Network and Information Security (22620)

1st: Introduction to Computer and Information Security (14m)

1.1 Foundation of Computer Security:

The foundation of computer security is built upon principles, practices, and
technologies aimed at safeguarding computer systems, networks, and data from
unauthorized access, attacks, damage, or theft. Key components of the
foundation of computer security include:

1. Confidentiality:
Definition: Ensuring that sensitive information is only accessible to
authorized individuals or systems.
Methods: Encryption, access controls, and secure communication protocols.

2. Integrity:
Definition: Protecting data from unauthorized modification or tampering.
Methods: Hash functions, digital signatures, and integrity checks.

3. Availability:
Definition: Ensuring that computer systems and resources are available and
accessible when needed.
Methods: Redundancy, fault tolerance, and disaster recovery planning.

4. Authentication:
Definition: Verifying the identity of users or systems attempting to access
resources.
Methods: Passwords, multi-factor authentication, biometrics, and digital
certificates.

5. Authorization:
Definition: Granting or restricting access rights based on authenticated
identities.
Methods: Access control lists, role-based access control, and least privilege
principles.

By- Kishor Dongare

Network and Information Security (22620)

Definition of Computer Security:

Computer security involves implementing measures to protect computer
systems, networks, and data from unauthorized access, damage. It
encompasses confidentiality, integrity, availability, authentication, and other
safeguarding mechanisms.

Need of Computer Security:

1. Confidentiality 5. Authorization
2. Integrity 6. Audit and Monitoring
3. Availability 7. Firewalls and Network Security
4. Authentication 8. Security Policies and Procedures

• Security Basics:

In computer security, security basics refer to fundamental principles and concepts that
form the foundation for safeguarding computer systems, networks, and data. These basics
provide a framework for designing, implementing, and managing effective security
measures.

1. Confidentiality:
The assurance that information is only accessible to authorized individuals, preventing
unauthorized disclosure.
Methods: Encryption, access controls, and secure communication protocols.

2. Integrity:
Ensures that data remains accurate and unaltered during storage, transmission, or
processing.
Methods: Hash functions, digital signatures, and integrity checks help detect and prevent
unauthorized changes.

By- Kishor Dongare

Network and Information Security (22620)

3. Availability:
Ensures that computer systems and resources are accessible and operational when needed.
Methods: Redundancy, fault tolerance, and disaster recovery planning minimize
downtime and ensure continuous service.

4. Accountability:
Establishes responsibility for actions and ensures that individuals are traceable for their
activities.
Methods: User authentication, audit trails, and logging mechanisms help track and
attribute actions to specific users.

5. Non-Repudiation:
Prevents individuals from denying their involvement in a transaction or action.
Methods: Digital signatures and cryptographic techniques provide evidence that a specific
user performed a particular action.

6. Reliability:
Ensures consistent and dependable operation of computer systems and processes.
Methods: Redundancy, error-checking mechanisms, and regular maintenance contribute
to system reliability.

By- Kishor Dongare

Network and Information Security (22620)

1.2 Risk and Threat Analysis:

Risk and threat analysis are integral components of the broader field of cybersecurity
within computer science. These processes involve evaluating potential risks and
threats to identify vulnerabilities in systems, networks, or applications. The goal is
to understand potential risks, assess their impact, and devise strategies to manage
them effectively.
Here's an overview of risk and threat analysis:

1. Assets: Assets are the valuable resources within an

organization that need protection. These can include data, software,
hardware, intellectual property, and personnel. Importance: Identifying
and classifying assets help prioritize security efforts and allocate
resources effectively.

2. Vulnerability: A vulnerability is a weakness or flaw in a

system's design, implementation, or operation that could be exploited to
compromise the system's security. Importance: Understanding
vulnerabilities is crucial for assessing potential weaknesses in the
security posture and prioritizing remediation efforts.

3. Threats: Threats are potential dangers or events that can exploit

vulnerabilities and cause harm to assets. Threats can be human (hackers,
insiders), natural (fire, flood), or environmental (power outage).
Importance: Identifying threats helps in understanding the potential risks and
formulating appropriate countermeasures.

By- Kishor Dongare

Network and Information Security (22620)

4. Risks: Risk is the likelihood and impact of a threat exploiting a

vulnerability, resulting in harm to an asset. It is often expressed as a
combination of the probability of an event occurring and the severity of its
consequences.
Importance: Assessing risks helps organizations prioritize security measures and allocate
resources to address the most significant threats.

5. Countermeasures: Countermeasures, also known as controls or

safeguards, are measures implemented to reduce or eliminate vulnerabilities
and mitigate the impact of potential threats.
Importance: Implementing effective countermeasures is essential for managing and
minimizing risks. This can include technical controls (firewalls, encryption), procedural
controls (policies, training), and physical controls (access controls, surveillance).

• The risk and threat analysis process typically involves the following steps:
Identification: Identify and classify assets, vulnerabilities, and potential threats.
Assessment: Evaluate the likelihood and impact of threats exploiting vulnerabilities to
determine the level of risk.

Mitigation: Implement countermeasures to reduce or eliminate vulnerabilities and mitigate

the impact of potential threats.

