What is Computer Networking? In the world of computers, networking is the practice of linking two or more computing devices together for the purpose of sharing data. Networks are built with a mix of computer hardware and computer software. Distrust and caution are the parents of security. — Benjamin Franklin We will bankrupt ourselves in the vain search for absolute security. — Dwight D. Eisenhower Network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and networkaccessible resources. The main aim of network security is to ensure that the users are authentic, next to make sure that the users are allowed access to only those features which they are entitled to. Finally, it tries to block and prevent all potential misuse and deliberate damage inflicted upon by a user with malicious intentions . Network security starts from authenticating the user, commonly with a username and a password. Since this requires just one thing besides the user name, i.e. the password which is something you 'know', this is sometimes termed one factor authentication. With two factor authentication something you 'have' is also used (e.g. a security token or 'dongle', an ATM card, or your mobile phone), or with three factor authentication something you 'are' is also used (e.g. a fingerprint or retinal scan). Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high level analysis. Security holes manifest themselves in (broadly) four ways: 1)PHYSICAL SECURITY HOLES 2)SOFTWARE SECURITY HOLES 3)INCOMPATIBLE USAGE SECURITY HOLES 4)CHOOSING AND MAINTAINING SECURITY PHILOSOPHY 1) Physical Security Holes. Where the potential problem is caused by giving unauthorized persons physical access to the machine, where this might allow them to perform things that they shouldn't be able to do. A good example of this would be a public workstation room where it would be trivial for a user to reboot a machine into single-user mode and tamper with the workstation file store, if precautions are not taken. Another example of this is the need to restrict access to confidential backup tapes, which may (otherwise) be read by any user with access to the tapes and a tape drive, whether they are meant to have permission or not. 2) Software Security Holes Where the problem is caused by badly written items of "privileged" software (daemons, cron-jobs) which can be compromised into doing things which they shouldn't. 3) Incompatible Usage Security Holes Where, through lack of experience, or no fault of his/her own, the System Manager assembles a combination of hardware and software which when used as a system is seriously flawed from a security point of view . It is the incompatibility of trying to do two unconnected but useful things which creates the security hole. Problems like this are a pain to find once a system is set up and running, so it is better to build a system with them in mind. 4) Choosing a suitable security philosophy and maintaining it. The fourth kind of security problem is one of perception and understanding. Perfect software, protected hardware, and compatible components don't work unless you have selected an appropriate security policy and turned on the parts of your system that enforce it. Security is relative to a policy (or set of policies) and the operation of a system in conformance with that policy Step 1: Knowledge of system control structure. To find security holes, and identifying design weaknesses it is necessary to understand the system control structure, and layers. One should be able to list the following : 1) Security objects : items to be protected 2) Control objects : items that protect security objects. 3) Mutual objects : objects in both classes. With such a list, it is possible to graphically represent a control hierarchy and identify potential points of attack. Step 2: Generate an inventory of suspected flaws. (i.e. flaw hypotheses) Step 3: Confirm hypotheses. (test and exploit flaws) Step 4: Make generalizations of the underlying system weaknesses, for which the flaw represents a specific instance A smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card with embedded integrated circuits. Smart cards can provide identification, authentication, data storage and application processing. A quickly growing application is in digital identification. In this application, the cards authenticate identity. The most common example employs PKI. The card stores an encrypted digital certificate issued from the PKI provider along with other relevant information. Smart cards have been advertised as suitable for personal identification tasks, because they are engineered to be tamper resistant. The chip usually implements some cryptographic algorithm. Biometrics comprises methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In computer science, in particular, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance. Biometric characteristics can be divided in two main classes: Physiological are related to the shape of the body. Examples include, but are not limited to fingerprint, face recognition, DNA, Palm print, hand geometry, iris recognition, which has largely replaced retina, and odour/scent. Behavioral are related to the behavior of a person. Examples include, but are not limited to typing rhythm, gait, and voice. Some researchers have coined the term ‘behaviometrics’ for this class of biometrics. It is possible to understand if a human characteristic can be used for biometrics using some distinguishing parameters. A biometric system can operate in the following two modes: Verification – A one to one comparison of a captured biometric with a stored template to verify that the individual is who he claims to be. Can be done in conjunction with a smart card, username or ID number. Identification – A one to many comparison of the captured biometric against a biometric database in attempt to identify an unknown individual. The identification only succeeds in identifying the individual if the comparison of the biometric sample to a template in the database falls within a previously set threshold. A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices that is configured to permit or deny network transmissions based upon a set of rules and