NETWORK SECURITY
UNIT - 1
Services, mechanisms and attacks, The OSI security architecture, A model for network security. 6 Hrs
UNIT - 2
SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Techniques, Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher. 7 Hrs
UNIT - 3
Principles of Public-Key Cryptosystems, The RSA algorithm, Key Management, Diffie - Hellman Key Exchange, Elliptic Curve Arithmetic, Authentication functions, Hash Functions. 6 Hrs
UNIT - 4
Digital signatures, Authentication Protocols, Digital Signature Standard. 7 Hrs
UNIT - 5
Web Security Consideration, Security socket layer (SSL) and Transport layer security, Secure Electronic Transaction. 6 Hrs
UNIT - 6
Intruders, Intrusion Detection, Password Management. 6 Hrs
UNIT - 7
MALICIOUS SOFTWARE: Viruses and Related Threats, Virus Countermeasures. 7 Hrs
UNIT - 8
Firewalls Design Principles, Trusted Systems. 6 Hrs
TEXT BOOK:
1. Cryptography and Network Security, William Stalling, Pearson Education, 2003.
REFERENCE BOOKS:
1. Cryptography and Network Security, Behrouz A. Forouzan, TMH, 2007.
2. Cryptography and Network Security, Atul Kahate, TMH, 2003.
Both mobile operators and cybercriminals make heavy use of the SS7 protocol on previous-generation networks.
SS7 is old and vulnerable to attacks, yet will underpin the advanced networks of tomorrow. Learning more about SS7 is mission-critical for securing increasingly complex environments.
Watch the webinar to learn all about the ins and outs of SS7 for a smooth transition to 5G!
Our premium SS7 Security Analysis Report serves as a valuable knowledge base for cybersecurity specialists and network experts as they prepare for the security challenges of 2020. To access the report, go to: https://positive-tech.com/research/ss7-network-security-analysis-2020/
UNIT II
WIRELESS NETWORKS
Wireless LAN – IEEE 802.11 Standards – Architecture – Services – Mobile Ad hoc Networks- WiFi and WiMAX - Wireless Local Loop
Internet Protocol (IP) : It is the method or protocol by which data is sent from one computer to another on the Internet. [1]
Original version of the Internet Protocol that was first designed in 1983. [2]
Security: “The quality or state of being
secure—to be free from danger”.
IPSec protects all the traffic over the
network.
NETWORK SECURITY
UNIT - 1
Services, mechanisms and attacks, The OSI security architecture, A model for network security. 6 Hrs
UNIT - 2
SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Techniques, Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher. 7 Hrs
UNIT - 3
Principles of Public-Key Cryptosystems, The RSA algorithm, Key Management, Diffie - Hellman Key Exchange, Elliptic Curve Arithmetic, Authentication functions, Hash Functions. 6 Hrs
UNIT - 4
Digital signatures, Authentication Protocols, Digital Signature Standard. 7 Hrs
UNIT - 5
Web Security Consideration, Security socket layer (SSL) and Transport layer security, Secure Electronic Transaction. 6 Hrs
UNIT - 6
Intruders, Intrusion Detection, Password Management. 6 Hrs
UNIT - 7
MALICIOUS SOFTWARE: Viruses and Related Threats, Virus Countermeasures. 7 Hrs
UNIT - 8
Firewalls Design Principles, Trusted Systems. 6 Hrs
TEXT BOOK:
1. Cryptography and Network Security, William Stalling, Pearson Education, 2003.
REFERENCE BOOKS:
1. Cryptography and Network Security, Behrouz A. Forouzan, TMH, 2007.
2. Cryptography and Network Security, Atul Kahate, TMH, 2003.
Both mobile operators and cybercriminals make heavy use of the SS7 protocol on previous-generation networks.
SS7 is old and vulnerable to attacks, yet will underpin the advanced networks of tomorrow. Learning more about SS7 is mission-critical for securing increasingly complex environments.
Watch the webinar to learn all about the ins and outs of SS7 for a smooth transition to 5G!
Our premium SS7 Security Analysis Report serves as a valuable knowledge base for cybersecurity specialists and network experts as they prepare for the security challenges of 2020. To access the report, go to: https://positive-tech.com/research/ss7-network-security-analysis-2020/
UNIT II
WIRELESS NETWORKS
Wireless LAN – IEEE 802.11 Standards – Architecture – Services – Mobile Ad hoc Networks- WiFi and WiMAX - Wireless Local Loop
Internet Protocol (IP) : It is the method or protocol by which data is sent from one computer to another on the Internet. [1]
Original version of the Internet Protocol that was first designed in 1983. [2]
Security: “The quality or state of being
secure—to be free from danger”.
IPSec protects all the traffic over the
network.
This presentation will explain all about why and how email security should be implemented.
> Intro to Email Secuirty
> CIA for Email Security
> Steps to secure mail
> PGP ( All 5 Services)
> S/MIME (With its functions)
It is a presentation on Email Security made to present in one of our PPT lectures during my second year of B.Tech.
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
In his 45-minute presentation, our expert demonstrates how an intruder can use new SS7 vulnerabilities to bypass security tools. You will find out why it is possible, how network equipment reacts to malicious traffic, and what can be done to secure telecom networks.
For a long time, IP Multimedia Subsystem (IMS) was nothing more than just a revolutionary idea to move all existing teleservices, including telephony to the PS domain of the mobile network and to create a vast variety of brand new teleservices totally based on end-to-end IP connectivity. Today, thanks to GSMA Rich Communication Suite (RCS) initiative, there is a clear path and agreement on how to turn IMS into practice. RCS ensures that the same initial subset of IMS services will be introduced by all operators, infrastructure and terminal vendors and will work smoothly also in inter-operator scenarios. The course explains IMS architecture, addressing, intra- and inter-operator signalling procedures, paying a special attention to the non-voice services selected by the GSMA for RCS-e and RCS5.
Creating Correlation Rules in AlienVaultAlienVault
Make a correlation between events, rules and security enforcement. Learn why correlation rules are the heart of SIEM, how to effectively correlate threats with protections, and how to link your rules to policies.
Cryptography is the science of using mathematics to encrypt and decrypt data. This presentation explains about the cryptography, its history, types i.e. symmetric and asymmetric cryptography.
