to add or delete entries, and then forwards the message to E, which accepts the message as coming

from manager D and updates its authorization file accordingly. Fig 1.2 Example 2 3. Rather than
intercept a message, user F constructs its own message with the desired entries and transmits that
message to E as if it had come from manager D. Computer E accepts the message as coming from
manager D and updates its authorization file accordingly. 4. A message is sent from a customer to a
stockbroker with instructions for various transactions. Subsequently, the investments lose value and
the customer denieart of computer) Integrity: This term covers two related concepts: Data integrity:
Assures that information and programs are changed only in a specified and authorized manner.
System integrity: Assures that a system performs its intended function in an unimpaired manner,
free from deliberate or inadvertent unauthorized manipulation of the system. 3)Availability: Assures
that systems work promptly and service is not denied to authorized users. These three concepts
form what is often referred to as the CIA triad (Figure 1.1). The three concepts embody the
fundamentatream and can be subdivided into four categories: masquerade, replay, modification of
messages, and denial of service. A masquerade takes place when one entity pretends to be a
different entity (Figure 1.7). A masquerade attack usually includes one of the other forms of active
attack. For example, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few privileges to
obtain extra privileges by impersonating an entity that has those privileges. Replay involves the
passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect
(Figure 1.8). Modification of messages simply means that some portion of a legitimate message is
altered, or that messages are delayed or reordered, to produce an unauthorized effect (Figure 1.9).
For example, a message meaning “Allow John Smith to read confidential file accounts” is modified to
mean “Allow Fred Brown to read confidential file accounts.” The denial of service prevents or
inhibits the normal use or management of communications facilities (Figure 1.10). This attack may
have a specific target; for example, an entity may suppress all messages directed to a particular
destination (e.g., the security audit service). Another form of service denial is the disruption of an
entire network—either by disabling the network or by overloading it with messages so as to degrade
performance. Security aspects come into play when it is necessary or desirable to protect the
information transmission from an opponent who may present a threat to confidentiality,
authenticity, and so on. All of the techniques for providing security have two compl security objWith
a DoS attack, a hacker attempts to render a network or an Internet resource, such as a web server,
worthless to users. A DoS attack typically achieves its goal by sending large amounts of repeated
requests that paralyze the network or a server. A common form of a DoS attack is a SYN flood, where
the server is overwhelmed by embryonic connections. A hacker sends to a server countless
Transmission Control Protocol (TCP) synchronization attempts known as SYN requests. The server
answers each of those requests with a SYN ACK reply and allocates some of its computing resources
to servicing this connection when it becomes a "full connection." Connections are said to be
embryonic or half-opened until the originator completes the three-way handshake with an ACK for
each request originated. A server that is inundated with half-opened connections soon runs out of
resources to allocate to upcoming connection requests, thus the expression "denial of service
attack." The following sidebars provide the anatomy oreceiver must also be mutually agreeing to the
sharing of the message. Now, the transmission of a message from sender to receiver needs a
medium i.e. Information channel which is an Internet service. A logical route is defined through the
network (Internet), from sender to the receiver and using the communication protocols both the
sender and the receiver established communication. Any security service would have the three
components discussed below: 1. Transformation of the information which has to be sent to the
receiver. So, that any opponent present at the information channel is unable to read the message.
This indicates the encryption of the message. It also includes the addition of code during the
transformation of the information which will be used in verifying the identity of the authentic
receiver. 2. Sharing of the secret information between sender and receiver of which the opponent
must not any clue. Yes, we are talking of the encryption key which is used during the encryption of
the message at the sender’s end and also during the decryption of message at receiver’s end. 3.
There must be a trusted third party which should take the responsibility of distributing the secret
information (key) to both the communicating parties and also preThe network security model
presents the two communicating parties sender and receiver who mutually agrees to exchange the
information. The sender has information to share with the receiver. But sender cannot send the
message on the information cannel in the readable form as it will have a threat of being attacked by
the opponent. So, before sending the message through the information channel, it should be
transformed into an unreadable format. Secret information is used while transforming the message
which will also be required when the message will be retransformed at the recipient side. That’s why
a trusted third party is required which would take the responsibility of distributing this secret
information to both the parties involved in communication. So, considering this general model of
network security, one must consider the following four tasks while designing the security model. 1.
To transform a readable message at the sender side into an unreadable format, an appropriate
algorithm should be designed such that it should be difficult for an opponent to crack that security
algorithm. 2. Next, the network security model designer is conc