Network Security

NETWORK SECURITY
(21EC742)

Dept.of ECE, MIT Thandavapura

 Network Security

CHAPTER 1
Attacks on Computers and
Computer Security

1.1 Introduction
This is a book on network and Internet security. Before we understand the various concepts and technical issues
related to security (i.e. trying to understand how to protect), it is essential to know what we are trying to
protect. The various dangers when we use computers, computer networks and the biggest network of
them all, the Internet and the likely pitfalls. The consequences of not seting up the right security policies,
framework and technology implementations. This chapter attempts to clarify these basic concepts.
We start with a discussion of the basic question: Why is security required in the first place? People
sometimes say that security is like statistics: the extent of data it reveals is trivial, the extent of data it
conceals is vital! In other words, the right security infrastructure opens up just enough doors that are
mandatory. It protects everything else. We discuss a few real-life incidents that should prove beyond
doubt that security cannot simply be compromised. Especially these days when serious business and
other types of transactions are being conducted over the Internet to such a large extent, inadequate or
improper security mechanisms can bring the whole business down or play havoc with people’s lives!
We then discuss the key principles of security. These principles help us identify the various areas,
which are crucial while determining the security threats and possible solutions to tackle them. Since
electronic documents and messages are now becoming equivalent to paper documents in terms of their
legal validity and binding, we examine the various implications in this regard.
This is followed by a discussion of the types of attacks. There are certain theoretical concepts
associated with attacks and there is a practical side to it as well. We shall discuss all these aspects.
Finally, we discuss some modern security problems. This will pave the way for further discussions of
network and Internet security concepts.

1.2 The Need for Security

Basic Concepts
Most initial computer applications had no or at best, very little security. This continued for a number of
years until the importance of data was truly realized. Until then, computer data was considered to be
 Network Security

2 Cryptography and Network Security

useful, but not something to be protected. When computer applications were developed to handle
financial and personal data, the real need for security was felt like never before. People realized that data
on computers was an extremely important aspect of modern life. Therefore, various areas in security
began to gain prominence. Two typical examples of such security mechanisms were as follows:
• Provide a user id and password to every user and use that information to authenticate a user
• Encode information stored in the databases in some fashion so that it is not visible to users who do
not have the right permissions
Organizations employed their own mechanisms in order to provide for these kinds of basic security
mechanisms. As technology improved, the communication infrastructure became extremely mature and,
newer and newer applications began to be developed for various user demands and needs. Soon, people
realized that the basic security measures were not quite enough.
Furthermore, the Internet took the world by storm and there were many examples of what could
happen if there was insufficient security built in applications developed for the Internet. Figure 1.1
shows such an example of what can happen when you use your credit card for making purchases over the
Internet. From the user’s computer, the user details such as user id, order details such as order id and item
id, and payment details such as credit card information travel across the Internet to the server (i.e. to the
merchant’s computer). The merchant’s server stores these details in its database.
There are various security holes here. First of all, an intruder can capture the credit card details as they
travel from the client to the server. If we somehow protect this transit from an intruder’s attack, it still
does not solve our problem. Once the merchant receives the credit card details and validates them so as
to process the order and later obtain payments, the merchant stores the credit card details into its
database. Now, an attacker can simply succeed in accessing this database and gain access to all the credit

Customer Id: 78910

Order Id: 90
Client Item Id: 156 Server
Credit Card Number:
1234567890
Issued By: Visa
Valid Till: Jan 2006

Server
Database

Fig. 1.1 Example of information traveling from a client to a server over the Internet
 Network Security

Attacks on Computers and Computer Security 3

card numbers stored therein! One Russian attacker (called as Maxim) actually managed to intrude into a
merchant Internet site and obtained 300,000 credit card numbers from its database. He then attempted
extortion by demanding protection money ($100,000) from the merchant. The merchant refused to
oblige. Following this, the attacker published about 25,000 of the credit card numbers on the Internet!
Some banks reissued all the credit cards at a cost of $20 per card and others forewarned their customers
about unusual entries in their statements.
Such attacks could obviously lead to great losses – both in terms of finance and goodwill. Generally,
it takes $20 to replace a credit card. Therefore, if a bank has to replace 3,00,000 such cards, the total cost
of such an attack is about $6 million! How nice it would have been, if the merchant in the example just
discussed had employed proper security measures!
Of course, this was just one example. Several such cases have been reported in the last few months
and the need for proper security is being felt increasingly with every such attack. In another example of
this, in 1999, a Swedish hacker broke into Microsoft’s Hotmail Web site and created a mirror site. This
site allowed anyone to enter any Hotmail user’s email id and read her emails!
In 2005 as independent survey was conducted to invite people’s opinions about the losses that occur
due to successful attacks on security. The survey pegged the losses at an average of $455,848,000. Next
year, this figure reduced to $201,757,340!

Modern Nature of Attacks

If we attempt to demystify technology, we would realize that computer-based systems are not all that
different from what happens in the real world. Differences in computer-based systems are mainly due to
the speed at which things happen and the accuracy that we get, as compared to the traditional world.
We can highlight a few salient features of the modern nature of attacks, as follows:
• Automating attacks The speed of computers make several attacks worthwhile. For example, in the
real world, suppose that someone manages to create a machine that can produce counterfeit coins. Would
that not bother authorities? It certainly would. However, producing so many coins on a mass scale may
not be that much economical compared to the return on that investment! How many such coins would
the attacker be able to get into the market so rapidly? This is quite different with computers. They are
quite efficient and happy in doing routine, mundane and repetitive tasks. For example, they would excel
in somehow stealing a very low amount (say half a dollar or Rupees 20) from a million bank accounts in
a matter of a few minutes. This would give the attacker a half million dollars possibly without any major
complaints! This is shown in Fig. 1.2.
The morale of the story is:

Humans dislike mundane and repetitive tasks. Automating them can cause destruction or
nuisance quite rapidly.

• Privacy concerns Collecting information about people and later (mis)using it is turning out to be a
huge problem, these days. The so called data mining applications gather, process and tabulate all sorts of
details about individuals. People can then illegally sell this information. For example, companies like
Experian (formerly TRW), TransUnion and Equifax maintain credit history of individuals in the USA.
Similar trends are seen in the rest of the world. These companies have volumes of information about a
majority of citizens of that country. These companies can collect, collate, polish and format all sorts of
information to whosoever is ready to pay for that data! Examples of information that can come out of this
 Network Security

4 Cryptography and Network Security

Traditional attack: Produce coins using some machinery and bring them into circulation.

Modern attack: Steal half a dollar from million accounts in a few minutes time digitally.

Fig. 1.2 The changing nature of attacks due to automation

are: which store the person buys more from, which restaurant she eats in, where she goes for vacations
frequently and so on! Every company (e.g. shopkeepers, banks, airlines, insurers) are collecting and
processing a mind-boggling amount of information about us, without we realizing when and how it is
going to be used.
• Distance does not matter Thieves would earlier attack banks, because banks had money. Banks do
not have money today! Money is in digital form inside computers and moves around by using computer
networks. Therefore, a modern thief would perhaps not like to wear a mask and attempt a robbery!
Instead, it is far easier and cheaper to attempt an attack on the computer systems of the bank, sitting at
home! It may be far prudent for the attacker to break into the bank’s servers or steal credit card/ATM
information from the comforts of her home or place of work. This is illustrated in Fig. 1.3.
In 1995, a Russian hacker broke into Citibank’s computers remotely, stealing $ 12 million. Although
the attacker was traced, it was very difficult to get him extradited for the court case.

1.3 Security Approaches

Trusted Systems

A trusted system is a computer system that can be trusted to a specified extent to enforce a
specified security policy.

Trusted systems were initially of primary interest to the military. However, these days, the concept has
spanned across various areas, most prominently in the banking and financial community, but the concept
never caught on. Trusted systems often use the term reference monitor. This is an entity that is at the
 Network Security

Attacks on Computers and Computer Security 5

Attacker

Digital signal
Analog signal

Network

modem

Digital signal
Analog signal

modem

Bank

Fig. 1.3 Attacks can now be launched from a distance

logical heart of the computer system. It is mainly responsible for all the decisions related to access
controls. Naturally, following are the expectations from the reference monitor:
(a) It should be tamperproof
(b) It should always be invoked
(c) It should be small enough so that it can be independently tested
 Network Security

6 Cryptography and Network Security

In their 1983 Orange Book (also called as the Trusted Computer System Evaluation Criteria
(TCSEC)), the National Security Agency (NSA) of the US Government defined a set of evaluation
classes. These described the features and assurances that the user could expect from a trusted system.
The highest levels of assurance were provided by significant efforts directed towards reduction of the
size of the trusted computing base or TCB. In this context, TCB was defined as a combination of
hardware, software and firmware responsible for enforcing the system’s security policy. Minimum the
TCB, higher is assurance. However, this raises an inherent problem (quite similar to the decisions related
to the designing of operating systems). If we make the TCB as small as possible, the surrounding
hardware, software and firmware is likely to be quite big!
The mathematical foundation for trusted systems was provided by two relatively independent yet
interrelated works. In the year 1974, David Bell and Leonard LaPadula of MITRE devised a technique
called as the Bell-LaPadula model. In this model, a highly trustworthy computer system is designed as
a collection of objects and subjects. Objects are passive repositories or destinations for data, such as
files, disks, printers, etc. Subjects are active entities, such as users, processes or threads operating on
behalf of those users. Subjects cause information to flow among objects.
Around the same time, Dorothy Denning at Purdue University was preparing for her doctorate. It
dealt with lattice-based information flows in computer systems. A mathematical lattice is a partially
ordered set, in which the relationship between any two vertices is either dominates, is dominated by or
neither. She devised a generalized notion of labels — similar to the full security markings on classified
military documents. Examples of this are TOP SECRET.
Later, Bell and LaPadula integrated Denning’s theory into their MITRE technical report, which was
titled Secure Computer System: Unified Exposition and Multics Interpretation. Here, labels attached to
objects represented the sensitivity of data contained within the object. Interestingly, the Bell-LaPadula
model talks only about confidentiality or secrecy of information. It does not talk about the problem of
integrity of information.