LTS Secure Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
This presentation will explain all about why and how email security should be implemented.
> Intro to Email Secuirty
> CIA for Email Security
> Steps to secure mail
> PGP ( All 5 Services)
> S/MIME (With its functions)
It is a presentation on Email Security made to present in one of our PPT lectures during my second year of B.Tech.
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
In his 45-minute presentation, our expert demonstrates how an intruder can use new SS7 vulnerabilities to bypass security tools. You will find out why it is possible, how network equipment reacts to malicious traffic, and what can be done to secure telecom networks.
For a long time, IP Multimedia Subsystem (IMS) was nothing more than just a revolutionary idea to move all existing teleservices, including telephony to the PS domain of the mobile network and to create a vast variety of brand new teleservices totally based on end-to-end IP connectivity. Today, thanks to GSMA Rich Communication Suite (RCS) initiative, there is a clear path and agreement on how to turn IMS into practice. RCS ensures that the same initial subset of IMS services will be introduced by all operators, infrastructure and terminal vendors and will work smoothly also in inter-operator scenarios. The course explains IMS architecture, addressing, intra- and inter-operator signalling procedures, paying a special attention to the non-voice services selected by the GSMA for RCS-e and RCS5.
Creating Correlation Rules in AlienVaultAlienVault
Make a correlation between events, rules and security enforcement. Learn why correlation rules are the heart of SIEM, how to effectively correlate threats with protections, and how to link your rules to policies.
Cryptography is the science of using mathematics to encrypt and decrypt data. This presentation explains about the cryptography, its history, types i.e. symmetric and asymmetric cryptography.
LTS Secure Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Final Project – Incident Response Exercise SAMPLE.docxlmelaine
Final Project – Incident Response Exercise
SAMPLE
1. Contact Information for the Incident Reporter and Handler
– Mruga Patel
– Cyber Incident Response Team Lead
– Organizational Information - Sifers-Grayson Corporation (Blue Team), Information Technology Department
– [email protected]
– 410-923-9221
– Location - 100 Fairway Ave, Suite 101, Catonsville, MD 21228
2. Incident Details
– The attack occurred during off-hours at 22:00 EST. Incident was discovered when the system became unusable due to high volume traffic from an unauthorized IP Address. The incident ended at approximately 22:45 EST.
– Catonsville, MD
– Attack has ended
– The attack occurred from an IP address of 11.125.22.198 with no host name. The cause of the incident has yet to be determined.
– The attack was discovered when the system became unusable due to high levels of latency. It was detected using logging information from a server from the Task Manager.
– The system remains unaffected. Only data was stolen from our company. The server which was extracted from the Employee server. IP address- 192.168.1.0, hotname SifersHouston.com.
– N/A
– The system resumed to normal function after attacked occurred.
– Data stolen was from the server containing employee information.
– Network was turned off once attack was discovered. The system logged all necessary information for forensic evidence.
– N/A
3. Cause of Incident was from an unsecured network which was uses to steal company information.
4. The cost of the incident has yet to be determined. PII stolen has no calculated price. However, estimated person hours are about 200. It would cost around $100 per hour for IT staff to perform “clean-up” activities. As of now it would cost around $20,000.00.
5. The impact of the incident is significant. The necessary measures to combat this problem has yet to be determined.
6. General Comments- Our network poses a lot of security risks. Going forward, we need to implement certain security measures from further incidents from taking place.
Background
The Sifers-Grayson company has hired an outside organization to penetrate our network and report on vulnerabilities found within the network. Upon penetration testing and weeks of trying to exploit our system, the red team (testing team) has been successful. Holding a government contract, the Department of Defense (DoD) requires additional security requirements for the R&D and SCADA lab operations. Both of which hold classified and secret information and happen to be where the red team was able to exploit.
The company is now required to use the NIST publications for protection controlled unclassified information in Nonfederal information systems and organizations. Failure to comply can result in fines and even contract termination. The (DFARS) Defense Federal Acquisition Regulations also outlines the safeguarding of Cyber Security Incident Reporting. Fortunately, identifying these risks before hacke ...
System Security:
1. Security problem & User Authentication
2. Program, network And system Threats
3. Handling the Security problem
CONTACT ME AT: reddhisb@gmail.com
Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling
Enterprise Information Security Architecture, Vulnerability
Assessment and Penetration Testing
Types of Social Engineering, Insider Attack, Preventing Insider
Threats, Social Engineering Targets and Defence Strategies
Any One Need Notes, PPT, Or Books Related to computer then Text us on 03007064299 or Email sososofar@gmail.com .We will upload it on slide share or email you.........
VTU E&C,TCE CBCS[NEW] 5th Sem Information Theory and Coding Module-5 notes(15...Jayanth Dwijesh H P
INFORMATION THEORY AND CODING
B.E., V Semester, Electronics & Communication
Engineering / Telecommunication Engineering
[As per Choice Based Credit System (CBCS) scheme]
Subject Code: 15EC54 & 17EC54
Module-5
Some Important Cyclic Codes: Golay Codes, BCH Codes (Section 8.4 – Article 5 of Text 3).
Convolution Codes: Convolution Encoder, Time domain approach, Transform domain approach, Code Tree, Trellis and State Diagram, The Viterbi Algorithm) (Section 8.5 – Articles 1,2 and 3, 8.6- Article 1 of Text 3).
Question paper pattern:
The question paper will have ten questions
Each full question consists of 16marks.
There will be 2 full questions (with a maximum of four sub questions) from each module.
Each full question will have sub questions covering all the topics under a Module.
The students will have to answer 5 full questions, selecting one full question From each module.
Text Book:
1. Information Theory and Coding, Muralidhar Kulkarni , K.S. Shivaprakasha, Wiley India Pvt. Ltd, 2015, ISBN:978-81-265-5305-1
2. Digital and analog communication systems, K. Sam Shanmugam, John Wiley India Pvt. Ltd, 1996.
3. Digital communication, Simon Haykin, John Wiley India Pvt. Ltd, 2008.
Reference Books:
1. ITC and Cryptography, Ranjan Bose, TMH, II edition, 2007
2. Principles of digital communication, J. Das, S. K. Mullick, P. K. Chatterjee, Wiley, 1986 - Technology & Engineering
3. Digital Communications – Fundamentals and Applications, Bernard Sklar, Second Edition, Pearson Education, 2016, ISBN: 9780134724058.