Monitoring: Continuously monitor the security posture, update risk assessments, and
adjust countermeasures as needed.

By- Kishor Dongare

Network and Information Security (22620)

1.3 Threat to Security:

What is Threat:
It is possible Event (or code) that can damage or harm Computer system or organization

What is Security Threat:

In simple terms, a security threat is like a possible danger or problem that can harm
computer systems, networks, or information.
It includes following things like viruses, fake emails, and people trying to get into your
computer without permission i.e unauthorized access.
These threats can mess up or steal important information, making it a risk to keep things
safe.
A Threat is a potential for violation of security which exists when there is a action that
might cause harm to security. Threats are divided into following categories:
a) Disclosure: - Unauthorized access to information
b) Deception: - Access to Wrong Data.
c) Disruption: - Prevention of Correct action
d) Usurpation: - Unauthorized access to system to part of system.

Virus: (Vital Information Resources Under Siege)

It refers to a type of malicious software (intentionally designed to harm computer system)
that infects computer systems and networks.
Viruses have the capability to replicate and may cause various forms of damage, that
includes alternation or deletion of data, unauthorized access by cyber criminals.
It enters to a computer without the permission of the user

Way of identifying Viruses: Increasing Response Time, Unwanted Popups, Unwanted

links will open

Phases Of Viruses (Life Cycle of Viruses)

By- Kishor Dongare

 Network and Information Security (22620)

1. Dormant Phase (Idle Phase)

• The virus is present in the system but not yet active.

• It lies dormant, possibly waiting for a trigger (e.g., a specific date, action, or condition).
• Not all viruses have this phase—some become active immediately.

2. Propagation Phase (Infection/Replication)

• The virus starts to replicate, making copies of itself.

• It spreads to other files, programs, or even devices (via networks, USB drives, email
attachments, etc.).
• In network security, this is when lateral movement or mass spreading might occur.

3. Triggering Phase (Activation)

• A specific condition causes the virus to activate.

• This could be a user action, a specific time/date, or a system state.
• This phase transitions the virus from passive to active attack mode.

4. Execution Phase (Payload Phase)

• The payload is executed, and the malicious intent of the virus is carried out.
• Common payloads: data theft, file deletion, system corruption, backdoor creation, DDoS,
ransomware encryption, etc.
• This is the phase where damage occurs.

By- Kishor Dongare

Network and Information Security (22620)

▪ Types of Computer Virus:

Computer viruses come in various forms, each with its own characteristics and
methods of spreading. Here are some common types of computer viruses:

1. File Infector Viruses:

- These viruses attach themselves to executable files and can infect other files
when the infected program is run.

2. Boot Sector Viruses:

- These viruses target the boot sector of a computer's hard drive or removable
storage devices. They activate when the system is booted, allowing the virus
to load into memory before the operating system.

3. Macro Viruses:
- Macro viruses infect applications that use macros, such as Microsoft Word
or Excel. They attach themselves to documents and spreadsheets and can be
spread through email attachments.

4. Polymorphic Viruses:
- These viruses change their code or appearance each time they infect a new
file or system. This makes them more challenging to detect by antivirus
programs.

5. Metamorphic Viruses:
- Similar to polymorphic viruses, metamorphic viruses go a step further by
completely rewriting their own code. This makes them even more resistant to
detection.

6. Resident Viruses:
- Resident viruses embed themselves in the computer's memory and can infect
files as the computer runs. They are harder to detect because they stay active
in the background.

By- Kishor Dongare

Network and Information Security (22620)

7. Non-Resident Viruses:
- Unlike resident viruses, non-resident viruses do not stay in the computer's memory.
Instead, they infect files and then leave the memory.

• Dealing with Viruses:

Dealing with viruses in network and information security requires a comprehensive and
multi-faceted approach. Here are six major important factors to consider:

1) Detection: - Find out the location of virus

2) Identification: - Identify the specific virus that has attacked
3) Removal: - After identification, it is necessary to remove all traces of the virus and
restore the affected file to its original state with the help of anti-virus.
• Worms:
A computer worm is a type of harmful software that copy itself and spread from one
computer to another without requiring any user intervention. It’s like a sickness that can
move through a network of computers, searching for weaknesses to infect. Worms often
spread through email attachments that may seem safe, but they can actually cause a lot of
trouble. Once a computer is infected, the worm can send itself to the person’s contacts,
using their email account. This way, it keeps spreading to more and more computers.
Types: Email Worms, Network Worms, File Sharing Worms, Internet Worm etc.

By- Kishor Dongare

Network and Information Security (22620)

 Difference Between Viruses And Worm

• Trojan Horse:
The name of the Trojan Horse is taken from a classical story of the Trojan War. It is a code
that is malicious in nature and has the capacity to take control of the computer. It is designed
to steal, damage, or do some harmful actions on the computer. It tries to deceive the user to
load and execute the files on the device. After it executes, this allows cybercriminals to
perform many actions on the user’s computer like deleting data from files, modifying data
from files, and more.
Types: Backdoor Trojan, Ransom Trojan, Trojan Banker, Trojan Downloader…etc.

