SlideShare a Scribd company logo

Network Security_4th Module_Dr. Shivashankar

D
Dr. Shivashankar

VTU ECE 8th Semester Network Security subject

Engineering
1 of 34
Download to read offline
NETWORK SECURITY (18EC821) Module 4 VTU Dr. Shivashankar Professor Department of Electronics & Communication Engineering RRIT, Bangalore 1 Dr. Shivashankar, E&CE, RRIT
Course Outcomes After Completion of the course, student will be able to: ▪Explain network security services and mechanisms and explain security concepts. ▪Understand the concept of Transport Level Security and Secure Socket Layer. ▪Explain security concerns in Internet Protocol Security. ▪Explain Intruders, Intrusion detection and Malicious Software. ▪Describe Firewalls, Firewall characteristics, Biasing and Configuration. ▪Text Book: 1. Cryptography and Network Security Principles and Practice, Pearson Education Inc., William Stallings 5th Edition, ISBN: 978-81-317-6166-3. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003. ▪Reference: ▪Cryptography and Network Security, Behrouz A Forouzan, TMH, 2007. 2 Dr. Shivashankar, E&CE, RRIT
Module-4: Intruders One of the two most publicized threats to security is the intruder and viruses, often referred to as a hacker or cracker. Three classes of intruders: • Masquerader: An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account • Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges • Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection. ➢ The masquerader is likely to be an outsider; the misfeasor generally is an insider; and the clandestine user can be either an outsider or an insider. ➢ Intruder attacks range from the benign to the serious. ➢ At the benign end of the scale, there are many people who simply wish to explore internets and see what is out there. 3 Dr. Shivashankar, E&CE, RRIT
Conti… Examples of intrusion: • Performing a remote root compromise of an e-mail server • Defacing a Web server • Guessing and cracking passwords • Copying a database containing credit card numbers • Viewing sensitive data, including payroll records and medical information, without authorization • Running a packet sniffer on a workstation to capture usernames and passwords • Using a permission error on an anonymous FTP server to distribute pirated software and music files • Dialing into an unsecured modem and gaining internal network access • Posing as an executive, calling the help desk, resetting the executive’s e-mail password, and learning the new password • Using an unattended, logged-in workstation without permission 4 Dr. Shivashankar, E&CE, RRIT
Intruder Behaviour Patterns ▪The techniques and behavior patterns of intruders are constantly shifting, to exploit newly discovered weaknesses and to evade detection and countermeasures. ▪Even so, intruders typically follow one of a number of recognizable behavior patterns, and these patterns typically differ from those of ordinary users. Some Examples of Intruder Patterns of Behavior (a) Hacker 1. Select the target using IP lookup tools such as NSLookup, Dig, and others. 2. Map network for accessible services using tools such as NMAP. 3. Identify potentially vulnerable services (in this case, pcAnywhere). 4. Brute force (guess) pcAnywhere password. 5. Install remote administration tool called DameWare. 6. Wait for administrator to log on and capture his password. 7. Use that password to access remainder of network 5 Dr. Shivashankar, E&CE, RRIT
Conti… (b) Criminal Enterprise 1. Act quickly and precisely to make their activities harder to detect. 2. Exploit perimeter through vulnerable ports. 3. Use Trojan horses (hidden software) to leave back doors for reentry. 4. Use sniffers to capture passwords. 5. Do not stick around until noticed. 6. Make few or no mistakes (c) Internal Threat 1. Create network accounts for themselves and their friends. 2. Access accounts and applications they wouldn’t normally use for their daily jobs. 3. E-mail former and prospective employers. 4. Conduct furtive instant-messaging chats. 5. Visit Web sites that cater to disgruntled employees, such as f’dcompany.com. 6. Perform large downloads and file copying. 7. Access the network during off hours 6 Dr. Shivashankar, E&CE, RRIT
Intrusion Techniques ▪The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system. ▪Most initial attacks use system or software vulnerabilities that allow a user to execute code that opens a back door into the system. ▪Typically, a system must maintain a file that associates a password with each authorized user. ▪ If such a file is stored with no protection, then it is an easy matter to gain access to it and learn passwords. The password file can be protected in one of two ways: • One-way function: The system stores only the value of a function based on the user’s password. When the user presents a password, the system transforms that password and compares it with the stored value. • Access control: Access to the password file is limited to one or a very few accounts. 7 Dr. Shivashankar, E&CE, RRIT
Conti… ▪On the basis of a survey of the literature and interviews with a number of password crackers, reports the following techniques for learning passwords: 1. Try default passwords used with standard accounts that are shipped with the system. Many administrators do not bother to change these defaults. 2. Exhaustively try all short passwords (those of one to three characters). 3. Try words in the system’s online dictionary or a list of likely passwords. Examples of the latter are readily available on hacker bulletin boards. 4. Collect information about users, such as their full names, the names of their spouse and children, pictures in their office, and books in their office that are related to hobbies. 5. Try users’ phone numbers, Social Security numbers, and room numbers. 6. Try all legitimate license plate numbers for this state. 7. Use a Trojan horse to bypass restrictions on access. 8. Tap the line between a remote user and the host system. 8 Dr. Shivashankar, E&CE, RRIT
INTRUSION DETECTION ▪1. If an intrusion is detected quickly enough, the intruder can be identified and ejected from the system before any damage is done or any data are compromised. Even if the detection is not sufficiently timely to preempt the intruder, the sooner that the intrusion is detected, the less the amount of damage and the more quickly that recovery can be achieved. ▪2. An effective intrusion detection system can serve as a deterrent, so acting to prevent intrusions. ▪3. Intrusion detection enables the collection of information about intrusion techniques that can be used to strengthen the intrusion prevention facility. 9 Dr. Shivashankar, E&CE, RRIT Figure 20.1 Profiles of Behavior of Intruders and Authorized Users
Conti… [PORR92] identifies the following approaches to intrusion detection: 1. Statistical anomaly detection: Involves the collection of data relating to the behavior of legitimate users over a period of time. Then statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior. a. Threshold detection: This approach involves defining thresholds, independent of user, for the frequency of occurrence of various events. b. Profile based: A profile of the activity of each user is developed and used to detect changes in the behavior of individual accounts. 2. Rule-based detection: Involves an attempt to define a set of rules that can be used to decide that a given behavior is that of an intruder. Anomaly detection: Rules are developed to detect deviation from previous usage patterns. b. Penetration identification: An expert system approach that searches for suspicious behavior. 10 Dr. Shivashankar, E&CE, RRIT
Conti… Audit Records ▪A fundamental tool for intrusion detection is the audit record. Some record of ongoing activity by users must be maintained as input to an intrusion detection system. ▪Basically, two plans are used: • Native audit records: Virtually all multiuser operating systems include accounting software that collects information on user activity. The advantage of using this information is that no additional collection software is needed. The disadvantage is that the native audit records may not contain the needed information or may not contain it in a convenient form. • Detection-specific audit records: A collection facility can be implemented that generates audit records containing only that information required by the intrusion detection system. One advantage of such an approach is that it could be made vendor independent and ported to a variety of systems. The disadvantage is the extra overhead involved in having, in effect, two accounting packages running on a machine. 11 Dr. Shivashankar, E&CE, RRIT
Conti… A good example of detection-specific audit records is one developed by Dorothy Denning [DENN87]. Each audit record contains the following fields: • Subject: Initiators of actions. A subject is typically a terminal user but might also be a process acting on behalf of users or groups of users. All activity arises through commands issued by subjects. Subjects may be grouped into different access classes, and these classes may overlap. • Action: Operation performed by the subject on or with an object; for example, login, read, perform I/O, execute. • Object: Receptors of actions. Examples include files, programs, messages, records, terminals, printers, and user- or program-created structures. • Exception-Condition: Denotes which, if any, exception condition is raised on return. • Resource-Usage: A list of quantitative elements in which each element gives the amount used of some resource (e.g., number of lines printed or displayed, number of records read or written, processor time, I/O units used, session elapsed time). • Time-Stamp: Unique time-and-date stamp identifying when the action took place. 12 Dr. Shivashankar, E&CE, RRIT
