20/08/2018

Network Security
VASUDEV DEHALWAR

Syllabus
Introduction to Network security: Network security needs.
Threats to network security,
Kind of computer security. security policies, security
mechanisms,
Attacks,
Security tools and Basic Cryptography,
Transposition/Substitution, Block Cipher Principles,
Introduction to Symmetric crypto primitives, Asymmetric
crypto primitives, Secret Key Cryptography, Data Encryption
Standard (DES), Message Digests,
MD5, Message Authentication and Hash Functions, Hash
And Mac Algorithms, RIPEMD , HMAC,

1
 20/08/2018

Syllabus cont.
Principles of Public Key Cryptosystems, Diffie Hellman Key
Exchange
Elliptic Curve Cryptography, Cryptanalysis, SHA-1, RSA,
Selection of public and private keys. Key distribution centres
and certificate authorities,
digital signature standards (DSS), proof of digital signature
algorithm. Kerberos, Real-time Communication Security, IPsec,
Electronic Mail Security. Firewalls and Web Security, Intruders
and Viruses, trusted system, password management.
Cyber crime, zero knowledge proof, malware – privacy, honey
pot, defence programming, web application vulnerability, DHS
, attack , semantic attack, DOS, DDOS, wireless attack.

Book

Cryptography and Network Security William

Stallings
Cryptography and Data Security by Dorothy
Elizabeth Robling Denning

2
 20/08/2018

Definitions
Data is any type of stored digital information.
Security is about the protection of assets.
Prevention: measures taken to protect your
assets from being damaged.
Detection: measures taken to allow you to
detect when an asset has been damaged,
how it was damaged and who damaged it.
Reaction: measures that allow you to
recover your assets.

Data Security and Compliance

Necessity of exposure, and the risk

Customers Competitors
Employees
(remote workers,
mobile workers)

Business Partners Hackers

(suppliers, outsourcers,
consultants)

Contractors
Employees
Temporaries
Visitors
6 Sensitive Data SOURCE: FORRESTER RESEARCH

3
 20/08/2018

Information Leaks: How Do They Occur?

Confidential Customer
Information R&D Customer Data
Company Info SSN, Salaries
Service Customer Name
Marketing Plans

Your Data

Sales Contractors

Patient Financials
Information Upcoming reports
Sent by Customer M&A
Service Rep Doctors Finance

An information leak occurs when sensitive customer data or

company information is distributed within or outside the enterprise in
7
violation of regulatory or company policies

4
 20/08/2018

CYBER CRIME
The type of crime in which computers are used both
as tool as well as target are:
 FinancialCrimes involving cheating, credit card
frauds, money laundering, etc.
 Cyber Pornography involving production and
distribution of pornographic material.
 Sale of illegal articles such as narcotics, weapons,
wild life etc.
 Online Gambling

CYBER CRIME
 IntellectualProperty Crimes such as theft of
computer source code, software piracy,
copyright infringement, trademark violations,
etc.
 Harassments such as Cyber Stacking, cyber
defamation, indecent and abusing mails, etc.
 Forgery of documents including currency and
any other documents
 Deployment of viruses, Trojans and Worms
 Cyber Attacks and Cyber Terrorism

5
 20/08/2018

Audit Standards
Data Security is subject to several types of
audit standards and verification.
The most common are ISO 17799, ISO 27001-
02, PCI, ITIL, SAS-70, HIPPA, SOX
Security Administrators are responsible for
creating and enforcing a policy that forms to
the standards that apply to their organizations
business.

Security Policy
A security policy is a comprehensive document
that defines a companies’ methods for prevention,
detection, reaction, classification, accountability
of data security practices and enforcement
methods.
It generally follows industry best practices as
defined by ISO 17799,27001-02, PCI, ITIL, SAS-70,
HIPPA , SOX or a mix of them.

6
 20/08/2018

Security Policy
The security policy is the key document in
effective security practices.
Once it has been defined it must be
implemented and modified and include any
exceptions that may need to be in place for
business continuity.
All users need to be trained on these best
practices with continuing education at
regular intervals.

Security Risk 14
The increased deployment and dependence of ICT
makes the system vulnerable to attacks.
The attackers may steal critical information from the
system or mislead the system by giving false
information.
Developing the trust management system and
authentication of messages & devices are essential.
The risk assessment is a scientific method to recognize
the potential risks to Smart Grid and its impact on the
grid.
Threat = Probability of threat × Damage Potential

7
 20/08/2018

Tools to Monitor Secure Data

Walk around and look for passwords in the
open.
Event Viewer / Log Files
Intrusion Detection/ Protection systems
(IDS/IPS) such as SNORT (free open source
network intrusion detection system (IDS)).
These will alert Administrators of suspicious
data flows.

Tools to Monitor Secure Data

Set up SNMP monitoring servers to monitor
and alert for everything.
This will alert Administrators to everything
from unusual bandwidth usage to
hardware failure.
It is key to know what's going on with your
systems and network.

