NETWORK

AND
INFORMATIO
N SECURITY
22620
EXAMINATIO
N SCHEME
 1. Computer Security-Dieter Gollmann
2. Cryptography and Network Security-
Books Atul Kahate
Recommende 3. Mark Stamp’s Information Security-
d Principles and Practice-Deven Shah
4. Security in Computing by Pfleeger
and Margulies
 ●Identify risks related to Computer security and
Information hazard in various situations.
●Apply user identification and authentication methods.
●Apply cryptographic algorithms and protocols to
COURSE maintain Computer Security.
OUTCOMES ●Apply measures to prevent attacks on network using
firewall.
●Maintain secured networks and describe Information
Security Compliance standards.
 • Protecting company data and information
NEED OF • Protects individual private information
COMPUTER • Protects networks and resources
SECURITY • Fight against computer hackers and
identity theft
 It deals with the prevention and detection of
unauthorized actions by users of a computer
system
This definition covers three aspects:
Confidentiality: Prevention of unauthorized
disclosure of information
Integrity: Prevention of unauthorized
Definition modification of information
Availability: Prevention of unauthorized
withholding of information or resources.
 ●Confidentiality
●Integrity
Security ●Availability
basics ●Accountability
●Non repudiation
●Reliability
 ●Main objective of computer security is to
stop unauthorized users reading sensitive
data
●Confidentiality ensures that unauthorized
users should not learn sensitive information
Confidential ●E.g. Military and civilian institutions in
ity government
●Access control mechanisms like
cryptography can be used to preserve
confidentiality
●Resource hiding is an another aspect of
confidentiality
Interception
 ●Integrity deals with the prevention of
unauthorized writing or modification
●Integrity includes data integrity(content of
information)and origin integrity(source of
data, authentication)
INTEGRITY ●Prevention :Use of authentication and
access control can stop breaking from
outside
●Detection mechanisms analyze the system
events to detect problems and may report
cause of integrity violation or simply report
that file is now corrupt
Modificatio
n
 ●Availability is the property of bring accessible and
usable upon demand by an authorized entity
●In context of security, we want to ensure that a
malicious attacker cannot prevent legitimate users
AVAILABILIT from having reasonable access to their systems.
Y ●Someone may deliberately arrange to deny
access to data or to a service by making it
unavailable
●Attempts to block the availability called Denial of
Service(DoS)
Interruption
 ●Every individual who works with an information
system should have specific responsibilities for
information assurance
●Audit information must be selectively kept and
protected so that actions affecting security can be
ACCOUNTABILI traced to the responsible party
TY ●To be able to do so, the system has to identify and
authenticate users. It has to keep an audit trail of
security relevant events
●If a security violation has occurred, information
from audit trail may help to identify the perpetrator
and steps that were taken to compromise the
system.
 ●Non repudiation services provide unforgeable
evidence that a specific action occurred
●Digital signatures provide non-repudiation.

NON-
REPUDIATION
 ●In an IT system, assets include:
●Hardware: laptops, servers, routers, mobile
phones, notebooks, smart cards, etc
●Software: applications, operating systems,
database ,management systems, source code,
ASSETS object code, etc
●Data and information: essential data running and
planning your business, design documents, digital
content, data about your customers, etc
●Reputation
 ●Vulnerabilities are weaknesses of a system that
could be accidentally or intentionally exploited
to damage assets
●In IT system, typical vulnerabilities are:

Vulnerabiliti ●Accounts with system privileges where the

default password has not been changed
es ●Programs with unnecessary privileges
●Programs with known flaws
●Weak access control settings on resources
●Weak firewall configurations
 ●A threat is an undesirable negative impact on
assets
●Spoofing attacks
●Tampering with data
THREAT ●Repudiation
●Information disclosure
●Denial of service
●Elevation of privilege
RISK
ANALYSIS
 ●Virus is a piece of program code that attaches itself to
legitimate program code and runs when the legitimate
program runs
●Virus infect other programs in that computer or programs
that are in other computers but on the same network
● A virus can be repaired and its damage can be controlled
by using good backup procedures.

