Transcript Slide 1
What is Computer Networking?
In the world of computers, networking is the practice of
linking two or more computing devices together for the
purpose of sharing data. Networks are built with a mix of
computer hardware and computer software.
Distrust and caution are the
parents of security.
— Benjamin Franklin
We will bankrupt ourselves in
the vain search for absolute
security.
— Dwight D. Eisenhower
Network security consists of the provisions
and policies adopted by the network administrator to
prevent and monitor unauthorized access, misuse,
modification, or denial of the computer network and networkaccessible resources.
The main aim of network security is to ensure that the users
are authentic, next to make sure that the users are allowed
access to only those features which they are entitled to. Finally,
it tries to block and prevent all potential misuse and
deliberate damage inflicted upon by a user with malicious
intentions .
Network security starts from authenticating the user,
commonly with a username and a password. Since this
requires just one thing besides the user name, i.e. the
password which is something you 'know', this is sometimes
termed one factor authentication. With two factor
authentication something you 'have' is also used (e.g.
a security token or 'dongle', an ATM card, or your mobile
phone), or with three factor authentication something you
'are' is also used (e.g. a fingerprint or retinal scan).
Once authenticated, a firewall enforces access policies such as what
services are allowed to be accessed by the network users. Though
effective to prevent unauthorized access, this component may fail to
check potentially harmful content such as computer
worms or Trojans being transmitted over the network.
Anti-virus software or an intrusion prevention system (IPS) help
detect and inhibit the action of such malware. An anomaly-based
intrusion detection system may also monitor the network
and traffic for unexpected (i.e. suspicious) content or behavior and
other anomalies to protect resources, e.g. from denial of
service attacks or an employee accessing files at strange times.
Individual events occurring on the network may be logged for audit
purposes and for later high level analysis.
Security holes manifest themselves
in (broadly) four ways:
1)PHYSICAL SECURITY HOLES
2)SOFTWARE SECURITY HOLES
3)INCOMPATIBLE USAGE
SECURITY HOLES
4)CHOOSING AND MAINTAINING
SECURITY PHILOSOPHY
1) Physical Security Holes.
Where the potential problem is caused by giving unauthorized
persons physical access to the machine, where this might allow them to
perform things that they shouldn't be able to do.
A good example of this would be a public workstation room where it
would be trivial for a user to reboot a machine into single-user mode
and tamper with the workstation file store, if precautions are not taken.
Another example of this is the need to restrict access to confidential
backup tapes, which may (otherwise) be read by any user with access to
the tapes and a tape drive, whether they are meant to have permission
or not.
2) Software Security Holes
Where the problem is caused by badly written items of "privileged"
software (daemons, cron-jobs) which can be compromised into doing things
which they shouldn't.
3) Incompatible Usage Security Holes
Where, through lack of experience, or no fault of his/her own, the System
Manager assembles a combination of hardware and software which
when used as a system is seriously flawed from a security point of view .
It is the incompatibility of trying to do two unconnected but useful
things which creates the security hole. Problems like this are a pain to
find once a system is set up and running, so it is better to build a system
with them in mind.
4) Choosing a suitable security philosophy and
maintaining it.
The fourth kind of security problem is one of perception and
understanding. Perfect software, protected hardware, and compatible
components don't work unless you have selected an appropriate security
policy and turned on the parts of your system that enforce it. Security is
relative to a policy (or set of policies) and the operation of a system in
conformance with that policy
Step 1:
Knowledge of system control structure.
To find security holes, and identifying design weaknesses it is necessary
to understand the system control structure, and layers. One should be
able to list the following :
1) Security objects : items to be protected
2) Control objects : items that protect security objects.
3) Mutual objects : objects in both classes.
With such a list, it is possible to graphically represent a control
hierarchy and identify potential points of attack.
Step 2: Generate an inventory of suspected flaws.
(i.e. flaw hypotheses)
Step 3: Confirm hypotheses. (test and exploit flaws)
Step 4: Make generalizations of the underlying system weaknesses, for
which the flaw represents a specific instance
A smart card, chip card, or integrated
circuit card (ICC) is any pocket-sized card with
embedded integrated circuits. Smart cards can
provide identification, authentication, data
storage and application processing. A quickly
growing application is in digital identification. In
this application, the cards authenticate identity.