8
 20/08/2018

Basic Concepts and Terminology

Vulnerability
Threat
Attack
Security concepts:
Confidentiality, Integrity, Availability
Security Service

Vulnerability

Some state of the system of being open to

attacks or injuries.
Example in house analogy:
“Open Door” is the vulnerability for thieves

9
 20/08/2018

Threat
A statement of an intention to injure,
damage or any other enemy action.
A potential for violation of security.
In case of “house” example:
“Loss of Money” is a threat

4 kind of threats:
Interception
Interruption
Modification
Fabrication

10
 20/08/2018

Interception – unauthorized access to a data.

For example,
Illegal copying of program or data files

Interruption – a data of the system becomes lost,

unavailable, or unusable.
Examples include
Erasure of a program or data file
Malicious destruction of a hardware device

11
 20/08/2018

Modification – unauthorized, change tamper with

a data.
For example,
Someone might change the values in a database

Fabrication – E.g. Unauthorized insertion to a existing

database.

Source: https://genesisdatabase.wordpress.com/

12
 20/08/2018

Attack
An assault on system security
A deliberate attempt to evade security services

Kind of attacks:
Passive attacks
Active attacks

Passive Attacks

13
 20/08/2018

Passive Attacks (cont.)

Active Attacks

14
 20/08/2018

Active Attacks (cont.)

Triad CIA: Confidentiality, Integrity, Availability

The most significant factors that are responsible for information security
are:

15
 20/08/2018

Availability
Availability stands for reliable and timely
access to information to an authorized
object/user.
Availability provides an assurance to an
uninterrupted access to information.
It also ensures backup of the data to
prevent data loss due to interruption.

Attack
Denial of services (DoS) can congest the
network with unwanted request thereby
choking the communication network.
Spoofing attack can allow a malicious
program to masquerades as a genuine
program and falsify the data to gain control
of the system.

16
 20/08/2018

Data Integrity
Maintaining the veracity of the
data/information and right to modify by
authorized object/user.
It is an assurance that the data is unaltered
from its original shape.
Additionally, activity log should be
maintained to keep trail of activities for
reference.

Attack
The process to maliciously modify or destroy
information with an intent to harm the normal
functioning of the system is an attack on data
integrity
Trojan horse, SQL injection attack, etc. are an
attack on the integrity of data.
“Internet-based load-altering attack” is an
attempt to control and change (usually
increase) certain load types that are
accessible through the Internet in order to
damage the grid.

17
 20/08/2018

Confidentiality
Preserving the information, information access
and disclosure, including the means to access
the personal and private information is an
objective of confidentiality.
Confidentiality provides an assurance that the
data will not be disclosed to unauthorized
person/entity while in storage, in the process and
in transit.
The loss of confidentiality leads to exposing the
data to the unauthorized user which may use it
for illegitimate activities.

Attack
Attack on confidentiality include password
hacking, capturing network traffic, port
scanning, eavesdropping, Key logger,
wiretapping, etc.

18
 20/08/2018

Information Security Discipline

Information Security

Access Control
Availability Integrity Confidentiality
End-user security
- Intrusion / Hacking
- Malware
Network
Authentication
Security

Trust Transaction Security

Web-security
Management - SSL/ - TSL

Content Filtering
Key Distribution
- Firewalls,
- PKI Nonrepudiation
- Spam Filters,
- End-to-End security - Censorware and - Wiretaps

Authentication
Verifying the genuineness of the message,
message generator, transmission medium
and the process itself are essential for
authentication.
Authentication verifies the source of
information and its integrity.
Identification and authentication are always
used together as a single two-step process.

19
 20/08/2018

Attack
Data and identity stealing and Phishing are
such types of attack.

Communication and Network Security

When the data passes through the
communication medium, many intruders
may eavesdrop on the passing information.
The confidentiality of information may be
breached due to the reckless behavior of
the intruders. The intruder may try many tricks
to gain information.

20
 20/08/2018

Attack
Man in the middle attack, data theft, and
eavesdropping are a type of the attack
prevalent in communication and network.

Web security
The strong demand for e-Commerce has
enabled wide use of TCP/IP based client-server
communication.
The financial transaction requires end-to-end
security. A. End-user security

Additionally, many applications are migrating to

cloud based computing, the load on web-
servers will also increase.
The online applications are a honey pot for the
attackers who may exploit the security flaws in
the system.

21
 20/08/2018

Attack
Falsification of data, Phishing, etc. are an
example of attacks on web security.
The recent ransomware attack on many
systems world-over is an example of attack
on client-server based communication.
Similarly, WikiLeaks also used the security
vulnerabilities to leak/steal internal
confidential and private information either
through intrusion or insider attack.

End-user security
Data acquisition at end-user is a prominent
activity in Network.
Integrating cyber security management at
end user is best practice for robust and
secure end-user device.
Minimizing threats at data acquisition can
reduce security risk manifold in the system.

