Cryptography and Network Security

Year III Sem I

Rajan Sharma
 Course Objectives
• To provide knowledge on principles
and practices of network security
Course Outline
Course Outline
Course Outline
 References
• Lecture Notes
• Tutorials
UNIT:1Introduction
 Data, Information and
Knowledge
• Data
❖ recording of “something” measured
❖ Raw material, just measured
• Information
❖ Information is the result of processing, manipulating and
organizing data in a way that adds to the knowledge of the
receiver.
❖ Processed data
• Knowledge
❖ Knowledge is normally processed by means of structuring,
grouping, filtering, organizing or pattern recognition.
❖ Highly structured information
 Data, Information and
Knowledge
• Information Systems is the collection of hardware,
software, data, people and procedures that are designed
to generate information that supports the day-to-day,
operations.
 What is Information Security?
• Information security is the process of protecting information from
unauthorized access, use, disclosure, destruction, modification, or
disruption
• The protection of computer systems and information from harm,
theft, and unauthorized use.
• Protecting the confidentiality, integrity and availability of information
• Information security is an essential infrastructure technology to
achieve successful information-based society
• Highly information-based company without information security will
lose competitiveness

• What kind of protection?

❖ Protecting important document / computer
❖ Protecting communication networks
❖ Protecting Internet
❖ Protection in ubiquitous world
Historical Aspects of InfoSec
• Earliest InfoSec was physical security
• In early 1960, a systems administrator worked on
Message of the Day (MOTD) and another person with
administrative privileges edited the password file. The
password file got appended to the MOTD.

11
Information Security
 Information Security Today
• Today's online consumers routinely deal with
spyware, adware and malware, which present
threats ranging from simple annoyance to password
theft to Loss of critical property.

• What threats are on the horizon? State-sponsored

hacking is already an industry in itself. Individual
privacy may lessen as governments and law
enforcement agencies aggressively monitor email
and personal communication.
IT and IS
 What is Information Security
• Information security is the process of protecting
information from unauthorized access, use,
disclosure, destruction, modification, or
disruption
• The protection of computer systems and
information from harm, theft, and unauthorized
use.
• Protecting the confidentiality, integrity and
availability of information
• Highly information-based company without
information security will lose competitiveness
 What is Information Security
What kind of protection?
• Protecting important document / computer
• Protecting communication networks
• Protecting Internet
• Protection in ubiquitous world
Information Security, Cyber Security and
Network Security
 Information Security
• Information Security is the superset that contains
cyber security and network safety
• Information Security (InfoSec) is a discipline
concerned with protecting the confidentiality,
integrity, and availability of information assets within
an organization.
• It involves the implementation of policies,
procedures, technologies, and controls to safeguard
sensitive information from unauthorized access,
disclosure, alteration, or destruction.
 Key Principles of Information Security:
1. Confidentiality:
• Ensuring that sensitive information is accessible only to
authorized individuals or entities.
• Implementing access controls, encryption, and data classification
to protect sensitive data from unauthorized disclosure.
2. Integrity:
• Maintaining the accuracy, consistency, and trustworthiness of
information throughout its lifecycle.
• Using checksums, digital signatures, and access controls to
prevent unauthorized modification or tampering of data.
3. Availability:
• Ensuring that information and information systems are accessible
and usable when needed.
• Implementing redundancy, fault tolerance, and disaster recovery
measures to minimize downtime and ensure business continuity.
 Key Principles of Information Security:
4.Authentication:
• Verifying the identity of users, devices, or entities attempting
to access information systems or resources.
• Using passwords, biometrics, and multi-factor authentication
to authenticate users and control access to sensitive
information.
5.Authorization:
• Granting or denying access rights to users or entities based on
their authenticated identity and permissions.
• Implementing role-based access control (RBAC) and least
privilege principles to limit access to the minimum necessary
for users to perform their job functions.
6.Non-repudiation:
• Ensuring that the origin and integrity of a message or
transaction can be verified and cannot be denied by the
sender or recipient.
 Components of Information Security:
1. People:
• Educating and training employees on information security policies,
procedures, and best practices.
• Promoting a culture of security awareness and accountability throughout
the organization.
2. Processes:
• Developing and implementing information security policies, standards,
and guidelines to govern the handling of sensitive information.
• Conducting risk assessments, vulnerability assessments, and security
audits to identify and mitigate security risks.
3. Technology:
• Deploying security controls and technologies such as firewalls, intrusion
detection/prevention systems (IDS/IPS), antivirus software, and
encryption.
• Implementing security measures to protect data at rest, in transit, and in
use, including encryption, data loss prevention (DLP), and secure data
storage solutions.
 Cyber Security
• Cybersecurity is the method of protecting systems, networks,
and programs from digital attacks.
• Cybersecurity involves techniques that help and secure
various digital components Networks, data, and computer
systems from Unauthorized digital access.
• Cybersecurity, a subset of information security, is the practice
of defending your organization's cloud, networks, computers,
and data from unauthorized digital access, attack, or damage
by implementing various defense processes, technologies,
and practices.
• With the countless sophisticated threat actors targeting all
types of organizations, it's critical that your IT infrastructure is
secured at all times to prevent a full-scale attack on your
clouds, networks, or endpoints and risk exposing your
company to fines, data losses, and damage to reputation.
 Cyber Security: Key Aspects
1. Cyber Threats and Actors:
• Cyber threats include various malicious activities
and attacks aimed at compromising the security
of digital assets, such as malware, phishing,
ransomware, and denial-of-service (DoS) attacks.

