MODULE-1

• Attacks on Computers and Computer Security:

Need for Security, Security Approaches, Principles
of Security Types of Attacks. (Text2: Chapter1)
• Security Mechanisms, Services and Attacks, A
model for Network security (Text1: Chapter1: 3, 4,
5, 6)
THE NEED FOR SECURITY
Basic Concepts
• Most previous computer applications had no, or at best, very little
security.
• Computer data was considered to be useful, but not something to be
protected.
• When computer applications were developed to handle financial
and personal data, the real need for security was felt like never
before.
• People realized that data on computers is an extremely important
aspect of modern life.
• Two typical examples of such security mechanisms were as
follows:
 Provide a user identification and password to every user, and use
that information to authenticate a user.
 Encode information stored in the databases in some fashion, so that
• Organizations employed their own mechanisms to provide for
basic security mechanisms.
• As technology improved, people realized the basic security
• measures were not quite enough.
• Furthermore, the Internet took the world by storm. There
were many examples of what could happen if there was
insufficient security built in applications developed for the
Internet.
• Figure 1.1 shows such an example of what can happen when
you use your credit card for making purchases over the
Internet.
• From the user’s computer, the user details such as user id,
order details such as order id and item id and payment details
such as credit-card information travel across the Internet to
the server (i.e. to the merchant’s computer).
• There are various security holes here. First of all, an
intruder can capture the credit-card details as they travel
from the client to the server.
• If we somehow protect this transit from an intruder’s
attack, it still does not solve our problem.
• Once the merchant computer receives the credit-card
details and validates them so as to process the order and
later obtain payments, the merchant computer stores the
credit-card details into its database.
• Now, an attacker can simply succeed in accessing this
database, and therefore gain access to all the credit-card
numbers stored.
• One Russian attacker (called ‘Maxim’) actually managed to
intrude into a merchant Internet site and obtained 300,000
credit-card numbers from its database.
• He then attempted extortion by demanding protection
money ($100,000) from the merchant.
• The merchant refused to oblige. Following this, the
attacker published about 25,000 of the credit-card
numbers on the Internet!
• Some banks reissued all the credit cards at a cost of
$20 per card, and others forewarned their customers
about unusual entries in their statements.
• Such attacks could obviously lead to great losses—
both in terms of finance and goodwill. Generally, it
takes $20 to replace a credit card.
• Therefore, if a bank has to replace 3,00,000 such
cards, the total cost of such an attack is about $6
Modern Nature of Attacks
• Computer-based systems are not all that different
from what happens in the real world.
• Changes in computer-based systems are mainly due
to the speed at which things happen and the
accuracy that we get, as compared to the traditional
world.
• Few salient features of the modern nature of attacks,
as follows:
1. Automating Attacks
• The speed of computers make several attacks worthwhile for miscreants.
• For example, in the real world, let’s suppose someone manages to create
a machine that can produce counterfeit coins.
• Would that bother authorities? It certainly would.
• However, producing so many coins on a mass scale may not be that
much economical compared to the return on that investment! How many
such coins would the attacker be able to get into the market so rapidly?
But, the scenario is quite different with computers.
• They are quite efficient and happy in doing routine, everyday, repetitive
tasks.
• For example, they would excel in somehow stealing a very low amount
(say half a dollar or 20 rupees) from a million bank accounts in a matter
of a few minutes.
• This would give the attacker a half million dollars possibly without any
major complaints! This is shown in Fig. 1.2.
• Humans dislike mundane and repetitive tasks. Automating them can
cause financial destruction or a security nuisance quite rapidly.
2. Privacy Concerns
• Collecting information about people and later (mis)using it is
turning out to be a huge problem these days. The so-called
data mining applications gather, process, and tabulate all sorts
of details about individuals.
• People can then illegally sell this information. For example,
companies like Experian (formerly TRW), TransUnion, and
Equifax maintain credit history of individuals in the USA.
• These companies have volumes of information about a
majority of citizens of that country.
• These companies can collect, collate, polish, and format all
sorts of information to whosoever is ready to pay for that
data!
• Examples of information that can come out of this are: which
store the person buys more from, which restaurant he/she eats
3. Distance Does not Matter
• Thieves would earlier attack banks, because banks had money.
