CMP 318 Network Security Issues
CMP 318 Network Security Issues
CMP 318 Network Security Issues
SECURITY ISSUES
(3 UNITS)
Prepared by: Dr. T. A. Olowookere
“The art of war teaches us not on the likelihood
of the enemy’s not coming, but on our own
readiness to receive him; not on the chance of
RELEVANT his not attacking, but rather on the fact that
QUOTE we have made our position unassailable.”
--The art of War, Sun Tzu
Network security is the process of taking physical
and software preventative measures to protect the
What is underlying network infrastructure from
unauthorized access, misuse, malfunction,
Network modification, destruction, or improper disclosure,
Security? thereby creating a secure platform for computers,
users, and programs to perform their permitted
critical functions within a secure environment.
Network Security deals with all aspects related to
What is the protection of the sensitive information assets
Network existing on the network. It covers various
mechanisms developed to provide fundamental
Security? security services for data communication.
Network security revolves around the three key
principles of:
Key
confidentiality, integrity, and availability (C-I-A).
Principles of
Depending upon the application and context, one
Network of these principles might be more important than
Security the others.
For example, a government agency would encrypt
an electronically transmitted classified document
to prevent an unauthorized person from reading
its contents. Thus, confidentiality of the
information is paramount.
If an individual succeeds in breaking the
encryption cipher and, then, retransmits a
Brief Example modified encrypted version, the integrity of the
message is compromised.
On the other hand, an organization such as
Amazon.com would be severely damaged if its
network were out of commission for an extended
period of time. Thus, availability is a key concern
of such e-commerce companies.
The CIA
Triad
Confidentiality is concerned with preventing the
unauthorized access to/disclosure of sensitive
network information.
prevents/detects/deters improper disclosure of
Confidentiality information.
Methods of achieving Confidentiality: User Id’s and
passwords, access control lists (ACL)….
Integrity is concerned with the assurance that
information is accurate, and reliable – in other
words, protected from unauthorized modification,
destruction, and loss.
prevents/detects/deters improper modification of
information.
Integrity
ensuring information has not been altered by
unauthorized or unknown means.
Methods of achieving Integrity: Data Encryption,
Hashing Algorithms….
There are three goals of integrity:
✦ Prevention of the modification of information by
unauthorized users
Integrity(2) ✦ Prevention of the unauthorized or unintentional
modification of information by authorized users
✦ Preservation of the internal and external
consistency
Availability is concerned with the access to
information by authorized persons as and when
necessary.
Availability assures that a system’s authorized users
have timely and uninterrupted access to the
information in the system and to the network.
Availability
prevents/detects/deters improper denial of access
to services/infrastructure.
Methods of achieving Integrity: Hardware
maintenance, software upgrading….
Authentication: Verification that the user’s
claimed identity is valid, such as through the use of
a password
Identification: Evidence of the identity of an entity
(e.g., a person, a computer terminal, a credit card,
Other C-I-A- etc.).
related Key The act of a user professing an identity to the
system, such as a logon ID
Terminologies
Authorization: The privileges allocated to an entity
(or process) that enable access to a computer
network resource.
Non-repudiation: preventing the denial of
previous commitments or actions.
Threats
A threat is anything that can disrupt the operation,
functioning, integrity, or availability of a network or
system.
NETWORK
SECURITY Vulnerabilities
ISSUES: A vulnerability is an inherent weakness in the design,
configuration, implementation, or management of a
network or system that renders it susceptible to a threat.
Vulnerabilities are what make networks susceptible to
Threats, information loss and downtime. Every network and
system has some kind of vulnerability.
Vulnerabilities
and Attacks Attack
Attack is any action of malicious intruder that exploits
vulnerabilities of the system/network to cause a threat
to occur.
Vulnerability in information systems or networks
is the a flaw or weakness that leaves a
system/network open to attack that can be
exploited by attack vectors or cyber criminals to
perpetrate security breach or unauthorized action.
Types of Vulnerabilities:
Vulnerability
Hardware Vulnerabilities
Software Vulnerabilities
Human Resource Vulnerabilities
Process Vulnerabilities
Physical & Environmental Vulnerabilities
Network & Protocol Vulnerabilities
So basically, threat is a possible danger or
vulnerability while attack is the action or attempt
of unauthorized action.
A threat is the known possibility of an attack. An
attack is the actual occurrence of an unauthorized
access or malicious activity.
Threat vs
Your computer hasn't been updated in a while.
Attack Due to which there are a lot of vulnerabilities, now
this is a threat.