• Intruders:
Intruders are the attackers who attempt to breach the security of a network. They attack
the network in order to get unauthorized access. Intruders are of three types, namely,
masquerader, misfeasor and clandestine user.

Masquerader: Unauthorized user who penetrates a system exploiting a legitimate user’s

account (outside)

Misfeasor: Legitimate user who makes unauthorized accesses or misuses his privileges
(inside)

Clandestine user: Seizes supervisory control to evade auditing and access controls or
suppress audit collection (inside / outside)

Insiders:
Insiders in network and information security are individuals with legitimate access to
systems or data, such as employees. They pose a security risk as they may intentionally or
unintentionally misuse their privileges, potentially causing harm.

By- Kishor Dongare

 Network and Information Security (22620)

Parameters Virus Worm Trojan Horse

Execution Executable Files Weakness in system Through program and
interprets s/w
Self-Replication Need Host File Does not need Host File Does not self-replicate
Spreading Execution or sharing of N/W connections or Relies on user actions,
Mechanism Files other communication such as opening an
channels email attachment
Visibility Requires user execution Can spread automatically Requires user action to
of infected files to without user install but may operate
activate. intervention. silently once installed.
Detection - It can detect & remove It requires tools (N/W Antivirus s/w can
Removal by scanning files & based) to detect & identify & remove
programs remove Trojans
Example CIH, Melissa Conficker & I L U worm Sub7 & back Orifice

1.4 Type of Attacks:

1.4.1 Active & Passive Attacks:

• Active Attacks:
Active and passive attacks are two categories of security threats in the context of network
and information security. These attacks target computer systems, networks, and the
information stored or transmitted within them.

• Passive Attacks:
Passive attacks are characterized by the unauthorized monitoring and interception of data
without altering the original information. The goal of passive attacks is typically to gain
information without being detected. Here are some common types of passive attacks:

1.4.2 Denial of Service:

A Denial of Service (DoS) attack is a type of cyberattack that aims to disrupt or disable the
normal functioning of a network, system, or service, making it temporarily or indefinitely
unavailable to its intended users. The primary objective of a DoS attack is to overwhelm
the target with a flood of traffic, requests, or malicious activities, causing a depletion of
resources and hindering legitimate users from accessing the services.

There are different variations of DoS attacks, and they can be categorized based on
various characteristics. Here's an in-depth explanation of Denial of Service attacks:

1. Types of Denial of Service Attacks:

a. Volumetric Attacks
b. Protocol Exploitation Attacks
c. Application Layer Attacks
d. Distributed Denial of Service (DDoS) Attacks

By- Kishor Dongare

Network and Information Security (22620)

2. Common Techniques Used in DoS Attacks:

a. Flooding:
Overwhelms a target by flooding it with a high volume of network packets or requests.
Example: Ping flood, SYN flood, and UDP flood.

b. Amplification:
Exploits amplification mechanisms in protocols to magnify the impact of an attack with
minimal effort.
Example: DNS amplification and NTP amplification attacks.

c. Exploiting Vulnerabilities:
Takes advantage of weaknesses in network protocols, operating systems, or
applications to disrupt services.
Example: Exploiting vulnerabilities in network devices or servers.

4. Preventive Measures:
a. Regular Security Audits:
Conduct regular audits to identify and address vulnerabilities in the network.

b. Network Redundancy:
Implement redundant network paths and services to ensure continuity in the event of an
attack.

c. Incident Response Planning:

Develop and implement an incident response plan to efficiently address and mitigate the
impact of a DoS attack.

By- Kishor Dongare

 Network and Information Security (22620)

2 A Distributed Denial of Service (DDoS):

A Distributed Denial of Service (DDoS) attack is an advanced form of a Denial of Service
(DoS) attack where multiple compromised systems are used to flood a target system or
network with an overwhelming volume of traffic or requests. The goal of a DDoS attack is
to disrupt the normal functioning of the targeted service, rendering it temporarily or
permanently unavailable to its users. DDoS attacks are more potent than traditional DoS
attacks because they leverage a distributed network of compromised computers, often
referred to as a botnet, to amplify the impact of the attack.

Components of a DDoS Attack:

1. Botnets:
A botnet is a network of compromised computers, often controlled by a central entity
known as the botmaster. These compromised systems, referred to as bots or zombies, are
used to carry out the DDoS attack.
Role in DDoS Attacks: The botnet is responsible for generating and sending the malicious
traffic to the target. The larger the botnet, the more powerful and difficult to mitigate the
DDoS attack becomes.

By- Kishor Dongare

 Network and Information Security (22620)

Command and Control (C&C) Servers:

These servers are used by the botmaster to control and coordinate the actions of the
botnet. The C&C servers issue commands to the bots, directing them to launch the
DDoS attack.
Role in DDoS Attacks: C&C servers facilitate communication between the botmaster and
the compromised systems in the botnet, orchestrating the attack.

2. Amplification Techniques:
DDoS attackers often use amplification techniques to increase the volume of malicious
traffic, making the attack more potent.
Example: DNS amplification, where small DNS queries result in larger responses, thus
amplifying the amount of traffic sent to the target.