• Banks do not have money today! Money is in digital form
inside computers, and moves around by using computer
networks.
• Therefore, a modern thief would perhaps not like to wear a
mask and attempt a robbery! Instead, it is far easier and
cheaper to attempt an attack on the computer systems of the
bank while sitting at home!
• It may be far more prudent for the attacker to break into the
bank’s servers, or steal credit card/ATM information from the
comforts of his/her home or place of work.
• This is illustrated in Fig. 1.3. In 1995, a Russian hacker broke
into Citibank’s computers remotely, stealing $12 million.
• Although the attacker was traced, it was very difficult to get
SECURITY APPROACHES
Trusted Systems
• A trusted system is a computer system that can be trusted to a
specified extent to enforce a specified security policy.
• Trusted system uses the term reference monitor, an entity at
the logical heart of the computer system which is responsible
for all decisions across controls.
• The reference monitor should be tamperproof, always be
invoked and small enough so that it can be independently
tested.
• The mathematical foundation for trusted systems was
provided by two independent, yet interrelated works.
• In 1974, a technique called as Bell-LaPadula model was
devised which was a highly trustworthy computer system
designed as a collection of objects (files, disks and printers)
Security Models
• An organization can take several approaches to implement its security
model.
• These approaches are:
1. No Security In this simplest case, the approach could be a decision to
implement no security at all.
2. Security through Obscurity In this model, a system is secure simply
because nobody knows about its existence and contents.
• This approach cannot work for too long, as there are many ways an
attacker can come to know about it.
3. Host Security In this scheme, the security for each host is enforced
individually. This is a very safe approach, but the trouble is that it cannot
scale well. The complexity and diversity of modern sites/organizations
makes the task even harder.
4. Network Security Host security is tough to achieve as organizations
grow and become more diverse. In this technique, the focus is to control
network access to various hosts and their services, rather than individual
host security. This is a very efficient and scalable model.
Security-Management Practices
• Good security-management practices always talk of a
security policy being in place.
• Putting a security policy in place is actually quite tough. A
good security policy and its proper implementation go a long
way in ensuring adequate security-management practices.
• A good security policy generally takes care of four key
aspects, as follows.
• Affordability How much money and effort does this
security implementation cost?
• Functionality What is the mechanism of providing
security?
• Cultural Issues Does the policy complement the people’s
expectations, working style and beliefs?
• Legality Does the policy meet the legal requirements?
PRINCIPLES OF SECURITY
• The four chief principles of security are:
1) Confidentiality
2) Authentication
3) Integrity
4) Non repudiation
• Two more principles that are linked to the overall
system are:
5) Access control
6) Availability
Confidentiality
• The principle of confidentiality specifies that only the sender and the
intended recipient(s) should be able to access the contents of a message.
• Confidentiality gets compromised if an unauthorized person is able to
access a message.
• An example of compromising the confidentiality of a message is shown in
Fig. 1.4.
• Here, the user of computer A sends a message to the user of computer B.
(Actually, from here onwards, we shall use the term A to mean the user A,
B to mean user B, etc., although we shall just show the computers of users
A, B, etc.).
• Another user C gets access to this message, which is not desired, and
therefore defeats the purpose of confidentiality.
• An example of this could be a confidential email message sent by A to B,
which is accessed by C without the permission or knowledge of A and B.
• This type of attack is called interception. Interception causes loss of
message confidentiality
Authentication
• Authentication mechanisms help establish proof of identities.
• The authentication process ensures that the origin of an electronic
message or document is correctly identified.
• For instance, suppose that user C sends an electronic document over
the Internet to user B.
• However, the trouble is that user C had posed as user A when he/she
sent this document to user B. How would user B know that the
message has come from user C, who is posing as user A?
• A real-life example of this could be the case of a user C, posing as
user A, sending a funds transfer request (from A’s account to C’s
account) to bank B.
• The bank might happily transfer the funds from A’s account to C’s
account—after all, it would think that user A has requested for the
funds transfer! This concept is shown in Fig. 1.5.
• This type of attack is called fabrication. Fabrication is possible in
absence of proper authentication mechanisms.
Integrity
• When the contents of a message are changed after the sender sends it,
but before it reaches the intended recipient, we say that the integrity of
the message is lost.
