Network Security
A security policy defines what people can and can't do with network components and resources.
Need for Network Security In the past, hackers were highly skilled programmers who understood the details of computer communications and how to exploit vulnerabilities. Today almost anyone can become a hacker by downloading tools from the Internet. These complicated attack tools and generally open networks have generated an increased need for network security and dynamic security policies. The easiest way to protect a network from an outside attack is to close it off completely from the outside world. A closed network provides connectivity only to trusted known parties and sites; a closed network does not allow a connection to public networks.
Because they have no Internet connectivity, networks designed in this way can be considered safe from Internet attacks. However, internal threats still exist.
There is a estimates that 60 to 80 percent of network misuse comes from inside the enterprise where the misuse has taken place. With the development of large open networks, security threats have increased s past 20 years. Hackers have discovered more network vulnerabilities, and because you can now download applications that require little or no hacking knowledge to implement, applications intended for troubleshooting and maintaining and o used maliciously and pose severe threats.
An adversary
A person that is interested in attacking your network; his motivation can range from gathering or
stealing information, creating a DoS, or just for the challenge of it.
Types of attack:
Classes of attack might include passive monitoring of communications, active network attacks,
close-in attacks, exploitation by insiders, and attacks through the service provider. Information
systems and networks offer attractive targets and should be resistant to attack from the full range of
threat agents, from hackers to nation
rapidly when attacks occur.
There are five types of attack:
Passive Attack
A passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can be used in other types of attacks. Passive attacks include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive interception of network operations enables
adversaries to see upcoming actions. Passive attacks result in the disclosure of information or data
files to an attacker without the consent or knowledge of the user.
Active Attack
In an active attack, the attacker tries to bypass or break into secured systems. This can be done
through stealth, viruses, worms, or Trojan horses. Active attacks include attempts to circumvent or
break protection features, to introduce malicious code, and to steal or modify information. These
attacks are mounted against a network backbone, exploit information in transit, electronically
penetrate an enclave, or attack an authorized remote user during an attempt to connect to an
enclave. Active attacks result in the disclosure or dissemination of data files, DoS, or modification
of data.
Distributed Attack
A distributed attack requires that the adversary introduce code, such as a Trojan horse or backdoor program, to a “trusted” component or software that will later be distributed to many other
companies and users Distribution attacks focus on the malicious modification of hardware or
software at the factory or during distribution. These attacks introduce malicious code such as a back
door to a product to gain unauthorized access to information or to a system function at a later date.
Insider Attack
An insider attack involves someone from the inside, such as a disgruntled employee, attacking the
network Insider attacks can be malicious or no malicious. Malicious insiders intentionally
eavesdrop, steal, or damage information; use information in a fraudulent manner; or deny access to
other authorized users. No malicious attacks typically result from carelessness, lack of knowledge,
or intentional circumvention of security for such reasons as performing a task.
Close-in Attack
A close-in attack involves someone attempting to get physically close to network components,
data, and systems in order to learn more about a network Close-in attacks consist of regular
individuals attaining close physical proximity to networks, systems, or facilities for the purpose of
modifying, gathering, or denying access to information. Close physical proximity is achieved
through surreptitious entry into the network, open access, or both.
One popular form of close in attack is social engineering in a social engineering attack, the attacker
compromises the network or system through social interaction with a person, through an e-mail
message or phone. Various tricks can be used by the individual to revealing information about the
security of company. The information that the victim reveals to the hacker would most likely be
used in a subsequent attack to gain unauthorized access to a system or network.
Phishing Attack
In phishing attack the hacker creates a fake web site that looks exactly like a popular site such as the
SBI bank or PayPal. The phishing part of the attack is that the hacker then sends an e-mail message
trying to trick the user into clicking a link that leads to the fake site. When the user attempts to log
on with their account information, the hacker records the username and password and then tries that
information on the real site.
Hijack attack
In a hijack attack, a hacker takes over a session between you and another individual
and disconnects the other individual from the communication. You still believe that you are talking
to the original party and may send private information to the hacker by accident.
Spoof attack In a spoof attack, the hacker modifies the source address of the packets he or she is
sending so that they appear to be coming from someone else. This may be an attempt to bypass your
firewall rules.
Buffer overflow
A buffer overflow attack is when the attacker sends more data to an application
than is expected. A buffer overflow attack usually results in the attacker gaining administrative
access to the system in a command prompt or shell.
Exploit attack
In this type of attack, the attacker knows of a security problem within an operating
system or a piece of software and leverages that knowledge by exploiting the vulnerability.
Password attack
An attacker tries to crack the passwords stored in a network account database or a
password-protected file. There are three major types of password attacks: a dictionary attack, a
brute-force attack, and a hybrid attack. A dictionary attack uses a word list file, which is a list of
potential passwords. A brute-force attack is when the attacker tries every possible combination of
characters.
Methods of Attack :
Malware
Simply defined, malware is any computer code that has a malicious intent. Malware is often used to destroy something on a computer or to steal private information. Odds are, nearly everyone with a computer has fallen victim to some form of malware in their time.
Viruses
As the name implies, viruses make a computer "sick". They infect a computer, just like a real virus that infects a person, and then they hide inside the depths of the computer. Viruses replicate themselves, and they survive by attaching to other program or files. though viruses are one of the oldest types of cyber attacks, they can be some of the craftiest. The capability of viruses has evolved, and they are often hard to spot and remove from a computer ("Current Cyber").
Spyware
Spyware is a form of malware that monitors or spies on its victims. It usually remains in hiding, but even so, it can log the various activities performed by a user. Spyware is capable of recording keystrokes (what a user types on the keyboard), which means that the view passwords that the victim enters into the computer. Spyware is also used to steal confidential information.