The most common example employs PKI. The
card stores an encrypted digital certificate issued
from the PKI provider along with other relevant
information. Smart cards have been advertised
as suitable for personal identification tasks,
because they are engineered to be tamper
resistant. The chip usually implements
some cryptographic algorithm.
Biometrics comprises methods for
uniquely recognizing humans based
upon one or more intrinsic physical
or behavioral traits. In computer
science, in particular, biometrics is
used as a form of identity access
management and access control. It is
also used to identify individuals in
groups that are under surveillance.
Biometric characteristics can be divided in two main
classes:
Physiological are related to the shape of the body. Examples
include, but are not limited to fingerprint, face
recognition, DNA, Palm print, hand geometry, iris recognition, which
has largely replaced retina, and odour/scent.
Behavioral are related to the behavior of a person. Examples
include, but are not limited to typing rhythm, gait, and voice. Some
researchers have coined the term ‘behaviometrics’ for this class of
biometrics.
It is possible to understand if a human characteristic can be used for
biometrics using some distinguishing parameters.
A biometric system can operate in the following two modes:
Verification – A one to one comparison of a captured biometric
with a stored template to verify that the individual is who he
claims to be. Can be done in conjunction with a smart card,
username or ID number.
Identification – A one to many comparison of the captured
biometric against a biometric database in attempt to identify an
unknown individual. The identification only succeeds in identifying
the individual if the comparison of the biometric sample to a
template in the database falls within a previously set threshold.
A firewall is a part of a computer system or network that is
designed to block unauthorized access while permitting authorized
communications. It is a device or set of devices that is configured
to permit or deny network transmissions based upon a set of rules
and other criteria.
A firewall is simply a program or hardware device that filters the information
coming through the Internet connection into your private network or computer
system. If an incoming packet of information is flagged by the filters, it is not
allowed through.
Firewalls use one or more of three methods to control traffic flowing in
and out of the network:
Packet filtering - Packets (small chunks of data) are analyzed against a
set of filters. Packets that make it through the filters are sent to the
requesting system and all others are discarded.
Proxy service - Information from the Internet is retrieved by the
firewall and then sent to the requesting system and vice versa.
Stateful inspection - A newer method that doesn't examine the
contents of each packet but instead compares certain key parts of the
packet to a database of trusted information. Information traveling from
inside the firewall to the outside is monitored for specific defining
characteristics, then incoming information is compared to these
characteristics. If the comparison yields a reasonable match, the
information is allowed through. Otherwise it is discarded.
Overview
Introduction
What is a Cookie? Basic Facts
Scope of Cookies
Cookie based Marketing
Cookies, Privacy & Legislation
Hackers, Crackers & Network Intruders
Hacker Terms
Types Of Hackers
Gaining Accesses
Cyber Law
Areas Of Laws
Information Technology Act
What is a Cookie?
Short pieces of text generated during
web activity and stored in the user’s
machine for future reference
Instructions for reading and writing
cookies are coded by website authors
and executed by user browsers
Developed for user convenience to
allow customization of sites without
need for repeating preferences
Cookie Facts
Most Cookies store just 1 data value
A Cookie may not exceed 4 Kb in size
Browsers are preprogrammed to allow a
total of 300 Cookies, after which
automatic deletion based on expiry date
and usage
Cookies have 3 key attributes: name,
value and expiry date
Cookie Scope: Cannot Do
Have automatic access to personal
information like name, address, email
Read or write data to hard disk
Read or write information in cookies
placed by other sites
Run programs on your computer
Cookie Scope: Can Do
Store and manipulate any information
you explicitly provide to a site
Track your interaction with parent site
such as pages visited, time of visits,
number of visits
Use any information available to web
server including: IP address, Operating
System, Browser Type
Cookie Code
Cookies may be read/written by
server-side or client-side code
Server-side Cookies are executed by
the web server and instructions included
in HTTP header for the page
Server-side Cookie languages:
Perl/CGI, ASP/VBScript
Client-side scripts: JavaScript
embedded in page HTML
A Typical Cookie Algorithm
Start:
On page load
Read Cookie
Is
Cookie
empty?
