Unit IV

Security Threats and Issues

 Syllabus
• Security Threats and Issues: Cyber crimes, Credit card
frauds/theft, Identity fraud, spoofing , sniffing, DOS and
DDOS attacks, Social network security Issues, Mobile
Platform Security issues, Cloud security issues
• Technology Solutions: Encryption :Secret Key
Encryption, Public Key Encryption, Digital Certificates
and public key infrastructure
• Securing channels: Secured Socket Layer (SSL),
Transport Layer Security(TLS) , Virtual Private Network
(VPN)
• Protecting Networks: Firewalls, Proxy Servers, Intrusion
detection and protection systems , Anti Virus software
 Cybercrime
• Cybercrime encompasses a wide range of criminal
activities that are carried out using digital
devices and/or networks.
• These crimes involve the use of technology to commit
fraud, identity theft, data breaches, computer viruses,
scams, and expanded upon in other malicious acts.
• Cybercriminals exploit vulnerabilities in computer
systems and networks to gain unauthorized access,
steal sensitive information, disrupt services, and cause
financial or reputational harm to individuals,
organizations, and governments.
 Credit card frauds/theft
• Credit card fraud is the unauthorized use of a debit
or credit card to make purchases or withdraw cash.
• A fraudster will obtain a victim’s credit card
details physically(CNP) or virtually(CP).
• The two main types of credit card fraud are:
– Application fraud: Illegally obtained credit card
information to open a new account in the victim’s
name
– Account takeover fraud: Criminal uses a victim’s
personal identifying information to take control of their
account and misappropriate funds
 IDENTITY FRAUD
• Involves the unauthorized use of another person’s personal
data for illegal financial benefit.
• Debit and credit card fraud are two of the most common types
of identity theft.
• When your card is stolen or someone gets your account
information, they can use it to make unauthorized charges.
• This can cause you to lose money and damage your credit
score.
• Examples:
– You receive bills or receipts for goods or services you haven't asked
for.
– You are refused financial services, credit cards or a loan, despite
having a good credit rating.
– You receive letters in your name from solicitors or debt collectors for
debts that aren't yours.
 Spoofing
• Spoofing can be used carry out phishing attacks, which are scams
to gain sensitive information from individuals or organizations.
• Types of spoofing:
– Email Spoofing: When an attacker uses an email message to trick a recipient
into thinking it came from a known and/or trusted source. These emails may
include links to malicious websites or attachments infected with malware, or
they may use social engineering to convince the recipient to freely disclose
sensitive information.
– Caller ID Spoofing: Attackers can make it appear as if their phone calls are
coming from a specific number—either one that is known and/or trusted to
the recipient, or one that indicates a specific geographic location.
– Website Spoofing: Website spoofing refers to when a website is designed to
mimic an existing site known and/or trusted by the user. Attackers use these
sites to gain login and other personal information from users.
– IP Spoofing: Attackers may use IP (Internet Protocol) spoofing to disguise a
computer IP address, thereby hiding the identity of the sender or
impersonating another computer system.
 Sniffing
• Sniffing involves monitoring data packets and recording
network activities.
• System or network administrators commonly employ
sniffers to troubleshoot network issues.
• However, hackers find sniffing to be a convenient
technique.
• Through sniffing, they can intercept sensitive data
packets containing valuable information such as
account credentials and passwords.
• Cybercriminals typically implant sniffer software within
the system to facilitate their illicit activities.
 DOS and DDOS attacks
DOS(Denial of service) Attack: It is a denial of service attack, in this
attack a computer sends a massive amount of traffic to a victim’s
computer and shuts it down.

• Dos attack is an online attack that is used to make the website

unavailable for its users when done on a website.
• This attack makes the server of a website that is connected to the
internet by sending a large number of traffic to it.

