UNIT I

Network and Information security Fundamentals

Network and Information security Fundamentals: Network Basics, Network Components,
Network Types, Network Communication Types, Introduction to Networking Models, Cyber
Security Objectives and Services, Other Terms of Cyber Security, Myths Around Cyber
Security, Myths Around Cyber Security, Recent Cyber Attacks, Generic Conclusion about
Attacks, Why and What is Cyber Security, Categories of Attack
Network Basics
 A network can be defined as a group of computers and other devices connected in
some ways so as to be able to exchange data.
 Each of the devices on the network can be thought of as a node; each node has a
unique address.
 Networks are made up of various devices—computers, switches, routers—connected
together by cables or wireless signals.
 Fundamentals of networks are as follows:
1. Clients and servers—how services such as e-mail and web pages connect using
networks.
2. IP addresses—how devices on a network can be found.
3. Network hubs, switches and cables—the hardware building blocks of any network.
4. Routers and firewalls—how to organize and control the flow of traffic on a network.
Client and Servers:
An important relationship on networks is that of the server and the client. A server is a
computer that holds content and services such as a website, a media file. A good example of a
server is the computer that holds the website for Google’s search page:
http://www.google.com.
A client is a different computer, such as your laptop or cell phone, that requests to
view, download, or use the content. The client can connect over a network to exchange
information. For instance, when you request Google’s search page with your web browser,
your computer is the client.
IP Addresses
In order to send and direct data across a network, computers need to be able to
identify destinations and origins. This identification is an IP—Internet Protocol—address. An
IP address is just a set of four numbers between 1 and 254, separated by dots. An example of
an IP address is 173.194.43.7.
There are different classifications, or types of IP addresses. A network can be public,
or it can be private. Public IP addresses are accessible anywhere on the Internet. Private IP
addresses are not, and most are typically hidden behind a device with a public IP address.
Network Hubs and Switches
Computers are connected to each other using cables—creating a network. The cable
used most often is Ethernet, which consists of four pairs of wires inside of a plastic jacket. It
is physically similar to phone cables, but can transport much more data.
A network using a hub can slow down if many computers are sending messages, they
send messages at the same time and confuse the hub. To help with this problem, networks
began to use another device called a switch. Instead of repeating all messages that come in, a
switch only sends the message to the intended destination. This eliminates the unnecessary
repetition of the hub.
Routers and Firewalls
Routers do the majority of the hard work on a network - they make the decisions about all the
messages that travel on the network, and whether to pass messages to and from outside
networks. There are three main functions:
 Separate and Bridge: Routers separate networks into sections, or bridge different
networks together, the private network of 192.168.1 Street is bridged to the Internet
with a public IP address.

 Assign IPs: They can assign IP addresses. In the example of 192.168.1 Street, if a
new house is built on the street, it would get whatever the next highest house number
available. In the case of routers, they assign IP addresses using DHCP—Dynamic
Host Configuration Protocol.

 Firewall and Protect: They can filter messages or keep users out of private networks.
Most routers have a Firewall built in. This is a software function that keeps unwanted
messages from reaching the computers on the inside, or private part, of the network.

Network Components
Switches: Switches work as a controller which connects computers, printers, and other
hardware devices to a network in a campus or a building.
It allows devices on your network to communicate with each other, as well as with
other networks. It helps you to share resources and reduce the costing of any organization.
Routers: Routers help you to connect with multiple networks. It enables you to share a single
internet connection with multiple devices. This networking component acts as a dispatcher,
which allows you to analyze data sent across a network. It automatically selects the best route
for data to travel and send it on its way.
Servers: Servers are computers that hold shared programs, files, and the network operating
system. Servers allow access to network resources to all the users of the network.
Clients: Clients are computer devices which access and uses the network as well as shares
network resources. They are also users of the network, as they can send and receive requests
from the server.
Transmission Media: Transmission media is a carrier used to interconnect computers in a
network, such as coaxial cable, twisted-pair wire, and optical fibre cable. It is also known as
links, channels, or lines.
Access points: Access points allow devices to connect to the wireless network without
cables. A wireless network allows you to bring new devices and provides flexible support to
mobile users.
Hub: Hub is a device that splits network connection into multiple computers. It acts a
distribution centre so whenever a computer requests any information from a computer or
from the network it sends the request to the hub through a cable. The hub will receive the
request and transmit it to the entire network.

