Data & Comp Network Security

Final Summary
1- Client & Server =>
Client Server
an entity that consists of an operating a passive machine (only responds to
system and a collection of programs to inquiries or requests from clients)
perform a set of function which provides one or more services
that may range from minimal server-
based computing.

2- Components of a Client/Server Network =>

3- Classes of security risks =>

Security risks can be divided into 3 categories:
1. Breaching Secret Data
2. Unauthorized Logons
3. Denial of Service
4- Security Concepts =>
1. Identification => Users are identified to a computer or an application
through a user identifier or user-id.
2. Authentication => used to verify the identity of user. This verification
requires the exchange of shared secrets between the user and the
application.
3. Authorization => Process of giving access rights to each user ID.
The access rights include specification, such as whether the user is
permitted to read, write, or update a given file.
 4. Access Control => Process of enforcing access rights for network
resources. Access control grants or denies permission to a given user for
accessing a resource and protects resources by limiting access to only
authenticated and authorized users.
5. Confidentiality => Process used to protect secret information from
unauthorized disclosure. Secret data needs to be protected when it is
stored or when it is being transmitted over the network.
6. Data Integrity => allows detection of unauthorized modification of data.
7. Non-repudiation => Provide a proof of the origin of data or of the delivery
of data. It protects against any attempt by the sender to falsely deny
sending the data, or the recipient to falsely deny receiving the data.
8. Denial of Service => A denial of service attack is one in which the attacker
takes over or consumes a resource so that no one else can use it.

5- Attack Types =>

 CH2
1- Logon Process (Login) ‫متحفظهاش افهمها‬ =>
 The user sends the password to the application.
 The application uses the ID to index into application's database of IDs and
passwords.
 The application compares the password it received from the user to the one
retrieved from its ID-password database.
 If the two matches, the user is logged on to the application / otherwise the
application informs the user that the password or the ID is invalid.
2- Authentication => process of verifying something such as user's identity.
Authentication establishes an association between (User / Server) :
users can be authenticated based on one or more of the following:
 Something the user knows : such as a PIN, password or a key
 Something the user has : such as a smart card
 Something the user is : such as fingerprint or another method

3- Token Cards => user is given a token card that shares a secret key with the
system. This key is called the shared secret key. card displays a number that
changes over time and uses the shared secret key.
The user authentication is achieved as follows:
1- user provides the system with the ID and with number displayed by token card.
2- system computes a number using the received ID & share secret key.
3- If the number calculated by the system matches that entered by the user, then
the user is accepted as the legitimate user and the authentication process is
completed.
4- Characteristics of user authentication =>
physiological characteristics behavioral characteristics
include fingerprints, handprints and such as vocal patterns, signature, and
retinal patterns. keystroke typing patterns

5- Password Guessing => Individual passwords can be guessed as analyzed

the easy passwords. Collected lists of passwords from several persons, totaling
about 15.000 passwords and the potential words used to match the passwords.
6- Limited Attempts => Many systems limit unsuccessful attempts to log on;
typically this limit is set at 3 or 6 , When the limit is reached, the system locks out
the particular user ID and denies any more logon attempts.
 locked-out user ID can gain access after the user has been authenticated
to the system administrator through some other ways than the password.
 By this way, a hacker cannot try a brute force attack to log on, since the
system will lock that ID after the first few attempts.
 the system should also record all the unsuccessful attempts for further
investigation.
7- Password Aging => implies that each password has a fixed lifetime, after
which the password must be changed. Furthermore, most system also allows
users to change a password any time during this interval.
8- Minimum Length => Since short passwords are easier to guess than long
ones, many systems require that the passwords must be of a min length. Usually,
passwords are required to be at least 6 or 8 characters long.
9- User Lockouts => This feature allows the system administrator to lock out
an ID that has not been used for a certain amount of time or that has not
changed the password within the specified time limit.
10- Root Password protection => is uniquely assigned to the system admin
for authentication. Since the administrator has significantly more access rights
than a typical user, the root password is a common target of attacks by hackers .
In addition , root password should not be transmitted over the network and
should be changed more frequently, such as once every week.
11- One-Time Passwords Using Token Cards => The concept of one-time
password is based on generating passwords that can be used only once. After
use, the onetime password becomes invalid. One-time passwords can be
generated in software, such as in a security server.
12- (One | Two ) Way Authentication=>
One-Way Authentication Two-Way Authentication
the user only needs to be both parties are authenticated to each
authenticated to the server but the other (user / server)
host application is not needed to be one-way authentication working as
authenticated to the user the following:
one-way authentication working as 1- The server has also been
the following: authenticated to the user.
1- confirms that the application has 2- The password for the server was sent
authenticated user's ID. by the legitimate server (since no one
2- verify that the ID and password was else has the server's password).
sent by the auth user (no one else has
the user's password).
13- Encryption schemes
 Asymmetric => Uses one key for encryption and a different but related key
for decryption , Key encryption and is the basis of the public key schemes.
 Symmetric => Key encryption scheme uses the same key for encryption
and decryption .
Private key => known only to the user
Public key => known to every one .