DDOS(Distributed Denial of Service) Attack: It means distributed

denial of service in this attack dos attacks are done from many
different locations using many systems.
DOS Vs. DDOS attacks:
 Social Network Service(SNS)
• A Social Network Service (SNS) is a kind of web service for establishing a
virtual connection between people with similar interests, backgrounds,
and activities.
• A SNS allows its users to find new friends and expand their circle of
friends.
• Data sharing is another key feature of a SNS where users are able to
share their interests, videos, photos, activities, and so on.
• In recent years, SNS such as Twitter and Facebook have become desired
media of communication for billions of online users.
• The major security issues in SNSs into four categories:
– (a) Privacy issues
– (b) Viral marketing
– (c) Network structural-based attacks
– (d) Malware attacks.
 Mobile Platform Security Issues
• Mobile security threats are essentially attacks intended to
steal data from mobile devices such as smartphones and
tablets.
• Malware or spyware is used to gain access to mobile
devices.
• From there, criminals can perform malicious acts ranging
from accessing contacts and making calls to stealing and
selling data, particularly location data, which is very
lucrative.
• In addition to affecting individual users, a breach could
allow attackers to gain access to login credentials for the
network of the user’s employer, potentially leading to a
large-scale leak of data.
 Types of Mobile Security threats
The four main categories of mobile security threats:
• App-based threats occur when users download malicious apps or fail to
check if it is safe to grant the app access to their device.
• Web-based threats happen when people visit websites that seem
legitimate and secure but that in reality download malicious content onto
their mobile devices. These threats can be particularly damaging, as they
can go largely unnoticed.
• Network threats most commonly work through free-to-use public Wi-Fi
connections, which can often be insecure. Some attackers will even set up
a fake Wi-Fi network, a technique known as Wi-Fi spoofing. They trick
users into using the compromised network, and they can then gain access
to the user’s device and credentials.
• Physical threats occur when the device is lost or stolen. If it falls into the
wrong hands and the device is not protected by a strong password, PIN, or
other form of protection, it is vulnerable to attack.
 Cloud Security Risks
• Unmanaged Attack Surface: An attack surface is your environment’s
total exposure. Attack surface can also include subtle information
leaks that lead to an attack.
• Human Error: 99% of all cloud security failures will be due to some
level of human error. Human error is a constant risk when building
business applications.
• Misconfiguration: Providers have different default configurations,
with each service having its distinct implementations and nuances.
• Data breaches: A data breach occurs when sensitive information
leaves your possession without your knowledge or permission.
Cloud misconfiguration and lack of runtime protection can leave it
wide open for thieves to steal.
Securing E-Commerce Transactions
1. Access Control & Authentication

2. Biometric System

3. Public Key Infrastructure(PKI)

4. Digital Signatures
1. Access Control & Authentication
-It determines who(person or machine) can legitimately use a
network resource & which resource he or she can use.
-A technique known as two factor authentication is used.
-It includes;

-Passive token- Storage devices that contain a secret code like plastic
card with magnetic strip or chip containing hidden code.

-Active tokens- Small stand alone electronic devices( e.g., smartcards,

USB dongles, etc.) that generates one-time password. The user enter a
PIN into the token and generates a password that is only good for a
single login.
 2. Biometric System
-Authentication system that identify a person by measurement of a
biological characteristics such as a finger prints, IRIS (EYE) patterns,
facial features or voice.
- There are 2 basic types of biometrics system:-
1. Physiological biometrics: Measurement derived from body parts
a. Finger Print Scanning
b. IRIS Scanning
2. Behavioral biometrics: Measurement derived from various actions
a. Voice Scanning
b. Keystroke Monitoring
 3. Public Key Infrastructure(PKI)
• PKI is based on encryption & various other technical components.
• Encryption is the process of transforming data in such a way that
it is difficult, expensive or time-consuming for an unauthorized
person to decrypt it.
• Encryption has 4 basic parts:-
– Plaintext- An unencrypted message in human-readable form.
– Cipher text- A plain text message after it has been encrypted into a
machine readable form.
– Encryption Algorithm- The mathematical formulae used to encrypt the
plain text into the cipher text & vice-versa.
– Key- the secret code used to encrypt and decrypt messages.
 PKI(Cont.)
There are 2 types of encryption systems like:-

