UNIT-IV

Telecommunications, Network, and

Internet Security and Application
Development Security

By Shailee Shah
Assistant professor
President Institute of Computer Application
4.1 Telecommunications, Network, and Internet
Security
 Introduction

 The Internet has grown faster than any telecommunications system in history. It continues

to grow as wireless broadband spans more continents and becomes more ubiquitous.
 Still, typical users of the Internet fail to realize that Internet-attached corporate and internal

networks are attractive targets for intruders who seek out massive collections of credit card
information, personally identifiable information (PII), and corporate secrets.
 New Internet sites, in particular, are often prime targets for malicious activity, including

break-ins, file tampering, vandalism, and service disruptions.

 Not only is this activity difficult to discover and correct, but it also is highly embarrassing

to the organization and is costly in terms of lost productivity and damage to data, company
reputation, and customer goodwill.

2
An Overview of Network and Telecommunications Security
 Telecommunications, Network, and Internet Security is one of the largest of the domains in

the Common Body of Knowledge (in terms of content) and one of the most essential areas of
focus . Topics in this domain include the following:
 The Open Systems Interconnection (OSI) reference model to promote interoperability for disparate

network communications.
 TCP/IP, the Transmission Control Protocol/Internet Protocol, developed by the U.S. Department of

Defense in the 1970s and widely used on the Internet

 Security services to protect networks from attack: authentication, access control, data confidentiality,

data integrity, non repudiation, and logging

 Data network types, including local area networks (LAN), wide area networks (WAN), and the

Internet, intranets, and extranets

 Devices for network security: routers, firewalls, and intrusion detection and prevention systems
(IDSs/IPSs)
 Virtual private networks, or VPNs, a kind of private “tunnel” through the Internet that use IP security

(IPSec) to perform encryption and authentication to address the lack of security on IP-based networks

3
Network Security in Context
 Telecommunications, Network, and Internet Security is one of the largest of the domains in

the Common Body of Knowledge (in terms of content) and one of the most essential areas of
focus . Topics in this domain include the following:
 The Open Systems Interconnection (OSI) reference model to promote interoperability for disparate

network communications.
 TCP/IP, the Transmission Control Protocol/Internet Protocol, developed by the U.S. Department of

Defense in the 1970s and widely used on the Internet

 Security services to protect networks from attack: authentication, access control, data confidentiality,

data integrity, non repudiation, and logging

 Data network types, including local area networks (LAN), wide area networks (WAN), and the

Internet, intranets, and extranets

 Devices for network security: routers, firewalls, and intrusion detection and prevention systems
(IDSs/IPSs)
 Virtual private networks, or VPNs, a kind of private “tunnel” through the Internet that use IP security

(IPSec) to perform encryption and authentication to address the lack of security on IP-based networks
4
The OSI Reference Model and TCP/IP

 TCP/IP is the collection of protocols the U.S. Department of Defense used in the 1970s to build

the predecessor of the Internet, called ARPANET, or the Advanced Research Projects Network.

Transport Layer (host-to-host) protocols

 The Transport Layer consists of two elements:

1. Transmission Control Protocol: TCP is a reliable service that maintains the proper sequence of

incoming packets and acknowledges receipt to the user.

2. User Datagram Protocol (UDP): UDP is a less robust version of TCP. It does not acknowledge

receipt of packets and is a connectionless and less reliable service. Its advantage over TCP is its
5
faster speed and lower overhead.
The OSI Reference Model and TCP/IP
Network Layer (host-to-host) protocols

