The document outlines various computer security concepts including active and passive attacks, message authentication, email security, IP security, cryptographic suites, and firewalls. It highlights the importance of protecting computer systems from various threats, both malicious and accidental, and provides details on the mechanisms used for securing data, such as message authentication codes, firewalls, and email protection measures. Additionally, it reviews different types of attacks and security measures, detailing the architecture and protocols involved in securing network communications.

1. Data Communication and Networking
UNIT V
Computer Security Concepts - Security Attacks: Active Attacks, Passive
Attacks -Message authentication Codes: message Authentication
Requirements, Message Authentication Functions - Requirements for
message Authentication codes - Electronic mail Security: s/MIME,
Domain Keys Identified Mail - IP Security: IP Security Overview, IP
Security Policy, Encapsulating Security payload, Combining Security
Associations, Internet key Exchange, Cryptographic suits - Firewalls: The
Need for Firewalls, Firewall Characteristics, Types of Firewalls,
Firewalls Basing, Firewall Location and Configuration.

2. Security Attacks
▪ Security of a computer system is a crucial task.
▪ It is a process of ensuring privacy and reliability of the OS.
▪ A system is said to be secure if its resources are used and accessed as intended under all the
circumstances.
▪ But no system can guarantee absolute security from several of the various malicious threats and
unauthorized access.
▪ Security of a system can be threatened via two violations:
➢ Threat: A program which has the potential to cause serious damage to the system.
➢ Attack: An attempt to break security and make unauthorized use of an asset.
▪ Security violations affecting the system can be categorized as malicious and accidental.
▪ Malicious threats, as the name suggests are a kind of harmful computer code or web script
designed to create system vulnerabilities leading to back doors and security breaches.
▪ Accidental Threats, on the other hand, are comparatively easier to be protected against.
Example: Denial of Service DDoS attack.

3. Threats can be classified into the following two categories:
1. Program Threats:
▪ A program written by a cracker to hijack the security or to change the behavior of a normal process.
2. System Threats:
▪ These threats involve the abuse of system services.
▪ They strive to create a situation in which operating-system resources and user files are misused.
▪ They are also used as a medium to launch program threats.
Two types of Threats:
1. Program Threats : Virus, Trojan Horse, Trap Door, Logic Bomb etc.,
2. System Threats : Worm, Port Scanning, Denial of Service etc.,

4. Security measures taken to protect the system in the following levels.
Physical:
▪ The sites containing computer systems must be physically secured against armed and malicious
intruders.
▪ The workstations must be carefully protected.
Human:
▪ Only appropriate users must have the authorization to access the system.
▪ Phishing(collecting confidential information) and Dumpster Diving(collecting basic information so as to
gain unauthorized access) must be avoided.
Operating system:
▪ The system must protect itself from accidental or purposeful security breaches.
Networking System:
▪ Almost all of the information is shared between different systems via a network.
▪ Intercepting these data could be just as harmful as breaking into a computer.
▪ Henceforth, Network should be properly secured against such attacks.

5. ▪ Confidentiality: Information about system or its users cannot be learned by an attacker.
▪ Integrity: The system continues to operate properly, only reaching states that would occur if
there were no attacker.
▪ Availability: Actions by an attacker do not prevent users from having access to use of the
system.

7. • Taxonomy of attacks with relation to goals

8. • Attacks threatening Confidentiality

9. ▪ Attacks threatening Integrity

10. ▪ Attacks threatening Availability

11. Security attack types :
Active attacks: An Active attack attempts to alter system resources or effect their operations. Active attack involve some
modification of the data stream or creation of false statement.
Types of active attacks are as following:
1. Masquerade
▪ Masquerade attack takes place when one entity pretends to be different entity.
▪ A Masquerade attack involves one of the other form of active attacks.
▪ 2. Modification of messages
It means that some portion of a message is altered or that message is
▪ delayed or reordered to produce an unauthorized effect.
▪ For example, a message meaning “Allow JOHN to read confidential file
▪ X” is modified as “Allow Smith to read confidential file X”.

12. 3.Repudiation
▪ This attack is done by either sender or receiver.
▪ The sender or receiver can deny later that he/she has send or receive a message.
▪ For example, customer ask his Bank “To transfer an amount to someone” and later on the sender(customer)
deny that he had made such a request.
▪ This is repudiation.
4.Replay
▪ It involves the passive capture of a message and its subsequent the
transmission to produce an authorized effect.
5. Denial of Service
▪ It prevents normal use of communication facilities.
▪ This attack may have a specific target.
▪ For example, an entity may suppress all messages directed to a particular destination.
▪ Another form of service denial is the disruption of an entire network wither by disabling
the network or by overloading it by messages so as to degrade performance.