4. Information Theory and Coding, K.N.Hari bhat, D.Ganesh Rao, Cengage Learning, 2017.
VTU E&C,TCE CBCS[NEW] 5th Sem Information Theory and Coding Module-4 notes(15...Jayanth Dwijesh H P
INFORMATION THEORY AND CODING
B.E., V Semester, Electronics & Communication Engineering /
Telecommunication Engineering
[As per Choice Based Credit System (CBCS) scheme]
Subject Code:15EC54 and 17EC54
Module-4
Error Control Coding:
Introduction, Examples of Error control coding, methods of Controlling Errors, Types of Errors, types of Codes, Linear Block Codes: matrix description of Linear Block Codes, Error Detection and Error Correction Capabilities of Linear Block Codes, Single Error Correcting hamming Codes, Table lookup Decoding using Standard Array.
Binary Cyclic Codes:
Algebraic Structure of Cyclic Codes, Encoding using an (n-k) Bit Shift register, Syndrome Calculation, Error Detection and Correction (Sections 9.1, 9.2, 9.3, 9.3.1, 9.3.2, 9.3.3 of Text 1).
Question paper pattern:
The question paper will have ten questions
Each full question consists of 16marks.
There will be 2 full questions (with a maximum of four sub questions) from each module.
Each full question will have sub questions covering all the topics under a Module.
The students will have to answer 5 full questions, selecting one full question From each module.
Text Book:
1. Information Theory and Coding, Muralidhar Kulkarni , K.S. Shivaprakasha, Wiley India Pvt. Ltd, 2015, ISBN:978-81-265-5305-1
2. Digital and analog communication systems, K. Sam Shanmugam, John Wiley India Pvt. Ltd, 1996.
3. Digital communication, Simon Haykin, John Wiley India Pvt. Ltd, 2008.
Reference Books:
1. ITC and Cryptography, Ranjan Bose, TMH, II edition, 2007
2. Principles of digital communication, J. Das, S. K. Mullick, P. K. Chatterjee, Wiley, 1986 - Technology & Engineering
3. Digital Communications – Fundamentals and Applications, Bernard Sklar, Second Edition, Pearson Education, 2016, ISBN: 9780134724058.
4. Information Theory and Coding, K.N.Hari bhat, D.Ganesh Rao, Cengage Learning, 2017.
VTU E&C,TCE CBCS[NEW]5th Sem Information Theory and Coding Module-3 notes(15&...Jayanth Dwijesh H P
INFORMATION THEORY AND CODING
B.E., V Semester, Electronics & Communication
Engineering / Telecommunication Engineering
[As per Choice Based Credit System (CBCS) scheme]
Subject Code:15EC54 and 17EC54
Module-3
Information Channels: Communication Channels ( Section 4.4 of Text 1). Channel Models, Channel Matrix, Joint probabilty Matrix, Binary Symmetric Channel, System Entropies, Mutual Information, Channel Capacity, Channel Capacity of : Binary Symmetric Channel, Binary Erasure Channel, Muroga,s Theorem, Contineuos Channels (Sections 4.2, 4.3, 4.4, 4.6, 4.7 of Text 3).
Question paper pattern:
The question paper will have ten questions
Each full question consists of 16marks.
There will be 2 full questions (with a maximum of four sub questions) from each module.
Each full question will have sub questions covering all the topics under a Module.
The students will have to answer 5 full questions, selecting one full question From each module.
Text Book:
1. Information Theory and Coding, Muralidhar Kulkarni , K.S. Shivaprakasha, Wiley India Pvt. Ltd, 2015, ISBN:978-81-265-5305-1
2. Digital and analog communication systems, K. Sam Shanmugam, John Wiley India Pvt. Ltd, 1996.
3. Digital communication, Simon Haykin, John Wiley India Pvt. Ltd, 2008.
Reference Books:
1. ITC and Cryptography, Ranjan Bose, TMH, II edition, 2007
2. Principles of digital communication, J. Das, S. K. Mullick, P. K. Chatterjee, Wiley, 1986 - Technology & Engineering
3. Digital Communications – Fundamentals and Applications, Bernard Sklar, Second Edition, Pearson Education, 2016, ISBN: 9780134724058.
4. Information Theory and Coding, K.N.Hari bhat, D.Ganesh Rao, Cengage Learning, 2017.
VTU E&C,TCE CBCS[NEW] 5th Sem Information Theory and Coding Module-2 notes(15...Jayanth Dwijesh H P
INFORMATION THEORY AND CODING
B.E., V Semester, Electronics & Communication
Engineering / Telecommunication Engineering
[As per Choice Based Credit System (CBCS) scheme]
Subject Code:15EC54 and 17EC54
Module-2
Source Coding: Source coding theorem, Prefix Codes, Kraft McMillan Inequality property – KMI (Section 2.2 of Text 2).Encoding of the Source Output,Shannon’s Encoding Algorithm (Sections 4.3, 4.3.1 of Text 1).
Shannon Fano Encoding Algorithm, Huffman codes, Extended Huffman coding, Arithmetic Coding, Lempel – Ziv Algorithm (Sections 3.6, 3.7, 3.8, 3.10 of Text 3).
Question paper pattern:
The question paper will have ten questions
Each full question consists of 16marks.
There will be 2 full questions (with a maximum of four sub questions) from each module.
Each full question will have sub questions covering all the topics under a Module.
The students will have to answer 5 full questions, selecting one full question From each module.
Text Book:
1. Information Theory and Coding, Muralidhar Kulkarni , K.S. Shivaprakasha, Wiley India Pvt. Ltd, 2015, ISBN:978-81-265-5305-1
2. Digital and analog communication systems, K. Sam Shanmugam, John Wiley India Pvt. Ltd, 1996.
3. Digital communication, Simon Haykin, John Wiley India Pvt. Ltd, 2008.
Reference Books:
1. ITC and Cryptography, Ranjan Bose, TMH, II edition, 2007
2. Principles of digital communication, J. Das, S. K. Mullick, P. K. Chatterjee, Wiley, 1986 - Technology & Engineering
3. Digital Communications – Fundamentals and Applications, Bernard Sklar, Second Edition, Pearson Education, 2016, ISBN: 9780134724058.