Y
Write new Cookie.
Prompt for info if
necessary.
N
Use Cookie info to
customize/login etc
Update Cookie
Continue loading
page…
© Ravi Pai Panandiker
Cookie based Marketing - Schema
Web Server
Ad Server
SEND - User ad server id
- IP address
GET - Consumer profile and/or
- Targeted banner ad
SEND
- Regular page content
GET
- Targeted advertising
- Cookie based info
- User ad server id
- IP address
User Computer
© Ravi Pai Panandiker
Cookie Viruses?
On most platforms, Cookies are stored as text
only files. To cause damage the Cookie must
be an executable
On Windows, text files are non-executable
and would open in a text editor if double
clicked
In general, there are easier loopholes for a
hacker in ActiveX controls, Outlook Express
etc
The threat from Cookies is not from what they
can do to your computer but what information
they may store and pass on
Hackers, Crackers, and
Network Intruders
Hacker Terms
Hacking - showing computer expertise
Cracking - breaching security on software or systems
Phreaking - cracking telecom networks
Spoofing - faking the originating IP address in a datagram
Denial of Service (DoS) - flooding a host with sufficient
network traffic so that it can’t respond anymore
Port Scanning - searching for vulnerabilities
Types of hackers
Professional hackers
Black Hats – the Bad Guys
White Hats – Professional Security Experts
Script kiddies
Mostly kids/students
User tools created by black hats,
– To get free stuff
– Impress their peers
– Not get caught
Underemployed Adult Hackers
Former Script Kiddies
Can’t get employment in the field
Want recognition in hacker community
Big in eastern european countries
Ideological Hackers
hack as a mechanism to promote some political or ideological
purpose
Usually coincide with political events
Gaining access
Front door
Password guessing
Password/key stealing
Back doors
Often left by original developers as debug and/or diagnostic
tools
Forgot to remove before release
Trojan Horses
Usually hidden inside of software that we download and
install from the net (remember nothing is free)
Many install backdoors
Judiciary and IT Act 2000
The judicial bodies are not fully aware of Cyber crime and
the way in which investigations are carried out.
Although Cyber law courses available in India, it is difficult
to find a experienced cyber lawyer who is aware of Forensic
analysis and technical terms.
It is difficult to convince judicial bodies including judges and
the tribunal when evidence is in a digital format.
There is no legal procedure for collecting, analyzing and
presenting evidence in the court of law. Hence the defense
lawyer can always anticipate a ambiguity.
There are certain shortcomings of the Information
Technology Act, 2000 with regard to identity theft,
spamming, pornography, data protection and internet
banking.
Cyber Crimes
What is Cybercrime?
Online activities are just as vulnerable
to crime and can compromise personal
safety just as effectively as common
everyday crimes.
Types of Cyber Crime
•Assault by Threat
•Child Pornography
•Cyber Contraband
•Cyberlaundering
•Cyberstalking
•Cyberterrorism
•Cybertheft
•Assault by Threat
Threatening a person with fear for their lives
or the lives of their families or persons whose
safety they are responsible for (such as
employees or communities) through the use
of a computer network such as email, videos,
or phones.
•Child Pornography
The use of computer networks to create,
distribute, or access materials that sexually
exploit underage children.
•Cyber Contraband
Transferring illegal items through the internet (such
as encryption technology) that is banned in some
locations.
•Cyber-laundering
Electronic transfer of illegally-obtained monies with
the goal of hiding its source and possibly its
destination.
•Cyber-stalking
Express or implied physical threats that creates fear
through the use of computer technology such as
email, phones, text messages, webcams, websites
or videos.
•Cyber-terrorism
Premeditated, usually politically-motivated violence
committed against civilians through the use of, or
with the help of, computer techology.
•Cyber-theft
Using a computer to steal. This includes activities
related to: breaking and entering, DNS cache
poisoning, embezzlement and unlawful
appropriation, espionage, identity theft, fraud,
malicious hacking, plagiarism, and piracy.