13. Passive attacks:
▪ A Passive attack attempts to learn or make use of information from the system but does not affect system
resources.
▪ They are in the nature of eavesdropping on or monitoring of transmission.
▪ The goal of the opponent is to obtain information is being transmitted.
▪ Types of Passive attacks are as following:
1.The release of message content
▪ Telephonic conversation, an electronic mail message or a transferred file
▪ may contain sensitive or confidential information.
▪ We would like to prevent an opponent from learning the contents
of these transmissions.
2.Traffic analysis
▪ Suppose that we had a way of masking (encryption) of information,
so that the attacker even if captured the message could not extract
any information from the message.
▪ The opponent could determine the location and identity of communicating host
and could observe the frequency and length of messages being exchanged.
▪ This information might be useful in guessing the nature of the communication
that was taking place.

14. ▪ Categorization of Active and Passive Attacks

15. Message Authentication
• Another type of threat that exist for data is the lack of message authentication.
• In this threat, the user is not sure about the originator of the message.
• Message authentication can be provided using the cryptographic techniques that use secret keys as done in
case of encryption.
Message Authentication Code (MAC)
• MAC algorithm is a symmetric key cryptographic technique to provide message authentication.
• Sometimes known as a tag, is a short piece of information used to authenticate a message.
• In other words, to confirm that the message came from the stated sender (its authenticity) and has
not been changed.
• For establishing MAC process, the sender and receiver share a symmetric key K.
• Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a
message to ensure message authentication.

16. Message Authentication
Another type of threat that exist for data is the lack of message authentication.
In this threat, the user is not sure about the originator of the message.
Message authentication can be provided using the cryptographic techniques that use secret keys as done in case
of encryption.
▪ MAC algorithm is a symmetric key cryptographic
technique to provide message authentication.
▪ Sometimes known as a tag, is a short piece of
information used to authenticate a message.
▪ In other words, to confirm that the message came
from the stated sender (its authenticity) and has not
been changed.
▪ For establishing MAC process, the sender and
receiver share a symmetric key K.
▪ Essentially, a MAC is an encrypted checksum
generated on the underlying message that is sent
along with a message to ensure message
authentication.

17. Limitations of MAC
1. Establishment of Shared Secret.
▪ It can provide message authentication among pre-decided legitimate users who have shared key.
▪ This requires establishment of shared secret prior to use of MAC.
2. Inability to Provide Non-Repudiation
▪ Non-repudiation is the assurance that a message originator cannot deny any previously sent messages
and commitments or actions.
Authentication Requirements
• Message authentication
• A procedure to verify that messages come from the alleged source and have not been altered.
• Message authentication may also verify sequencing and timeliness.
• Digital signature
• An authentication technique that also includes measures to counter repudiation by either source or
destination.

18. Message Authentication Function
• Message authentication or digital signature mechanism can be viewed as having two levels
• At lower level: There must be some sort of functions producing an authenticator – a value to be used to authenticate
a message
• At higher Level: This lower level functions is used as primitive in a higher level authentication protocol
▪ Three classes of functions that may be used to produce an authenticator.
▪ Message encryption
❖Ciphertext itself serves as authenticator.
▪ Message authentication code (MAC)
❖A public function of the message and a secret key that produces a fixed-length value that serves as the
authenticator.
▪ Hash function
❖A public function that maps a message of any length into a fixed-length hash value, which serves as the
authenticator.

19. Message Authentication Functions
• Authentication function is of two levels of functionality :
• Lower Value produces an authenticator value used to authenticate a message.
• Higher Value : indicates a receiver to verify the authenticity of message.
Grouped into three classes
• Message Encryption : The ciphertext of the entire message serves as authenticator
• Message Authentication Code (MAC) : The function of the message, a secret key that
produces a fixed-length value that serves as that authenticator.
• Hash Function: A function that maps a message of any length into fixed-length hash value
which serves as the authenticator

20. Email Security
• Email security is the term for any procedure that protects email content and accounts against unauthorized
access.
• Email is popular with hackers as a tool for spreading malware, spam, and phishing attacks.
• They use deceptive messages to trick recipients into sharing sensitive information, resulting in identity theft.
• They lure people into opening attachments or clicking hyperlinks that install malware (such as email viruses)
on the user’s device.
• Email is also a main entry point for attackers looking to access an enterprise network and breach valuable
company data.
• Email service providers have email security measures in place to secure client accounts and information
from hackers.
• Such measures include
▪ email servers with strong password
▪ access control mechanisms
▪ encrypted email messages (both inbox or in transit)
▪ web application firewalls
▪ spam filtering software.