CH3
1- Audit Trail => There are keeps a record of several significant events that
should be recorded for potential review at a later time
Audit Requirements :
1. Automatically collects information on all the security – sensitive activities.
2. Stores the information using a standard record format.
3. Creates and saves the audit records automatically without requiring any
action by the administrator.
4. Protects the audit records log under some security scheme.
5. Minimally affects the normal computer system operation and performance.
2- Intrusion Detection => The process of detecting and identifying
unauthorized or unusual activity on the system. By using the audit records, the
intrusion detection system should identify any undesirable activity.
3- Profiles =>
 Profiles characterize the behavior of a subject (or a group of subjects) on an
object (or a group of objects).
 Profiles include the description of normal behavior of subjects with respect
to the objects. So profiles can be detect any abnormal activity as recorded
in the audit records.
4- Anomaly Records => An anomaly record is created when the audit records
show some abnormal behavior compared to that in the profiles.
5- Viruses => The scientifically definition for viruses is self-reproducing
automation which have the ability gain control of the computer. When it is
executed, a virus makes one or more copies of itself, Virus is not an independent
program but it executed when its home program executed.
 Bacteria => Bacteria are programs that duplicate themselves. While these
programs don’t directly attack any software, they consume resources simply by
replicating themselves.
 Worms => is an independent program that can replicate itself and often spreads
to different sites over a network. Since it is an independent program, it does not
need another program to spread itself.
 Trapdoors => is an undocumented entry point into software that surrounds the
normal system protection. Trapdoors have been used legitimately by
programmers to test, debug, and sometimes even fix programs. trapdoors are
used during software development.
 Logic Bombs => is a fragment of software that is set to inflict damage when a
certain set of conditions exist. A logic bomb needs a host software program to
carry the bomb.
 Trojan Horses => is a piece of code that hides inside a program and performs a
disguised function. This piece of code does not exist independently and needs to
be planted in another program for disguise
 CH4
1- Encryption => is the process of transforming data into an indistinct from in
such a way that the original data can be obtained only by using the decryption
process and the encryption key.
Original data is called clear-text or plaintext,
Encrypted data is called cipher-text, code-text, or cipher
1. Transposition => A given text can be transposed in several ways.
Consider the word PRIVATE. This word can be transposed to VRIPTEA ,
In order to decrypt this word, the recipient will attempt different positions of
the letters until an unclear word is found.
2. Substitution => A given text can also be encrypted by substituting each
letter with another letter. A common approach for substitution is to replace
letters by other letters in the alphabet.
2- Data Integrity => allows detection of unauthorized modification of data.
A network security scheme must provide the services to protect information
against the threat of unauthorized modifications.
3- Data Integrity VS Data confidentiality =>
Data integrity Data confidentiality
Requires that no unauthorized user Implies that confidential data is not
can modify the data viewed by an unauthorized user.

