MCA Semester 5

2650002 Network Security (NS)

SYLLABUS UPDATED ON JULY 2014

Unit 1: Network Security and Symmetric
Encryption
Computer Security Concepts, The OSI Security
Architecture, Security Attacks, Security Services
Security Mechanisms, A Model for Network
Security,
Symmetric
Encryption
Principles,
Symmetric Block Encryption Algorithms, Random
and Pseudorandom Numbers, Stream Ciphers and
RC4, Cipher Block Modes of Operation
Text Book 1 : Network Security Essentials:
Applications and Standards
Chapter 1 : 1.1 to 1.6
Chapter 2 : 2.1 to 2.5

SYLLABUS UPDATED ON JULY 2014

Unit 2: Public-Key Cryptography and
Authentication
Approaches to Message Authentication, Secure
Hash Functions, Message Authentication Codes
Public-Key Cryptography Principles, Public-Key
Cryptography Algorithms, Digital Signatures,
Symmetric Key Distribution Using Symmetric
Encryption, Kerberos, Key Distribution Using
Asymmetric Encryption, X.509 Certificates,
Public-Key Infrastructure
Text Book 1 : Network Security Essentials:
Applications and Standards
Chapter 3 : 3.1 to 3.6
Chapter 4 : 4.1 to 4.5

SYLLABUS UPDATED ON JULY 2014

Unit 3: Web Security and IP Security
Web Security Considerations, Secure Socket
Layer and Transport Layer Security, Transport
Layer Security, HTTPS, Secure Shell (SSH), IP
Security Overview, IP Security Policy,
Encapsulating Security Payload, Combining
Security Associations
Text Book 1 : Network Security Essentials:
Applications and Standards
Chapter 5 : 5.1 to 5.5
Chapter 8 : 8.1 to 8.4

SYLLABUS UPDATED ON JULY 2014

Unit 4: Wireless Network Security and Electronic
Mail Security
IEEE 802.11 Wireless LAN Overview, IEEE
802.11i Wireless LAN Security, Wireless
Application
Protocol
Overview,
Wireless
Transport Layer Security, WAP End-to-End
Security, Pretty Good Privacy, S/MIME
Text Book 1 : Network Security Essentials:
Applications and Standards
Chapter 6 : 6.1 to 6.5
Chapter 7 : 7.1 and 7.2

SYLLABUS UPDATED ON JULY 2014

Unit 5: Intrusion Detection and Firewalls
Intruders,
Intrusion
Detection,
Password
Management, The Need for Firewalls, Firewall
Characteristics, Types of Firewalls, Firewall
Basing, Firewall Location and Configurations
Text Book 1 : Network Security Essentials:
Applications and Standards
Chapter 9 : 9.1 to 9.3
Chapter 11 : 11.1 to 11.5

SECURITY TRENDS

Twitterwas hit with a malicious worm, the second worm

attack the site experienced in over a week. It's no surprise,
perhaps, that the rise of social networks have given cybercriminals a whole new realm in which to wreak havoc.
While many people have learned to not open suspiciouslooking files, clicking on links via Facebook friends and
Twitter followers seems to be yet another area in which a
better understanding of security needs to be taught.
The social element has always been one of the weakest
links in security. In other words, no matter the
technological protections, human behaviors can be terribly
insecure, as an experiment atDefconthis summer
demonstrated (every company participating in a security
contest had one of their employees hand over security
data). So arguably, this social piece - the encouragement
and expectations that we all "share" - may create even
more vulnerabilities as social networks grow.

SECURITY TRENDS (CONT)

1.

2.

The emphasis will be on protecting information,

not just systems: As consumers and businesses alike
move to store more and more of their important
information online, the requirements for security will
go beyond simply managing systems to protecting the
data these systems house. Rather than focusing on
developing processes for protecting the systems that
house information, more granular control will be
demanded - by users and by companies - to protect the
data stored therein.
Tackling myths about security and the cloud:
One of the reasons consistently given for not moving to
the cloud is fears about security. As cloud computing
continues its adoption, both vendors and customers
will have to better understandthe questions to
askand the services to provide in order to maintain
security.

SECURITY TRENDS (CONT)

3.

4.

5.