Viruses
 ●Boot Sector Virus :It is a type of virus that infects the boot
sector of floppy disks or the Master Boot Record (MBR) of hard
disks.
●Direct Action Virus:When a virus attaches itself directly to
a .exe or .com file and enters the device while its execution is
called a Direct Action Virus
●Resident virus:A virus which saves itself in the memory of
the computer and then infects other files and programs when
its originating program is no longer working
Types of ●Multipartite virus:A virus which can attack both, the boot
Viruses sector and the executable files of an already infected compute
●Overwrite Virus :the overwrite virus can completely
remove the existing program and replace it with the malicious
code by overwriting it.
●Polymorphic Virus:They create a modified or morphed
version of the existing program and infect the system and
retain the original code.
●Spacefiller Virus : It is a rare type of virus which fills in the
empty spaces of a file with viruses. It is known as cavity virus.
It will neither affect the size of the file nor can be detected
 ●A virus modifies a program ,A worm does not modify a
program
●A worm replicates itself again and again
●As the replication grows, computer or network on which
the worm resides, becomes slow and finally comes to halt
●A worm attack attempts to make the computer or network
under attack unusable by eating all its resources

Worms
 ●A virus does some sort of modifications to the target
computer or network
●Trojan horse attempts to reveal confidential
information to an attacker

Trojan
Horse
 ●Scenario 1 - Advisory practices attacked by a Trojan virus
●In this scenario, a number of advisory practices were subject to a
targeted malware attack via a Trojan virus. This virus helped the
cyber criminals access several advisers’ PCs and obtain the login
details for systems that had been used.
●This attempted fraud took place while the practice was closed
over the Christmas holidays.
●"We locked up the office that afternoon just before Christmas and
went home. We were all looking forward to a nice long break, it’d
been a busy year. We wouldn’t be back in the office until the New
Year."

Case Study ●Transactions were submitted to the platform over the Christmas
period using several advisers’ user IDs.
●Direct credit (EFT) bank account details were edited to credit the
cyber criminals' ‘mule’ Australian bank account. From this account
the cyber criminals would be free to transfer the funds overseas.
●Luckily for the practice, the fraud was uncovered before any funds
were paid out.
●"Even though we were on holiday, we all continued to check our
transaction updates via the platform each day. We called the
platform right away and they were able to stop the fraudulent
payments in time."
 account lock

●A Melbourne advisory practice was the target of a malware

attack, having found malware on their system which locked their
access to the platform. The malware allowed the cyber criminal
to gain access to an adviser’s login details for all systems he
had used recently.
●The cyber criminals now had access to every website or account
that required a login. This included personal banking, platform
desktop software, Xplan software and Facebook.
●The next time the adviser tried to log in to his platform desktop
Case Study software, he was locked out.
●He rang our account executive team to report his access was
locked. He couldn’t login, even though he was using his correct
user name and password.
●The platform reset his password. The next day when the adviser
tried again to login, he was locked out of the system again.
●It became obvious that the adviser’s user ID had been
compromised. At this point, the user ID was deleted.
●Where you have had your platform access locked or you suspect
fraud or malware on your system call us immediately as part of
your reporting response so we can suspend your login ID to
attempt to prevent further fraudulent transactions. Bring in a
 ●A staff member in an advisory practice
opened a file attached to an email received
one morning.
●It turned out the attachment contained a
‘worm’ that infected not only the staff
member’s PC, it also spread to all other PCs
in the practice network.
●This malware caused all PCs in the office to
Case Study shut down.
●The adviser needed to use the platform
software that day to ensure his clients
participated in a Corporate Action that was
closing the following day.
●With help from their Business Development
Manager, the office worked through the issue
so they were able to log into the platform
software to complete this critical work from a
home laptop that hadn’t been infected with
 ●An attack consists of sequence of
actions ,exploiting vulnerabilities in the system,
until the attacker’s goals have been achieved
●Attacks are of two types:
1. In Passive attacks, attacker aims to obtain
Types of information that is in transit(Passive means the
Attacks attacker does not attempt to perform any
modifications to the data.
●Classification of passive attacks :
1.Release of message contents
2.Traffic Analysis
Passive
Attack
 ●Active attacks are based on modification of
the original message in some manner or on
creation of a false message
●Interruption
Types of
●Replay attacks
Attacks
●Modification
●Alteration
●Denial of service
Active
Attack
Comparison
 ●Basic purpose of DOS attack is simply to flood a
network so as to deny the authentic users
services of the network
●End result is flooding of an network or change
in the configuration of routers on the network
Denial of ●Not easy to detect
Service ●Most notable DOS attacks were launched
against famous websites such as
Yahoo,Amazon,etc
●In April 2020,15 year old Canadian called
Mafiaboy launched DOS
DOS
Mechanism 1. An attacker performs step1.The sever performs step 2.However
attacker does not perform step 3.Connection is not complete.Server
needs to keep track of incomplete connection request and wait for
response

2. In step 1 attacker forges the source address.Attacker puts the

source address as the address of non existing client,Thus when
server sends ACK ,it never reaches any client at all

