the caller to manipulate the Caller ID to display a different number from the number that is calling.
  • 51. Caller ID Spoofing • If you have ever received a call where the caller said that you called them when you have not, then your number was most likely spoofed by another person. • There are many phone scams that use Caller ID spoofing to hide their identity because Caller ID spoofing makes it impossible to block the number. • The caller ID spoofing is done by services & gateways that interconnect VOIP(Voice Over IP) with other public phone N/W
  • 52. IP address spoofing • IP address Spoofing is the process of replacing the source IP address with a fake IP address from the IP packet to hide the real identity of sender • The technical mechanism to achieve IP spoofing attack as follows : 1. The attacker creates IP packet to be sent to the server with SYN request. 2. As usual, the server responds back with a SYN ACK response 3. The attacker has to get hold of the SYN ACK response by disconnecting the user using DOS attack & resumes communication fake IP address of disconnected user 4. Once this is done, the attacker can try various commands on server computer
  • 53. Man in middle attack • Man-in-the-middle attacks (MITM) occurs when attacker are able to place themselves in the middle of two other hosts that are communicating in order to view or modify the traffic • This is done by making sure that all communication going to or from the target host is routed through the attackers host • Then attacker is able to observe all traffic before transmitting it & can actually modify or block traffic.
  • 54. Man in middle attack
  • 55. Replay attack • A replay attack occurs when an unauthorized user captures n/w traffic and then sends the communication to its original destination, acting as the original sender
  • 57. TCP/IP hacking attack • TCP/IP Hijacking is the process of taking control of an already existing session between a client & server • In TCP/IP Hijacking’ • The attacker monitors the n/w transmission & analyze the source and destination IP address of the two computers. • Once the attacker discovers the IP address of one of the user, the attacker can logically disconnecting the client by using DOS attack & then resume communication by spoofing IP address of disconnecting user & attacker is able to communicate with Host machine as if the attacker was the victim. • The host machine will not known that he is talking with the unauthorized user & will respond
  • 60. Operating System Security • Operating systems are large & complex mixture of interconnected software modules • When operation system is continually growing and introduces new functions then the potential for problems with that code will also increase. • It is almost not possible for an operating system vendor to test their product on each possible platform under every possible situation, so the functionality & security issue are occurred after released of operating system • To standard user or system administrator is constant stream of updates designed to correct problems, replace sections of code or even add new features to an installed operating system
  • 61. Hot fix • Vendor typically follows a hierarchy for software updates given below: 1. Hot fix : • A hotfix is a single, cumulative package that includes one or more files that are used to address a problem in a software product (i.e. a software bug). • Typically, hotfixes are made to address a specific customer situation and may not be distributed outside the customer organization. • In a Microsoft Windows context, hotfixes are small patches designed to address specific issues, most commonly to freshly-discovered security holes. • These are small files, often automatically installed on the computer with Windows Update (although some may only be able to be obtained via Microsoft Support) and could contain a hot patch eliminating the need for a reboot. • update to fix a very specific issue, not always publicly released
  • 62. 2. Patch • A patch is a program that makes changes to software installed on a computer. • Software companies issue patches to fix bugs in their programs, address security problems, or add functionality. • Currently Microsoft releases their security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches • Publicly released update to fix a known bug/issue
  • 63. 3. Service pack • A service pack (in short SP) is a collection of updates, fixes and/or enhancements to a software program delivered in the form of a single installable package. • Many companies, such as Microsoft or Autodesk, typically release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit. • Installing a service pack is easier and less error-prone than installing a high number of patches individually, even more so when updating multiple computers over a network. • Service packs are usually numbered, and thus shortly referred to as SP1, SP2, SP3 etc • Large Update that fixes many outstanding issues, normally includes all Patches, Hotfixes, Maintenance releases that predate the service pack.
  • 64. Information Security • Information Security is not only about securing information from unauthorized access. • Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. • Information can be physical or electronic one. • Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc.
  • 65. Need of Information security • Protecting the functionality of the organization • Enabling the safe operation of applications • Protecting the data that the organization collect and use • Safeguarding technology assets in organizations
  • 66. Information classification • The information classification defines what kind of information is stored on system. • Level of Information classification used in Government or Military are as follows 1. Unclassified : Information access is public and will not affect confidentiality 2. Sensitive but unclassified : Information is sensitive & if gets disclosed then it will not create serious damage to the organization 3. Confidential : Keep the information confidential 4. Secret : It is applied to the information where the u authorized disclosure of such information could cause serious damage to the national security 5. Top secret : It is applied to the information where the u authorized disclosure of such information could cause serious damage to the national security .It is highest level of classification
  • 67. • Level of Information classification used in Organization are as follows: 1. Public : The information which is not fit into any level then that information can have a public access because disclosure of such information will not create serious impact on organization 2. Sensitive : This type of information needs higher level of classification than normal information .This type of information needs confidential as well as Integrity 3. Private : This type of information is personal in nature and used by company only. The disclosure of such information can affect company and its employees example : salary information etc
  • 68. Criteria for Information classification • Following are the criteria used to decide classification of information: 1. Value : Value means means when the information is more valuable then that information should be classified. 2. Age : Age state that the classification of information might be lowered if the information value decreases over time 3. Useful Life : Useful Life state that if the information has been made out-of- date due to new information or any other reasons then that information can regularly be classified 4. Personal Association : The information which is personally associated with particular individuals or it is addressed by a privacy law then such information should be classified
  • 69. Basic Principles of Information Security • The Basic principle of Information security are also called CIA security are as follows : 1. Confidentiality 2. Integrity 3. Authentication