New platforms and new devices will create new

opportunities for cybercriminals. Security threats have
long been associated with personal computers running
Windows. But the proliferation of new platforms and new
devices - the iPhone, the iPad, Android, for example - will
likely create new threats. The Android phone saw its
firstTrojanthis summer, and reports continue with malicious
apps and spyware, and not just on Android.
Malware will appear on "reputable" sites. No longer is it
simply "sketchy" website that are poised to infect users'
computers, as sites like theNew York Timesfind themselves
hosting malware. As computer users have become more savvy
about email scams, some scammers are starting to purchase
advertising on reputable sites instead.
"Old" threats still pose a risk. Although SQL-injections,
cross-site-scripting, and vulnerabilities in various applications
are not new, they continue to be one of the main entry points
for attackers gaining access to networks and data.

EXAMPLES.

User A transmits a file to user B. The file

contains sensitive information (e.g., payroll
records) that is to be protected from disclosure.
User C, who is not authorized to read the file, is
able to monitor the transmission and capture a
copy of the file during its transmission.

EXAMPLES

A network manager, D, transmits a message to a

computer, E, under its management. The
message instructs computer E to update an
authorization file to include the identities of a
number of new users who are to be given access
to that computer. User F intercepts the message,
alters its contents to add or delete entries, and
then forwards the message to E, which accepts
the message as coming from manager D and
updates its authorization file accordingly

EXAMPLES

A message is sent from a customer to a

stockbroker with instructions for various
transactions. Subsequently, the investments lose
value and the customer denies sending the
message.

INTERNETWORK SECURITY IS BOTH

INTERESTING AND COMPLEX. SOME
OF THE REASONS FOLLOW

Security involving communications and networks is

not as simple as it might first appear to the novice.
In developing a particular security mechanism or
algorithm, one must always consider potential
attacks on those security features.
Having designed various security mechanisms, it is
necessary to decide where to use them. This is true
both in terms of physical placement and in a logical
sense
Security mechanisms usually involve mare than a
particular algorithm or protocol.

STATISTICS

COMPUTER SECURITY

The protection afforded to an automated

information system in order to attain the
applicable objectives of preserving the integrity,
availability and confidentiality of information
system resources (includes hardware, software,
firmware,
information/data
and
telecommunication).

KEY OBJECTIVES

Confidentiality: This term covers two related

concepts:
Data confidentiality: Assures that private or
confidential information is not made available or
disclosed to unauthorized individuals.
Privacy: Assures that individuals control or
influence what information related to them may
be collected and stored and by whom and to
whom that information may be disclosed.

KEY OBJECTIVES

Integrity: This term covers two related concepts:

Data integrity: Assures that information and
programs are changed only in a specified and
authorized manner.
System integrity: Assures that a system
performs its intended function in an unimpaired
manner, free from deliberate or inadvertent
unauthorized manipulation of the system.
Availability:
Assures that systems work
promptly and service is not denied to authorized
users.

CIA TRIAD

Confidentiality:
Confidentiality is roughly equivalent to privacy. Measures undertaken to
ensure confidentiality are designed to prevent sensitive information from
reaching the wrong people, while making sure that the right people can in fact
get it: Access must be restricted to those authorized to view the data in
question.
A good example of methods used to ensure confidentiality is an account
number or routing number when banking online. Data encryption is a common
method of ensuring confidentiality. User IDs and passwords constitute a
standard procedure; two-factor authentication is becoming the norm.

Integrity:
Integrityinvolves
maintaining the consistency,
accuracy, and trustworthiness of data over its entire
life cycle. Data must not be changed in transit, and
steps must be taken to ensure that data cannot be
altered by unauthorized people (for example, in a
breach of confidentiality). These measures include file
permissions and useraccess controls. Version control
maybe used to prevent erroneous changes or
accidental deletion by authorized users becoming a
problem. Examples are an electromagnetic pulse (
EMP) or servercrash. Backupsor redundancies must
be available to restore the affected data to its correct
state.

Availability:
Availability
is best ensured by rigorously
maintaining allhardware, performing hardware
repairs immediately when needed and maintaining a
correctly functioning operating system environment
that is free of software conflicts. Fast and
adaptivedisaster recoveryis essential for the worst
case scenarios. Safeguards against data loss or
interruptions
in
connections
must
include
unpredictable events such as natural disasters and
fire. To prevent data loss from such occurrences,
abackupcopy may be stored in a geographicallyisolated location, perhaps even in a fireproof,
waterproof safe.