3. Attacker launches a Distributed DOS attack,where many syn

requests are sent from many physically different client.In this case
even if DOS is detected,it cant be controlled by blocking syn
DOS AND
DDOS
 ●Investigate the incoming packets and look
for a particular pattern
●To configure the services offered by a
particular application so that it never
accepts more than a particular client
Prevention requests in specified time interval
●Blocking a particular IP address or port
number ,but doing it real time is challenging
●Have a good backup of the firewall and
servers
 ●Trapdoor: It is a secret entry point into a
program that allows anyone to gain access
to any system without going through the
usual security access procedures
Backdoors/ ●Backdoor is a method of bypassing
Trapdoors normal authentication methods
●It typically works by recognizing some
sequence of input or special ID
●E.g. Easter Egg in MS 1997 Excel
 ●Defintion:It a practice of intercepting network traffic ,either
wired or wireless to capture and analyze the data packets that
are transmitted across the network
●Sniffing can be done using specialized hardware or software
tools that are designed to intercept the network traffic
●Once the packets are captured ,they can be analyzed to
extract the information such as usernames, passwords and
other sensitive data
●Diagram:
Sniffing
 ●Passive Sniffing: Performed without altering the
network traffic. It just involves eavesdropping on
network traffic without making any changes to the
packets that are being transmitted
●Active Sniffing: Involves altering the network
traffic. This can be done by injecting packets into
network to simulate traffic or by modifying the
Sniffing contents of the packets that are being transmitted
●Impact of Sniffing: Sniffing can be used by hackers
to steal sensitive data like usernames,
passwords,credit card numbers etc
●This can result in identity theft,financial fraud or
other type of cybercrime
 ●Spoofing is a practice of impersonating a legitimate user
or device in order to gain unauthorized access to a
network, steal data or launch attacks on system
●Spoofing works by falsifying information in order to trick
computer into thinking that a request or message is
legitimate
●This can be done in number of ways such as falsifying IP
address, MAC address or other identifying information
●Diagram:

Spoofing
 ●IP spoofing: Falsifying IP address in a network
packet to make it appear as it has come from a
trusted source
●Email spoofing: Falsifying sender address in
email
Spoofing ●DNS spoofing: Falsifying DNS information in
order to redirect users to a fake website
types ●Spoofing can be used by hackers to gain
unauthorized access to a network,steal data or
launch attacks on system.This can result in data
breaches, financial losses and other type of
cybercrime
 ●A man-in-the-middle (MiTM) attack
●Attacker secretly intercepts and relays messages
between two parties who believe they are
communicating directly with each other.
●The attack is a type of eavesdropping in which the
attacker intercepts and then controls the entire
Man in the conversation.
middle ●MiTM cyber attacks pose a serious threat to online
security because they give the attacker the ability
to capture and manipulate sensitive personal
information -- such as login credentials, account
details or credit card numbers -- in real time.
 ●During MiTM attacks, cybercriminals insert
themselves in the middle of data transactions or
online communication. Through the distribution of
malware, the attacker gains easy access to the
user's web browser and the data it sends and
receives during transactions.
How it
works
 ●Secure connections. This is the first line of defense
against MiTM attacks. Users should only visit websites
that show "HTTPS" in the URL bar, instead of just
"HTTP".
●Avoid phishing emails. Cybercriminals purposely craft
phishing emails to trick users into opening them.
Users should think twice before opening emails
coming from unverified or unknown sources
Prevention ●A VPN encrypts internet connections and online data
transfers, such as passwords and credit card
information and should be used when connecting to
insecure public Wi-Fi networks and hotspots.
●Endpoint security. Because MiTM attacks use malware
for execution, it is important to have antimalware and
internet security products in place.
 ●TCP/IP hijacking is a man-in-the-middle network
attack.
●This is a network attack where an authorized user
can gain access to another user’s or client’s
authorized network connection.
●After hijacking a TCP/IP session, an attacker is able
to easily read and modify the transferred packets
and the hacker is also able to send its own requests
TCP/IP to the user.
Hacking
 ●The first major goal of an attacker is to obtain the
IPs of two devices that communicate using the
same network or connection. To do this, the
attacker monitors the data transmission on the
network until the IP of the device is obtained.
●After successfully grabbing the user IP. Hackers can
TCP/IP easily attack the connection.
Hacking ●In order to gain access to the connection, the
hacker put down the connection of another user
through a DOS attack, and the user’s connection
waits for reconnection.
●By spoofing the disconnected user’s IP, hackers can
easily restore communication.
 ●Do not click on unwanted or unknown links.
●Check the web application for all errors.
●Use an Intrusion Detection System (IDS) to monitor
network traffic for unwanted or unknown activity
●Use a switch instead of a hub for increased
security.
Prevention ●Always send the session ID over SSL for increasing
security.
●Use a different number of session IDs for each
page.
●Always use a secure protocol like HTTP instead of a
plain text protocol like HTTP, until you don’t know
which is right.
 ●Cryptology has two parts
namely, Cryptography which focuses on creating
Encryption/ secret codes and Cryptanalysis which is the study
of the cryptographic algorithm and the breaking of
Cryptograp those secret codes.
hic Attacks ●To determine the weak points of a cryptographic
system, it is important to attack the system. This
attacks are called Cryptanalytic attacks
 ●Brute force attack
●In a brute force attack, the cybercriminal tries various private
keys to decipher an encrypted message or data. If the key size
is 8-bit, the possible keys will be 256 (i.e., 28). The
cybercriminal must know the algorithm (usually found as
open-source programs) to try all the 256 possible keys in this
attack technique.
●Ciphertext-only attack
Types ●the attacker gains access to a collection of ciphertext.
Although the attacker cannot access the plaintext, they can
successfully determine the ciphertext from the collection.
Through this attack technique, the attacker can occasionally
determine the key.
●Chosen plaintext attack
●In this attack model, the cybercriminal can choose arbitrary
plaintext data to obtain the ciphertext. It simplifies the
attacker's task of resolving the encryption key.
 ●Chosen ciphertext attack
●In this attack model, the cybercriminal analyzes a
chosen ciphertext corresponding to its plaintext. The
attacker tries to obtain a secret key or the details
about the system
●Known plaintext attack
●In this attack technique, the cybercriminal finds or
Types knows the plaintext of some portions of the ciphertext
using information gathering techniques.
●Key and algorithm attack
●Here, the attacker tries to recover the key used to
encrypt or decrypt the data by analyzing the
cryptographic algorithm.
 ●Protecting sensitive information: Information security helps
protect sensitive information from being accessed, disclosed, or
modified by unauthorized individuals. This includes personal
information, financial data, and trade secrets, as well as confidential
government and military information.
●Mitigating risk: By implementing information security measures,
organizations can mitigate the risks associated with cyber threats
and other security incidents. This includes minimizing the risk of
Need and data breaches, denial-of-service attacks, and other malicious
activities.
Importance ●Compliance with regulations: Many industries and jurisdictions
of have specific regulations governing the protection of sensitive
information. Information security measures help ensure compliance
information with these regulations, reducing the risk of fines and legal liability.
●Protecting reputation: Security breaches can damage an
security organization’s reputation and lead to lost business. Effective
information security can help protect an organization’s reputation
by minimizing the risk of security incidents.
●Ensuring business continuity: Information security helps ensure
that critical business functions can continue even in the event of a
security incident. This includes maintaining access to key systems
and data, and minimizing the impact of any disruptions
 ●Data Classification or Information
Classification is the process of classifying
corporate information into significant categories
to ensure critical data is protected.
Information ●For example, financial files within an
Classificatio organization should not be kept together with
files from the public relations department.
n Instead, they should be maintained in separate
folders, which are accessible only by individuals
who are entitled to working with each kind of
data. Thus, the stored information stays safe and
can be easily accessed when needed.
 ●Value – the most frequently used criteria for
classifying information is the value of data. If the
information is so valuable that their loss could
create significant organizational problems, it
needs to be classified.
Criteria for ●Age – if the value of certain information declines
over time, the classification of the information
classificatio may be lowered.
n ●Useful Life – if the information is available to
make desired changes as and when needed, it can
be labeled ‘more useful’.
●Personal Association – information that is linked to
specific individuals or is addressed by privacy law
needs to be classified.
 ●Based on value, information is sorted as:
●Confidential Information – information that is protected as
confidential by all entities included or impacted by the
information. The highest level of security measures should
be applied to such data.
Classifying ●Classified Information – information that has restricted
based on access as per law or regulation.
●Restricted Information – information that is available to
value most but not all employees.
●Internal Information – information that is accessible by all
employees
●Public Information – information that everyone within and
outside the organization can access
Principles
of
Information
security
 ●Confidentiality
●Confidentiality measures are designed to prevent unauthorized
disclosure of information. The purpose of the confidentiality
principle is to keep personal information private and to ensure that
it is visible and accessible only to those individuals who own it or
need it to perform their organizational functions.
Principles ●Integrity

of ●Consistency includes protection against unauthorized changes

(additions, deletions, alterations, etc.) to data. The principle of
Information integrity ensures that data is accurate and reliable and is not
modified incorrectly, whether accidentally or maliciously.
Security ●Availability
●Availability is the protection of a system’s ability to make software
systems and data fully available when a user needs it (or at a
specified time). The purpose of availability is to make the
technology infrastructure, the applications and the data available
when they are needed for an organizational process or for an
organization’s customers.
 ●2 marks
●List any four basic principles of security
●Define :Cryptography and Cryptology
Important ●Give an example of active and passive attack
Questions ●Define:Confidentiality and Integrity
 ●4 marks
●Explain criteria for information classification
●Explain the terms:Vulnerabilty ,Threats and risk

Important ●Explain need of information classification. State

information classification
Questions ●Explain DoS and DDoS