Types of DDoS Attacks:

1. Volumetric Attacks:
Overwhelms the target with a massive amount of traffic, saturating the available bandwidth
and resources.
Example: UDP flood, ICMP flood, and DNS amplification attacks.

2. Protocol Attacks:
Exploits vulnerabilities in network protocols to consume server resources or disrupt
communication.
Example: SYN/ACK flood, Ping of Death, and fragmented packet attacks.

3. Application Layer Attacks:

Targets specific applications or services, exploiting weaknesses to exhaust server
resources.
Example: HTTP/HTTPS flooding, Slowloris, and DNS reflection attacks.

Prevention and Preparedness:

1. Regular Security Audits:

Conducting regular security audits to identify and address vulnerabilities in the network.

2. Incident Response Planning:

Developing and implementing an incident response plan to efficiently address and mitigate
the impact of a DDoS attack.

3. Collaboration with ISPs:

Establishing relationships with Internet Service Providers (ISPs) to quickly implement
traffic filtering and mitigation measures during a DDoS attack.

By- Kishor Dongare

Network and Information Security (22620)

DoS DDoS
DoS Stands for Denial of service attack. DDoS Stands for Distributed Denial of
service attack.
In Dos attack single system targets the In DDoS multiple systems attack the
victim system. victim’s system.
Victim’s PC is loaded from the packet of Victim PC is loaded from the packet of data
data sent from a single location. sent from Multiple locations.
Dos attack is slower as compared to A DDoS attack is faster than Dos Attack.
DDoS.
Can be blocked easily as only one system It is difficult to block this attack as multiple
is used. devices are sending packets and attacking
from multiple locations.
In DOS Attack only a single device is In a DDoS attack, The volumeBots are used
used with DOS Attack tools. to attack at the same time.
DOS Attacks are Easy to trace. DDOS Attacks are Difficult to trace.
Types of DOS Attacks are: Types of DDOS Attacks are:
1. Buffer overflow attacks Volumetric Attacks
2. Ping of Death or ICMP flood Fragmentation Attacks
3. Teardrop Attack Application Layer Attacks
4. Flooding Attack Protocol Attack.

3 Backdoors and trapdoors:

Backdoors and trapdoors are both terms used in the context of network and information
security, referring to unauthorized access points or mechanisms that may compromise the
security of a system. While they share similarities, they have distinct characteristics.

Backdoors:
A backdoor is a secret or hidden method of bypassing normal authentication or encryption
to gain unauthorized access to a system. Backdoors can be intentionally created by software
developers for legitimate reasons, such as providing remote access for system maintenance
or troubleshooting. However, they become security risks when discovered or exploited by
malicious actors. Here are key aspects of backdoors:

1. Intentional Backdoors:
Developers may create intentional backdoors during the development process for
debugging, maintenance, or administrative purposes.
Risk: If these intentional backdoors are not properly secured or if their existence is not
documented, they can become potential entry points for attackers.

2. Malicious Backdoors:
Backdoors can also be introduced maliciously by attackers to provide unauthorized access
to a system, often after compromising it through vulnerabilities or exploiting weak security
measures.
Risk: Malicious backdoors can be used by attackers to maintain persistent access to a
system, exfiltrate data, or launch further attacks.

By- Kishor Dongare

 Network and Information Security (22620)

3. Detection and Prevention:

Detection: Identifying backdoors involves thorough security audits, vulnerability
assessments, and monitoring for unusual network or system behavior.

Prevention: Regular security updates, access controls, and encryption help prevent the
installation and exploitation of backdoors. Employing intrusion detection and prevention
systems can also aid in detecting suspicious activities.

Trapdoors:
A trapdoor, in the context of security, is a hidden entry point into a system that is
intentionally inserted for authorized access. Unlike a backdoor, a trapdoor is typically
known to a limited group of individuals, such as system administrators or developers, and
is intended for specific, legitimate purposes. Here are key aspects of trapdoors:

1. Intentional Design:
Trapdoors are intentionally designed and implemented by system developers for specific,
authorized access purposes.
Examples: A software developer might include a trapdoor to allow access for
troubleshooting or debugging without requiring full authentication.

2. Limited Access:
Trapdoors are meant for authorized personnel and are not intended for general or malicious
use.
Risk: If knowledge of a trapdoor falls into the wrong hands, it can be exploited for
unauthorized access, turning it into a potential security threat.

3. Security and Access Controls:

Security: Trapdoors should be securely implemented, documented, and known only to
authorized personnel.
Access Controls: Access controls, such as strong authentication mechanisms and strict
permissions, should be in place to limit access to the trapdoor.

4 Sniffing:
In the context of network and information security, "sniffing" refers to the unauthorized
interception and monitoring of network traffic, with the goal of capturing and analyzing
data as it passes through the network. Sniffing can be a significant security threat because
it allows attackers to gather sensitive information, such as usernames, passwords, and other
confidential data, by eavesdropping on the communication between devices.