THE OSI SECURITY

ARCHITECTURE

ITU-T(The International Telecommunication

Union ) Recommendation X.800, Security
Architecture for OSI, defines such a systematic
approach. The OSI security architecture is useful
to managers as a way of organizing the task of
providing security. Furthermore, because this
architecture was developed as an international
standard, computer and communications vendors
have developed security features far their
products and services that relate to this
structured definition of services and mechanisms.

THE OSI SECURITY

ARCHITECTURE (CONT)

For our purposes, the OSI security architecture

provides a useful, if abstract, overview of many of
the concepts that this book deals with. The OSI
security architecture focuses on security
attacks, mechanisms, and services. These can
be defined briefly as follows:

THE OSI SECURITY

ARCHITECTURE (CONT)
Security attack: Any action that compromises
the security of information owned by an
organization.
Security Mechanism: A mechanism that is
designed to detect, prevent or recover from
security attack.
Security Service: A service that enhances the
security of the data processing system and
information transfer of an organization. The
service are intended to counter security attacks,
and they make use of one or more security
mechanism to provide the service.

THE OSI SECURITY

ARCHITECTURE (CONT)

In the literature, the terms threat and attack are commonly used
to mean more or less the same thing. Following Table provides
definitions taken from RFC 2828, Internet Security Glossary.

SECURITY ATTACKS

SECURITY ATTACKS
A useful means of classifying security attacks,
used both in X.800 and RFC 2828, is in terms of
passive attacks and active attacks.
A passive attack attempts to learn or make use
of information from the system but does not
affect system resources.
An active attack attempts to alter system
resources or affect their operation.

SECURITY ATTACKS >> PASSIVE

ATTACKS

Passive attacks are in the nature of

eavesdropping
on,
or
monitoring
of,
transmissions. The goal of the opponent is to
obtain information that is being transmitted.
Two types of passive attacks are:
Release

of message contents and

Traffic analysis.

Release of message Contents

SECURITY ATTACKS >> PASSIVE

ATTACKS >> RELEASE OF MESSAGE
CONTENTS

The release of message contents is easily

understood
(Figure
1.1a).
A
telephone
conversation, an electronic mail message, and a
transferred file may contain sensitive or
confidential information. We would like to
prevent an opponent from learning the contents
of these transmission.

Traffic Analysis
Traffic Analysis

SECURITY ATTACKS >> PASSIVE

ATTACKS >> TRAFFIC ANALYSIS

A second type of passive attack, traffic analysis, is subtler

(Figure 1.1b). Suppose that we had a way of masking the
contents of messages or other information traffic so that
opponents, even if they captured the message, could not
extract the information from the message.
The common technique for masking contents is encryption.
If we had encryption protection in place, an opponent might
still be able to observe the pattern of these messages.
The opponent could determine the location and identity of
communicating hosts and could observe the frequency and
length of messages being exchanged.
This information might be useful in guessing the nature of
the communication that was taking pIace.

SECURITY ATTACKS >> PASSIVE

ATTACKS >> TRAFFIC ANALYSIS
(CONT)

Passive attacks are very difficult to detect because

they do not involve any alteration of the data.
Typically, the message traffic is sent and received in
an apparently normal fashion and neither the sender
nor receiver is aware that a third party has read the
messages or observed the traffic pattern. However, it
is feasible to prevent the success of these attacks,
usually by means of encryption. Thus, the emphasis in
dealing with passive attacks is on prevention rather
than detection

SECURITY ATTACKS >> ACTIVE

ATTACKS

Active attacks involve some modification of the data

stream or the creation of a false stream and can be
subdivided into four categories:
Masquerade,
Replay,

Modification

of messages, and
Denial of service.

MASQUERADE

SECURITY ATTACKS >> ACTIVE

ATTACKS >> MASQUERADE

A masquerade takes place when one entity

pretends to be a different entity (Figure 1.2a). A
masquerade attack usually includes one of the
other forms of active attack. For example,
authentication sequences can be captured and
repIayed after a valid authentication sequence
has taken place, thus enabling an authorized
entity with few privileges to obtain extra
privileges by impersonating an entity that has
those privileges.

