Manav Goyal

Aspects Of Security - Information Security

Security Attack
Security Mechanism
Security Service

Security Attack

Network attack is usually defined as an intrusion on the network infrastructure that will first analyze the environment and collect information in order to exploit the existing open ports or vulnerabilities
Example => X.800, RFC 2828
Types
- Passive
  - Release of message content
    - Monitors the data, Does not affects the system, Cannot be easily detected, Focus on Prevention
    - Confidentiality is not followed
  - Traffic analysis
    - Analysis traffic, Origin/Destination of data, Packet size
- Active
  - Masquerade
    - Modifies the data, Affects the system, Can be easily detected, Focus on Detection
    - Stealing authorization and then accessing resources on behalf of original user
  - Relay
    - Reading, Modifying, Inducing error bits in the original data
    - Integrity is also not followed
  - Denial of Service
    - Service is congested by continuous sending of useless data to the server
    - Availability is also not followed
Types of Security Attacks
- Brute Force
  - Trail & Error to find the key used for decryption generally using Bots
  - Captcha is used to differentiate between human and bot
- Spoofing
  - It is a technique used to masquerade a person, program or an address as another by falsifying the data with purpose of unauthorized
  - Examples
    - IP Address Spoofing
      - Process of creating IP packets with forged source IP address to impersonate legitimate system
      - This kind of spoofing is often used in DoS attacks (Smurf Attack)
    - ARP Spoofing (ARP Poisoning)
      - Process of sending fake ARP messages in the network
      - The purpose of this spoofing is to associate the MAC address with the IP address of another legitimate host causing traffic redirection to the attacker host
      - This kind of spoofing is often used in man-in-the-middle attacks
    - DNS Spoofing (DNS Cache Poisoning)
      - An attack where the wrong data is inserted into DNS Server cache, causing the DNS server to divert the traffic by returning wrong IP addresses as results for client queries
    - Email Spoofing
      - A process of faking the email's sender "from" field in order to hide real origin of the email
      - This type of spoofing is often used in spam mail or during phishing attack
    - Search engine poisoning
      - Attackers take advantage of high profile news items or popular events that may be of specific interest for certain group of people to spread malware and viruses
- Denial of Service Attack (DoS Attack)
  - An attack designed to cause an interruption or suspension of services of a specific host/server by flooding it with large quantities of useless traffic or external communication requests
- Distributed Denial of Service Attack (DDoS Attack)
  - Occurs where multiple compromised or infected systems (botnet) flood a particular host with traffic simultaneously
- Cross-Site Scripting (XSS)
  - XSS is a term used to describe a class of attacks that allow an attacker to inject client-side scripts through the website into the browsers of other users
- SQL Injection
  - SQL injection vulnerabilities enable malicious users to execute arbitrary SQL code on a database, allowing data to be accessed, modified, or deleted irrespective of the user's permissions
- Network sniffing (Packet Sniffing)
  - A process of capturing the data packets traveling in the network
  - This may include unauthorized access to organization resources
- Bluetooth related attack
  - Bluesnarfing
  - Bluejacking
  - Bluebugging
- Social engineering
- Phishing
- ICMP flood attack (Ping Flood)
- Ping of Death (PoD)
- Smurf attack
- Buffer overflow
- Man-in-the-middle
- Session hijacking
- Spear phishing
- Watering hole
- Whaling
- Port scanning
- Botnet
Types of Malware
- Virus
  - Virus is a malicious program able to inject its code into other programs/ applications or data files and the targeted areas become "infected"
  - Installation of a virus is done without user's consent, and spreads in form of executable code transferred from one host to another
  - Types of viruses
    - Resident virus
    - Non-resident virus
    - Boot sector virus
    - Macro virus
    - File-infecting virus (file-infector)
    - Polymorphic virus
    - Metamorphic virus
    - Stealth virus
    - Companion virus
    - Cavity virus
- Worm
  - Worm is a malicious program category, exploiting operating system vulnerabilities to spread itself
  - Unlike the viruses though worms can reproduce/ duplicate and spread by itself
  - Types
    - Email worms
    - Internet worms
    - Network worms
    - Multi-vector worms
- Trojan
  - Trojans are a type of malware software that masquerades itself as a not-malicious even useful application but it will actually do damage to the host computer after its installation
  - Unlike virus, Trojans do not self-replicate unless end user intervene to install
  - Types of Trojan
    - Remote Access Trojans (RAT) aka Backdoor Trojan
    - Trojan-DDoS, Trojan-Proxy, Trojan-FTP, Destructive Trojan
    - Security Software Disabler Trojan, Info Stealer (Data Sending/ Stealing Trojan)
    - Keylogger Trojan, Trojan-PSW (Password Stealer), Trojan-Banker, Trojan-IM
- Others
  - Malware
    - Malware refers to software viruses, spyware, adware, worms, Trojans, ransomeware
    - They are designed to cause damage to a targeted computer or cause a certain degree of operational disruption
  - Rootkit
    - Rootkit are malicious software designed to hide certain processes or programs from detection
    - Usually acquires and maintains privileged system access while hiding its presence in the same time
    - It acts as a conduit by providing the attacker with a backdoor to a system
  - Spyware
    - A software that monitors and collects information about a particular user, computer or organization without user’s knowledge
  - Riskware
    - A term used to describe potentially dangerous software whose installation may pose a risk to the computer
  - Adware
    - Software generating or displaying certain advertisements to the user
    - This kind of adware is very common for freeware and shareware software and can analyze end user internet habits and then tailor the advertisements directly to users interests
  - Creepware
    - A term used to describe activities like spying others through webcams (very often combined with capturing pictures), tracking online activities of others and listening to conversation over the computer's microphone and stealing passwords and other data
  - Blended threat
    - Blended threat defines an exploit that combines elements of multiple types of malware components
    - Usage of multiple attack vectors and payload types targets to increase the severity of the damage causes and as well the speed of spreading

Security Mechanism

Encipherment
- Hiding the actual data so that attacker cannot understand it
Digital Signature
- Sender adds private key with data to encrypt and receiver adds public key to decrypt
Access Control
- The control of access to system resources after a user’s account credentials and identity have been authenticated and access to the system has been granted
- Access control is used to identify a subject (user/human) and to authorize the subject to access an object (data/resource) based on the required task
- Logical access control models are the abstract foundations upon which actual access control mechanisms and systems are built
Authentication Exchange
- Identifying valid user using authentication
Traffic Padding
- Prevention from Traffic analysis by randomly dumping packets
Routing Control
- Continuously changing path to confuse Hacker

Security Service

Authentication
- Checking if user is the valid user
- Using Passwords, OTP, Pins
Authorization
- Checking if user is authorized to access the resource
- Using access control
Non-Repudiation
- Protection against denial by one of the parties in a communication
Auditing
- Analyzing the problem