Rule-Based Intrusion Detection Rule-based techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious. ▪Rule-based anomaly detection is similar in terms of its approach and strengths to statistical anomaly detection. ➢ With the rule-based approach, historical audit records are analyzed to identify usage patterns and to generate automatically rules that describe those patterns. Rules may represent past behavior patterns of users, programs, privileges, time slots, terminals, and so on. ➢ Current behavior is then observed, and each transaction is matched against the set of rules to determine if it conforms to any historically observed pattern of behavior. ▪ Rule-based penetration identification: ➢ The key feature of such systems is the use of rules for identifying known penetrations or penetrations that would exploit known weaknesses. ➢ Rules can also be defined that identify suspicious behavior, even when the behavior is within the bounds of established patterns of usage. ➢ The rules used in these systems are specific to the machine and operating system. ➢ The most fruitful approach to developing such rules is to analyze attack tools and scripts collected on the Internet. 13 Dr. Shivashankar, E&CE, RRIT
Distributed Intrusion Detection Stand-alone intrusion detection systems on each host, a more effective defense can be achieved by coordination and cooperation among intrusion detection systems across the network. ▪Porras points out the following major issues in the design of a distributed intrusion detection system [PORR92]: • A distributed intrusion detection system may need to deal with different audit record formats. • One or more nodes in the network will serve as collection and analysis points for the data from the systems on the network. Thus, either raw audit data or summary data must be transmitted across the network. Therefore, there is a requirement to assure the integrity and confidentiality of these data • Either a centralized or decentralized architecture can be used. With a centralized architecture, there is a single central point of collection and analysis of all audit data. This eases the task of correlating incoming reports but creates a potential bottleneck and single point of failure. 14 Dr. Shivashankar, E&CE, RRIT
Conti… Figure 20.2 Architecture for Distributed Intrusion Detection Figure 20.2 shows the overall architecture, which consists of three main components: • Host agent module: An audit collection module operating as a background process on a monitored system. Its purpose is to collect data on security related events on the host and transmit these to the central manager. • LAN monitor agent module: Operates in the same fashion as a host agent module except that it analyzes LAN traffic and reports the results to the central manager. • Central manager module: Receives reports from LAN monitor and host agents and processes and correlates these reports to detect intrusion 15 Dr. Shivashankar, E&CE, RRIT
Malicious Software ▪Malicious Software a software that gets into the system without user consent with an intention to steal private and confidential data of the user that includes bank details and password. ▪Malicious software can be divided into two categories: those that need a host program, and those that are independent. ▪The former, referred to as parasitic, are essentially fragments of programs that cannot exist independently of some actual application program, utility, or system program. Viruses, logic bombs, and backdoors are examples. ▪Independent malware is a self-contained program that can be scheduled and run by the operating system. Worms and bot programs are examples. 16 Dr. Shivashankar, E&CE, RRIT
Conti… Backdoor • Also known as a trapdoor, is a secret entry point into a program that allows someone who is aware of the backdoor to gain access without going through the usual security access procedures. • Programmers have used backdoors legitimately for many years to debug and test programs; such a backdoor is called a maintenance hook. Logic Bomb • One of the oldest types of program threat, predating viruses and worms, is the logic bomb. • The logic bomb is code embedded in some legitimate program that is set to “explode” when certain conditions are met. 17 Dr. Shivashankar, E&CE, RRIT
Conti… Trojan Horses ▪A useful, or apparently useful, program or command procedure containing hidden code that, when invoked, performs some unwanted or harmful function. ▪It programs can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly. ▪Trojan horses fit into one of three models: ➢ Continuing to perform the function of the original program and additionally performing a separate malicious activity ➢ Continuing to perform the function of the original program but modifying the function to perform malicious activity (e.g., a Trojan horse version of a login program that collects passwords) or to disguise other malicious activity (e.g., a Trojan horse version of a process listing program that does not display certain processes that are malicious) ➢ Performing a malicious function that completely replaces the function of the original program 18 Dr. Shivashankar, E&CE, RRIT
Conti… Mobile Code ▪It refers to programs (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics [JANS01]. ▪The term also applies to situations involving a large homogeneous collection of platforms (e.g., Microsoft Windows). ▪It is transmitted from a remote system to a local system and then executed on the local system without the user’s explicit instruction. ▪Mobile code often acts as a mechanism for a virus, worm, or Trojan horse to be transmitted to the user’s workstation. Multiple-Threat Malware ▪Viruses and other malware may operate in multiple ways. ▪A multipartite virus infects in multiple ways. Typically, the multipartite virus is capable of infecting multiple types of files, so that virus eradication must deal with all of the possible sites of infection. ▪A blended attack uses multiple methods of infection or transmission, to maximize the speed of contagion and the severity of the attack. 19 Dr. Shivashankar, E&CE, RRIT
Conti… ▪An example of a blended attack is the Nimda attack, erroneously referred to as simply a worm. Nimda uses four distribution methods: ➢ E-mail: A user on a vulnerable host opens an infected e-mail attachment. ➢ Windows shares: Nimda scans hosts for unsecured Windows file shares; it can then use NetBIOS86 as a transport mechanism to infect files on that host in the hopes that a user will run an infected file, which will activate Nimda on that host. ➢ Web servers: Nimda scans Web servers, looking for known vulnerabilities in Microsoft IIS. If it finds a vulnerable server, it attempts to transfer a copy of itself to the server and infect it and its files. ➢ Web clients: If a vulnerable Web client visits a Web server that has been infected by Nimda, the client’s workstation will become infected. 20 Dr. Shivashankar, E&CE, RRIT
Virus ▪A computer virus is a piece of software that can “infect” other programs by modifying them; the modification includes injecting the original program with a routine to make copies of the virus program, which can then go on to infect other programs. ▪Computer viruses first appeared in the early 1980s, and the term itself is attributed to Fred Cohen in 1983. ▪Cohen is the author of a groundbreaking book on the subject [COHE94]. ▪Once a virus is executing, it can perform any function, such as erasing files and programs that is allowed by the privileges of the current user. ▪A computer virus has three parts [AYCO06]: ▪Infection mechanism: The means by which a virus spreads, enabling it to replicate. The mechanism is also referred to as the infection vector. ▪• Trigger: The event or condition that determines when the payload is activated or delivered. ▪• Payload: What the virus does, besides spreading. The payload may involve damage or may involve benign but noticeable activity. 21 Dr. Shivashankar, E&CE, RRIT
Conti… ▪During its lifetime, a typical virus goes through the following four phases: ➢ Dormant phase: The virus is idle. The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. ➢ Propagation phase: The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often morph to evade detection. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase. ➢ Triggering phase: The virus is activated to perform the function for which it was intended. As with the dormant phase, the triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself. ➢ Execution phase: The function is performed. The function may be harmless, such as a message on the screen, or damaging, such as the destruction of programs and data files. 22 Dr. Shivashankar, E&CE, RRIT