A hacker sees that you have not updated your
computer and tries to exploit one of the
vulnerabilities using his toolset. Now that is an
attack.
The actions that compromise the security of information
owned or transferred by an entity comes in different forms.
These Security Attacks can be one of four 4 forms:
Interruption
Forms of
Interception
Security Attacks
Modification
Fabrication
16
Forms of
Security Attacks
17
Forms of
Security Attacks
18
Forms of
Security Attacks
19
Forms of
Security Attacks
20
Forms of
Security Attacks
21
Information Information
source (a) Normal Flow Destination
Forms of I
I
Security Attacks
in a whole (b) Interruption (d) Fabrication
I I
22
The Major
Types of Passive and Active attacks.
Attack
Attack
Passive
Attacks
Interception (Confidentiality)
Interruption Modification Fabrication
(Availability) (Integrity) (authentication)
24
A Passive attack can only observe communications or
data.
Forms: Interception ( also called eavesdropping or passive
Active and wiretapping)
25
✦ Passive — Passive attacks include traffic analysis,
monitoring of unprotected communications, decrypting
weakly encrypted traffic, and capture of authentication
information (such as passwords).
Passive intercept of network operations can give
adversaries indications and warnings of impending
Passive Attacks actions.
Passive attacks can result in disclosure of information
or data files to an attacker without the consent or
knowledge of the user. Examples include the
disclosure of personal information such as credit card
numbers and medical files
26
✦Active — Active attacks include attempts to
circumvent or break protection features, introduce
malicious code, or steal or modify information.
These attacks may be mounted/launched against a
network backbone, exploit information in transit,
Active Attacks electronically penetrate a network, or attack an authorized
remote user during an attempt to connect to network.
Active attacks can result in the disclosure or
dissemination of data files, denial of service, or
modification of data.
27
Network sniffing or packet sniffing is the process
of monitoring a network in an attempt to gather
information that may be useful in an attack. With the
proper tools a hacker can monitor the network
packets to obtain passwords or IP addresses.
Sniffing involves capturing, decoding, inspecting
and interpreting the information inside a network
packet on a TCP/IP network.
Sniffing Sniffing is a process of monitoring and capturing all
data packets passing through given network.
Sniffing is generally referred to as a “passive” type
of attack, wherein the attackers can be
silent/invisible on the network. This makes it
difficult to detect, and hence it is a dangerous type
of attack.
There are two types:
Active Sniffing:
Sniffing in the switch is active sniffing. A switch is a point
to point network device. The switch regulates the flow of
data between its ports by actively monitoring the MAC
address on each port, which helps it pass data only to its
intended target. In order to capture the traffic between target,
sniffers has to actively inject traffic into the LAN to enable
Types of Sniffing sniffing of the traffic.
Passive Sniffing:
This is the process of sniffing through the hub. Any traffic
that is passing through the non-switched or unbridged
network segment can be seen by all machines on that
segment. Sniffers operate at the data link layer of the
network. Any data sent across the LAN is actually sent to
each and every machine connected to the LAN. This is called
passive since sniffers placed by the attackers passively wait
for the data to be sent and capture them.
Network
Layers’
Vulnerability to
Sniffing
Password sniffing is particularly a threat for users
who log into Unix systems over a network. Telnet
or rlogin is usually employed when logging onto a
Unix systems over a network.
Sniffer tool usage (E.g., Wireshark, dSniff etc)
Ethical usage
1. Packet capturing
2. Network traffic usage and analysis
3. Packet conversion for data analysis
Sniffer tools 4. Network troubleshooting
usage Unethical usage
1. User identity and password stealing
2. Email or instant message data stealing
3. Packet spoofing and data theft
4. Monetary or reputational damage
A spoofing attack is when a malicious party
impersonates another device or user on a network in
order to launch attacks against network hosts, steal data,
spread malware or bypass access controls.
In general terms, a spoof entails falsifying one's identity
or masquerading as some other individual or entity to
gain access to a system or network or to gain information
Spoofing for some other unauthorized purpose.
Spoofing is an Active attack
There are many different kinds of spoofs, including,
among many others,
IP address spoofing,
domain name service (DNS) spoofing
session highjacking,
Every device on a TCP/IP network has a unique IP
address. The IP address is a unique identification
of the device, and no two devices on the network
can have the same IP address.
IP Address In an IP address spoofing attack, an attacker sends
Spoofing IP packets from a false (or “spoofed”) source
address in order to disguise itself.
Denial-of-service attacks often use IP spoofing to
overload networks and devices with packets that
appear to be from legitimate source IP addresses.
