Information Security

TEXT BOOKS:

1. Network Security Essentials (Applications and Standards) by William

Stallings Pearson Education.

2. Hack Proofing your network by Ryan Russell, Dan Kaminsky, Rain Forest
Puppy, Joe Grand, David Ahmad, Hal Flynn Ido Dubrawsky, Steve
[Link] and Ryan Permeh, Wiley Dreamtech.

1
 UNIT - 1
 Security Attacks (Interruption, Interception, Modification and
Fabrication )

 Security Services (Confidentiality, Authentication, Integrity,

Non – Repudiation, Access Control over Availability) and
Mechanisms

 A model for Internet work security, Internet Standards and

RFCs.

 Buffer overflow and format string vulnerabilities

 TCP Session Hijacking
 ARP Attacks
 Route Table Modifications
 UDP Hijacking
 And Man in the Middle attacks 2
 INTRODUCTION
 Security is the key concept in this information age.

 When firms use private networks they do not think

much about security, only a few do.

 But Internet has changed the scenario in the world.

Specially for people running business over the
internet, requires “SECURITY” about their
transactions.

3
IMPORTANCE

 Security provides privacy for your data. Means no

other party view your data.

 People who depend a lot on data security are

 DailyRoutine Transactions on the network
 E-Mail, a common routine
 E-commerce, Banking
 Super Markets to Jet Flight
 Multimedia Message Services (MMS)

4
 While Transmitting data what people think about
security

a) Is my data secured ?

b) If a sensitive data is send over inter network, can

anybody else watch it

c) Can anybody alter my web site display ?

d) How can customers do business on internet

e) Can anybody misuse the credit card details that are

send by the customers?
5
Background
 Information Security requirements have changed
in recent times

 traditionally provided by physical and

administrative mechanisms

 computer use requires automated tools to protect

files and other stored information

 use of networks and communications links

requires measures to protect data during
transmission
6
 Definitions
 Computer Security - generic name for the collection of
tools designed to protect data and to thwart hackers
 Network Security - measures to protect data during
their transmission
 Internet Security - measures to protect data during their
transmission over a collection of interconnected
networks
 Information security - is concerned with protecting
information from getting in to the hands of unauthorized
parties

7
 Aspects of Security
 consider 3 aspects of information security:
 security attack
 security mechanism
 security service

8
Services, Mechanisms, Attacks
(OSI Security Architecture)
 Attack – action that compromises the
security of information owned by an
organization
 Mechanisms– detect, prevent or recover
from a security attack
 Services – enhance the security of data
processing systems and transfers –
counter to security attacks

9
 Security Attack
 any action that compromises the security of
information owned by an organization
 information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
 often threat & attack used to mean same thing
 can focus of generic types or classification of
attacks
 passive
 active

10
Passive Attacks
Passive threats

Release of Traffic
message contents analysis

• eavesdropping, monitoring transmissions

11
 Passive Attacks
 The goal of the opponent is to obtain information that is being transferred. Two types

1) The release of message contents

 Ex: telephone conversation, an e-mail, a transferred file may contain sensitive or
confidential information.

2) Traffic analysis
 A way of masking the contents of msgs or other information traffic so that
opponents, even if they capture the msgs could not extract the information.
 The common technique for masking is encryption.
 If we had encryption protection place, an opponent might be able to observe the
pattern of the msgs.
 The opponent could determine the location and identity of communicating hosts and
could observe the frequency and length of msgs being exchanged.
 This information might be useful in guessing the nature of the communication that
was taking place.

12
Passive Attacks

Release of message contents

13
Traffic Analysis

14
 Active Attacks
Active threats

Masquerade Replay Modification of Denial of

(to pretend to message contents service
be someone
else.“)

• some modification of the data stream

15
 A masquerade takes place when one entity
pretends to be a different entity.
 Replay involves the passive capture of a data
unit and its subsequent retransmission to
produce an unauthorized effect.
 Modification of messages simply means that
some portion of a legitimate(allowed by law) msg
is altered, delayed or reordered.
 Denial of service prevents or inhibits the normal
use or management of communications facilities.

16
Masquerade

17
Active Attacks

Replay

18
Modification of messages

19
Denial of service

20
 Passive attacks are very difficult to detect because they
do not involve any alteration of the data. However it is
feasible to prevent the success of these attacks. Thus the
emphasis in dealing with passive attacks is prevention
rather than detection.

 Active attacks present the opposite characteristics of

passive attacks. It is quite difficult to prevent because to
do so would require physical protection of all
communications facilities and paths at all times. Instead,
the goal is to detect them and to recover. Because the
detection has a deterrent effect, it may also contribute to
prevention.

