Information and System Security

UNIT 13 Information and System Security

Structure
13.0 Introduction
NOTES
13.1 Unit Objectives
13.2 Meaning of Information and System Security
13.2.1 Importance Information and System Security

ST
13.3 Goals of Network Security
13.3.1 Confidentiality
13.3.2 Integrity

O
13.3.3 Availability
13.3.4 Accountability/non-repudiation

P
13.3.5 Authentication
13.4 Type of Security Threats

-D R
13.4.1 Access Threats
13.4.2 Modification Threats

O
13.4.3 Denial of Services Attack
13.4.4 Repudiation Threats

V
AF PY
13.5 Sources of Security Threats
13.5.1 Security Threats due to System Design
13.5.2 Software Security Holes
DR O

13.5.3 Hostile software

13.5.4 Physical Security Threats
13.5.5 Human Errors
C

T
13.6 Countermeasures to Ensure Security
13.6.1 Access Control
T

13.6.1.1 Hardware-based Access Control Systems

13.6.1.2 Password Schemes
NO

13.6.1.3 Firewalls: A Special Access Control Mechanism

13.6.2 Software Vulnerability Control
13.6.2.1 Running Virus Scan Software
13.6.2.2 Update Software Security Patches
DO

13.6.2.3 Approved Software

L

13.7 Cryptography
NA

13.7.1 Types of Cryptographic Algorithms

13.7.1.1 Secret Key Cryptography
13.7.1.2 Public-Key Cryptography
13.7.1.3 Hash Functions
FI

13.8 Conclusion
13.9 Key Terms
13.10 Questions and Exercises
13.11 Further Reading and References Management Information
System: 181
Information and System Security
13.0 Introduction
Information has emerged as one of the most critical assets of any organization in
modern world. It is thus very important to secure information in order to ensure
NOTES
commercial viability and effectiveness of an organization – irrespective of its nature
and size. This unit begins with discussion on why it is important to secure information
and information systems. The unit continues by examining the value that can be

ST
placed on information as an organisational asset. The unit further goes on to explain
the major security threats and how they can be countered.

O
13.1 Unit objectives

P
Upon completion of this unit, you should be able to:

-D R
• Understand what information security is and how it came to mean what it
does today.

O
• Comprehend the history of computer security and how it evolved into
information security.

V
• Understand the key terms and critical concepts of information security as
AF PY
presented in the chapter.
• Outline the phases of the security systems development life cycle
• Understand the role professionals involved in information security in an
DR O

organizational structure.
C

T
13.2 Meaning of Information and System Security
T

Information Systems are now an integral part of any enterprise today. It has now
NO

become critical for the success of any enterprise that these information systems
function flawlessly and process the valuable organizational data into invaluable
information. It is this very importance attached to the information which may result
into attempts to steal, misuse, disrupt or destroy the information system and other
components attached to it. Some attacks may be planned and specifically targeted,
DO

whereas others may be opportunistic, resulting from eavesdropping activities. It is

L

thus very important for the organization to take every possible step to guard their
NA

information and information systems from such threats.

An information security threat can be defined as any condition that may result or is
having the potential to result in a condition that might lead to loss, misuse, fraud,
misrepresentation, destruction, modification or denial of data and other information
FI

processing resources that may cause financial or operational hardships to the parties
to the information system. It is very important to analyze these security threats and
device proper policies to secure the information systems and data.

Management Information
System: 182
13.2.1 Importance Information and System Security Information and System Security

Some of the reasons why organizations need to devise effective information and
system security strategies may include the following:
1. Security breaches can be very expensive in terms of business disruption and NOTES
the financial losses that may result.
Check your progress
2. Increasing volumes of sensitive information are transferred across the internet • What is a security threat?

ST
or intranets connected to it.
3. Directors of business organizations are increasingly required to provide
effective information security.

O
4. For an organization to achieve the level of security that is appropriate and at
a cost that is acceptable, it must carry out a detailed risk assessment to

P
determine the nature and extent of existing and potential threats.
Countermeasures to the perceived threats must balance the degree of security
to be achieved with their acceptability to system users and the value of the

-D R
data systems to be protected.