• Threat actors can range from individual hackers

and cybercriminals to organized crime groups,
nation-states, and insiders with malicious intent.
 Cyber Security: Key Aspects
2.Cybersecurity Measures:
• Prevention: Implementing security controls and measures
to prevent security incidents and unauthorized access to
systems and data.
• Detection: Deploying technologies and tools to detect and
identify security breaches and suspicious activities in real-
time.
• Response: Developing incident response plans and
procedures to respond effectively to security incidents and
mitigate their impact.
• Recovery: Implementing strategies and measures to
restore systems, data, and services after a security incident
or breach.
 Cyber Security: Key Aspects
3.Cybersecurity Technologies:
• Firewalls: Network security devices that monitor and control
incoming and outgoing network traffic based on security rules.
• Antivirus/Anti-malware: Software programs that detect, prevent,
and remove malicious software (malware) from computer
systems and networks.
• Intrusion Detection/Prevention Systems (IDS/IPS): Security
solutions that monitor network traffic for signs of suspicious
activity or known attack patterns and take action to block or
mitigate threats.
• Encryption: Securely encoding data to protect it from
unauthorized access or interception during transmission or
storage.
• Multi-factor Authentication (MFA): Authentication method that
requires users to provide multiple forms of identification (e.g.,
password, security token, biometric scan) to access system
 Cyber Security: Best Practices
• Regular software patching and updates to address
security vulnerabilities and weaknesses.
• Strong password policies and password management
practices to prevent unauthorized access to accounts
and systems.
• Security awareness training for employees to educate
them about common cyber threats, phishing scams,
and safe computing practices.
• Data backup and disaster recovery plans to ensure
business continuity and minimize the impact of data
loss or system downtime.
 Cyber Security: Challenges
• Rapidly evolving threat landscape with increasingly
sophisticated cyber attacks.
• Shortage of skilled cybersecurity professionals and
resources.
• Complexity of managing and securing
interconnected systems and devices.
• Compliance with regulatory requirements and
industry standards.
 Cyber Security: Common CyberAttacks
• Phishing/Vishing/Smishing:
In the form of email, phone or SMS chats, where the threat actors start the process of
gathering data, often credentials, to let them start compromising your network.
• MitM (Man-in-the-Middle) Phish Kits:

• Pretexting:
When a threat actor impersonates an authority figure or someone that the target would
easily trust to get the person to do something they normally wouldn't.
• Baiting:
When threat actors leave a malware-infected device, such as a USB or CD, in a place where
it can be easily found by someone, who would then use the infected device on their
computer and accidentally install the malware, giving the threat actors access to the
target's system
• Quid Pro Quo:
When a threat actor requests personal information in exchange for some form of
reward, e.g., money, free gift, or a free service
 Network Security
• "Network Security" encompasses the various
measures and practices put in place to protect
computer networks from unauthorized access,
misuse, modification, or disruption.
• It involves the deployment of hardware, software,
policies, and procedures to ensure the
confidentiality, integrity, and availability of network
resources and data.
 Goals of Network Security
1. Confidentiality: Ensuring that data is accessible only to
authorized users or entities.
2. Integrity: Maintaining the accuracy and completeness of data,
ensuring that it has not been altered or tampered with.
3. Availability: Ensuring that network resources and services are
accessible and usable when needed, and protected against
denial-of-service (DoS) attacks.
4. Authentication: Verifying the identity of users, devices, or
entities attempting to access the network or its resources.
5. Authorization: Granting or denying access rights to users or
entities based on their authenticated identity and
permissions.
Aspect Information Security Network Security Cybersecurity
Focus Protecting the confidentiality, Securing computer Safeguarding digital assets and
integrity, and availability of networks and their systems against cyber threats.
information assets. components.
Scope Encompasses all forms of Specifically focuses on Broader concept that includes
information, digital and securing network both information security and
physical, regardless of traffic, data network security, along with
location or format. transmission, and additional elements related to
communication cyber threats.
channels.
Compon Data encryption, access Firewalls, intrusion Application security, cloud
ents controls, identity detection/prevention security, endpoint security,
management, security systems (IDS/IPS), security awareness training,
policies, risk management, VPNs, encryption along with elements of
compliance. protocols, network information security and
access controls. network security.
Example Encrypting sensitive customer Configuring firewall Implementing a comprehensive
data, restricting access to rules, implementing cybersecurity program with
authorized personnel, VPNs, monitoring network security measures,
conducting security audits. network traffic for information security controls,
suspicious activity. and additional layers of
protection such as endpoint
security solutions and employee
security training.
 Working of Network Security

• The basic principle of network security is

protecting huge stored data and networks in
layers that ensure the bedding of rules and
regulations that have to be acknowledged before
performing any activity on the data.

• These levels are:

– Physical Network Security
– Technical Network Security
– Administrative Network Security
 Working of Network Security
1. Physical Network Security:

• This is the most basic level that includes protecting the data and network
through unauthorized personnel from acquiring control over the
confidentiality of the network.

• The same can be achieved by using devices like biometric systems.