21
Categories of Security Attacks
There are four categories of attacks
1) Interruption
2) Interception
3) Modification
4) Fabrication

22
Categories of Security Attacks

Information Information
source destination
Normal Flow

23
Security Attacks

Information Information
source destination

Interruption
• Attack on availability

Ex: distruction pieces of h/w, such as hard disk, the cutting of

communication line, disabling the file management system

24
 Information Information
source destination

Interception
• Attack on confidentiality
Ex: wiretapping to capture data in a n/w and the
unauthorized copying of files or programs.

25
 Information Information
source destination

Modification
• Attack on integrity

Ex: changing values in a data file, altering a program, modifying

26
 Information Information
source destination

Fabrication
• Attack on authenticity

Ex: the insertion of spurious messages in a n/w or the addition

of records to a file

27
 Attack Category Attack on
Service
Interruption Active Attack Availability
Interception Passive Attack Confidentiality
Modification Active Attack Integrity
Fabrication Active Attack Authentication

28
Security Goals

Confidentiali
ty

Integrity
Availabilit
y

29
 Security Service
 enhance security of data processing systems
and information transfers of an organization
 intended to counter security attacks
 using one or more security mechanisms
 often replicates functions normally associated
with physical documents
 which, for example, have signatures, dates; need
protection from disclosure, tampering, or
destruction; be notarized or witnessed; be
recorded or licensed

30
Security Services
1) Confidentiality – is the protection of
transmitted data from passive attacks.
protection of data from unauthorized
disclosure.
2) Authentication – is concerned with assuring
that a communication is authentic. assurance
that the communicating entity is the one
claimed.
3) Integrity – as with confidentiality, integrity
can apply to a stream of msgs or selected
fields within a msg. assurance that data
received is as sent by an authorized entity. 31
31
4) Nonrepudiation – can’t deny a message was
sent or received.
5) Access Control – ability to limit and control
access to host systems and applications.
prevention of the unauthorized use of a
resource.
6) Availability – attacks affecting loss or reduction
on availability.

32
 Security Mechanism
 feature designed to detect, prevent, or
recover from a security attack
 no single mechanism that will support all
services required
 however one particular element underlies
many of the security mechanisms in use:
 cryptographic techniques

33
 Security Mechanisms (X.800)
 specific security mechanisms: may be
incorporated into the protocol layer in order to provide some
of the OSI security services
 encipherment, digital signatures, access
controls, data integrity, authentication exchange,
traffic padding, routing control, notarization
 pervasive security mechanisms: not
specific to any particular OSI security service or protocol
layer.
 trusted functionality, security labels, event
detection, security audit trails, security recovery

34
SPECIFIC SECURITY MECHANISMS

Encipherment: The use of mathematical algorithms to

transform data into a form that is not readily intelligible.

Digital Signature: Data appended to, or a cryptographic

transformation of, a data unit that allows a recipient of the
data unit to prove the source and integrity of the data unit
and protect against forgery (e.g., by the recipient).

Access Control: A variety of mechanisms that enforce

access rights to resources.

Data Integrity: A variety of mechanisms used to assure

the integrity of a data unit or stream of data units.
35
Authentication exchange: A mechanism intended to
ensure the identity of an entity by means of information
exchange.

Traffic Padding: The insertion of bits into gaps in a data

stream to frustrate traffic analysis attempts.

Routing Control: Enables selection of particular

physically secure routes for certain data and allows
routing changes, especially when a breach of security is
suspected.

Notarization: The use of a trusted third party to assure

certain properties of a data exchange.

36
PERVASIVE SECURITY MECHANISMS

Mechanisms those are not specific to any particular OSI

security service or protocol layer.

Trusted Functionality: That which is perceived to be

correct w.r.t some criteria (e.g., as established by a
security policy).

Security Label: The marking bound to a resource (which

may be a data unit) that names or designates the security
attributes of that resource.

37
Event Detection: Detection of security relevant events.

Security Audit Trail: Data collected and potentially used

to facilitate a security audit, which is an independent
review and examination of system records and activities.

Security Recovery: Deals with requests from

mechanisms, such as event handling and management
functions and takes recovery actions.

38
Model for Network Security

39
 Model for Network Security
 using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service

40
Model for Network Access Security

41
Model for Network Access Security
 using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated
information or resources
 trusted computer systems may be useful
to help implement this model

42
 Internet Standards and RFCS
 Many of the n/w security protocols and applications specified
as Internet standards or defined in Internet RFCS i.e. Request
For Comments.

