Introduction to IF

• Cyber-attacks
• Vulnerabilities
• Defense Strategies and Techniques
• Authentication Methods- Password
• Token and Biometric
• Access Control Policies and Models
• (DAC, MAC, RBAC, ABAC, BIBA, Bell LaPadula)
• Authentication and Access Control Services.
Concept of Cyberspace
Concept of Cybercrime
 confidentiality, integrity, availability

CIA stands for :

Confidentiality
Integrity
Availability
 confidentiality
• Confidentiality :
Confidentiality means that only authorized individuals/systems
can view sensitive or classified information. The data being sent
over the network should not be accessed by unauthorized
individuals. The attacker may try to capture the data using
different tools available on the Internet and gain access to your
information. A primary way to avoid this is to use encryption
techniques to safeguard your data so that even if the attacker
gains access to your data, he/she will not be able to decrypt it.
Encryption standards include AES(Advanced Encryption Standard)
and DES (Data Encryption Standard). Another way to protect your
data is through a VPN tunnel. VPN stands for Virtual Private
Network and helps the data to move securely over the network.
 Integrity
• Integrity :
The next thing to talk about is integrity. Well, the idea here is to make sure
that data has not been modified. Corruption of data is a failure to maintain
data integrity. To check if our data has been modified or not, we make use of
a hash function.
We have two common types: SHA (Secure Hash Algorithm) and
MD5(Message Direct 5). Now MD5 is a 128-bit hash and SHA is a 160-bit
hash if we’re using SHA-1. There are also other SHA methods that we could
use like SHA-0, SHA-2, SHA-3.
• Let’s assume Host ‘A’ wants to send data to Host ‘B’ maintaining integrity. A
hash function will run over the data and produce an arbitrary hash
value H1 which is then attached to the data. When Host ‘B’ receives the
packet, it runs the same hash function over the data which gives a hash
value H2. Now, if H1 = H2, this means that the data’s integrity has been
maintained and the contents were not modified.
 Availability
• This means that the network should be readily available
to its users. This applies to systems and to data. To
ensure availability, the network administrator should
maintain hardware, make regular upgrades, have a plan
for fail-over, and prevent bottlenecks in a network.
Attacks such as DoS or DDoS may render a network
unavailable as the resources of the network get
exhausted. The impact may be significant to the
companies and users who rely on the network as a
business tool. Thus, proper measures should be taken
to prevent such attacks.
Types of Cyber Attacks
 Web-based attacks

• 1. Injection attacks
• It is the attack in which some data will be injected into a web application to
manipulate the application and fetch the required information.
• Example- SQL Injection, code Injection, log Injection, XML Injection etc.
• 2. DNS Spoofing
• DNS Spoofing is a type of computer security hacking. Whereby a data is
introduced into a DNS resolver's cache causing the name server to return an
incorrect IP address, diverting traffic to the attackers computer or any other
computer. The DNS spoofing attacks can go on for a long period of time without
being detected and can cause serious security issues.
• 3. Session Hijacking
• It is a security attack on a user session over a protected network. Web
applications create cookies to store the state and user sessions. By stealing the
cookies, an attacker can have access to all of the user data.
• 4. Phishing
• Phishing is a type of attack which attempts to steal sensitive information like
user login credentials and credit card number. It occurs when an attacker is
masquerading as a trustworthy entity in electronic communication.
• 5. Brute force
• It is a type of attack which uses a trial and error method. This attack
generates a large number of guesses and validates them to obtain actual data
like user password and personal identification number. This attack may be
used by criminals to crack encrypted data, or by security, analysts to test an
organization's network security.
• 6. Denial of Service
• It is an attack which meant to make a server or network resource unavailable
to the users. It accomplishes this by flooding the target with traffic or sending
it information that triggers a crash. It uses the single system and single
internet connection to attack a server. It can be classified into the following-
• Volume-based attacks- Its goal is to saturate
the bandwidth of the attacked site, and is
measured in bit per second.
• Protocol attacks- It consumes actual server
resources, and is measured in a packet.
• Application layer attacks- Its goal is to crash
the web server and is measured in request per
second.
• 7. Dictionary attacks
• This type of attack stored the list of a commonly used password and validated
them to get original password.
• 8. URL Interpretation
• It is a type of attack where we can change the certain parts of a URL, and one
can make a web server to deliver web pages for which he is not authorized to
browse.
• 9. File Inclusion attacks
• It is a type of attack that allows an attacker to access unauthorized or essential
files which is available on the web server or to execute malicious files on the web
server by making use of the include functionality.
• 10. Man in the middle attacks
• It is a type of attack that allows an attacker to intercepts the connection between
client and server and acts as a bridge between them. Due to this, an attacker will
be able to read, insert and modify the data in the intercepted connection.
 System-based attacks