• For example, suppose you write a check for $100 to pay for goods
bought from the US.
• However, when you see your next account statement, you are startled
to see that the check resulted in a payment of $1000! This is the case
for loss of message integrity.
• Conceptually, this is shown in Fig. 1.6. Here, user C tampers with a
message originally sent by user A, which is actually destined for user
B.
• User C somehow manages to access it, change its contents, and send
the changed message to user B.
• User B has no way of knowing that the contents of the message were
changed after user A had sent it. User A also does not know about this
change. This type of attack is called modification.
Non-repudiation
• There are situations where a user sends a message, and
later on refuses that she had sent that message.
• For instance, user A could send a funds transfer request
to bank B over the Internet.
• After the bank performs the funds transfer as per A’s
instructions, A could claim that he/she never sent the
funds transfer instruction to the bank! Thus, A
repudiates, or denies, his/her funds transfer instruction.
• The principle of non-repudiation defeats such
possibilities of denying something after having done it.
This is shown in Fig. 1.7.
• Non-repudiation does not allow the sender of a message
to disprove the claim of not sending that message
Access Control
• The principle of access control determines who should be able to
access what.
• For instance, we should be able to specify that user A can view the
records in a database, but cannot update them. However, user B might
be allowed to make updates as well.
• An access-control mechanism can be set up to ensure this. Access
control is broadly related to two areas: role management and rule
management.
• Role management concentrates on the user side (which user can do
what), whereas rule management focuses on the resources side (which
resource is accessible, and under what circumstances).
• Based on the decisions taken here, an access-control matrix is
prepared, which lists the users against a list of items they can access
(e.g. it can say that user A can write to file X, but can only update
files Y and Z).
• An Access Control List (ACL) is a subset of an access-control matrix.
Availability
• The principle of availability states that resources (i.e.
information) should be available to authorized parties at
all times.
• For example, due to the intentional actions of another
unauthorized user C, an authorized user A may not be
able to contact a server computer B, as shown in Fig.
1.8.
• This would defeat the principle of availability. Such an
attack is called interruption.
• We may be aware of the traditional OSI standard for
Network Model, which describes the seven layers of
the networking technology (application, presentation,
session, transport, network, data link, and physical).
Ethical and Legal Issues
• The ethical issues in security systems are classified
into four categories:
 Privacy – deals with the right of an individual to
control personal information
 Accuracy – deals about the responsibility for the
authenticity, fidelity and accuracy of information.
 Property – talks about the owner of the
information and about who controls access.
 Accessibility – deals with the issue of type of
information an organization has the right to collect.
TYPES OF ATTACKS
• We shall classify attacks with respect to two views:
the common person’s view and a technologist’s
view.
Attacks
• A General View From a common person’s point of
view, we
• can classify attacks into three categories, as shown
in Fig. 1.9.
1. Criminal Attacks
• Criminal attacks are the simplest to understand. Here, the sole aim of
the attackers is to maximize financial gain by attacking computer
systems. Table 1.1 lists some forms of criminal attacks.
2. Publicity Attacks
• Publicity attacks occur because the attackers want to see their names
appear on television news channels and newspapers.
• History suggests that these types of attackers are usually not hardcore
criminals.
• They are people such as students in universities or employees in large
organizations, who seek publicity by adopting a novel approach of
attacking computer systems.
• One form of publicity attacks is to damage (or deface) the Web pages of
a site by attacking it.
• One of the most famous of such attacks occurred on the US Department
of Justice’s Web site in 1996.
• The New York Times home page was also infamously defaced two
3. Legal Attacks
• This form of attack is quite novel and unique. Here, the attacker tries to
make the judge or the jury doubtful about the security of a computer
system.
• This works as follows.
• The attacker attacks the computer system, and the attacked party (say a
bank or an organization) manages to take the attacker to the court.
• While the case is being fought, the attacker tries to convince the judge
and the jury that there is inherent weakness in the computer system and
that she has done nothing wrongful.
• The aim of the attacker is to exploit the weakness of the judge and the
jury in technological matters.
• For example, an attacker may sue a bank for performing an online
transaction, which he/she never wanted to perform.