REPLAY

SECURITY ATTACKS >> ACTIVE

ATTACKS >> REPLAY

Replay involves the passive capture of a data unit

and its subsequent retransmission to produce an
unauthorized effect.

MODIFICATION OF MESSAGE

SECURITY ATTACKS >> ACTIVE

ATTACKS >> MODIFICATION OF
MESSAGE

Modification of messages simply means that some

portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an
unauthorized effect (Figure 1.2c). For example, a
message meaning "Allow John Smith to read
confidential file accounts" is modified to mean
"Allow Fred Brown to read confidential file
accounts. "

DENIAL OF SERVICE

DENIAL OF SERVICE

DENIAL OF SERVICE

A denial of service attack is a special kind of Internet attack

aimed at large websites. It is a type of attack on a network
that is designed to bring the network to its knees by flooding
it with useless traffic. Denial of Service can result when a
system, such as a Web server, has been flooded with
illegitimate requests, thus making it impossible to respond to
real requests or task. Yahoo! and e-bay were both victims of
such attacks in February 2000.
A Dos attack can be perpetrated in a number of ways. There
are three basic types of attack.
Consumption of computational resources, such as band
width, disk space or CPU time.
Disruption of configuration information, such as routing
information.
Disruption of physical network components.

DENIAL OF SERVICE

The consequences of a DoS attack are the

following:
Unusually

slow network performance.

Unavailability of a particular web site.
Inability to access any web site.
Dramatic increase in the amount of spam you receive
in your account.

SECURITY ATTACKS >> ACTIVE

ATTACKS >> DENIAL OF SERVICE
The denial of service prevents or inhibits the
normal use or management of communications
facilities (Figure 1.2d). This attack may have a
specific target; for example, an entity may
suppress all messages directed to a particular
destination (e.g., the security audit service).
Another form of service denial is the disruption
of an entire network, either by disabling the
network or by overloading it with messages so as
to degrade performance.

SECURITY ATTACKS (CONT)

Active
attacks
present
the
opposite
characteristics of passive attacks.
Whereas passive attacks are difficult to detect,
measures are available to prevent their success.
On the other hand, it is quite difficult to prevent
active attacks absolutely, because to do so would
require physical protection of all communications
facilities and paths at all times.
Instead, the goal is to detect them and to recover
from any disruption or delays caused by them.
Because the detection has a deterrent effect, it
may also contribute to prevention.

SECURITY SERVICES

X.800 defines a security service as a service that is

provided by a protocol layer of communicating open
systems and that ensures adequate security of the
systems or of data transfers
Security Services (X.800)
AUTHENTICATION
The assurance that the communicating entity is the one
that it claims to be.
Peer Entity Authentication
Used in association with a logical connection to provide
confidence in the identity of the entities connected.
Data-Origin Authentication
In a connectionless transfer, provides assurance that
the source of received data is as claimed.

SECURITY SERVICES

ACCESS CONTROL
The prevention of unauthorized use of a resource (i.e.,
this service controls who can have access to a resource,
under what conditions access can occur, and what
those accessing the resource are allowed to do).
DATA CONFIDENTIALITY
The protection of data from unauthorized disclosure.
Connection Confidentiality
The protection of all user data on a connection.
Connectionless Confidentiality
The protection of all user data in a single data block.

SECURITY SERVICES

Selective-Field Confidentiality
The confidentiality of selected fields within the user data on
a connection or in a single data block.
Traffic-Flow Confidentiality
The protection of the information that might be derived
from observation of traffic flows.
DATA INTEGRITY
The assurance that data received are exactly as sent by an
authorized entity (i.e., contain no modification, insertion,
deletion, or replay).
Connection Integrity with Recovery
Provides for the integrity of all user data on a connection
and detects any modification, insertion, deletion, or replay
of any data within an entire data sequence, with recovery
attempted.
.

SECURITY SERVICES

Connection Integrity without Recovery

As above, but provides only detection without recovery.
Selective-Field Connection Integrity
Provides for the integrity of selected fields within the
user data of a data block transferred over a connection
and takes the form of determination of whether the
selected fields have been modified, inserted, deleted, or
replayed.
Connectionless Integrity
Provides for the integrity of a single connectionless data
block and may take the form of detection of data
modification. Additionally, a limited form of replay
detection may be provided.
.