Viruses Classification A virus classification by target includes the following categories: ➢ Boot sector infector: Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus. ➢ File infector: Infects files that the operating system or shell consider to be executable. ➢ Macro virus: Infects files with macro code that is interpreted by an application. A virus classification by concealment strategy includes the following categories: ➢ Encrypted virus: A portion of the virus creates a random encryption key and encrypts the remainder of the virus. The key is stored with the virus. ➢ Stealth virus: A form of virus explicitly designed to hide itself from detection by antivirus software. Thus, the entire virus, not just a payload is hidden. ➢ Polymorphic virus: A virus that mutates with every infection, making detection by the “signature” of the virus impossible. ➢ Metamorphic virus: As with a polymorphic virus, a metamorphic virus mutates with every infection. 23 Dr. Shivashankar, E&CE, RRIT
Conti… Virus Kits ▪Another weapon in the virus writers’ armory is the virus-creation toolkit. ▪Such a toolkit enables a relative novice to quickly create a number of different viruses. Macro Viruses In the mid-1990s, macro viruses became by far the most prevalent type of virus. Macro viruses are particularly threatening for a number of reasons: 1. A macro virus is platform independent. Many macro viruses infect Microsoft Word documents or other Microsoft Office documents. Any hardware platform and operating system that supports these applications can be infected. 2. Macro viruses infect documents, not executable portions of code. Most of the information introduced onto a computer system is in the form of a document rather than a program. 3. Macro viruses are easily spread.A very common method is by electronic mail. 4. Because macro viruses infect user documents rather than system programs 24 Dr. Shivashankar, E&CE, RRIT
Conti… E-Mail Viruses ▪A more recent development in malicious software is the e-mail virus. ▪The first rapidly spreading e-mail viruses, such as Melissa, made use of a Microsoft Word macro embedded in an attachment. ▪If the recipient opens the e-mail attachment, the Word macro is activated. Then 1. The e-mail virus sends itself to everyone on the mailing list in the user’s e-mail package. 2. The virus does local damage on the user’s system. ▪In 1999, a more powerful version of the e-mail virus appeared. This newer version can be activated merely by opening an e-mail that contains the virus rather than opening an attachment. ▪The virus uses the Visual Basic scripting language supported by the e-mail package. 25 Dr. Shivashankar, E&CE, RRIT
Virus Counter Measures ▪Antivirus Approaches The ideal solution to the threat of viruses is prevention. The best approach is to be able to do the following: ➢ Detection: Once the infection has occurred, determine that it has occurred and locate the virus. ➢ Identification: Once detection has been achieved, identify the specific virus that has infected a program. ➢ Removal: Once the specific virus has been identified, remove all traces of the virus from the infected program and restore it to its original state. Remove the virus from all infected systems so that the virus cannot spread further. ➢ If detection succeeds but either identification or removal is not possible, then the alternative is to discard the infected file and reload a clean backup version. 26 Dr. Shivashankar, E&CE, RRIT
Conti… [STEP93] identifies four generations of antivirus software: ▪First-Generation scanner requires a virus signature to identify a virus. The virus may contain “wildcards” but has essentially the same structure and bit pattern in all copies. Such signature-specific scanners are limited to the detection of known viruses. ▪A second-generation scanner does not rely on a specific signature. Rather, the scanner uses heuristic rules to search for probable virus infection. One class of such scanners looks for fragments of code that are often associated with viruses. ▪Third-generation programs are memory-resident programs that identify a virus by its actions rather than its structure in an infected program. Such program have the advantage that it is not necessary to develop signatures and heuristics for a wide array of viruses. ▪Fourth-generation products are packages consisting of a variety of antivirus techniques used in conjunction. These include scanning and activity trap components. With fourth-generation packages, a more comprehensive defense strategy is employed, broadening the scope of defense to more general-purpose computer security measures. 27 Dr. Shivashankar, E&CE, RRIT
Advanced Antivirus Techniques Generic Decryption (GD) ▪technology enables the antivirus program to easily detect even the most complex polymorphic viruses while maintaining fast scanning speeds [NACH97]. ▪In order to detect such a structure, executable files are run through a GD scanner, which contains the following elements: ➢ CPU emulator: A software-based virtual computer. The emulator includes software versions of all registers and other processor hardware, so that the underlying processor is unaffected by programs interpreted on the emulator. ➢ Virus signature scanner: A module that scans the target code looking for known virus signatures. ➢ Emulation control module: Controls the execution of the target code. 28 Dr. Shivashankar, E&CE, RRIT
Conti… DIGITAL IMMUNE SYSTEM ▪A comprehensive approach to virus protection developed by IBM [KEPH97a, KEPH97b, WHIT99] and subsequently refined by Symantec [SYMA01]. ▪Two major trends in Internet technology have had an increasing impact on the rate of virus propagation in recent years: ➢ Integrated mail systems: Systems such as Lotus Notes and Microsoft Outlook make it very simple to send anything to anyone and to work with objects that are received. ➢ Mobile-program systems: Capabilities such as Java and ActiveX allow programs to move on their own from one system to another. Typical steps in digital immune system operation: 1. A monitoring program on each PC uses a variety of heuristics based on system behavior 2. The administrative machine encrypts the sample and sends it to a central virus analysis machine. 3. The virus analysis machine then produces a prescription for identifying and removing the virus. 29 Dr. Shivashankar, E&CE, RRIT
Conti… 4. The resulting prescription is sent back to the administrative machine. 5. The administrative machine forwards the prescription to the infected client. 6. The prescription is also forwarded to other clients in the organization. 7. Subscribers around the world receive regular antivirus updates that protect them from the new virus. 30 Dr. Shivashankar, E&CE, RRIT Figure 21.4 Digital Immune System
BEHAVIOR-BLOCKING SOFTWARE The behavior blocking software then blocks potentially malicious actions before they have a chance to affect the system. Monitored behaviors can include • Attempts to open, view, delete, and/or modify files; • Attempts to format disk drives and other unrecoverable disk operations; • Modifications to the logic of executable files or macros; • Modification of critical system settings, such as start-up settings; • Scripting of e-mail and instant messaging clients to send executable content; • Initiation of network communications. 31 Dr. Shivashankar, E&CE, RRIT
OBJECTIVE QUESTIONS 1. What are the different ways to intrude? a) Buffer overflows b) Unexpected combinations and unhandled input c) Race conditions d) All of the mentioned 2. What are the major components of the intrusion detection system? a) Analysis Engine b) Event provider c) Alert Database d) All of the mentioned 3. What are the different ways to classify an IDS? a) anomaly detection b) signature based misuse c) stack based d) all of the mentioned 4. What are the different ways to classify an IDS? a) Zone based b) Host & Network based c) Network & Zone based d) Level based 5. What are the characteristics of anomaly based IDS? a) It models the normal usage of network as a noise characterization b) It doesn’t detect novel attacks c) Anything distinct from the noise is not assumed to be intrusion activity d) It detects based on signature 6. What is the major drawback of anomaly detection IDS? a) These are very slow at detection b) It generates many false alarms c) It doesn’t detect novel attacks d) None of the mentioned 32 Dr. Shivashankar, E&CE, RRIT
Conti.. 7. What are the characteristics of signature based IDS? a) Most are based on simple pattern matching algorithms b) It is programmed to interpret a certain series of packets c) It models the normal usage of network as a noise characterization d) Anything distinct from the noise is assumed to be intrusion activity 8. What are the drawbacks of signature based IDS? a) They are unable to detect novel attacks b) They suffer from false alarms c) They have to be programmed again for every new pattern to be detected d) All of the mentioned 9. What are the characteristics of Host based IDS? a) The host operating system logs in the audit information b) Logs includes logins,file opens and program executions c) Logs are analysed to detect tails of intrusion d) All of the mentioned 10. What are the drawbacks of the host based IDS? a) Unselective logging of messages may increase the audit burdens b) Selective logging runs the risk of missed attacks c) They are very fast to detect d) They have to be programmed for new patterns 11. What are the strengths of the host based IDS? a) Attack verification b) System specific activity c) No additional hardware required d) All of the mentioned 12. What are characteristics of Network based IDS? a) They look for attack signatures in network traffic b) Filter decides which traffic will not be discarded or passed c) It is programmed to interpret a certain series of packet d) It models the normal usage of network as a noise characterization 33 Dr. Shivashankar, E&CE, RRIT
Conti.. Thank You 34 Dr. Shivashankar, E&CE, RRIT