• In court, the attacker could innocently say something like: The bank’s
Web site asked me to enter a password and that is all that I provided; I
do not know what happened thereafter. A judge is unwittingly likely to
sympathize with the attacker!
Attacks A Technical View
• A Technical View From a technical point of view,
we can classify the types of attacks on computers
and network systems into two categories for better
understanding:
(a) Theoretical concepts behind these attacks, and
(b) Practical approaches used by the attackers.
1. Theoretical Concepts
• The principles of security face threat from various
attacks.
• These attacks are classified into four categories, as
mentioned namely:
 Interception -
 This attack results from violating confidentiality.
 It means that an unauthorized party has gained
access to a resource. The party can be a person,
program or computer-based system.
 Example: Copying of data or programs and listening
to network traffic.
 Fabrication - ❑ This attack results from violating
authentication. ❑ This involves creation of illegal
objects on a computer system. ❑ Example: The
attacker may add fake records to a database.
 Modification – ❑ This attack results from
violating Integrity. The attacker may modify the
values in a database
 Interruption ❑ This attack results from violating
availability. ❑ The resource becomes
unavailable, lost or unusable. ❑ Example:
Causing problems to a hardware device, erasing
program, data or operating system components.
• These attacks are further grouped into two types:
 Passive attacks
 Active attacks
(a) Passive Attacks
• Passive attacks are those, wherein the attacker
indulges in eavesdropping or monitoring of data
transmission.
• The attacker aims to obtain information that is in
transit.
• The term passive indicates that the attacker does not
attempt to perform any modifications to the data.
• Passive attacks are harder to detect.
• The general approach to deal with passive attacks is
to think about prevention, rather than detection or
corrective actions.
• Passive attacks do not involve any modifications to the
contents of an original message.
• Passive attacks can be further classified into two sub-
categories.
• These categories are:
• Release of message contents
• Traffic analysis.
Release of message contents:
• When a confidential email message is sent, it is desired that only
the recipient is able to access it. Otherwise, the contents of the
message are released against our wishes to someone else.
• Using certain security mechanisms, we can prevent release of
message contents. For example, we can encode messages using
a code language, so that only the desired parties understand the
contents of a message, because only they know the code
language.
• However, if many such messages are passing through, a passive
attacker could try to figure out similarities between them to
come up with some sort of pattern that provides the attacker
some clues regarding the communication that is taking place.
• Such attempts of analysing (encoded) messages to come up with
likely patterns are the work of the traffic analysis attack.
(b) Active Attacks
• The active attacks are based on modification of the original
message in some manner or the creation of a false message.
• These attacks cannot be prevented easily.
• They can be detected with some effort and attempts can be
made to recover from them. These attacks can be in the form
of interruption, modification and fabrication.
• In active attacks, the contents of the original message are
modified in some way.
• Trying to pose as another entity involves masquerade
(interruption) attacks.
• Modification attacks can be classified further into replay
attacks and alteration of messages.
• Fabrication causes Denial Of Service (DOS) attacks.
• This Classification can be shown as follows:
Masquerade is caused when an unauthorized entity
pretends to be another entity.
• Example: User C might pose as user A and send a
message to user B. User B might be led to believe
that the message indeed came from user A. In
masquerade attacks, an entity poses as another
entity.
• Example, the attack may involve capturing the users
authentication sequence (e.g. user ID and
password). Later those details can be used to gain
illegal access to the computer system.
Replay attack is caused when a user captures a sequence
of events or some data units and re-sends them.
• For instance, suppose user A wants to transfer some
amount to user C’s bank account.
• Both users A and C have accounts with bank B. User A
might send an electronic message to bank B, requesting
for the funds transfer.
• User C could capture this message and send a second
copy of the same to bank B. Bank B would have no idea
that this is an unauthorized message and would treat this
as a second and different, funds transfer request from user
A.
• Therefore, user C would get the benefit of the funds
transfer twice: once authorized, once through a replay
Alteration of messages involves some change to the
original message.
• For instance, suppose user A sends an electronic
message Transfer $100 to D’s account to bank B.
User C might capture this and change it to Transfer
$1000 to C’s account.
• Both the beneficiary and the amount have been
changed - instead, only one of these could have also
caused alteration of the message.
Denial Of Service (DOS) attacks make an attempt
to prevent legitimate users from accessing some
services, which they are eligible for.
