E2 _CNS Unit 1 Slides.pdf

Full Transcript

Welcome to
PES University
Ring Road Campus, Bengaluru
Computer Network Security
UE21CS343AB6
Prasad Honnavalli

Lecture 1
 Emergency Exit Assembly Point Washroom

No Chatting Phones on silent No Sleeping

Computer Network Security 3
 Disclaimer
☞ This presentation is purely educational.

☞ The views expressed by the presenter is not representation of
any organization.
☞ The views are based on professional experience of the presenter
and no liability is accepted by the presenter in the event of any
potential or perceived losses resulting from this presentation.

Computer Network Security 4
About Prasad Honnavalli
☞ Experience:
30+ years of global experience in advisory, consultancy and execution of - IT
services, IT transformation, Software development, Cloud Adoption, Information
Security - end to end software and Infrastructure design, development, testing
and deployment for FinTech, Manufacturing, Transport, Telecom, Resources &
various Governments.
Lived in 5 continents and worked with over 40 nationalities
☞ Founded two Start-ups in Bangalore and Singapore
☞ Education:
MBA – University of Melbourne. Bachelor of Electronics Engineer – UVCE,
Bangalore University, India.
☞ Currently: Since 2017
Professor - Computer Science and Engineering, PES University
Director – PESU Centre for Information Security, Digital Forensics and Cyber
Resilience (C-ISFCR)
Director – PESU Centre for Internet of Things (C-IoT)
Founder – AbhayaSecure
☞ Advisor to Start-ups and Growth firms

Computer Network Security 5
 About the Team
Preet Kanwal Dr. Radhika M. Hirannaiah

Experience: Experience:
8+ years of Experience in Teaching. Have 8+ years in the industry and 6yrs of teaching in High
school, Undergrad and Graduate students.
Education:
Research experience in Software Defined Networks (SDN),
Pursuing PhD– PES University, M.Tech(CSE) – VTU. Bachelor
OpenFlow and Voice over IP applications. Currently working
of Engineering(CSE) – VTU, India.
on 5G mobile network.
Currently: Since 2015
Education:
Associate Professor - Computer Science and Engineering,
Phd from Wichita State University, USA
PES University
Currently: Since 2023
Courses Handled:
Associate Professor - Computer Science and Engineering,
Machine Learning, Deep Learning, Data Science, Compiler
PES University
Design, Automata Theory
Courses Handled:
Software Testing/Engineering, Computer Networks

Computer Network Security 6
Course Objectives and Outcomes

Computer
ISFCR Executive
NetworkEducation
Security 7
 Course Objectives:
☞ Our primary goal is to be able to identify security issues in
various aspects of Network computing, including:
– Data Packet composition and spoofing
– Secure Packet Transmission
– Security Issues in Layer 2, 3 4 & 5 Protocols like ARP, IP, TCP and UDP
– Security aspects of protocols like DNS, VPN and TLS

☞ And to be able to use this ability to design systems that are
more protective of security and privacy.
Computer Network Security 8
Course Outcomes
☞ At the end of this course students should be able to:
Sniff packets and analyse them to extract important info such as headers,
passwords etc.
Launch Spoofing, DoS and MITM attacks using various protocols and mitigate
them.
Configure firewalls on Linux machines and perform network monitoring using
IDS/IPS.
Implement/Configure VPN for a secure connection over internet.
Learn skills of enabling and configuring a wireless network system for security.
Understand how network security attacks work in practice /real life
Assess threats for their significance / impact / Risk
Build programs & systems with robust security properties / posture
Gauge the protections and limitations provided by today's technology

Computer Network Security 9
Course Information– Computer Network Security (4-0-0-0-4)

Click here for Course Information

Computer Network Security 10
 Distribution of Sessions

# Activity Type # of Hours

1 Lectures Hours 49

2 Revision Hours 2

3 Lab Hours 26

4 Assignment Hours 7

Total 84

Computer Network Security 11
What is our goal in this course?

☞ Understand the key concepts underpinning Security
☞ Apply the concepts to solve real issues/problems.
☞ Higher Quality learning - LEARN by DOING!
Learn to install and use various industry leading tools to
understand offensive and defensive security.
Learn by doing the Labs
Learn by doing Assignments
☞ Peer Learning

Computer Network Security 12
Course Mechanics

Computer
ISFCR Executive
NetworkEducation
Security 13
 Textbook
☞ Prescribed Textbook: Internet
Security – A Hands-on approach
by Wenliang Du (3rd Edition).

☞ Additional readings will be
provided as appropriate
☞ Lecture Slides and notes (as
required) will be handed out

Computer Network Security 14
 Course Mechanics
☞ Instructor:
Prasad Honnavalli - https://staff.pes.edu/nm1300
Preet kanwal - https://staff.pes.edu/nm1125
Dr. Radhika M. Hirannaiah - https://staff.pes.edu/nm1664/

☞ Class Timings:
Tuesday (8 AM - 10:15 AM)
Thursday (10:45 AM to 1:00 PM)
☞ Come to class! Not every bit of material will be on the slides or in the text.
Some classes will be Labs!

Computer Network Security 15
 Course Mechanics
☞ Submit all assignments online through MS TEAMS
(Details will be shared later)

☞ Feedback is encouraged! Email
[email protected]
[email protected]
[email protected]

Computer Network Security 16
Evaluation Policy
Assessment policy: In Semester Assessment (ISA) Max : 50
Assessment policy: End Semester Assessment (ESA) Max: 50
Total = ISA + ESA = 100 marks
Activity Marks Remarks
ISA 1,2 (MCQ) 40 * 2 = 80 Scaled down to 30
Labs (10) 100 (approx.) Scaled down to 10
Assignments (3) 50 (approx.) Scaled down to 10
Total Marks 50

Activity Marks Remarks
Pen and Paper 100 Scaled down to 50
Total marks 50

Computer Network Security 17
Grading

Range – Marks1 Grade Letter

90 to 100 S

80 to 89 A

70 to 79 B

60 to 69 C

50 to 59 D

40 to 49 E

Below 40 F (Fail)
1
Range May be adjusted as appropriate

Computer Network Security 18
Prerequisites
☞ Students
Should have a taken the course on Computer Networks
Should have a good understanding of Computer Network
concepts
Have a passion for Network technologies
Respect Academic Honesty / Ethics
Say NO to plagiarism

Computer Network Security 19
Topics
OSI Model – Day in. the life of a packet
MAC Layer attacks
Network Layer Attacks – IP, ICMP
TCP Attacks – TCP and UDP
TLS Attacks
DNS Attacks
VPN Issues
End point Security – Firewalls, IDS, IPS, SIEM
Wireless security

Computer Network Security 20
Labs / Assignments
Labs: Assignments:
1. Sniffing and Spoofing iPremier Case Study
2. PCAP Analysis
University of Virginia Case Study
3. ARP Cache Poisoning
4. TCP Attacks
5. DNS Attacks
6. Kaminsky Attacks
7. Firewall Exploration
8. VPN Attack
9. Bypassing Firewall using VPN
10. HeartBleed Attack

Computer Network Security 21
 Other Readings
☞ From time to time, there will be other readings assigned as well

☞ You should usually try to do the readings before the class in
which we will discuss them.

Computer Network Security 22
Penalty for late submission:
☞ If any assignment or lab work is submitted late, the following
applies:
☞ Late by up to 24 hours ( 1 day) – lose 25% of your marks
☞ Late by up to 48 hours (2 days) – lose 50% of your marks
☞ Late by up to 72 hours (3 days) – lose 75% of your marks
☞ Late Beyond 72 hours – Zero

If you have accentuating circumstances, please let us know earliest and positively before the
deadlines; we will try to accommodate.

Computer Network Security 23
Collaboration: Do’s and Don’t’s
☞ Asking questions is encouraged
Discussing course topics with others is welcome
Peer Learning is Encouraged

☞ Limits of collaboration
Don’t share your Homework, Assignment and Lab solutions with
anyone else;
And Vice versa;
You should never see or have possession of anyone else’s solutions —
including from past semesters
Dishonesty will result in severe penalties

Computer Network Security 24
Honour Code

☞ The Honour Code is PESU statement on academic integrity.