 Internet Society
 By universal agreement, an organization known as the
Internet Society is responsible for the development and
publication of standards for use over the Internet.
 The Internet Society is a professional membership
organization that oversees a number of board and task forces
involved in Internet development and standardization.
 It is the coordinating committee for Internet design,
engineering and management.

43
 Three organizations under the Internet Society are
responsible for the actual work of standards
development and publication
 Internet Architecture Board (IAB)
- responsible for defining overall architecture of
the internet, providing guidance and broad
direction to the IETF.
 Internet Engineering Task Force (IETF)
- the protocol engineering and development arm of
the internet.

Internet Engineering Steering Group (IESG)
- responsible for technical management of IETF
activities and the internet standards process.
44
Request For Comments (RFC)
 RFCS are the working notes of the Internet
research and development community

45
Standardization Process
The decision of which RFCS become Internet standards
is made by the IESG, on the recommendation of the
IETF. To become a standard, a specification must meet
the following criteria

 Stable and well understood

 Technically competent
 Substantial operational experience
 Significant public support
 Useful in some or all parts of Internet

46
Internet RFC Publication Process

47
 The white boxes represent temporary states.
However a document must remain in proposed standard
for at least six months and in a draft standard for at least
four months to allow time to review and comment .

 The gray boxes represent long term states that may

be occupied for years.
For a specification to be advanced to Draft Standard
status, there must be at least two independent and
interoperable implementations from which adequate
operational experience is to be obtained.
After this it is elevated to Internet Standard.
Now it is assigned with STD number as well as RFC
number and finally when protocol becomes obsolete, it is

assigned to Historic rate. 48

 Buffer Overflow
 A buffer overflow occurs when a program or process tries
to store more data in a buffer (temporary data storage
area) than it was intended to hold. Since buffers are
created to contain a finite amount of data, the extra
information – which has to go somewhere – can overflow
into adjacent buffers corrupting of overwriting the valid
data held in them.
 It may occur accidentally through programming error,
buffer overflow is an increasingly common type of security
attack on data integrity. In buffer specific actions, in effect
sending new instructions to the attacked computer that
could for example, damage the user’s files, change data or
disclose confidential information
 Buffer overflow attacks are said to have arisen because
the C programming supplied the framework and poor
programming practices supplied the vulnerability 49
 In July 2000, a programming flow made it possible for an
attacker to compromise the integrity of the target computer
by simply it sending an e-mail message.

 Unlike the typical e-mail virus, users could not protect

themselves by not opening attached files; in fact the user did
not even have to open the message to enable the attack.

 The programs message header mechanisms had a defect

that made it possible for senders to overflow the area with
extraneous data.

 Buffer overflow vulnerabilities are one of the most common

vulnerabilities. These kinds of vulnerabilities are perfect for
remote access attacks because they give attacker a great
opportunity to launch and execute their attack code on the
target computer.

50
 Buffer overflow attack occurs when the attacker intentionally
enters more data than a program was written to handle. The
extra data overwrites on top on another portion of memory
that was meant to hold something else, like part of the
program’s instructions. This allows an attacker to overwrite
data that controls the program and can takeover control of
the program to execute the attackers code instead of the
program.

 The best defense against any of these attacks is to have

perfect programs. In ideal circumstances, every input in
every program would do bounds checks to allow only a given
number of characters. Therefore, the best way to deal with
buffer overflow problems is to not allow them to occur in the
first place.

51
 Format String Vulnerability
 Format string vulnerability is a common programming error in which
a user can control the format parameter to a function such as
printf () or syslog(). These functions take a format string as
parameter that describes how the other parameters should be
interpreted.

 For example: the string %d specifies that a parameter should be

displayed as a signed decimal integer while %s specifies that a
parameter should be displayed as an ASCII string. Format strings
give you a lot of control over how data is to be interpreted and this
control can sometimes be abused to read and write memory in
arbitrary locations.

 To take advantage of format string vulnerability, an attacker gets a

computer to display a string of text characters with formatting
commands. By carefully manipulating the formatting commands, the
attacker can trick the computer into running a program. Format
string bugs are the new trend in computer security vulnerabilities
52
 In the C programming language there are a number of
functions which accept a format string as an argument.
These functions include fprintf, printf, sprintf, snprintf,
vprintf, vsprintf, vsnprintf, setproctitle, syslog and
others.