• For instance, an unauthorized user might send too
many login requests to a server using random user
ids one after the other in quick succession, so as to
flood the network and deny other legitimate users
from using the network facilities.
The Practical Side of Attacks
• The attacks discussed earlier can come in a number of
forms in real life.
• They can be classified into two broad categories:
application-level attacks and network-level attacks, as
shown in Fig. 1.13.
1. Application-level Attacks
• These attacks happen at an application level in the sense
that the attacker attempts to access, modify, or prevent
access to information of a particular application, or the
application itself.
• Examples of this are trying to obtain someone’s credit-
card information on the Internet, or changing the contents
of a message to change the amount in a transaction, etc.
2. Network-level Attacks
• These attacks generally aim at reducing the capabilities of a
network by a number of possible means.
• These attacks generally make an attempt to either slow down,
or completely bring to halt, a computer network.
• Note that this automatically can lead to application-level
attacks, because once someone is able to gain access to a
network, usually he/she is able to access/modify at least some
sensitive information, causing havoc.
Programs that Attack
• few programs that attack computer systems to cause some
damage or to create confusion.
1. Virus One can launch an application-level attack or a
network level attack using a virus.
• In simple terms, a virus is a piece of program code that
attaches itself to legitimate program code and runs when
the legitimate program runs.
• It can then infect other programs in that computer or
programs that are in other computers but on the same
network.
• This is shown in Fig. 1.14. In this example, after deleting all
the files from the current user’s computer, the virus self-
propagates by sending its code to all users whose email
addresses are stored in the current user’s address book.
• Viruses can also be triggered by specific events (e.g. a virus
could automatically execute at 12 PM every day).
• Usually viruses cause damage to computer and network
systems to the extent that it can be repaired, assuming that the
organization deploys good backup and recovery procedures.
During its lifetime, a virus goes through four phases:
(a) Dormant phase: Here, the virus is idle. It gets
activated based on certain action or event (e.g. the
user typing a certain key or certain date or time is
reached, etc). This is an optional phase.
(b) Propagation phase: In this phase, a virus copies
itself and each copy starts creating more copies of
self, thus propagating the virus.
(c) Triggering phase: A dormant virus moves into this
phase when the action/event for which it was waiting
is initiated.
(d) Execution phase: This is the actual work of the
virus, which could be harmless (display some message
on the screen) or destructive (delete a file on the disk)
Viruses can be classified into the following categories:
(a) Parasitic virus: This is the most common form of
viruses. Such a virus attaches itself to executable files
and keeps replicating. Whenever the infected file is
executed, the virus looks for other executable files to attach
itself and spread.
(b) Memory-resident virus: This type of virus first
attaches itself to an area of the main memory and then
infects every executable program that is executed.
(c) Boot sector virus: This type of virus infects the master
boot record of the disk and spreads on the disk when the
operating system starts booting the computer.
(d) Stealth virus: This virus has intelligence built in,
which prevents anti-virus software programs from
detecting it.
(e) Polymorphic virus: A virus that keeps changing its
signature (i.e. identity) on every execution, making it
very difficult to detect.
(f) Metamorphic virus: In addition to changing its
signature like a polymorphic virus, this type of virus
keeps rewriting itself every time, making its detection
even harder.
• There is another popular category of viruses, called as
the macro virus.
• This virus affects specific application software, such
as Microsoft Word or Microsoft Excel.
• These viruses affect the documents created by users and
spread quite easily since such documents are very
commonly exchanged over email.
• Worm Similar in concept to a virus, a worm is
actually different in implementation.
• A virus modifies a program (i.e. it attaches itself to the
program under attack).
• A worm, however, does not modify a program.
• Instead, it replicates itself again and again. This is
shown in Fig. 1.15.
• The replication grows so much that ultimately the
computer or the network on which the worm resides,
becomes very slow, finally coming to a halt.
• Thus, the basic purpose of a worm attack is different
from that of a virus.
• A worm does not perform any destructive actions and
instead, only consumes system resources to bring it
down.
Trojan Horse A Trojan horse is a hidden piece of
code, like a virus.