Recommended

Network Security-Module_1.pdf
Network Security-Module_1.pdfNetwork Security-Module_1.pdf
Network Security-Module_1.pdfDr. Shivashankar
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking Salman Memon
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & EncryptionTech Sanhita
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 

Recommended

Network Security-Module_1.pdf
Network Security-Module_1.pdfNetwork Security-Module_1.pdf
Network Security-Module_1.pdfDr. Shivashankar
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking Salman Memon
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & EncryptionTech Sanhita
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSourabh Badve
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Intruders
IntrudersIntruders
Intruderstechn
 
network design and administration
network design and administrationnetwork design and administration
network design and administrationerick chuwa
 
Broken access control
Broken access controlBroken access control
Broken access controlPriyanshu Gandhi
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 

More Related Content

What's hot

Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Intruders
IntrudersIntruders
Intruderstechn
 
network design and administration
network design and administrationnetwork design and administration
network design and administrationerick chuwa
 

What's hot (20)

Network security
Network security Network security
Network security
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Email security
Email securityEmail security
Email security
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Email security
Email securityEmail security
Email security
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
 
System Security
System SecuritySystem Security
System Security
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
 
User authentication
User authenticationUser authentication
User authentication
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
 
Intruders
IntrudersIntruders
Intruders
 
network design and administration
network design and administrationnetwork design and administration
network design and administration
 
Broken access control
Broken access controlBroken access control
Broken access control
 

Similar to Network Security_4th Module_Dr. Shivashankar

Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxGovandJamalSaeed
 
VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesJayanth Dwijesh H P
 
An overview of network penetration testing
An overview of network penetration testingAn overview of network penetration testing
An overview of network penetration testingeSAT Publishing House
 
Firewalls in cryptography
Firewalls in cryptographyFirewalls in cryptography
Firewalls in cryptographyT7Unknown
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancementcyberprosocial
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Penentration testing
Penentration testingPenentration testing
Penentration testingtahreemsaleem
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...GIRISHKUMARBC1
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 

Similar to Network Security_4th Module_Dr. Shivashankar (20)

Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notes
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 
An overview of network penetration testing
An overview of network penetration testingAn overview of network penetration testing
An overview of network penetration testing
 
Firewalls in cryptography
Firewalls in cryptographyFirewalls in cryptography
Firewalls in cryptography
 
