INFORMATION

SECURITY
Engr. Mohammad Dawood
Assistant Professer
Department Of Computer Systems
Engineering & Sciences
outline
The need for network security
The Network security problem
Different types of attacks
Malicious and Non-Malicious Program Flaws
Protection in operating systems
Spoofing
Intrusion Detection Systems
Firewalls
Operating Systems Hardening
Device security
Honeypots and honeynets

Computer Network Security 2

Module objectives
Understand
Why we need network security
The nature of the network security problem
Defensive strategies
The gold standard
History

Computer Network Security 3

The need for network security
Why do you need to take this course?
Credit towards degree
An easy A
Value for your organization

Computer Network Security 4

The need for network security
Value of an organization’s data
Personnel information
Financial information
Intellectual property
Proprietary information
Contact lists

Computer Network Security 5

The need for network security
Organizations that are at risk:
Corporate financial systems
Credit card processing systems
ATMs
Telephone systems
Emergency response infrastructure
Air traffic control
Power system

Computer Network Security 6

The need for network security
Almost all processes automated
No manual alternative
In case of a crash, restoration is essential

Computer Network Security 7

Nature of problem
Common belief: Computers are digital
devices, sharp 1s and 0s, so perfect security
should be possible
Not true
Too many contributing factors: too many
people and too many programs involved
A reasonable goal would be as good as real-
world security

Computer Network Security 8

Nature of problem-differences
Variety of attack methods
Can attack a lot more places
Can attack a lot more quickly
Can attack with relative anonymity
All without spending too many resources

Computer Network Security 9

Defensive strategies
Access Control
Keep everybody out. Disconnect your PC from the
network, and only install programs that you wrote
yourself. It will be secure, but it will be more
difficult to be worked on.
Keep the bad guy out. This can be done in a
variety of ways, such as code signing and
firewalls.
You can let the bad guy in but keep him from
doing bad things by using sandboxing or access
control.

Computer Network Security 10

The gold standard
Authentication, authorization, and auditing, all start with
Au, so they are also known as the gold standard.
The principle of authentication is that you have a way of
knowing what principal is taking responsibility for the
request that is being made.
Principals are usually people, but can also be channels,
servers, and programs.
For example, typically in distributed applications,
communication channels are implemented by means of
encryption, and the encryption key acts as a principal.

Computer Network Security 11

Cont’d
The next step is to figure out whether or not that
request coming from that party ought to be
granted. This is authorization. Typically access is
granted to principals or group of principals.
Auditing keeps track of all the activity. Auditing
analyzed logs and access requests that were made
by principals that were either granted or denied.

Computer Network Security 12

ANY QUESTIONS
?

Computer Network Security 13

Scenario: 1
You are the Chief Information Security Officer (CISO)
of a financial institution that handles sensitive
customer data. One day, you receive a report that a
database containing customer information was
breached, and unauthorized access to the data may
have occurred. Explain how the principles of
confidentiality, integrity, and availability relate to
this security incident, and outline the steps you
would take to respond to the breach.

Computer Network Security 14

 Answer: In this scenario, the principles of confidentiality,
integrity, and availability (often referred to as the CIA triad)
play critical roles in information security:
1. Confidentiality: Confidentiality ensures that
sensitive data is protected from unauthorized
access. In this case, customer data in the database
must remain confidential. A breach threatens
confidentiality as it may expose customer
information to unauthorized individuals,
potentially leading to identity theft or fraud.
Computer Network Security 15
1. Integrity: Integrity ensures that data remains
accurate, complete, and unaltered. A breach can
compromise data integrity if attackers modify or
tamper with customer records. This could result
in financial inaccuracies, legal issues, and a loss of
trust.
2. Availability: Availability ensures that data and
systems are accessible when needed. A breach
can impact availability if it disrupts access to
customer data. Downtime can harm customer
service, disrupt operations, and lead to financial
losses.
Computer Network Security 16
 Response Steps:
1. Containment: Isolate the affected database and
restrict unauthorized access to prevent further
compromise of data. This step addresses both
confidentiality and integrity.
2. Notification: Notify affected customers and
regulatory authorities as required by law.
Transparency is crucial in maintaining trust.
3. Forensic Analysis: Conduct a forensic analysis to
determine the extent of the breach, identify the
attacker, and assess potential data alterations.
This step is essential for preserving integrity and
understanding the full scope of the incident.
Computer Network Security 17
4. Data Restoration: Restore the affected data to its
original state, ensuring data integrity. Verify backups
to confirm data accuracy.
5.Security Patching: Identify and address
vulnerabilities that allowed the breach. Implement
security patches and updates to prevent similar
incidents in the future.