 Format string vulnerability attacks fall into three

categories:

1. Denial of service: These attacks are characterized

by utilizing multiple instances of the %s format
specifier to read off of the stack until the program to
crash.
2. Reading: These attacks typically utilize the %x
format sepcifier to print sections of memory that we
do not normally have access to.
3. Writing: These attacks utilize the %d, %u or %x
format specifiers to overwrite the Instruction Pointer
and force execution of user-supplied shell code.
53
 TCP Session Hijacking
 TCP session hijacking is when a hacker takes over a
TCP session between two machines. Since most
authentication only occur at the start of a TCP session,
this allows the hacker to gain access to machine.

 A popular method is using source-routed IP packets.

This allows a hacker at point A on the network to
participate in a conversation between B and C by
encouraging the IP packets to pass through its machine.

 If source-routing is turned off, the hacker can use “blind”

hijacking whereby it guesses the responses of the two
machines. Thus the hacker can send a command but
can never see the response. However a common
command would be to set a password allowing access
from somewhere else on the net.
54
 TCP session hijacking is a much more complex and
difficult attack, the purpose of this attack is not to deny
service, but to pretend to be an authorized user in order
to gain access to a system.
 This important thing to realize about TCP session
hijacking is that typical security mechanisms such as
usernames and passwords and even strong
authentication such as RADIUS with SecureID tokens
are completely bypassed because the attacker waits
until after the session is established and the victim is
authenticated to hijack the connection.

55
 Based on the anticipation of sequence numbers there
are two types of TCP hijacking:

 Man-in-the-middle (MITM): Here a hacker can also be

“inline” between B and C using a sniffing program to
watch the sequence numbers and acknowledge
numbers in the IP packets transmitted between B and C.
and then hijack the connection.
 Blind Hijacking: If an attacker cannot be able to sniff
the packets and guess the correct sequence number
expected by server you have to implement “Blind
Session Hijacking”. You have to brute force four billion
combinations of sequence number which will be an
unreliable task.

56
 UDP Hijacking
 Hijacking a session over a UDP is exactly the same as over TCP,
except that UDP attackers do not have to worry about the overhead
of managing sequence numbers and other TCP mechanisms.
 Since UDP is connectionless, injecting data into a session without
being detected is extremely easy.
 The following figure shows how an attacker could do this:
UDP Request
Forges a reply
before
the server
replies

 DNS queries, online games like the Quake series and Half-life and
peer-to-peer sessions are common protocols that work over UDP,
all are popular targets for this kind of session hijacking.
57
 ARP Spoofing
 ARP Spoofing, also known as ARP poisoning, is a
technique used to attack an Ethernet network which may
allow an attacker to sniff data frames on a switched local
area network (LAN) or stop the traffic altogether
 The principle of ARP Spoofing is to send fake or spoofed
ARP messages to an Ethernet LAN. These frames contain
false MAC addresses, confusing network devices such as
network switches. As a result frames intended for one
machine can be mistakenly sent to another or an
unreachable host.
 ARP Spoofing can also be used in a MITM attack in which
all traffic is forwarded through a host with the use of ARP
spoofing and analyzed for passwords and other
information.
 Using static ARP records can be effective methods of
defense against ARP spoofing attacks. There are also
certain tools available that watch the local ARP cache and
report to the administrator if anything unusual happens.
58
 ARP Spoofing, ARP denial of service etc are possible
ARP attacks. There is no need to send out an ARP
request to receive an ARP response. If a spoofed
response arrives, the cache is updated. ARP replies are
forged. Corrupting cache is called poisoning

 ARP is used in four cases of two hosts communicating

1. When two hosts are on the same network and one
desires to send a packet to the other
2. When two hosts are on different networks and must

use a gateway/router to reach the other host

3. When a router needs to forward a packet for one
host through another
4. When a router needs to forward a packet from one
host to the destination host on the same network 59
 The first case is used when two hosts are on the
same physical network. The last three cases are the
most used over the internet as two computers on
the internet are typically separated by more than
three hops.
 Imagine computer A sends a packet to computer D
and there are two routers B and C between them.
Case 2 covers A sending to B; Case 3 covers B
sending to C; Case 4 covers C sending to D.

60
 Route Table Modification
 Typically, an attacker would be able to put himself in such a
position to block packets by modifying routing tables so that
packets flow through a system he has control of (Layer 3
redirection), by changing bridge tables by playing games with
spanning-tree frames (Layer 2 redirection), or by rerouting
physical cables so that the frames must flow through the
attacker’s system (Layer 1 redirection).The last technique
implies physical access to your cable plant, so perhaps you’ve
got much worse problems than TCP session hijacking in that
instance.
 Most of the time, an attacker will try to change route tables
remotely.

61
 Summary

 security attacks, services, mechanisms

 models for network (access) security
 Internet Standards and RFCS

62