Intruders
IntrudersIntruders
Intruders
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Penentration testing
Penentration testingPenentration testing
Penentration testing
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 

More from Dr. Shivashankar

21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaSDr. Shivashankar
 
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdfDr. Shivashankar
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdfWireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdfDr. Shivashankar
 
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdfWireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdfDr. Shivashankar
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdfDr. Shivashankar
 

More from Dr. Shivashankar (15)

21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
 
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
 
21 Scheme_ MODULE-3_CCN.pdf
21 Scheme_ MODULE-3_CCN.pdf21 Scheme_ MODULE-3_CCN.pdf
21 Scheme_ MODULE-3_CCN.pdf
 
21_Scheme_MODULE-1_CCN.pdf
21_Scheme_MODULE-1_CCN.pdf21_Scheme_MODULE-1_CCN.pdf
21_Scheme_MODULE-1_CCN.pdf
 
21 Scheme_MODULE-2_CCN.pdf
21 Scheme_MODULE-2_CCN.pdf21 Scheme_MODULE-2_CCN.pdf
21 Scheme_MODULE-2_CCN.pdf
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdfWireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
 
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdfWireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
 
MODULE-3_CCN.pptx
MODULE-3_CCN.pptxMODULE-3_CCN.pptx
MODULE-3_CCN.pptx
 
MODULE-1_CCN.pptx
MODULE-1_CCN.pptxMODULE-1_CCN.pptx
MODULE-1_CCN.pptx
 
MODULE-2_CCN.pptx
MODULE-2_CCN.pptxMODULE-2_CCN.pptx
MODULE-2_CCN.pptx
 
MODULE-5_CCN.pptx
MODULE-5_CCN.pptxMODULE-5_CCN.pptx
MODULE-5_CCN.pptx
 
MODULE-4_CCN.pptx
MODULE-4_CCN.pptxMODULE-4_CCN.pptx
MODULE-4_CCN.pptx
 

Recently uploaded

Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
EduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIEduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIkoyaldeepu123
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
DATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage exampleDATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage examplePragyanshuParadkar1
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 

Recently uploaded (20)

Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
EduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIEduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AI
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
DATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage exampleDATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage example
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 

