2. Basic Security Concepts:
• Three basic security concepts important to information on the internet
are –
1. Confidentiality
2. Integrity
3. Availability.
Concepts relating to the people who use that information are
authentication, authorization, and nonrepudiation.
3. Important Terms:
• When information is read or copied by someone not authorized to do
so, the result is known as a loss of confidentiality.
• Information can be corrupted when it is available on an insecure
network. When information is modified in unexpected ways, the result
is known as a loss of integrity.
• Information can be erased or become inaccessible, resulting in loss of
availability. This means that people who are authorized to get
information cannot get what they need.
4. Authentication and Authorization
• Authentication and authorization go hand in hand.
• Authentication and authorization are the two words used in the
security world.
• They might sound similar but are completely different from each
other.
• Authentication is used to authenticate someone's identity, whereas
authorization is a way to provide permission to someone to access a
particular resource.
• These are the two basic security terms and hence need to be
understood thoroughly. In this topic, we will discuss what
authentication and authorization are and how they are differentiated
from each other.
5. Security Attacks:
What is a Security attack?
• Security attacks jeopardize the system's security.
• These are the unauthorized or illegal actions that are taken against the government,
corporate, or private IT assets in order to destroy, modify, or steal sensitive data.
They are further classified into active and passive attacks, in which the attacker
gets unlawful access to the system's resources.
• Interruption
• Interceptor
• Modification
• Fabrication
• Viruses
7. Types of Attacks:
• Passive Attacks
Definition:
A passive attack attempts to learn or make use of information from the system but does not affect system
resources.
• Active Attacks
Definition:
Modification of the data stream or the creation of a false stream and can be subdivided into four categories:
masquerade, replay, modification of messages, and denial of service:
• masquerade of one entity as some other
• replay previous messages (as shown above in Stallings Figure 1.3b)
• modify/alter (part of) messages in transit to produce an unauthorized effect
• denial of service - prevents or inhibits the normal use or management of communications
facilities
• Active attacks present the opposite characteristics of passive attacks. Whereas passive
attacks are difficult to detect, measures are available to prevent their success.
8. Passive attack:
• Detecting a passive attack is very difficult and impossible in many cases
because it does not involve data alteration in any way. However, you can
implement protective measures to stop it, including:
1.Using encryption techniques to scramble messages, making them
unreadable for any unintended recipients. Two types of encryption can be
implemented in this case:
1. Symmetric keys (same key on both ends)—we still have a problem exchanging the
secret key secretly.
2. Public-key encryption where each party (whether it is a user, program or system)
involved in the communication has two keys, one public and one private that must be
kept secret. An example of this type is using SSL/TLS certificates(HTTPS) that are
used to ensure the validity of machine identities between a web server and someone’s
browser.
2.Avoid posting sensitive information publicly (e.g. private and company
information) that can be used by outside hackers to invade your private
network.
9. Passive Attacks:
The two most common use cases of passive attacks are:
1.Traffic analysis: In this type, an attacker monitors communication channels to collect a
range of information, including human and machine identities, locations of these identities
and types of encryption used, if applicable.
2.Release of message contents: In this type, an attacker will monitor an unprotected
communication medium—like unencrypted email or telephone call—and intercept it for
sensitive information.
10. passive attacks
• In passive attacks, the attacker observes the messages, then copies and saves
them and can use them for malicious purposes. The attacker does not try to
change the information or content he/she gathered. Although passive attacks
do not harm the system, they can be a danger to the confidentiality of the
message.
• Unlike active attacks, in passive attacks, victims do not get informed about
the attack. It is difficult to detect as there is no alteration in the message.
Passive attacks can be prevented by using some encryption techniques. We
can try the below-listed measures to prevent these attacks -
• We should avoid posting sensitive information or personal information
online. Attackers can use this information to hack your network.
• We should use the encryption method for the messages and make the
messages unreadable for any unintended intruder.
12. Active attacks:
• In active attacks, the attacker intercepts the connection and efforts to modify
the message's content. It is dangerous for integrity and availability of the
message. Active attacks involve Masquerade, Modification of message,
Repudiation, Replay, and Denial of service. The system resources can be
changed due to active attacks. So, the damage done with active attacks can
be harmful to the system and its resources.
• In active attacks, the victim gets notified about the attack. The implication
of an active attack is typically difficult and requires more effort. Active
attacks can be prevented by using some techniques. We can try the below-
listed measures to prevent these attacks -
• Use of a one-time password helps in the authentication of the transactions
between two parties.
• There could be a generation of the random session key that will be valid for
a single transaction. It should prevent the malicious user from retransmitting
the actual information once the session ends
13. The most common types of active attacks
are:
• Masquerade attacks. Cybercriminals use a manipulated, spoofed or stolen identity to
gain unauthorized access to systems, or authorization to conduct certain privileged
actions. They may use identifiers, such as device, digital signature, network address or
certificate to impersonate legitimate access identification.