O
13.3 Goals of Network Security

V
Information system, in modern day context, can broadly be defined as a system of
AF PY
computing infrastructure – including hardware, software, data and resources – that
capture, store, process and present information. These information systems and the
embedded information that they contain are critical for enterprise performance and
DR O

must be protected. Information system security generally consists in ensuring that

an organization’s information resources and related infrastructure are used only for
their intended purposes. Information and system security strives to achieve following
C

T
main goals.
13.3.1 Confidentiality
T

Confidentiality is the property that ensures that the information or the data stored on
the enterprise’s information infrastructure or transmitted through it is available to
NO

authorized systems or individuals only. For example, an online transaction may

require the payment to be made through a credit card. This requires the credit card
number to be transmitted from the buyer to the seller and from the seller to an online
transaction processing servers on the network. The entire process may enforce
DO

confidentiality by encrypting the card number during transmission, by limiting the

L

places where it might appear (in databases, log files, backups, printed receipts, and
NA

so on), and by restricting access to the places where it is stored. If an unauthorized

party obtains the card number in any way, a breach of confidentiality has occurred.
13.3.2 Integrity
Integrity refers to verifying that the data is not modified without requisite permissions
FI

- accidentally or intentionally. This includes modification of data stored on the

organization’s computing infrastructure as well as that of the data transmitted and
received by such system. This means that data cannot be modified without
authorization. Integrity is violated when an employee accidentally or with malicious
intent deletes important data files, when a computer virus infects a computer, when Management Information
an employee is able to modify his own salary in a payroll database, when an System: 183
Information and System Security unauthorized user vandalizes a web site, when someone is able to cast a very large
number of votes in an online poll, and so on.
13.3.3 Availability
NOTES The main objective of availability is to guarantee access to a service or resources.
For any information system to serve its purpose, the information must be available
Check your progress when it is needed. This means that the computing systems used to store and process
• List basic goals of security. the information, the security controls used to protect it, and the communication channels

ST
used to access it must be functioning correctly. High availability systems aim to
remain available at all times, preventing service disruptions due to power outages,
hardware failures, and system upgrades.

O
13.3.4 Accountability/non-repudiation
This refers to the provisions that guarantee that none of the parties involved in an

P
operation can deny the operation at a later date. The parties to the information
systems may use digital signatures and encryption to ensure non-repudiation and

-D R
establish accountability of the transacting parties.
13.3.5 Authentication

O
Authentication consists in confirming a user’s identity, i.e. guaranteeing for each
party that their partners are truly who they think they are by proving controlled

V
access. An access control (e.g. an encrypted password) grants access to resources
AF PY
only to authorized individuals.

13.4 Type of Security Threats

DR O

The biggest problem with information and system security is that you cannot create
a full secure system. There are some things about information systems and the
C

T
computing infrastructure which change over time, sometimes very rapidly over a
very short period of time. For instance, two years ago “phishing” was largely unheard
of. Before that, wireless network security was not on the radar. Now these are
T

common, everyday security concerns. But, there are also aspects of security which
NO

more or less transcend time and remain as core fundamentals even while the rest of
the technology changes.
There are four primary categories of threats to computer networks:
• Access
• Modification
DO

• Denial of service
L

• Repudiation
NA

We will cover each of these in detail in the following sections.

13.4.1 Access Threats
An access attack is primarily directed towards gaining unauthorized access to the
FI

information. This unauthorized access may be by hacking into storage areas of the
information or may exist during the course of transmission. This can be achieved by
capturing any data while travelling across the network by using Network capture
programs that can capture data in a network (some network vendors provide these
programs) or Sniffers which are electronic devices that can intercept and capture
Management Information electronic messages.
System: 184
These attacks are directed towards the breach of confidentiality. The main threats Information and System Security
that can be grouped under this category are:
• Snooping: Snooping is looking through information files at a particular location
in the hope of finding something interesting. Network snooping is one of the
NOTES
most serious threats to corporations. As the network is a shared media, data
packets go everywhere within the network as they transmit from the origin to
the destination. Due to this shared nature of the network, data packets are

ST
vulnerable to snooping/sniffing.
• Eavesdropping: Eavesdropping is another security risk posed to information.
Because of the way some networks are built, anything that gets sent out is

O
broadcast to everyone. Under normal circumstances, only the computer that
the data was meant for will process that information. However, some computer

P
programs can capture all data being broadcast over the network. By carefully
examining the data, hackers can often reconstruct real data that was never
meant for them. Some of the most damaging things that get sniffed include

-D R
passwords and credit card information.

