Security attack: Any action that compromises the security of information owned by an

organization.
A useful means of classifying security attacks is in terms of passive attacks and active
attacks. A passive attack attempts to learn or make use of information from the system but
does not affect system resources. An active attack attempts to alter system resources or affect
their operation.
Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions
as shown in Fig 1.4. The goal of the opponent is to obtain information that is being
transmitted. Two types of passive attacks are the release of message contents and traffic
analysis.

Fig 1.4 Passive Attacks

The release of message contents is easily understood (Figure 1.5). A telephone
conversation, an electronic mail message, and a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent from learning the contents of
these transmissions.
 Fig 1.5 Release of Message

A second type of passive attack, traffic analysis, is subtler (Figure 1.6). Suppose that
we had a way of masking the contents of messages or other information traffic so that
opponents, even if they captured the message, could not extract the information from the
message. The common technique for masking contents is encryption.

Fig 1.6 Traffic analysis

Passive attacks are very difficult to detect, because they do not involve any alteration
of the data. Typically, the message traffic is sent and received in an apparently normal
fashion, and neither the sender nor the receiver is aware that a third party has read the
messages or observed the traffic pattern. However, it is feasible to prevent the success of
these attacks, usually by means of encryption. Thus, the emphasis in dealing with passive
attacks is on prevention rather than detection.

Active Attacks

Active attacks involve some modification of the data stream or the creation of a false
stream and can be subdivided into four categories: masquerade, replay, modification of
messages, and denial of service.

A masquerade takes place when one entity pretends to be a different entity (Figure
1.7). A masquerade attack usually includes one of the other forms of active attack. For
example, authentication sequences can be captured and replayed after a valid authentication
sequence has taken place, thus enabling an authorized entity with few privileges to obtain
extra privileges by impersonating an entity that has those privileges.

Fig 1.7 Masquerade

Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect (Figure 1.8).

Fig 1.8 Replay

Modification of messages simply means that some portion of a legitimate message is
altered, or that messages are delayed or reordered, to produce an unauthorized effect (Figure
1.9). For example, a message meaning “Allow John Smith to read confidential file accounts”
is modified to mean “Allow Fred Brown to read confidential file accounts.”
 Fig 1.9 Modification of messages
The denial of service prevents or inhibits the normal use or management of
communications facilities (Figure 1.10). This attack may have a specific target; for example,
an entity may suppress all messages directed to a particular destination (e.g., the security
audit service). Another form of service denial is the disruption of an entire network—either
by disabling the network or by overloading it with messages so as to degrade performance.

Security aspects come into play when it is necessary or desirable to protect the
information transmission from an opponent who may present a threat to confidentiality,
authenticity, and so on. All of the techniques for providing security have two components:

A security-related transformation on the information to be sent. Examples include the

encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be used
to verify the identity of the sender.

Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.

Denial of Service Attacks

With a DoS attack, a hacker attempts to render a network or an Internet resource, such
as a web server, worthless to users. A DoS attack typically achieves its goal by sending large
amounts of repeated requests that paralyze the network or a server.
A common form of a DoS attack is a SYN flood, where the server is overwhelmed by
embryonic connections. A hacker sends to a server countless Transmission Control Protocol
(TCP) synchronization attempts known as SYN requests. The server answers each of those
requests with a SYN ACK reply and allocates some of its computing resources to servicing
this connection when it becomes a "full connection." Connections are said to be embryonic or
half-opened until the originator completes the three-way handshake with an ACK for each
request originated. A server that is inundated with half-opened connections soon runs out of
resources to allocate to upcoming connection requests, thus the expression "denial of service
attack."

1.6 A MODEL FOR NETWORK SECURITY:

A Network Security Model exhibits how the security service has been designed over
the network to prevent the opponent from causing a threat to the confidentiality or
authenticity of the information that is being transmitted through the network.
For a message to be sent or receive there must be a sender and a receiver. Both the sender and
receiver must also be mutually agreeing to the sharing of the message. Now, the transmission
of a message from sender to receiver needs a medium i.e. Information channel which is
an Internet service.

A logical route is defined through the network (Internet), from sender to the receiver and
using the communication protocols both the sender and the receiver established
communication.

Any security service would have the three components discussed below:

1. Transformation of the information which has to be sent to the receiver. So, that any
opponent present at the information channel is unable to read the message. This indicates
the encryption of the message.

It also includes the addition of code during the transformation of the information which will
be used in verifying the identity of the authentic receiver.

2. Sharing of the secret information between sender and receiver of which the opponent must
not any clue. The encryption key which is used during the encryption of the message at the
sender’s end and also during the decryption of message at receiver’s end.

3. There must be a trusted third party which should take the responsibility of distributing the
secret information (key) to both the communicating parties and also prevent it from any
opponent.

Fig 1.11 A Model for Network Security