Chapter summary

Subject: security
The OSI security Architecture

Chapter 3: focuses on these concepts:

/
Pages: 1. Security attacks
2. Security Services
3. Security mechanisms
key terms:
²
I. Security attacks: is the action that compromises the security of information owned by individuals or system
or an organization.

There is 2 Types:

1. Passive attack: attempts to learn or make use of information from the system but does not affect system
resources. Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.

The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are release of
message contents and traffic analysis.

a. Release of message: The release of message contents is easily understood. A telephone conversation, an
electronic mail message, and a transferred file may contain sensitive or confidential information.
Solution: cryptography

Questions
b. traffic analysis: Observe the patterns of messages from A to B. Suppose that we had a way of masking the contents of messages or other information
traffic so that opponents, even if they captured the message, could not extract the information from the message. The common technique for
masking contents is encryption. Solution: NAT (network address translation) ,Traffic queue.

2. Active attacks: involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:

a. Masquerade: This attack happens when one entity pretends to be another entity. It involves one of the other forms of active attack.
b. Replay: It involves passive capture of a message and its subsequent the transmission to produce an authorized effect.
c. modification of messages: It means that some portion of the message either altered or is delayed or recorded to produce an unauthorized
effect
d. denial of service (Dos): It prevents the normal use of communication facilities. This attack may have a specific target. Another form of service
denial is the disruption of an entire network either by disabling the network or by overloading it by messages.

Passive attack Active attack

Passive attacks are very difficult to detect Hard to prevent (software, network, hardware
because they do not involve any alteration of the vulnerability)
data.
the sender nor receiver is aware about the attack detect the active attacks earlier and to recover from
any disruption or delays caused by the attacks.
Encryption prevent the success of the passive If the detection has a deterrent effect, it may also
attack contribute to prevention.
Passive Attack is a danger to Confidentiality. Active Attack is a danger to Integrity as well
as availability
the emphasis in dealing with passive attacks is on
prevention rather than detection
 II. Security Services:
Definition of Security Services: according RFC 2828 page 154-155 (Request for comments)

The RFC 2828 defines security services as a processing or communication service that is provided by a system to give a specific kind of protection to
system resources. Security Services implement security policies and are implemented by security mechanisms.

X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the
systems or of data transfers.

X.800 divides these services into five categories and fourteen specific services:

1. AUTHENTICATION: The assurance that the communicating entity is the one that it laims to be.

a. Peer Entity Authentication: Used in association with a logical connection to provide confidence in the identity of the entities connected.
b. Data Origin Authentication: In a connectionless transfer, provides assurance that the source of received data is as claimed.

2. ACCESS CONTROL: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions
access can occur, and what those accessing the resource are allowed to do).

3. DATA CONFIDENTIALITY: The protection of data from unauthorized disclosure.

a. Connection Confidentiality:
b. Connectionless Confidentiality
c. Selective-Field Confidentiality
d. Traffic Flow Confidentiality
4. DATA INTEGRITY: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or
replay)
a. Connection Integrity with Recovery
b. Connection Integrity without Recovery
c. Selective-Field Connection Integrity
d. Connectionless Integrity
e. Selective-Field Connectionless Integrity

5. NONREPUDIATION: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the
communication.
a. Nonrepudiation, Origin: Proof that the message was sent by the specified party.
b. Nonrepudiation, Destination: Proof that the message was received by the specified party.
 III. Security Mechanisms:
The mechanism that is built to identify any breach of security or attack on the organization, is called a security mechanism.

Security Mechanisms are also responsible for protecting a system, network, or device against unauthorized access, tampering, or other security threats. Security
mechanisms can be implemented at various levels within a system or network and can be used to provide different types of security, such as confidentiality,
integrity, or availability.

1. SPECIFIC SECURITY MECHANISMS

Incorporated into the appropriate protocol layer in order to provide some of the OSI security Service:

a. Encipherment: The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent
recovery of the data depend on an algorithm and zero or more encryption keys.
b. Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and
integrity of the data unit and protect against forgery. Access Control: A variety of mechanisms that enforce access rights to resources.
c. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
d. Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange.
e. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
f. Routing Control: Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of
security is suspected.
g. Notarization: The use of a trusted third party to assure certain properties of a data exchange.