Here are the key aspects of sniffing in network and information security:

1. Packet Sniffing:
Sniffers are tools or devices that capture and analyze packets of data as they travel over a
network. Packet sniffing can be performed using hardware or software-based solutions.
Goals: Attackers use packet sniffing to extract sensitive information, gain insights into
network behavior, or identify vulnerabilities.

By- Kishor Dongare

 Network and Information Security (22620)

2. Methods of Sniffing:
Passive Sniffing:
The sniffer passively captures and analyzes data without actively sending any packets on
the network.
Example: Monitoring network traffic using tools like Wireshark without actively injecting
new packets.

Active Sniffing:
The sniffer actively injects packets into the network to gain additional information or
manipulate ongoing communication.
Example: Address Resolution Protocol (ARP) spoofing to redirect traffic through the
attacker's system.

5 Spoofing:
Spoofing in network and information security refers to the act of falsifying information to
deceive systems, devices, or users. This manipulation often involves creating fake identities
or altering data to appear legitimate, with the goal of gaining unauthorized access,
bypassing security measures, or conducting fraudulent activities. Spoofing attacks can
target various layers of the network, from the physical layer to the application layer.
Here are some common types of spoofing attacks:

1. IP Spoofing:
IP spoofing involves manipulating the source address in the header of an IP packet to make
it appear as if it comes from a trusted source.
Goals: Attackers use IP spoofing to bypass access controls, launch DoS attacks, or conduct

By- Kishor Dongare

Network and Information Security (22620)

reconnaissance without being detected easily.

2. Email Spoofing:
Email spoofing involves forging the sender's address in an email to make it appear as if it
comes from a trustworthy source.
Goals: Attackers may use email spoofing for phishing attacks, spreading malware, or
tricking recipients into divulging sensitive information.

3. DNS Spoofing:
DNS spoofing (or DNS cache poisoning) involves corrupting or injecting false DNS data
into the cache of a DNS resolver.
Goals: Attackers can redirect users to malicious websites, intercept communication, or
conduct man-in-the-middle attacks.

4. MAC Address Spoofing:

MAC address spoofing involves changing the hardware address (MAC address) of a
network interface to impersonate another device.
Goals: Attackers use MAC address spoofing to evade network filters, gain unauthorized
access, or conduct network reconnaissance.

5. Caller ID Spoofing:
Caller ID spoofing involves falsifying the information displayed on a recipient's caller ID
display.
Goals: Often used in voice phishing (vishing) attacks, where attackers pretend to be
someone else to trick individuals into revealing sensitive information.

By- Kishor Dongare

 Network and Information Security (22620)

6. Website Spoofing (Phishing):

Spoofed websites imitate legitimate sites to trick users into providing login credentials,
personal information, or financial details.
Goals: Phishing attacks aim to steal sensitive information for identity theft, financial fraud,
or unauthorized access.

7. SMS Spoofing:
SMS spoofing involves falsifying the sender's information in a text message to appear as if
it comes from a different source.
Goals: Attackers may use SMS spoofing for social engineering, spreading malware via
links, or conducting phishing attacks.

Mitigation Strategies:

1. Use of Encryption:
Encrypting communication channels helps protect against data interception and man-in-
the-middle attacks, making it harder for attackers to spoof data.

2. Authentication Mechanisms:
Implement strong authentication methods, such as two-factor authentication (2FA), to
verify the identity of users and devices.

3. Packet Filtering and Firewalls:

Employ packet filtering rules and firewalls to detect and block spoofed IP addresses or
traffic that does not adhere to expected patterns.

4. DNS Security Measures:

Implement DNS Security Extensions (DNSSEC) to enhance the integrity of DNS data and
prevent DNS spoofing attacks.

6 Man in the Middle:

A Man-in-the-Middle (MitM) attack is a type of cyber attack in network and information
security where an unauthorized third party intercepts and potentially alters the
communication between two parties without their knowledge or consent. The attacker
positions themselves between the communicating parties, acting as an intermediary and
gaining the ability to eavesdrop on, capture, or manipulate the data being transmitted. MitM
attacks can occur at various communication layers, from the physical layer to the
application layer, and they pose a serious threat to the confidentiality and integrity of the
information being exchanged.

Key Aspects of Man-in-the-Middle Attacks:

1. Interception of Communication:
The attacker intercepts the communication between two parties, such as a user and a
website, a client and a server, or two devices on a network.
Goals: The primary goal is to capture sensitive information, including login credentials,
financial data, or confidential communications.
2. Eavesdropping:
The attacker secretly listens to the communication, often without the knowledge of the
legitimate parties involved.
Goals: Eavesdropping allows the attacker to gather information without alerting the
victims, enabling them to steal sensitive data.

By- Kishor Dongare

Network and Information Security (22620)

3. Data Tampering:
In some MitM attacks, the attacker may modify the data being transmitted between the
parties.
Goals: Data tampering can lead to the manipulation of information, potentially causing
harm or facilitating fraudulent activities.

4. Injection of Malicious Content:

The attacker may inject malicious content into the communication flow, such as malware,
phishing links, or malicious scripts.
Goals: Malicious content injection can lead to the compromise of systems, the installation
of malware, or the redirection of users to fraudulent websites.