Network Security_4th Module_Dr. Shivashankar

  • 1. NETWORK SECURITY (18EC821) Module 4 VTU Dr. Shivashankar Professor Department of Electronics & Communication Engineering RRIT, Bangalore 1 Dr. Shivashankar, E&CE, RRIT
  • 2. Course Outcomes After Completion of the course, student will be able to: ▪Explain network security services and mechanisms and explain security concepts. ▪Understand the concept of Transport Level Security and Secure Socket Layer. ▪Explain security concerns in Internet Protocol Security. ▪Explain Intruders, Intrusion detection and Malicious Software. ▪Describe Firewalls, Firewall characteristics, Biasing and Configuration. ▪Text Book: 1. Cryptography and Network Security Principles and Practice, Pearson Education Inc., William Stallings 5th Edition, ISBN: 978-81-317-6166-3. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003. ▪Reference: ▪Cryptography and Network Security, Behrouz A Forouzan, TMH, 2007. 2 Dr. Shivashankar, E&CE, RRIT
  • 3. Module-4: Intruders One of the two most publicized threats to security is the intruder and viruses, often referred to as a hacker or cracker. Three classes of intruders: • Masquerader: An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account • Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges • Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection. ➢ The masquerader is likely to be an outsider; the misfeasor generally is an insider; and the clandestine user can be either an outsider or an insider. ➢ Intruder attacks range from the benign to the serious. ➢ At the benign end of the scale, there are many people who simply wish to explore internets and see what is out there. 3 Dr. Shivashankar, E&CE, RRIT
  • 4. Conti… Examples of intrusion: • Performing a remote root compromise of an e-mail server • Defacing a Web server • Guessing and cracking passwords • Copying a database containing credit card numbers • Viewing sensitive data, including payroll records and medical information, without authorization • Running a packet sniffer on a workstation to capture usernames and passwords • Using a permission error on an anonymous FTP server to distribute pirated software and music files • Dialing into an unsecured modem and gaining internal network access • Posing as an executive, calling the help desk, resetting the executive’s e-mail password, and learning the new password • Using an unattended, logged-in workstation without permission 4 Dr. Shivashankar, E&CE, RRIT
  • 5. Intruder Behaviour Patterns ▪The techniques and behavior patterns of intruders are constantly shifting, to exploit newly discovered weaknesses and to evade detection and countermeasures. ▪Even so, intruders typically follow one of a number of recognizable behavior patterns, and these patterns typically differ from those of ordinary users. Some Examples of Intruder Patterns of Behavior (a) Hacker 1. Select the target using IP lookup tools such as NSLookup, Dig, and others. 2. Map network for accessible services using tools such as NMAP. 3. Identify potentially vulnerable services (in this case, pcAnywhere). 4. Brute force (guess) pcAnywhere password. 5. Install remote administration tool called DameWare. 6. Wait for administrator to log on and capture his password. 7. Use that password to access remainder of network 5 Dr. Shivashankar, E&CE, RRIT
  • 6. Conti… (b) Criminal Enterprise 1. Act quickly and precisely to make their activities harder to detect. 2. Exploit perimeter through vulnerable ports. 3. Use Trojan horses (hidden software) to leave back doors for reentry. 4. Use sniffers to capture passwords. 5. Do not stick around until noticed. 6. Make few or no mistakes (c) Internal Threat 1. Create network accounts for themselves and their friends. 2. Access accounts and applications they wouldn’t normally use for their daily jobs. 3. E-mail former and prospective employers. 4. Conduct furtive instant-messaging chats. 5. Visit Web sites that cater to disgruntled employees, such as f’dcompany.com. 6. Perform large downloads and file copying. 7. Access the network during off hours 6 Dr. Shivashankar, E&CE, RRIT
  • 7. Intrusion Techniques ▪The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system. ▪Most initial attacks use system or software vulnerabilities that allow a user to execute code that opens a back door into the system. ▪Typically, a system must maintain a file that associates a password with each authorized user. ▪ If such a file is stored with no protection, then it is an easy matter to gain access to it and learn passwords. The password file can be protected in one of two ways: • One-way function: The system stores only the value of a function based on the user’s password. When the user presents a password, the system transforms that password and compares it with the stored value. • Access control: Access to the password file is limited to one or a very few accounts. 7 Dr. Shivashankar, E&CE, RRIT
  • 8. Conti… ▪On the basis of a survey of the literature and interviews with a number of password crackers, reports the following techniques for learning passwords: 1. Try default passwords used with standard accounts that are shipped with the system. Many administrators do not bother to change these defaults. 2. Exhaustively try all short passwords (those of one to three characters). 3. Try words in the system’s online dictionary or a list of likely passwords. Examples of the latter are readily available on hacker bulletin boards. 4. Collect information about users, such as their full names, the names of their spouse and children, pictures in their office, and books in their office that are related to hobbies. 5. Try users’ phone numbers, Social Security numbers, and room numbers. 6. Try all legitimate license plate numbers for this state. 7. Use a Trojan horse to bypass restrictions on access. 8. Tap the line between a remote user and the host system. 8 Dr. Shivashankar, E&CE, RRIT
  • 9. INTRUSION DETECTION ▪1. If an intrusion is detected quickly enough, the intruder can be identified and ejected from the system before any damage is done or any data are compromised. Even if the detection is not sufficiently timely to preempt the intruder, the sooner that the intrusion is detected, the less the amount of damage and the more quickly that recovery can be achieved. ▪2. An effective intrusion detection system can serve as a deterrent, so acting to prevent intrusions. ▪3. Intrusion detection enables the collection of information about intrusion techniques that can be used to strengthen the intrusion prevention facility. 9 Dr. Shivashankar, E&CE, RRIT Figure 20.1 Profiles of Behavior of Intruders and Authorized Users
  • 10. Conti… [PORR92] identifies the following approaches to intrusion detection: 1. Statistical anomaly detection: Involves the collection of data relating to the behavior of legitimate users over a period of time. Then statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior. a. Threshold detection: This approach involves defining thresholds, independent of user, for the frequency of occurrence of various events. b. Profile based: A profile of the activity of each user is developed and used to detect changes in the behavior of individual accounts. 2. Rule-based detection: Involves an attempt to define a set of rules that can be used to decide that a given behavior is that of an intruder. Anomaly detection: Rules are developed to detect deviation from previous usage patterns. b. Penetration identification: An expert system approach that searches for suspicious behavior. 10 Dr. Shivashankar, E&CE, RRIT
  • 11. Conti… Audit Records ▪A fundamental tool for intrusion detection is the audit record. Some record of ongoing activity by users must be maintained as input to an intrusion detection system. ▪Basically, two plans are used: • Native audit records: Virtually all multiuser operating systems include accounting software that collects information on user activity. The advantage of using this information is that no additional collection software is needed. The disadvantage is that the native audit records may not contain the needed information or may not contain it in a convenient form. • Detection-specific audit records: A collection facility can be implemented that generates audit records containing only that information required by the intrusion detection system. One advantage of such an approach is that it could be made vendor independent and ported to a variety of systems. The disadvantage is the extra overhead involved in having, in effect, two accounting packages running on a machine. 11 Dr. Shivashankar, E&CE, RRIT
  • 12. Conti… A good example of detection-specific audit records is one developed by Dorothy Denning [DENN87]. Each audit record contains the following fields: • Subject: Initiators of actions. A subject is typically a terminal user but might also be a process acting on behalf of users or groups of users. All activity arises through commands issued by subjects. Subjects may be grouped into different access classes, and these classes may overlap. • Action: Operation performed by the subject on or with an object; for example, login, read, perform I/O, execute. • Object: Receptors of actions. Examples include files, programs, messages, records, terminals, printers, and user- or program-created structures. • Exception-Condition: Denotes which, if any, exception condition is raised on return. • Resource-Usage: A list of quantitative elements in which each element gives the amount used of some resource (e.g., number of lines printed or displayed, number of records read or written, processor time, I/O units used, session elapsed time). • Time-Stamp: Unique time-and-date stamp identifying when the action took place. 12 Dr. Shivashankar, E&CE, RRIT