2. Technical Network Security:

• It primarily focuses on protecting the data stored in the network or data

involved in transitions through the network.

• This type serves two purposes. One is protected from unauthorized users,
and the other is protected from malicious activities.

3. Administrative Network Security:

• This level of network security protects user behavior like how the permission
has been granted and how the authorization process takes place.
 Need of Network Security
1. Functionality. Network security ensures the ongoing high performance of the
networks
2. Privacy and security. . Network security prevents the security breaches sensitive
information, damage a business's reputation and result in financial losses.
3. Intellectual property protection. Securing access to intellectual property related
to products, services and business strategies helps organizations maintain their
competitive edge.
4. Compliance. Complying with data security and privacy regulations,
5. Protection against cyber threats like malware, viruses, and phishing attacks.
6. Safeguarding sensitive data from unauthorized access, theft, or disclosure.
7. Prevention of unauthorized access to networks and systems.
8. Ensuring business continuity by minimizing the impact of security incidents.
9. Compliance with regulatory requirements and data security standards.
10.Preservation of reputation and customer trust.
11.Support for remote workforce security in the era of remote work.
 Challenges of Network Security
1. Evolving network attack methods.
• The biggest network security challenge is the rate at which cyber attacks evolve.
• Threat actors and their methods constantly change as technology changes.
• For example, new technology, such as blockchain, has led to new types of malware
attacks, such as cryptojacking. As a result, network security defense strategies must
adapt to these new threats.
2. User adherence.
• It can be difficult for organizations to ensure that everyone is adhering to network
security best practices, while simultaneously evolving those strategies to address the
newest threats.
3. Remote and mobile access.
• More companies are adopting bring your own device policies, which means a more
distributed and complex network of devices for organizations to protect. Remote
work is also more prevalent.
• This makes wireless security more important, as users are more likely to be using a
personal or public network when accessing company networks.
4. Third-party partners.
• Cloud providers, managed security services and security product vendors often get
access to an organization's network, opening new potential vulnerabilities.
 Types of Network Security
1. Access Control:
• Not every person should have a complete allowance for the accessibility to the
network or its data. One way to examine this is by going through each
personnel’s details.
• This is done through Network Access Control which ensures that only a handful
of authorized personnel must be able to work with the allowed amount of
resources.

2. Antivirus and Anti-malware Software:

• Antivirus software is designed to detect, prevent, and remove malicious
software. Types of scanning in network security include real-time, on-demand,
and scheduled scans
• This type of network security ensures that any malicious software does not enter
the network and jeopardize the security of the data.
• Malicious software like Viruses, Trojans, and Worms is handled by the same. This
ensures that not only the entry of the malware is protected but also that the
system is well-equipped to fight once it has entered.
 Types of Network Security
3.Cloud Security:
• This is very vulnerable to the malpractices that few unauthorized
dealers might pertain to. This data must be protected and it should
be ensured that this protection is not jeopardized by anything.
• Many businesses embrace SaaS applications for providing some of
their employees the allowance of accessing the data stored in the
cloud. This type of security ensures creating gaps in the visibility of
the data.
4. Email Security:
• Email Security is defined as the process designed to protect the
Email Account and its contents safe from unauthorized access.
• For Example, you generally see, fraud emails are automatically sent
to the Spam folder. because most email service providers have
built-in features to protect the content.
 Types of Network Security
5. Firewalls:
• A firewall is a network security device, either hardware or software-
based, which monitors all incoming and outgoing traffic and based
on a defined set of security rules accepts, rejects, or drops that
specific traffic.
• Firewalls act as a barrier between your secure internal network and
untrusted external networks. They filter incoming and outgoing
traffic based on predetermined security rules.
• A well-configured firewall can prevent unauthorized access and
data exfiltration, thereby enhancing your network’s security.
 Types of Network Security
6. Application Security:
• Application security denotes the security precautionary measures utilized at the
application level to prevent the stealing or capturing of data or code inside the
application.
• It also includes the security measurements made during the advancement and
design of applications, as well as techniques and methods for protecting the
applications whenever.

7. Intrusion Detection system(IDS) and Intrusion Prevention System (IPS):

• An intrusion Prevention System is also known as Intrusion Detection and
Prevention System. It is a network security application that monitors network or
system activities for malicious activity.
• The major functions of intrusion prevention systems are to identify malicious
activity, collect information about this activity, report it, and attempt to block or
stop it.
 Types of Network Security
8. Virtual Private Networks (VPN): Secure Your Connection
• VPNs create a secure tunnel for data transmission over the internet.
They are especially useful for remote workers and businesses with
multiple locations.