Common Techniques Used in MitM Attacks:

1. ARP Spoofing (Address Resolution Protocol):
The attacker sends forged ARP messages to associate their MAC address with the IP
address of a legitimate device on the network, diverting traffic through their system.
Goals: Allows the attacker to intercept and manipulate network traffic.

2. DNS Spoofing:
The attacker manipulates the DNS (Domain Name System) responses to redirect users to
malicious websites by providing false IP address mappings.
Goals: Redirects users to phishing sites or malicious servers controlled by the attacker.

3. SSL Stripping:
The attacker downgrades a secure HTTPS connection to an unsecured HTTP connection,
allowing them to intercept and view the unencrypted traffic.
Goals: Enables the interception of sensitive data, such as login credentials.

4. Session Hijacking:
The attacker steals or hijacks an established session between two parties, gaining
unauthorized access.
Goals: Allows the attacker to impersonate a legitimate user and perform actions on their
behalf.

By- Kishor Dongare

 Network and Information Security (22620)

7 Replay:
A replay attack is a type of cyber attack in network and information security where an
attacker intercepts and maliciously retransmits data that was previously captured during a
legitimate communication session. The term "replay" indicates that the attacker replays the
intercepted data to gain unauthorized access or achieve some malicious objective. Replay
attacks can occur in various contexts, including network protocols, authentication systems,
and cryptographic protocols. The primary goal of a replay attack is to reuse valid data to
deceive a system, application, or user.

Key Aspects of Replay Attacks:

1. Capturing Data:
The attacker intercepts data packets or authentication tokens during a legitimate
communication session.
Goals: Capture data that can be reused to impersonate a legitimate user or gain
unauthorized access to a system.

2. Malicious Repetition:
The attacker replays the captured data at a later time or in a different context.
Goals: Use the replayed data to deceive the target system into accepting the repeated
information as if it were a legitimate request.

Examples of Replay Attacks:

1. Network Protocol Replay:
An attacker intercepts and replays network protocol messages to exploit vulnerabilities or
manipulate system behavior.
Example: Replaying intercepted network messages to gain unauthorized access to a server.

2. Authentication Token Replay:

The attacker captures authentication tokens (e.g., session tokens) and replays them to gain
access to a user's account without valid credentials.
Example: Replaying a captured session token to impersonate a user and access a protected
resource.

Mitigation Strategies for Replay Attacks:

1. Timestamps and Nonces
2. Sequence Numbers
3. One-Time Passwords (OTPs)
4. Challenge-Response Mechanisms

By- Kishor Dongare

 Network and Information Security (22620)

TCP/IP Hacking:

TCP/IP hacking refers to the exploitation of vulnerabilities or weaknesses in the

Transmission Control Protocol/Internet Protocol (TCP/IP) suite, which is the fundamental
set of protocols that enables communication on the Internet. The TCP/IP stack comprises
multiple protocols, each with its own set of rules and functions. Hackers may target
vulnerabilities within these protocols to gain unauthorized access, intercept data, or disrupt
network communication. Here are some
key aspects of TCP/IP hacking in network and information security:

1. Common TCP/IP Hacking Techniques:

a. IP Spoofing:
Attackers manipulate the source IP address in packets to make it appear as if the data is
coming from a trusted source.
Goals: IP spoofing can be used to bypass access controls, launch DoS attacks, or conduct
reconnaissance.

b. TCP Session Hijacking:

Attackers intercept and take control of an established TCP session between two parties.
Goals: Session hijacking allows attackers to impersonate users, gain unauthorized access,
or manipulate communication.

c. SYN/ACK Spoofing:
Attackers send forged SYN/ACK packets to establish a fake connection with a server.
Goals: SYN/ACK spoofing can be used to manipulate TCP connections, leading to
unauthorized access or denial of service.

d. TCP Sequence Number Prediction:

Attackers attempt to predict TCP sequence numbers to gain unauthorized access to ongoing
communication.
Goals: Predicting sequence numbers can lead to session hijacking or data interception.

• Encryption Attacks:
Encryption is a fundamental aspect of network and information security, used to protect
sensitive data from unauthorized access by converting it into a format that is difficult to
decipher without the appropriate decryption key. However, encryption, like any security
measure, is not immune to attacks. Encryption attacks aim to undermine the confidentiality
and integrity provided by encryption mechanisms, and attackers employ various techniques
to achieve this. Here are some common encryption attacks in network and information
security:

By- Kishor Dongare

Network and Information Security (22620)

1.5 Operating System Security:

Operating system (OS) security is a critical aspect of network and information security, as
the operating system serves as the foundation for all computing activities and provides a
platform for running applications. A secure operating system is essential to protect against
various threats, vulnerabilities, and attacks that could compromise the confidentiality,
integrity, and availability of information. Here are key considerations for ensuring
operating system security in the context of network and information security:

1. User Authentication and Authorization:

User Authentication:
Implement strong user authentication mechanisms, including passwords, biometrics, or
multi-factor authentication (MFA), to ensure that only authorized users can access the
system. Regularly update and patch authentication systems to address vulnerabilities.

