Network Security Aspects & Threats

Lecture - 3
Subject – Network Security & Cryptography
Class – B.E IT 5th Sem

by
Dr. Krishan Saluja

University Institute of Engineering & Technology

Panjab University, Chandigarh
 Network Security Aspects

Network Security Aspects :

Confidentiality
Network Security Definition: Protection
Identification
of networks and their services from
Authentication
Authorization unauthorized modification, destruction
Access Control , or disclosure , and provision of
Message Integrity assurance that the network
Non-repudiation
performs its critical functions
Freshness
correctly
Availability
 Identification
• Something which uniquely identifies a
user and is called UserID.
• Sometime users can select their ID as
long as it is given too another user.
• UserID can be one or combination of
the following:
– User Name
– User Student Number
– User SSN
 Confidentiality

• Assurance that sensitive

information is not visible to an
eavesdropper. This is usually
achieved using encryption.
Loss of Confidentiality
 Authentication
• The process of verifying the identity of
a user
• Typically based on
– Something user knows
• Password

– Something user have

• Key, smart card, disk, or other device

– Something user is
• fingerprint, voice, or retinal scans
Authentication
Absence of Authentication
 Authorization

• The process of assigning access right

to user
 Access Control
• The process of enforcing access right
• and is based on following three entities
– Subject
• is entity that can access an object

– Object
• is entity to which access can be controlled

– Access Right
• defines the ways in which a subject can access an object.
 Message Integrity

• Assurance that the message that

arrives is the same as when it was
sent.
Message Integrity
Loss of Message Integrity
 Non-repudiation

• Assurance that any transaction

that takes place can subsequently
be proved to have taken place.
Both the sender and the receiver
agree that the exchange took
place.
Establishing Non-repudiation

I never sent that message,

which you claim to have
received
Availability
Attack on Availability
 Information Security

Information security means protecting information and information systems from

unauthorized access, use, disclosure, disruption, modification, or destruction.

Confidentiality
Message Integrity

Availability

Information security differs from

cybersecurity in that InfoSec aims to keep
data in any form secure, whereas
cybersecurity protects only digital data.
 Confidentiality

Confidentiality is probably the most common aspect of

information security. We need to protect our confidential
information. An organization needs to guard against those
malicious actions that endanger the confidentiality of its
information.
 Integrity

Information needs to be changed constantly. Integrity means

that changes need to be done only by authorized entities and
through authorized mechanisms.
 Availability

The information created and stored by an organization needs

to be available to authorized entities. Information needs to
be constantly changed, which means it must be accessible to
authorized entities.
Security Service
 is something that enhances the security of the
data processing systems and the information
transfers of an organization
 intended to counter security attacks
 make use of one or more security mechanisms
to provide the service
 replicate functions normally associated with
physical documents
 eg. have signatures, dates; need protection from
disclosure, tampering, or destruction; be notarized or
witnessed; be recorded or licensed
Security Mechanism
 a mechanism that is designed to detect, prevent, or
recover from a security attack
 no single mechanism that will support all functions
required
 however one particular element underlies many of the
security mechanisms in use: cryptographic techniques
 specific security mechanisms:
 encipherment, digital signatures, access controls, data

integrity, authentication exchange, traffic padding,

routing control, notarization
Security Attack
 any action that compromises the security of
information owned by an organization
 Network security is about how to prevent
attacks, or failing that, to detect attacks on
network-based systems
 have a wide range of attacks
 can focus of generic types of attacks
 note: often threat & attack mean same
 Vulnerability vs Threat vs Attack

A vulnerability is a weakness which

can be exploited by an attacker
The threat by definition is a
condition/circumstance which can
cause damage to the system/asset.
Attack by definition, is an intended
action to cause damage to system/asset.
Types of Threats
 Classify Security Attacks
 passive attacks - eavesdropping on, or monitoring
of, transmissions to:
 obtain message contents, or
 monitor traffic flows
 active attacks – modification of data stream to:
 masquerade of one entity as some other
 replay previous messages
 modify messages in transit
 denial of service
Threat to CIA
 Attacks Threatening Confidentiality

Snooping refers to unauthorized access to or

interception of data.