O
• Interception: Interception is another form of access threat to the computer
networks but unlike eavesdropping, interception is an active attack against
the information. When an attacker intercepts information, she is inserting

V
AF PY
herself in the path of the information and capturing it before it reaches its
destination. After examining the information, the attacker may allow the
information to continue to its destination or not.
DR O

13.4.2 Modification Threats

As the name suggests the modification threat is any unauthorized attempt to modify
information. The data storage areas are the most susceptible targets for such attacks.
C

T
However, the data in transit is also not safe from such attacks. Such attacks are
primarily directed against the integrity of the information. The main modification
security threats are:
T

• Changes: One type of modification attack is to change existing information,

NO

such as an attacker changing an existing employee’s salary. The information

already existed in the organization but it is now incorrect. Change attacks
can be targeted at sensitive information or public information.
• Insertion: Another type of modification attack is the insertion of information.
DO

When an insertion attack is made, information that did not previously exist is
L

added. This attack may be mounted against historical information or

information that is yet to be acted upon. For example, an attacker might
NA

choose to add a transaction in a banking system that moves funds from a

customer’s account to his own.
• Deletion: A deletion attack is the removal of existing information. This could
FI

be the removal of information in a historical record or in a record that is yet to

be acted upon. For example, an attacker could remove the record of a
transaction from a bank statement (thus causing the funds that would have
been taken from the account to remain).

Management Information
System: 185
Information and System Security 13.4.3 Denial of Services Attack
A “denial-of-service” attack is characterized by an explicit attempt by attackers to
prevent legitimate users of a service from using that service. Examples include
NOTES 1. attempts to “flood” a network, thereby preventing legitimate network traffic
2. attempts to disrupt connections between two machines, thereby preventing
access to a service

ST
3. attempts to prevent a particular individual from accessing a service
4. attempts to disrupt service to a specific system or person
Not all service outages, even those that result from malicious activity, are necessarily

O
denial-of-service attacks. Other types of attack may include a denial of service as a
component, but the denial of service may be part of a larger attack.

P
Illegitimate use of resources may also result in denial of service. For example, an
intruder may use your anonymous ftp area as a place to store illegal copies of

-D R
commercial software, consuming disk space and generating network traffic

O
Denial-of-service attacks come in a variety of forms and aim at a variety of services.
There are three basic types of attack:
1. Consumption of scarce, limited, or non-renewable resources

V
AF PY
2. Destruction or alteration of configuration information
3. Physical destruction or alteration of network components
Denial-of-service attacks can result in significant loss of time and money for many
DR O

organizations. It is strongly recommended to the organizations to consider the extent

to which they can afford a significant service outage and to take steps commensurate
C

T
with the risk.
13.4.4 Repudiation Threats
T

Repudiation is an attack against the accountability of the information. Repudiation is

an attempt to either provide false information or to claim that an event occurred
NO

when actually it did not happened. This can mean that repudiation threats can come
from actual parties involved in exchange of information or by someone impersonating
an innocent user’s credentials. As such there are two main threats which can be
clubbed under repudiation threats.
DO

• Masquerading: Masquerading is an attempt to act like or impersonate

L

someone else or some other system. This attack can occur in personal
NA

communication, in transactions, or in system-to-system communications.

• Denying an Event: Denying an event is simply disavowing that the action
was taken as it was logged. For example, a person makes a purchase at a
store with a credit card. When the bill arrives, the person tells the credit card
FI

company that he never made the purchase.

13.5 Sources of Security Threats

The sources of threats to the information systems can be multiple. The issues is
Management Information
System: 186 accentuated due to fact that the information systems are usually implemented over a
network of computers situated at different locations. This is a major challenge in Information and System Security
ensuring security as this means that the security systems in an information system
needs to be distributed over different locations to be effective. Moreover there are
many other vulnerabilities that could be inherent in the basic architecture of the
information systems that may leave them open to multiple forms of the threats. Further, NOTES
threats to the information systems may come from internal as well as external sources. Check your progress
• List four basic types of
13.5.1 Security Threats due to System Design security threats. Also list

ST
their sub-types, if any.
The very design that has organized different loose components into a coherent system
of computing devices for an information system can pose the threat to its security. A
lack of unambiguous system blueprint, new developments and subsequent additions

O
of components to the system as a response to changed needs or deficiencies may
render the information system open to security loopholes and resultant vulnerabilities.