• These are the attacks which are intended to compromise a computer or a computer
network. Some of the important system-based attacks are as follows
• 1. Virus
• It is a type of malicious software program that spread throughout the computer files
without the knowledge of a user. It is a self-replicating malicious computer program
that replicates by inserting copies of itself into other computer programs when
executed. It can also execute instructions that cause harm to the system.
• 2. Worm
• It is a type of malware whose primary function is to replicate itself to spread to
uninfected computers. It works same as the computer virus. Worms often originate
from email attachments that appear to be from trusted senders.
• 3. Trojan horse
• It is a malicious program that occurs unexpected changes to computer setting and
unusual activity, even when the computer should be idle. It misleads the user of its
true intent. It appears to be a normal application but when opened/executed some
malicious code will run in the background.
• . Backdoors
• It is a method that bypasses the normal authentication
process. A developer may create a backdoor so that an
application or operating system can be accessed for
troubleshooting or other purposes.
• 5. Bots
• A bot (short for "robot") is an automated process that
interacts with other network services. Some bots program
run automatically, while others only execute commands
when they receive specific input. Common examples of bots
program are the crawler, chatroom bots, and malicious bots.
 Cyber-attacks
• Cyber crimes are, as the name implies, crimes
committed using computers, phones or the
internet.

• Some types of cyber crime include:

• Illegal interception of data.
• System interferences.
• Copyrights infringements.
• Sale of illegal items
 Types of Cyber Attacks
• Advanced Persistent Threat (APT):
• A network attack in which an unauthorized
person gains access to network and stays
there undetected for a long period of time.

• Backdoor:
• Method of bypassing normal
authentication and gaining access in OS or
application.
• Buffer Overflow:
• An exploit that takes advantage of the
program that is waiting for a user’s input.

• Man-in-the-middle Attack
• This attack intercepts and relays messages
between two parties who are
communicating directly with each other
• Cross-Site Scripting (XSS):
• A code injection attack that allows an
attacker to execute malicious JavaScript in
another user’s browser.

• Denial of Service Attack:

• Any attack where the attackers attempt to
prevent the authorized users from
accessing the service.
• SQL injection:
• A very common exploited web application
vulnerability that allows malicious hacker to
steal and alter data in website’s database.

• Zero-day exploit:
• A vulnerability in a system or device that
has been disclosed but is not yet patched.
• Trojan Horse:
• A program that claims to free your
computer from viruses but instead
introduces viruses onto your system.

• Botnet:
• Used to perform distributed denial-of-
service attack (DDoS attack), steal data,
send spam, and allow the attacker access to
the device and its connection.
• Keylogger:
• A type of surveillance technology used to
monitor and record each keystroke typed
on specific computer’s keyboard.

• Rootkit:
• Collection of tools or programs that enable
administrator-level access to computer or
computer network.
 What is a Vulnerability
• A cyber-security term that refers to a flaw in a
system that can leave it open to attack.
• A vulnerability is a hole or a weakness in the
application, which can be a design flaw or an
implementation bug, that allows an attacker to
cause harm to the stakeholders of an application.

• Vulnerability is the composition of three elements:

1. A flaw in system.
2. Access of attacker to that flaw.
3. Capability of attacker to exploit the flaw.
• Vulnerabilities are classified according to the
asset:
• Hardware.
• Software.
• Network.
• Personal.
• Physical site.
• Organizational.
 Examples of vulnerabilities