Security Models
An organization can take several approaches to implement its security model. Let us summarize these
approaches.
• No security In this simplest case, the approach could be a decision to implement no security at all.
• Security through obscurity In this model, a system is secure simply because nobody knows about
its existence and contents. This approach cannot work for too long, as there are many ways an attacker
can come to know about it.
• Host security In this scheme, the security for each host is enforced individually. This is a very safe
approach, but the trouble is that it cannot scale well. The complexity and diversity of modern sites/
organizations makes the task even harder.
• Network security Host security is tough to achieve as organizations grow and become more
diverse. In this technique, the focus is to control network access to various hosts and their services, rather
than individual host security. This is a very efficient and scalable model.

Security Management Practices

Good security management practices always talk of a security policy being in place. Putting a security
policy in place is actually quite tough. A good security policy and its proper implementation go a long
 Network Security

Attacks on Computers and Computer Security 7

way in ensuring adequate security management practices. A good security policy generally takes care of
four key aspects, as follows:
• Affordability Cost and effort in security implementation.
• Functionality Mechanism of providing security.
• Cultural issues Whether the policy gels well with people’s expectations, working style and beliefs.
• Legality Whether the policy meets the legal requirements.
Once a security policy is in place, the following points should be ensured.
(a) Explanation of the policy to all concerned.
(b) Outline everybody’s responsibilities.
(c) Use simple language in all communications.
(d) Establishment of accountability.
(e) Provision for exceptions and periodic reviews.

1.4 Principles of Security

Having discussed some of the attacks that have occurred in real life, let us now classify the principles
related to security. This will help us understand the attacks better and also help us in thinking about the
possible solutions to tackle them. We shall take an example to understand these concepts.
Let us assume that a person A wants to send a check worth $100 to another person B. Normally, what
are the factors that A and B will think of, in such a case? A will write the check for $100, put it inside an
envelope and send it to B.
✓ A will like to ensure that no one except B gets the envelope and even if someone else gets it, she
does not come to know about the details of the check. This is the principle of confidentiality.
✓ A and B will further like to make sure that no one can tamper with the contents of the check (such
as its amount, date, signature, name of the payee, etc.). This is the principle of integrity.
✓ B would like to be assured that the check has indeed come from A and not from someone else
posing as A (as it could be a fake check in that case). This is the principle of authentication.
✓ What will happen tomorrow if B deposits the check in her account, the money is transferred from
A’s account to B’s account and then A refuses having written/sent the check? The court of law will
use A’s signature to disallow A to refute this claim and settle the dispute. This is the principle of
non-repudiation.
These are the four chief principles of security. There are two more, access control and availability,
which are not related to a particular message, but are linked to the overall system as a whole.
We shall discuss all these security principles in the next few sections.

Confidentiality
The principle of confidentiality specifies that only the sender and the intended recipient(s) should be able
to access the contents of a message. Confidentiality gets compromised if an unauthorized person is able
to access a message. Example of compromising the confidentiality of a message is shown in Fig. 1.4.
Here, the user of computer A sends a message to user of computer B. (Actually, from here onwards, we
 Network Security

8 Cryptography and Network Security

A Secret B

Fig. 1.4 Loss of confidentiality

shall use the term A to mean the user A, B to mean user B, etc. although we shall just show the
computers of user A, B, etc.). Another user C gets access to this message, which is not desired and
therefore, defeats the purpose of confidentiality. Example of this could be a confidential email message
sent by A to B, which is accessed by C without the permission or knowledge of A and B. This type of
attack is called as interception.

Interception causes loss of message confidentiality.

Authentication
Authentication mechanisms help establish proof of identities. The authentication process ensures that
the origin of a electronic message or document is correctly identified. For instance, suppose that user C
sends an electronic document over the Internet to user B. However, the trouble is that user C had posed
as user A when she sent this document to user B. How would user B know that the message has come
from user C, who is posing as user A? A real life example of this could be the case of a user C, posing as
user A, sending a funds transfer request (from A’s account to C’s account) to bank B. The bank might
happily transfer the funds from A’s account to C’s account – after all, it would think that user A has
requested for the funds transfer! This concept is shown in Fig. 1.5. This type of attack is called as
fabrication.

Fabrication is possible in absence of proper authentication mechanisms.

Integrity
When the contents of a message are changed after the sender sends it, but before it reaches the intended
recipient, we say that the integrity of the message is lost. For example, suppose you write a check for
$100 to pay for the goods bought from the US. However, when you see your next account statement, you
are startled to see that the check resulted in a payment of $1000! This is the case for loss of message
integrity. Conceptually, this is shown in Fig. 1.6. Here, user C tampers with a message originally sent by
user A, which is actually destined for user B. User C somehow manages to access it, change its contents
 Network Security

Attacks on Computers and Computer Security 9

I am
A B
user A

Fig. 1.5 Absence of authentication

and send the changed message to user B. User B has no way of knowing that the contents of the message
were changed after user A had sent it. User A also does not know about this change. This type of attack
is called as modification.

Ideal route of the message

A B

Transfer
Transfer
$ 100
$ 1000
to D
Actual route of the message to C

Fig. 1.6 Loss of integrity

Modification causes loss of message integrity.

Non-repudiation
There are situations where a user sends a message and later on refuses that she had sent that message. For
instance, user A could send a funds transfer request to bank B over the Internet. After the bank performs
the funds transfer as per A’s instructions, A could claim that she never sent the funds transfer instruction
to the bank! Thus, A repudiates or denies, her funds transfer instruction. The principle of non-
repudiation defeats such possibilities of denying something, having done it. This is shown in Fig. 1.7.

Non-repudiation does not allow the sender of a message to refute the claim of not sending
that message.
 Network Security

10 Cryptography and Network Security

I never sent that message,

which you claim to have
A received B

Fig. 1.7 Establishing non-repudiation

Access Control
The principle of access control determines who should be able to access what. For instance, we should
be able to specify that user A can view the records in a database, but cannot update them. However, user
B might be allowed to make updates as well. An access control mechanism can be set up to ensure this.
Access control is broadly related to two areas: role management and rule management. Role
management concentrates on the user side (which user can do what), whereas rule management focuses
on the resources side (which resource is accessible and under what circumstances). Based on the
decisions taken here, an access control matrix is prepared, which lists the users against a list of items
they can access (e.g. it can say that user A can write to file X, but can only update files Y and Z). An
Access Control List (ACL) is a subset of an access control matrix.

Access control specifies and controls who can access what.

Availability
The principle of availability states that resources (i.e. information) should be available to authorized
parties at all times. For example, due to the intentional actions of an unauthorized user C, an authorized
user A may not be able to contact a server computer B, as shown in Fig. 1.8. This would defeat the
principle of availability. Such an attack is called as interruption.

A B

Fig. 1.8 Attack on availability

Interruption puts the availability of resources in danger.

 Network Security

Attacks on Computers and Computer Security 11

We may be aware of the traditional OSI standard for Network Model (titled OSI Network
Model 7498-1), which describes the seven layers of the networking technology (application,
presentation, session, transport, network, data link and physical). A very less known standard on similar
lines is the OSI standard for Security Model (titled OSI Security Model 7498-2). This also defines
seven layers of security in the form of:
• Authentication
• Access control
• Non repudiation
• Data integrity
• Confidentiality
• Assurance or Availability
• Notarization or Signature
We shall be discussing upon most of these topics in this book.
Having explained the various principles of security, let us now discuss the various types of attacks
that are possible, from a technical perspective.

Ethical and Legal Issues

Many ethical and legal issues in computer security systems seem to be in the area of the individual’s
right to privacy versus the greater good of a larger entity (e.g. a company, society, etc.) For example,
tracking how employees use computers, crowd surveillance, managing customer profiles, tracking a
person’s travel with a passport, location tracking so as to spam cell phone with text message
advertisements and so on. A key concept in resolving this issue is to find out is a person’s expectation of
privacy.
Classically, the ethical issues in security systems are classified into the following four categories:
• Privacy – This deals with the right of an individual to control personal information.
• Accuracy – This talks about the responsibility for the authenticity, fidelity and accuracy of
information.
• Property – Here we find out the owner of the information. We also talk about who controls access.
• Accessibility – This deals with the issue of the type of information an organization has the right to
collect. And in that situation, it also expects to know the measures which will safeguard against
any unforeseen eventualities.
Privacy is the protection of personal or sensitive information. Individual privacy is the desire to be left
alone as an extension of our personal space and may or may not be supported by local regulations or
laws. Privacy is subjective. Different people have different ideas of what privacy is and how much
privacy they will trade for safety or convenience.
When dealing with legal issues, we need to remember that there is a hierarchy of regulatory bodies
that govern the legality of information security. We can roughly classify them as follows.
• International: e.g. International Cybercrime Treaty
• Federal: e.g. FERPA, GLB, HIPAA, DMCA, Teach Act, Patriot Act, Sarbanes-Oxley Act, etc.
• State: e.g. UCITA, SB 1386, etc.
• Organization: e.g. Computer use policy
 Network Security

12 Cryptography and Network Security

1.5 Types of Attacks

We shall classify attacks with respect to two views: the common person’s view and a technologist’s view.