Network Types
LAN (local area network): A LAN connects computers over a relatively short distance,
allowing them to share data, files, and resources. For example, a LAN may connect all the
computers in an office building, school, or hospital. Typically, LANs are privately owned and
managed
WLAN (wireless local area network): A WLAN is just like a LAN but connections
between devices on the network are made wirelessly.
WAN (wide area network): As the name implies, a WAN connects computers over a wide
area, such as from region to region. The internet is the largest WAN, connecting billions of
computers worldwide.
MAN (metropolitan area network): MANs are typically larger than LANs but smaller than
WANs. Cities and government entities typically own and manage MANs
PAN (personal area network): A PAN serves one person. For example, if you have an
iPhone and a Mac, it’s very likely you’ve set up a PAN that shares and syncs content—text
messages, emails, photos, and more—across both devices
SAN (storage area network): A SAN is a specialized network that provides access to block-
level storage—shared network or cloud storage that, to the user, looks and works like a
storage drive that’s physically attached to a computer.
CAN (campus area network): A CAN is also known as a corporate area network. A CAN is
larger than a LAN but smaller than a WAN. CANs serve sites such as colleges, universities,
and business campuses
VPN (virtual private network): A VPN is a secure, point-to-point connection between two
network end points (see ‘nodes’ below). A VPN establishes an encrypted channel that keeps a
user’s identity and access credentials, as well as any data transferred, inaccessible to hackers
Network Communication Types
The pattern of contacts among the members of the organisation and flow of
information among them is communication network. The network depends upon the
magnitude of the organisation, nature of communication channels in the organisation and the
number of persons involved in the process. There can be many patterns of communication
network.
The most frequently followed networks are the following:
1. Vertical Network:
The vertical network is usually between the superior and subordinate and vice versa.
It is two-way communication. The immediate feedback is possible in this type of
communication network. It is formal network.

2. Circuit Network
In this type of network, two people or nodes will communicate with each other. One of
the nodes will produce messages and the other a feedback to the messages. The communication is
thus two people communicating with each other, sending messages and feedbacks and thus
forming a loop or a circuit.
3. Chain Network: This network of communication follows the organisational hierarchy and
chain of command. All subordinates receive commands or instructions from their superior. B,
C, D and E, F, G are the subordinates to A in the organisational hierarchy and receive
commands from ‘A’

4. Wheel Network: Here all subordinates receive commands from one superior. This is
highly centralized type of communication network where each subordinate receives
commands or instructions from a single authority or superior ‘A’ and wants the immediate
feedback.

5. Star Network: Star communication network all members of the group communicate with
each other and exchange information. This network is a must for group communication or
where teamwork is involved. This network channel of communication is open to all members
of the group. The members communicate with each other without hesitation.
Introduction to Networking Models
The networking model describes the architecture, components, and design used to
establish communication between the source and destination systems.There are 2
predominant models available.
1. Open Systems Interconnection (OSI) Model
2. Transmission Control Protocol/Internet Protocol (TCP/IP) Model

OSI Model
OSI stands for Open System Interconnect. It is an open standard for establishing
communication between systems.

Application Layer: The entire process begins at the end user’s device. This can be a phone,
laptop, server, etc. The application layer provides the interface for data exchange between the
program and the user. For example, Facebook’s web application/mobile application is the
interface through which we like, share, comment, and perform various other activities.
Presentation Layer: The presentation layer ensures the translation of characters from the
original format in the host system to the format of the receiving system. It also adds
encryption and decryption features. Data compression is handled at this layer.
Session Layer: The inclusion of this layer enables maintaining sessions during browsing.
This helps with implementing authentication, authorization, synchronization, and dialog
control.
Transport Layer: The Transport layer is responsible for the reliable transfer of data between
systems. It manages the communication session including flow control, ordering of
information, error detection, and recovery of data.
The Network layer: The Network layer owns the responsibility of delivering data between
different systems in different interconnected networks (internets).
The Data Link layer: The Data Link layer provides rules for sending and receiving data
between two connected nodes over a particular physical medium.
The Physical layer: The Physical layer defines the required hardware, such as cables and
interfaces, for a given medium of communication, such as electrical, radio frequency, and
light-based. In this way, methods for transmitting and receiving bit-streams of information
are defined.

The TCP/IP Network Model

The TCP/IP network model takes its name from two of its protocols, the Transmission
Control Protocol (TCP) and the Internet Protocol (IP).

