NETWORK SECURITY

1. SECURITY ATTACKS

There are four types

I) Interruption
II) Interception
III) Modification
IV) Fabrication

Interruption
In an Information Security context, interruption is one of the four broad-based categories
used to classify attacks threats. An interruption attack attempts to make systems (or the
information in them) unavailable for use.

Just like in conversations, interruptions in an information security setting are disruptions that
block the flow of information.

Examples

 (D)DOS attacks (generally)

 Broadcast storms
 DHCP attacks
 MAC Address Table Overflow

Interception
In an Information Security context, an interception refers one of the four broad categories
used to classify attack patterns. The actual or intended effect of an interception attack is that
unintended parties gain access to information or other digital assets (applications,
environments, files).
Common Examples

 Network sniffing/eavesdropping
 Man In The Middle (MITM) hijacking

Lawful Uses

While commonly discussed as a malicious activity in the InfoSec world, interception is also
sometimes used for lawful purposes in law enforcement, intelligence gathering and
administrative or regulatory auditing.

Modification
In an Information Security context, modification (or alteration) refers one of the four broad
categories used to discuss attacks and threats. The actual or intended effect of an modification

attack is to tamper with data, systems or other digital assets..

Examples
 DNS Cache Poisoning
 STP Manipulation
 Website defacement
 Malware piggy-backing

Fabrication
In an Information Security context, fabrication is one of the four broad-based categories used
to classify attacks and threats. A fabrication attack creates illegitimate information,
processes, communications or other data within a system.

Often, fabricated data is inserted right alongside authentic data. When a known system is
compromised, attackers may use fabrication techniques to gain trust, create a false trail,
collect data for illicit use, spawn malicious or extraneous processes. In addition, fabricated
data may reduce confidence in genuine data with the affected system.
Examples

Real-world examples of fabrication attack patterns include:

 SQL Injection
 Route Injection
 User / Credential Counterfeiting
 Log / Audit Trail Falsification
 Email Spoofing
 SPIT Attacks

2. SECURITY SERVICES
There are 6types of Security Services
i) Confidentiality iii) Authentication v) integrity
ii) Non-repudiation iv) Access control vi) Availability

Confidentiality

Confidentiality refers to protecting information from being accessed by unauthorized parties.

In other words, only the people who are authorized to do so can gain access to sensitive data.
Imagine your bank records. You should be able to access them, of course, and employees at
the bank who are helping you with a transaction should be able to access them, but no one
else should. A failure to maintain confidentiality means that someone who shouldn't have
access has managed to get it, through intentional behavior or by accident. Such a failure of
confidentiality, commonly known as a breach, typically cannot be remedied. Once the secret
has been revealed, there's no way to un-reveal it. If your bank records are posted on a public
website, everyone can know your bank account number, balance, etc., and that information
can't be erased from their minds, papers, computers, and other places. Nearly all the major
security incidents reported in the media today involve major losses of confidentiality.

So, in summary, a breach of confidentiality means that someone gains access to information
who shouldn't have access to it.

Authentication

Modern computer systems provide service to multiple users and require the ability to
accurately identify the user making a request.
Password based authentication is not suitable for use on computer network – as it can be
easily intercepted by the eavesdropper to impersonate the user.

There are 2 components of security in mobile computing:

1. Security of Devices : – A secure network access involves mutual authentication

between the device and the base station or web servers. So that authenticated devices
can be connected to the network to get requested services. In this regard
Authentication Service Security is important due to typical attacks on mobile devices
through WAN:
1. DoS attacks: –
2. Traffic analysis:-
3. Eavesdropping:-
4. Man-in-the-middle attacks: –
2. Security in network: – Security measures in this regard come from
1. Wireless Application Protocol (WAP)
2. use of Virtual Private Networks (VPN)
3. MAC address filtering

Integrity

Integrity refers to ensuring the authenticity of information—that information is not altered,

and that the source of the information is genuine. Imagine that you have a website and you
sell products on that site. Now imagine that an attacker can shop on your web site and
maliciously alter the prices of your products, so that they can buy anything for whatever price
they choose. That would be a failure of integrity, because your information—in this case, the
price of a product—has been altered and you didn't authorize this alteration. Another example
of a failure of integrity is when you try to connect to a website and a malicious attacker
between you and the website redirects your traffic to a different website. In this case, the site
you are directed to is not genuine.