User Authorization:
Enforce the principle of least privilege, ensuring that users have the minimum necessary
permissions to perform their tasks. Regularly review and audit user access rights to prevent
unauthorized access.

2. Access Controls:
Implement access controls at the file system, registry, and network levels to restrict access
to sensitive resources.
Use role-based access control (RBAC) to manage and assign permissions based on job roles
and responsibilities.

3. Patch Management:
Regularly update and apply security patches to the operating system to address known
vulnerabilities and mitigate the risk of exploitation.
Establish a formal patch management process to ensure timely and systematic updates.

4. Security Configurations:
Configure the operating system securely by disabling unnecessary services, limiting
network ports, and removing or disabling unnecessary user accounts.
Follow security best practices and guidelines provided by the operating system vendor.

5. Logging and Monitoring:

Enable and regularly review system logs to detect and respond to security incidents.
Implement intrusion detection and prevention systems to monitor network and system
activities for signs of malicious behavior.

6. Encryption:
Use encryption to protect sensitive data at rest and in transit. Full disk encryption helps
safeguard data in case of physical theft or unauthorized access.
Implement protocols like HTTPS for secure communication over the network.

7. Anti-Malware and Antivirus:

Deploy reputable antivirus and anti-malware solutions to detect and remove malicious
software.
Regularly update antivirus signatures and perform system scans to identify and eliminate
threats.

By- Kishor Dongare

By- Kishor Dongare

Network and Information Security (22620)

8. Firewalls:
Enable and configure firewalls to control incoming and outgoing network traffic,
preventing unauthorized access and protecting against network-based attacks.
Regularly review and update firewall rules to align with security policies.

1. Hotfix:
A hotfix is a small, targeted update designed to address a specific problem or issue in the
operating system. It is typically released quickly to resolve urgent matters without requiring
a full system update.
Purpose: Urgent Fixes, Minimal Disruption

2. Patch:
A patch is a broader update that includes fixes for multiple issues, addressing
vulnerabilities, bugs, and improving overall system performance. Patches are more
comprehensive than hotfixes but are still smaller than service packs.
Purpose: Bug Fixes, Enhancements, Regular Maintenance

3. Service Pack:
A service pack is a more significant and comprehensive update that integrates a collection
of hotfixes, patches, security updates, and new features. Service packs are less frequent but
more substantial than hotfixes or patches.
Purpose: Cumulative Updates, Feature Additions, Stability and Reliability

Considerations for Applying Updates:

1. Testing: Before applying updates, especially service packs, it's essential to test them in
a controlled environment to ensure compatibility with existing applications and hardware.

2. Backup: Always perform a complete backup of critical data before applying updates to
mitigate the risk of data loss or system instability.

3. Rollback Plans: Have a rollback plan in place in case an update causes unexpected
issues. This plan may involve reverting to a previous system state or uninstalling specific
updates.

4. Vendor Guidance: Follow the guidance provided by the operating system vendor for
applying updates. Vendors often provide documentation on the update process and any
considerations specific to their software.

5. Security Policies: Ensure that the organization's security policies mandate the timely
application of updates to address security vulnerabilities and maintain a secure computing
environment.

By- Kishor Dongare

Network and Information Security (22620)

1.6 Information:
In the context of network and information security, "information" refers to data that is
processed, stored, transmitted, or communicated within an information system. This data
can take various forms, including text, images, audio, video, and more. Information is a
fundamental asset for organizations, and protecting it is a central focus of security
measures. The three main aspects associated with information in the context of network
and information security are:

1. Confidentiality: Confidentiality ensures that information is

accessible only to authorized individuals or entities and is protected from
unauthorized access or disclosure.

2. Integrity: Integrity ensures that information is accurate, unaltered,

and remains unchanged during processing, storage, or transmission.

3. Availability:
Availability ensures that information is accessible and usable by authorized individuals or
systems when needed.

Key Concepts Related to Information Security:

1. Sensitive Information: Certain types of information are considered sensitive due to their
nature or potential impact if compromised. This may include personal identifiable
information (PII), financial data, intellectual property, or classified information.

2. Data Classification: Organizations often classify information based on its sensitivity,

assigning labels such as public, internal use, confidential, or restricted. This classification
helps in applying appropriate security controls.

3. Data Encryption: Encryption is a technique used to convert information into a coded

format that can only be deciphered by authorized individuals who possess the decryption
key. This helps protect the confidentiality of sensitive data.

4. Access Controls: Access controls restrict and manage the permissions granted to
individuals or systems, ensuring that only authorized users have the right level of access to
specific information.

5. Data Loss Prevention (DLP): DLP solutions are designed to prevent unauthorized
access, sharing, or transmission of sensitive information outside the organization, helping
to maintain confidentiality.

6. Data Backup and Recovery: Regularly backing up information and having a robust
recovery plan in place ensures that data can be restored in case of accidental deletion,
corruption, or other incidents, supporting the principles of integrity and availability.