SECURITY SERVICES

Selective-Field Connectionless Integrity

Provides for the integrity of selected fields within a single
connectionless data block; takes the form of
determination of whether the selected fields have been
modified.
NONREPUDIATION
Provides protection against denial by one of the entities
involved in a communication of having participated in all
or part of the communication.
Nonrepudiation, Origin
Proof that the message was sent by the specified party.
Nonrepudiation, Destination
Proof that the message was received by the specified
party.

SPECIFIC SECURITY MECHANISMS

May be incorporated into the appropriate protocol layer in

order to provide some of the OSI security services.
Encipherment
The use of mathematical algorithms to transform data
into a form that is not readily intelligible. The
transformation and subsequent recovery of the data
depend on an algorithm and zero or more encryption keys.
Digital Signature
Data appended to, or a cryptographic transformation of, a
data unit that allows a recipient of the data unit to prove
the source and integrity of the data unit and protect
against forgery (e.g., by the recipient).

SPECIFIC SECURITY MECHANISMS

Access Control
A variety of mechanisms that enforce access rights
to resources.
Data Integrity
A variety of mechanisms used to assure the
integrity of a data unit or stream of data units.
Authentication Exchange
A mechanism intended to ensure the identity of an
entity by means of information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.

SPECIFIC SECURITY MECHANISMS

Routing Control
Enables selection of particular physically secure
routes for certain data and allows routing changes,
especially when a breach of security is suspected.
Notarization
The use of a trusted third party to assure certain
properties of a data exchange.

PERVASIVE SECURITY MECHANISMS

Trusted Functionality
That which is perceived to be correct with respect to
some criteria (e.g., as established by a security policy).
Security Label
The marking bound to a resource (which may be a data
unit) that names or designates the security attributes
of that resource.
Event Detection
Detection of security-relevant events.

PERVASIVE SECURITY MECHANISMS

Security Audit Trail

Data collected and potentially used to facilitate a
security audit, which is an independent review and
examination of system records and activities.
Security Recovery
Deals with requests from mechanisms, such as
event handling and management functions, and
takes recovery actions.

NETWORK SECURITY MODEL

INTERNET STANDARD

An Internet Standard (abbreviated as "STD") is a

normative specification of a technology or methodology
applicable to the Internet. Internet Standards are
created and published by the Internet Engineering
Task Force (IETF).
An Internet Standard is a special Request for
Comments (RFC) or set of RFCs. An RFC that is to
become a Standard or part of a Standard begins as an
Internet Draft, and is later accepted and published by
the RFC Editor as a RFC and labeled a Proposed
Standard.

INTERNET STANDARD
Standard Type

Associated Protocols

Email

IMAP, POP, X.400, SMTP, CMC,

MIME, binhex, uuencode

Web

http, CGI, html/xml/vrml/sgml

Internet Directory

X.500, LDAP

Application

http, FTP, telnet, gopher, wais

Videoconferencing

H.320, H.323, Mpeg-1, Mpeg-2

INTERNET SOCIETY
The Internet Society (ISOC) is an international,
non-profit organization founded in 1992 to
provide leadership in Internet related standards,
education, and policy.
It states that its mission is "to assure the open
development, evolution and use of the Internet
for the benefit of all people throughout the
world".

ASSIGNMENT 1 (A)

ALL ODD ROLL NUMBER STD (1,3,5..)

1.

What is Computer Security ?

2.

What is Website Security ?

3.

Why there is a need of Security in Network explain with reason.

4.

List the security services provided in OSI network model. 03

5.

Explain giving examples Active Attacks and Passive Attacks. 04

6.

Give one major difference between a passive and an active

attack.

7.

Name the technique to be used for protecting against active

attacks.

8.

Why web security is more important issue today? List at least

four reasons for the same. (4)

ASSIGNMENT 1 (B)
1.

ALL EVEN ROLL NUMBER STD

(2,4,6..)
What is Computer Security ?

2.

What is Website Security ?

3.

Why there is a need of Security in Network explain with

reason.

4.

Define: Denial of Service

5.

Differentiate between Security Threat and Security Attack.

6.

Differentiate between Security Mechanism and Security

Service

7.

What is meant by the term Hacking?

8.

Mention the general guidelines for creating a good password

9.

Write a detailed note on Internet Standards and Internet

Society. Why there is a need of both explain giving example.

THANKS