other criteria. A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. Firewalls use one or more of three methods to control traffic flowing in and out of the network: Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded. Overview Introduction What is a Cookie? Basic Facts Scope of Cookies Cookie based Marketing Cookies, Privacy & Legislation Hackers, Crackers & Network Intruders Hacker Terms Types Of Hackers Gaining Accesses Cyber Law Areas Of Laws Information Technology Act What is a Cookie? Short pieces of text generated during web activity and stored in the user’s machine for future reference Instructions for reading and writing cookies are coded by website authors and executed by user browsers Developed for user convenience to allow customization of sites without need for repeating preferences Cookie Facts Most Cookies store just 1 data value A Cookie may not exceed 4 Kb in size Browsers are preprogrammed to allow a total of 300 Cookies, after which automatic deletion based on expiry date and usage Cookies have 3 key attributes: name, value and expiry date Cookie Scope: Cannot Do Have automatic access to personal information like name, address, email Read or write data to hard disk Read or write information in cookies placed by other sites Run programs on your computer Cookie Scope: Can Do Store and manipulate any information you explicitly provide to a site Track your interaction with parent site such as pages visited, time of visits, number of visits Use any information available to web server including: IP address, Operating System, Browser Type Cookie Code Cookies may be read/written by server-side or client-side code Server-side Cookies are executed by the web server and instructions included in HTTP header for the page Server-side Cookie languages: Perl/CGI, ASP/VBScript Client-side scripts: JavaScript embedded in page HTML A Typical Cookie Algorithm Start: On page load Read Cookie Is Cookie empty? Y Write new Cookie. Prompt for info if necessary. N Use Cookie info to customize/login etc Update Cookie Continue loading page… © Ravi Pai Panandiker Cookie based Marketing - Schema Web Server Ad Server SEND - User ad server id - IP address GET - Consumer profile and/or - Targeted banner ad SEND - Regular page content GET - Targeted advertising - Cookie based info - User ad server id - IP address User Computer © Ravi Pai Panandiker Cookie Viruses? On most platforms, Cookies are stored as text only files. To cause damage the Cookie must be an executable On Windows, text files are non-executable and would open in a text editor if double clicked In general, there are easier loopholes for a hacker in ActiveX controls, Outlook Express etc The threat from Cookies is not from what they can do to your computer but what information they may store and pass on Hackers, Crackers, and Network Intruders Hacker Terms Hacking - showing computer expertise Cracking - breaching security on software or systems Phreaking - cracking telecom networks Spoofing - faking the originating IP address in a datagram Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore Port Scanning - searching for vulnerabilities Types of hackers Professional hackers Black Hats – the Bad Guys White Hats – Professional Security Experts Script kiddies Mostly kids/students User tools created by black hats, – To get free stuff – Impress their peers – Not get caught Underemployed Adult Hackers Former Script Kiddies Can’t get employment in the field Want recognition in hacker community Big in eastern european countries Ideological Hackers hack as a mechanism to promote some political or ideological purpose Usually coincide with political events Gaining access Front door Password guessing Password/key stealing Back doors Often left by original developers as debug and/or diagnostic tools Forgot to remove before release Trojan Horses Usually hidden inside of software that we download and install from the net (remember nothing is free) Many install backdoors Judiciary and IT Act 2000 The judicial bodies are not fully aware of Cyber crime and the way in which investigations are carried out. Although Cyber law courses available in India, it is difficult to find a experienced cyber lawyer who is aware of Forensic analysis and technical terms. It is difficult to convince judicial bodies including judges and the tribunal when evidence is in a digital format. There is no legal procedure for collecting, analyzing and presenting evidence in the court of law. Hence the defense lawyer can always anticipate a ambiguity. There are certain shortcomings of the Information Technology Act, 2000 with regard to identity theft, spamming, pornography, data protection and internet banking. Cyber Crimes What is Cybercrime? Online activities are just as vulnerable to crime and can compromise personal safety just as effectively as common everyday crimes. Types of Cyber Crime •Assault by Threat •Child Pornography •Cyber Contraband •Cyberlaundering •Cyberstalking •Cyberterrorism •Cybertheft •Assault by Threat Threatening a person with fear for their lives or the lives of their families or persons whose safety they are responsible for (such as employees or communities) through the use of a computer network such as email, videos, or phones. •Child Pornography The use of computer networks to create, distribute, or access materials that sexually exploit underage children. •Cyber Contraband Transferring illegal items through the internet (such as encryption technology) that is banned in some locations. •Cyber-laundering Electronic transfer of illegally-obtained monies with the goal of hiding its source and possibly its destination. •Cyber-stalking Express or implied physical threats that creates fear through the use of computer technology such as email, phones, text messages, webcams, websites or videos. •Cyber-terrorism Premeditated, usually politically-motivated violence committed against civilians through the use of, or with the help of, computer techology. •Cyber-theft Using a computer to steal. This includes activities related to: breaking and entering, DNS cache poisoning, embezzlement and unlawful appropriation, espionage, identity theft, fraud, malicious hacking, plagiarism, and piracy.