ITC3213: Internet Security

Today’s Lecture
• Introduction & Motivation
• Cybercrimes
 Hacking
 Cracking
 Cyberterrorism
 Script Kiddie
 Cyberextortion
• Strategies For a Secure Network
 Password
 Backup
 Protection Tools
 Training
 Security Zones and User Roles
Introduction & Motivation
• The needs for Information Security have been in existence prior to
the advent of data processing equipment.
• During that time, information felt to be valuable to an organization
were secured primarily by:
• Physical Means: e.g. use of rugged filing cabinets with a combination lock
for storing sensitive documents.
• Administrative Means: Personal screening procedures used during the
hiring process.
• Introduction of computers necessitated the need for automated tools
for protecting files and other stored information especially on time-
sharing systems or systems that can be accessed over a public
network. The generic name for the tools that can help us achieved
this Computer Security.
Introduction & Motivation
• Introduction of distributed computing and the transfer of data
between devices through networks and communication facilities is
one of the major changes that affected security of data, hence
necessitated the need of Network Security/ internet security.
• There are no clear boundaries between Computer Security and
Internet Security.
• In this course, we focuses on internet security. Internet security
consists of measures to deter, prevent, detect, and correct security
violations that involve the transmission of information.
• The objective of internet security is to establish rules and measures to
use against attacks over the Internet.
Introduction & Motivation
(Some Examples of Security Violations)
• User X transmits a file containing sensitive information to User Y. User
Z (not authorized to read the file) monitor the transmission and copy
the file.
• User intercepts a message in transmission, alter it and send it to the
recipient as if it was directly from the sender.
• A user construct a message and send it to another user, claiming that
it was from a different user.
• A user intercept a message in transmission and delay its delivery.
• A user denying a message he/she sent for some personal cover-up or
gains
Cybercrimes
Criminal activities carried out by means of computers or the Internet
• Cyberextortion: a crime involving an attack or threat of an attack
coupled with a demand for money to stop the attack. E.g.
Ransomware. Noun: Cyberextortionist.
• Hacking: An unlawful access to computer or computer network.
Hackers often claim that they do this to find leaks in the security of a
network.
• Cracking: intentional access to a computer or computer network with
the intention of destroying or stealing information. Noun: Cracker
• Cyberterrorism: is the use of computer network or the internet to
destroy computer for political or ideological reasons. It requires highly
skilled individuals with huge investment in both time and money.
Noun: Cyberterrorist.
Cybercrimes
• Attack By an Unethical Employee: this involves an employee illegally
accessing his/her company’s network with the intension of getting
top secret information and sell them or give them to their
competitors as a revenge.
• Script Kiddie(ing): Script Kiddie is an unskilled cracker with no
technical skills, that uses prewritten scripts or codes to hack into
computers.
Strategies For a Secure Network
• Establish and enforce a proven password
• Backup your data
• Increase your employees’ skillset: Regularly train your staff on the
latest IT best practices related to internet security and other fields.
• Create security culture: advise your employees not disclose or share
log in details in any way.
• Defined security zones and user roles
• Activate the use of cloud in your organization
• Invest in IT infrastructures: install antivirus, firewalls, malware
blocking and intrusion detection software.
OSI Security Architecture
• To effectively assess the security needs of an organization and to
evaluate and choose various security products and policies, the
person responsible for security needs some systematic approach of
defining the requirements for security and characterizing the
approaches to satisfy those requirements.
• This systematic approach is defined by an International Standard
Recommendation called OSI Security Architecture.
• This architecture focuses on:
I. Security Attack:
Any action that is capable of compromising the security of information
owned by an organization.
II. Security Mechanism:
A process (or a device encapsulating such process) that is designed to
detect, prevent, or recover from a security attack.
OSI Security Architecture
III. Security Service:
A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. They are
intended to counter security attacks and make use of one or more security
mechanisms to provide the service.
Difference Between Threat and Attack
According to RFC 2828, Internet Security Glossary:
• Threat: A potential for violation of security, which exists when there is
a circumstance, capability, action, or event that could breach security
and cause harm. That is, a threat is a possible danger that might
exploit a vulnerability.
• Attack: An assault on system security that derives from an intelligent
threat; that is, an intelligent act that is a deliberate attempt
(especially in the sense of a method or techniques) to evade security
services and violate the security policy of a system.
 Types of Attack
The meaningful means of classifying security attacks is in terms of:
• Passive Attacks:
attempts to learn or make use of information from the system
but does not affect system resources.
• Active Attacks:
attempts to alter system resources or affect their normal
operations.
Passive Attack
• An attack in the nature of secretly listening to transmissions
(Eavesdropping) or monitoring of such transmissions.
• The goal of the attacker is to obtain the information being
transmitted.
• The most common of this attack is the Release of Message Contents:
Passive Attack
• In view of the above form of attack, there is the need of masking
contents of messages (e.g. through Encryption) to prevent an attacker
from eavesdropping on sensitive information from telephone
conversation, email messages or a transferred file.
• Even if the contents of transmitted messages are masked, the
attacker can also use another form of Passive Attack called Traffic
Analysis, that is, observing the pattern of these messages.
• The attacker could determine the location of the communicating
entities, the length and frequency of the information being
exchanged.
• Passive Attacks are very difficult to detect because they do not
involve any alteration to the message being transmitted.
Active Attack
• This form of attack involved the modification of the data stream or
the creation of a false stream. It has four categories: Masquerade,
Replay, Modification of Messages, and Denial of Service.
• Masquerade takes place when an entity pretends to be a different
entity, it usually involves one of the other categories of Active Attacks.
For example cases involving replaying authentication sequences.
Active Attack

• Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
Active Attack
• Modification of Messages: simply means that some portion of a
legitimate message is altered, or that messages are delayed or
reordered to produce an unauthorized effect. In other words, it
involves receiving packets, modifying them and send them on.
Active Attack
• Denial of Service prevents the normal use or management of
communications facilities. E.g. an entity may suppress all messages
directed to a particular destination; disruption of an entire network
through disabling or disturbing it with a lot of messages so as to
degrade performance.
Active Attack
• Unlike Passive Attacks, it is quite difficult to prevent Active Attacks
because of physical, software and network vulnerabilities. The goal is
to detect and recover from any disruption or delays they caused.

How can these security attacks be countered???

Security Services
• A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization. They are
intended to counter security attacks and make use of one or more security
mechanisms to provide the service, that is, they are implemented using Security
Mechanisms. These Services are divided into 4 categories:
1. Authentication: The assurance that an entity in a communication is indeed
the one it claims to be. This must happen for both single message (one
issue) or ongoing interaction (2 issues).
2. Access Control: Ability to limit and control access to host systems and
applications via communication links. This can be achieved through
identifying or authenticating each entity trying to gain access.
3. Data Confidentiality: Confidentiality is the protection of transmitted data
from passive attacks.
Security Services
• Continuation
4. Data Integrity: it can be connection-oriented or connectionless.
Connection-oriented integrity service deals with a stream of messages, it
assures that the messages are received as sent, with no duplication,
insertion, modification, reordering or replays. The destruction of data is also
covered under this service. Addresses …………. And …….. Security attacks.
Connectionless deals with individual messages and can only provide
protection against message modification attack.
5. Nonrepudiation: prevents either sender or receiver from denying a
transmitted message. When a message is sent, the receiver can prove that
the alleged sender in fact sent the message. Similarly, when a message is
received, the sender can prove that the alleged receiver in fact received the
message.