☞ It articulates our expectations of students and faculty in
establishing and maintaining the highest standards in academic
work.

Computer Network Security 25
Honour Code

☞ The Honour Code is an undertaking of the students, individually and
collectively:
Students will not give or receive aid in examinations and class work, labs
and assignments;
Students will not give or receive unpermitted aid in class work, in the
preparation of reports, or in any other work that is to be used by the
instructor as the basis of grading;
Students will do their share and take an active part in seeing to it that
others as well as themselves uphold the spirit and letter of the Honour
Code.

Computer Network Security 26
Academic Honesty

☞ Academic honesty is expected from each student participating in the
course.
☞ No sharing (willing, unwilling, knowing, unknowing) of assignment code or
solutions between students;
☞ Labs and Assignments must be done by each student independently.
☞ No submission of downloaded code (from the Internet, Campus LAN, or
anywhere else) is accepted.

Computer Network Security 27
Academic Honesty

☞ Any dis-honesty will result in will result in Zero marks for the
assignment/work

And in addition, downgrade of final subject result by ONE grade!
This applies for both students giving and students taking
e.g. B grade will downgrade to C

Computer Network Security 28
A Note on Security
☞ In this course, you will be exposed to information about security problems
and vulnerabilities with computing systems and networks.
☞ To be clear, you are not to use this or any other similar information to test
the security of, break into, compromise, or otherwise attack, any system or
network without the express consent of the owner.
☞ In particular, you will comply with all my instructions when doing the labs.
My instructions are in consonance with applicable laws of India and PES
University policies.
If in any doubt, please consult your professor!
☞ Any violation is at YOUR RISK!
And may result in severe consequences.

Computer Network Security 29
Ethics Guide
☞ Of necessity, this class has a fair amount of "dark web" content
And a lot of "don't try this at home" stuff

☞ As defenders you must understand the Big WORD is consent
Its usually OK to break into your own stuff; its a great way to evaluate
systems
Its usually OK to break into someone else's stuff with explicit permission
to do so
It is both grossly unethical and often exceedingly criminal
to access systems without explicit permission and explicit authorization

Computer Network Security 30
Outcomes in Summary

Be aware of different methods by which you can protect your
data across computer systems and how to secure the same !

Computer Network Security 31
Outcomes in summary

Cybersecurity starts with me!

Computer Network Security 32
Understanding Plagiarism

Computer
ISFCR Executive
NetworkEducation
Security 33
Plagiarism (adopted from Indiana University)

☞ Plagiarism is defined as presenting someone else’s work, including the work
of other students, as one’s own.
Any ideas or materials taken from another source for either written or
oral use
must be fully acknowledged, unless the information is common
knowledge.
What is considered “common knowledge” may differ from course to
course.
☞ A student must not adopt or reproduce ideas, opinions, theories,
formulas, graphics, or pictures of another person without
acknowledgment.

Computer Network Security 34
Plagiarism (adopted from Indiana University)
☞ A student must give credit to the originality of others and acknowledge an
indebtedness whenever:
1. Directly quoting another person’s actual words, whether oral or
written;
2. Using another person’s ideas, opinions, or theories;
3. Paraphrasing the words, ideas, opinions, or theories of others,
whether oral or written;
4. Borrowing facts, statistics, or illustrative material; or
5. Offering materials assembled or collected by others
in the form of projects or collections
without acknowledgment
Computer Network Security 35
Plagiarism
☞ For those NOT familiar, please visit the links and follow the instructions.

☞ University College London- Learn about Plagiarism

☞ Welcome to the Indiana University Plagiarism Tutorials and Tests - Learn
how to recognize plagiarism, test your understanding, and earn a
certificate.
Take the certificate for Bachelor’s level.

☞ Any plagiarism will result in Zero marks for the assignment/work
And in addition, downgrade of final subject result by ONE grade!
For both students giving and students
taking e.g. B to C, D to E

Computer Network Security 36
Introducing Centre for Excellence

Computer
ISFCR Executive
NetworkEducation
Security 37
 PESU Center for
Information Security,
Forensics and
Cyber Resilience
ISFCR - Focus

Computer Network Security 39
Computer Network Security 40
Computer Network Security 41
ISFCR - Activities

Computer Network Security 42
ISFCR – Security Domains

Computer Network Security 43
Location

PES University,
B-Block, 11th floor, Room No. 1114
RR Campus, Bangalore

www.isfcr.pes.edu

Computer Network Security 44
45
 Objectives
☞ Provide students and faculty opportunities to work on IoT
domains and understand the implementation challenges of
greenfield and brownfield projects.
☞ Address the security of IoT platforms comprehensively working
with Centre for Information Security (ISFCR).
☞ Form a research and development community with cross
disciplinary collaboration, including engineering,
non-engineering, communication, electronics, microsystems,
information systems, and software, to focus on challenges in IoT
issues.
☞ Pursue research in IoT technology, applications and services.
Computer Network Security 46
Domains

Note: This classification is for our convenience
Computer Network Security 47
 1. Industrial IoT
☞ This will cover domains like:
Industry 4.0,
SCADA,
Autonomous Vehicles,
Robotics,
Drones and appliances

Computer Network Security 48
2. Smart City

49
 3. Critical Information Infrastructure
The focus here is to protect CII from cyber attacks and Denial of Service
attacks
☞ This includes all forms of transport
Land – Road, Rail & Mass Transit
Water
Air
☞ Generation and distribution of Energy
Smart Grid, Smart Meters etc.
☞ Potable Water supply and distribution
☞ Financial services including Banking,
Digital payments etc.
Computer Network Security 50
 4. Rural IoT
☞ The needs of Rural India covers
☞ Agriculture and agri-based activities
☞ Smart Diaries
☞ Water Management
☞ Livestock
☞ Waste
☞ etc.

Computer Network Security 51
5. Medical IoT

☞ This needs the most security
considerations as it involves
human lives.

Computer Network Security 52
Location

PES University,
B-Block, 11th floor, Room No. 1112
RR Campus, Bangalore

www.iot.pes.edu

Computer Network Security 53
Executive MTech in Cybersecurity Engineering

https://www.cysec.pes.edu/
Computer Network Security 54
The Journey so far

Computer
ISFCR Executive
NetworkEducation
Security 55
ISFCR – The Journey So Far

23 Courses
Cumulative count. B.Tech + M.Tech
18 Faculty
Non-cumulative Count

Computer Network Security 56
ISFCR – The Journey So Far

2000+ Student
100 + Publications Community
Cumulative Count

Since 2018
Journal – 25
Conference - 75
Cumulative count. B.Tech + M.Tech

Computer Network Security 57
ISFCR – The Journey So Far

15 Internships
Cumulative count
111 Projects
Cumulative count. B.Tech + M.Tech

Computer Network Security 58
ISFCR – The Journey So Far

5 PHD Scholars 6 PHD Holders
45 Professionals
trained under Executive Education by ISFCR

10 Hackathons 600+ Participants
Certifications – CompTIA - Network+, Security+,
EC Council - CHFI, SANS GIAC - GISF

Computer Network Security 59
Industry Collaborations

2018

2019

2020

Computer Network Security 60
What is Information?

Computer
ISFCR Executive
NetworkEducation
Security 61
 Digital Transformation

☞ Cloud First, Mobile First Strategy - Driving the digital
transformation in India and across the world.

☞ World Economic forum (WEF) estimates that 463 exabytes of
data will be created each day globally by 2025.
One Exabyte = one billion gigabytes

https://www.weforum.org/agenda/2019/04/how-much-data-is-generated-each-day-cf4bddf29f/

Computer Network Security 62
 Compiled from apple.com, Time.com, Intel.com, skype.com, NYtimes.com, Dailymail.co.uk

Adapted from Cisco, IBSG and UNç
https://www.weforum.org/agenda/2021/08/one-minute-internet-web-social-media-technology-online/ 63
 IEEE-Sensor.org

Compiled from apple.com, Time.com, Intel.com, skype.com, NYtimes.com, Dailymail.co.uk

Adapted from Cisco, IBSG and UNç
64
 IEEE-Sensor.org

Compiled from apple.com, Time.com, Intel.com, skype.com, NYtimes.com, Dailymail.co.uk

Adapted from Cisco, IBSG and UNç
65
Internet of Things – Economic Value

66
What is Information Security?

Computer
ISFCR Executive
NetworkEducation
Security 67
Information Security
“The protection afforded to an automated information system in order to
attain the applicable objectives of preserving the integrity, availability and
confidentiality of information system resources” (includes hardware,
software, firmware, information/data, and telecommunications).
Source: NIST

Refers to the processes and methodologies which are designed and
implemented to protect print, electronic, or any other form of
confidential, private and sensitive information or data from
unauthorized access, use, misuse, disclosure, destruction,
modification, or disruption.

