lOMoARcPSD|19805106

Css unit 5 - Computer System Security

Notes

B.tech (Dr. A.P.J. Abdul Kalam Technical University)

Downloaded by Deepak Singh

Studocu is not sponsored or endorsed by any college or university

Downloaded by Deepak Singh

 Unit- 5
Internet Infrastructure
Basic Security Problems:
What is a Security Issue or Problem?

A security issue is any unmitigated risk or vulnerability in your system that hackers can use to do
damage to systems or data. This includes vulnerabilities in the servers and software connecting
your business to customers, as well as your business processes and people. A vulnerability that
hasn't been exploited is simply a vulnerability that hasn't been exploited yet. Web security
problems should be addressed as soon as they are discovered, and effort should be put into
finding them because exploit attempts are inevitable.

Most common types of Internet security issues or Web Security problems are:

1. Ransom ware Attack

2. Code Injection (Remote Code Execution
3. Cross-Site Scripting (XSS) Attack
4. Data Breach
5. Malware and Virus Infection
6. DDoS Attack
7. Credential Stuffing Attack
8. Brute Force Attack
9. Passwords and Authentication Issues
10. Social Engineering
11. SPAM and Phishing
12. Insider Threat
13. Sensitive Data Leak
14. No Backups
15. Not Updating or Patching Regularly

Weaknesses of Internet Security:

The Most Common Cyber security Weaknesses
So, what are the most common cyber security weaknesses faced by businesses?
Cyber security professionals should work with business owners to address the following, at
minimum:

1. Lack of a high-level strategy. Many businesses, especially new and small ones, simply
lack a high-level strategy for their cybersecurity needs. They don’t have any security

Downloaded by Deepak Singh

 infrastructure in place, either because they don’t take the topic seriously or because they
deem it a comparatively low priority. However, this high-level strategy that sets the
course for your main security priorities and your general approach to preventing and
mitigating attacks is vital for success.
2. Unsecured networks. If the network isn’t secured, it’s trivially easy for nefarious parties
to gain access to your system. And once they’ve infiltrated the network, they can gain
access to practically all devices and systems connected to that network. This is a simple
step to take, but it’s one that many business owners still neglect. It’s also a great
opportunity to demonstrate your expertise.
3. Unsecured communication channels. If the business is regularly exchanging sensitive
data, it’s also important to incorporate secure communication channels. For example, you
might invest in an encrypted, secure email platform that you use to communicate directly
with clients. Or you might establish protocols for using multifactor authentication when
sending certain types of messages.
4. Unknown bugs. Sometimes, a bug or flaw in a given app can be responsible for giving
cybercriminals an easy backdoor to your accounts. This could be an aspect of software
you’re using from a third party, or it could be a flaw in the API that connects two
different apps together. It’s impossible to prevent or detect all bugs, but you can improve
your security by proactively scanning for bugs when possible, and vetting your vendors
carefully before choosing them for your applications.
5. Outdated systems. Fortunately, most software developers and hardware manufacturers
are constantly on the lookout for security threats that could hurt their users. When they
find a problem, they issue a patch to eliminate that problem—but to make use of this
patch; you have to update your hardware or software. If the business is using outdated
systems because it isn’t updating regularly, the business could be at risk.
6. Lack of monitoring. Do you know what kind of traffic you’re seeing? Do you know the
hallmarks of an attack like a distributed denial of service (DDoS) attack, or a ransomware
attack? Would you be capable of identifying an attack in progress, and responding
accordingly? Without proper monitoring and alert systems in place, the business will be
vulnerable to these types of attacks.
7. IoT and multiple connection points. Many businesses are leveraging the power of the
Internet of Things (IoT), with multiple connection points on a single network. While this
is often associated with higher efficiency or productivity, it also means more points of
vulnerability.
8. Untrained employees. Close to 90 percent of data breaches are caused by human error.
Instead of some ultra-skilled hacker brute-forcing his way into your system, an employee

Downloaded by Deepak Singh

 volunteers his password after getting duped, providing an opportunist an easy way to gain
access to the business’s data. That’s why untrained employees are one of your biggest
vulnerabilities. It’s vital to train employees on best practices in cyber security, like
teaching them to use strong passwords, helping them identify different types of attacks,
and giving them instructions on how and when to use networks that aren’t theirs. It’s also
important to retrain employees regularly, and make sure they’ve retained this
information. All it takes is one slip from one person to jeopardize the health of the entire
company.

There’s no way to protect a business against every variety of cyber attack or hack, but even the
most rudimentary security strategies can help a small business—denying opportunists the low-
hanging fruit. Talk to your employer to make sure they understand the true importance of cyber
security, and work with them to guard against these most important vulnerabilities.