1. Symmetric Private Key System

2. Asymmetric (Public) Encryption System

 PKI- Symmetric Private Key System
• In this the same key is used to encrypt & decrypt
the plain text.
• The sender and receiver of text must share the
same key without revealing it to anyone else.
• Example of standard symmetric encryption
algorithm supported by US government agencies
is Data Encryption Standard(DES).
• It is tough to guess a key simply by having a
computer try all of the encryption combination.
PKI- Symmetric Private Key System
 PKI- Asymmetric Public Key System
• In this a pair of matched keys are used to encrypt
& decrypt the plain text.
• A Public key is publically available to anyone.
• A Private key is known only to its users.
• If a message is encrypted by a public key then
the associated private key is required to decrypt
it.
• Example of standard asymmetric encryption
algorithm is RSA( Rivest, Shamir and Adleman)
PKI- Asymmetric Public Key System
 4. Digital Signatures
• Digital signatures are electronic equivalent of
the person’s personal signatures that can’t be
copied.
• Digital signatures are the public-key primitives
of message authentication.
• It is a technique that binds a person/entity to
the digital data.
• Digital signature is a cryptographic value that
is calculated from the data and a secret key
known only by the signer.
 Digital Signatures(C)
Signing using Digital Signature
Step 1: The sender create the email message with the contract on it.
Step 2: Using special software a mathematical computation known
as hash function is applied to the message which results in a
special summary of the message, converted into string of
digits known as message digest.
Step 3: The sender uses his/her private key to encrypt the hash, this
is the sender’s digital signature.
Step 4: The sender encrypt both the original message and the digital
signature using the recipient’s public key. This is known as
digital envelop.
Step 5: The sender emails the digital envelop to the receiver.
 Digital Signatures(C)
Receiving and verifying Digital Signature:
Step 1: The receiver uses his/her private key to open the digital envelop.
This produces the copy of the message & sender’s digital signature.
Step 2: The receiver uses sender’s public key to decrypt the digital
signatures, resulting in a copy of original message digest.
Step 3: Using the same hash function employed in step 2 the recipient then
creates a message digest from the decrypted message.
Step 4: The recipient compares this digest with the original message digest.
Step 5: If the 2 digest matches then the recipient concludes that the
message if authentic.

When the message arrives at the receiving end, the receiver would use the
sender’s public key to decrypt the digital signature, thus restoring the
original hash of the message. The receiver can then verify the integrity of
the message by hashing the message again and comparing the two
hashes.
Digital Signature
Digital Signature
 Digital Certificates
Digital certificates, also known as public key certificates or identity certificates, are
crucial components of modern digital security infrastructure. They are used to
establish the authenticity of digital entities such as websites, servers, or
individuals. Here's a breakdown of how they work:
• Issuance: Digital certificates are issued by trusted entities known as Certificate
Authorities (CAs). These authorities verify the identity of the entity requesting
the certificate, ensuring they are who they claim to be.
• Content: A digital certificate typically contains several pieces of information,
including:
– Public key: This is the key used for encryption and decryption. It's paired with a
private key, which is kept secret by the entity that owns the certificate.
– Identity information: This includes details about the entity or individual the
certificate is issued to, such as their name, organization, and email address.
– Expiry date: Certificates have a limited validity period, after which they expire and
need to be renewed.
– Issuer information: Information about the CA that issued the certificate.
– Digital signature: A cryptographic signature generated by the CA, which ensures the
integrity of the certificate and confirms that it hasn't been tampered with.
 Digital Certificates
• Validation: When a digital certificate is presented, such as
when accessing a website secured with HTTPS, the
recipient (e.g., a web browser) verifies the certificate's
authenticity. This involves several steps:
– Checking the digital signature: The recipient verifies that the
digital signature on the certificate is valid and matches the
public key of the CA.
– Ensuring the certificate is not expired or revoked: The recipient
checks the certificate's validity period and may consult a
Certificate Revocation List (CRL) or Online Certificate Status
Protocol (OCSP) responder to ensure it hasn't been revoked.
– Verifying the identity: The recipient confirms that the identity
information in the certificate matches the entity it claims to
represent.
 Securing Network
Securing a network involves implementing various
measures to protect it from unauthorized access, misuse,
modification, or denial of service. Here's a rundown of key
steps and strategies:

• Firewalls
• Encryption
• Access Control
• Network Segmentation
• Intrusion Detection and Prevention Systems (IDPS)
• Regular Updates and Patch Management
• Antivirus and Anti-malware Software
 Secure Socket Layer(SSL)
• Secure Sockets Layer (SSL) is a cryptographic protocol that ensures
secure communication over a computer network, typically the internet.
• It provides encryption, integrity, and authentication, thereby
safeguarding the confidentiality and integrity of data transmitted
between a client and a server.
• SSL protocols are widely used to secure sensitive data transmissions,
such as login credentials, credit card numbers, and personal
information.
• SSL operates by establishing a secure connection between a client (e.g.,
a web browser) and a server (e.g., a website) through a process called
the SSL handshake.
• During this handshake, the client and server agree on encryption
algorithms and exchange digital certificates to authenticate each other's
identities.
• Once the handshake is completed, data exchanged between the client
and server is encrypted, protecting it from interception or tampering by
unauthorized parties.
 Transport Layer Security(TLS)
• The transport layer of the OSI model, sitting above the TCP layer.
• It's commonly used in web browsing, email communication, messaging
applications, and any other service that requires secure communication over a
network.
• Here are some key aspects of TLS:
– Encryption: TLS encrypts data exchanged between the client and the server.
This encryption ensures that even if the data is intercepted, it cannot be
understood by unauthorized parties.
– Authentication: TLS provides mechanisms for both the client and the server
to authenticate each other. This helps in ensuring that the communication is
indeed happening with the intended parties and not with imposters.
– Integrity: TLS guarantees the integrity of the data being transmitted. It uses
cryptographic hash functions to detect if the data has been tampered with
during transmission.
– Compatibility: TLS is widely supported by web browsers, servers, and other
networked applications, making it the de facto standard for securing
internet communications.
 Virtual Private Network(VPN)
• A Virtual Private Network (VPN) is a technology
that creates a secure and encrypted connection
over a less secure network, such as the internet.
• It allows users to access resources on a private
network remotely as if they were directly
connected to the network's servers.
• VPNs are widely used for enhancing security and
privacy on the internet and for accessing
restricted content.
 Virtual Private Network(VPN)
Here's how a VPN works:
• Encryption: When you connect to a VPN server, all data transmitted between
your device and the VPN server is encrypted. This encryption ensures that
even if someone intercepts the data, they won't be able to decipher it without
the encryption key.
• Tunneling: It a secure tunnel between your device & the VPN server. This
tunnel ensures that your data remains protected from interception while
traveling over the internet.
• Anonymity and Privacy: By connecting to a VPN server, your real IP address is
masked, and your internet traffic appears to originate from the VPN server's
location. This provides anonymity and enhances privacy, as your online
activities are more difficult to trace back to you.
• Access to Restricted Content: VPNs allow users to bypass geographic
restrictions and access content that may be blocked or restricted in their
location.
• Secure Remote Access: VPNs are commonly used by businesses to provide
secure remote access to their employees. Employees can connect to the
company's network securely from anywhere.
VPN Architecture
 Protecting Networks
Protecting a network involves implementing various
security measures to safeguard it against unauthorized
access, data breaches, and other cyber threats. Here are
some essential steps to protect a network.
• Firewalls: Deploy firewalls to monitor and control
incoming and outgoing network traffic based on
predetermined security rules.
• Network Segmentation: Divide the network into
segments or zones to limit the spread of threats. This
can prevent attackers from moving laterally within the
network if one segment is compromised.
 Protecting Networks
• Access Control: Implement strong authentication mechanisms such
as passwords, biometrics, or two-factor authentication (2FA) to
control access to the network resources. Use the principle of least
privilege, granting only the permissions necessary for users to
perform their jobs.
• Encryption: Encrypt sensitive data transmitted over the network
using protocols like SSL/TLS for web traffic and VPNs for remote
access. Also, encrypt data at rest to protect it if physical devices are
compromised.
• Patch Management: Regularly update network devices, operating
systems, and software applications to address vulnerabilities and
security flaws. Vulnerabilities in outdated software are often
exploited by attackers.
• Intrusion Detection and Prevention Systems (IDPS): Deploy IDPS to
monitor network traffic for signs of suspicious activity or known
attack patterns. These systems can detect and block threats in real-
time.