Computer Network Security 68
The CIA Triad - Core Security Principles

Human
☞ Confidentiality - Data Confidentiality and Privacy
Mergers,
Facilities / Spinoffs,
Software
☞ Integrity - Data Integrity and System Integrity Perimeter Governance

☞ Availability Networks

Attack Surface
High Medium Low

Source: NIST standard FIPS 199
(Standards for Security Categorization of Federal Information and Information Systems)

Computer Network Security 69
What is Security?
Enforcing a desired property in the presence of an attacker

☞ data confidentiality
☞ user privacy
☞ data and computation integrity
☞ authentication
☞ availability..

Computer Network Security 70
 Why is security important?
☞ It is important for our
☞ personal safety
☞ confidentiality/privacy
☞ functionality
☞ protecting our assets
☞ successful business
☞ country’s economy and safety
☞ and so on...

Computer Network Security 71
Vulnerabilities, Threats and Attacks

☞ Categories of vulnerabilities
Corrupted (loss of integrity)
Leaky (loss of confidentiality)
Unavailable or very slow (loss of availability)
☞ Threats
Capable of exploiting vulnerabilities
Represent potential security harm to an asset

Computer Network Security 72
Vulnerabilities, Threats and Attacks
☞ Attacks (threats carried out)
Passive – attempt to learn or make use of information from
the system
that does not affect system resources
Active – attempt to alter system resources or affect their
operation
Insider – initiated by an entity inside the security
parameter
Outsider – initiated from outside the perimeter

Computer Network Security 73
Assets of a Computer System

Hardware
e s
fa c
r
Software

Su
Data

c k
tta Communication facilities and networks

A
Physical Facility
74
Anatomy of an Attack
Threat
Owners Agents
value

Wish to Wish to abuse
impose
minimize and/or may
damage

Countermeasures Assets Give rise to

To reduce

to to

Risks Threats

That increase 75
Countermeasures

Means used to deal with
☞ May itself introduce new
Security Attacks
vulnerabilities
Prevent
☞ Residual vulnerabilities
may remain
Detect
☞ Goal is to minimize
Recover residual level of risk to the
assets

76
Security and Reliability
☞ Security has a lot to do with reliability
☞ A secure system is one you can rely on to (for example):
Keep your personal data confidential
Allow only authorized access or modifications to resources
Give you correct and meaningful results
☞ Give you correct and meaningful results when you want them

Computer Network Security 77
 What is Privacy?
There are many definitions of privacy

☞ A useful one: “informational self-determination”
This means that you get to control information about you
“Control” means many things:
Who gets to see it
Who gets to use it
What they can use it for
Who they can give it to

Computer Network Security 78
What is data privacy?

Right of an individual to have control over how personal information is
collected and used
Data protection, a subset of data privacy, ensures confidentiality,
integrity and availability of personal information

Data Subject

Joint Controller
Controller/ Fiduciary / Fiduciary

Processor

Sub Processor
PwC ET master class 79 79
Need for Data Privacy
Increasing number of internet users Wider spectrum of data-collection channels

2016 - 2019 | Internet users around the world increased by 29% When organizations were asked how they collect user data

42% from other organizations
2016 - 2019 | Internet users in India increased by nearly 50%
33% purchase from third parties
33% from connected devices
79% directly from individuals
Increasing personal data breaches Customers demand it

Q2-Q3 FY’20 | 7.9 Billion personal data breaches (33% increase) As per a global survey of consumers in 2019:

Q4 FY’20 | 100% increase in phishing attacks in Indian orgs
48% stopped buying from a company over privacy concerns
84% wanted more visibility & control over their data
Source:
PwC ET master class 1. PwC survey 80
80
2. Dataprivacymanager.net
General Data Protection and Regulation

81
California
Consumer
Privacy Act –
Effective 01 Jan
2020

82
India – moving in the right direction
India – Sector Updates
Amendment of Section 43-A of The IT
2011 TRAI – Recommendation on ‘Privacy, Security
ACT, 2000 focusing on SPDI
and Ownership of Data in the Telecom Sector’

On 16 July’18, TRAI issued recommendations
Srikrishna Committee formed to study on Privacy & Security of Data in the Telecom
2017
the issues related to data protection Sector

Includes TSPs, communication networks,
Draft PDPB submitted by the committee browsers, operating systems, OTT service
2018 to the Ministry of electronics and providers
Information Technology
Digital Information Security in Healthcare Act
Passed by the cabinet , now pending with (DISHA)
2019 joint select committee to present its
report DISHA seeks to regulate all digital health data

PwC ET master class
Enable sharing of personal health records b/w 83 83
About India’s draft Personal Data Protection Bill

What’s Unique? First attempt to bring a harmonized data privacy regime in India

Who does it
Everyone
effect?

Consequences for
Financial & regulatory risk, Operational disruption, Reputational damage
organizations

Civil Penalties: Higher of INR 15 Cr or 4 % of total turnover
Penalties
Criminal Penalties: Imprisonment (ranging from 3 to 5 years)

Who should Data Fiduciary & Processor
protect & what? Personal data and Sensitive Personal data

PwC ET master class 84

Computer Network Security 84
Security vs. Privacy

☞ Sometimes people think of
Security and Privacy as if
they're opposing forces.

☞ Are they really?
☞ Do we have to give up one to
get the other?

85
Why should we care?

Computer
ISFCR Executive
NetworkEducation
Security 86
 Total value at risk from cybercrime
US$5.2 trillion
over the period 2019 to 2023
Source: https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf#zoom=50

Computer Network Security 87
Cyber crime is Growing exponentially and Pays
☞ Multiple studies estimate cyber crime costs to cross $2.1 trillion by the year 2019 and $6 trillion
by 2021 (WEF, Juniper, IBM, Lloyds..)

☞ 60 percent of small businesses go out of business six months after a cyberattack

“Cyber crime is the greatest transfer of wealth in History”
General Keith B Alexander, , Commander – US Cyber Command.

☞ Ransomware - great example of a solid economic model of cybercrime business and growing
exponentially.

☞ Cybercrime-as-a-service - hack or shut down a business by DDoS attack

Computer Network Security 88
There are two forces at work here, pulling in different
directions:

The attackers, who are getting
better and faster at making their attacks work

Attackers only need to find a single weakness, the developer needs to find all
weaknesses

And the companies, which still struggle with the
overload of urgent Technical security tasks and
Economic constraints too!

89
Days to identify and contain a data breach

The mean or average time to
identify and contain
a data breach fell from 287
days in 2021 to 277 days
in 2022, a decrease of 10
days or 3.5%.

We say, Lifecycle of data
breach in 2022 is 277 days.

Source: IBM Cost of Data Breach
2022 report

Computer Network Security 90
 Days to identify and contain a data breach

Computer
Source: Network
IBM Ponemon ReportSecurity
2019 91
 Data Breach Lifecycle and Data breach costs

Source: IBM Cost of
breach report 2022

Computer Network Security 92
Cost of Data Breach

Computer Network Security 93
Impact of Data Breaches

Computer Network Security 94
Security Mindset

Computer
ISFCR Executive
NetworkEducation
Security 95
What is Cybersecurity Mindset?

Computer Network Security 96
What is Cybersecurity Mindset?
☞ Normally, we are concerned with correctness
☞ Does the software achieve the desired behavior?
☞ Security is a form of correctness
☞ Does the software prevent “undesired” behavior?

☞ The key difference:
☞ Security involves an adversary who is active and
malicious.

☞ Adversary seeks to circumvent protective measures.