Link Layer Connectivity:

The link layer is responsible for transporting information from one host (or router) to
another over a single link. each network-layer datagram is encapsulated in a link-layer frame.
two fundamentally different types of link-layer channels: broadcast channels. common in local
area networks (LANs), wireless LANs, etc.

The link is the physical and logical network component used to interconnect hosts or nodes in the
network and a link protocol is a suite of methods and standards that operate only between
adjacent network nodes of a network segment.
Despite the different semantics of layering between the Internet protocol suite and OSI model,
the link layer is sometimes described as a combination of the OSI's data link layer (layer 2)
and physical layer (layer 1).
What is the link layer responsible for?
The data link layer is responsible for multiplexing data streams, data frame detection,
medium access, and error control. It ensures reliable point-to-point and point-to-multipoint
connections in a communication network.

Link Layer Services

 framing: encapsulation of network datagram within a link-layer frame

 link access: a medium access (MAC) protocol specifies the rules by which a frame is
transmitted onto the link
 reliable delivery: useful for links prone to high error rates; avoids cost of end-to-end
retransmission at transport or application layer
 flow control: frames can be lost if buffering capacity is exceeded

Downloaded by Deepak Singh

 error detection: usually more sophisticated than Internet checksum and implemented in
hardware
 error correction: possible to correct errors as well as detect them

TCP/IP Connectivity
TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of
communication protocols used to interconnect network devices on the internet. TCP/IP is also
used as a communications protocol in a private computer network (an intranet or extranet).

The entire IP suite -- a set of rules and procedures -- is commonly referred to as

TCP/IP. TCP and IP are the two main protocols, though others are included in the suite. The
TCP/IP protocol suite functions as an abstraction layer between internet applications and the
routing and switching fabric.

TCP/IP specifies how data is exchanged over the internet by providing end-to-end
communications that identify how it should be broken into packets, addressed, transmitted,
routed and received at the destination. TCP/IP requires little central management and is designed
to make networks reliable with the ability to recover automatically from the failure of any device
on the network.

The two main protocols in the IP suite serve specific functions. TCP defines how applications
can create channels of communication across a network. It also manages how a message is
assembled into smaller packets before they are then transmitted over the internet and
reassembled in the right order at the destination address.

IP defines how to address and route each packet to make sure it reaches the right destination.
Each gateway computer on the network checks this IP address to determine where to forward the
message.

A subnet mask tells a computer, or other network device, what portion of the IP address is used
to represent the network and what part is used to represent hosts, or other computers, on the
network.

Downloaded by Deepak Singh

Network address translation (NAT) is the virtualization of IP addresses. NAT helps improve
security and decrease the number of IP addresses an organization needs.

Common TCP/IP protocols include the following:

 Hypertext Transfer Protocol (HTTP) handles the communication between a web server
and a web browser.

 HTTP Secure handles secure communication between a web server and a web browser.

 File Transfer Protocol handles transmission of files between computers.

How does TCP/IP work?

TCP/IP uses the client-server model of communication in which a user or machine (a client) is
provided a service, like sending a webpage, by another computer (a server) in the network.

Collectively, the TCP/IP suite of protocols is classified as stateless, which means each client
request is considered new because it is unrelated to previous requests. Being stateless frees up
network paths so they can be used continuously.

The transport layer itself, however, is stateful. It transmits a single message, and its connection
remains in place until all the packets in a message have been received and reassembled at the
destination.

The TCP/IP model differs slightly from the seven-layer Open Systems Interconnection (OSI)
networking model designed after it. The OSI reference model defines how applications can
communicate over a network.

Pros and cons of TCP/IP

The advantages of using the TCP/IP model include the following:

 helps establish a connection between different types of computers;

 works independently of the OS;
 supports many routing protocols;
 uses client-server architecture that is highly scalable;

Downloaded by Deepak Singh

 can be operated independently;
 supports several routing protocols; and
 is lightweight and doesn't place unnecessary strain on a network or computer.

The disadvantages of TCP/IP include the following:

 is complicated to set up and manage;

 transport layer does not guarantee delivery of packets;
 is not easy to replace protocols in TCP/IP;
 does not clearly separate the concepts of services, interfaces and protocols, so it is not
suitable for describing new technologies in new networks; and
 is especially vulnerable to a synchronization attack, which is a type of denial-of-service
attack in which a bad actor uses TCP/IP.