It provides a five-layer representation of the TCP/IP Model. The lower four layers are
numbered identically to the lower four layers of the OSI-RM model.
Application Layer: In the TCP/IP Model, the Application layer encompasses the first three
layers in the OSI model, that is, Application layer, Presentation layer, and the Session Layer.
Transport Layer: This layer is the same as the one mentioned in the OSI model.
Transmission Control Protocol (TCP) is used in this model. TCP ensures reliability and helps
avoids congestion in networks.
Internet Layer
This layer parallels the functions of OSI’s Network layer. It defines the protocols which
are responsible for the logical transmission of data over the entire network. The main
protocols residing at this layer are as follows:
 IP: IP stands for Internet Protocol and it is responsible for delivering packets from
the source host to the destination host by looking at the IP addresses in the packet
headers.
  ICMP: ICMP stands for Internet Control Message Protocol. It is encapsulated
within IP datagrams and is responsible for providing hosts with information about
network problems.
 ARP: ARP stands for Address Resolution Protocol. Its job is to find the hardware
address of a host from a known IP address. ARP has several types: Reverse ARP,
Proxy ARP, Gratuitous ARP, and Inverse ARP.
The Application Layer
These applications are responsible for understanding the data format as well as
interpreting the data. Example applications include the Domain Name Service (DNS), the
Dynamic Host Configuration Protocol (DHCP), the Network File System (NFS), Samba,
electronic mail (e-mail), the file transfer protocol (FTP), and the telnet utility.
It is used to refer to a system that is capable of converting from one network protocol
stack to another, such as a system that is interconnected into both a TCP/IP network and a
Netware network. Gateway is often used to refer to a system that interconnects an internal
internetwork and an external network such as the Internet.

Information security
Technology has covered almost all sides of today’s world, from dusk to dawn, we are
engaged digitally. We are using Smartphone at home to meet all our daily needs, to making a
fund transfer, to ordering a refill of grocery, everything is just a click away.

A typical day at work place involves dealing with desktops/laptops connecting to

intranet/internet servers the customer paying the bill through Credit/Debit card. All these
transactions involve accessing the internet. Hence it becomes important that everyone is
aware of the risks involved in using digital data and its protection.

Cyber Security is the protection of internet-connected systems, including hardware,

software and data, from cyber-attacks. Here we will learn about various cyber-attacks, the
reasons behind such attacks and the guidelines to avoid them.

It is recommended that web application developers are aware of the Top 10 web
application mistakes suggested by OWASP (Open Web Application Security Project).
Cyber Security Objectives and Services
Each of these attacks violates a specific desired property of security. These properties
are termed as security objectives.

Security objectives are also known as security goals, characteristics of information

and information systems.

The three standard pillars (Security Objectives) of Cyber security are:

1. Confidentiality: Makes sure that data remains private and confidential. It should not be
viewed by unauthorized people through any means

2. Integrity: Assures that data is protected from accidental or any deliberate modification

3. Availability: Ensures timely and reliable access to information and its use.

These three principles are together called as the CIA (Confidentiality, Integrity and
Availability) a group. An alternate way of referring CIA is through DAD (Disclosure,
Alteration and Denial) a group.

Here are three more important concepts in information security to support these pillars
known as AAA (Authentication, Authorization and Accounting) services. These services are
used to support the CIA principles.

1. Authentication: Authentication is verifying an identity

2. Authorization: Authorization is determining whether a particular user is allowed to access

a particular resource or function

3. Accounting (Non-repudiation): Accounting includes two other components - auditing &

non-repudiation

Auditing is recording a log of activities of a user in a system

Accounting refers to reviewing the log file to check for violations and hold users answerable
to their actions. It includes non-repudiation
Other Terms of Cyber Security
Authentication: The process of identifying a user’s identity, making sure that they can have
access to the system and/or files. This can be accomplished either by a password, retina scan,
or fingerprint scan, sometimes even a combination of the above.
Firewall: Any technology, be it software or hardware, used to keep intruders out.
Antivirus Software: Antivirus software is designed to detect, prevent, and remove
malware infections on computers and other devices. By scanning files and
detecting suspicious activity, these programs help protect against cyber attacks
that could result in data breaches or stolen information.

Myths around Cyber Security

There are lot of myths that are commonly associated with Cyber Security which are very
different from the facts.
Myth 1: “Digital and physical security are separate systems”
Reality: Most physical devices such as Bio-metric systems, CCTV cameras, smart watches
etc. are connected and controlled digitally. Hackers can affect even physical infrastructure
causing catastrophic levels of damage to physical resources.
Myth 2: “Cyber security is just an IT issue”
Reality: Once data is digitized, it has to be protected whether it is in the data center or
employees’ mobile phone.
Myth 4: “Going back to paper minimizes risk.”
Reality: One can’t know if paper copies of data have been unlawfully copied or removed.
Myth 5: “Using antivirus software is enough.”
Reality: Hackers have found multiple ways to intrude into antivirus software and hide their
own attacks in a system, in many cases. With the advent of ransomware, the time frame from
infection to damage has become almost instantaneous.
Myth 6: “We have a firewall. We’re in good shape.”
Reality: Firewall is used to allow expected traffic in and restrict all remaining traffic. This is
done by creating Access Control Lists (ACL's). However, most cyber security assessments
depict that the greatest cyber threats are associated with the behavior of authorized users of
the systems allowed inside the firewall.
Recent Cyber Attacks

2016 Uber Attack

Uber’s CEO, DaraKhosrowshahi, stated that hackers stole personal data of nearly 57
million Uber users. This personal data included names, phone numbers, email addresses,
debit/credit card numbers of customers and also, license numbers of the drivers serving the
company.