4. Information Theory and Coding, K.N.Hari bhat, D.Ganesh Rao, Cengage Learning, 2017.
VTU E&C,TCE CBCS[NEW] 5th Sem Information Theory and Coding Module-1 notes(15...Jayanth Dwijesh H P
INFORMATION THEORY AND CODING
B.E., V Semester, Electronics & Communication
Engineering /Telecommunication Engineering
[As per Choice Based Credit System (CBCS) scheme]
Subject Code: 15EC54 and 17EC54
Module-1
Information Theory: Introduction, Measure of information, Information content of message, Average Information content of symbols in Long Independent sequences, Average Information content of symbols in Long dependent sequences, Markov Statistical Model of Information Sources, Entropy and Information rate of Mark-off Sources (Section 4.1, 4.2 of Text 1).
Question paper pattern:
The question paper will have ten questions
Each full question consists of 16marks.
There will be 2 full questions (with a maximum of four sub questions) from each module.
Each full question will have sub questions covering all the topics under a Module.
The students will have to answer 5 full questions, selecting one full question From each module.
Text Book:
1. Information Theory and Coding, Muralidhar Kulkarni , K.S. Shivaprakasha, Wiley India Pvt. Ltd, 2015, ISBN:978-81-265-5305-1
2. Digital and analog communication systems, K. Sam Shanmugam, John Wiley India Pvt. Ltd, 1996.
3. Digital communication, Simon Haykin, John Wiley India Pvt. Ltd, 2008.
Reference Books:
1. ITC and Cryptography, Ranjan Bose, TMH, II edition, 2007
2. Principles of digital communication, J. Das, S. K. Mullick, P. K. Chatterjee, Wiley, 1986 - Technology & Engineering
3. Digital Communications – Fundamentals and Applications, Bernard Sklar, Second Edition, Pearson Education, 2016, ISBN: 9780134724058.
4. Information Theory and Coding, K.N.Hari bhat, D.Ganesh Rao, Cengage Learning, 2017.
UNIT - 2
SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Techniques,
Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of
DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of
Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher.
UNIT - 1
Services, mechanisms and attacks, The OSI security architecture, A model for
network security.
TEXT BOOK:
1. Cryptography and Network Security, William Stalling, Pearson Education, 2003.
REFERENCE BOOKS:
1. Cryptography and Network Security, Behrouz A. Forouzan, TMH, 2007.
2. Cryptography and Network Security, Atul Kahate, TMH, 2003.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Vaccine management system project report documentation..pdfKamal Acharya
The Division of Vaccine and Immunization is facing increasing difficulty monitoring vaccines and other commodities distribution once they have been distributed from the national stores. With the introduction of new vaccines, more challenges have been anticipated with this additions posing serious threat to the already over strained vaccine supply chain system in Kenya.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Quality defects in TMT Bars, Possible causes and Potential Solutions.PrashantGoswami42
Maintaining high-quality standards in the production of TMT bars is crucial for ensuring structural integrity in construction. Addressing common defects through careful monitoring, standardized processes, and advanced technology can significantly improve the quality of TMT bars. Continuous training and adherence to quality control measures will also play a pivotal role in minimizing these defects.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
1. NETWORK SECURITY (10EC832)
8th SEM E&C
JAYANTHDWIJESH H P M.tech (DECS)
Assistant Professor – Dept of E&CE
B.G.S INSTITUTE OF TECHNOLOGY (B.G.S.I.T)
B.G Nagara, Nagamangala Tq, Mandya District- 571448
2. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 1
NETWORK SECURITY
PART-B
UNIT-6
UNIT – 6
Intruders, Intrusion Detection, Password Management
TEXT BOOK:
1. Cryptography and Network Security, William Stalling, Pearson Education, 2003.
REFERENCE BOOKS:
1. Cryptography and Network Security, Behrouz A. Forouzan, TMH, 2007.
2. Cryptography and Network Security, Atul Kahate, TMH, 2003
3. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 2
UNIT-6
Intruders, Intrusion Detection, Password Management
1 INTRUDERS DEC-2012[6M], DEC-2013 / JAN-2014 [6M], DEC-2014/JAN-2015[6M],
JUNE/JULY-2017[6M]
One of the two most publicized threats to security is the intruder (the other is viruses),
often Referred to as a hacker or cracker. In an important early study of intrusion, Anderson
[ANDE80] identified three classes of intruders:
Masquerader: An individual who is not authorized to use the computer and who
penetrates a system’s access controls to exploit a legitimate user’s account.
Misfeasor: A legitimate user who accesses data, programs, or resources for which
such access is not authorized, or who is authorized for such access but misuses his or
her privileges.
Clandestine user: An individual who seizes supervisory control of the system and
Uses this control to evade auditing and access controls or to suppress audit collection.
The masquerader is likely to be an outsider; the misfeasor generally is an insider; and the
clandestine user can be either an outsider or an insider.
Intruder attacks range from the benign to the serious.
At the benign end of the Scale, there are many people who simply wish to explore
internets and see what is out There.
At the serious end are individuals who are attempting to read privileged data, perform
unauthorized modifications to data, or disrupt the system.
The following are examples of intrusion: Performing a remote root compromise of an email
server
Defacing a Web server
Guessing and cracking passwords
Copying a database containing credit card numbers
Viewing sensitive data, including payroll records and medical information without
Authorization.
Running a packet sniffer on a workstation to capture usernames and passwords
Using a permission error on an anonymous FTP server to distribute pirated software
And music files
4. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 3
Dialling into an unsecured modem and gaining internal network access
Posing as an executive, calling the help desk, resetting the executive’s e-mail
Password and learning the new password
Using an unattended, logged-in workstation without permission
1.1 INTRUDER BEHAVIOUR PATTERNS
The techniques and behaviour patterns of intruders are constantly shifting, to
Discovered weaknesses and to evade detection and countermeasures.
Even so, intruders typically follow one of a number of recognizable behaviour
patterns, and these patterns typically differ from those of ordinary users.
HACKERS
Traditionally, those who hack into computers do so for the thrill of it or for status.
Attackers often look for targets of opportunity and then share the information with
others within the hacking community.
The intruder took advantage of the fact that the corporate network as running
unprotected services.
The key to the break-in was the pc anywhere application.