Worms
Similar to viruses, worms replicate themselves many times to fulfill a nefarious purpose. However, worms differ from viruses in that they do not need to attach themselves to other files or programs. Worms are capable of surviving all by themselves, and not only do they replicate on a single computer host, but they can also replicate across an entire network of computers ("Current Cyber"). It is these features that can make a worm significantly more dangerous than a virus.
Password Attacks
These attacks are focused on cracking a victim's password so that the attacker may obtain
access to a secured system. A username/password combination is typically the standard form of
authentication on most systems. Though this type of account security is not necessarily weak
by default, a user must follow good password procedures in order to stand a chance against a
password attack.
Brute-Force Attack
This type of attack is typically used as an end-all method to crack a difficult password.
A brute-force attack is executed when an attacker tries to use all possible combinations of
letters, numbers, and symbols to enter a correct password. Programs exist that help a hacker
achieve this, such as Zip Password Cracker Pro, as seen in Figure 2. Any password can be
cracked using the brute-force method, but it can take a very long time to finish. The longer and
more intricate a password is, the longer it will take a computer to try all of the possible
combinations.
Brute-Force Attack
This type of attack is typically used as an end-all method to crack a difficult password.
A brute-force attack is executed when an attacker tries to use all possible combinations of
letters, numbers, and symbols to enter a correct password. Programs exist that help a hacker
achieve this, such as Zip Password Cracker Pro, Any password can be
cracked using the brute-force method, but it can take a very long time to finish. The longer and
more intricate a password is, the longer it will take a computer to try all of the possible
combinations.
Denial-of-Service Attacks
A denial-of-service (DoS) attack
interruption of a network service. This is achieved when an attacker sends high volumes of
traffic or data through the target network until the network becomes overloaded ("Denial-of-Service"). Think of a man juggling; he may be able to juggle quite well when using three or
four balls, but if someone throws more balls into the fray and he tries to continue juggling with
an increasing amount of balls, he may lose control and drop them all. This is essentially what
happens when a network becomes overloaded.
Goals for security
The real basic goals of information security are
• Confidentiality
• Integrity
• Availability
• Non-repudiation. Accomplishing these is a management issue before it's a technical one, as they
are essentially business objectives.
Confidentiality is about controlling access to files either in storage or in transit. This requires
systems configuration or products (a technical job). But the critical definition of the parameters
(who should be able to access what) is a business-related process.
Ensuring integrity is a matter of version control - making sure only the right people can change documents. It also requires an audit trail of the changes, and a fallback position in case changes
prove detrimental. This meshes with non-repudiation (the change record must include who as well
as what and when).
Availability is the Cinderella of information security as it is rarely discussed. But however safe
from hackers your information is, it is no use if you can't get at it when you need to. So you need to
think about data back-ups, bandwidth and standby facilities, which many people still leave out of
their security planning.
E-commerce Security
What is e-commerce- trading in products or services commercial transactions conducted
electronically on the internet
Ecommerce allows consumers to electronically exchange goods and services with no barriers of
time and distance.
Benefits of e-commerce include its round the clock availability the speed of access a eider selection
of goods and swims accessibility and international reach
To ensure the security and privacy of e-commerce business should authenticate
business transaction control access to resources such as Web Pages for neither or selected users
encrypt communications and implement security technologies such as the severe sockets layers .
There business transitions occur either business to business, business to customer, customer to
customer or customer to business
B2B- Business to business or B2B refers to electronic commerce between business rather than
between a business and a consumer.
B2B businesses often deal with hundreds or even thousands of other businesses either as customer
or suppliers selling to distributers whole salvers selling to retailers.
Business-to-Customer(B2C) – This is what most people think of when they hear e-commerce B2C
Concepts of business selling to the general public through shopping cart software without needing
any human interaction E.g. Amazon, flipcart etc.
Customer –to- Business (C2B) – In this scenario a consumer would post a project with a set budget
online and companies bid on the project .The customer reviews the bid and selects the company.
Eg. Enlace.
Customer –to- Customer( C2C)- this type of e- commerce is made up of online carotids or forms
cohune individuals can buy and sell their goods than too to system like PayPal on example of this
would ebay.
Computer Forensics
If you manage or administer information systems and networks, you should understand computer
forensics. Forensics is the process of using scientific knowledge for collecting, analyzing, and
presenting evidence to the courts. (The word forensics means “to bring to the court.” ) Forensics
deals primarily with the recovery and analysis of latent evidence. Latent evidence can take many
forms, from fingerprints left on a window to DNA evidence recovered from blood stains to the
files on a hard drive.
Because computer forensics is a new discipline, there is little standardization and consistency across
the courts and industry. As a result, it is not yet recognized as a formal “scientific” discipline. We
define computer forensics as the discipline that combines elements of law and computer science to
collect and analyze data from computer systems, networks, wireless communications, and storage
devices in a way that is admissible as evidence in a court of law.
Why is Computer Forensics Important?
Adding the ability to practice sound computer forensics will help you ensure the overall integrity
and survivability of your network infrastructure. You can help your organization if you consider
computer forensics as a new basic element in what is known as a “defense-in-depth” “Defense in
depth is designed on t
he principle that multiple layers of different types of protection from different vendors provide
substantially better protection”
Steganography
Steganography is the study of embedding and hiding messages in a medium called a covertext.
Steganography is related to cryptography and is just about as old. It was used by the Ancient Greeks
to hide information about troop movements by tattooing the information on someone's head and
then letting the person grow out their hair. Simply put, steganography is as old as dirt.
The basic idea behind cryptography is that you can keep a message a secret by encoding it so that
no one can read it. If a good cryptographic cipher is used, it is likely that no one, not even a
government entity, will be able to read it.