Computer Network Security 97
What is Cybersecurity Mindset?
☞ Normal users ignore or report bugs/flaws

☞ Adversaries / Attackers are not normal users
☞ Adversaries / Attackers seek out bugs/flaws and try to exploit
them

☞ This extends beyond software and to entire systems

Computer Network Security 98
What is Cybersecurity Mindset?
☞ There is no such thing as absolute security!

☞Goal: Raise the bar for the attacker
Too difficult, Too expensive
Lower Return on Investment (ROI) and hence not the
attractive target

Ultimately, we want to mitigate undesired behaviour

Computer Network Security 99
 Cybersecurity – why does it fail?

☞ Systems may fail for many reasons
Reliability deals with accidental failures

Usability deals with problems arising from operating mistakes made by users

Security deals with intentional failures created by intelligent parties

Computer Network Security 100
 Cybersecurity – why does it fail?
☞ “Computing in the presence of an adversary”
☞ Computer security experts think like an attacker all the time
“What can go wrong?”
“How can it go wrong?”
“What assumptions might not be correct?”
“How can I exploit this system?”

☞ Think outside the box!

Computer Network Security 101
 What does “Cybersecurity” mean?
☞ Who are our adversaries?
Motives?
Capabilities?
Access?
☞ What kinds of attacks do we need to prevent?
☞ Can we ignore any type/kind attacks?

Computer Network Security 102
 Thinking like an attacker
☞ Thinking like an attacker
Understanding how to circumvent security
Look for where security can fail

☞ Thinking like a defender
What are you defending (assets) and from whom (APT, state-actors,
kiddies)
Weigh benefits vs. costs: No system is ever completely secure!!
“Rational paranoia!”

Computer Network Security 103
CIA and Cybersecurity Mindset
☞ Reveals info users wish to hide (confidentiality breached)
Corporate secrets
Private data; personally identifying information (PII)
☞ Modifies information or functionality (integrity breached)
Destroys records
Changes data in-flight (think “the telephone game”) Installs unwanted
software (spambot, spyware, etc.)
☞ Denies access to a service (availability issues)
Crashing a website for political reasons, Denial of service attack
Variant: Bias, Fairness in question

Computer Network Security 104
 WHY ARE ATTACKS COMMON?
☞ Because attacks are derived from design flaws or implementation
bugs
But all software has bugs: so what?

☞ A normal user never sees most bugs

☞ Too expensive to fix every bug
Normal thought

process: “Let’s only fix what’s likely to affect
normal users”

Computer Network Security 105
How secure should Security be?

Computer
ISFCR Executive
NetworkEducation
Security 106
Security Cornerstones

☞Threat Mode – No Absolute Security, Only Relative Security

☞Prevention, Detection & Response, Mitigation and Recovery

☞False Positives, False Negatives, and measurements/metrics

Computer Network Security 107
How secure should we make it?

☞ Principle of Adequate Protection
“Security is economics”
Don't spend $100,000 to protect a system
that can only cause $1000 in damage
Or has a replacement cost of $5000

☞ Why Information Security is Hard – An Economic Perspective By Ross
Anderson - https://www.acsac.org/2001/papers/110.pdf

Computer Network Security 108
How secure should we make it?

☞ Principle of Easiest Penetration
“A system is only as strong as its weakest link”
The attacker will go after whatever part of the system is easiest for
him,
not most convenient for you.
In order to build secure systems, we need to learn how to think like
an attacker!

Computer Network Security 109
 It All Comes Down To People... The Attacker(s)
☞ People attack systems for some reason
for money,
for politics,
for the fun,
for Kicks!

☞ Often the most effective security is to attack the attacker’s
motivation

Computer Network Security 110
 It All Comes Down to People... The Users
☞ If a security system is unusable, it will be unused
☞ Or at least so greatly resented that users will actively attempt to
subvert it:
"Let's set the ICB Missile launch code to 00000000" (oh, and write
down the password anyway!)

☞ Users will subvert systems anyway
☞ Programmers will make mistakes
☞ And Social Engineering...

Computer Network Security 111
 False Positives and False Negatives
☞ False positive:
You alert when there is nothing there
☞ False negative:
You fail to alert when something is there
☞ This is the real cost of detection:
Responding to false positives is not free
And too many false positives and alarms get removed
False negatives mean a failure

Computer Network Security 112
 Defence in Depth
☞ The notion of layering multiple types of protection together
EG, : Moat -> wall -> depression -> even bigger wall
And some towers to rain down an eclectic mix of flaming and pointy death on those
caught up in the defences

☞ Hypothesis is that attacker needs to breach all the defences
At least until something comes along to make the defence irrelevant like, oh, say
siege cannons
D1
☞ But defence in depth isn't free: D2 Alert
You are throwing more resources at the problem
You can have an increased false positive rate:
FP1 1-FP1 FP2 FP
If D1 has rate FP1 and D2 has rate FP2, a composition
where either can alert has:.1.9.1.19
FP = FP1 + (1-FP1) * FP2.3.7.3.51

Computer Network Security 113
 Mitigation & Recovery...
☞ OK, something bad happened...
Now what?
☞ Assumption: bad things will happen in the system
Can we design things so we can get back working?
☞ So how do I plan for earthquakes?
"1 week of stay put and 50+ miles of get outta town"
☞ So how do I plan for ransomware?
"If my computer and house catches fire, I have backups"...
AKA, "If you love it, back it up!"

Computer Network Security 114
Real World Security... How is your account breached?
☞ Humans can't remember good passwords...
Well, we can remember a couple good passwords, but that's about it

Computer Network Security 115
Computer Network Security 116
 Thank you!

Follow us

isfcr.pesu www.isfcr.pes.edu ISFCR
 Welcome to
PES University
Ring Road Campus, Bengaluru
Computer Network Security
UE21CS343AB6
Prasad Honnavalli

Lecture 2
 Disclaimer
☞ This presentation is purely educational.

☞ The views expressed by the presenter is not representation of
any organization.
☞ The views are based on professional experience of the presenter
and no liability is accepted by the presenter in the event of any
potential or perceived losses resulting from this presentation.

Computer Network Security 3
General Rules of Engagement

Emergency Exit Assembly Point Washroom

No Chatting Phones on silent No Sleeping

Computer Network Security 4
A Note on Security
☞ In this course, you will be exposed to information about security problems
and vulnerabilities with computing systems and networks.
☞ To be clear, you are not to use this or any other similar information to test
the security of, break into, compromise, or otherwise attack, any system or
network without the express consent of the owner.
☞ In particular, you will comply with all my instructions when doing the labs.
My instructions are in consonance with applicable laws of India and PES
University policies.
If in any doubt, please consult your professor!
☞ Any violation is at YOUR RISK!
And may result in severe consequences.

Computer Network Security 5
What does a day online look like?

You browse the
You visit
web, shop online,
a
post some photos,
website
order food, read

Fill up feedbacks,
You exit participate in
and some surveys ,
come get some free
offline vouchers

PwC ET master class

Computer Network Security 6
What does a day online look like?

What do you think actually
took place?

PwC ET master class

Computer Network Security 7
What happens at the backend?
Collection of Enterprise collects user personal data via
user’s personal authentication, surveys, loyalty prog. etc.
information Sites collect data via cookies which stores personal
data, preferences, browsing history

Data gets shared with ISPs, third parties , apps,
Sharing of data to
platforms
3rd parties
The backend data gets stored with cloud providers
having data centers across the world
These 3rd parties further share this data with other
parties who may or may not have adequate security
PwC ET master class
measures 8 8
What happens at the backend?
Innovative technologies & process manipulate the
Profiling of user
data
data
Processes used to take decisions & analyze data is
unknown to user
Fields collected are social media friend list, location,
web search history, chat history, IP addresses etc.

Online sites ultimately change user perception,
Data
behaviour, psychology to predict behavior &
Monetization
monetize data which was collected initially for a
different purpose
PwC ET master class 9 9
The Attack Landscape
The Human Factor!

Computer
ISFCR Executive
NetworkEducation
Security 10
 The Attack Landscape

Computer
ISFCR Executive
NetworkEducation
Security 11
 How safe is our Credentials?

