Skip to main content
Engineering LibreTexts

9.2: What we are trying to Protect

  • Page ID
    89927
  • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    Mainly, we are trying to protect the following items from being compromised:

    • Customer data: It includes the customer related specific information e.g. Name, SSN (Social Security Number), Phone number, address etc.IT Assets and Network Infrastructure: Unauthorized access of hardware (Computers, Scanner, Printers etc.) and Software applications.
    • Financial data: Clients Bank accounts, Credit and debit card information etc.
    • Service availability and Productivity: Continuous access of the resources to the legitimate users
    • Reputation and Brand Image: The company reputation and brand image by avoiding the security breaches.

    9.2.1 What is a Security Breach?

    Any event that results in violation or that compromises the CIA of the system is called security breach. Some security breaches are accidental and some are intentional. Let us talk about the activities that cause the security breaches.

    9.2.2 Activities that cause Security breaches

    There are six (6) main activities through which CIA can be compromised or breached. The details of those activities are described as follows:

    9.2.2.1   Denial of Service (DoS)

    The DoS attack violates the Availability parameter of CIA. In DoS attack, the attacker overwhelms the system with excessive queries and prevent the legitimate users from gaining access of the resources. The DoS attack can be launched using techniques; Logic attack and Flooding. In the logic attack, the attacker use the software flaw to crash or hinder the performance while in the flooding attack, the attacker engages the system with unnecessary queries which makes it unavailable for legitimate users. The flooding attack can be classified into further two types: SYN Flood and Smurf attack.

    • SYN Flood:
      In the SYN flood attack, the attackers exploit the vulnerability of the SYN protocol (TCP/IP) where after receiving the SYN request the server waits for the user’s SYN ACK message. To better understand the SYN flood, firstly, lets understand the SYN protocol: As we know  the TCP is a connection-oriented protocol, where the sender makes connection first before sending any packet. Assume that Alice wants to access a webserver (Á). So, Alice’s computer will send a SYN Request to the Á and now if Á is up then it responds back with SYN ACK and opens a channel and waits for SYN ACK from Alice’s computer. The SYN ACK makes sure that Alice’s computer has received server’s acknowledgment. After receiving SNY ACK from webserver, the Alice’s computer responds back with SYN ACK and then the bi-directional communication starts. The figure 3.1 shows the working of SYN protocol. To launch SYN flood attack, the attacker firstly creates a Botnet (network of computers controlled by the hacker) and use the Botnet to initiate the SYN protocol. After receiving SNY request from the Botnet, the webserver responds back with SYN ACK and then waits for SYN ACK. The Botnet doesn’t respond the server back but instead initiate a new SYN protocol and again after receiving SYN ACK, none of them respond the server back. The attacker repeats this process again and again unless the server runs out of resources and becomes unavailable for legitimate users. The figure 9.2 typical three way handshake.

    Screen Shot 2022-10-31 at 5.12.59 PM.png

    Figure \(\PageIndex{1}\): Three Way handshake (SYN Protocol) ("Information Security" by Umar Khokhar Binh Tran is licensed under CC BY 4.0)

     

     

    Screen Shot 2022-10-31 at 6.12.42 PM.pngFigure \(\PageIndex{1}\): SYN Flood ("Information Security" by Umar Khokhar Binh Tran is licensed under CC BY 4.0)

    • Smurf attack:
      In smurf attack model, the attacker first joins the network with which the target is connected. The attacker then impersonates as target’s computer and broadcast a ping packet to all connected nodes. When this ping packet arrives to the nodes, then they will start responding back to the target’s computer (even though it did not request for it). The attacker repeats this process unless the victim’s computer overwhelms.

    9.2.2.2: Distributed Denial of Service (DDoS)

    The Denial of Service attack which is launched through multiple points (nodes) is called Distributed Denial of Service (DDOS). In the DDOS attack model, the attacker uses Zombies and Botnet. The Zombie is a computer which is controlled by hacker remotely while the Botnet is the network of Zombies.

    9.2.2.3: Unacceptable Web Browsing

    The unacceptable web surfing can also cause security breaches. The following actions come under unacceptable web browsing:

    Violation of organization Acceptable Use Policy (AUP) Visiting Prohibited Websites Trying to access files/directories that you are not supposed to access.

    9.2.2.4 Wiretapping

    The attackers can tap the telephone lines and data communication lines both actively and passively (Sniffing) . The active wiretapping can be further classified into two types:

    • Between the lines: Active wiretapping, the attacker adds additional information and doesn’t modify the original message.
    • Piggyback: The attacker completely modifies the message contents.

    The most widely used tools for sniffing are Wireshark and Dsniff.

    9.2.2.5 Backdoors

    Software that includes hidden access methods are called backdoors. For example, Rootkits are the malicious software that opens the backdoor of the target computer to let the back traffic in or can turn off firewall/antivirus.

    9.2.3 Additional Security challenges

    There are some other security challenges that can also cause security breach:

    • Spam: Unwanted emails and mostly the carrier of malware.
    • Spim: Unwanted Instant Messages
    • Hoax: is some act intended to deceive or trick the receiver.
    • Cookies: is a small text file that contains user preferences, user related specific information e.g. User name, password, address, credit card number etc. The web browsers allow the webservers to store a cookie on user’s hard drive.

    9.2: What we are trying to Protect is shared under a not declared license and was authored, remixed, and/or curated by LibreTexts.

    • Was this article helpful?