Security Services are implemented using Security Mechanisms

Security Mechanisms
A process (or a device encapsulating such process) that is designed to detect,
prevent, or recover from a security attack. Some of these mechanisms are:
1. Encipherment: the use of mathematical algorithms to transform data into a form that is
not readily intelligible. The transformation and subsequent recovery of the data depend on
an algorithm and zero or more encryption keys.
2. Digital Signature: data appended to, or a cryptographic transformation of a data unit that
allows a recipient of the data unit to prove the source and integrity of the data unit and
protect against forgery.
3. Traffic Padding: Insertion of bits into gaps in a data stream to frustrate passive attack.
Which form of passive attack?
4. Authentication Exchange: A mechanism used to ensure the identity of an entity by means
of information exchange.
5. Access Control: A variety of mechanisms that enforce access control, e.g. password, using
firewall.
Social Engineering Attack
• This is the deceptive and manipulative way of making people perform
actions or divulging confidential information.
• The actions or information can help the attacker to gain access to
systems, networks or locations, or for financial gain.
• Social engineering scams are often used by hackers who want to gain
access to systems because technological security is so advanced.
• Phishing involves pretending to be someone you trust: bank, friend,
government official. Some may even try to scare or intimidate you.
• Watering hole: the attackers can take control of a website or network
you trust, they wait for you to access them and still your login details.
• Typosquatting: also called URL hijacking. URLs mistakes
• Quid pro quo, Honey Trap
Backdoor
• A backdoor is an intentionally created computer security vulnerability
designed by a manufacturer of computer components, software that
allow a computer to be remotely accessed mainly for diagnostic,
configuration or technical support purposes.
• When installed into computers without user’s knowledge it is called
Hidden Backdoor program, a serious software vulnerability that allow
attackers access affected computer and any network it is connected
to.
• Can be used for a number of malicious activities such as: Data Theft,
Watering Hole Attack, Website Defacing, Launching of DDoS.
Botnet
• A botnet is a connection of internet-connected devices whose
security have been breached and control ceded to third party
(Hacker).
• Each of the devices is running one or more bots installed by a
malicious software.
• A bot (Internet bot, web robot) is a software application that runs
automated tasks over the Internet.
• Can be used to perform DDoS attack, steal data, send spam and allow
the attacker to access the device and its connection.
Computer Virus
• A computer virus is a type of program created to alter the way a
computer performs its actions. In addition, it is equipped with the
capability of spreading from one computer to another.
• Computer virus require a host program that it writes its codes to. The
codes are executed first when the host program runs causing
infection and damages.
• Virus can remain dormant on your computer without showing major
signs or symptoms. Once one computer on a network is infected with
virus, it can spread to all the remaining ones.
• Viruses can have damaging effects such as erasing or causing
permanent damage to a hard disk.
• Viruses can be spread through email and sms attachments, internet
file downloads and from social media.
Computer Virus
• To protect against computer viruses:
Use trusted Antivirus products
Avoid clicking on pop-up advertisements
Scan email attachments before opening them
Scan downloaded files from file sharing programs
Types of Viruses
Reading Assignment
Firewall
• A Firewall is a network security system designed in the form of hardware or
a software to prevent unauthorized access to or from a private network
based on predetermined security rules.

• It typically establishes a barrier between a trusted network and an

untrusted one
Firewall
• Firewalls can be categorized into network-based or a host-based
firewalls.
• Network-based ones can be placed anywhere within a LAN or WAN.
They can be a software appliance running on general purpose
hardware or hardware appliance running on a special purpose
hardware.
• host-based firewalls are deployed directly on the host itself to control
network traffic or other computing resources.
Types of Firewalls
• Packet Filtering Firewalls
i. Controls the network access by analyzing the outgoing and incoming
packets.
ii. Packets are only allowed to pass after satisfying some pre-established criteria like
IP address, port number, etc.
iii. It can not prevent all forms of attack, for example it cant deal with packet spoofing
attack
iv. It is less expensive, very fast and Suitable for small networks
• Stateful Inspection Firewalls
i. Also called dynamic packet filtering, it examines traffic stream from end-to-end
ii. Monitors the entire session for the state of the connection, while checking IP
addresses and payloads for more thorough security.
iii. It is a smart and fast firewall
iv. Works at the network layer of OSI model and are more secured than packet
filtering firewalls.
v. Resource-intensive, expensive and not fast.
Types of Firewall
• Proxy Server Firewalls
i. It is also called application level gateways.
ii. Are the most secured type of firewalls that effectively protect the network
resources by filtering messages at the application layer.
iii. Examines all communications between outside sources and devices behind
firewall.
iv. It checks IP address, port, TCP header information and the content itself before it
lets any traffic pass through the proxy.
v. They can block access to harmful sites and prevent leakages of sensitive
information.
vi. It doesn’t work with all network protocols
vii. Costlier than other firewall types and also affect network performance (introduces
delay)