Hackers hacked into Uber's account on GitHub(online software development

platform). GitHub is a site that many engineers and companies use to store code of IT
projects.

From Uber’sGitHub account, they found the username and password that gave access
to Ubers' data stored in a third party cloud server.Developers accidentally left the login
credentials in code which was uploaded to GitHub and hence, the hackers successfully got
access to the Uber’s server.

Uber faced lawsuits filed by many users as their personal data was leaked.

Uber allegedly paid $100,000 ransom to hackers to get the data deleted

2016 Bangladesh Bank Heist

On February 2016, hackers fraudulently (untrue) issued instructions via SWIFT

(Society for Worldwide Interbank Financial Telecommunication) network to withdraw US$
951 billion from the accounts of Bangladesh Bank(the central bank of Bangladesh) at the
Federal Reserve Bank of New York.

Five transactions were initiated by the hackers, totally worth $101 million.

Exploiting(make use of situation) on Bangladesh Central Bank’s security, the hackers

attempted to steal the money from Bangladesh central bank's account held with the Federal
Reserve Bank of New York.

The hackers were able to compromise(an agreement) Bangladesh Bank’s network.

They observed how the transfers were done and gained access to the bank's credentials for
payment transfers. Using these credentials, they authorized about thirty five requests to the
Federal Reserve Bank of New York to transfer funds from the Bangladesh Bank account to
accounts in Sri Lanka and Philippines.

Later, it was identified that they used a malware named Dridex to execute the attack.
This malware specializes in stealing bank credentials from Microsoft Word.Out of thirty five
transaction requests, five transactions were traced in which hackers had successfully managed
to transfer $20 million to Sri Lanka and $81 million to Philippines

Later, at the request of Bangladesh Bank, The Federal Reserve Bank of New York
blocked the remaining thirty transactions, amounting to $850 million

2016 Indian Debit Card Breach

Indian debit card breach (broken rule) took place in October 2016.It was estimated 3.2
million debit cards were compromised. Major Indian banks including SBI, HDFC, ICICI,
YES Bank and Axis Bank were among the worst hit.

Thebreach was not the result of direct attack on the banks instead it was due to a
malware injected in ATMs and Point-of-Sale (POS) terminals. The malware was injected into
the payment gateway network of Hitachi Payment Systems which facilitates a transaction
either from an ATM or an online payment gateway.

Complaints from customers on unauthorized debits were reported

Subsequently, resulted in one of the biggest card replacement drive in India's banking history

SBI announced the blocking and replacement of almost 600,000 debit cards

2017 WannaCryRansomware Attack

In May 2017, WannaCryransomware attack targeted computers with Windows

operating system by encrypting data and demanding ransom payments in the
Bitcoincryptocurrency.WannaCry propagated (an idea) through an exploit (named
EternalBlue) in systems having older versions of Windows. This exploit (a software tool) was
released by a hacker group named the Shadow Brokers a few months prior to the attack.

Microsoft had discovered this vulnerability (quality) and had released security updates
in April 2017 for all the windows versions (except Windows XP and Windows Server 2003)
to fix the exploit. The organizations that had not installed Microsoft's security update or were
using older Windows systems (Windows XP and Windows Server 2003) were affected by the
attack.

The attack was estimated to have affected more than 200,000 computers across 150
countries, with total damages ranging from hundreds of millions to billions of dollars.

One of the largest agencies affected by this attack was the National Health Service.

Up to 70,000 devices(including computers, MRI scanners, blood-storage refrigerators and

operation theatre equipment) belonging to hospitals in England and Scotland were affected

Generic Conclusion about Attacks

These examples show that the cyber-attacks are not limited to IT sector. Every
organization reliant on IT for pursuing their mission – education, government, military,
healthcare, retail etc needs to protect itself from such attacks.

Cyber-attacks have increased to such a large extent that even a minute flaw (mistake)
in the system can cost a lot as we have seen in some of the discussed attacks.

Hackers have keen interest in vulnerabilities existing in an organization or in any

information system. Carelessness of employees or organization is one of the main reasons
due to which a system becomes vulnerable.