Attacks: A General View

From a common person’s point of view, we can classify attacks into three categories, as shown in
Fig. 1.9.

Type of attacks as understood

by a common person

Criminal attacks Publicity attacks Legal attacks

Fig. 1.9 Classification of attacks as understood in general terms

Let us now discuss these attacks.

Criminal Attacks Criminal attacks are the simplest to understand. Here, the sole aim of the attackers
is to maximize financial gain by attacking computer systems. Table 1.1 lists some forms of criminal
attacks.

Publicity Attacks Publicity attacks occur because the attackers want to see their names appear on
television news channels and newspapers. History suggests that these types of attackers are usually not
hardcore criminals. They are people such as students in universities or employees in large organizations,
who seek publicity by adopting a novel approach of attacking computer systems.
One form of publicity attacks is to damage (or deface) the Web pages of a site by attacking it. One of
the most famous such attacks occurred on the US Department of Justice’s Web site in 1996. The New
York Times home page was also famously defaced two years later.

Legal Attacks This form of attack is quite novel and unique. Here, the attacker tries to make the judge
or the jury doubtful about the security of a computer system. This works as follows. The attacker attacks
the computer system and the attacked party (say a bank or an organization) manages to take the attacker
to the court. While the case is being fought, the attacker tries to convince the judge and the jury that there
is inherent weakness in the computer system and that she has done nothing wrongful. The aim of the
attacker is to exploit the weakness of the judge and the jury in technology matters.
For example, an attacker may sue a bank for a performing an online transaction, which she never
wanted to perform. In court, she could innocently say something like The bank’s Web site asked me to
enter a password and that is all that I provided; I do not know what happened thereafter. A judge is
likely to sympathize with the attacker!
 Network Security

Attacks on Computers and Computer Security 13

Table 1.1 Types of Criminal Attacks

Attack Description
Fraud Modern fraud attacks concentrate on manipulating some aspects of
electronic currency, credit cards, electronic stock certificates, checks,
letters of credit, purchase orders, ATMs, etc.
Scams Scams come in various forms, some of the most common ones being sale
of services, auctions, multi-level marketing schemes, general merchandise
and business opportunities, etc. People are enticed to send money in return
of great profits, but end up losing their money. A very common example is
the Nigeria scam, where an email from Nigeria (and other African
countries) entices people to deposit money into a bank account with a
promise of hefty gains. Whosoever gets caught in this scam loses money
heavily.
Destruction Some sort of grudge is the motive behind such attacks. For example,
unhappy employees attack their own organization, whereas terrorists strike
at much bigger levels. For example, in the year 2000, there was an attack
against popular Internet sites such as Yahoo!, CNN, eBay, Buy.com,
Amazon.com and e*Trade where authorized users of these sites failed to
log in or access these sites.
Identity theft This is best understood with a quote from Bruce Schneier: Why steal from
someone when you can just become that person? In other words, an
attacker does not steal anything from a legitimate user – he becomes that
legitimate user! For example, it is much easier to manage to get the
password of someone else’s bank account or to actually be able to get a
credit card on someone else’s name. Then that privilege can be misused
until it gets detected.
Intellectual property theft Intellectual property theft ranges from stealing companies’ trade secrets,
databases, digital music and videos, electronic documents and books,
software and so on.
Brand theft It is quite easy to set up fake Web sites that look like real Web sites. How
would a common user know if she is visiting the HDFC Bank site or an
attacker’s site? Innocent users end up providing their secrets and personal
details on these fake sites to the attackers. The attackers use these details to
then access the real site, causing an identity theft.

Attacks: A Technical View

From the technical point of view, we can classify the types of attacks on computers and network systems
into two categories for better understanding: (a) Theoretical concepts behind these attacks and (b)
Practical approaches used by the attackers. Let us discuss these one-by-one.

Theoretical Concepts As we discussed earlier, the principles of security face threat from various
attacks. These attacks are generally classified into four categories, as mentioned earlier. They are:
• Interception – Discussed in the context of confidentiality, earlier. It means that an unauthorized
party has gained access to a resource. The party can be a person, program or computer-based
system. Examples of interception are copying of data or programs and listening to network traffic.
 Network Security

14 Cryptography and Network Security

• Fabrication – Discussed in the context of authentication, earlier. This involves creation of illegal
objects on a computer system. For example, the attacker may add fake records to a database.
• Modification – Discussed in the context of integrity, earlier. For example the attacker may modify
the values in a database.
• Interruption – Discussed in the context of availability, earlier. Here, the resource becomes
unavailable, lost or unusable. Examples of interruption are causing problems to a hardware device,
erasing program, data or operating system components.
These attacks are further grouped into two
types: passive attacks and active attacks, as
Attacks
shown in Fig. 1.10.
Let us discuss these two types of attacks now.
Passive attacks Passive attacks are those,
wherein the attacker indulges in eavesdropping or
monitoring of data transmission. In other words, Passive attacks Active attacks
the attacker aims to obtain information that is in
transit. The term passive indicates that the attacker
Fig. 1.10 Types of attacks
does not attempt to perform any modifications to
the data. In fact, this is also why passive attacks are harder to detect. Thus, the general approach to deal
with passive attacks is to think about prevention, rather than detection or corrective actions.

Passive attacks do not involve any modifications to the contents of an original message.

Figure 1.11 shows further classification of passive attacks into two sub-categories. These categories
are namely, release of message contents and traffic analysis.

Passive attacks (Interception)

Release of message contents Traffic analysis

Fig. 1.11 Passive attacks

Release of message contents is quite simple to understand. When we send a confidential email
message to our friend, we desire that only she be able to access it. Otherwise, the contents of the message
are released against our wishes to someone else. Using certain security mechanisms, we can prevent
release of message contents. For example, we can encode messages using a code language, so that only
the desired parties understand the contents of a message, because only they know the code language.
However, if many such messages are passing through, a passive attacker could try to figure out
similarities between them to come up with some sort of pattern that provides her some clues regarding
the communication that is taking place. Such attempts of analyzing (encoded) messages to come up with
likely patterns are the work of the traffic analysis attack.
 Network Security

Attacks on Computers and Computer Security 15

Active attacks Unlike passive attacks, the active attacks are based on modification of the original
message in some manner or the creation of a false message. These attacks cannot be prevented easily.
However, they can be detected with some effort and attempts can be made to recover from them. These
attacks can be in the form of interruption, modification and fabrication.

In active attacks, the contents of the original message are modified in some way.

• Trying to pose as another entity involves masquerade attacks.

• Modification attacks can be classified further into replay attacks and alteration of messages.
• Fabrication causes Denial Of Service (DOS) attacks.
This classification is shown in Fig. 1.12.

Active attacks

Interruption Fabrication
Modification (Denial Of Service-DOS)
(Masquerade)

Replay attacks Alterations

Fig. 1.12 Active attacks

Masquerade is caused when an unauthorized entity pretends to be another entity. As we have seen,
user C might pose as user A and send a message to user B. User B might be led to believe that the
message indeed came from user A. In masquerade attacks, an entity poses as another entity. In
masquerade attacks, usually some other forms of active attacks are also embedded. As an instance, the
attack may involve capturing the user’s authentication sequence (e.g. user ID and password). Later,
those details can be replayed to gain illegal access to the computer system.
In a replay attack, a user captures a sequence of events or some data units and re-sends them. For
instance, suppose user A wants to transfer some amount to user C’s bank account. Both users A and C
have accounts with bank B. User A might send an electronic message to bank B, requesting for the funds
transfer. User C could capture this message and send a second copy of the same to bank B. Bank B would
have no idea that this is an unauthorized message and would treat this as a second and different, funds
transfer request from user A. Therefore, user C would get the benefit of the funds transfer twice: once
authorized, once through a replay attack.
Alteration of messages involves some change to the original message. For instance, suppose user A
sends an electronic message Transfer $1000 to D’s account to bank B. User C might capture this and
change it to Transfer $10000 to C’s account.
 Network Security

16 Cryptography and Network Security

Note that both the beneficiary and the amount have been changed – instead, only one of these could
have also caused alteration of the message.
Denial Of Service (DOS) attacks make an attempt to prevent legitimate users from accessing some
services, which they are eligible for. For instance, an unauthorized user might send too many login
requests to a server using random user ids one after the other in quick succession, so as to flood the
network and deny other legitimate users from using the network facilities.

The Practical Side of Attacks

The attacks discussed earlier can come in a number of forms in real life. They can be classified into two
broad categories: application-level attacks and network-level attacks, as shown in Fig. 1.13.