Traffic analysis refers to obtaining some other type of

information by monitoring online traffic.
 Attacks Threatening Integrity

Modification means that the attacker intercepts the message

and changes it.

Masquerading or spoofing happens when the attacker

impersonates somebody else.

Replaying means the attacker obtains a copy

of a message sent by a user and later tries to replay it.

Repudiation means that sender of the message might later

deny that she has sent the message; the receiver of the
message might later deny that he has received the message.
 Attacks Threatening Availability

Denial of service (DoS) is a very common

attack. It may slow down or totally interrupt
the service of a system.
 Passive Attacks
Have “passive attacks” which
Passive Intruder
attempt to learn or make use of information
from the system but does not affect system
resources.
By eavesdropping on, or monitoring of,
transmissions to:
+ obtain message contents , or
+ monitor traffic flows
Are difficult to detect because they do not
involve any alteration of the data.
 Packet sniffing

 broadcast media
 promiscuous NIC (network interface card) reads all packets passing
by
 can read all unencrypted data (e.g. passwords)
 e.g.: C sniffs B’s packets

A C

src:B dest:A payload

B
Packet Sniffing
 Recall how Ethernet works …
 When someone wants to send a packet to
some else …
 They put the bits on the wire with the
destination MAC address …
 And remember that other hosts are listening
on the wire to detect for collisions …
 It couldn’t get any easier to figure out what
data is being transmitted over the network!
35
Packet Sniffing
 This works for wireless too!
 In fact, it works for any broadcast-
based medium

36
Packet Sniffing
 What kinds of data can we get?
 Asked another way, what kind of
information would be most useful to a
malicious user?
 Answer: Anything in plain text
 Passwords are the most popular

37
 Active Attacks
Also have “active attacks” which Active Intruder
attempt to alter system resources or affect
their operation.
By modification of data stream to:
+ masquerade of one entity as
some other
+ replay previous messages
+ modify messages in transit
+ denial of service
TCP Attacks (Session Hijacking and
Masquerading)

 Say hello to Alice, Bob and Mr. Big Ears

39
TCP Attacks (Session Hijacking and
Masquerading)

 Alice and Bob have an established TCP

connection

40
 TCP Attacks (Session Hijacking and
Masquerading)

 Mr. Big Ears lies on the path between Alice

and Bob on the network
 He can intercept all of their packets

41
TCP Attacks (Session Hijacking and
Masquerading)

 First, Mr. Big Ears must drop all of

Alice’s packets since they must not be
delivered to Bob (why?)

Packets

The Void

42
TCP Attacks (Session Hijacking and
Masquerading)

 Then, Mr. Big Ears sends his malicious

packet with the next ISN (sniffed from
the network)

ISN, SRC=Alice

43
 Social Engineering Attack
 People can be just as dangerous as
unprotected computer systems
 People can be lied to, manipulated, bribed,
threatened, harmed, tortured, etc. to give up
valuable information
 Most humans will breakdown once they are
at the “harmed” stage, unless they have
been specially trained
 Think government here…
44
 Social Engineering Attacks

 There aren’t always solutions to all of these

problems
 Humans will continue to be tricked into giving out
information they shouldn’t
 Educating them may help a little here, but, depending on
how bad you want the information, there are a lot of bad
things you can do to get it
 So, the best that can be done is to implement a wide
variety of solutions and more closely monitor who
has access to what network resources and
information
 But, this solution is still not perfect
Security Terminology
 Security related URLs
 http://www.robertgraham.com/pubs/network
-intrusion-detection.html
 http://online.securityfocus.com/infocus/1527
 http://www.snort.org/
 http://www.cert.org/
 http://www.nmap.org/
 http://grc.com/dos/grcdos.htm
 http://lcamtuf.coredump.cx/newtcp/
Thank You !
 Feedback is welcome !

 Any suggestions !

 Any Queries !