IP Spoofing
The Domain Name System (DNS) is a system that
associates domain names with IP addresses. Devices that
connect to the internet or other private networks rely on
the DNS for resolving URLs, email addresses and other
human-readable domain names into their corresponding
IP addresses.
DNS In a DNS server spoofing attack, a malicious party
Spoofing modifies the DNS server in order to reroute a specific
domain name to a different IP address. In many cases,
the new IP address will be for a server that is actually
controlled by the attacker and contains files infected
with malware.
DNS server spoofing attacks are often used to spread
computer worms and viruses.
DNS
Spoofing
Session hijacking is defined as taking over an active
TCP/IP communication session without the user’s
permission.
Session When implemented successfully, attackers assume the
Highjacking identity of the compromised user, enjoying the same
access to resources as the compromised user.
Identity theft, Information theft, stealing sensitive data
are some of the common impacts of session hijacking.
Session
Highjacking
Session
Highjacking
There are two types of session hijacking depending
on how they are done. If the attacker directly gets
involved with the target, it is called active
hijacking, and if an attacker just passively
monitors the traffic, it is passive hijacking.
Active:
The attacker will silence one of the machines,
Types of session usually the client computer, and take over the
clients’ position in the communication exchange
hijacking attacks between the workstation and the server.
The active attack also allows the attacker to issue
commands on the network making it possible to
create new user accounts on the network, which
can later be used to gain access to the network
without having to perform the session hijack
attack.
Passive:
In Passive session hijacking attack, the attacker
Types of session monitors the traffic between the workstation and
server. The primary motivation for the passive
hijacking attacks attack is to monitor network traffic and potentially
discover valuable data or passwords.
Traffic Redirection, also named DNS redirection, is a
type of DNS attack in which DNS queries are
incorrectly resolved in order to unexpectedly redirect
users to malicious sites. To perform the attack,
perpetrators either install malware on user
computers, take over routers, or intercept or hack
Traffic DNS communication.
Redirection Under this method of DNS attack, hackers
compromise a link on someone else's page or set up
their own page with false links. In either case, the link
could state that it is for a legitimate site, but in reality
the link brings the Web surfer to a site set up and
controlled by the hacker that looks like the site the
Web surfer was expecting.
Session
Highjacking
Denial of service attack (DOS) is an attack against
computer or network which reduces, restricts or
prevents accessibility of its system resources to
Denial-of-Service authorized users.
(DoS) Attack Denial-of-Service (DoS) attacks deny the use of
& resources, information, or capabilities of a system to
legitimate users.
Distributed
Denial of Service
Distributed Denial of Service (DDoS) attack is an
(DDoS) Attack attack where multiple compromised systems
simultaneously attack a single system; thereby, causing
a DOS attack for the users of the target.
Denial-of-
Service (DoS)
Attack
52
1. https://www.tutorialspoint.com/network_security/index.htm
2. https://www.csoonline.com/article/3285651/what-is-network-
security-definition-methods-jobs-and-salaries.html.
3. A. J. Menezes, P. C. van Oorschot and S. A. Vanstone. (1996).
Handbook of Applied Cryptography.
4. Eric Cole, Dr. Ronald Krutz, and James W. Conley (2005). Network
References Security Bible
5. https://www.quora.com/What-is-the-difference-between-threat-and-
attack-in-information-security
6. https://www.greycampus.com/opencampus/ethical-hacking
7. https://www.hackingloops.com/session-hijacking-how-to-hack-online-
sessions/
CMP 318 – NETWORK
SECURITY ISSUES
(3 UNITS)
Prepared by: Dr. T. A. Olowookere
“The art of war teaches us not on the likelihood
of the enemy’s not coming, but on our own
readiness to receive him; not on the chance of
RELEVANT his not attacking, but rather on the fact that
QUOTE we have made our position unassailable.”
--The art of War, Sun Tzu
Use of Cryptography
for Data and Network
Security
Cryptography is the art of converting text into
another form for secret transmission and reception.
It works by converting plain text into cipher text
using some encryption algorithm at the sender’s side
Cryptography and converting ciphertext into plain text at the
receiver’s side.
Cryptography is used to provide confidentiality,
integrity, authenticity and non-repudiation.
Cryptography is the art of protecting information
by transforming it (encrypting it) into an
unreadable format, called cipher text.
Only those who possess a secret key can decipher
Cryptography (or decrypt) the message into plain text.
Encrypted messages can sometimes be broken by
cryptanalysis, also called codebreaking, although
modern cryptography techniques are virtually
unbreakable.