Packet Filtering Firewall:

A packet filtering firewall is a network security feature that controls the flow of incoming and
outgoing network data. The firewall examines each packet, which comprises user data and
control information, and tests them according to a set of pre-established rules. If the packet
completes the test successfully, the firewall allows it to pass through to its destination. It rejects
those that don't pass the test. Firewalls test packets by examining sets of rules, protocols, ports
and destination addresses.

In system networking, packets are formatted units of data carried on packet-switched networks.
These networks can be fault tolerant because they disassemble messages into small pieces, or
packets, and send them separately across the network. When packages pass the firewall and
arrive at their destination, they're reordered to display their information correctly. Done
correctly, packet switching optimizes networks' channel capacity, minimizes transmission
latency and increases the effectiveness of communications.

Packets contain two important components

Headers

Packet headers direct the data to its desired destination. They contain portions of internet
protocol (IP), addressing and any other data required to get the packets where they're meant to go

Payloads

Downloaded by Deepak Singh

The payload is the user data within the packet. This is the information that's trying to get to its
destination.

4 types of packet filtering

There are four primary types of packet filtering:

1. Static packet filtering firewall

A static packet filtering firewall requires you to establish firewall rules manually.
Similarly, internal and external network connections remain either open or closed unless
otherwise adjusted by an administrator. These firewall types allow users to define rules
and manage ports, access control lists (ACLs) and IP addresses. They're often simple and
practical, making them an apt choice for smaller applications or users without a lot of
criteria.
2. Dynamic packet filtering firewall
Dynamic firewalls allow users to adjust rules dynamically to reflect certain conditions.
You can set ports to remain open for specified periods of time and to close automatically
outside those established time frames. Dynamic packet filtering firewalls offer more
flexibility than static firewalls because you can set adjustable parameters and automate
certain processes.
3. Stateless packet filtering firewall
Stateless packet filtering firewalls are perhaps the oldest and most established firewall
option. While they're less common today, they do still provide functionality for
residential internet users or service providers who distribute low-power customer-
premises equipment (CPE). They protect users against malware, non-application-specific
traffic and harmful applications. If users host servers for multi-player video games, email
or live-streamed videos, for example, they often must manually configure firewalls if
they plan to deviate from default security policies. Manual configurations allow different
ports and applications through the packet filter.
4. Stateful packet filtering firewall
Unlike stateless packet filtering options, stateful firewalls use modern extensions to track
active connections, like transmission control protocol (TCP) and user datagram protocol
(UDP) streams. By recognizing incoming traffic and data packets' context, stateful
firewalls can better identify the difference between legitimate and malicious traffic or
packages. Typically, new connections must introduce themselves to the firewall before
they gain access to the approved list of allowed connections.

Downloaded by Deepak Singh

 Benefits of packet filtering firewalls

There are many benefits to using packet filtering firewalls including:

 Efficiency
One of the primary advantages of packet filtering firewalls is their efficiency. Routers
typically operate at high speeds, accepting and rejecting packets quickly based on their
destinations, source ports and addresses. Inbound and outbound packets are often only
held for a few milliseconds while the filter determines its destination and legitimacy.
Most other firewall techniques have performance overheads that exceed those of packet
filtering firewalls.
 Transparency
Another benefit is transparency. While users are aware of firewalls when they reject a
packet, packet filters typically operate quickly and discreetly without interfering with
user functionality. Some other techniques require users to configure firewalls for specific
clients or servers manually. In this way, packet filtering firewalls are user-friendly and
easy to incorporate.
 Affordability
Many routers offer built-in packet filtering, making them inexpensive. By providing
built-in functionality, software routing products and other widely used hardware offer
cheap and affordable security options. Many websites use packet filtering techniques in
their routers too. Packet filtering firewalls' ubiquitous use makes them one of the most
affordable security options.
 Accessibility
Besides its affordability, the ease of its use makes packet filtering an appealing option.
With this security technique, you can protect an entire network with a single screening
router. Users don't need extensive knowledge, training or support to operate firewalls
because they won't be aware of packet transmission unless there's a rejection.
Drawbacks of packet filtering firewalls
There are several potential drawbacks of packet filtering to be aware of, including:
 Reduced security
One potential drawback of packet filtering firewalls is their reduced security. Because
they're so accessible and commonly used, hackers have exploited rules and invaded
systems. Stateless packet filtering firewalls can be vulnerable because they test each
packet on its own, creating more opportunities for hacks. Hackers can use fake IP
addresses in packets to intrude networks because most packet filters don't provide safety
from address spoofing. However, stateful options remove some of these risks. And, in
some applications, security isn't a top priority or concern.
 Inflexibility
Another potential drawback to packet filtering firewalls is their inflexibility. The
technique uses IP address authentications and port numbers rather than contextual clues

Downloaded by Deepak Singh

 to identify and restrict packets. Many programs don't remember previously filtered
packets or past invasions, meaning they don't learn and improve. Where users manually
configure rules, taking extra care to create guidelines that produce desired functionality
can remove any issues this may cause.
 Inconsistent applicability
In wide-scale applications, the predictable and standardized requirements of packet filters
can be a benefit. For more specific applications requiring heightened security or
functionality, consider exploring more advanced options. Packet filtering firewalls aren't
the best option for all networks. Implementing firewalls with desirable filters can be time-
consuming, as can configuring ACLs. Be sure to research your exact specifications and
needs when deciding on a security option that works best for you.