☞ So many logins and passwords to remember that it’s tempting to
reuse credentials —a fact attackers rely on.
☞ Security best practices
Use strong passwords/passphrases with a combination of Upper and Lower
case letters, numbers and symbols.
Use unique passwords / passphrases for all your applications and websites
Change Default passwords
Use password manager

Computer Network Security 12
 MITM / Eavesdropping

☞ MITM / eavesdropping is another method used by cyber
criminals to capture personal information.
☞ What it is:
☞ Virtual “listening in” on information that's shared over an
unsecure (not encrypted) WiFi network.
☞ Session hijacking

Computer Network Security 13
 Social Engineering - Phishing
☞ Is a seemingly legitimate email with an attachment to open or a
link to click.
☞ Appears to be from someone you trust, like your boss or a
company you do business with.
☞ Upon opening the malicious attachment, you’ll thereby install
malware in your computer.
☞ If you click the link, it may send you to a legitimate-looking
website that asks for you to log in to access an important
file—except the website is actually a trap used to capture your
credentials when you try to log in.
Check this for examples: https://security.berkeley.edu/resources/phishing/phish-tank
Computer Network Security 14
Denial of Service

☞ In DoS an attacker floods a
website with an overwhelming
amount of traffic to essentially shut
it down for all users.
☞ When these DoS attacks are
performed by many computers at
the same time, it is called as a
Distributed Denial of Service Attack
(DDoS).

More than 2000 1/3 $150
of all downtime incidents are can buy a week-long DDoS attack on the
daily DDoS Attacks are observed world-wide by
attributed to DDoS attacks. black market. TrendMicro Research
Arbor Networks.
Understanding DDoS - Verizon
Digital Attack Map
Computer Network Security 15
https://www.youtube.com/watch?v=xzCk08fGz1c

16
OSI layers susceptible to DDoS attacks

DDoS Attacks

DDoS Attacks

Computer Network Security 17
 Malware / Ransomware

☞ Is various forms of harmful
software, that can take
control of your machine,
monitor your actions and keystrokes,
Silently send all sorts of confidential data
from your computer or network to the
attacker's home base.
covertly encrypts your files – preventing
you from accessing them – then demands
payment for their safe recovery.

Computer Network Security 18
Patching Behavior – Before and after WannaCry

2019 potential cost of US
Ransomware attacks in excess of $7.5
billion.

Impacted at least 966 government
agencies including, 113 state and
municipal governments and agencies.

764 healthcare providers.

89 universities, colleges and up to
1,233 school districts.

Source: https://blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/
Computer Network Security 19
 2019 – US Ransomware attacks
☞ In 2019, the U.S. was hit by an unprecedented and unrelenting
barrage of ransomware attacks
☞ That impacted at least 966 government agencies including, 113
state and municipal governments and agencies.
☞ 764 healthcare providers.
☞ Educational establishments, 89 universities, colleges and school
districts, with operations at up to 1,233 individual schools
potentially affected.

☞ At a potential cost in excess of $7.5 billion.
Source: https://blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/

Computer Network Security 20
 OWASP Top 10 – IoT 2018
OWASP IoT Top 10 2018 Description
Use of easily bruteforced, publicly available, or unchangeable
I1 Weak, Guessable, or
credentials, including backdoors in firmware or client software
Hardcoded Passwords
that grants unauthorized access to deployed systems.
Unneeded or insecure network services running on the device
I2 Insecure Network itself, especially those exposed to the internet, that compromise
Services the confidentiality, integrity/authenticity, or availability of
information or allow unauthorized remote control.
Insecure web, backend API, cloud, or mobile interfaces in the
ecosystem outside of the device that allows compromise of the
I3 Insecure Ecosystem
device or its related components. Common issues include a lack
Interfaces
of authentication/authorization, lacking or weak encryption, and
a lack of input and output filtering.
21
 OWASP Top 10 – IoT 2018
OWASP IoT Top 10 2018 Description
Lack of ability to securely update the device. This includes lack of
I4 Lack of Secure Update firmware validation on device, lack of secure delivery
Mechanism (un-encrypted in transit), lack of anti-rollback mechanisms, and
lack of notifications of security changes due to updates.
Use of deprecated or insecure software components/libraries
that could allow the device to be compromised. This includes
I5 Use of Insecure or
insecure customization of operating system platforms, and the
Outdated Components
use of third-party software or hardware components from a
compromised supply chain
User’s personal information stored on the device or in the
I6 Insufficient Privacy
ecosystem that is used insecurely, improperly, or without
Protection
permission.
22
OWASP Top 10 – IoT 2018
OWASP IoT Top 10 2018 Description
Lack of encryption or access control of sensitive data anywhere
I7 Insecure Data Transfer
within the ecosystem, including at rest, in transit, or during
and Storage
processing
Lack of security support on devices deployed in production,
I8 Lack of Device including asset management, update management, secure
Management decommissioning, systems monitoring, and response
capabilities.
Devices or systems shipped with insecure default settings or lack
I9 Insecure Default
the ability to make the system more secure by restricting
Settings
operators from modifying configurations.
Lack of physical hardening measures, allowing potential
I10 Lack of Physical
attackers to gain sensitive information that can help in a future
Hardening
remote attack or take local control of the device. 23
 Cyber Attack Map
☞ https://norse-corp.com/map/
☞ https://www.digitalattackmap.com/
☞ https://cybermap.kaspersky.com/
☞ https://threatmap.checkpoint.com/
☞ https://www.fireeye.com/cyber-map/threat-map.html
☞ https://threatmap.fortiguard.com/
☞ https://www.akamai.com/uk/en/resources/visualizing-akamai/
real-time-web-monitor.jsp
☞ https://talosintelligence.com/fullpage_maps/pulse
☞ https://www.sophos.com/en-us/threat-center/threat-monitori
ng/threatdashboard.aspx
Computer Network Security 24
Cyber Security Framework

Computer
ISFCR Executive
NetworkEducation
Security 25
Security Framework

Computer Network Security 26
CyberSecurity Framework

https://www.nist.gov/cyberframe
work

Computer Network Security 27
The biggest cyber-threat is simply: Complacency

failing to create a security policy
Educating employees,
putting software protection in place,
encouraging sensible cyber-security practice
are solid foundations on which to build your company's defences.

Computer Network Security Board Room Cyber watch survey 2014 28
Social Engineering – a short video
https://www.youtube.com/watch?v=fHhNWAKw0bY&t=28s

29
Real Life Examples of Cyber Crime

Computer
ISFCR Executive
NetworkEducation
Security 30
Hackers target Cyber Physical Systems

31
Exposed and hackable Attack surface in a Car

32
Chrysler Jeep Hack 2015 By Charlie Miller and Chris Valasek
https://spectrum.ieee.org/cars-that-think/transportation/systems/jeep-hacking-101
https://www.youtube.com/watch?v=OobLb1McxnI
33
Olympic Games aka "Stuxnet”

34
 Target Data Breach
☞ The third biggest retail chain in USA
suffered a massive security breach -
40 million credit-card users and
personal data from as many 70 million
were compromised in 19 days during
the Christmas shopping season

☞ Target announced that Steinhafel, who
is also president and chairman of the
board, will step down immediately.
(http://pressroom.target.com/news/statement-from-targets-board-of-d
irectors )

Computer Network Security 35
 The Central Bank of Bangladesh heist

☞ On February 4, 2016, a cyber-attack on the central bank of
Bangladesh resulted in losses of $81 Million and prevented
another $850 Million in transactions from being processed.

☞ Hackers request the Federal Reserve Bank of New York to
transfer nearly $1 billion of the Bangladesh Bank’s funds to bank
accounts in the Philippines, Sri Lanka and other parts of Asia.