Security attacks in practice

Application level attacks Network level attacks

Fig. 1.13 Practical side of attacks

Let us discuss these as follows.
• Application level attacks – These attacks happen at an application level in the sense that the
attacker attempts to access, modify or prevent access to information of a particular application or
to the application itself. Examples of this are trying to obtain someone’s credit card information on
the Internet or changing the contents of a message to change the amount in a transaction, etc.
• Network level attacks – These attacks generally aim at reducing the capabilities of a network by
a number of possible means. These attacks generally make an attempt to either slow down or
completely bring to halt, a computer network. Note that this automatically can lead to application
level attacks, because once someone is able to gain access to a network, usually she is able to
access/modify at least some sensitive information, causing havoc.
These two types of attacks can be attempted by using various mechanisms, as discussed next. We will
not classify these attacks into the above two categories, since they can span across application as well as
network levels.

Security attacks can happen at the application level or the network level.

Programs that Attack

Let us now discuss a few programs that attack computer systems to cause some damage or to create
confusion.

Virus One can launch an application-level attack or a network level attack using a virus. In simple
terms, a virus is a piece of program code that attaches itself to legitimate program code and runs when
 Network Security

Attacks on Computers and Computer Security 17

the legitimate program runs. It can then infect other programs in that computer or programs that are in
other computers but on the same network. This is shown in Fig. 1.14. In this example, after deleting all
the files from the current user’s computer, the virus self-propagates by sending its code to all users
whose email addresses are stored in the current user’s address book.

Delete all files

Add x to y
Add x to y Send a copy of
Perform Print-Job
Perform Print-Job myself to all
Perform Virus-Job
Perform Close-Job using this user’s
Perform Close-Job
End address book
End
Return

(a) Original clean code (b) Virus infected code (c) Virus code

Fig. 1.14 Virus

Viruses can also be triggered by specific events (e.g. a virus could automatically execute at 12 PM
every day). Usually viruses cause damage to computer and network systems to the extent that it can be
repaired, assuming that the organization deploys good backup and recovery procedures.
A virus is a computer program that attaches itself to another legitimate program and causes damage
to the computer system or to the network.
During its lifetime, a virus goes through four phases:
(a) Dormant phase: Here, the virus is idle. It gets activated based on certain action or event (e.g. the
user typing a certain key or certain date or time is reached, etc). This is an optional phase.
(b) Propagation phase: In this phase, a virus copies itself and each copy starts creating more copies of
self, thus propagating the virus.
(c) Triggering phase: A dormant virus moves into this phase when the action/event for which it was
waiting is initiated.
(d) Execution phase: This is the actual work of the virus, which could be harmless (display some
message on the screen) or destructive (delete a file on the disk).
Viruses can be classified into the following categories:
(a) Parasitic virus: This is the most common form of viruses. Such a virus attaches itself to
executable files and keeps replicating. Whenever the infected file is executed, the virus looks for
other executable files to attach itself and spread.
(b) Memory-resident virus: This type of virus first attaches itself to an area of the main memory and
then infects every executable program that is executed.
(c) Boot sector virus: This type of virus infects the master boot record of the disk and spreads on the
disk when the operating system starts booting the computer.
(d) Stealth virus: This virus has intelligence built in, which prevents anti-virus software programs
from detecting it.
(e) Polymorphic virus: A virus that keeps changing its signature (i.e. identity) on every execution,
making it very difficult to detect.
(f) Metamorphic virus: In addition to changing its signature like a polymorphic virus, this type of
virus keeps rewriting itself every time, making its detection even harder.
 Network Security

18 Cryptography and Network Security

There is another popular category of viruses, called as the macro virus. This virus affects specific
application software, such as Microsoft Word or Microsoft Excel. These viruses affect the documents
created by users and spread quite easily since such documents are very commonly exchanged over
email. There is a feature called as macro these application software programs, which allows the users to
write small useful utility programs within the documents. Viruses attack these macros and hence the
name macro virus.

Worm Similar in concept to a virus, a worm is actually different in implementation. A virus modifies
a program (i.e. it attaches itself to the program under attack). A worm, however, does not modify a
program. Instead, it replicates itself again and again. This is shown in Fig. 1.15. The replication grows so
much that ultimately the computer or the network on which the worm resides, becomes very slow, finally
coming to a halt. Thus, the basic purpose of a worm attack is different from that of a virus. A worm
attack attempts to make the computer or the network under attack unusable by eating all its resources.

Perform
Replicate resource-eating
itself tasks, but no
destruction

Perform Perform
Replicate resource-eating resource-eating
itself tasks, but no tasks, but no
destruction destruction
Perform
resource-eating
tasks, but no Perform
resource-eating Perform
destruction resource-eating
tasks, but no
destruction tasks, but no
destruction
Worm code

Perform
resource-eating …
tasks, but no
destruction

Fig. 1.15 Worm

A worm does not perform any destructive actions and instead, only consumes system
resources to bring it down.

Trojan Horse A Trojan horse is a hidden piece of code, like a virus. However, the purpose of a
Trojan horse is different. Whereas the main purpose of a virus is to make some sort of modifications to
the target computer or network, a Trojan horse attempts to reveal confidential information to an attacker.
The name (Trojan horse) is due to the Greek soldiers, who hid inside a large hollow horse, which was
pulled by Troy citizens, unaware of its contents. Once the Greek soldiers entered the city of Troy, they
opened the gates for the rest of Greek soldiers.
 Network Security

Attacks on Computers and Computer Security 19

In a similar fashion, a Trojan horse could silently sit in the code for a Login screen by attaching itself
to it. When the user enters the user id and password, the Trojan horse could capture these details and send
this information to the attacker without the knowledge of the user who had entered the id and password.
The attacker can then merrily use the user id and password to gain access to the system. This is shown in
Fig. 1.16.

Login program

User Id: xxx

User Login code
Password: yyy
…
Trojan horse
Login code
…

User Id: xxx

Password: yyy

Attacker

Fig. 1.16 Trojan horse

A Trojan horse allows an attacker to obtain some confidential information about a computer
or a network.

Applets and ActiveX Controls Applets and ActiveX controls were born due to the technological
development of the World Wide Web (WWW) application (usually referred to simply as the Web) of the
Internet. In its simplest form, the Web consists of communication between client and server computers
using a communications protocol called as Hyper Text Transfer Protocol (HTTP). The client uses a
piece of software called as Web browser. The server runs a program called as Web server. In its
simplest form, a browser sends a HTTP request for a Web page to a Web server. The Web server locates
this Web page (actually a computer file) and sends it back to the Web browser, again using HTTP. The
Web browser interprets the contents of that file and shows the results on the screen to the user. This is
shown in Fig. 1.17. Here, the client sends a request for a Web page called as www.yahoo.com/info,
which the server sends back to the client.
Many Web pages contain small programs that get downloaded onto the client along with the Web
page itself. These programs then execute inside the browser. Sun Microsystems provides Java applets
for this purpose and Microsoft’s technology makes use of ActiveX controls for the same purpose. Both
are essentially small programs that get downloaded along with a Web page and then execute on the
client. This is shown in Fig. 1.18. Here, the server sends an applet along with the Web page to the client.
 Network Security

20 Cryptography and Network Security

Please send me the Web

page www.yahoo.com/info
Client Server
HTTP Request

Client HTTP Response Server

Web page
www.yahoo.com/info
...

Fig. 1.17 Example of HTTP interaction between client and server

Please send me the Web

page www.yahoo.com/info
Client Server
HTTP Request

Client HTTP Response Server

Web page
www.yahoo.com/info
... Applet

Fig. 1.18 Applet sent back along with a Web page

Usually, these programs (applets or ActiveX controls) are used to either perform some processing on
the client side or to automatically and periodically request for information from the Web server using a
technology called as client pull. For instance, a program can get downloaded on to the client along with
the Web page showing the latest stock prices on a stock exchange and then periodically issue HTTP
requests for pulling the updated prices to the Web server. After obtaining this information, the program
could display it on the user’s screen.
 Network Security

Attacks on Computers and Computer Security 21

These apparently innocuous programs can sometimes cause havocs. What if such a program performs
a virus-like activity by deleting files on the user’s hard disk or stealing some personal information or
sending junk emails to all the users whose addresses are contained in the user’s address book?
To prevent these attacks, Java applets have strong security checks as to what they can do and what
they cannot. ActiveX controls have no such restrictions. Moreover, a new version of applets called as
signed applets allows accesses similar to ActiveX. Of course, a number of checks have been in place to
ensure that neither applets nor ActiveX controls can do a lot of damage and even if they somehow
manage to do it, it can be detected. However, at least in theory, they pose some sort of security risks.

Java applets ( from Sun Microsystems) and ActiveX controls ( from Microsoft Corporation)
are small client-side programs that might cause security problems, if used by attackers with
a malicious intention.