21. Email Security Features
• Spam Filters. A significant proportion of emails that you receive daily are marketing emails. ...
• Anti-virus Protection. Spam filters play the role of separating the spam emails from the regular ones. ...
• Image & Content Control. Hackers use emails for phishing purposes. ...
• Data Encryption.

22. IP Security
▪ IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow.
▪ These protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header).
▪ IPSec Architecture include protocols, algorithms, DOI, and Key Management.
▪ All these components are very important in order to provide the three main services:
➢ Confidentiality
➢ Authentication
➢ Integrity

23. ▪ 1. Architecture:
Architecture or IP Security Architecture covers the general concepts, definitions, protocols, algorithms and
security requirements of IP Security technology.
▪ 2. ESP Protocol:
ESP(Encapsulation Security Payload) provide the confidentiality service. Encapsulation Security Payload is
implemented in either two ways:
❖ESP with optional Authentication.
❖ESP with Authentication.
Packet Format:

24. ▪ Security Parameter Index(SPI):
This parameter is used in Security Association. It is used to give a unique number to the connection build
between Client and Server.
▪ Sequence Number:
Unique Sequence number are allotted to every packet so that at the receiver side packets can be arranged
properly.
▪ Payload Data:
Payload data means the actual data or the actual message. The Payload data is in encrypted format to achieve
confidentiality.
▪ Padding:
Extra bits or space added to the original message in order to ensure confidentiality.
Padding length is the size of the added bits or space in the original message.
▪ Next Header:
Next header means the next payload or next actual data.
▪ Authentication Data
This field is optional in ESP protocol packet format.

25. 3. Encryption algorithm:
Encryption algorithm is the document that describes various encryption algorithm used for Encapsulation
Security Payload.
4. AH Protocol:
AH (Authentication Header) Protocol provides both Authentication and Integrity service. Authentication Header
is implemented in one way only: Authentication along with Integrity.

26. • Authentication Header covers the packet format and general issue related to the use of AH for packet
authentication and integrity.
5. Authentication Algorithm:
Authentication Algorithm contains the set of the documents that describe authentication algorithm used for
AH and for the authentication option of ESP.
6. DOI (Domain of Interpretation):
DOI is the identifier which support both AH and ESP protocols. It contains values needed for
documentation related to each other.
7. Key Management:
Key Management contains the document that describes how the keys are exchanged between sender and
receiver.

27. CRYPTOGRAPHIC SUITES
• A cipher suite is a set of algorithms that help secure a network connection.
• Suites typically use Transport Layer Security (TLS) or its now-deprecated predecessor Secure Socket Layer
(SSL).
• The set of algorithms that cipher suites usually contain include: a key exchange algorithm, a bulk
encryption algorithm, and a message authentication code (MAC) algorithm.
• The key exchange algorithm is used to exchange a key between two devices.
• This key is used to encrypt and decrypt the messages being sent between two machines.
• The bulk encryption algorithm is used to encrypt the data being sent.
• The MAC algorithm provides data integrity checks to ensure that the data sent does not change in transit.
• Overall, there are hundreds of different cipher suites that contain different combinations of these
algorithms. Some cipher suites offer better security than others.
• The structure and use of the cipher suite concept are defined in the TLS standard document.
• TLS 1.2 is the most prevalent version of TLS.

28. Firewalls
▪ A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based
on an organization's previously established security policies.
▪ At its most basic, a firewall is essentially the barrier that sits between a private internal network and the
public Internet.
▪ A firewall’s main purpose is to allow non-threatening traffic in and to keep dangerous traffic out.
Firewall History
▪ Firewalls have existed since the late 1980’s and started out as packet filters, which were networks set up to
examine packets, or bytes, transferred between computers.
▪ Though packet filtering firewalls are still in use today, firewalls have come a long way as technology has
developed throughout the decades.

29. Types
▪ Firewall types can be divided into several different categories based on their general structure and
method of operation. Here are eight types of firewalls:
1. Packet-filtering firewalls
2. Circuit-level gateways
3. Stateful inspection firewalls
4. Application-level gateways (a.k.a. proxy firewalls)
5. Next-gen firewalls
6. Software firewalls
7. Hardware firewalls
8. Cloud firewalls

30. Packet-filtering firewalls
• Is the most “basic” and oldest type of firewall architecture, packet-filtering firewalls basically create a
checkpoint at a traffic router or switch.
• The firewall performs a simple check of the data packets coming through the router.
• Also inspecting information such as the destination and origination IP address, packet type, port number, and
other surface-level information without opening up the packet to inspect its contents.
• If the information packet doesn’t pass the inspection, it is dropped.
• The good thing about these firewalls is that they aren’t very resource-intensive.
• This means they don’t have a huge impact on system performance and are relatively simple.
• However, they’re also relatively easy to bypass compared to firewalls with more robust inspection
capabilities.