4- Data Integrity using One-Way Hash Function =>

4- One-Way Hash Functions => is used to detect changes to messages
during transmission. In order to detect any errors during transmission the link
layer protocols included a checksum.
One-way hash function requirements (‫ )قال جاية ف األمتحان‬:
 The one-way hash function H can be applied to a data block M of arbitrary size.
 The resulting message digest, d, is of fixed size, the message digest size is usually
128 bits or 160 bits.
 The one-way hash function H is easy to implement in both hardware and software.
 Given the message digest d, it is very hard to find the original message M.
 Given the message M, it is very hard to find a data block N such that H (N) = H (M).
 It is very hard to find any two data blocks x and y such that : H (x) = H (y).
5- Digital Signature => provides proof of authenticity and origination of data.
It’s different from encryption, since encryption provides confidentiality.
6- Data Integrity and Confidentiality (‫>=)مهمة جدا‬
‫ ايه‬Provide ‫السؤال هيجي عبارة عن الرسمة متلخبطة ويسألك كل واحدة من دول بتعمل ايه او بت‬
 CH5
1- Access Control => enforces the access rights when a subject requests to
access an object.
Access control is based on 3 types of information:
1. Subjects: is capable of accessing an object.
2. Objects: is an entity to which access can be controlled.
3. Access Rights: define the ways in which a subject can access the object.
Access rights are specified for each pair of subjects and objects.

2- Access Control List (ACL) =>

for a given object defines the access rights for each subject.
3- Capability List (CL) =>
for a subject specifies the rights to access each object.

CH7
1- Firewall => protect private networks from intrusion, and other attacks from
the Internet, a firewall is required and it should intercept all the traffic between a
given private network and the Internet.
Depending on the configuration, the firewall determines whether the request should be
pass through the firewall or be denied.
2- Area of risks for the network =>
1. Information: Someone can steal or destroy the information that is stored on the
private network.
2. Resources: Someone can damage or misuse the computer systems on the
private network.
3. Reputation: Someone can damage the reputation of a business by
demonstrating Vulnerabilities in its network security.
3- Component of Firewall =>

1. Secure operating system : can protect the firewall code and files from attacks
by hackers.
2. Filters : executes a set of rules that have been defined by administrator at
configuration time.
3. Gateways : intercepts the traffic and authenticates users at the TCP/IP
application level. The application gateway function is often provided by
implementing a proxy server.
4. Proxy : authenticates each user, both from inside the private network and from
the Internet.
5. SOCKS : provide gateway support through the firewall, require modifications to
the client software, but no change is required to the user procedures.
6. Domain name service: isolates the name service of the private network from
that of the Internet.
7. Mail handling : capability ensures that any E-mail exchange between the private
network and the Internet is processed through the firewall.

4- Risks Not Addressed By Firewalls =>

1. Insider's Intrusion: The firewall cannot protect the resources from attack by an
internal user of the private network.
2. Direct Internet Traffic: The firewall cannot protect the resources of the private
network from the traffic that takes place directly with the Internet.
3. Virus Protection: The firewall cannot protect a private network from external
viruses. A virus may be transferred to the private network using File Transfer
Protocol (FTP) or other means.
 ‫‪All done‬‬
‫المسائل جاية ازاي ؟‬

‫‪ .1‬أول مسألة عن ال ‪ one way hash function‬وال ‪ requirements‬بتاعتها (هيقولك ايه تعريفها‬

‫وايه متطلباتها) وبعدها المسألة نفسها بقا زي ما هي في ال ‪ pdf‬اليل الدكتور مزنله‬

‫‪ .2‬تاني مسألة إزاي تعمل ‪ encryption‬هيديك هو المصفوفة كام في كام‬

‫لو قالك ‪ 4x5‬يعين ‪ 4‬صفوف و ‪ 5‬عمود عشان لو عملت عكس كدا هتاخد ‪0‬‬

‫‪ .3‬تالت مسألة عن ال ‪( access control‬تعريفه وباقي الحاجات المرتبطة بيه) وبعدها المسألة‬