1. Internet Protocol: The protocol of protocols, IP addresses are assigned by the Internet
Assigned Numbers Authority (www.iana.org/) to each host computer on the network.
This serves as a logical ID. The IP address assists with the routing of information across
the Internet. Outgoing data packets have the originator’s IP address and the IP address of
the recipient.
2. Address Resolution Protocol (ARP): ARP matches an IP address to an Ethernet
address, which is a physical device (network adapter) that has a unique media access
control (MAC) address assigned by the manufacturer of the device. MAC addresses are
much longer numbers than IP addresses, and humans tend to work better with IP
addresses than with MAC addresses. Thus, ARP and RARP (covered next) exist to help
with network addressing tasks.
3. Reverse Address Resolution Protocol (RARP): If ARP translates an IP address to a
MAC address, then RARP translates hardware interface (MAC) addresses to IP protocol
addresses. 6
4. Internet Control Message Protocol (ICMP): The ICMP is tightly integrated with the IP
protocol. Some of its functions include announcing network errors and congestion,
troubleshooting, and reporting timeouts. ICMP is the management protocol for TCP/IP.
 The following are the primary applications using TCP/IP:
1. File Transfer Protocol (FTP): FTP is one of the oldest Internet protocols. It facilitates the
transfer of data files (such as customer purchase information from a mainframe to a data
warehouse) between two similar or dissimilar FTP devices. FTP can also perform certain
directory functions.
2. Remote login (Telnet): First published in 1983, Telnet was originally designed to facilitate
remote logins to a computer via the Internet for terminal (interactive) sessions. A user
running a local Telnet program (client) can execute a login session on a remote computer (for
example, to access a university library) using a Telnet server program for communication.
Because of security issues using Telnet (clear-text IDs and passwords, lack of encryption for
session data), its use has fallen out of favor and is most often replaced with Secure Shell, or
SSH.
3. Electronic Mail or Simple Mail Transfer Protocol (SMTP): This is the protocol used to
7
send email via the Internet in a host-to-host configuration.
Data Network Types
 The various types of data networks are listed here:

1. Local area networks (LANs)

2. Wide area networks (WANs)

3. Internet, intranet, and extranets

1. Local Area Networks

 A local area network, or LAN, is a network configuration designed for a limited space or geographic

area, such as a series of offices in the same building (for example, a university administration
building).
 LANs share network services such as databases, email, and application services by connecting

workstations and servers through a set of LAN protocols and access methods.
 Two common types of LANs are the campus area network (CAN), used to connect buildings through

a network backbone, and the metropolitan area network (MAN), used to connect branches of an
organization using wireless (satellite or cellular) devices over a long distance between branches.

8
2. Wide Area Networks
 A group of smaller LANs connected logically or physically is referred to as a wide

area network, or WAN.

 The WAN covers a larger geographic area than a LAN (technically, a network that covers an area

larger than a single building).

 A WAN can span an entire nation or even the globe using satellites.

 A WAN is inherently more complex than a LAN because of its size and use of multiple network

protocols and configuration.

 WANs can combine other sub networks, such as intranets, extranets, and virtual private networks

(VPNs), to provide enhanced network capabilities.

3. Internet, intranet, and extranets

 Referred to as a network of networks, the Internet is an interconnection of different-sized networks

(LANs) around the world

 The Internet uses the TCP/IP protocols (covered shortly) in a scheme decentralized by design. Each

host computer on the Internet is independent; its operators can choose the Internet services and local
services they want to offer.
9
 An intranet is a local or wide area network based on TCP/IP, but with fences (firewalls) that limit the

network’s access to the Internet.

 Intranets use the standard software and protocols you find on the Internet, but they are for private use

and are not accessible to the public via the Internet. Companies can use low cost Internet software
such as browsers to build internal sites, such as human resources and internal job postings.
 An intranet is more secure than the Internet because it has a restricted user community and local
control.
 An extranet is an intranet that allows select users outside the firewalls to access the site. For example,

a company might give vendors and suppliers limited access to the intranet while excluding the general
public.

10
Protecting TCP/IP Networks
 Protecting computer networks is a challenging job and is best approached by applying the principle of

defense in depth. The following sections begin to examine the pieces of the security puzzle to see how
to best fit them together for effective defenses and coverage.
 These include the use of these components:

1. Routers

2. Firewalls

3. Intrusion detection systems (IDSs)

4. Intrusion prevention systems (IPSs)

11
Basic Security Infrastructures
 The basic design for network security. As you see, the infrastructure relies on layers of devices (think

defense in depth) that serve specific purposes and provide multiple barriers of security that protect,
detect, and respond to network attacks, often in real time.

12
Firewalls
 Firewalls insulate a private network from a public network using carefully established controls on the type

of requests they’ll route to the private network for processing and fulfillment.
 For example, an HTTP request for a public web page will be honored, whereas an FTP request to a host

behind the firewall might be dishonored.

 Firewalls typically run monitoring software to detect and thwart external attacks on the site and protect the

internal corporate network.

 When you install a firewall, you essentially break the network so that no communications can occur until

the rules for permissible communications are established and implemented.

 Several firewall architecture models are used to protect the perimeter of a network and control the flow of

permitted communications.
 Non permitted traffic (requests for services that are not authorized) is discarded by the firewall before

entering the protected network or network segment.