31. Circuit-level gateways
• As another simplistic firewall type that is meant to quickly and easily approve or deny traffic without
consuming significant computing resources, circuit-level gateways work by verifying the transmission control
protocol (TCP) handshake.
• This TCP handshake check is designed to make sure that the session the packet is from is legitimate.
• While extremely resource-efficient, these firewalls do not check the packet itself.
• So, if a packet held malware, but had the right TCP handshake, it would pass right through.
• This is why circuit-level gateways are not enough to protect your business by themselves.
Stateful Inspection Firewalls
• These firewalls combine both packet inspection technology and TCP handshake verification to create a level
of protection greater than either of the previous two architectures could provide alone.
• However, these firewalls do put more of a strain on computing resources as well.
• This may slow down the transfer of legitimate packets compared to the other solutions.

32. Application-level gateways (Application-Level Gateways/Cloud Firewalls)
• Proxy firewalls operate at the application layer to filter incoming traffic between your network and the traffic
source—hence, the name “application-level gateway.”
• These firewalls are delivered via a cloud-based solution or another proxy device.
• Rather than letting traffic connect directly, the proxy firewall first establishes a connection to the source of the
traffic and inspects the incoming data packet.
• This check is similar to the stateful inspection firewall in that it looks at both the packet and at the TCP
handshake protocol.
• However, proxy firewalls may also perform deep-layer packet inspections, checking the actual contents of the
information packet to verify that it contains no malware.
• Once the check is complete, and the packet is approved to connect to the destination, the proxy sends it off.
• This creates an extra layer of separation between the “client” (the system where the packet originated) and
the individual devices on your network—obscuring them to create additional anonymity and protection for
your network.
• If there’s one drawback to proxy firewalls, it’s that they can create significant slowdown because of the extra
steps in the data packet transferal process.

33. Next-gen firewalls
• Many of the most recently-released firewall products are being touted as “next-generation”
architectures.
• However, there is not as much consensus on what makes a firewall truly next-gen.
• Some common features of next-generation firewall architectures include deep-packet inspection
(checking the actual contents of the data packet), TCP handshake checks, and surface-level packet
inspection.
• Next-generation firewalls may include other technologies as well, such as intrusion prevention systems
(IPSs) that work to automatically stop attacks against your network.
• The issue is that there is no one definition of a next-generation firewall, so it’s important to verify what
specific capabilities such firewalls have before investing in one.

34. Software firewalls
• It includes any type of firewall that is installed on a local device rather than a separate piece of hardware (or a
cloud server).
• The big benefit of a software firewall is that it's highly useful for creating defense in depth by isolating
individual network endpoints from one another.
• However, maintaining individual software firewalls on different devices can be difficult and time-consuming.
• Furthermore, not every device on a network may be compatible with a single software firewall, which may
mean having to use several different software firewalls to cover every asset.
Hardware firewalls
• Hardware firewalls use a physical appliance that acts in a manner similar to a traffic router to intercept data
packets and traffic requests before they're connected to the network's servers.
• Physical appliance-based firewalls like this excel at perimeter security by making sure malicious traffic from
outside the network is intercepted before the company's network endpoints are exposed to risk.
• The major weakness of a hardware-based firewall, however, is that it is often easy for insider attacks to
bypass them.
• Also, the actual capabilities of a hardware firewall may vary depending on the manufacturer—some may have
a more limited capacity to handle simultaneous connections than others, for example.

35. Cloud firewalls
• Whenever a cloud solution is used to deliver a firewall, it can be called a cloud firewall, or firewall-as-a-
service (FaaS).
• Cloud firewalls are considered synonymous with proxy firewalls by many, since a cloud server is often used
in a proxy firewall setup (though the proxy doesn't necessarily have to be on the cloud, it frequently is).
• The big benefit of having cloud-based firewalls is that they are very easy to scale with your organization.
• As your needs grow, you can add additional capacity to the cloud server to filter larger traffic loads.
• Cloud firewalls, like hardware firewalls, excel at perimeter security.

36. Firewalls Basing

39. Location of Internal and External Firewall
▪ An internal firewall is a security solution
designed to protect a network from attacks that
have already gotten past the perimeter.
▪ A firewall, in general, is a device or software
designed to monitor traffic and prevent
unauthorized access, and an internal firewall is
an advanced application of that concept.
▪ An external firewall is placed at the edge of a
local or enterprise
network, just inside the boundary router that con
nects to the Internet or some wide area
network (WAN).