The intruder was only discovered when a vice president walked into her office and
saw the cursor moving files around on her Windows workstation.
Benign intruders might be tolerable they just consume resources and may slow
performance for legitimate users.
Serious (malign) intruders may lead to big damage for network,, especially in official
or government systems.
CRIMINALS:
Organized groups of hackers have become a widespread and common threat to
Internet-based systems.
Oftenly, attackers cover underground forums to trade tips and data and coordinate
attacks.
A common target is a credit card file at an e-commerce server. Attackers attempt to
gain root access.
The card numbers are used to purchase expensive items, and then posted in carder
sites, where others can access and continue use it.
5. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 4
IDSs and IPSs can be used for these types of attackers, but maybe less effective
because of the quick in-and-out nature of the attack.
For e-commerce sites, database encryption should be used for sensitive customer
information, especially credit cards.
E-commerce organization should use dedicated server (not support multiple
customers) and closely monitor the provider’s security services.
INSIDER ATTACKS:
Among the most difficult to detect and prevent.
Those who already have access and knowledge about the structure and content of
corporate database.
Can be motivated by revenge or certain special reasons, such as feeling of entitlement
when employment terminated
taking customer data when move to competitor
IDS and IPS facilities can be useful in countering insider attacks, other more Direct
approaches are of higher priority. Examples include the following:
Enforce least privilege, only allowing access to the resources employees need to
do their job.
Set logs to see what users access and what commands they are entering.
Protect sensitive resources with strong authentication.
Upon termination, delete employee’s computer and network access.
Upon termination, make a mirror image of employee’s hard drive before
reissuing it. That evidence might be needed if your company information turns up
at a competitor.
Some examples of Intruder Patterns of Behaviour
a) Hacker
Select the target using IP lookup tools such as NS Lookup, Dig, and others.
Map network for accessible services using tools such as NMAP.
Identify potentially vulnerable services (in this case, pc anywhere).
Brute force (guess) pc anywhere password.
Install remote administration tool called Dame Ware.
Wait for administrator to log on and capture his password.
Use that password to access remainder of network.
6. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 5
b) Criminal Enterprise
Act quickly and precisely to make their activities harder to detect.
Exploit perimeter through vulnerable ports.
Use Trojan horses (hidden software) to leave back doors for re-entry.
Use sniffers to capture passwords.
Do not stick around until noticed.
Make few or no mistakes.
c) Internal Threat
Create network accounts for themselves and their friends.
Access accounts and applications they wouldn’t normally use for their daily jobs.
E-mail former and prospective employers.
Conduct furtive instant-messaging chats.
Visit Web sites that cater to disgruntled employees, such as f’dcompany.com.
Perform large downloads and file copying.
Access the network during off hours.
1.2 INTRUSION TECHNIQUES
The objective of the intruder is to gain access to a system or to increase the range of
privileges accessible on a system.
Most initial attacks use system or software vulnerabilities that allow a user to execute
code that opens a back door into the system.
The intruder attempts to acquire information that should have been protected. In some
cases, this information is in the form of a user password. With knowledge of some
other user’s password, an intruder can log in to a system and exercise all the
privileges accorded to the legitimate user.
Typically, a system must maintain a file that associates a password with each
authorized user.
The password file can be protected in one of two ways:
One-way function: The system stores only the value of a function based on the
user’s password. When the user presents a password, the system transforms that
password and compares it with the stored value. In practice, the system usually
performs a one-way transformation (not reversible) in which the password is used
7. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 6
to generate a key for the one-ay function and in which a fixed-length output is
produced.
Access control: Access to the password file is limited to one or a very few
accounts.
On the basis of a survey of the literature and interviews with a number of password
crackers, [ALVA90] reports the following techniques for learning passwords:
Try default passwords used with standard accounts that are shipped with the
system. Many administrators do not bother to change these defaults.
Exhaustively try all short passwords (those of one to three characters).
Try words in the system’s online dictionary or a list of likely passwords.
Collect information about users (names, hobbies, habit...)
Try users’ phone numbers, Social Security numbers, and room numbers.
Try all legitimate license plate numbers for this state.
Use a Trojan horse to bypass restrictions on access.
Tap the line between a remote user and the host system.
2. INTRUSION DETECTION JUNE-2012[10M]
Inevitably, the best intrusion prevention system will fail. A system’s second line of
defence is intrusion detection, and this has been the focus of much research in recent
years. This interest is motivated by a number of considerations, including the
following:
1. If an intrusion is detected quickly enough, the intruder can be identified and
ejected from the system before any damage is done or any data are compromised.
Even if the detection is not sufficiently timely to pre-empt the intruder, the sooner
that the intrusion is detected, the less the amount of damage and the more quickly
that recovery can be achieved.
2. An effective intrusion detection system can serve as a deterrent, so acting to
prevent Intrusions.
3. Intrusion detection enables the collection of information about intrusion
techniques that can be used to strengthen the intrusion prevention facility.
Intrusion detection is based on the assumption that the behaviour of the intruder
differs from that of a legitimate user in ways that can be quantified.
8. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 7
Below fig (1):-
Figure 1 suggests, in very abstract terms, the nature of the task confronting the
Designer of an intrusion detection system.
The typical behavior of an intruder Differs from the typical behavior of an
authorized user, there is an overlap in these Behaviors.
A loose interpretation of intruder behavior, which will catch more Intruders, will
also lead to a number of ―false positives, or authorized users identified as
intruders.
On the other hand, an attempt to limit false positives by a tight interpretation of
intruder behavior will lead to an increase in false negatives, or intruders not
identified as intruders. Thus, there is an element of compromise and art in the
practice of intrusion detection.
Figure 1: Profiles of Behaviour of Intruders and Authorized Users
[PORR92] identifies the following approaches to intrusion detection: JUNE/JULY-
2013[10M], DEC-2013 / JAN-2014[6M], JUNE/JULY-2017[4M]
1. Statistical anomaly detection: Involves the collection of data relating to the
behavior of legitimate users over a period of time. Then statistical tests are applied
to observed behavior to determine with a high level of confidence whether that
behavior is not legitimate user behavior.
9. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 8
Threshold detection: This approach involves defining thresholds,
independent of user, for the frequency of occurrence of various events.
Profile based: A profile of the activity of each user is developed and used to
detect changes in the behavior of individual accounts.