P
Inconsistencies may arise due to attempts to interconnect incompatible components
which might be deemed to be useful by the designer or the users of the information

-D R
system. Such practices may leave the system to some serious security loopholes.
Problems like these become very difficult to isolate once they are implemented and

O
put to routine use.
The problem is compounded by the current tendency in favoring open-source

V
AF PY
applications which may add to the plight of the security specialists. The open source
applications, and the tendency of the system designers to make the system user-
friendly and easy to serve as many users as possible, has attracted all sorts of
people who may try to exploit the loopholes and vulnerabilities of the system design
DR O

for personal gratifications.

13.5.2 Software Security Holes
C

T
Apart from the security vulnerabilities due to badly designed and maintained systems,
the software used on various computer systems hooked on to the information system
T

and those used to govern the transmission of data (protocols) can also be sources of
security threats to the information systems.
NO

The weaknesses in the communication protocols can leave an information system to

security threats. IP spoofing is one such threat. Also the data packet transmitted
between devices on the network can be intercepted and their contents altered due
to such limitations of the communication protocols. Other threats arising out of ill-
DO

designed and ill-deployed communication protocols are session attacks, packet sniffing,
L

buffer overflow, session hijacks and denial of services attacks.

NA

One of the biggest threats to the computer systems from software front comes from
the operating systems and other software packages that communicate over these
networks.
13.5.3 Hostile software
FI

Hostile software programs may have several different types of functions. These
functions may cause damage or allow unauthorized access to be gained allowing the
program to be spread or information may be compromised. These are some functions
that hostile software may perform:
Management Information
• Damaging operating systems. System: 187
Information and System Security • Damaging or destroying data.
• Sniffing the network for any data or passwords.
• Installing itself or some other hostile software on computer systems for later
NOTES use.
• Acquisition of unencrypted passwords on the network.
• Forwarding compromised information to hostile parties through the firewall.

ST
• Harvesting e-mail addresses.
• Putting unsolicited advertisements on infected computer systems. These
programs are called adware and may come with other “useful” applications.

O
• Spyware - A type of program that usually comes with a useful application but
sends information to its creator about what the computer user is doing on the

P
internet. Some of these programs creators actually tell the user that the
program comes with ability to see what the user is doing on the internet,
while others do not.

-D R
You should be aware that all types of hostile programs such as viruses and trojans

O
can perform any of the above functions. There is a tendency for viruses to only
damage systems or data, and trojan programs to send compromised data to other
parties, but either type of program can perform any of the functions. This is why all

V
AF PY
unauthorized programs are a very serious matter.
Viruses:Viruses reproduce themselves by attaching themselves to other files that
the used does not realize are infected. Viruses are spread today mainly through E-
DR O

mail attachments. The attachment may be a file that is a legitimate file but the virus
may be attached as a macro program in the file. An example is a Microsoft word
C

file. These files can contain macro programs which can be run by Microsoft Word.
T
A virus may infect these files as a macro and when they get on the next user’s
computer, they can infect other files. These virus programs normally take advantage
T

of a security vulnerability of the running application. In the case of this example a

Microsoft Word macro permission security vulnerability is exploited. Viruses can
NO

directly affect executable files or Dynamic Link Library (.dll) files that the operating
systems and applications use to run. Usually the virus will spread before it will do
anything that may alert the user to its presence.
Trojan Horse Software: The name “Trojan horse” comes from the historical incident
DO

where the Greeks built a horse statue as a tool to take the city of Troy. They hid
L

soldiers inside the horse statue. The people of Troy thought that they were victorious
NA

and the gods had given them the horse as a gift, they pulled the horse inside the city.
At night the soldiers inside the horse snuck out and opened the gates of the city
letting the main Greek army into the city. Similarly, the users are lured into installing
a software using some functional bait while hiding the true malicious and hostile
FI

nature of the software.