9. Behavioral analytics.
• This method analyzes network behavior and automatically detects
and alerts organizations to abnormal activities.
UNIT 7: Information Security
 Critical Characteristics of Information
1.Availability
• Availability enables authorized users—persons or computer systems—
to access information without interference or obstruction and to
receive it in the required format.
2.Accuracy
• Information has accuracy when it is free from mistakes or errors and it
has the value that the end user expects.
• If information has been intentionally or unintentionally modified, it is
no longer accurate.
• Consider, for example, a checking account. You assume that the
information contained in your checking account is an accurate
representation of your finances. Incorrect information in your
checking account can result from external or internal errors.
 Critical Characteristics of Information
3.Authenticity
• Authenticity of information is the quality or state of being
genuine or original, rather than a reproduction or
fabrication.
• Information is authentic when it is in the same state in
which it was created, placed, stored, o r transferred.
4.Confidentiality
• Information has confidentiality when it is protected from
disclosure or exposure to unauthorized individuals or
systems.
 Critical Characteristics of Information
5.Integrity
• Information has integrity when it is whole, complete, and uncorrupted.
• The integrity of information is threatened when the information is exposed to
corruption damage, destruction, or other disruption of its authentic state.
• Corruption can occur while information is being stored or transmitted.
• Many computer viruses and worms are designed with the explicit purpose of
corrupting data.
6.Utility
• The utility of information is the quality or state of having value for some
purpose or end.
• Information has value when it can serve a purpose. If information is
available, but is not in a format meaningful to the end user, it is not useful.
7.Possession
• The possession of information is the quality or state of ownership or control.
• Information is said to be in one ’s possession if one obtains it, independent of
format or other characteristics.
 Information Security
• Information Security (InfoSec) is a discipline
concerned with protecting the confidentiality,
integrity, and availability of information assets within
an organization.
• It involves the implementation of policies,
procedures, technologies, and controls to safeguard
sensitive information from unauthorized access,
disclosure, alteration, or destruction.
 Information Security
• It involves the protection of information systems and
the information processed, stored and transmitted
by these systems from unauthorized access, use,
disclosure, disruption, modification or destruction.
• This includes the protection of personal information,
financial information, and sensitive or confidential
information stored in both digital and physical forms.
Effective information security requires a
comprehensive and multi-disciplinary approach,
involving people, processes, and technology.
 Need of Information Security
1. Ensuring CIA (Confidentiality, Integrity and Availability ) of
information
• Confidentiality: Keeping sensitive information confidential
and protected from unauthorized access.
• Integrity: Maintaining the accuracy and consistency of
data, even in the presence of malicious attacks.
• Availability: Ensuring that authorized users have access to
the information they need, when they need it.
2. Protecting sensitive information:
• Information security helps protect sensitive information from
being accessed, disclosed, or modified by unauthorized
individuals.
• This includes personal information, financial data, and trade
secrets, as well as confidential government and military
information.
 Need of Information Security
3.Mitigating risk:
• By implementing information security measures,
organizations can mitigate the risks associated with cyber
threats and other security incidents

4.Better risk management:

• By understanding the potential impact of a data breach or
unauthorized disclosure, organizations can prioritize resources
and develop more effective incident response plans.

5.Compliance with regulations:

• Information security measures help ensure compliance with
these regulations, reducing the risk of fines and legal liability.
 Need of Information Security
6.Protecting reputation:
• Security breaches can damage an organization’s reputation
and lead to lost business. Effective information security can
help protect an organization’s reputation by minimizing the
risk of security incidents.
7.Ensuring business continuity:
• Information security helps ensure that critical business
functions can continue even in the event of a security
incident.
8.Improved incident response:
• By having a clear understanding of the criticality of specific
data, organizations can respond to security incidents in a
more effective and efficient manner.
Objectives of InfoSec: CIA Traid
 1.Confidentiality
• Means information is not disclosed to unauthorized individuals,
entities and process.
• The data being sent over the network should not be accessed by
unauthorized individuals. The attacker may try to capture the
data using different tools available on the Internet and gain
access to your information.
• A primary way to avoid this is to use encryption techniques to
safeguard your data so that even if the attacker gains access to
your data, he/she will not be able to decrypt it.
 2.Integrity
• means maintaining accuracy and completeness of data.
• This means data cannot be edited in an unauthorized
way.
• Well, the idea here is to make sure that data has not
been modified.
• Corruption of data is a failure to maintain data integrity.
• To check if our data has been modified or not, we make
use of a hash function.
 3.Availability
• This means that the network should be readily available to its
users. This applies to systems and to data.
• Attacks such as DoS or DDoS may render a network unavailable
as the resources of the network get exhausted. The impact may
be significant to the companies and users who rely on the
network as a business tool. Thus, proper measures should be
taken to prevent such attacks.
• Denial of service attack is one of the factor that can hamper the
availability of information.
 Additional Objectives
4.Non repudiation –
• means one party cannot deny receiving a message or a transaction nor can
the other party deny sending a message or a transaction.
5.Authenticity –
• means verifying that users are who they say they are and that each input
arriving at destination is from a trusted source.
• This principle if followed guarantees the valid and genuine message received
from a trusted source through a valid transmission.
• For example if take above example sender sends the message along with
digital signature which was generated using the hash value of message and
private key. Now at the receiver side this digital signature is decrypted using
the public key generating a hash value and message is again hashed to
generate the hash value. If the 2 value matches then it is known as valid
transmission with the authentic or we say genuine message received at the
recipient side
6. Access Control
• It limits the unauthorized access
Balancing Security and Access
• It is impossible to obtain perfect security - it is
not an absolute; it is a process
• Security should be considered a balance
between protection and availability
• To achieve balance, the level of security must
allow reasonable access, yet protect against
threats
Balancing Security and
Access
Approach to Approaches toImplementation
Information Security Security
Implementation
 Bottom Up Approach
• Security from a grass-roots effort - systems
administrators attempt to improve the security of
their systems
• Key advantage - technical expertise of the
individual administrators
• Seldom works, as it lacks a number of critical
features:
– participant support
– organizational staying power
 Top-down Approach
• Initiated by upper management:
– issue policy, procedures, and processes
– dictate the goals and expected outcomes of the
project
– determine who is accountable for each of the required
actions
• This approach has strong upper management
support, a dedicated champion, dedicated
funding, clear planning, and the chance to
influence organizational culture
 CNSS Security Model