• Lack of input validation on user input

• Lack of sufficient logging mechanism
• Fail-open error handling
• Not closing the database connection properly
Defense Strategies and Techniques
• What is Defense?
• Is an information assurance strategy that
provides multiple, redundant defensive
measures in case a security control fails or a
vulnerability is exploited.
• It include :end-user security, product design
and network security.
 layered security architecture
• Physical controls – These controls include security
measures that prevent physical access to IT systems, such
as security guards or locked doors.
• Technical controls – Technical controls include security
measures that protect network systems or resources using
specialized hardware or software, such as a firewall
appliance or antivirus program.
• Administrative controls – Administrative controls are
security measures consisting of policies or procedures
directed at an organization’s employees, e.g., instructing
users to label sensitive information as “confidential”.
 following security layers help protect
individual facets of your network
• Access measures – Access measures include authentication controls,
biometrics, timed access and VPN.
• Workstation defenses – Workstation defense measures include
antivirus and anti-spam software.
• Data protection – Data protection methods include data at rest
encryption, hashing, secure data transmission and encrypted backups.
• Perimeter defenses – Network perimeter defenses include
firewalls, intrusion detection systems and intrusion prevention systems.
• Monitoring and prevention – The monitoring and prevention of
network attacks involves logging and auditing network
activity, vulnerability scanners, sandboxing and security awareness
training.
 Website protection
• user protection involves a combination of security
offerings (e.g., WAF, antivirus, antispam software, etc.)
and training to block threats and protect critical data.
• A vendor providing software to protect end-users
from cyberattacks can bundle multiple security offerings
in the same product. For example, packaging together
antivirus, firewall, anti-spam and privacy controls.
• As a result, the user’s network is secured
against malware, web application attacks
(e.g., XSS, CSRF).
 Network security
• An organization sets up a firewall, and in addition,
encrypts data flowing through the network, and encrypts
data at rest. Even if attackers get past the firewall and
steal data, the data is encrypted.
• An organization sets up a firewall, runs an Intrusion
Protection System with trained security operators, and
deploys an antivirus program. This provides three layers
of security – even if attackers get past the firewall, they
can be detected and stopped by the IPS. And if they
reach an end-user computer and try to install malware, it
can be detected and removed by the antivirus.
Access Control Policies and Models
 DAC
• DAC is a type of access control system that
assigns access rights based on rules specified
by users.
• The owner could be a document’s creator or a
department’s system administrator. DAC
systems use access control lists (ACLs) to
determine who can access that resource.
• The sharing option in most operating systems
is a form of DAC.
This popular model is utilized by some of the most popular
operating systems, like Microsoft Windows file systems
Role-Based Access Control (RBAC)
• RBAC, also known as a non-discretionary
access control, is used when system
administrators need to assign rights based on
organizational roles instead of individual user
accounts within an organization
 Mandatory Access Control (MAC) –

• Considered the strictest of all levels of access

control systems. The design and implementation of
MAC is commonly used by the government. It uses
a hierarchical approach to control access to
files/resources. Under a MAC environment, access
to resource objects is controlled by the settings
defined by a system administrator. This means
access to resource objects is controlled by the
operating system based on what the system
administrator configured in the settings.
Attribute Based Access Control (ABAC)
• Rather than relying on predefined roles, ABAC uses
a set of attributes to determine which users and
services have access to certain types of data
• ABAC lets you control access according to a wide
range of user and service attributes, such as: where
and when are they accessing the data from, what
device or network are they using, the sensitivity of
the requested data, the requestor’s stated use for
this data, etc. Combinations of these attributes map
to policies that govern access to sensitive data.
Bell LaPadula
 The BPL model has 4 component
• Subject: entities desire to access resource
• Objects: The desired resources for ex.
File ,information etc.
• Action: read, write
• Security Levels: secret, confidential, sensitive,
Unclassified.
 Simple Security rule
• A subject cannot read an object at higher
security level.
• This rule is also called as no read up.
 Star Property Rule
• A subject cannot write to an object at lower
level Security level than itself.
• It is also called as no write down.
 Strong star Property Rule
• A subject can only read and write to an object
at the same security level itself.
 Discretionary Security Property
• A subject can provide access to other subject
based on its own judgment.
 BIBA Model
• Biba model uses integrity levels for classifying
subjects and objects.
•
 Simple Integrity Rule
• Subject cannot read an object at lower
integrity level than itself.
• This is also called NO-read down.
 Star integrity property rule
• Subject cannot write to an object at higher
level than itself.
• This is called No-write up.
 Invocation property rule
• Subject can't communicate with another
subject at higher level integrity than itself.
Authentication and access controls
• If you use mobile so how the service provider
knows it is you?
• So there is centralized access control
mechanism that constantly over sees all the
resources tat you are authorized to use.
• This access control system are commonly
referred as AAA.
 AAA
• Authentication
• Authorization
• Auditing (Accounting)
• AAA just ties all mechanisms together.
• RADIUS
• TACACS
 RADIUS

• RADIUS- Remote authentication dial-in user

service.
•
 TACACS

• TACACS – Terminal access controller access-

control system.
• It allows someone who was already logged
into one host in network to connect to
another on the same n/w without needing to
re-authenticate.
TACACS