• However, the purpose of a Trojan horse is
different. Whereas the main purpose of a virus is to
make some sort of modifications to the target
computer or network, a Trojan horse attempts to
reveal confidential information to an attacker.
• The name (Trojan horse) is due to the Greek
soldiers, who hid inside a large hollow horse, which
was pulled by Troy citizens, unaware of its contents.
Once the Greek soldiers entered the city of Troy,
they opened the gates for the rest of Greek soldiers.
• Trojan horse could silently sit in the code for a Login
screen by attaching itself to it.
• When the user enters the user id and password, the
Trojan horse could capture these details and send this
information to the attacker without the knowledge of the
user who had entered the id and password.
• The attacker can then merrily use the user id and
password to gain access to the system.
• This is shown in Fig. 1.16.
• A Trojan horse allows an attacker to obtain some
confidential information about a computer or a network.
Dealing with Viruses
• Preventing viruses is the best option. but, it is almost
impossible to prevent them altogether with the world
connected to the Internet all the time.
• We have to accept that viruses will attack and would need
to find ways to deal with them.
• Hence, we can attempt to detect, identify and remove
viruses. This is shown in Fig. 1.23.
• Detection of viruses involves locating the virus, having
known that a virus has attacked.
• Then we need to identify the specific virus that has
attacked. Finally, we need to remove it. For this, we need
to remove all traces of the virus and restore the affected
programs/files to their original states.
1st generation These anti-virus software programs were called as
simple scanners. They needed a virus signature to identify a virus.
• A variation of such programs kept a watch on the length of
programs and looked for changes so as to possibly identify a virus
attack.
2nd generation These anti-virus software programs did not rely on
simple virus signatures. Rather, they used heuristic rules to look
for possible virus attacks. The idea was to look for code blocks that
were commonly associated with viruses.
• For example, such a program could look for encryption key used
by a virus, find it, decrypt and remove the virus and clean the code.
3rd generation These anti-virus software programs were memory
resident. They watched for viruses based on actions, rather than
their structure.
• Thus, it is not necessary to maintain a large database of virus
signatures. Instead, the focus is to keep watch on a small number
of suspect actions.
4th generation These anti-virus software programs package
many anti-virus techniques together (e.g. scanners, activity
monitoring).
• They also contain access control features, thus thwarting the
attempts of viruses to infect files.
• There is a category of software called as behavior-blocking
software, which integrates with the operating system of the
computer and keeps a watch on virus-like behavior in real
time.
Specific Attacks
• Sniffing and Spoofing: On the Internet, computers
exchange messages with each other in the form of
small blocks of data, called as packets.
• A packet, like a postal envelope contains the actual data to
be sent and the addressing information.
• Attackers target these packets, as they travel from the
source computer to the destination computer over the
Internet.
• These attacks take two main forms: (a) Packet sniffing
(also called as snooping) and (b) Packet spoofing.
• Since the protocol used in this communication is called
as Internet Protocol (IP), other names for these two
attacks are: (a) IP sniffing and (b) IP spoofing. The
(a) Packet sniffing: Packet sniffing is a passive attack on an ongoing
conversation. An attacker need not hijack a conversation, but
instead, can simply observe (i.e. sniff ) packets as they pass by.
• Clearly, to prevent an attacker from sniffing packets, the information
that is passing needs to be protected in some ways.
• This can be done at two levels: (i) The data that is traveling can be
encoded in some ways or (ii) The transmission link itself can be
encoded.
• To read a packet, the attacker somehow needs to access it in the first
place.
(b) Packet spoofing: In this technique, an attacker sends packets
with a false source address.
• When this happens, the receiver (i.e. the party who receives these
packets containing false address) would inadvertently send replies
back to this forged address (called as spoofed address) and not to
the attacker.
This can lead to three possible cases:
(i) The attacker can intercept the reply – If the attacker
is between the destination and the forged source, the
attacker can see the reply and use that information for
hijacking attacks.
(ii) The attacker need not see the reply – If the
attacker’s intention was a Denial Of Service (DOS)
attack, the attacker need not bother about the reply.
(iii) The attacker does not want the reply – The attacker
could simply be angry with the host, so it may put that
host’s address as the forged source address and send the
packet to the destination.
• The attacker does not want a reply from the destination,
as it wants the hostwith the forged address to receive it
Phishing Phishing has become a big problem in recent times.