13
14
Intrusion Detection Systems
 An intrusion detection system (IDS) attempts to detect an intruder breaking intoyour system or an

authorized user misusing system resources.

 The IDS operates constantly on your system, working in the background, and notifies you only when

it detects something it considers suspicious or illegal.

 Potential intruders fall into two major classifications:

 Outside intruders
 Inside intruders
 IDSs are needed to detect both types of intrusions: break-in attempts from the outside and

knowledgeable insider attacks. Effective intrusion detection systems detect both.

 security policies define what’s permitted and what’s denied on your computer systems. The two basic

philosophical options in designing policy follow:

 Prohibit everything that is not expressly permitted (restrictive posture).
 Permit everything that is not expressly denied (permissive posture).
 Generally, people more concerned about security exercise the first option. Policies are put in place to

describe exactly what operations are allowed on a system. Any operation that is not detailed in the
15
policy will be considered banned on the system.
Intrusion Prevention Systems
 Using the concepts of intrusion detection, intrusion prevention systems (IPSs) go one step further. The IPS

typically sits directly behind the firewall, in line with network traffic, and performs an additional layer for
the analysis of traffic.
 Unlike an IDS, which behaves as a passive system that scans traffic and reports back on threats, the IPS

actively analyzes and performs actions on all traffic flows that enter the network, including these:
 Sending an alarm to the administrator (such as an IDS)

 Blocking traffic from the source address

 Resetting the connection

 As an in-line security component, the IPS must work efficiently to avoid degrading network performance.

It must also work fast because exploits can happen in near real time. In addition, the IPS must detect and
respond accurately , To eliminate threats and false positives (legitimate packets misread as threats).
 The IPS has a number of detection methods for finding exploits, but signature based detection and

statistical anomaly–based detection (described earlier) are the two prevailing mechanisms.

16
Virtual Private Networks
 A virtual private network, or VPN, is a network technology that makes it possible to establish private

“tunnels” over the public Internet, reducing the cost of dedicated private network connections such as
leased lines and dial-up networks.
 The three primary uses for VPNs are for employee remote access to corporate networks, extranet

connections with business partners and suppliers, and branch office networks.
 All that is needed for a VPN is a specialized firewall, client, or server software (to initiate and
maintain a connection) and an Internet service provider (ISP) connection for Internet connectivity.
 These features, called IP security, or IPSec, operate at both the Network Layer and the Session Layer

of the TCP/IP protocol stack.

17
Software Development Security
Introduction
 This chapter introduces you to the concepts of securing software throughout its

development life cycle.

The Practice of Software Engineering

 People purchase software because it fulfills their need to perform some function.

 The sad truth is that most software is flawed straight out of the box, and these flaws can

threaten the security and safety of the very systems on which they operate.
 These flaws are present not just in the traditional computers we use every day, but also in

critical devices, such as our cell phones and medical devices (think pacemakers and cars),
and national infrastructures, such as banking and finance, energy, and
telecommunications.
 Programmers are taught to write code—they are not taught how to write good code.

18
 To a developer, the software might work just as intended, but the developer never tested it

to see how it behaves when it’s being fed malicious input or is under direct attack.
 Writing software, like driving a car, is a habit. Until someone teaches us how to drive

safely, we don’t personally know the dangers of driving and the skills needed to prevent or
avoid accidents. Cars often have safety mechanisms built into them, but as drivers, we
have to consciously use our own safe driving skills. Experience teaches us that we are
better off instilling safe driving skills before we let people loose on the roads—their first
accident could be their last.

19
Software Development Life Cycles
 Some people call it a methodology, others a religion, and still others a set of handcuffs

that restricts their creative energies. To some degree, everyone who has an opinion on the
subject is right. Software engineers have followed a number of different software
engineering processes over the years.
 Regardless of the process, software engineers undoubtedly perform the same fundamental

tasks to build information technology systems:

1. Understand the requirements of the system

2. Analyze the requirements in detail until the detailed business model is complete

3. Determine the appropriate technology for the system based on its purpose and use

4. Identify and design program functions

5. Code the programs

6. Test the programs individually and collectively

7. Install the system into a secure “production” environment

20
21
22
23
Malicious code
 Malicious code (sometimes referred to as “malware”) includes a variety of threats such as

viruses, worms, Trojan horses, ransom ware, and bots.