66
CNSS: (United States) Committee on National Security Systems
Threats to Information Security
Threats
Types of Threats
Types of Threats
Types of Threats
Types of Threats
Types of Threats
Types of Threats
Types of Threats
Types of Threats
Types of Threats
Deliberate Software Attacks
Deliberate Software Attacks
Deliberate Software Attacks
Deliberate Software Attacks
Deliberate Software Attacks
Deliberate Software Attacks
Deliberate Software Attacks
Deliberate Software Attacks
Deliberate Software Attacks
Deliberate Software Attacks
 Malwares
• Malware is a combination of 2 terms- Malicious and
Software.
• So Malware basically means malicious software that
can be an intrusive program code or anything that is
designed to perform malicious operations on system
 Malwares
• Virus –
• They have the ability to replicate themselves by hooking them to the
program on the host computer like songs, videos etc and then they
travel all over the Internet.
• The Creeper Virus was first detected on ARPANET. Examples include
File Virus, Macro Virus, Boot Sector Virus, Stealth Virus etc.
• Worms –
• Worms are also self-replicating in nature but they don’t hook
themselves to the program on host computer.
• Biggest difference between virus and worms is that worms are
network-aware.
• They can easily travel from one computer to another if network is
available and on the target machine they will not do much harm, they
will, for example, consume hard disk space thus slowing down the
computer.
 Malwares
• Trojan –
• Their purpose is to conceal themselves inside the software that seem
legitimate and when that software is executed they will do their task
of either stealing information or any other purpose for which they are
designed.
• They often provide backdoor gateway for malicious programs or
malevolent users to enter your system and steal your valuable data
without your knowledge and permission. Examples include FTP
Trojans, Proxy Trojans, Remote Access Trojans etc.
• Bots –:
• can be seen as advanced form of worms. They are automated
processes that are designed to interact over the internet without the
need for human interaction.
• They can be good or bad. Malicious bot can infect one host and after
infecting will create connection to the central server which will
provide commands to all infected hosts attached to that network
called Botnet.
 Malwares
Adware – Adware is not exactly malicious but they do breach privacy of the users.
• They display ads on a computer’s desktop or inside individual programs.
Spyware – It is a program or we can say software that monitors your activities on
computer and reveal collected information to an interested party.
• Spyware are generally dropped by Trojans, viruses or worms. Once dropped
they install themselves and sits silently to avoid detection.
• One of the most common example of spyware is KEYLOGGER. The basic job of
keylogger is to record user keystrokes with timestamp. Thus capturing
interesting information like username, passwords, credit card details etc.
Ransomware – It is type of malware that will either encrypt your files or will lock
your computer making it inaccessible either partially or wholly. Then a screen will be
displayed asking for money i.e. ransom in exchange.
Rootkits – are designed to gain root access or we can say administrative privileges in
the user system. Once gained the root access, the exploiter can do anything from
stealing private files to private data.
Zombies – They work similar to Spyware. Infection mechanism is same but they don’t
spy and steal information rather they wait for the command from hackers.
 Information Security Implementation:
OSI Security Architecture
• It consider three aspects of information
security:
Information Security Implementation:
OSI Security Architecture
➢ Security attack – Any action that compromises the
security of information owned by an organization.
➢ Security mechanism – A mechanism that is designed to
detect, prevent or recover from a security attack.
➢ Security service – A service that enhances the security of
the data processing systems and the information transfers
of an organization. The services are intended to counter
security attacks and they make use of one or more security
mechanisms to provide the service.
 Security Attack

• There are two types of

attacks.
– 1.Active attacks
– 2.Passive attacks
 Active Attack
•An active attack is a type of security threat where the attacker
takes deliberate actions to alter, disrupt, or destroy the normal
operation of a system or network.
•These attacks involve direct and aggressive actions aimed at

compromising the confidentiality, integrity, or availability of

information assets.
•Active attacks typically involve unauthorized access,
manipulation of data, injection of malicious code, or disruption of
services.
•Examples of active attacks include malware infections, denial-of-

service (DoS) attacks, distributed denial-of-service (DDoS)

attacks, and exploitation of software vulnerabilities.
 Passive Attack
• A passive attack is a type of security threat where the
attacker eavesdrops on or monitors communication
between parties without altering or disrupting it.
• These attacks are often more covert and stealthy,
focusing on gathering sensitive information without
the victim's knowledge.
• Passive attacks aim to intercept confidential data,
such as passwords, financial information, or
intellectual property, for malicious purposes or
espionage.
•
Active Attacks
 Masquarede
➢ Masquerade attack is a type of security threat where an
attacker impersonates a legitimate user, system, or entity to
gain unauthorized access to resources, information, or
privileges
➢ One entity pretends to be a different entity.
 Masquarede
➢ Masquerade attacks often involve exploiting vulnerabilities in
authentication mechanisms, such as weak passwords, stolen
credentials, or compromised accounts.
➢ It is generally done by using stolen IDs and passwords or through
bypassing authentication mechanism
➢ A common example of a masquerade attack is when an attacker steals
login credentials (e.g., username and password) from a legitimate user
and uses them to access the user's account without their Knowledge
 Replay
➢ This attack involves capturing a copy of the message sent by the
original sender and retransmitting it later to bring an unauthorized
result.
➢ In a replay attack, the attacker captures data packets or authentication
credentials exchanged between legitimate parties during a
communication session.
➢ The attacker then replays or resends these captured data packets or
credentials to the target system, without any modifications, to
impersonate the legitimate user or gain unauthorized access.
Replay
 Modification