13.5.4 Physical Security Threats
Physical security threats represents the threats posed to the hardware and other
physically accessible resources of the information system. This will also include any
Management Information portable storage media and peripherals that may be attached to the information
System: 188 system on temporary or on-demand basis. Some example of physical security threats
include threats due to natural calamities, fire, theft, sabotage.The origin threats might Information and System Security
be accidental in nature or may be due to deliberate attempts. In either case such
threats possess substantial potential to render the information system completely or
partially ineffective.
NOTES
13.5.5 Human Errors
It has been acknowledged by a large number of practitioners as well as theorists
that about half of all the damage caused to information systems or enterprise data is

ST
a result of some form of human error. Some examples of the ways in which human
errors can occur include:
• Inaccurate data entry: Wrong entries or modification of data in the databases

O
used by the information system will result in wrong functioning of the
information systems. Further, proper framing of the contents of the query to

P
retrieve and process data is also important as any incorrect query might
produce error within all of the data manipulated by the query. Although
extreme, significant problems might be caused by adding or removing even a

-D R
single character to a query.

O
• Attempts to carry out tasks beyond the ability of the employee: In
smaller computer-based information systems, a common cause of accidental
damage involves users attempting to install new hardware items or software

V
AF PY
applications. In the case of software applications, existing data may be lost
when the program is installed or the program may fail to operate as expected.
• Failure to comply with procedures for the use of organisational
DR O

information systems: Where organisational procedures are unclear or fail

to anticipate potential problems, users may often ignore established methods,
act on their own initiative or perform tasks incorrectly.
C

T
• Failure to carry out backup procedures or verify data backups: In
addition to carrying out regular backups of important business data, it is also
T

necessary to verify that any backup copies made are accurate and free from
errors.
NO

13.6 Countermeasures to Ensure Security

After the potential sources of threats and the types of damage that can occur have
DO

been identified, putting the proper security policies and safeguards in place becomes
L

much easier. Organizations have an extensive choice of technologies, ranging from

anti-virus software packages to dedicated security hardware, such as firewalls and
NA

intrusion detection systems, to provide protection for all areas of the system.
After such solutions are installed, tools can be deployed that periodically detect
security vulnerabilities in the system providing ongoing, proactive security. In addition,
professional security consultants can be engaged to help design the proper security
FI

solution for the information system or to ensure that the existing security solution is
up to date and safe. With all of the options currently available, it is possible to
implement a security infrastructure that allows sufficient protection without severely
compromising the need for quick and easy access to information.
Management Information
System: 189
Information and System Security 13.6.1 Access Control
A secure information system should allow only the legitimate users of the data and
network to access and utilize the information system resources. This will ensure
NOTES that the basic goals of creating a secure information system (confidentiality, integrity,
availability, non-repudiation and authentication) are realized.
Check your progress
• List various sources of An access control mechanism ensures, along with the pre-defined identification
security threats to

ST
information like passwords and other rules, that only those who are authorized to
information systems.
use the information system resources will be able to access and use them. Based
upon the security policy the access to the information system and its resources can
be controlled implemented using various forms of hardware and software.

O
13.6.1.1 Hardware-based Access Control Systems

P
The need for secured information systems and the rapid advances in technology has
resulted in development of many hardware based access control systems which can
be efficiently put into place to ensure system security. These access systems are

-D R
marked by their openness and flexibility to be adopted over multiple platforms.

O
Following are some of the major tools that can be categorized as hardware based
access control mechanisms.
Access terminal: Terminal access points have become very sophisticated,

V
•
AF PY
and now they not only carry out user identification but also verify access
rights, control access points, and communicate with host computers. These
activities can be done in a variety of ways including fingerprint verification
and real-time anti-break-in sensors. Network technology has made it possible
DR O

for these units to be connected to a monitoring network or remain in a stand-

alone off-line mode.
C

T
• Visual event monitoring: This is a combination of many technologies into
one very useful and rapidly growing form of access control using a variety of
real-time technologies including video and audio signals, aerial photographs,
T

and global positioning system (GPS) technology to identify locations.