• In 2006, the estimated losses due to phishing were to the
tune of USD 2.8 billion, according to a study. Attackers set up
fake Web sites, which look like real Web sites.
• It is quite simple to do so, since creating Web pages involves
relatively simple technologies such as HTML, JavaScript,
CSS (Cascading Style Sheets), etc.
1. The attacker decides to create her own Web site, which looks
very identical to a real Web site.
• For example, the attacker can clone Citibank’s Web site.
• The cloning is so clever that human eye will not be able to
distinguish between the real (Citibank’s) and fake (attacker’s)
sites now.
2. The attacker can use many techniques to attack the bank’s
customers. We illustrate the most common one, as follows:
• The attacker sends an email to the legitimate customers of the
bank. The email itself appears to have come from the bank.
For ensuring this, the attacker exploits the email system to
suggest that the sender of the email is some bank official (e.g.
accountmanager@[Link]).
• This fake email warns the user that there has been some sort
of attack on the Citibank’s computer systems and that the
bank wants to issue new passwords to all its customers or
verify their existing PINs, etc.
• For this purpose, the customer is asked to visit a URL
mentioned in the same email. This is conceptually shown in
Fig. 1.27.
3. When the customer (i.e. the victim) innocently clicks on the
URL specified in the email, she is taken to the attacker’s site
and not the bank’s original site.
• There, the customer is prompted to enter confidential
information, such as her password or PIN. Since the attacker’s
fake site looks exactly
Pharming (DNS Spoofing) Another attack, known earlier as
DNS spoofing or DNS poisoning is now called as pharming
attack.
• As we know, using the Domain Name System (DNS),
people can identify Web sites with human-readable names
(such as [Link]) and computers can continue to
treat them as IP addresses (such as [Link]).
• For this, a special server computer called as a DNS server
maintains the mappings between domain names and the
corresponding IP addresses.
• The DNS server could be located anywhere. Usually, it is with
the Internet Service Provider (ISP) of the users.
1. Suppose that there is a merchant (Bob), whose site’s
domain name is [Link] and the IP address is
[Link]. Therefore, the DNS entry for Bob in all the
DNS servers is maintained as follows:
[Link] [Link]
2. The attacker (Say Trudy) manages to hack and replace the
IP address of Bob with her own (say [Link]) in the
DSN server maintained by the ISP of a user, say Alice.
• Therefore, the DNS server maintained by the ISP of Alice
now has the following entry:
[Link] [Link]
• Thus, the contents of the hypothetical DNS table
maintained by the ISP would be changed.
• A hypothetical portion of this table (before and after the
3. When Alice wants to communicate with Bob’s site,
her Web browser queries the DNS server maintained
by her ISP for Bob’s IP address, providing it the
domain name (i.e. [Link]).
• Alice gets the replaced (i.e. Trudy’s) IP address,
which is [Link].
4. Now, Alice starts communicating with Trudy,
believing that she is communicating with Bob! Such
attacks of DNS spoofing are quite common and cause
a lot of confusion.
• Even worse, the attacker (Trudy) does not have to
listen to the conversation on the wire! She has to
simply be able to hack the DNS server of the ISP and
• A protocol called as DNSSec (Secure DNS) is
being used to thwart such attacks. However,
unfortunately it is not widely used.
Security Services
Security Mechanisms
Table 1.3 lists the security mechanisms defined in
X.800.
Model for Network Security
• All the techniques for providing security have two
components:
 A security-related transformation on the information to
be sent. Examples include the encryption of the
message, which scrambles the message so that it is
unreadable by the opponent, and the addition of a code
based on the contents of the message, which can be
used to verify the identity of the sender.
 Some secret information shared by the two principals
and, it is hoped, unknown to the opponent. An
example is an encryption key used in conjunction with
the transformation to scramble the message before
transmission and unscramble it on reception.
• Another type of unwanted access is the placement in a
computer system of logic that exploits vulnerabilities in
the system and that can affect application programs as
well as utility programs, such as editors and compilers.
• Programs can present two kinds of threats:
 Information access threats: Intercept or modify data
on behalf of users who should not have access to that
data.
 Service threats: Exploit service flaws in computers to
inhibit use by legitimate users.