Cookies Cookies were born as a result of a specific characteristic of the Internet. The Internet uses
HTTP protocol, which is stateless. Let us understand what it means and what are its implications.
Suppose that the client sends an HTTP request for a Web page to the server. The Web server locates
that page on its disk, sends it back to the client and completely forgets about this interaction! If the client
wants to continue this interaction, it must identify itself to the server in the next HTTP request.
Otherwise, the server would not know that this same client had sent a HTTP request earlier. Since a
typical application is likely to involve a number of interactions between the client and the server, there
must be some mechanism for the client to identify itself to the server each time it sends an HTTP request
to the server. For this, cookies are used. Cookies are perhaps the most popular mechanism of maintaining
the state information (i.e. identifying a client to a server). A cookie is just one or more pieces of
information stored as text strings in a text file on the disk of the client computer (i.e. the Web browser).
Actually, a Web server sends the Web browser a cookie and the browser stores it on the hard disk of the
client computer. The browser then sends a copy of the cookie to the server during the next HTTP request.
This is used for identification purposes as shown in Figs 1.19 (a) and 1.19 (b).
This works as follows:
(a) When you interact with a Web site for the first time, the site might want you to register yourself.
Usually, this means that the Web server sends a page to you wherein you have a form to enter your
name, address and other details such as date of birth, interests etc.
(a) When you complete this form and send it to the server with the help of your browser, the server
stores this information into its database. Additionally, it also creates a unique id for you. It stores
this id along with your information in the database (as shown in Fig. 1.19(b)) and also sends the id
back to you in the form of a cookie.
(a) The next time you interact with the server, you do not have to enter any information such as your
name and address. Your browser would automatically send your id (i.e. the cookie) along with the
HTTP request for a particular page to the server (as shown in Fig. 1.19(b)).
(a) The server now takes this id, tries to find a match in its database and having found it, knows that
you are a registered user. Accordingly, it sends you the next page. As illustrated in the figure, it
could be a simple welcome message. In practical situations, this could be used for many other
purposes.
People perceive that cookies are dangerous. Actually, this is generally not true. Cookies can do little,
if any, harm to you. Firstly, the Web server that originally created a cookie can only access the cookie.
Secondly, cookies can contain only text-based information. Thirdly, the user can refuse accepting cookies.
 Network Security

22 Cryptography and Network Security

Name: John
Web Address: …
Web
browser City: …
server
…

Id: 123456

Cookie

Name: John
When you (from your client computer) visit an Address: …
online shopping site for the first time and fill in Id: 123456
City: …
a form, the Web server creates a unique id for …
you.
This unique id is stored along with the
information you have entered in the form, in
the database on the server. The server sends
only the id to your client computer as a file.
Your browser stores this file on the hard disk
of your computer. This file is called as a
123456 John …
cookie. Note that other information is on the
server itself. The cookie simply establishes a 123457 Pete …
link between the user and the server using the … … …
common id, which is stored on the client’s … … …
computer as well as in the database on the
server.

Fig. 1.19 (a) Creation of cookies

Step 1
Id: 123456
Web Web
browser server

Welcome
John!
Step 4

Name: John What does

Address: … Id: 123456
When you visit the same Website again, City: … map to?
the Web browser sends the cookie back …
to the Web server. The Web server uses
the cookie to retrieve your information Step 3 Step 2
from the database and uses it. A very
simple case could be just greeting you
with a welcome message.

123456 John …
123457 Pete …
… … …
… … …

Fig. 1.19 (b) Usage of cookies

 Network Security

Attacks on Computers and Computer Security 23

Some modern tricks allow attackers to misuse cookies in terms of collecting personal data and
invading people’s privacy. This attack works is as follows:
1. An advertising agency (say My Ads) contacts major Web sites and places banner ads for its
corporate clients’ products on their pages. It pays some fees to the site owners for this.
2. Instead of providing an actual image that can be embedded by the respective Web sites in their
pages directly, it provides a link (URL) to add to each page. This is shown in Fig. 1.20.

YOUR NEWS CHANNEL

Today’s Headlines

1. Sachin Tendulkar creates a new world record

2. India to become superpower in 2020
...

http://www.myads.com/5726740919.jpeg

The Web page contains a very small (almost invisible) image, corres-
ponding to the URL of My Ads. The image is not visible to the user, but
it must be brought in by the news channel server nevertheless.

Fig. 1.20 Embedding almost invisible images corresponding to advertisements

3. Each URL contains a unique number in the file part. For example, http://www.myads.com/
5726740919.jpeg.
4. When a user visits a page for the first time, the browser fetches the advertisement image from My
Ads along with the main HTML page for the site it is visiting. This is shown in the earlier diagram.
5. When the user visits the main site (e.g. the news site), My Ads sends a cookie to the browser
containing a unique user ID and records the relationship between this user ID and the file name.
6. Later, when the same user visits another page, the browser sees another reference to My Ads.
7. The browser sends the previous cookie to My Ads and also fetches the current page from My Ads,
as before.
8. My Ads knows that the same user has visited another Web page now.
9. It adds this reference to its database.
As we can guess, over time, My Ads has a lot of information about the Web pages the user visits, the
actions it performs, etc. The advertisement from My Ads can be a single pixel in the same background
color, making it even more difficult for the user to know that advertisements are appearing!

JavaScript, VBScript and JScript A Web page is constructed using a special language called as
Hyper Text Markup Language (HTML). It is a tag-based language. A tag begins with the symbol <>
and it ends with </>. Between these boundaries of the tags, the actual information to be displayed on the
user’s computer is mentioned. As an example, let us consider how the tag pair <B> and </B> can be used
to change the text font to boldface. This is shown in Fig. 1.21.
 Network Security

24 Cryptography and Network Security

<b> This is an example of text being displayed in boldface. </b>

Start of boldface The text that needs to be displayed End of boldface

in boldface

Fig. 1.21 Example of the <b> and </b> HTML tags to display the specified text in boldface
When a browser comes across this portion of a HTML document, it realizes that the portion of the text
embedded within the <b> and </b> tags needs to be displayed in boldface. Therefore, it displays this text
in boldface, as shown in Fig. 1.22.

<b> This is an This is an

example of text Browser example of text
being displayed interprets this being displayed
in boldface. </b> in boldface.

Fig. 1.22 Output resulting from the use of the <b> and </b> HTML tags to display the
specified text in boldface
In addition to HTML tags, a Web page can contain client-side scripts. These are small programs
written in scripting languages like JavaScript, VBScript or Jscript, which are executed inside the Web
browser on the client computer. For instance, let us assume that a user visits the Web site of an online
bookshop. Suppose that the Web site mandates that the user must place an order for at least three books.
Then, the Web page can contain a small JavaScript program, which can ensure that this condition is met
before the user can place the order. Otherwise, the JavaScript program would not allow the user to
proceed. Note that HTML cannot be used for this purpose, as its sole purpose is to display text on the
client computer in a pre-specified format. To perform dynamic actions, such as the one discussed here,
we need scripts.
These scripts can be dangerous at times. Since these scripts are small programs, they can perform a lot
of actions on the client’s computer. Of course, there are restrictions as to what a scripting program can
and cannot do. However, incidents of security breaches have been reported, blaming the scripting
languages.

Dealing with Viruses

Preventing viruses is the best option. However, it is almost impossible to prevent them altogether with
the world connected to the Internet all the time. We have to accept that viruses will attack and would
need to find ways to deal with them. Hence, we can attempt to detect, identify and remove viruses. This
is shown in Fig. 1.23.
Detection of viruses involves locating the virus, having known that a virus has attacked. Then we
need to identify the specific virus that has attacked. Finally, we need to remove it. For this, we need to
remove all traces of the virus and restore the affected programs/files to their original states. This is done
by anti-virus software.
 Network Security

Attacks on Computers and Computer Security 25

Detection Locate where the virus is.

Identification Identify the virus.

Removal Remove all traces, restore order.

Fig. 1.23 Virus elimination steps

Anti-virus software is classified into four generations, as depicted in Fig. 1.24.

st Simple scanners
1 Generation

nd
2 Generation Heuristic scanners

rd Activity traps
3 Generation

th Full-featured protection
4 Generation

Fig. 1.24 Generations of anti-virus software

Let us summarize the key characteristics of the four generations of anti-virus software.
• 1st generation These anti-virus software programs were called as simple scanners. They needed a
virus signature to identify a virus. A variation of such programs kept a watch on the length of programs
and looked for changes so as to possibly identify a virus attack.
• 2nd generation These anti-virus software programs did not rely on simple virus signatures. Rather,
they used heuristic rules to look for possible virus attacks. The idea was to look for code blocks that were
commonly associated with viruses. For example, such a program could look for encryption key used by
a virus, find it, decrypt and remove the virus and clean the code. Another variation of these anti-virus
programs used to store some identification about the file (e.g. a message digest, which we shall study
later) to detect changes in the contents of the file.
• 3rd generation These anti-virus software programs were memory resident. They watched for
viruses based on actions, rather than their structure. Thus, it is not necessary to maintain a large database
of virus signatures. Instead, the focus is to keep watch on a small number of suspect actions.
 Network Security

26 Cryptography and Network Security

• 4th generation These anti-virus software programs package many anti-virus techniques together
(e.g. scanners, activity monitoring). They also contain access control features, thus thwarting the
attempts of viruses to infect files.
There is a category of software called as behavior-blocking software, which integrates with the
operating system of the computer and keeps a watch on virus-like behavior in real time. Whenever such
an action is detected, this software blocks it, preventing damages. The actions under watch can be:
• Opening, viewing, modifying, deleting files
• Network communications
• Modification of settings such as start up scripts
• Attempts to format disks
• Modification of executable files
• Scripting of email and instant messaging to send executable content to others
The main advantage of such software programs is that they are more into virus prevention than virus
detection. In other words, they stop viruses before they can do any damage, rather than detecting them
after an attack.