NO

• Identification cards: Sometimes called contact cards, these cards have

become very common these days as a means of access control in buildings,
financial institutions, and other restricted areas. The cards come in a variety
of forms, including magnetic, bar coded, contact chip, and a combination of
DO

these. However, with the development of technology contactless cards have

L

also been developed which even removes the need to swipe these cards
through card readers.
NA

• Biometric identification: This is perhaps the fastest growing form of control

access tool today. Some of the most popular forms include fingerprint, iris,
and voice recognition. However, fingerprint recognition offers a higher level
of security.
FI

• Video surveillance: This is a replacement of CCTV of yester years, and it

is gaining popularity as an access control tool. With fast networking
technologies and digital cameras, images can now be taken and analyzed
very quickly, and action taken in minutes.
Management Information
System: 190
13.6.1.2 Password Schemes Information and System Security

Using passwords to restrict the access to the data is one of the simplest and most
common ways to ensure that only those having the permission can access and/or
process the data. Traditionally, the authentication mechanism that has been used for NOTES
computers is the password attached to the user IDs. The identity of the individual is
Check your progress
linked via a user ID that was established by a system administrator. It is assumed
• What is access control?
that the administrator had some proof that the individual receiving the user ID was

ST
in fact the individual being identified.
Passwords alone are a single factor of authentication and thus inherently weak.
Unlike in the physical world, there is no guarantee of the physical presence of the

O
individual. That is why two-factor authentication is advocated for use with computer
systems. A two-factor authentication is generally referred to the mechanisms wherein

P
the passwords are used in combination with certain other authentication tools such
as smart cards or biometric identifications. Such a combination of authentication is

-D R
much more difficult to forge and thus provides a stronger authentication mechanism.
Passwords have a broad range of applications. Here are a few examples of systems

O
that should be secured with a password.
• Workstation

V
AF PY
• An application: e-mail, Word, Excel, etc.
• Server login
• Router (other device) login
DR O

• Web sites
• A PDA (Personal Digital Assistant)
C

T
Some strategies to create effective passwords
• Add complexity by mixing uppercase and lowercase letters and numbers.
T

• Using special characters such as “#”, or “%” also adds to complexity.

• Using numerals also adds complexity to the mix.
NO

• If you’re a phrase collector from movies or songs, you can take a great line and
make it into a password. You can take the phrase: “May the Force Be With You” and
use the first character from each word to create the password “MTFBWY”.
• You can use a number or sign in substitution for a word.
• Test your new password. Password Checker is a non-recording featured by the
DO

Microsoft Website that helps determine your password’s strength as you type.
L

• Avoid sequences or repeated characters. “12345678,” “222222,” “abcdefg,” or

adjacent letters on your keyboard do not help make secure passwords.
NA

• Avoid using only look-alike substitutions of numbers or symbols. But these

substitutions can be effective when combined with other measures, such as length,
misspellings, or variations in case, to improve the strength of your password.
• Avoid your login name. Any part of your name, birthday, social security number, or
similar information for your loved ones constitutes a bad password choice.
FI

• Avoid dictionary words in any language.

• Use more than one password everywhere. It is critical to use different passwords
for different systems.
• Avoid using online storage.
• Don’t reveal your passwords to others.
Management Information
System: 191
Information and System Security • Protect any recorded passwords. Be careful where you store the passwords that
you record or write down.
• Never provide your password over e-mail or based on an e-mail request.
• Change your passwords regularly.
NOTES • Do not type passwords on computers that you do not control.
Check your progress
• What are passwords? Passwords should always be stored in encrypted form and the encrypted passwords
should not be accessible to normal users. For extremely sensitive systems or

ST
• How can you generate
“strong” passwords? information, passwords may not provide sufficient protection. In these cases, dynamic
passwords or some form of two-factor authentication should be used.

O
13.6.1.3 Firewalls: A Special Access Control Mechanism
Firewalls are a special case of network access control mechanisms that can protect
organization’s internal networks from external security threats. The firewalls derive

P
their name from the provisions made in buildings to keep accidental fires from spreading
to other parts of the building. Analogous to this, network firewalls are border security

-D R
products, meaning that they exist on the border between the organization’s internal
network and the external network and ensure that there is no damage or threat to

O
the internal network from the external one.
The computer firewalls are hardware or software, but usually a combination of