2. Rule-based detection: Involves an attempt to define a set of rules that can be
used to decide that a given behavior is that of an intruder.
Anomaly detection: Rules are developed to detect deviation from previous
usage patterns.
Penetration identification: An expert system approach that searches for
suspicious behavior.
2.1 Audit Records
A fundamental tool for intrusion detection is the audit record. Some record of ongoing
activity by users must be maintained as input to an intrusion detection system.
Basically, two plans are used:
1. Native audit records:
Virtually all multiuser operating systems include accounting software that
collects information on user activity.
The advantage of using this information is that no additional collection
software is needed.
The disadvantage is that the native audit records may not contain the needed
information or may not contain it in a convenient form.
2. Detection-specific audit records:
A collection facility can be implemented that generates audit records
containing only that information required by the intrusion detection system.
One advantage of such an approach is that it could be made vendor
independent and ported to a variety of systems.
The disadvantage is the extra overhead involved in having, in effect, two
accounting packages running on a machine.
A good example of detection-specific audit records is one developed by Dorothy
Denning [DENN87]. Each audit record contains the following fields:
Subject: Initiators of actions. A subject is typically a terminal user but might also
be process acting on behalf of users or groups of users. All activity arises through
10. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 9
commands issued by subjects. Subjects may be grouped into different access
classes, and these classes may overlap.
Action: Operation performed by the subject on or with an object; for example,
login, read, perform I/O, execute.
Object: Receptors of actions. Examples include files, programs, messages,
records, terminals, printers, and user- or program-created structures.
Exception-Condition: Denotes which, if any, exception condition is raised on
return.
Resource-Usage: A list of quantitative elements in which each element gives the
amount used of some resource (e.g., number of lines printed or displayed, number
of records read or written, processor time, I/O units used, session elapsed time).
Time-Stamp: Unique time-and-date stamp identifying when the action took
place.
Most user operations are made up of a number of elementary actions. Most user
operations are made up of a number of elementary actions. For example, a file copy
involves the execution of the user command, which includes doing access validation
and setting up the copy, plus the read from one file, plus the write to another file.
Consider the command
COPY GAME.EXE TO <Library>GAME.EXE
Issued by Smith to copy an executable file GAME from the current directory to
the<Library> directory. The following audit records may be generated:
In this case, the copy is aborted because Smith does not have write permission
to<Library>.
The decomposition of a user operation into elementary actions has three advantages:
Because objects are the protectable entities in a system, the use of elementary
actions enables an audit of all behavior affecting an object. Thus, the system can
detect attempted subversions of access controls (by noting an abnormality in the
11. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 10
number of exception conditions returned) and can detect successful subversions
by noting an abnormality in the set of objects accessible to the subject.
Single-object, single-action audit records simplify the model and the
implementation.
Because of the simple, uniform structure of the detection-specific audit records, it
may be relatively easy to obtain this information or at least part of it by a
straightforward mapping from existing native audit records to the detection
specific audit records.
2.2 Statistical Anomaly Detection DEC-2012[6M]
As was mentioned, statistical anomaly detection techniques fall into two broad
categories: threshold detection and profile-based systems.
1. Threshold detection
Involves counting the number of occurrences of a specific event type over
an interval of time.
If the count surpasses what is considered a reasonable number that one
might expect to occur, then intrusion is assumed.
Threshold analysis, by itself, is a crude and ineffective detector of even
moderately sophisticated attacks. However, simple threshold detectors
may be useful in conjunction with more sophisticated techniques.
2. Profile-based anomaly detection DEC-2011[6M]
Focuses on characterizing the past behavior of individual users or related
groups of users and then detecting significant deviations.
Some metrics that are useful for profile-based intrusion detection are the following:
Counter: A nonnegative integer that may be incremented but not decremented
until it is reset by management action. a count of certain event types is kept over a
particular period of time ( number of logins by a single user during an hour,
number of password failures during a minute)
Gauge: A nonnegative integer that may be incremented or decremented.
Typically, a gauge is used to measure the current value of some entity. Examples
include the number of logical connections assigned to a user application and the
number of outgoing messages queued for a user process.
12. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 11
Interval timer: The length of time between two related events. An example is the
length of time between successive logins to an account.
Resource utilization: Quantity of resources consumed during a specified period.
Examples include the number of pages printed during a user session and total time
consumed by a program execution.
2.3 Rule-Based Intrusion Detection
Rule-based techniques detect intrusion by observing events in the system and applying a
set of rules that lead to a decision regarding whether a given pattern of activity is or is not
suspicious.
a. Rule-based anomaly detection: historical audit records are analyzed to identify
usage patterns and to generate automatically rules that describe those patterns. Rules
represent past behavior patterns of users, current behavior is then observed, and each
transaction is matched against the set of rules to determine if it conforms to any
historically observed pattern of behavior.
b. Rule-based penetration identification: The key feature of such systems is the use of
rules for identifying known penetrations or penetrations that would exploit known
weaknesses. Rules can also be defined that identify suspicious behavior, even when
the behavior is within the bounds of established patterns of usage.
A simple example of the type of rules that can be used is found in NIDX, an early system
that used heuristic rules that can be used to assign degrees of suspicion to activities
[BAUE88]. Example heuristics are the following:
1. Users should not read files in other users’ personal directories.
2. Users must not write other users’ files.
3. Users who log in after hours often access the same files they used earlier.
4. Users do not generally open disk devices directly but rely on higher-level operating
system utilities.
5. Users should not be logged in more than once to the same system.
6. Users do not make copies of system programs.
13. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 12
2.4 The Base-Rate Fallacy
An intrusion detection system should detect a substantial percentage of intrusions
while keeping the false alarm rate at an acceptable level.
It is very difficult to meet the standard of high rate of detections with a low rate of
false alarms. In general, if the actual numbers of intrusions is low compared to the
number of legitimate uses of a system, then the false alarm rate will be high.
2.5 Distributed Intrusion Detection DEC – 2010[10M], DEC-2011[8M], JUNE-2012[10M], DEC-
2014/JAN-2015[10M], DEC-2015/JAN-2016[10M]
Until recently, work on intrusion detection systems focused on single-system standalone
facilities. The typical organization, however, needs to defend a distributed collection of hosts
supported by a LAN or internetwork. Although it is possible to mount a defense by using
stand-alone intrusion detection systems on each host, a more effective defense can be
achieved by coordination and cooperation among intrusion detection systems across the
network. Pores as points out the following major issues in the design of a distributed intrusion
detection system.