➢ A modification of message attack, also known as message

tampering or data manipulation attack, is a type of security
threat where an attacker intercepts and alters the content of
data packets or messages exchanged between legitimate
parties during communication
➢ Some portion of message is altered or the messages are
delayed or recorded, to produce an unauthorized effect.
➢ For example, a message meaning "Allow John Smith to read
confidential file accounts" is modified to mean "Allow Fred
Brown to read confidential file accounts."
Modification
 Denial of Service (DOS)
➢ A denial-of-service (DoS) is a form of cyberattack that prevents
legitimate users from accessing a computer or network.
➢ DoS refers to a type of attack where an attacker floods a
system, network, or service with a high volume of traffic or
requests, rendering it unavailable to legitimate users.
➢ In a DoS attack, rapid and continuous online requests are sent
to a target server in order to overload the server’s bandwidth.
➢ The goal of a DoS attack is to disrupt the availability of
resources or services, typically by overwhelming the target with
excessive traffic, consuming network bandwidth, or exhausting
system resources such as CPU, memory, or disk space.
➢ Another form of service denial is the disruption of an entire
network, either by disabling the network or overloading it with
messages so as to degrade performance.
Denial of Service (DOS)
 Passive Attack
➢ Passive attacks are those where the attacker indulges in
eavesdropping or monitoring of data transmission.
➢ Passive attacks do not involve any modifications to the contents
of an original message.
➢ Passive attacks are very difficult to detect because they do not
involve any alteration of the data.
➢ Thus, the emphasis in dealing with passive attacks is on
prevention rather than detection.

➢ There are two types of passive attacks.

1. Release of message contents and
2. Traffic analysis.
Reading of message contents/Eavesdropping
➢ The release of message contents is a type of attack that
analyzes and read the message delivered between senders to
receiver.
➢ This involves the attacker intercepting and listening to
communications between two or more parties without their
knowledge or consent. Eavesdropping can be performed using
a variety of techniques, such as packet sniffing, or man-in-the-
middle attacks.
➢ A telephone conversation, an electronic mail message, or a
transferred file may contain sensitive or confidential
information.
Reading of message contents/Eavesdropping
 Traffic Analysis
➢ This involves the attacker analyzing network traffic patterns
and metadata to gather information about the system,
network, or device.
➢ Here the intruder can’t read the message but only understand
the pattern and length of encryption.
➢ In this type of attack, an intruder observes the frequency and
length of msg. being exchanged between communicating
nodes.
➢ Attacker can then use this information for guessing the
communication
Traffic Analysis
 Security Mechanism
➢ The mechanism that is built to identify any breach of security or
attack on the organization, is called a security mechanism.

➢ Security Mechanisms are also responsible for protecting a system,

network, or device against unauthorized access, tampering, or
other security threats.

➢ Security mechanisms can be implemented at various levels within

a system or network and can be used to provide different types of
security, such as confidentiality, integrity, or availability.
Security Mechanism
 Security Mechanism
Encipherment:
➢ This refers to the transformation of the message or data
with the help of mathematical algorithms.
➢ The main aim of this mechanism is to provide
confidentiality.
➢ The two techniques that are used for encipherment are
o cryptography and
o steganography.
 Security Mechanism
Data integrity:
➢ This refers to the method of ensuring the integrity of
data.
➢ For this, the sender computes a check value by applying
some process over the data being sent, and then
appends this value to the data.
➢ On receiving the data, the receiver again computes the
check value by applying the same process over the
received data. If the newly computed check value is
same as the received one, then it means that the
integrity of data is preserved.
 Security Mechanism
Digital signature:
➢ This refers to the method of electronic signing of data by the
sender and electronic verification of the signature by the
receiver.
➢ It provides information about the author, date and time of the
signature, so that the receiver can prove the sender's identity.

Authentication exchange:
➢ This refers to the exchange of some information between two
communicating parties to prove their identity to each other.

Traffic padding:
➢ This refers to the insertion of extra bits into the stream of data
traffic to prevent traffic analysis attempts by attackers.
 Security Mechanism
Routing control:
➢ This refers to the selection of a physically secured route for data
transfer.
➢ It also allows changing of route if there is any possibility of
eavesdropping on a certain route.

Notarization:
➢ This refers to the selection of a trusted third party for ensuring
secure communication between two communicating parties.

Access control:
➢ It refers to the methods used to ensure that a user has the right to
access the data or resource.
 Security Service/ Principles of Security
Confidentiality:
➢ The principle of confidentiality specifies that only the sender

and the intended recipient(s) should be able to access the

contents of a message.
➢ Confidentiality /gets compromised if an unauthorized person

is able to access a message.