Intrusion Detection Systems:

An Intrusion Detection System (IDS) is a system that monitors network traffic for
suspicious activity and issues alerts when such activity is discovered. It is a software
application that scans a network or a system for the harmful activity or policy breaching. Any
malicious venture or violation is normally reported either to an administrator or collected
centrally using a security information and event management (SIEM) system. A SIEM system
integrates outputs from multiple sources and uses alarm filtering techniques to differentiate
malicious activity from false alarms.
Although intrusion detection systems monitor networks for potentially malicious activity, they
are also disposed to false alarms. Hence, organizations need to fine-tune their IDS products
when they first install them. It means properly setting up the intrusion detection systems to
recognize what normal traffic on the network looks like as compared to malicious activity.
Intrusion prevention systems also monitor network packets inbound the system to check the
malicious activities involved in it and at once send the warning notifications.

Classification of Intrusion Detection System:

IDS are classified into 5 types:

1. Network Intrusion Detection System (NIDS):

Network intrusion detection systems (NIDS) are set up at a planned point within the
network to examine traffic from all devices on the network. It performs an observation of
passing traffic on the entire subnet and matches the traffic that is passed on the subnets to
the collection of known attacks. Once an attack is identified or abnormal behavior is
observed, the alert can be sent to the administrator. An example of a NIDS is installing it
on the subnet where firewalls are located in order to see if someone is trying to crack the
firewall.
2. Host Intrusion Detection System (HIDS):

Host intrusion detection systems (HIDS) run on independent hosts or devices on the

Downloaded by Deepak Singh

 network. A HIDS monitors the incoming and outgoing packets from the device only and
will alert the administrator if suspicious or malicious activity is detected. It takes a
snapshot of existing system files and compares it with the previous snapshot. If the
analytical system files were edited or deleted, an alert is sent to the administrator to
investigate. An example of HIDS usage can be seen on mission-critical machines, which
are not expected to change their layout.
3. Protocol-based Intrusion Detection System (PIDS):

Protocol-based intrusion detection system (PIDS) comprises a system or agent that would
consistently resides at the front end of a server, controlling and interpreting the protocol
between a user/device and the server. It is trying to secure the web server by regularly
monitoring the HTTPS protocol stream and accept the related HTTP protocol. As HTTPS
is un-encrypted and before instantly entering its web presentation layer then this system
would need to reside in this interface, between to use the HTTPS.

4. Application Protocol-based Intrusion Detection System (APIDS):

Application Protocol-based Intrusion Detection System (APIDS) is a system or agent that

generally resides within a group of servers. It identifies the intrusions by monitoring and
interpreting the communication on application-specific protocols. For example, this would
monitor the SQL protocol explicit to the middleware as it transacts with the database in
the web server.
5. Hybrid Intrusion Detection System :

Hybrid intrusion detection system is made by the combination of two or more approaches
of the intrusion detection system. In the hybrid intrusion detection system, host agent or
system data is combined with network information to develop a complete view of the
network system. Hybrid intrusion detection system is more effective in comparison to the
other intrusion detection system. Prelude is an example of Hybrid IDS.

Detection Method of IDS:

1. Signature-based Method:

Signature-based IDS detects the attacks on the basis of the specific patterns such as
number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects
on the basis of the already known malicious instruction sequence that is used by the
malware. The detected patterns in the IDS are known as signatures.
Signature-based IDS can easily detect the attacks whose pattern (signature) already exists
in system but it is quite difficult to detect the new malware attacks as their pattern
(signature) is not known.
2. Anomaly-based Method:

Anomaly-based IDS was introduced to detect unknown malware attacks as new malware
are developed rapidly. In anomaly-based IDS there is use of machine learning to create a
trustful activity model and anything coming is compared with that model and it is

Downloaded by Deepak Singh

declared suspicious if it is not found in model. Machine learning-based method has a better-
generalized property in comparison to signature-based IDS as these models can be trained
according to the applications and hardware configurations.

**Thanks**

Downloaded by Deepak Singh