A distributed intrusion detection system may need to deal with different audit record
formats. In a heterogeneous environment, different systems will employ different
native audit collection systems and, if using intrusion detection, may employ different
formats for security-related audit records.
One or more nodes in the network will serve as collection and analysis points for the
data from the systems on the network. Thus, either raw audit data or summary data
must be transmitted across the network. Therefore, there is a requirement to assure the
integrity and confidentiality of these data. Integrity is required to prevent an intruder
from masking his or her activities by altering the transmitted audit information.
Confidentiality is required because the transmitted audit information could be
valuable.
Either a centralized or decentralized architecture can be used. With a centralized
architecture, there is a single central point of collection and analysis of all audit data.
This eases the task of correlating incoming reports but creates a potential bottleneck
and single point of failure. With a decentralized architecture, there are more than
14. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 13
one analysis centres’, but these must coordinate their activities and exchange
information.
Figure 2 Architecture for distributed intrusion
A good example of a distributed intrusion detection system is one developed at the University
of California at Davis [HEBE92, SNAP91]. Figure (2) shows the overall architecture, which
consists of three main components:
Host agent module: An audit collection module operating as a background process
on a monitored system. Its purpose is to collect data on security related events on the
host and transmit these to the central manager.
LAN monitor agent module: Operates in the same fashion as a host agent module
except that it analyzes LAN traffic and reports the results to the central manager.
Central manager module: Receives reports from LAN monitor and host agents and
processes and correlates these reports to detect intrusion.
Fig 3:-
The scheme is designed to be independent of any operating system or system auditing
implementation. Figure 6.3 [SNAP91] shows the general approach that is taken.
The agent captures each audit record produced by the native audit collection system.
A filter is applied that retains only those records that are of security interest.
15. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 14
These records are then reformatted into a standardized format referred to as the host audit
record (HAR).
Next, a template-driven logic module analyzes the records for suspicious activity. At the
lowest level, the agent scans for notable events that are of interest independent of any past
events.
At the next higher level, the agent looks for sequences of events, such as known attack
patterns (signatures).
Finally, the agent looks for anomalous behavior of an individual user based on a historical
profile of that user, such as number of programs executed, number of files accessed and
the like.
Figure 3: Agent Architecture
When suspicious activity is detected, an alert is sent to the central manager.
The central manager includes an expert system that can draw inferences from received
data. The manager may also query individual systems for copies of HARs to correlate
with those from other agents.
The LAN monitor agent also supplies information to the central manager. The LAN
monitor agent audits host-host connections, services used, and volume of traffic.
16. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 15
It Searches for significant events, such as sudden changes in network load, the use of
security related services, and network activities such as rlogin.
2.6 Honey pots
Honey pots are decoy systems that are designed to lure a potential attacker away from
critical systems.
Divert an attacker from accessing critical systems
Collect information about the attacker’s activity
Encourage the attacker to stay on the system long enough for administrators to
respond.
Because any attack against the honey pot is made to seem Successful, administrators
have time to mobilize and log and Track the attacker without ever exposing
productive systems.
2.7 Intrusion Detection Exchange Format
To facilitate the development of distributed intrusion detection systems that can
function across a wide range of platforms and environments, standards are needed to support
interoperability. Such standards are the focus of the IETF Intrusion Detection Working
Group. The purpose of the working group is to define data formats and exchange procedures
for sharing information of interest to intrusion detection and response systems and to
management systems that may need to interact with them. The outputs of this working group
include:
A requirements document, which describes the high-level functional requirements for
communication between intrusion detection systems and requirements for
communication between intrusion detection systems and with management systems,
including the rationale for those requirements. Scenarios will be used to illustrate the
requirements.
A common intrusion language specification, which describes data formats That satisfy
the requirements.
A framework document, which identifies existing protocols best used for
communication between intrusion detection systems, and describes how the devised
data formats relate to them. As of this writing, all of these documents are in an
Internet-draft document stage.
17. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 16
3 PASSWORD MANAGEMENT
3.1 Password Protection JUNE/JULY-2013[10M], JUNE/JULY-2017[10M]
The front line of defense against intruders is the password system. Virtually all
multiuser systems require that a user provide not only a name or identifier (ID) but also a
password. The password serves to authenticate the ID of the individual logging on to the
system. In turn, the ID provides security in the following ways:
The ID determines whether the user is authorized to gain access to a system. In some
systems, only those who already have an ID filed on the system are allowed to gain
access.
The ID determines the privileges accorded to the user. A few users may have
supervisory or ―super user status that enables them to read files and perform
functions that are especially protected by the operating system. Some systems have
guest or anonymous accounts, and users of these accounts have more limited
privileges than others.
The ID is used in what is referred to as discretionary access control. For example, by
listing the IDs of the other users, a user may grant permission to them to read files
owned by that user.
3.2 The vulnerability of passwords OR UNIX Password Scheme DEC – 2010[10M],
DEC-2011[8M], JUNE/JULY-2013[10M], JUNE/JULY-2017[10M]
Fig 4:-
Each user selects a password of up to eight printable characters in length. This is
converted into a 56-bit value (using 7-bit ASCII) that serves as the key input to an
encryption routine.
The encryption routine, known as crypt, is based on DES. The DES algorithm is
modified using a 12-bit “salt” value. This value is related to the time at which the
password is assigned to the user.
The modified DES algorithm is exercised with a data input consisting of a 64-bit
block of zeros.
The output of the algorithm then serves as input for a second encryption. This process
is repeated for a total of 25 encryptions.
The resulting 64-bit output is then translated into an 11-character sequence.
18. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 17
The hashed password is then stored, together with a plaintext copy of the salt, in the
password file for the corresponding user ID.
This method has been shown to be secure against a variety of cryptanalytic attacks.
The salt serves three purposes:
It prevents duplicate passwords from being visible in the password file.
It effectively increases the length of the password, the number of possible
passwords is increased by a factor of 4096, hence increases the difficulty of
guessing a password
It prevents the use of a hardware implementation of DES, which would ease the
difficulty of a brute-force guessing attack.