Non-repudiation

In dictionary and legal terms, a repudiation is a rejection or denial of something as valid or

true – including the refusal to pay a debt or honor a formal contract. Flip that on its head, and
non-repudiation translates into a method of assuring that something that’s actually valid
cannot be disowned or denied.

From the point of view of information security, non-repudiation usually applies to cases of a
formal contract, a communication, or the transfer of data. Its aim is to ensure that an
individual or organization bound by the terms of a contract, or the parties involved in a
particular communication or document transfer are unable to deny the authenticity of their
signatures on the contract documents, or that they were the originator of a particular message
or transfer.

Classic analog examples of non-repudiation methods would include the signatures and
documentation associated with a registered mail delivery (where by signing, the recipient is
unable to deny having received that court summons from the utilities company), or the
recorded presence of witnesses to the signing of a legal document or treaty.
Access control

Access control is a security technique that regulates who or what can view or use resources in
a computing environment. It is a fundamental concept in security that minimizes risk to the
business or organization.There are two types of access control: physical and logical. Physical
access control limits access to campuses, buildings, rooms and physical IT assets. Logical
access control limits connections to computer networks, system files and data.Access control
systems perform identification authentication and authorization of users and entities by
evaluating required login credentials that can include passwords, personal identification
numbers (PINs), biometric scans, security tokens or other authentication factors. Multifactor
authentication, which requires two or more authentication factors, is often an important part
of layered defense to protect access control systems.

Types of access control

The main types of access control are:

 Mandatory access control (MAC): A security model in which access rights are
regulated by a central authority based on multiple levels of security. Often used in
government and military environments, classifications are assigned to system
resources and the operating system or security kernel, grants or denies access to those
resource objects based on the information security clearance of the user or device. For
example, Security Enhanced Linux is an implementation of MAC on the Linux
operating system.

Role-based access control (RBAC): A widely used access control mechanism that restricts
access to computer resources based on individuals or groups with defined business functions
-- executive level, engineer level 1 -- rather than the identities of individual users. The role-
based security model relies on a complex structure of role assignments, role authorizations
and role permissions developed using role engineering to regulate employee access to
systems. RBAC systems can be used to enforce MAC and DAC frameworks.

Availability

Availability means that information is accessible by authorized users. If an attacker is not able
to compromise the first two elements of information security (see above) they may try to
execute attacks like denial of service that would bring down the server, making the website
unavailable to legitimate users due to lack of availability.

3. INTERNET STANDARDS AND RFC’S

Internet standards

The IETF is the premier Internet standards organization. It follows open and well-
documented processes for setting these standards.
The Internet, a loosely-organized international collaboration of autonomous, interconnected
networks, supports communication through voluntary adherence to open protocols and
procedures defined by Internet Standards.

From its inception, the Internet has been, and is expected to remain, an evolving system
whose participants regularly factor new requirements and technology into its design and
implementation. Therefore, improving existing standards and creating, implementing, and
deploying new standards is an ongoing effort. Users of the Internet and providers of the
equipment, software, and services that support it should anticipate and embrace this evolution
as a major tenet of Internet philosophy.

RFCs

Memos in the RFC document series contain technical and organizational notes about the
Internet.

RFCs cover many aspects of computer networking, including protocols, procedures,

programs, and concepts, as well as meeting notes, opinions, and sometimes humor. Below are
links to RFCs, as available from ietf.org and from rfc-editor.org. Note that there is a brief
time period when the two sites will be out of sync. When in doubt, the RFC Editor site is the
authoritative source page.

IETF Repository Retrieval

 Advanced search options are available at IETF Data tracker and the RFC Search Page.
 A text index of RFCs is available on the IETF web site here: RFC Index (Text).

RFC Editor Repository Retrieval

 RFC Search Page

 RFC Index ( HTML | TXT | XML )
 Additional listings of RFCs
 RFC Editor Queue

RFC Errata

Published RFCs never change. Although every published RFC has been submitted to careful
proofreading by the RFC Editor and the author(s), errors do sometimes go
undetected. Technical Errata are errors in the technical content. Editorial Errata are
spelling, grammar, punctuation, or syntax errors that do not affect the technical meaning.