2. PERVASIVE SECURITY MECHANISMS: Mechanisms that are not specific to any particular OSI security service or protocol layer.
a. Trusted Functionality: That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy).
b. Security Label: The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource.
c. Event Detection: Detection of security-relevant events.
d. Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system
records and activities.
e. Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.
Tools of active and passive attacks:

a. Wireshark: the tools such as Wireshark and sniff the traffic flowing between the client and the server. a hacker will try to obtain confidential
information, such as usernames and passwords exchanged, while traveling through the network.
b. Cain and Abel is a Windows-based password cracking tool that is effective against Microsoft operating systems. Hackers with this tool can simply
recover the passwords for their target machines.
c. Tcp dump: “tcpdump” is a command-line tool that allows you to capture and analyze network traffic on a Unix or Linux system.
d. John and Ripper: is an Open-Source password security auditing and password recovery tool available for many operating systems. John the Ripper
jumbo supports hundreds of hash and cipher types,
e. Nmap: (Network Mapper) is a powerful open-source tool for network exploration and security auditing. It is designed to discover hosts and services on a
computer network, creating a map of the network's structure. Nmap operates by sending packets to the target hosts and then analyzing the responses it
receives.
f. Ettercap: open-source tool for network analysis and security auditing. It is primarily used for Man-in-the-Middle (MitM) attacks, where the attacker
intercepts and alters the communication between two parties without their knowledge. While Ettercap has legitimate security uses (such as network
troubleshooting and educational purposes), it's important to note that using it without proper authorization is unethical and potentially illegal.

Where we can find This tool:

1. Kali Linux: is a Debian-based Linux distribution specifically designed for penetration testing, ethical hacking, and network security assessments. It comes
pre-installed with numerous security and forensics tools
2. GitHub repositories: is a web-based platform for version control and collaboration. It provides hosting for software development and a range of features
for managing and tracking changes to code.
3. Stack overflow: Stack Overflow is a popular online community and question-and-answer (Q&A) platform focused on programming and software
development. It was created to provide a platform for developers to ask technical questions, share knowledge, and collaborate with others in the
programming community.

Some of the famous attacks:

1. Malware: Malicious software (malware) includes viruses, worms, Trojans, ransomware, spyware, and other harmful programs designed to damage or
gain unauthorized access to computer systems.
2. Phishing: Phishing attacks involve tricking individuals into divulging sensitive information, such as usernames, passwords, or financial details, by posing
as a trustworthy entity through emails, messages, or fake websites.
3. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS): DoS attacks overwhelm a system, network, or website with excessive traffic,
rendering it unavailable. DDoS attacks involve multiple systems coordinating the attack, making it more potent.
4. Man-in-the-Middle (MitM): In MitM attacks, an attacker intercepts and potentially alters the communication between two parties without their
knowledge. This can lead to unauthorized access or the theft of sensitive information.
5. Social Engineering: Social engineering attacks manipulate individuals into divulging sensitive information or performing actions that may compromise
security. This can include pretexting, baiting, and quid pro quo tactics.
6. SQL Injection: SQL injection attacks target web applications by injecting malicious SQL code into input fields, exploiting vulnerabilities and potentially
gaining unauthorized access to databases.
7. Password Attacks: Password attacks include various techniques such as brute force attacks, dictionary attacks, and credential stuffing to gain
unauthorized access to user accounts.
8. Ransomware: is a type of malicious software designed to block access to a computer system or files until a sum of money, or ransom, is paid to the
attacker.

Difference between vulnerability and attack and threat and risk?

• Vulnerability: A weakness or flaw in a system.

• Threat: Any potential danger or circumstance that could exploit vulnerabilities.

• Attack: An actual attempt to exploit vulnerabilities and compromise a system.

• Risk: The likelihood and impact of a potential threat exploiting vulnerabilities.

Understanding and managing these aspects are essential components of effective cybersecurity risk management. Organizations must identify
vulnerabilities, assess potential threats, and evaluate the overall risk to implement effective security measures and risk mitigation strategies.

Difference between Trojan, warm and virus?

Trojan, worm, and virus are all types of malicious software, but they differ in their characteristics and how they propagate. Here are the key differences
between them:

• Trojan: Disguises itself as something legitimate, requires user interaction, and does not replicate on its own.

• Worm: Self-replicates and spreads across networks without user intervention.

• Virus: Attaches itself to a host file, requires human interaction to spread, and often causes harm to files or software.

All three types of malware pose security threats, and effective cybersecurity measures involve protection against Trojans, worms, viruses, and other
malicious software. Regular software updates, antivirus programs, and user education are crucial components of a comprehensive defense strategy.