Java Security
Introduction For Java to become successful, it needed to avoid the security problems that had
plagued other models of software distribution. Therefore, the early design of Java focused mainly on
these concerns. Consequently, Java was designed in such a way that Java programs are considered safe
as they cannot install, execute or propagate viruses and because the program itself cannot perform any
action that is harmful to the user’s computer.
As we know, one of the key attributes of Java is the ability to download Java programs over a network
and execute these programs on a different computer within the context of a Java-enabled browser.
Different developers were attracted to Java with different expectations. As a result, they brought
different ideas about Java security. Simply put, if we expect Java to be free from introducing viruses, any
release of Java should satisfy our requirements. However, if we require functionalities such as digital
signatures, authentication and encryption in our programs, we need to use at least release 1.1 of Java.
Interestingly, Java security discussions are centered on the idea of Java’s applet based security model.
This security is contained inside Java-enabled browsers. This model is envisaged for use on the Internet.

The Java Sandbox Java’s security model is closely associated with the idea of a sandbox model. A
sandbox model allows a program to be hosted and executed, but there are some restrictions in place. The
developer/end user may decide to give the program access to certain resources. However, in general,
they want to make sure that the program is confined to its sandbox. The overall execution of a Java
program on the Internet is as shown in Fig. 1.25.
The chief job of the Java sandbox is to protect a number of resources and it performs this task so at a
number of levels, explained as follows:
• A sandbox in which program can access the CPU, the screen, the keyboard and mouse and its own
memory. This is the basic sandbox. It contains just enough resources for a program to execute.
• A sandbox in which a program can access the CPU and its memory as well as access the Web
server from which it was downloaded. This is often considered as the default state for the sandbox.
 Network Security

Attacks on Computers and Computer Security 27

Java
source Java byte
Internet
program code verifier

Class loader
Java
compiler

Java Java
interpreter compiler
istore 1
getfield #5
astore 0
…

Runtime
Java byte
environment
code

Hardware

Fig. 1.25 Steps in the execution of a Java program on the Internet

• A sandbox in which program can access the CPU, its memory, its Web server and to a set of
resources (files, computers, etc.) that are local.
• An open sandbox, in which the program can access whatever resources the host machine can.
Java Application Security Let us discuss the broad level aspects of Java security and their relation
to each other.
• The bytecode verifier: The bytecode verifier ensures that Java class files obey the rules of the
Java programming language. The bytecode verifier ensures memory protection for all Java
programs. However, not all files are required to go through byte code verification.
• The class loader: Class loaders load classes that are located in Java’s default path (called as
CLASSPATH). In Java 1.2, the class loaders also take up the job of loading classes that are not
found in the CLASSPATH.
• The access controller: In Java 1.2, the access controller allows (or prevents) access from the core
Java API to the operating system.
• The security manager: The security manager is the chief interface between the core Java API and
the operating system. It has the ultimate responsibility for allowing or disallowing access to all
operating system resources. The security manager uses the access controller for many of these
decisions.
 Network Security

28 Cryptography and Network Security

• The security package: The security package (that is, classes in the java.security package) helps
in authenticating signed Java classes.
• The key database: The key database is a set of keys used by the security manager and access
controller to validate the digital signature that comes along with a signed class file. In the Java
architecture, it is contained within the security package, although it may be an external file or
database as well.

Built-in Java Application Security From version 1.2, the Java platform itself comes with a
security model built for the applications it runs. Here, the classes that are found in the CLASSPATH may
have to go through a security check. This allows running of the application code in a sandbox defined by
a user or an administrator. The following points are salient:
• Access methods are strictly adhered to
• A program cannot access arbitrary memory location
• Entities that are declared as final must not be changed
• Variables may not be used before they are initialized
• Array bounds must be checked during all array accesses
• Objects cannot arbitrarily cast into other object type
To illustrate this, consider a C program shown in Fig. 1.26. As we can see, the program simply
declares a character pointer and without allocating any memory, accepts user input in that pointer. This
can cause havoc, if an attacker finds intelligent ways to exploit such code. This is not at all possible in
Java.

#include <stdio.h>

void main ()
{
char *p;

printf ("Enter a string: ");

gets (p);

printf ("You entered: %s", p);

}

Fig. 1.26 C program using a pointer without initializing it

Specific Attacks
Sniffing and Spoofing On the Internet, computers exchange messages with each other in the form
of small blocks of data, called as packets. A packet, like a postal envelope contains the actual data to be
sent and the addressing information. Attackers target these packets, as they travel from the source
computer to the destination computer over the Internet. These attacks take two main forms: (a) Packet
sniffing (also called as snooping) and (b) Packet spoofing. Since the protocol used in this
communication is called as Internet Protocol (IP), other names for these two attacks are: (a) IP sniffing
and (b) IP spoofing. The meaning remains the same.
 Network Security

Attacks on Computers and Computer Security 29

Let us discuss these two attacks.

(a) Packet sniffing: Packet sniffing is a passive attack on an ongoing conversation. An attacker need
not hijack a conversation, but instead, can simply observe (i.e. sniff ) packets as they pass by.
Clearly, to prevent an attacker from sniffing packets, the information that is passing needs to be
protected in some ways. This can be done at two levels: (i) The data that is traveling can be
encoded in some ways or (ii) The transmission link itself can be encoded. To read a packet, the
attacker somehow needs to access it in the first place. The simplest way to do this is to control a
computer via which the traffic goes through. Usually, this is a router. However, routers are highly
protected resources. Therefore, an attacker might not be able to attack it and instead, attack a less-
protected computer on the same path.
(b) Packet spoofing: In this technique, an attacker sends packets with a false source address. When
this happens, the receiver (i.e. the party who receives these packets containing false address)
would inadvertently send replies back to this forged address (called as spoofed address) and not to
the attacker. This can lead to three possible cases:
(i) The attacker can intercept the reply – If the attacker is between the destination and the
forged source, the attacker can see the reply and use that information for hijacking attacks.
(ii) The attacker need not see the reply – If the attacker’s intention was a Denial Of Service
(DOS) attack, the attacker need not bother about the reply.
(iii) The attacker does not want the reply – The attacker could simply be angry with the host,
so it may put that host’s address as the forged source address and send the packet to the
destination. The attacker does not want a reply from the destination, as it wants the host
with the forged address to receive it and get confused.

Phishing Phishing has become a big problem in recent times. In 2006, the estimated losses due to
phishing were to the tune of USD 2.8 billion, according to a study. Attackers set up fake Web sites, which
look like real Web sites. It is quite simple to do so, since creating Web pages involves relatively simple
technologies such as HTML, JavaScript, CSS (Cascading Style Sheets), etc. Learning and using these
technologies is quite simple. The attacker’s modus operandi works as follows.
1. The attacker decides to create her own Web site, which looks very identical to a real Web site. For
example, the attacker can clone Citibank’s Web site. The cloning is so clever that human eye will
not be able to distinguish between the real (Citibank’s) and fake (attacker’s) sites now.
2. The attacker can use many techniques to attack the bank’s customers. We illustrate the most
common one, as follows:
The attacker sends an email to the legitimate customers of the bank. The email itself appears to
have come from the bank. For ensuring this, the attacker exploits the email system to suggest that
the sender of the email is some bank official (e.g. [email protected]). This fake
email warns the user that there has been some sort of attack on the Citibank’s computer systems
and that the bank wants to issue new passwords to all its customers or verify their existing PINs,
etc. For this purpose, the customer is asked to visit a URL mentioned in the same email. This is
conceptually shown in Fig. 1.27.
3. When the customer (i.e. the victim) innocently clicks on the URL specified in the email, she is
taken to the attacker’s site and not the bank’s original site. There, the customer is prompted to enter
confidential information, such as her password or PIN. Since the attacker’s fake site looks exactly
 Network Security

30 Cryptography and Network Security

Attacker Victim

Subject: Verify your E-mail with Citibank

This email was sent by the Citibank server to verify your E-mail
address. You must complete this process by clicking on the link
below and entering in the small window your Citibank ATM/Debit
Card number and PIN that you use on ATM.

This is done for your protection - because some of our members

no longer have access to their email addresses and we must
verify it.

To verify your E-mail address and access your bank account,

click on the link below:

https://web.da-us.citibank.com/signin/citifi/scripts/email_verify.jsp

Fig. 1.27 Attacker sends a forged email to the innocent victim (customer)

like the original bank site, the customer provides this information. The attacker gladly accepts this
information and displays a Thank you to the unsuspecting victim. In the meanwhile, the attacker
now uses the victim’s password or PIN to access the bank’s real site and can perform any
transaction as if he/she is the victim!
A real-life example of this kind of attack is reproduced as shown from the site http://
www.fraudwatchinternational.com.
Figure 1.28 shows a fake email sent by an attacker to an authorized PayPal user.
As we can see, the attacker is trying to fool the PayPal customer to verify her credit card details. Quite
clearly, the aim of the attacker is to access the credit card information of the customer and then misuse it.
Figure 1.29 shows the screen that appears when the user clicks on the URL specified in the fake email.
Once the user provides these details, the attacker’s job is easy! She simply uses these credit card
details to make purchases on behalf of the cheated card holder!

