Scribd
Upload
22 views33 pages

Computer Security Attacks Overview

The document outlines a course on Network Security (18EC821) covering various topics including types of attacks, transport layer security, IP security, intrusion detection, and firewalls. It emphasizes the importance of security principles such as confidentiality, integrity, and access control, while also discussing malicious software and practical attack methods. The course aims to equip students with the knowledge to apply security concepts and engage in self-study related to network security applications.

Uploaded by

Sri Vani
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
22 views33 pages

Computer Security Attacks Overview

The document outlines a course on Network Security (18EC821) covering various topics including types of attacks, transport layer security, IP security, intrusion detection, and firewalls. It emphasizes the importance of security principles such as confidentiality, integrity, and access control, while also discussing malicious software and practical attack methods. The course aims to equip students with the knowledge to apply security concepts and engage in self-study related to network security applications.

Uploaded by

Sri Vani
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

NETWORK SECURITY

(18EC821)
Course Code : 18EC821
CIE Marks :40
Lecture Hours/Week : 3
SEE Marks : 60
Total Number of Lecture
Hours (08 Hrs / Module)
Exam Hours :03
CREDITS — 03
Module-1
Attacks on Computers and Computer Security: Need for Security, Security
Approaches, Principles of Security Types of Attacks. (Chapterl-Teth) L1, L2
Module-2
Transport Level Security: Web Security Considerations, Secure Sockets
Layer, Transport Layer Security, HTTPS, Secure Shell (SSH) (ChapterlS-
Textl) L1,L2

Module-3
IP Security: Overview of IP Security (IPSec),IP
SecurityArchitecture, Modes of Operation, Security
Associations (SA), Authentication Header (AH), Encapsulating
Security Payload (ESP), Internet Key Exchange. (Chapter19-
Text1) L1,L2
Module-4
Intruders, Intrusion Detection.(Chapter2 0-Text1) MALICIOUS
SOFTWARE: Viruses and Related Threats, Virus Counter
measures, (Chapter21-Text1) L1,L2
Module-5
Firewalls: The Need for firewalls, Firewall Characteristics,
Types of Firewalls, Firewall Biasing, Firewall location and
configuration (ChapterZZ-Text 1) L1, L2
• Text Books:
• Cryptography and Network Security Principles and Practice!,
Pearson Education Inc., William Stallings, 5th Edition, 2014,
ISBN: 978-81-317- 6166-3.
• Cryptography and Network Security, Atul Kahate, TMH, 2003.
Explain network security services and mechanisms and
C410.1
security concepts

C410.2 Apply Transport Level Security concepts for web, SSL,HTTP


& Secure Socket Layer.

C410.3 Interpret Security concerns in Internet Protocol security

C410.4 Outline Intruders, Malicious Software & firewalls.

C410.5 Engage in self study as a team member/individual to


demonstrate the applications of Network security for a
given assignment.
Module 1

Attacks on Computers and Computer


Security
Need for security
Attacks on
Computers Security approaches
and
Computer Principles of security
Security Types of attacks
• Cyber security?
Computer security?
Need for security
• Examples:

1. Provide user ID and password


to user – authenticate
2. Encode information stored in
the databases – not visible to
the users - do not have the
right permissions
Need for Security
Example of information travelling from a client to a
server over the internet
Security approaches

No security – decision to implement no security


at all

Security through obscurity – Nobody knows


about existence and contents

Host security – Security for each host is


enforced

Network security – Control the network access


to various hosts and their services
Security management practices

A GOOD SECURITY AFFORDABILITY – FUNCTIONALITY – CULTURAL ISSUES


POLICY TAKES HOW MUCH COST MECHANISM OF – EXPECTATIONS,
CARE OF FOUR AND EFFORTS? PROVIDING WORKING STYLE
KEY ASPECTS SECURITY? AND BELIEFS?

LEGALITY – MEETS
THE LEGAL
REQUIREMENTS?
Principles of security

Confidentiality Integrity

Authentication Non- repudiation

Access control Availability


Loss of confidentiality
Absence of authentication
Loss of integrity
Establishing non-repudiation

• Access control:
• It specifies and
controls who can
access what
Attack on
availability
Types of attacks

• Classification
• Common person’s
view
• Technologist’s view

Classification of attacks in general terms


Types of attacks

Criminal attacks: aim : to maximize financial gain by


attacking computer systems

Publicity attacks: occurs because of attackers want to see


their names appear on television news channels and
newspapers

Legal attacks: the attacker tries to make the judge or the


jury doubtful about the security of a computer system
Types of criminal
attacks

Fraud

Scams

Destructions

Identity theft

Intellectual Property theft

Brand theft
Passive attacks and Active attacks
Practical side of attacks

• Application level attacks


• Network level attacks

• Programs that attack


• Virus: Phases: Dormant, Propagation, Triggering,
Execution, Parasitic, Memory-resident, Boot sector,
Stealth, Polymorphic, Metamorphic
• Worm: a Worm does not modify a program, instead it
replicates itself again and again

• Trojan Horse: is a hidden piece of code, like a virus.


Purpose- to make some sort of modifications to the
target computer or network, it attempts to reveal
confidential information to an attacker.

• Applets and ActiveX Control Applets and ActiveX


• Cookies
Cookies

• Cookies – born as a
result of specific
characteristic of the
internet.
• Maintaining the
state information
(i.e., identifying a
client to a server)

Creation of cookies
Usage of Cookies
Java script, VBScript and JScript

• Web page constructed –


HTML
• Tag based language – tag
begin with <> , Ends with
</>
Example
Java security

• Java was designed – Java programs are considered


as safe as they cannot install, execute or propagate
viruses, and because of the program itself cannot
perform any action that is harmful to the user
computer
• Java security model associated with idea of
Sandbox.
• Job – protect a number of resources, performs task
at number of levels
Java application security
Specific attacks
Packets – group of data

Packet - actual data + addressing information

Two main forms of attacks

Packet sniffing (Snooping) or IP Sniffing

Packet spoofing or IP Spoofing


Packet sniffing

• Passive attack in an ongoing conversation


• Attacker need not hijack, instead simply observe
(sniff) the packets
• To prevent –
• Data encoding
• Transmission link encoded
Packet spoofing

• Attacker sends packets with an incorrect source


address
• The receiver would sends replies back to forged
address (Spoofed address) not to the attacker
• Leads to -
• The attacker can intercept the reply
• The attacker need not see the reply – DOS
• The attacker does not want the reply – wants the host
to get confused

You might also like