Fig 4 UNIX Password Scheme
19. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 18
3.3 Access control:
One way to thwart a password attack is to deny the opponent access to the password
file.
If the encrypted password portion of the file is accessible only by a privileged user,
then the opponent cannot read it without already knowing the password of a
privileged user. [SPAF92a] points out several flaws in this strategy.
Many systems, including most UNIX systems, are susceptible. to unanticipated
break-ins. Once an attacker has gained access by some means, he or she may wish
to obtain a collection of passwords in order to use different accounts for different
logon sessions to decrease the risk of detection. Or a user with an account may
desire another user’s account to access privileged data or to sabotage the system.
An accident of protection might render the password file readable, thus
compromising all the accounts.
Some of the users have accounts on other machines in other protection domains,
and they use the same password. Thus, if the passwords could be read by anyone
on one machine, a machine in another location might be compromised. Thus, a
more effective strategy would be to force users to select passwords that are
difficult to guess.
3.4 Password Selection Strategies DEC-2012[8M], DEC-2013 / JAN-2014[8M], DEC-2014/JAN-
2015[8M], DEC-2015/JAN-2016[10M]
If users are assigned passwords consisting of eight randomly selected printable
characters, password cracking is effectively impossible.
But it would be almost as impossible for most users to remember their passwords. Four basic
techniques help to eliminate guessable passwords
while allowing the user to select a password that is memorable:
Four basic techniques are in use:
User education
Computer-generated passwords
Reactive password checking
Proactive password checking
1. User education:-
20. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 19
Users can be told the importance of using hard-to-guess passwords and can be provided
with guidelines for selecting strong passwords.
2. Computer-generated passwords:-
FIPS PUB 181 defines one of the best-designed auto mated password generators. The
standard includes not only a description of the approach but also a complete listing of the C
source code of the algorithm. The algorithm generates words by forming pronounceable
syllables and concatenating them to form a word. A random number generator produces a
random stream of characters used to construct the syllables and words.
3. Reactive password checking:-
strategy is one in which the system periodically runs its own password cracker to find
guessable passwords. The system cancels any passwords that are guessed and notifies the
user..
4. Proactive password checker:-
In this scheme, a user is allowed to select his or her own password. However, at the time of
selection, the system checks to see if the password is allowable and, if not, rejects it.
Some rules should be enforced:
All passwords must be at least eight characters long.
In the first eight characters, the passwords must include at least one each of
uppercase, lowercase, numeric digits, and punctuation marks.
Figure 6 (Markov model):-
Shows a simplified version of such a model.
This model shows a language consisting of an alphabet of three characters.
The state of the system at any time is the identity of the most recent letter. The value
on the transition from one state to another represents the probability that one letter
follows another. Thus, the probability that the next letter is b, given that the current
letter is a, is 0.5.
In general a markov model is a quadruple [m, A, T, k].
m = is the number of states in the model
A = is the state space
21. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 20
T = is the matrix of transition probabilities
k = is the order of the model
Figure 6 an Example Markov Model
Spafford [SPAF92a, SPAF92b]. It is based on the use of a Bloom filter [BLOO70]
concept in another way to develop an effective proactive password checker.
A Bloom filter of order k consists of a set of k independent hash functions 𝐻1(x),
𝐻2(x)…, 𝐻 𝐾(x), where each function maps a password into a hash value in the range 0
to N - 1.
The following procedure is then applied to the dictionary:
A hash table of bits is defined, with all bits initially set to 0.
22. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 21
For each password, its hash values are calculated, and the corresponding bits in
the hash table are set to 1.Thus, if 𝐻𝑖(𝑋𝑖), = 67 for some (i, j), then the sixty-
seventh bit of the hash table is set to 1; if the bit already has the value 1, it remains
at 1.
When a new password is presented to the checker, its hash values are calculated.
If all the corresponding bits of the hash table are equal to 1, then the password is
Rejected. All passwords in the dictionary will be rejected.
If the password xG%#jj98 is presented to the system, it will be rejected even though it
is not in the dictionary.
The hash scheme to minimize false positives. The probability of a false positive can
be approximated by:
23. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 22
QUESTION BANK –NETWORK SECURITY
UNIT-2
MAY/JUNE 2010
DEC – 2010
1. Explain the architecture of a distributed intrusion detection system. Give the major issues
in the design. [10M]
2. Briefly explain the UNIX password scheme. What are the threats to this scheme? How are
they overcome? [10M]
DEC-2011
1. Explain UNIX password scheme, with a diagram. [8M]
2. Explain the architecture of distributed intrusion detection with a diagram. [8M]
3. Give examples of metrics that are useful for profile based intrusion detection. [4M]
JUNE-2012
1. Describe following intrusion detection mechanisms: [10M]
a) Statistical anomaly detection.
b) Rule based detection.
2. Explain the architecture of distributed intrusion detection system. [10M]
DEC-2012
1. Briefly describe the three classes of intruders. [6M]
2. Explain the statistical anomaly detection. [6M]
3. Illustrate password selection technologies. [8M]
JUNE/JULY-2013
1. Give a detailed account on UNIX password management. [10M]
2. with a schematic, explain the typical steps in digital immune system.[10M]
3. Explain the approaches to intrusion detection system. [4M]
DEC-2013 / JAN-2014
1. List and briefly explain three classes of intruders and list three benefits of using intrusion
detection system. [6M]
2. List and briefly define the techniques used to avoid guessable passwords. [8M]
3. Discuss intrusion detection approaches. [6M]
DEC-2014/JAN-2015
1. Briefly explain the three classes of intruders. [6M]
2. What are the four basic techniques of choosing passwords? [8M]
3. Explain the architecture of distributed intrusion detection system. [6M]
24. NETWORK SECURITY 10EC832
Dept. of ECE, BGSIT Page 23
DEC-2015/JAN-2016
1. Explain the architecture of a distributed intrusion detection system. Give the major issues
in the design. [10M]
2. Briefly explain the password selection strategies. [10M]
𝐉𝐔𝐍𝐄/𝐉𝐔𝐋𝐘 − 𝟐𝟎𝟏𝟕
1. Briefly describe the three classes of intruder. [6M]
2. Explain approaches to intrusion detection system. [4M]
3. Give a detailed account on UNIX password management. [10M]