Pharming (DNS Spoofing) Another attack, known earlier as DNS spoofing or DNS poisoning is
now called as pharming attack. As we know, using the Domain Name System (DNS), people can
identify Web sites with human-readable names (such as www.yahoo.com) and computers can continue
to treat them as IP addresses (such as 120.10.81.67). For this, a special server computer called as a DNS
server maintains the mappings between domain names and the corresponding IP addresses. The DNS
server could be located anywhere. Usually, it is with the Internet Service Provider (ISP) of the users.
With this background, the DNS spoofing attack works as follows.
 Network Security

Attacks on Computers and Computer Security 31

Fig. 1.28 Fake email from the attacker to a PayPal user

1. Suppose that there is a merchant (Bob), whose site’s domain name is www.bob.com and the IP
address is 100.10.10.20. Therefore, the DNS entry for Bob in all the DNS servers is maintained as
follows:
www.bob.com 100.10.10.20
2. The attacker (Say Trudy) manages to hack and replace the IP address of Bob with her own (say
100.20.20.20) in the DSN server maintained by the ISP of a user, say Alice. Therefore, the DNS
server maintained by the ISP of Alice now has the following entry:
www.bob.com 100.20.20.20
Thus, the contents of the hypothetical DNS table maintained by the ISP would be changed. A
hypothetical portion of this table (before and after the attack) is shown in Fig. 1.30.
3. When Alice wants to communicate with Bob’s site, her Web browser queries the DNS server
maintained by her ISP for Bob’s IP address, providing it the domain name (i.e. www.bob.com).
Alice gets the replaced (i.e. Trudy’s) IP address, which is 100.20.20.20.
4. Now, Alice starts communicating with Trudy, believing that she is communicating with Bob!
Such attacks of DNS spoofing are quite common and cause a lot of havoc. Even worse, the attacker
(Trudy) does not have to listen to the conversation on the wire! She has to simply be able to hack the
DNS server of the ISP and replace a single IP address with her own!
 Network Security

32 Cryptography and Network Security

Fig. 1.29 Fake PayPal site asking for user’s credit card details
3415

Attacks on Computers and Computer Security 33

DNS Name IP Address DNS Name IP Address

www.amazon.com 161.20.10.16 www.amazon.com 161.20.10.16

www.yahoo.com 121.41.67.89 www.yahoo.com 121.41.67.89
www.bob.com 100.10.10.20 www.bob.com 100.20.20.20
... ... ... ...

Before the attack After the attack

Fig. 1.30 Effect of the DNS attack

A protocol called as DNSSec (Secure DNS) is being used to thwart such attacks.
However, unfortunately it is not widely used.
3416

1.3 SECURITY ATTACKS

A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of
passive attacks and active attacks. A passive attack attempts to learn or make use of information
from the system but does not affect system resources. An active attack attempts to alter system
resources or affect their operation.

Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmis- sions. The
goal of the opponent is to obtain information that is being transmitted. Two types of passive
attacks are the release of message contents and traffic analysis.
The release of message contents is easily understood (Figure 1.2a). A telephone
conversation, an electronic mail message, and a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent from learning the contents of
these transmissions.
A second type of passive attack, traffic analysis, is subtler (Figure 1.2b). Suppose that
we had a way of masking the contents of messages or other information traffic so that
opponents, even if they captured the message, could not extract the information from the
message. The common technique for masking contents is encryption. If we had encryption
protection in place, an opponent might still be able to observe the pattern of these
messages. The opponent could determine the location and identity of communicating hosts
and could observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of the communication that was
taking place.
Passive attacks are very difficult to detect, because they do not involve any alteration
of the data. Typically, the message traffic is sent and received in an appar- ently normal
fashion, and neither the sender nor receiver is aware that a third party has read the messages
or observed the traffic pattern. However, it is feasible to pre- vent the success of these attacks,
usually by means of encryption. Thus, the empha- sis in dealing with passive attacks is on
prevention rather than detection.

Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream
and can be subdivided into four categories: masquerade, replay, modification of messages, and
denial of service.
A masquerade takes place when one entity pretends to be a different entity (Figure
1.3a). A masquerade attack usually includes one of the other forms of active attack. For
example, authentication sequences can be captured and replayed after a valid authentication
sequence has taken place, thus enabling an authorized entity with few privileges to obtain
extra privileges by impersonating an entity that has those privileges.
Replay involves the passive capture of a data unit and its subsequent retrans- mission to
produce an unauthorized effect (Figure 1.3b).
Modification of messages simply means that some portion of a legitimate message is
altered, or that messages are delayed or reordered, to produce an unau- thorized effect
(Figure 1.3c). For example, a message meaning “Allow John Smith to read confidential file
accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”
The denial of service prevents or inhibits the normal use or management of
communications facilities (Figure 1.3d). This attack may have a speci fic target; for example, an
entity may suppress all messages directed to a particular destination
3417

Darth Read contents of

message from Bob
to Alice

Internet or
other comms facility

Bob Alice

(a) Release of message contents

Darth Observe pattern of

messages from Bob
to Alice

Internet or
other comms facility

Bob Alice

(b) Traffic analysis

Figure 1.2 Passive Attacks

(e.g., the security audit service). Another form of service denial is the disruption of an entire
network, either by disabling the network or by overloading it with messages so as to degrade
performance.
Active attacks present the opposite characteristics of passive attacks. Whereas passive
attacks are difficult to detect, measures are available to prevent their success.
3418

Darth Message from Darth

that appears to be
from Bob

Internet or
other comms facility

Bob Alice

(a) Masquerade

Darth Capture message from

Bob to Alice; later
replay message to Alice

Internet or
other comms facility

Bob Alice

(b) Replay
Figure 1.3 Active attacks (Continued)

On the other hand, it is quite difficult to prevent active attacks absolutely because of the wide
variety of potential physical, software, and network vulnerabilities. Instead, the goal is to
detect active attacks and to recover from any disruption or delays caused by them. If the
detection has a deterrent effect, it may also contribute to prevention.
3419

Darth Darth modifies

message from Bob
to Alice

Internet or
other comms facility

Bob Alice

(a) Modification of messages

Darth
Bob Darth disrupts service Server
provided by server

Internet or
other comms facility

(b) Denial of service

Figure 1.3 Active attacks

1.4 SECURITY SERVICES

X.800 defines a security service as a service that is provided by a protocol layer of

communicating open systems and that ensures adequate security of the systems or of data
transfers. Perhaps a clearer definition is found in RFC 2828, which provides the following
definition: a processing or communication service that is provided by a system to give a
specific kind of protection to system resources; security services implement security policies
and are implemented by security mechanisms.
X.800 divides these services into five categories and fourteen specific services (Table 1.2).
We look at each category in turn.5
3420

Table 1.2 Security Services (X.800)

3421

Authentication
The authentication service is concerned with assuring that a communication is authentic. In
the case of a single message, such as a warning or alarm signal, the function of the
authentication service is to assure the recipient that the message is from the source that it
claims to be from. In the case of an ongoing interaction, such as the connection of a terminal to
a host, two aspects are involved. First, at the time of connection initiation, the service assures
that the two entities are authentic, that is, that each is the entity that it claims to be. Second, the
service must assure that the connection is not interfered with in such a way that a third party
can masquerade as one of the two legitimate parties for the purposes of unauthorized
transmission or reception.
Two specific authentication services are defined in X.800:
• Peer entity authentication: Provides for the corroboration of the identity of a peer entity
in an association. Two entities are considered peers if they implement to same protocol
in different systems; e.g., two TCP mod- ules in two communicating systems. Peer entity
authentication is provided for use at the establishment of, or at times during the data
transfer phase of, a connection. It attempts to provide confidence that an entity is not
performing either a masquerade or an unauthorized replay of a previous connection.
• Data origin authentication: Provides for the corroboration of the source of a data unit.
It does not provide protection against the duplication or modification of data units. This
type of service supports applications like electronic mail, where there are no prior
interactions between the commu- nicating entities.

Access Control
In the context of network security, access control is the ability to limit and control the access
to host systems and applications via communications links. To achieve this, each entity trying
to gain access must first be identified, or authenticated, so that access rights can be tailored
to the individual.

Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With respect to
the content of a data transmission, several levels of protection can be identified. The
broadest service protects all user data transmitted between two users over a period of time.
For example, when a TCP connection is set up between two systems, this broad
protection prevents the release of any user data transmitted over the TCP connection.
Narrower forms of this service can also be defined, including the protection of a single
message or even specific fields within a message. These refinements are less useful than the
broad approach and may even be more complex and expensive to implement.

The other aspect of confidentiality is the protection of traffic flow from analysis. This
requires that an attacker not be able to observe the source and destination, frequency, length,
or other characteristics of the traffic on a communications facility.
3422

Data Integrity
As with confidentiality, integrity can apply to a stream of messages, a single message, or
selected fields within a message. Again, the most useful and straightforward approach is
total stream protection.
A connection-oriented integrity service, one that deals with a stream of messages,
assures that messages are received as sent with no duplication, inser- tion, modification,
reordering, or replays. The destruction of data is also covered under this service. Thus, the
connection-oriented integrity service addresses both message stream modification and denial
of service. On the other hand, a connec- tionless integrity service, one that deals with
individual messages without regard to any larger context, generally provides protection
against message modification only.
We can make a distinction between service with and without recovery. Because the
integrity service relates to active attacks, we are concerned with detection rather than
prevention. If a violation of integrity is detected, then the service may simply report this
violation, and some other portion of software or human intervention is required to recover
from the violation. Alternatively, there are mechanisms available to recover from the loss of
integrity of data, as we will review subsequently. The incorporation of automated
recovery mechanisms is, in general, the more attractive alternative.

Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a transmitted message.
Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the
message. Similarly, when a message is received, the sender can prove that the alleged receiver
in fact received the message.