Computer Network Security 18

6. Monitoring and Detection: Enhance monitoring
of network traffic and systems to detect and
respond to suspicious activities promptly. Intrusion
detection systems and anomaly detection can help.
7.Access Controls: Strengthen access controls and
authentication mechanisms to prevent unauthorized
access in the future, reinforcing confidentiality.
8.Employee Training: Educate employees about
security best practices, including recognizing
phishing attempts and maintaining the
confidentiality of sensitive data.
Computer Network Security 19
9. Legal and Regulatory Compliance: Ensure
compliance with data protection laws and
regulations regarding breach reporting and
customer notification.
10.Incident Response Improvement: Review and
update the incident response plan to incorporate
lessons learned from the breach, enhancing the
organization's ability to respond to future incidents.

Computer Network Security 20

Scenario:2
You are a network security analyst for a
medium-sized tech company. You've received
reports of security incidents, but it's not clear
whether these are common attacks or
exploits. Describe how you would
differentiate between common network
attacks and exploits in your investigation, and
provide examples of each.

Computer Network Security 21

 Answer: To differentiate between common
network attacks and exploits in a security
investigation, you need to understand the nature of
each and use specific criteria to categorize the
incidents correctly. Here's how you can do that,
along with examples of both attacks and exploits:

Computer Network Security 22

1: Common Network Attacks:
Common network attacks are malicious
activities or strategies aimed at disrupting or
compromising network resources, services,
or communication. These attacks often
target vulnerabilities or weaknesses in
network infrastructure. Criteria for
identifying common network attacks
include:
Computer Network Security 23
• Impact on Availability: Network attacks
typically disrupt or degrade network
availability, making services or resources
inaccessible to users.
• Attack Techniques: Look for known attack
techniques, such as DDoS (Distributed Denial
of Service) attacks, port scanning, or packet
flooding.
• Motivation: Attackers may seek to disrupt
services, overload network resources, or cause
inconvenience to users.
Computer Network Security 24
Example: DDoS Attack
• A massive influx of traffic overwhelms a
company's web server, causing it to become
unavailable to legitimate users.
• Attackers use a botnet to flood the network
with traffic, exhausting server resources and
bandwidth.

Computer Network Security 25

2: Common Exploits:
Common exploits are instances where attackers
take advantage of vulnerabilities in software,
applications, or systems to gain unauthorized
access, manipulate data, or execute malicious code.
Exploits are typically used as the means to achieve
malicious goals. Criteria for identifying common
exploits include:

Computer Network Security 26

• Vulnerability Exploitation: Exploits target
known vulnerabilities in software or systems,
taking advantage of flaws that may have
security patches available.
• Unauthorized Access: Attackers may aim to
gain unauthorized access to systems or
escalate their privileges to gain control.
• Malicious Payload: Exploits often involve the
delivery of malicious code or payload to the
target system.
Computer Network Security 27
Example: SQL Injection Exploit
• Attackers manipulate input fields in a web
application to inject malicious SQL code into a
database query.
• This manipulation allows them to view, modify,
or delete sensitive data in the database or
execute arbitrary commands on the server.

Computer Network Security 28

In your investigation, it's essential to gather
and analyze relevant data, including logs,
network traffic patterns, and system
configurations. By considering the impact,
attack techniques, motivations, and the
presence of known vulnerabilities, you can
distinguish between common network
attacks and exploits.

Computer Network Security 29