  • 13. Rule-Based Intrusion Detection Rule-based techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious. ▪Rule-based anomaly detection is similar in terms of its approach and strengths to statistical anomaly detection. ➢ With the rule-based approach, historical audit records are analyzed to identify usage patterns and to generate automatically rules that describe those patterns. Rules may represent past behavior patterns of users, programs, privileges, time slots, terminals, and so on. ➢ Current behavior is then observed, and each transaction is matched against the set of rules to determine if it conforms to any historically observed pattern of behavior. ▪ Rule-based penetration identification: ➢ The key feature of such systems is the use of rules for identifying known penetrations or penetrations that would exploit known weaknesses. ➢ Rules can also be defined that identify suspicious behavior, even when the behavior is within the bounds of established patterns of usage. ➢ The rules used in these systems are specific to the machine and operating system. ➢ The most fruitful approach to developing such rules is to analyze attack tools and scripts collected on the Internet. 13 Dr. Shivashankar, E&CE, RRIT
  • 14. Distributed Intrusion Detection Stand-alone intrusion detection systems on each host, a more effective defense can be achieved by coordination and cooperation among intrusion detection systems across the network. ▪Porras points out the following major issues in the design of a distributed intrusion detection system [PORR92]: • A distributed intrusion detection system may need to deal with different audit record formats. • One or more nodes in the network will serve as collection and analysis points for the data from the systems on the network. Thus, either raw audit data or summary data must be transmitted across the network. Therefore, there is a requirement to assure the integrity and confidentiality of these data • Either a centralized or decentralized architecture can be used. With a centralized architecture, there is a single central point of collection and analysis of all audit data. This eases the task of correlating incoming reports but creates a potential bottleneck and single point of failure. 14 Dr. Shivashankar, E&CE, RRIT
  • 15. Conti… Figure 20.2 Architecture for Distributed Intrusion Detection Figure 20.2 shows the overall architecture, which consists of three main components: • Host agent module: An audit collection module operating as a background process on a monitored system. Its purpose is to collect data on security related events on the host and transmit these to the central manager. • LAN monitor agent module: Operates in the same fashion as a host agent module except that it analyzes LAN traffic and reports the results to the central manager. • Central manager module: Receives reports from LAN monitor and host agents and processes and correlates these reports to detect intrusion 15 Dr. Shivashankar, E&CE, RRIT
  • 16. Malicious Software ▪Malicious Software a software that gets into the system without user consent with an intention to steal private and confidential data of the user that includes bank details and password. ▪Malicious software can be divided into two categories: those that need a host program, and those that are independent. ▪The former, referred to as parasitic, are essentially fragments of programs that cannot exist independently of some actual application program, utility, or system program. Viruses, logic bombs, and backdoors are examples. ▪Independent malware is a self-contained program that can be scheduled and run by the operating system. Worms and bot programs are examples. 16 Dr. Shivashankar, E&CE, RRIT
  • 17. Conti… Backdoor • Also known as a trapdoor, is a secret entry point into a program that allows someone who is aware of the backdoor to gain access without going through the usual security access procedures. • Programmers have used backdoors legitimately for many years to debug and test programs; such a backdoor is called a maintenance hook. Logic Bomb • One of the oldest types of program threat, predating viruses and worms, is the logic bomb. • The logic bomb is code embedded in some legitimate program that is set to “explode” when certain conditions are met. 17 Dr. Shivashankar, E&CE, RRIT
  • 18. Conti… Trojan Horses ▪A useful, or apparently useful, program or command procedure containing hidden code that, when invoked, performs some unwanted or harmful function. ▪It programs can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly. ▪Trojan horses fit into one of three models: ➢ Continuing to perform the function of the original program and additionally performing a separate malicious activity ➢ Continuing to perform the function of the original program but modifying the function to perform malicious activity (e.g., a Trojan horse version of a login program that collects passwords) or to disguise other malicious activity (e.g., a Trojan horse version of a process listing program that does not display certain processes that are malicious) ➢ Performing a malicious function that completely replaces the function of the original program 18 Dr. Shivashankar, E&CE, RRIT
  • 19. Conti… Mobile Code ▪It refers to programs (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics [JANS01]. ▪The term also applies to situations involving a large homogeneous collection of platforms (e.g., Microsoft Windows). ▪It is transmitted from a remote system to a local system and then executed on the local system without the user’s explicit instruction. ▪Mobile code often acts as a mechanism for a virus, worm, or Trojan horse to be transmitted to the user’s workstation. Multiple-Threat Malware ▪Viruses and other malware may operate in multiple ways. ▪A multipartite virus infects in multiple ways. Typically, the multipartite virus is capable of infecting multiple types of files, so that virus eradication must deal with all of the possible sites of infection. ▪A blended attack uses multiple methods of infection or transmission, to maximize the speed of contagion and the severity of the attack. 19 Dr. Shivashankar, E&CE, RRIT
  • 20. Conti… ▪An example of a blended attack is the Nimda attack, erroneously referred to as simply a worm. Nimda uses four distribution methods: ➢ E-mail: A user on a vulnerable host opens an infected e-mail attachment. ➢ Windows shares: Nimda scans hosts for unsecured Windows file shares; it can then use NetBIOS86 as a transport mechanism to infect files on that host in the hopes that a user will run an infected file, which will activate Nimda on that host. ➢ Web servers: Nimda scans Web servers, looking for known vulnerabilities in Microsoft IIS. If it finds a vulnerable server, it attempts to transfer a copy of itself to the server and infect it and its files. ➢ Web clients: If a vulnerable Web client visits a Web server that has been infected by Nimda, the client’s workstation will become infected. 20 Dr. Shivashankar, E&CE, RRIT
  • 21. Virus ▪A computer virus is a piece of software that can “infect” other programs by modifying them; the modification includes injecting the original program with a routine to make copies of the virus program, which can then go on to infect other programs. ▪Computer viruses first appeared in the early 1980s, and the term itself is attributed to Fred Cohen in 1983. ▪Cohen is the author of a groundbreaking book on the subject [COHE94]. ▪Once a virus is executing, it can perform any function, such as erasing files and programs that is allowed by the privileges of the current user. ▪A computer virus has three parts [AYCO06]: ▪Infection mechanism: The means by which a virus spreads, enabling it to replicate. The mechanism is also referred to as the infection vector. ▪• Trigger: The event or condition that determines when the payload is activated or delivered. ▪• Payload: What the virus does, besides spreading. The payload may involve damage or may involve benign but noticeable activity. 21 Dr. Shivashankar, E&CE, RRIT
  • 22. Conti… ▪During its lifetime, a typical virus goes through the following four phases: ➢ Dormant phase: The virus is idle. The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. ➢ Propagation phase: The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often morph to evade detection. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase. ➢ Triggering phase: The virus is activated to perform the function for which it was intended. As with the dormant phase, the triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself. ➢ Execution phase: The function is performed. The function may be harmless, such as a message on the screen, or damaging, such as the destruction of programs and data files. 22 Dr. Shivashankar, E&CE, RRIT