Availability Service
Both X.800 and RFC 2828 define availability to be the property of a system or a system
resource being accessible and usable upon demand by an authorized system entity,
according to performance specifications for the system (i.e., a system is available if it
provides services according to the system design whenever users request them). A variety of
attacks can result in the loss of or reduction in availability. Some of these attacks are
amenable to automated countermeasures, such as authentication and encryption, whereas
others require some sort of physical action to prevent or recover from loss of availability of
elements of a distributed system.

X.800 treats availability as a property to be associated with various security services.

However, it makes sense to call out specifically an availability service. An availability service is
one that protects a system to ensure its availability. This service addresses the security concerns
raised by denial-of-service attacks. It depends on proper management and control of system
resources and thus depends on access control service and other security services.

1.5 SECURITY MECHANISMS

Table 1.3 lists the security mechanisms defined in X.800. The mechanisms are divided into those that
are implemented in a specific protocol layer, such as TCP or an application-layer protocol, and those
that are not specific to any particular protocol layer or security service. These mechanisms will be
3423

covered in the appro- priate places in the book. So we do not elaborate now, except to comment on
the

definition of encipherment. X.800 distinguishes between reversible encipherment mechanisms and

irreversible encipherment mechanisms. A reversible encipherment mechanism is simply an encryption
algorithm that allows data to be encrypted and subsequently decrypted. Irreversible encipherment
mechanisms include hash algo- rithms and message authentication codes, which are used in digital
signature and message authentication applications.

Table 1.4, based on one in X.800, indicates the relationship between security services and security
mechanisms.
3424

1.6 A MODEL FOR NETWORK SECURITY

A model for much of what we will be discussing is captured, in very general terms, in Figure 1.4. A
message is to be transferred from one party to another across some sort of Internet service. The two
parties, who are the principals in this transaction, must cooperate for the exchange to take place. A
logical information channel is estab- lished by defining a route through the Internet from source to
destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals.

Security aspects come into play when it is necessary or desirable to protect the information
transmission from an opponent who may present a threat to confi- dentiality, authenticity, and so on.
All the techniques for providing security have two components:

• A security-related transformation on the information to be sent. Examples include the

encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be used
to verify the identity of the sender.

• Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunc- tion with the transformation to
scramble the message before transmission and unscramble it on reception.6
A trusted third party may be needed to achieve secure transmission. For example, a third party
3425

may be responsible for distributing the secret information to the two principals while keeping it from
any opponent. Or a third party may be needed to arbitrate disputes between the two principals
concerning the authenticity of a message transmission.
This general model shows that there are four basic tasks in designing a particular security
service:
1. Design an algorithm for performing the security-related transformation. The algorithm
should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the securityalgorithm and
the secret information to achieve a particular security service.
Parts One through Five of this book concentrate on the types of security mecha- nisms and services that fit
into the model shown in Figure 1.4. However, there are other security-related situations of interest that do
not neatly fit this model but are consid- ered in this book. A general model of these other situations is
illustrated by Figure 1.5, which reflects a concern for protecting an information system from unwanted
access. Most readers are familiar with the concerns caused by the existence of hackers, who attempt to
penetrate systems that can be accessed over a network. The hacker can be someone who, with no
malign intent, simply gets satisfaction from breaking and entering a computer system. The intruder can
be a disgruntled employee who wishes to do damage or a criminal who seeks to exploit computer
assets for financial gain (e.g., obtaining credit card numbers or performing illegal money transfers).

Another type of unwanted access is the placement in a computer system of logic that exploits
vulnerabilities in the system and that can affect application pro- grams as well as utility programs, such
as editors and compilers. Programs can pre- sent two kinds of threats:
• Information access threats: Intercept or modify data on behalf of users whoshould not
have access to that data.
• Service threats: Exploit service flaws in computers to inhibit use by legitimate users.
Viruses and worms are two examples of software attacks. Such attacks can be introduced into a
system by means of a disk that contains the unwanted logic con- cealed in otherwise useful software.
They can also be inserted into a system across a network; this latter mechanism is of more concern in
network security.

The security mechanisms needed to cope with unwanted access fall into two broad categories
(see Figure 1.5). The first category might be termed a gatekeeper function. It includes password-
3426

based login procedures that are designed to deny access to all but authorized users and screening
logic that is designed to detect and reject worms, viruses, and other similar attacks. Once either an
unwanted user or unwanted software gains access, the second line of defense consists of a variety of
internal controls that monitor activity and analyze stored information in an attempt to detect the
presence of unwanted intruders. These issues are explored in Part Six.

SUMMARY

❑ Network and Internet security has gained immense prominence in the last few years, as conducting
business using these technologies has become very crucial.
❑ Automation of attacks, privacy concerns and distance becoming immaterial are some of the key
characteristics of modern attacks.
❑ The principles of any security mechanism are confidentiality, authentication, integrity, non-
repudiation, access control and availability.
❑ Confidentiality specifies that only the sender and the intended recipients should be able to access
the contents of a message.
❑ Authentication identifies the user of a computer system and builds a trust with the recipient of a
message.
❑ Integrity of a message should be preserved as it travels from the sender to the recipient. It is
compromised if the message is modified during transit.
❑ Non-repudiation ensures that the sender of a message cannot refute the fact of sending that
message in case of disputes.
❑ Access control specifies what users can do with a network or Internet system.
❑ Availability ensures that computer and network resources are always available to the legitimate
users.
❑ Attacks on a system can be classified into interception, fabrication, modification and interruption.
❑ Common way of classifying attacks is to categorize them into criminal, publicity and legal attacks.
❑ Attacks can also be classified into passive and active attacks.
❑ In passive attacks, the attacker does not modify the contents of a message.
❑ Active attacks involve modification of the contents of a message.
❑ Release of message contents and traffic analysis are types of passive attacks.
❑ Masquerade, replay attacks, alteration of messages and Denial Of Service (DOS) are types of
active attacks.
❑ Another way to classify attacks is application level attacks and network level attacks.
3427

34 Cryptography and Network Security

❑ Viruses, worms, Trojan horses and Java applets, ActiveX controls can practically cause attacks on
a computer system.
❑ Java offers high amount of security in programming, if implemented correctly.
❑ Sniffing and spoofing cause packet-level attacks.
❑ Phishing is a new attack which attempts to fool legitimate users to provide their confidential
information to fake sites.
❑ DNS spoofing or pharming attack involves changing the DNS entries so that users are redirected to
an invalid site, while they keep thinking that they have connected to the right site.

KEY TERMS AND CONCEPTS

O Access Control List (ACL) O Java applet

O Active attack O Masquerade
O ActiveX control O Modification
O Alteration of message O Network level attack
O Application level attack O Non-repudiation
O Attacker O Passive attack
O Authentication O Phishing
O Availability O Pharming
O Behavior-blocking software O Release of message contents
O Confidentiality O Replay attack
O Denial Of Service (DOS) attack O Signed Java applet
O Fabrication O Traffic analysis
O Identity theft O Trojan horse
O Integrity O Virus
O Interception O Worm
O Interruption

PRACTICE SET

MULTIPLE-CHOICE QUESTIONS
1. The principle of ensures that only the sender and the intended recipients have access
to the contents of a message.
(a) confidentiality (b) authentication
(c) integrity (d) access control
2. If the recipient of a message has to be satisfied with the identify of the sender, the principle of
comes into picture.
(a) confidentiality (b) authentication
(c) integrity (d) access control
3428

Attacks on Computers and Computer Security 35

3. If we want to ensure the principle of , the contents of a message must not be

modified while in transit.
(a) confidentiality (b) authentication
(c) integrity (d) access control
4. Allowing certain users specific accesses comes in the purview of .
(a) confidentiality (b) authentication
(c) integrity (d) access control
5. If a computer system is not accessible, the principle of is violated.
(a) confidentiality (b) authentication
(c) availability (d) access control
6. The four primary security principles related to a message are .
(a) confidentiality, authentication, integrity and non-repudiation
(b) confidentiality, access control, non-repudiation and integrity
(c) authentication, authorization, non-repudiation and availability
(d) availability, access control, authorization and authentication
7. The principle of ensures that the sender of a message cannot later claim that the
message was never sent.
(a) access control (b) authentication
(c) availability (d) non-repudiation
8. The attack is related to confidentiality.
(a) interception (b) fabrication
(c) modification (d) interruption
9. The attack is related to authentication.
(a) interception (b) fabrication
(c) modification (d) interruption
10. The attack is related to integrity.
(a) interception (b) fabrication
(c) modification (d) interruption
11. The attack is related to availability.
(a) interception (b) fabrication
(c) modification (d) interruption
12. In attacks, there is no modification to message contents.
(a) passive (b) active
(c) both of the above (d) none of the above
13. In attacks, the message contents are modified.
(a) passive (b) active
(c) both of the above (d) none of the above
14. Interruption attacks are also called as attacks.
(a) masquerade (b) alteration
(c) denial of service (d) replay attacks
3429

36 Cryptography and Network Security

15. DOS attacks are caused by .

(a) authentication (b) alteration
(c) fabrication (d) replay attacks
16. Virus is a computer .
(a) file (b) program
(c) database (d) network
17. A worm modify a program.
(a) does not (b) does
(c) may or may not (d) may
18. A replicates itself by creating its own copies, in order to bring the network to a halt.
(a) virus (b) worm
(c) Trojan horse (d) bomb
19. Applets and ActiveX controls are side programs.
(a) client (b) server
(c) database (d) none of the above
20. ActiveX controls are secure as compared to applets.
(a) more (b) equally
(c) far more (d) less