 In the past, malicious code was often intended to simply impair computers, and was often

authored by a lone hacker, but increasingly it involves a small group of hackers or a nation-state
supported group, and the intent is to steal e-mail addresses, logon credentials, personal data, and
financial information
 A drive-by download is malware that comes with a downloaded file that a user intentionally or

unintentionally requests. Drive-by is now one of the most common methods of infecting
computers.
 Maladvertising online advertising that contains malicious code

 TYPES OF MALICIOUS CODE:

24
1. VIRUS
 A virus is a computer program that has the ability to replicate or make copies of itself, and spread

to other files.
 In addition to the ability to replicate, most computer viruses deliver a “payload.” The payload
may be relatively benign, such as the display of a message or image, or it may be highly
destructive—destroying files, reformatting the computer’s hard drive, or causing programs to run
improperly.

2. WORMS
 Viruses are often combined with a worm. Instead of just spreading from file to file, a worm is

designed to spread from computer to computer.

 A worm does not necessarily need to be activated by a user or program in order for it to replicate
itself.
 The Slammer worm is one of the most notorious. Slammer targeted a known vulnerability in

Microsoft’s SQL Server database software and infected more than 90% of vulnerable computers
worldwide within 10 minutes of its release on the Internet; crashed Bank of America cash
machines
25
3. Ransom ware
 Ransomware (scareware) is a type of malware (often a worm) that locks your computer or

files to stop you from accessing them.

 Ransomware will often display a notice that says an authority such as the FBI, Department of

Justice has detected illegal activity on your computer and demands that you pay a fine in order to
unlock the computer and avoid prosecution

4. Trojan Horse
 A Trojan horse appears to be benign, but then does something other than expected.

 The Trojan horse is not itself a virus because it does not replicate, but is often a way for viruses

or other malicious code such as bots or rootkits (a program whose aim is to subvert control of the
computer’s operating system) to be introduced into a computer system.
 The term Trojan horse refers to the huge wooden horse in Homer’s Iliad that the Greeks gave

their opponents, the Trojans—a gift that actually contained hundreds of Greek soldiers. Once the
people of Troy let the massive horse within their gates, the soldiers revealed themselves and
captured the city.

26
 In today’s world, a Trojan horse may masquerade as a game, but actually hide a program to steal your

passwords and e-mail them to another person. Miscellaneous Trojans and Trojan downloader's and
droppers (Trojans that install malicious files to a computer they have infected by either downloading
them from a remote computer or from a copy contained in their own code) are a common type of
malware.

5. Backdoor
 A backdoor is a feature of viruses, worms, and Trojans that allows an attacker to remotely access a

compromised computer.
 Downadup is an example of a worm with a backdoor, while Virut, a virus that infects various file types,

also includes a backdoor that can be used to download and install additional threats.

6. Bots
 Bots (short for robots) are a type of malicious code that can be covertly installed on your computer when

attached to the Internet.

 Once installed, the bot responds to external commands sent by the attacker; your computer becomes a

“zombie” and is able to be controlled by an external third party (the “bot-herder”).

 Botnets are collections of captured computers used for malicious activities such as sending spam,

participating in a DDoS attack, stealing information from computers, and storing network traffic for later
27
Improving security across the SDLC
1. Educate Your Developers
 Creating secure coding guidelines
 Providing developers with security awareness and secure coding training
 Setting clear expectations around how quickly issues discovered in production need to be
addressed.

2. Have Clear Requirements

 Whatever you create, it should be easy to understand.
 Development teams need clear requirements that are easy to act upon.
 Any vulnerabilities discovered in tests need to be easy to act on.
 It’s key that all people, processes, and tools involved bring solutions to the table instead of just
pointing out problems

3. Maintain a Growth Mindset

 It’s important for everyone to go into this experience with an open mind, and for the security team
to have the mindset of empowering developers to secure their own applications.
28
4. Tie Implementation to Other Initiatives
 For well-established applications and teams, it may often be easier to implement SSDLC

changes when it’s tied to another modernization effort, such as a cloud transformation.

5. Tackle the Big Problems First

 Focus on the most important issues and actionable fixes rather than addressing every

vulnerability found.
 While it may be possible for newer or smaller applications to fix every security issue that
exists, this won’t necessarily work in older and larger applications.
 A triage approach can also be helpful. This focuses on not only preventing security issues

from making it into production, but also ensuring existing vulnerabilities are triaged and
addressed over time.

29
THANK YOU


30