22
 20/08/2018

Attack
The end-user devices are vulnerable to attack
by malware (virus/worm). These malwares can
alter the specifications of the software and
corrupt the integrity of the data. It can steal
the information stored on the system.
Viruses, backdoors and logic bombs are such
examples.
Independent malwares are a self-contained
program that runs with the support of the
operating system. These programs can perform
unauthorized, unwanted or harmful activities.

Major Web-based Vulnerabilities 46

The major web-based security weakness are:-
i. SQL, OS and LDAP injections
ii. Broken Authentication and Session Management
iii. Sensitive Data Exposure
iv. XML External Entity Injection
v. Broken Access Control
vi. Security Misconfiguration
vii. Cross-Site Scripting (XSS)
viii. Insecure Deserialization of Untrusted Data
ix. Using Components with Known Vulnerabilities
x. Insufficient Logging and Monitoring.

23
 20/08/2018

i. SQL, OS and LDAP Injections 47

The web-applications uses scripting languages to get
information from the server. The database queries are
often fired through these scripting languages.
SQL queries is one such query language used to get
information from web-server.
The attacker inserts malicious SQL code into a genuine
SQL code to perform nefarious activities.
The SQL injection attack allows the attacker to tamper
with the database, spoof identity, destroy database or
become the administrator of the database.
Similarly, inserting an untrusted data into the flaws found
in Operating System (OS), LDAP (Lightweight Directory
Access Protocol), XML parsers, etc. can
manipulate/corrupt the data.

ii. Broken Authentication and Session Management 48

Transfer of session information and account
management data (account creation, change the
password, recover the password, session-id, etc.)
over the public medium is exposed to the attacker if
session-id and user credentials are not protected.
The session-id should be set for a single session using
the single-sign-on token, thereafter the token must
be invalidated once sign-out by the user (setting a
timeout).
If the integrity and authenticity of the session is
compromised then the session can be hijacked by
the imposter by guessing the user credentials and
gaining full control of the session.

24
 20/08/2018

iii. Sensitive Data Exposure 49

The confidentiality of sensitive information such as
credit card, health records, password, etc. must be
protected.
The data should be stored in encrypted form with a
strong crypto key.
The online transaction should also use SSL/TLS for
security.
The attacker may use cookies to identifies the user’s
session and to access personal data.
If the attacker can crack one password he can
retrieve all the stored passwords by recalculating the
hash function.
Also caching should be disabled for pages that
contain sensitive information.

iv XML external entity Injection 50

It attacks applications that parses XML data
input.
A weakly configured XML parser may lead to an
attack on XML input that contains reference to
an external entity.
Attacker may runs remote code execution to
extract confidential information, port scanning
details, etc. of the perspective server.
M2M communication uses many XML based
communication, therefore validation of XML
parser must be done to minimize the risk.

25
 20/08/2018

v Broken Access Control 51

The permissions are granted to an authorized

person with certain privileges.
Sometimes implementation of access control for
different task become so weird that their
interdependence creates a problem.
This interdependence flaws are not easily visible,
but multiple focused queries by an attacker may
reveal an access flaw that can be exploited.

vi Security Misconfiguration 52
If the security is not hardened across different
application stack then may application/software will
become vulnerable.
The instances of security misconfiguration are:-
 Outdated software including Operating System,
Web Server, DBMS and libraries,
 Enabling/ disabling unwanted features,
 Unauthorized delivery of error messages.
Periodical audit of the installed software can detect
possible security misconfiguration.

26
 20/08/2018

vii Cross-Site Scripting (XSS) 53

Cross-site Scripting (XSS) is a client-side code injection attack
where an attacker can execute malicious scripts/payload in
a legitimate website or web application.
The attacker injects client-side scripts into web pages viewed
by other users. When the user visits the vulnerable
website/web-application, the website delivers the malicious
script to the victim’s browser.
The XSS take advantage of Ajax, JavaScript, VBScript,
ActiveX, etc. to mount an attack.
If the server side validation of input data is carried out
properly the attack can be prevented.

viii Insecure Deserialization of Untrusted data 54

Serialization is a process of writing the data as a string
or as raw binary for data transfer over a network.
Conversely, deserialization is the process of retrieving
the raw data from a file or a network socket for
reconstructing the object model.
The data which is untrusted cannot be deserialized
without sufficiently verifying that the resulting data is
valid/genuine.
The unsterilized data can be modified by an attacker
if it is not protected by the cryptographic function.

27
 20/08/2018

ix Using Components with Known Vulnerabilities 55

The open source uses feedback of know
vulnerabilities in a software or application.
These vulnerabilities are reported to a central
clearinghouse which is searchable on their
website.
Determining the vulnerable libraries from this
database and using the same known
vulnerabilities to mount an attack on the
server elseware.

x Insufficient Logging and Monitoring 56

Information
If the software is not properly configured
on network nodes, the activities on the
network can neither be monitored nor its
trace can be extracted.
Proper incident reporting and timely
help from solution provider can help to
fix the problem and prevent a future
attack.

28