Financial gain is one of the main motive behind these attacks but it is not the only
motive. Attacks might just happen to cause chaos (confusion) within the organization. In
some of the cases, hackers have hacked into the system just to pacify (excitement, anger)
their intellectual quest.

Why Cyber Security

Cyber-attacks are a great threat to global economy as well as to our personal data.

In 2015, a computer security group Veracode reported that defending UK businesses

against cyber-attacks and repairing the damage done by hackers costs businesses £34 billion
per year.

There are two important aspects that need to be protected:

1. Information: Customer's data, source code, design documents, financial reports, employee
records, intellectual property, etc

2. Information systems: Computers, Networks, cables etc

A good Cyber security approach plays a vital role in minimizing and controlling
damage, recovering from a Cyber-breach and its consequences.

What is Cyber Security?

Cyber Security is a set of techniques used to protect systems, networks, and

applications from attacks, damage or unauthorized access emerging from internet.These
attacks are usually aimed at accessing, changing, or destroying sensitive information;
extorting money from users; or interrupting normal business processes.

Categories of Attacks
1. Malware
2. Denial-of-Service (DoS) Attacks
3. Phishing
4. Spoofing
5. Code Injection Attacks
6. Supply Chain Attacks
7. DNS Tunneling
1. Malware: Malware is the most common type of cyber attack mostly because this term
surrounded many subsets such as ransomware, trojans, spyware, viruses, worms,
keyloggers, bots, cryptojacking, and any other type of malware attack that borrow
software in a intended way to do harm.
Ransom ware: In a ransomware attack, an adversary encrypts a victim’s data and offers to
provide a decryption key in exchange for a payment. Ransomware attacks are usually
launched through malicious links delivered.
Trojan: A trojan is malware that appears to be legitimate software disguised as native
operating system programs or harmless files like free downloads.
Spyware: Spyware is a type of unwanted, malicious software that infects a computer or other
device and collect information about user’s web activity without their knowledge.
2. Denial-of-Service (DoS) Attacks:A Denial-of-Service (DoS) attack targeted a network
with false requests in order to disrupt business operations.
In a DoS attack, users are unable to perform routine and necessary tasks, such as
accessing email, websites, online accounts or other resources that are operated by a
compromised computer or network. While most DoS attacks do not result in lost data
and are typically resolved without paying a ransom, they cost the organization time,
money and other resources in order to restore critical business operations.
3. Phishing : Phishing is a type of cyber-attack that uses email, SMS, phone, social
media, and social engineering techniques to share sensitive information — such as
passwords or account numbers — or to download a malicious file that will install viruses
on their computer or phone.
Vishing: Vishing is a voice phishing attack, the hackers use a phone calls and voice
messages pretending to be froma reputable organization to convince individuals to reveal
private information such as bank details and passwords.
SMiShing: SMiShing is the act of sending fraudulent text messages designed to trick
individuals into sharing sensitive data such as passwords, usernames and credit card numbers.
A smishing attack may involve cybercriminals pretending to be your bank or a shipping
service you use.
4. Spoofing: It is a technique through which a cybercriminal disguises themselves as a
trusted source. The adversary is able to engage with the target and access their systems
or devices with the goal of stealing information, extorting money or installing malware
or other harmful software on the device.
Domain Spoofing: Domain spoofing is a form of phishing where an attacker impersonates a
known business or person with fake website or email domain to fool people into the trusting
them. Typically, the domain appears to be legitimate at first glance, but a closer look will
reveal subtle differences.
5. Code Injection Attacks: Code injection attacks consist of an attacker injecting

malicious code into a vulnerable computer or network to change its course of action.

SQL Injection: A SQL Injection attack use system Quality to inject malicious SQL
statements into a data-driven application, which then allows the hacker to extract information
from a database. Hackers use SQL Injection techniques to alter, steal or erase application's
database data.
Cross-Site Scripting (XSS): Cross Site Scripting (XSS) is a code injection attack in which
an adversary inserts malicious code within a legal website. The code then launches as an
infected script in the user’s web browser, enabling the attacker to steal sensitive information
of the user. Web forums, message boards, blogs and other websites that allow users to post
their own content are the most susceptible to XSS attacks.
6. Supply Chain Attacks:A supply chain attack is a type of cyberattack that targets a trusted
third-party vendor who offers services or software vital to the supply chain. Software supply
chain attacks inject malicious code into an application in order to infect all users of an app.

7. DNS Tunneling: DNS Tunneling is a type of cyberattack that leverages domain name
system (DNS) queries and responses to bypass traditional security measures and transmit data
and code within the network.