By- Kishor Dongare

Network and Information Security (22620)

• Need and Importance of Information:

The need and importance of information in network and information security are
foundational to the operation, success, and survival of organizations in the digital age.
Information is a critical asset that holds value for individuals, businesses, and governments.
Understanding the significance of information in the context of network and information
security is crucial for implementing effective security measures. Here are key aspects
highlighting the need and importance of information security:

1. Confidentiality:
Need: Information often includes sensitive data such as personal, financial, or proprietary
information. Protecting the confidentiality of this data is essential to prevent unauthorized
access and disclosure.
Importance: Breaches of confidentiality can lead to financial losses, reputational damage,
legal consequences, and loss of trust from customers and partners.

2. Integrity:
Need: Ensuring the integrity of information is crucial to prevent unauthorized
modifications, alterations, or tampering of data. Reliable and accurate information is vital
for decision-making processes.
Importance: Compromised integrity can lead to misinformation, financial fraud, and
operational disruptions, impacting the overall trustworthiness of the information.

3. Availability:
Need: Information needs to be accessible and usable when required. Denial of access,
disruptions, or downtime can have severe consequences on business operations.
Importance: Ensuring the availability of information is critical for maintaining operational
continuity, providing services to customers, and supporting business processes.

4. Protection Against Cyber Threats:

Need: The digital landscape is rife with cyber threats such as malware, phishing,
ransomware, and more. Information security is essential for safeguarding against these
threats.
Importance: Cybersecurity measures protect information from unauthorized access, data
breaches, and other malicious activities, reducing the risk of financial and reputational
damage.

5. Compliance and Legal Obligations:

Need: Organizations are subject to various laws and regulations governing the protection
of sensitive information. Compliance with these legal obligations is mandatory.
Importance: Failure to comply with data protection laws can result in legal consequences,
fines, and damage to an organization's reputation. Information security helps meet
compliance requirements.

6. Business Continuity:
Need: Information security is vital for ensuring the continuity of business operations.
Unforeseen events, such as cyberattacks or natural disasters, can disrupt services.
Importance: Robust information security measures help organizations prepare for and
respond to disruptions, minimizing downtime and ensuring business continuity.

By- Kishor Dongare

Network and Information Security (22620)

• Need of Information Classification:

1. Prioritize Protection: Identify and allocate security measures based on data sensitivity.
2. Risk Management: Apply appropriate controls to minimize risks.
3. Regulatory Compliance: Meet legal requirements by safeguarding sensitive
information.
4. Resource Optimization: Efficiently allocate resources to protect critical data.
5. Customized Security: Tailor security measures to align with the value and importance
of specific information.

• Criteria for Information Classification:

Information classification involves categorizing data based on its sensitivity and
importance. Several criteria help determine how information should be classified in
network and information security. Here are six important criteria:

1. Sensitivity: Assess the level of sensitivity or confidentiality associated with the

information. Classify data as public, internal, confidential, or restricted.

2. Legal and Regulatory Requirements: Consider legal obligations and industry

regulations that mandate specific protection levels for certain types of information. Ensure
compliance with laws like GDPR, HIPAA, or industry-specific standards.

3. Value and Importance: Evaluate the strategic, financial, or operational importance of

the information to the organization. Critical assets may require higher classification levels.

4. Access Controls: Examine the access requirements for the information. Classify data
based on who should have access, enforcing the principle of least privilege.

5. Data Ownership: Identify the business units or individuals responsible for the data.
Classify information according to ownership, which helps define accountability and
responsibility.

6. Data Lifecycle: Consider where the data resides in its lifecycle (creation, storage,
transmission, disposal). Different stages may require different classification levels,
ensuring consistent protection throughout the data's lifecycle.

• Security:
Security in network and information security involves implementing measures to safeguard
data, systems, and communication channels from unauthorized access, disclosure,
alteration, and destruction. It encompasses technologies, policies, and practices to protect
against cyber threats, ensuring the confidentiality, integrity, and availability of information
in digital environments.

Need of Security:
1. Confidentiality
2. Integrity
3. Availability
4. Protection Against Cyber Threats
5. Compliance and Legal Obligations
6. Business Continuity
7. User Trust and Confidence
8. Innovation and Research

By- Kishor Dongare

 Network and Information Security (22620)

Basic Principle of Information Security:

1. Confidentiality:
The main essence of this feature lies in the fact that only the authorized personnel should
be allowed the access to the data and system. The unauthorized individuals must be kept
away from the information. This is ensured by checking the authorization of every
individual who tries to access the database. For e.g. An organization’s administration
must not be allowed to access the private information of the employees.

2. Integrity:
Integrity is ensured when the presented data is untouched or rather, is not altered by any
unauthorized power. The information thus can be referred with the eyes closed. The
integrity of the information can be altered in either unintentional or intentional ways.
Intentionally, information can be passed through malicious content by any individual.
Rather, unintentionally, any authorized individual might himself hamper the information
for example, he might delete any specific important part of information.

3. Availability:
This feature means that the information can be accessed and modified by any authorized
personnel within a given time frame. The point here to be noted is that the accessibility
of the information is limited. The time frame within which it can be accessed is different
for every organization.

By- Kishor Dongare

Network and Information Security (22620)

By- Kishor Dongare