Computer Network Security 36
Equifax: 143 million Social Security and personal info
Stolen

Equifax says the breach lasted
from mid-May through July 29th
when it was detected

Equifax CEO Smith blames breach
on a single person who failed to
deploy patch for public
vulnerability in Apache’s Struts
software
Source: https://www.govinfo.gov/content/pkg/CHRG-115shrg28123/html/CHRG-115shrg28123.htm

https://www.congress.gov/event/115th-congress/house-event/106455/text

Computer Network Security 37
Capital One – Data Breach July 2019

100 million consumer applications for credit from Capital One.
The problem stemmed in part from a misconfigured open-source Web Application
Firewall (WAF) that Capital One was using as part of its operations hosted in the cloud with
Amazon Web Services (AWS).
For More Info
https://www.capitalone.com/facts2019/
https://www.cyberint.com/wp-content/uploads/2019/08/Capital-One-Breach_-CyberInts-Take.pdf
https://krebsonsecurity.com/tag/capital-one-breach/

38
Marriot Data Breach
Marriott first revealed it had suffered a
massive data breach affecting the records of up to
500 million customers on 30 November last year.
Information accessed included payment
information, names, mailing addresses, phone
numbers, email addresses and passport numbers.
For more info:
https://www.consumer.ftc.gov/blog/2018/12/marriott-
data-breach
https://krebsonsecurity.com/2018/12/what-the-marrio
tt-breach-says-about-security/
https://www.wsj.com/articles/marriott-faces-123-millio
n-fine-over-starwood-data-breach-11562682484
39
Threats to Personal Safety

Computer Network Security 40
Confidentiality/privacy

5,183 breaches exposed 7.9 billion records in the
first nine months of 2019

June 09, 2020 - The healthcare sector was the most targeted
by hackers and cyberattacks in 2019. And its 382 data
breaches cost the sector more than $17.76B billion,
according to ForgeRock’s 2019 Consumer Breach Report.
Computer Network Security 41
 Colonial Pipeline Attack

☞ The result of a single
compromised password,
☞ Hackers gained entry into the
networks of Colonial Pipeline
Co. on April 29 through a VPN
account, which allowed
employees to remotely access
the company’s computer
network, said Charles Carmakal,
senior vice president at
cybersecurity firm Mandiant,
part of FireEye Inc., in an
interview.
☞ The account was no longer in use
at the time of the attack but
could still be used to access
Colonial’s network, he said.
Computer Network Security 42
Can affect a country’s economy... Multiple times!

Computer Network Security 43
 NotPetya https://en.wikipedia.org/wiki/Petya_(malware)
☞ A White House assessment pegged the total damages brought about by
NotPetya to more than $10 billion.
☞ Maersk, the world's largest container ship and supply vessel operator, was
estimated to have lost between $200m and $300m
☞ On 28 June 2017, JNPT, India's largest container port, was reportedly
affected, with all operations coming to a standstill
☞ Mondelez International's insurer, Zurich American Insurance Company, has
refused to pay, on the grounds that Notpetya is an
"act of war" that is not covered by the policy.
Mondelez is suing Zurich American for $100 million

Computer Network Security 44
Vendors with Most Published vulnerabilities

45
Vulnerabilities by Category

46
Vulnerabilities by Year
Source:
https://cve.mitre.org/
https://www.cvedetails.com/browse-by-date.php
https://cwe.mitre.org/data/index.html

47
IoT – Internet of Things
☞ Three large IoT botnets—Mirai, BrickerBot, and Hajime

☞ 665-Gbps attack targeted the security blogger Brian Krebs in September 2016.

☞ Shortly thereafter, a 1-TBps attack was launched against the French hosting company
OVH abusing over 150,000 IoT devices.

☞ And in October, DynDNS suffered an attack that caused an outage to hundreds of
popular websites—the largest of the three Internet of Things (IoT) DDoS attacks.

“KrebsOnSecurity Hit with Record DDoS,” by Brian Krebs, KrebsOnSecurity blog, September 21, 2016:
krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/.
“150,000 IoT Devices Abused for Massive DDoS Attacks on OVH,” by Eduard Kovacs, SecurityWeek, September 27, 2016:
securityweek.com/150000-iot-devices-abused-massive-ddos-attacks-ovh.
“DDoS Attack on Dyn Came from 100,000 Infected Devices,” by Michael Kan, IDG News Service, for ComputerWorld, October 26, 2016:

Computer Network Security 48
The DDoS Attack on Google, 2020
☞ On October 16, 2020, Google’s Threat Analysis Group (TAG) posted a blog update
concerning how the threats and threat actors are changing their tactics due to the
2020 U.S. election. At the end of the post, the company snuck in a note:
☞ in 2020, our Security Reliability Engineering team measured a record-breaking UDP
amplification attack sourced out of several Chinese ISPs (ASNs 4134, 4837, 58453,
and 9394), which remains the largest bandwidth attack of which we are aware.
☞ Mounted from three Chinese ISPs, the attack on thousands of Google’s IP
addresses lasted for six months and peaked at a breath-taking 2.5Tbps! Damian
Menscher, a Security Reliability Engineer at Google, wrote:
☞ The attacker used several networks to spoof 167 Mpps (millions of packets per
second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then
send large responses to us. This demonstrates the volumes a well-resourced
attacker can achieve: This was four times larger than the record-breaking 623
Gbps attack from the Mirai botnet a year earlier.

Computer Network Security 49
IIoT Cyber attacks

50
Ransomed medical devices: It’s happening
☞ Medical devices at US hospitals have
been hit by the now-infamous Dick Cheney ordered
changes to his
WannaCry ransomware - Pacemakers
pacemaker to better
and other implants protect it from
hackers.
☞ And St. Jude has spent months dealing
with the fallout of vulnerabilities in
some of the company's defibrillators,
pacemakers, and other medical
electronics.

☞ Johnson & Johnson warned customers
about a security bug in one of its
insulin pumps last fall.

Computer Network Security 51
Major U.S. Healthcare Data Breaches of 2018
☞ Email, targeted phishing attacks, and database misconfigurations were behind the year’s largest
breaches of patient data - With one attack lasting more than a year.
☞ Accudoc solutions: 2.65 million atrium health patients
Hack on North Carolina-based billing vendor AccuDoc Solutions, whichprepares patient bills and
operates Atrium Health’s compromised patient data for a week
☞ Unitypoint health: 1.4 million patients - second breach in a year
The email system was hit with a series of highly targeted phishing emails that looked as if they
were sent from an executive from within the organization. An employee fell for the scam.
☞ Cno financial group: 566,217 customers
Hackers accessed several employee credentials and used them to access company websites,
compromising the data of policy holders and applicants.
The breached data included names, insurance details, dates of birth, and the last four
digits/complete Social Security numbers, credit or debit information, medications, diagnoses and
or treatment details were included in the breach.

Source: https://healthitsecurity.com/news/the-10-biggest-u.s.-healthcare-data-breaches-of-2018
Computer Network Security 52
In Summary – without these, the rest can’t help!
Sensible Cyber Practices
Training & Social
Education Engineering

Update your
Validated
Software /
Backup
Patching

Use Strong Human Use
Anti-Malware
Passwords / Software
Factors Protection

Computer Network Security 53
 “Cyber Security
is everyone’s responsibility!”

Do your Part, #Be Cybersafe!!

Computer Network Security 54
Job Outlook

Computer
ISFCR Executive
NetworkEducation
Security 55
Source: https://www.linkedin.com/pulse/cybersecurity-domain-map-ver-30-henry-jiang/ 56
Information Security is growing by 33%

8th fastest growing among all 800 job
profiles tracked by US Bureau of Labor

Computer Network Security 57
Cybersecurity Workforce Demand

58
Cybersecurity Workforce Demand

59
 India – Cyber Security Jobs

☞ Specialist staffing firm ☞ 3.5 Million unfilled
Xpheno estimates 67,000 cybersecurity jobs by 2021
job openings in cyber
security in the country,
with nearly 19,000 in
Bangalore alone.

Source: Source:
https://economictimes.indiatimes.com/tech/internet/cyber-security-professi https://cio.economictimes.indiatimes.com/news/digital-security/3-5-million-unfi
onals-in-big-demand-over-67000-job-openings-says-estimate/articleshow/73 lled-cybersecurity-jobs-by-2021-report/64776284
769582.cms?from=mdr

60
 Job Outlook
☞ "The shortage of skilled and qualified cybersecurity professionals is
one of the biggest issues facing our Internet-connected world today.
Professionals who gain the skills and tactics needed to defend
against the next generation of security threats will be better
prepared for careers at IBM and other organizations in the
cybersecurity industry."
— Bob Kalka , CRISC, Vice President, IBM Security Business Unit

☞ Employment of information security analysts is projected
to grow 28 percent from 2016 to 2026, much faster than
the average for all occupations. Demand for information
security analysts is expected to be very high, as these
analysts will be needed to create innovative solutions to
prevent hackers from stealing critical information or
causing problems for computer networks.
Source:https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
Computer Network Security 61
Cybersecurity Job Outlook
☞ If you are currently part of the cybersecurity workforce, then congratulations on selecting a
wonderful career - Jonathan Trull, Chief Information Security Officer, REGIS University
☞ And if you are still deciding on a career or looking to transition into a new field, then I would
strongly recommend you consider a career in information security (cybersecurity and
information security can be used interchangeably).
☞ To convince you, let me provide you with some facts.
First, there is a severe labour shortage, which means that qualified candidates have numerous
opportunities and can typically demand high salaries.
According to the Symantec CEO, “the demand for the cybersecurity workforce is expected to rise to 6
million globally by 2019, with a projected shortfall of 1.5 million.”
According to the Federal CIO, there are more than 10,000 openings in the federal government for
cyber security professionals.
With such a severe labor shortage, salaries for cyber security professionals are at an all time high and are
increasing year over year.

