ch_1_Intro.

Information Security

Information Security 2

Course Curriculum: Subjects Offered


Teaching Scheme

Sr.

No.

Subject Teaching Scheme (Hours) Credits

Theory Tutorial Practical

1 Major Elective-I

Information Security

3 2 0 4


Evaluation Scheme : Examination


Syllabus : Unit-I

Cryptography and Data Security Information assurance issues Threats to authentication, privacy and integrity, Generating MD5 hash collisions Approaches to cryptography Symmetric vs. asymmetric ciphers Issues for secret key encryption Public key fixes to secret key problems Hashing and digital signatures Generating and exchanging keys Authentication via key ownership Non-repudiation using digital signatures Digital signatures in the real world Key distribution and management E-voting


Syllabus : Unit-II

Intrusion Detection Overview Host based intrusion detection systems Network based intrusion detection systems IDS as part of the overall Security System IDS Signatures and Analysis Schemes for Intrusion Detection Systems Anomaly detection Expert Systems Tools for packet analysis and intrusion detection Some intrusion detection tools (Snort, Windump, Ethereal etc.) Case Reports of various attack strategies Implementation Issues Future directions


Reference Books

1. Intrusion Detection & Prevention by Carl Endorf, Eugene Schultz, Jim Mellander, Jack Kozio. Mcgraw Hill publication

2. Network Intrusion Detection (3Edition) by Stephen Northcutt and Judy Novak ISBN 0735712654

3. Snort 2.1 Intrusion Detection (Book with CD-ROM) by Jay Beale, Caswell syngress.

4. William Stallings; Cryptography and Network Security, Pearson publication, 4 edition, 2004

5 . William Stallings; Network Secuirty Essentials, Pearson publication, 2005.

6. A. Menezes, P. van Oorschot, and S. Vanstone; Handbook of Applied Cryptography, CRC Press, 1996 -www.cacr.math.uwaterloo.ca/hac


Reference Books

Cryptography and Network Security by William Stallings; Pearson publication, 4 edition, 2004 Ch-1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12.1, 12.2, 13

Information Security-Theory and Practice by Dhiren R. Patel, PHI.

Assessing network security-Microsoft, PHI, By-Kevin lan, David le blane Ch-24, 25, 26, 27

Network security Bible Ch-13,17(pp 568 to 572)


Practical Work

Implementation of all classical ciphers study of Linux security and Linux commands Algorithm implementation(MD5) Study of NetBIOS and net commands Study of PGP utility URL scan Study of Ethereal (Wire shark) Study of SNORT and SNORT db Study of windump


Introduction

Information is the most critical resource for many organizations so it must be protected.

Due to the growth of networked data, security attacks have become a dominant problem in practically all information infrastructures.

Computer Security: generic name for the collection of tools designed to protect data and to thwart hackers

Network Security: measures to protect data during their transmission

Internet Security: measures to protect data during their transmission over a collection of interconnected networks


Introduction (Conti…)

Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, and entity/data origin authentication.

A Cryptosystem is a general term referring to a set of cryptographic primitives used to provide information security services.

Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques that provide information security services.

Cryptology is the study of cryptography and cryptanalysis. The name cryptology is a combination of the Greek words cruptos(=hidden) and logos(=study, science). So, the word cryptology literally means the science of secret writing.


Security Attacks

Any action that compromises the security of information owned by an organization

Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems

Two types of attacks are there Passive attack Active attack


Security Attacks (Cont…)



Passive attack Unauthorized reading of a message of a file Traffic analysis



Passive attacks are very difficult to detect because they do not involve any alternation of the data

Typically, the message traffic is sent and received in an apparently normal fashion and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern

However, it is feasible to prevent the success of these attacks, usually by means of encryption

Thus, the emphasis in dealing with passive attacks is on prevention rather than detection



Active attacks

Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:

Masquerade Replay Modification of messages Denial of service



A masquerade takes place when one entity pretends to be a different entity

For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.



Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect



Modification of message simply means that some portion of a legitimate message is altered, or that message are delayed or reordered, to produce an unauthorized effect

The denial of service prevents or inhibits the normal use or management of communications facilities

This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination

Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance



Active attacks present the opposite characteristic of passive attacks.

Whereas passive attacks are difficult to detect, measures are available to prevent their success.

On the other hand, it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical, software, and network vulnerabilities.

Instead, the goal is to detect active attacks and to recover from any disruption or delay caused by them.

If the detection has a deterrent effect, it may also contribute to prevention.


Information Security Objectives

Confidentiality or privacy Keeping information secret from all but those who are authorized to see it Privacy involves protecting data from unauthorized individuals while in

transit or in the store When data travels across a network, especially the internet, it may travel

through many intermediate organizations and their devices, such as routers During this process, data packets may be intercepted intentionally or

accidentally, or misdirected, and privacy can be lost.

Data integrity Ensuring that information has not been altered by unauthorized or

unknown means. Data integrity provides protection against alteration in an unauthorized

manner since the time it was created, transmitted, or stored by an authorized source.


Information Security Objectives (Conti…)

Ensuring the integrity of information requires being able to detect corruption or change to even a single bit of transferred or stored data

Entity authentication or identification Conformation of the identity of an entity. Authentication deals with the confirmation of the identity of a user or

devices, such as an employee, customer, partner, or a smart card before allowing access to a system or permitting the completion of a transaction.

Non-repudiation Preventing the denial of previous commitments or actions. Non-repudiation requires mechanisms similar to a personal signature on a

cheque or contract to prevent the denial of previous commitments or actions.



Additional Information security objectives are:

Message authentication: validation of the source of information; also known as data origin authentication

Authorization: Transference to another entity of official sanction, to do or be something.

Validation: A means to provide timeliness of authorization to use or manipulate information or resources.

Access Control: restricting access to resources to privileged entities.



Certification: Endorsement of information by trusted entity.

Time-stamping: Recording the time of creation or existence of information.

Witnessing: Verifying the creation of existence of information by an entity other than the creator.

Receipt: Acknowledgement that information has been received.

Conformation: Acknowledgement that services has been provided.

Ownership: A means to provide an entity with the legal right to use or transfer a resource to others.



Anonymity: Concealing the identity of an entity involve involved in some process.

Revocation: Retraction of certification or authorization.

Availability: Assuring the data and system resources are available to authorized parties when needed.

Message Privacy: E-mail message or files can be encrypted as a complete unit before transmission, using a utility, or built in browser functions.

Channel Privacy: Channel privacy usually requires that data sent and received through the communications channel is encrypted and decrypted at the packet level, regardless of the content.


Model for Network Security


Model for Network Security (Conti…)

using this model requires us to: 1. design a suitable algorithm for the security

transformation

2. generate the secret information (keys) used by the algorithm

3. develop methods to distribute and share the secret information

4. specify a protocol enabling the principals to use the transformation and secret information for a security service


Model for Network Access Security


Model for Network Access Security

using this model requires us to:

1. select appropriate gatekeeper functions to identify users

2. implement security controls to ensure only authorised users access designated information or resources

trusted computer systems may be useful to help implement this model

ch_1_Intro.

Documents

ch_1_Intro.