• Modification of message attacks. Cybercriminals take advantage of security weaknesses
in email protocols to inject malicious content into the email message. They may modify
some portion of a message, such as the packet header address, to delay, reorder or direct a
message to a different destination.
• Repudiation attacks. Cybercriminals attempt to change the authoring information of
malicious actions by logging the wrong data in log files. They use this to deny or
repudiate actions that they have taken, such as making a transaction or sending a
message.
• Replay attacks. Cybercriminals eavesdrop on a secure network communication, intercept
it and resend it under the cloak of authentic messages. They capture this transmitted
authentication or access control information to gain unauthorized access.
• Denial of service attacks. Cybercriminals make a system or network unavailable to its
intended users by overwhelming it with traffic or requests that consume resources. They
prevent legitimate users from accessing information systems, devices, or other network
resources.
14. Difference between Passive & Active Attacks
On the basis of Active attack Passive attack
Definition In active attacks, the attacker intercepts the connection and
efforts to modify the message's content.
In passive attacks, the attacker observes the messages, then
copy and save them and can use it for malicious purposes.
Modification In an active attack, the attacker modifies the actual
information.
In passive attacks, information remains unchanged.
Victim In active attacks, the victim gets notified about the attack. Unlike active attacks, in passive attacks, victims do not get
informed about the attack.
System's impact The damage done with active attacks can be harmful to the
system and its resources.
The passive attacks do not harm the system.
System resources In active attacks, the system resources can be changed. In passive attacks, the system resources remain unchanged.
Dangerous for They are dangerous for the integrity and availability of the
message.
They can be dangerous for confidentiality of the message.
Emphasis on In active attacks, attention is on detection. In active attacks, attention is on prevention.
Types Active attacks involve Masquerade, Modification of
message, Repudiation, Replay, and Denial of service.
It involves traffic analysis, the release of a message.
Prevention Active attacks are tough to restrict from entering systems
or networks.
Unlike active attacks, passive attacks are easy to prohibit.
Highly complex Lower complexity
15. E-Commerce: Security
•E-Commerce Challenges
• Trusting others electronically
• Trusting the medium
• Public-key infrastructure (PKI)
• The Certificate Authority.
• Security threats – the real threats and the perceptions
• Network connectivity and availability issues
• Global economic issues
16. What is Computer Forensics?
• The process of identifying, preserving, analyzing and presenting digital evidence in a manner that
is legally acceptable.‖ (McKemmish, 1999)
What will Computer Forensics do?
Computer forensics, innovators of image copying technology, defined the principles of the science of
computer forensics and formalized an approved and accepted methodology to COLLECT, ANALYSE, and
PRESENT suspect data to a Court of Law.
18. Some areas of Computer Forensics
o Image Capture - The Imaging process is fundamental to any computer
investigation.
o Image Processing - The processing software consists of two modules, GenX and
GenText, running automatically to index and extract text from all areas of the
target image.
• Investigation - Once the processing has taken place full searches of all areas of the
disk take only seconds.
19. Steganography
• Steganography is the practice of concealing information within
another message or physical object to avoid detection.
• A steganography technique involves hiding sensitive information
within an ordinary, non-secret file or message so that it will not be
detected.
• The sensitive information will then be extracted from the ordinary file
or message at its destination, thus avoiding detection. Steganography
is an additional step that can be used in conjunction with encryption in
order to conceal or protect data.
20. Steganography Examples Include
• Writing with invisible ink
• Embedding text in a picture (like an artist hiding their initials in a painting
they’ve done)
• Backward masking a message in an audio file (remember those stories of
evil messages recorded backward on rock and roll records?)
• Concealing information in either metadata or within a file header
• Hiding an image in a video, viewable only if the video is played at a
particular frame rate
• Embedding a secret message in either the green, blue, or red channels of an
RRB image
• Steganography can be used both for constructive and destructive purposes.
For example, education and business institutions, intelligence agencies, the
military, and certified ethical hackers use steganography to embed
confidential messages and information in plain sight.
21. APPLICATIONS
Intellectual Property theft
Industrial espionage
Employment disputes
Fraud investigations
Misuse of the Internet and email in the workplace
Forgeries related matters
Bankruptcy investigations
Issues concerned the regulatory compliance
ADVANTAGES & DISADVANTAGES
22. RESEARCH AREAS IN CYBER SECURITY
• THE ROLE GOV. IN CYBER SECURITY: POLICIES & REGULATIONS
• IMPORTANCE OF USER EDUCATION & AWARENESS IN CS
• LEGAL IMPLICATIONS IN CS
• THE ROLE OF MACHINE LEARNING IN CS
• THE EFFECTIVENESS OF DIFFERENT CS MEASURES & THEIR COST
EFFECTIVENESS.
• THE IMPACT OF INTERNET OF THINGS ON CS
• CS IN HEALTHCARE INDUSTRIES:CHALLENGES & SOLUTIONS