Computer Network Security 62
 Job Outlook
☞ The ISACA, a non-profit information security advocacy group,
predicts there will be a global shortage of two million cyber security
professionals by 2019.

☞ Every year in the U.S., 40,000 jobs for information security analysts
go unfilled, and employers are struggling to fill 200,000 other cyber-
security related roles, according to cyber security data tool
CyberSeek.

☞ And for every ten cyber security job ads that appear on careers site
Indeed, only seven people even click on one of the ads, let alone
apply.
Source: Forbes.com
Computer Network Security 63
 Job Outlook
☞ https://www.cybersecurityeducation.org/careers/
☞ https://www.burning-glass.com/wp-content/uploads/2020/10/
Fastest_Growing_Cybersecurity_Skills_Report.pdf
☞ https://www.forbes.com/sites/louiscolumbus/2020/11/01/wha
t-are-the-fastest-growing-cybersecurity-skills-in-2021/?sh=2076
ddd35d73
☞ https://www.cyberinternacademy.com/everything-you-need-to
-know-about-if-cybersecurity-is-the-career-for-you/
☞ https://www.bls.gov/ooh/computer-and-information-technolo
gy/information-security-analysts.htm#tab-1

Computer Network Security 64
 Thank you!

Follow us

isfcr.pesu www.isfcr.pes.edu ISFCR
 Welcome to
PES University
Ring Road Campus, Bengaluru
Computer Network Security
UE21CS343AB6
Prof. Prasad H B,
Prof. Preet Kanwal

Lecture 3
 Emergency Exit Assembly Point Washroom

No Chatting Phones on silent No Sleeping

Computer Network Security 3
A Note on Security

☞ In this course, you will be exposed to information about security problems
and vulnerabilities with computing systems and networks.
☞ To be clear, you are not to use this or any other similar information to test
the security of, break into, compromise, or otherwise attack, any system or
network without the express consent of the owner.
☞ In particular, you will comply with all my instructions when doing the labs.
My instructions are in consonance with applicable laws of India and PES
University policies.
If in any doubt, please consult your professor!
☞ Any violation is at YOUR RISK!
And may result in severe consequences.
Computer Network Security 4
Outline (Unit 1)

☞ Introduction to Network Security Basics
☞ Introduction to Network Security Attacks
☞ Packet Sniffing and Spoofing
☞ Sending/Receiving Packets
☞ Sniffing Packets
☞ Sniffing Packets – Raw Sockets
☞ Sniffing Packets – PCAP API

Computer Network Security 5
 Network Security Essentials
Introduction to Network Security Basics

Preet Kanwal
Department of Computer Science and Engineering
Computer
ISFCR Executive
NetworkEducation
Security 6
Outline - Introduction to Network Security Basics
Introduction to Network Security Basics
IP address
NAT
Public IP vs Private IP
Network interfaces
TCP/IP model
Packet Construction & its Journey
NIC
Packet Sending Tools
Socket Programming
Endianness(Byte Order)

Computer Network Security 7
What is a Network?

Two or more devices connected together.
Communicate with each other, share data or resources
Computer Network Security 8
 IP Addresses

An IP address identifies a network or device on the internet.

IP addresses let computers and devices communicate with one another over
the internet.

IP addresses are assigned to every type of network device. It could be an IP
camera, a laptop, a desktop device, an IP phone, a cell phone on a wireless
network, computer servers, or websites. Even children’s toys that are
internet connected will have an IP address assigned to them.

Computer Network Security 9
Types of IP Addresses

Computer Network Security 10
NAT- Network Address Translation
Every computer needs IP address to connect to the network.
IPV4 addresses ran out many years ago and that was the main reason for IPV6.
But before IPV6 gets widely adopted, NAT technology was introduced and most of you are
probably using it everyday.
NAT aided in gradual move from IPv4 to IPv6.

Computer Network Security 11
 Private IP Addresses
Home routers have their local address set to a default,
private IP address number. It’s usually the same address for
the other models from that manufacturer, and it can be seen
in the manufacturer’s documentation. Example :
Linksys routers use 192.168.1.1
D-Link and NETGEAR routers are set to 192.168.0.1
Cisco routers use either 192.168.10.2, 192.168.1.254
or 192.168.1.1
Belkin and SMC routers often use 192.168.2.1
Private IP address is just for you, your router and your internal
network.
Private IP addresses are :
Non-routable
Untrackable

Computer Network Security 12
Range of Private IP Addresses
The organizations that distribute IP addresses to the world reserves a range
of IP addresses for private networks.

Class Range # of IP Default First Octet in High-Order
addresses Subnet Mask Decimal Bits
A 10.0.0.0 – 10.255.255.255 16,777,216 255.0.0.0 or 1 – 126 0
10.0.0.0/8

B 172.16.0.0 – 172.31.255.255 1,048,576 255.255.0.0 or 128 – 191 10
172.16.0.0/16

C 192.168.0.0 – 192.168.255.255 65,536 255.255.255.0 or 192 – 223 110
192.168.0.0/24

This slash notation is sometimes called CIDR
(classless interdomain routing) notation.

Computer Network Security 13
Network Interfaces
Can you use Ethernet and Wi-Fi at the same time?

Computer Network Security 14
Network Interfaces
Possible in some systems – must change the system settings

Computer Network Security 15
Network Interfaces

Computer Network Security 16
 Network Interface/ Network Adapter/ Network Controller
A computer connects to a network using a piece of hardware* called
Network Interface Card (NIC).
Ethernet and Wifi are two standard types of NIC.
Each NIC connects a computer to one network.
A device can multiple NICs (like router and the example presented in
slides)
Technically, IP addresses are not assigned to a computer, they are
assigned to NICs, one for each network.
NIC (Network Interface Card) is a physical or logical link between a machine
and a network.
Each NIC has a MAC address.
Hence, if a computer has multiple NICs, it may have
multiple IP addresses and multiple MAC addresses
* In modern systems, NICs can be software example : Virtual network interface
Computer Network Security 17
Network Interfaces

Computer Network Security 18
Virtual Network Interface
When you use a virtual machine, you must set up virtual hardware to
interact with the machine. For example,
o you expose some of your physical memory to act as virtual
memory
o you can expose folders to act as virtual drives.
Similarly, we can provide the guest/virtual machine with a virtual
network adapter/interface so that it can access the internet through
our host’s network adapter. There are different types of virtual
network adapters, including:
1. NAT adapters
2. Bridged adapters
3. Host-Only adapters
Computer Network Security 19
 Virtual Network Interface
Network Address Translation (NAT) Adapters: The NAT adapter will give access to your VM as if it
were the host, making use of the same address. This is similar to having multiple computers on a
home network, which communicate with each other using different addresses (eg. 192.168.1.11
and 192.168.1.15) and all communicate with the internet using the same address (eg.
172.119.27.80)

Bridged Adapters: Bridged adapters lets the VM simulate being a distinct node on the network.
This means that a VM will communicate externally using a different address than the host (eg.
172.119.27.80 and 172.119.27.85). It is unlikely you can use this adapter on home networks as
they typically only allow one external IP address.

Host-Only Adapters: Host-Only adapters network the host and VM directly. Any other VMs
running on the host will also be connected. These adapters are an easy way to communicate
between VMs and experiment with networked machines.