Cryptography includes a set of techniques for
scrambling or disguising data so that it is available
only to someone who can restore the data to its
original form.
Cryptography In current computer systems, cryptography
provides a strong, economical basis for keeping
data secret and for verifying data integrity.
Key terms:
Sub-Categories
Further drilling down, Classical Cryptography is
of divided into Transposition Cipher and Substitution
Cryptography Cipher.
Transposition
Ciphers
Classical Substitution Cipher: Method of encryption by
which units of plaintext are replaced with ciphertext,
Cryptography: according to a fixed system; the “units” may be
(Transposition single letters (the most common), pairs of letters,
triplets of letters, mixtures of the above, and so
& Substitution forth.
Ciphers)
Substitution Cipher:
Example: Consider this example shown on the slide: Using the system
just discussed, the keyword “zebras” gives us the following alphabets:
Stream Cipher: Symmetric or secret-key
encryption algorithm that encrypts a single bit at a
time.
Modern
With a Stream Cipher, the same plaintext bit or
Cryptography byte will encrypt to a different bit or byte every
(Stream & time it is encrypted.
Block Ciphers) The incoming data is encrypted or decrypted byte
by byte; or bit by bit
Stream Cipher
Block Cipher : An encryption method that applies
a deterministic algorithm along with a symmetric
Modern key to encrypt a block of text, rather than
Cryptography encrypting one bit at a time as in stream ciphers.
(Stream & The input plain text is broken into fixed size blocks
and they are encrypted /decrypted as a block; e.g.
Block Ciphers) DES, AES.
Block Cipher
Example:
Block Ciphers
Asymmetric key Cryptography: This refers to an
encryption process where different keys are used for
Asymmetric encrypting and decrypting the information.
Key Keys are different but are mathematically related,
such that retrieving the plain text by decrypting
Cryptography ciphertext is feasible.
(or Public Key Here two keys are used, Public key is used for
Cryptography) encryption and Private key is used for decryption;
e.g. RSA.
Asymmetric
key
Cryptography
Asymmetric
key
Cryptography
RSA is the most widely used form of public key
encryption
Asymmetric
Key The RSA Algorithm
Cryptography RSA stands for Rivest, Shamir, and Adelman,
inventors of this technique
(or Public Key
Both public and private key are interchangeable
Cryptography)
Variable Key Size (512, 1024, or 2048 bits)
The RSA
Algorithm
Architectures for
Secure Networks
Essential to network design is the security
architecture that describes the network segmentation
(i.e., security zones) and security layers (i.e., access
control, intrusion prevention, content inspection, etc.).
Architectures
The network communication between different zones
for Secure is strictly controlled.
Networks A secure network is any home, business, school,
enterprise or any other network that has security
measures in place that help protect it from outside
attackers.
A secure channel is a way of transferring data that is
resistant to overhearing and tampering.
Difference Worm:
A worm is a malicious program that originates on a single
between computer and searches for other computers connected
through a local area network or Internet Connection.
Worms and When a worm finds another computer, it replicates itself onto
that computer and continues to look for other connected
Viruses computers on which to replicate.
A worm continues to attempt to replicate itself indefinitely or
until a self-timing mechanism halts the process.
It does not infect other files.
A worm code is a stand-alone code. In other words, a worm
is a separate file.
A rootkit is a collection of malicious computer
software created to get access to a target computer
and often hides its existence or the existence of
other software.
Rootkits The term rootkit is a concatenation of "root" (the
privileged account on Unix-like operating systems)
and the word "kit" (which refers to the software
components that implement the tool).
A rootkit can be installed by an attacker directly or
remotely by exploiting a known vulnerability.
Once installed, it hides and runs with
administrator privilege.
Rootkits Rootkit detection is difficult because a rootkit
intercepts operating system calls by antivirus and
return a good version of the software. It either
duplicates or replaces OS system files making it
difficult to detect it.
Methods of Detection:
Behavioural-based methods
signature scanning
Integrity scanning by taking snapshots
Memory dump analysis.
Rootkits
The usual solution is to reinstall the operating system.
Social
The social engineering attacks can be grouped into
Engineering three types:
Human-based
Mobile-based
Computer-based
Impersonation: Acting like someone else to get access
to the information.
References 4. https://www.greycampus.com/opencampus/ethical-hacking
5. “Infrastructure for Intrusion Detection and Response” D.
Schnackenberg et al.
6. https://www.geeksforgeeks.org/introduction-of-firewall-in-computer-
network/
7. https://www.geeksforgeeks.org/intrusion-detection-system-ids/