➢ Example: Suppose a confidential email message sent by user

A to user B, which is accessed by user C without the

permission or knowledge of A and B. This type of attack is
called interception.
➢ Interception causes loss confidentiality.
 Security Service/ Principles of Security
Integrity
➢ When the contents of a message are changed after the sender

sends it, but before it reaches the intended recipient, we say

that the integrity of the message is lost.
➢ For example, consider that user A sends message to user B. User

C tampers with a message originally sent by user A, which is

actually meant for user B. User C change its contents and send
the changed message to user B. User B has no way of knowing
that the contents of the message changed after user
➢ This type of attack is called modification.
➢ Modification causes of loss of message integrity.
 Security Service/ Principles of Security
Availability:
➢ The principle of availability is that resources should be available

to authorized parties at all times.

➢ For example, due to the intentional actions of an unauthorized

user C, an authorized user A may not be able to contact a server

B. This would defeat the principle of availability. Such an attack
is called interruption.
➢ Interruption causes loss of availability.

Non repudiation
➢ Requires that neither the sender nor the receiver of a message

be able to deny the transmission.

Access control:
➢ Access control determines and controls who can access what. It

regulates which user has access to the resource, under what

circumstances.
 Security Service/ Principles of Security
Authentication
➢ Authentication mechanism helps to establish proof of
identities.
➢ The authentication process ensures that the origin of a
electronic message or document is correctly identified. This
concept is shown in figure.
• Fabrication is possible in absence of proper authentication
mechanisms
 Active Vs Passive Attack
Aspect Active Attack Passive Attack
Definition In active attacks, the attacker In passive attacks, the attacker
intercepts the connection and observes the messages, then copy
efforts to modify the message's and save them and can use it for
content. malicious purposes.

Nature Involves direct and deliberate Involves passive monitoring or

actions by the attacker to alter or eavesdropping on communication
disrupt systems or networks. channels without altering data.

Objective Aims to achieve specific malicious Aims to intercept sensitive

outcomes such as unauthorized information exchanged between
access, data manipulation, or legitimate parties without raising
service disruption. suspicion.

Purpose The purpose of an active attack is The purpose of an passive attack is

to harm the ecosystem. to learn the ecosystem.
 Active Vs Passive Attack
Aspect Active Attack Passive Attack
Detection Often more detectable as they Typically more difficult to detect as
involve noticeable changes to system they involve passive observation of
behavior, network traffic patterns, or communication without altering
user interactions. data.
System In active attacks, the system In passive attacks, the system
resources resources can be changed. resources remain unchanged.

Impact Can have immediate and visible May have subtler and longer-term
impacts such as service disruptions, impacts such as data breaches,
data breaches, financial losses, or identity theft, or unauthorized
reputational damage. access to systems.

Dangerou They are dangerous for the integrity They can be dangerous for
s for and availability of the message. confidentiality of the message.

Examples Denial-of-Service (DoS) attacks, Eavesdropping, packet sniffing,

malware infections, SQL injection, traffic analysis, cryptanalysis.
man-in-the-middle (MitM) attacks,
phishing scams.
Fundamental Security Design Principles
 Fundamental Security Design Principles
Principle of Economy of Mechanism:
➢ The principle of economy of mechanism states that a system should be
designed to minimize the number of distinct components (Eg. processes,
machines, nodes, etc.) that must interact to perform a given task.
➢ The design of a security system should be as simple and efficient as
possible.
➢ This principle is based on the idea that the more complex a security system
is, the more opportunities there are for attackers to exploit vulnerabilities.
Principle of Fail-Safe Defaults:
➢ Fail-safe defaults are security settings that are configured to prevent
unauthorized access or use of resources.
➢ By default, all users should have the least amount of privileges necessary to
perform their job function.
 Fundamental Security Design Principles
Principle of Complete Mediation:
➢ Security design principles should be comprehensive and address all
potential security risks.
➢ It should be integrated into the overall design of the system and
implemented in a way that minimizes the impact on performance and
usability.
Principle of Open Design:
➢ Open design is a security design principle that advocates for the openness
of security systems.
➢ The principle of open design states that security systems should be
designed in such a way that they can be easily inspected, analyzed, and
modified by anyone with the necessary skills and knowledge.
 Fundamental Security Design Principles

Principle of Separation of Privilege:

➢ The principle of separation of privilege states that a user
should not be able to access all areas of a system. This
principle is designed to protect systems from unauthorized
access and to prevent users from accidentally or deliberately
damaging system resources.
Principle of Least Privilege:
➢ The principle of least privilege is a security design principle
that requires that users be given the bare minimum
permissions necessary to perform their tasks. So, this principle
is also sometimes referred to as the principle of least
authority.
 Fundamental Security Design Principles

Principle of Least Common Mechanism:

➢ The principle of least common mechanism states that security
should be designed so that there is a minimum number of
mechanisms that are shared by all users.
➢ This principle is important because it reduces the chances that
a security flaw will be exploited by more than one user.
Principle of Psychological Acceptability:
➢ The psychological acceptability of security design principles
refers to the extent to which users are willing to accept and
comply with the security measures implemented in a system.
➢ The principle is based on the idea that security measures must
be designed in a way that takes into account the psychological
factors that influence users’ decisions to accept and comply
with them.
 Fundamental Security Design Principles
Isolation
➢ Public access systems should be isolated from critical resources
(data, processes, etc.) to prevent disclosure or tampering.
➢ In cases where the sensitivity or criticality of the information is
high, organizations may want to limit the number of systems
on which that data is stored and isolate them, either physically
or logically.
Encapsulation
➢ can be viewed as a specific form of isolation based on object-
oriented functionality
Modularity
➢ refers both to the development of security functions as
separate, protected modules and to the use of a modular
architecture for mechanism design and implementation
 Fundamental Security Design Principles

Layering
➢ refers to the use of multiple, overlapping protection
approaches addressing the people, technology, and
operational aspects of information systems

Least astonishment
➢ means that a program or user interface should always respond
in the way that is least likely to astonish the user
A Network Security Model
 A Network Security Model
• Network Security Model exhibits how the security service has
been designed over the network to prevent the opponent from
causing a threat to the confidentiality or authenticity of the
information that is being transmitted through the network.
• This model shows that there are four basic tasks in designing a
particular security service:
1. Design an algorithm for performing the security-related transformation.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of secret information.
4. Specify a protocol to be used by the two principals that make use of the
security algorithm and the secret information to achieve a particular
security service.
 A Network Security Model
Any security service would have the three components
• 1. Transformation of the information which has to be sent to the receiver. So,
that any opponent present at the information channel is unable to read the
message. This indicates the encryption of the message.
• 2. Sharing of the secret information (encryption key ) between sender and
receiver of which the opponent must not have any clue.
• 3. There must be a trusted third party which should take the responsibility
of distributing the secret information (key) to both the communicating parties
and also prevent it from any opponent.
Network Access Security Model
Network Access Security Model
• Network access security model is designed to secure the
information system which can be accessed by the attacker
through the network.
• The attackers try to attack our system that is accessible
through the internet. These attackers fall into two categories:
– 1. Hacker: The one who is only interested in penetrating into your system. They
do not cause any harm to your system they only get satisfied by getting access to
your system.
– 2. Intruders: These attackers intend to do damage to your system or try to obtain
the information from the system which can be used to attain financial gain.

• To Protect Our system from the attacker gatekeeper is

introduced
• Introducing gatekeeper function means introducing login-
id and passwords which would keep away the unwanted
access. Also using firewall and antivirus prevents unwanted
access to the system
 Assignment-1
1. Explain Information Security, Cyber security and
Network security in detail.
2. What are different types of Network Security?
3. Define Information Security. Why Information Security
is required? Explain objectives of Information Security.
4. What is security Threat? Explain different information
security threats.
5. Explain Deliberate Software attack.
6. How Information Security is Implemented? Explain with
OSI Security Architecture
7. Differentiate Active and Passive Attack with proper
examples.
8. Explain Network Security model and Network access
security model.
 Review
• Which of the following is NOT a
fundamental goal of information security?
a) Confidentiality
b) Integrity
c) Accessibility
d) Availability
 Review
• What type of attack involves an attacker
eavesdropping on network communication
to capture sensitive information?
a) Man-in-the-Middle (MITM) attack
b) Denial-of-Service (DoS) attack
c) Phishing attack
d) SQL injection attack
 Review
• What type of attack involves flooding a
network or system with excessive traffic to
disrupt normal operation?
a) Brute force attack
b) Social engineering attack
c) Denial-of-Service (DoS) attack
d) Cross-site scripting (XSS) attack
 Review
• Which security measure involves encoding
data in such a way that only authorized
parties can decipher it?
a) Authentication
b) Authorization
c) Encryption
d) Integrity validation
 Review
• Which of the following usually observe
each activity on the internet of the victim,
gather all information in the background,
and send it to someone else?
a) Malware
b) Spyware
c) Adware
d) All of the above
 Review
• Which of the following refers to the
violation of the principle if a computer is no
more accessible?

a) Access control
b) Confidentiality
c) Availability
d) All of the above
 Review
• Which one of the following refers to the
technique used for verifying the integrity of
the message?

a) Digital signature
b) Decryption algorithm
c) Protocol
d) Message Digest
 Review
• Which one of the following is also referred
to as malicious software?

a) Maliciousware
b) Badware
c) Ilegalware
d) Malware
 Review
• Which type of malware is designed to
encrypt files on a victim's system and
demand payment for decryption?
– a) Virus
– b) Worm
– c) Trojan horse
– d) Ransomware
 Review
• Which of the following is a principle of
least privilege?
– a) All users should have full access to all resources
– b) Users should only have access to the resources necessary for
their roles
– c) Access control should be based on user identities
– d) Access to resources should be controlled by access control
lists
 Review
• Which of the following is a type of network
attack that involves flooding a network with
excessive traffic to disrupt normal
operation?
– a) Brute force attack
– b) Phishing attack
– c) Denial-of-Service (DoS) attack
– d) Man-in-the-Middle (MITM) attack
 Review
• A ____________ can be a hardware
device or a software program that filters all
the packets of data that comes through a
network, the internet, etc.
– a. Firewall
– b. Antivirus
– c. Malware
– d. Cookies
END of UNIT 7

Thank You.