Computer Network Security 20
Virtual Network Interface
Host-only only permits network operations with the Host OS. In the default
configuration, a virtual machine in a host-only network cannot connect to the Internet.
If you install the proper routing or proxy software on the host system, you can establish
a connection between the host virtual network adapter and the physical network
adapter in the host system.

One can connect to internet with Bridged and NAT mode

NAT mode will mask all network activity as if it came from your Host OS, although the
VM can access external resources.

Bridged mode replicates another node on the physical network and your VM will
receive it's own IP address if DHCP is enabled in the network.

Computer Network Security 21
Other examples of Virtual Network Interface

Loopback Interface : IP address 127.0.0.1
Dummy Interface
TUN Interface

Computer Network Security 22
Basic Commands
Check IP address, MAC address, Network Interfaces on Linux–
ifconfig or
ip addr show
Get IP address from a host name – dig www.example.com

Computer Network Security 23
OSI Reference Model vs TCP/IP Model

The socket layer acts as the interface to and from
the application layer to the transport layer.

Computer Network Security 24
Layered Approach

https://0xbharath.github.io/art-of-packet-crafting-with-scapy/networking/l
ayers/index.html

Computer Network Security 25
 Introduction - Packet
When any data has to be transmitted over the computer network, it is
broken down into smaller units at the sender’s node called data packets
and reassembled at receiver’s node in original format.
It is the smallest unit of communication over a computer network.
It is also called a block, a segment, a datagram or a packet.

Computer Network Security 26
 What does a Packet Look Like?
To understand packet filtering, you first have to understand
packets and how they are handled at each layer of
the TCP/IP protocol stack.
At each layer, a packet has two parts: the header and the body. Data Encapsulation
The header contains protocol information relevant to
that layer
The body contains the data for that layer which
often consists of a whole packet from the next layer
in the stack.
Each layer treats the information it gets from the layer above it
as data and applies its own header to this data.
At each layer, the packet contains all of the information passed
from the higher layer; nothing is lost.
This process of preserving the data while attaching a new
header is known as encapsulation.
At the receiver end, process is reversed - Decapsulation.

Computer Network Security 27
 How Packets are sent to the Network

Applications have some data to be sent and uses a
system call socket api() to send data to the kernel
User
Space Socket API
Data along with transport layer header(dest port is fixed
Protocol Stack = Transport Layer + Network Protocol Stack and source port is set by the OS)is passed to Network
Layer layer which adds the IP header (adds dest and src IP addr)

Link Level Driver
Data Frames are constructed here. Ethernet header
Kernel is added (adds source and dest mac address)_

Network Card Frames passes through wire as signal

Hardware
network packet

Computer Network Security 28
Packet Construction inside Kernel (Journey of a Network Packet)

Computer Network Security
Packet Construction inside Kernel (Journey of a Network Packet)
At the application layer where data is written to the socket by a user program through the
socket interface API.
The Socket layer is responsible for identifying the type of the protocol and for directing the
control to the appropriate protocol specific function.
Transport layer header is added to the data/payload from the application layer.
Destination port number is provided by the Application.
Source port number is randomly selected by the OS.
At the Network/IP layer, IP header is added.
Destination IP is provided by the Application.
Source IP is decided by the OS (depending on which network interface is used
to send out the packets)
Performs Routing
MAC layer header is added at the Data Link Layer :
Source and Destination MAC Address
Majority of this layer is implemented in NIC in hardware
Eventually packet is given to physical layer where it is translated into signals and transmitted.
This layer is implemented inside NIC Hardware.
Computer Network Security
How Packets are Received
NIC (Network Interface Card) is a physical or logical link between a machine and a network
Each NIC has a MAC address.
Every NIC on the network will hear all the frames on the wire.
NIC checks the destination address for every packet, if the address matches the cards MAC
address, it is further copied into a buffer in the kernel.

Computer Network Security
How Packets are Received
Applications only receive packets that are
meant for the CPU and the registered
User port.
Space Socket API

Protocol Stack

Link Level Driver Kernel only receive packets that are meant for the
CPU.

Kerne Kernel buffer DMA transfer of packet to kernel
l memory

Check if destination address matches
Network Card
the card's MAC address.
Hardware
All packets on the network arrive here.
Computer Network Security 32
network packet
How Packets are Received

Dropped if not the
intended recipient

Computer Network Security 33
How Packets are Received - if the machine is a Router
If the comp is a router it forwards the packet to another router. This is done using routing. Router
must select the Network Interface to send out the packet and select the next hop destination. Once
that is decided, the packet is given to MAC layer. Routing table is inside the kernel.

Computer Network Security 34
Packet Sending Tools
Use netcat to send and receive packets:
UDP Server : nc –lnuv example : nc –lnuv 9090
UDP Client : nc –u example : nc –u 10.0.2.13
9090
(For TCP connection, do not use –u option it stands for UDP packets)
Use bash’s pseudo device /dev/tcp and /dev/udp to send packets
echo “Hello there” > /dev/udp//
echo “Hello there” > /dev/tcp//
telnet to send out TCP Packets
telnet
ping to send out ICMP Packets
ping

Computer Network Security 35
 Network Security Essentials
Socket Programming using Python

Preet Kanwal
Department of Computer Science and Engineering
Computer
ISFCR Executive
NetworkEducation
Security 36
What is a Socket

A socket is one endpoint of a two-way communication link between
two programs running on the network. A socket is bound to a port
number so that the Transport layer can identify the application that
data is destined to be sent to.

An endpoint is a combination of an IP address and a port number.

Socket is an interface between Application Layer and Transport Layer

Computer Network Security 37
UDP Client-Server Implementation
Both client and server need to setup the socket
In UDP, the client does not form a connection with the
server like in TCP and instead just sends a datagram.
Similarly, the server need not accept a connection
and just waits for datagrams to arrive.
Datagrams upon arrival contain the address of the
sender which the server uses to send data to the
correct client.

As a client, the application needs to be aware of the
server port to which it needs to connect, and as a
server, the application needs to be aware of the
server port to which it needs to listen. Therefore, the
server needs to bind to an IP address and port so
that the client can connect to it.

https://www.geeksforgeeks.org/udp-server-client-implementation-c/

Computer Network Security 38
UDP Client-Server Implementation using Python

udp_server.py udp_client.py

Computer Network Security 39
 Network Security Essentials
Socket Programming using C

Preet Kanwal
Department of Computer Science and Engineering
Computer
ISFCR Executive
NetworkEducation
Security 40
Socket Programming - Important Functions

sockfd = socket(int domain, int type, int
protocol)

Creates an unbound socket in the specified
domain.
Returns socket file descriptor.

Arguments
domain – Specifies the communication domain
( AF_INET for IPv4/ AF_INET6 for IPv6 )
type – Type of socket to be created
( SOCK_STREAM for TCP / SOCK_DGRAM for UDP
)
protocol – Protocol to be used by the socket
(redundant parameter)

Computer Network Security 41
Socket Programming - Important Functions

int bind(int sockfd, const struct
sockaddr *addr, socklen_t addrlen)

Assigns address to the unbound socket.

Arguments :
sockfd – File descriptor of the socket
addr – Structure in which address(Port
and IP) to be bound to is specified
addrlen – Size of addr structure

Computer Network Security 42
Socket Programming - Important Functions
ssize_t sendto(int sockfd, const void *buf,
size_t len, int flags, const struct sockaddr
*dest_addr, socklen_t addrlen)

Send a message on the socket

Arguments :
sockfd – File descriptor of the socket
buf – Application buffer containing the data
to be sent
len – Size of buf application buffer
flags – Bitwise OR of flags to modify socket
behavior
dest_addr – Structure containing the address
of the destination
addrlen – Size of dest_addr structure

Computer Network Security 43
Socket Programming - Important Functions
ssize_t recvfrom(int sockfd, void *buf, size_t
len, int flags, struct sockaddr *src_addr,
socklen_t *addrlen)

Receive a message from the socket.

Arguments :
sockfd – File descriptor of the socket
buf – Application buffer in which to receive
data
len – Size of buf application buffer
flags – Bitwise OR of flags to modify socket
behavior
src_addr – Structure containing source address
is returned
addrlen – Variable in which size of src_addr
structure is returned
Computer Network Secu