  • 23. Viruses Classification A virus classification by target includes the following categories: ➢ Boot sector infector: Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus. ➢ File infector: Infects files that the operating system or shell consider to be executable. ➢ Macro virus: Infects files with macro code that is interpreted by an application. A virus classification by concealment strategy includes the following categories: ➢ Encrypted virus: A portion of the virus creates a random encryption key and encrypts the remainder of the virus. The key is stored with the virus. ➢ Stealth virus: A form of virus explicitly designed to hide itself from detection by antivirus software. Thus, the entire virus, not just a payload is hidden. ➢ Polymorphic virus: A virus that mutates with every infection, making detection by the “signature” of the virus impossible. ➢ Metamorphic virus: As with a polymorphic virus, a metamorphic virus mutates with every infection. 23 Dr. Shivashankar, E&CE, RRIT
  • 24. Conti… Virus Kits ▪Another weapon in the virus writers’ armory is the virus-creation toolkit. ▪Such a toolkit enables a relative novice to quickly create a number of different viruses. Macro Viruses In the mid-1990s, macro viruses became by far the most prevalent type of virus. Macro viruses are particularly threatening for a number of reasons: 1. A macro virus is platform independent. Many macro viruses infect Microsoft Word documents or other Microsoft Office documents. Any hardware platform and operating system that supports these applications can be infected. 2. Macro viruses infect documents, not executable portions of code. Most of the information introduced onto a computer system is in the form of a document rather than a program. 3. Macro viruses are easily spread.A very common method is by electronic mail. 4. Because macro viruses infect user documents rather than system programs 24 Dr. Shivashankar, E&CE, RRIT
  • 25. Conti… E-Mail Viruses ▪A more recent development in malicious software is the e-mail virus. ▪The first rapidly spreading e-mail viruses, such as Melissa, made use of a Microsoft Word macro embedded in an attachment. ▪If the recipient opens the e-mail attachment, the Word macro is activated. Then 1. The e-mail virus sends itself to everyone on the mailing list in the user’s e-mail package. 2. The virus does local damage on the user’s system. ▪In 1999, a more powerful version of the e-mail virus appeared. This newer version can be activated merely by opening an e-mail that contains the virus rather than opening an attachment. ▪The virus uses the Visual Basic scripting language supported by the e-mail package. 25 Dr. Shivashankar, E&CE, RRIT
  • 26. Virus Counter Measures ▪Antivirus Approaches The ideal solution to the threat of viruses is prevention. The best approach is to be able to do the following: ➢ Detection: Once the infection has occurred, determine that it has occurred and locate the virus. ➢ Identification: Once detection has been achieved, identify the specific virus that has infected a program. ➢ Removal: Once the specific virus has been identified, remove all traces of the virus from the infected program and restore it to its original state. Remove the virus from all infected systems so that the virus cannot spread further. ➢ If detection succeeds but either identification or removal is not possible, then the alternative is to discard the infected file and reload a clean backup version. 26 Dr. Shivashankar, E&CE, RRIT
  • 27. Conti… [STEP93] identifies four generations of antivirus software: ▪First-Generation scanner requires a virus signature to identify a virus. The virus may contain “wildcards” but has essentially the same structure and bit pattern in all copies. Such signature-specific scanners are limited to the detection of known viruses. ▪A second-generation scanner does not rely on a specific signature. Rather, the scanner uses heuristic rules to search for probable virus infection. One class of such scanners looks for fragments of code that are often associated with viruses. ▪Third-generation programs are memory-resident programs that identify a virus by its actions rather than its structure in an infected program. Such program have the advantage that it is not necessary to develop signatures and heuristics for a wide array of viruses. ▪Fourth-generation products are packages consisting of a variety of antivirus techniques used in conjunction. These include scanning and activity trap components. With fourth-generation packages, a more comprehensive defense strategy is employed, broadening the scope of defense to more general-purpose computer security measures. 27 Dr. Shivashankar, E&CE, RRIT
  • 28. Advanced Antivirus Techniques Generic Decryption (GD) ▪technology enables the antivirus program to easily detect even the most complex polymorphic viruses while maintaining fast scanning speeds [NACH97]. ▪In order to detect such a structure, executable files are run through a GD scanner, which contains the following elements: ➢ CPU emulator: A software-based virtual computer. The emulator includes software versions of all registers and other processor hardware, so that the underlying processor is unaffected by programs interpreted on the emulator. ➢ Virus signature scanner: A module that scans the target code looking for known virus signatures. ➢ Emulation control module: Controls the execution of the target code. 28 Dr. Shivashankar, E&CE, RRIT
  • 29. Conti… DIGITAL IMMUNE SYSTEM ▪A comprehensive approach to virus protection developed by IBM [KEPH97a, KEPH97b, WHIT99] and subsequently refined by Symantec [SYMA01]. ▪Two major trends in Internet technology have had an increasing impact on the rate of virus propagation in recent years: ➢ Integrated mail systems: Systems such as Lotus Notes and Microsoft Outlook make it very simple to send anything to anyone and to work with objects that are received. ➢ Mobile-program systems: Capabilities such as Java and ActiveX allow programs to move on their own from one system to another. Typical steps in digital immune system operation: 1. A monitoring program on each PC uses a variety of heuristics based on system behavior 2. The administrative machine encrypts the sample and sends it to a central virus analysis machine. 3. The virus analysis machine then produces a prescription for identifying and removing the virus. 29 Dr. Shivashankar, E&CE, RRIT
  • 30. Conti… 4. The resulting prescription is sent back to the administrative machine. 5. The administrative machine forwards the prescription to the infected client. 6. The prescription is also forwarded to other clients in the organization. 7. Subscribers around the world receive regular antivirus updates that protect them from the new virus. 30 Dr. Shivashankar, E&CE, RRIT Figure 21.4 Digital Immune System
  • 31. BEHAVIOR-BLOCKING SOFTWARE The behavior blocking software then blocks potentially malicious actions before they have a chance to affect the system. Monitored behaviors can include • Attempts to open, view, delete, and/or modify files; • Attempts to format disk drives and other unrecoverable disk operations; • Modifications to the logic of executable files or macros; • Modification of critical system settings, such as start-up settings; • Scripting of e-mail and instant messaging clients to send executable content; • Initiation of network communications. 31 Dr. Shivashankar, E&CE, RRIT
  • 32. OBJECTIVE QUESTIONS 1. What are the different ways to intrude? a) Buffer overflows b) Unexpected combinations and unhandled input c) Race conditions d) All of the mentioned 2. What are the major components of the intrusion detection system? a) Analysis Engine b) Event provider c) Alert Database d) All of the mentioned 3. What are the different ways to classify an IDS? a) anomaly detection b) signature based misuse c) stack based d) all of the mentioned 4. What are the different ways to classify an IDS? a) Zone based b) Host & Network based c) Network & Zone based d) Level based 5. What are the characteristics of anomaly based IDS? a) It models the normal usage of network as a noise characterization b) It doesn’t detect novel attacks c) Anything distinct from the noise is not assumed to be intrusion activity d) It detects based on signature 6. What is the major drawback of anomaly detection IDS? a) These are very slow at detection b) It generates many false alarms c) It doesn’t detect novel attacks d) None of the mentioned 32 Dr. Shivashankar, E&CE, RRIT
  • 33. Conti.. 7. What are the characteristics of signature based IDS? a) Most are based on simple pattern matching algorithms b) It is programmed to interpret a certain series of packets c) It models the normal usage of network as a noise characterization d) Anything distinct from the noise is assumed to be intrusion activity 8. What are the drawbacks of signature based IDS? a) They are unable to detect novel attacks b) They suffer from false alarms c) They have to be programmed again for every new pattern to be detected d) All of the mentioned 9. What are the characteristics of Host based IDS? a) The host operating system logs in the audit information b) Logs includes logins,file opens and program executions c) Logs are analysed to detect tails of intrusion d) All of the mentioned 10. What are the drawbacks of the host based IDS? a) Unselective logging of messages may increase the audit burdens b) Selective logging runs the risk of missed attacks c) They are very fast to detect d) They have to be programmed for new patterns 11. What are the strengths of the host based IDS? a) Attack verification b) System specific activity c) No additional hardware required d) All of the mentioned 12. What are characteristics of Network based IDS? a) They look for attack signatures in network traffic b) Filter decides which traffic will not be discarded or passed c) It is programmed to interpret a certain series of packet d) It models the normal usage of network as a noise characterization 33 Dr. Shivashankar, E&CE, RRIT