V
AF PY
both, that controls the access to a computer by means of denying all data traffic to
the network except that which is explicitly allowed. The permission for the incoming
data traffic can be allowed on the basis of the services requesting the data, the IP
address of the source or destination of the transmission, or the user requesting the
DR O

data. These firewalls can also be configured to log all traffic and can perform a
centralized security management function.
C

T
T
NO
DO

L
NA

Figure 13.1: Firewall

The primary task of the firewalls is to regulate the data traffic. The firewalls may
use one or more of following methods to control traffic flowing in and out of the
network:
FI

Packet Filtering: The most common firewall method is known as packet filtering.
When a packet filter firewall receives a packet from the Internet, it checks information
held in the IP Address in the header of the packet and checks it against a table of
access control rules to determine whether or not the packet is acceptable.
Management Information
System: 192
In this case, a set of rules established by the firewall administrator serves as the Information and System Security
guest list. These rules may specify certain actions when a particular source or
destination IP address or port number is identified. For example, access to a
pornographic web site can be blocked by designating the IP address of that site as a
non-permitted connection (incoming or outgoing) with the users’ computer. When NOTES
the packet filter firewall encounters a packet from the porn site, it examines the
packet. Since IP address of the porn site is contained in the header of the packet, it

ST
meets the conditions that specifically deny such a connection and the web traffic is
not permitted to go through.
Although packet filters are fast, they are also relatively easy to circumvent. One

O
method of getting around a packet filter firewall is known as IP spoofing, in which
hackers adopt the IP address of a trusted source, thereby fooling the firewall into
thinking that the packets from the hacker are actually from a trusted source. The

P
second fundamental problem with packet filter firewalls is that they allow a direct
connection between source and destination computers. As a result, once an initial

-D R
connection has been approved by the firewall, the source computer is connected
directly to the destination computer, thereby potentially exposing the destination

O
computer and all the computers to which it is connected to attack.
Stateful Packet Inspection (SPI): A second method utilized by firewalls is known

V
AF PY
as stateful packet inspection popularly known as SPI. Stateful packet inspection is a
form of super-charged packet filtering. It examines not just the headers of the packet,
but also the contents, to determine more about the packet than just its source and
destination information. It is called a ‘stateful’ packet inspection because it examines
DR O

the contents of the packet to determine what the state of the communication is, that
is, it ensures that the stated destination computer has previously requested the current
C

T
communication. This is a way of ensuring that all communications are initiated by
the recipient computer and are taking place only with sources that are known and
trusted from previous interactions. Such an approach allows relatively unrestricted
T

transmission from within the network, and selective but flexible access from the
outside.
NO

In addition to being more rigorous in their inspection of packets, Stateful inspection

firewalls also close off ports until connection to the specific port is requested. The
SPI Firewall also uses a monitoring algorithm to track individual connections and it is
also enabled to grant open temporary access in the firewall under appropriate
DO

conditions. For example, packets are allowed to pass only if associated with a valid
L

session initiated from within the network. This allows an added layer of protection
NA

from the threat of port scanning.

Proxy Firewalls:Another way implementing firewall is by placing a dedicated
machine to scan and monitor the incoming and outgoing data traffic of an organization.
Such machines are termed as proxies or proxy servers. Traditionally these proxy
FI

servers used to act as the middlemen between the clients in organization’s internal
network and the web servers located outside the purview of the organization’s
network. They were basically used for content filtering and performance enhancement
(such as caching) purposes. But the increasing need of providing security to the
internal networks from external threats, these proxies were started to be used as Management Information
advance firewalls also. System: 193
Information and System Security These proxy firewalls run a very program on themselves that can be secured and
trusted. They act on the behalf of the inside clients and outside servers. No data can
be transmitted out of the internal network or be channeled inside the internal network
without passing through these proxy firewalls. In this kind of setup, the internal
NOTES client and the external server are never in direct communication with each other.
The proxy interacts with the external server with its external address, on the behalf
of the internal client, to send request for the data and uses its internal address, on

ST
behalf of external server, to interact with the internal client to send requested data.
For example, if the internal client has to access a HTTP resource located on an
external server, the client’s software sends a request to the proxy. The proxy then

O
makes a connection with the HTTP server and forwards the request for the resource
from the server on the behalf of the client. The HTTP server reply to the request by
forwarding a copy of the resource requested to the proxy. The proxy then forwards

P
this copy of resource to the internal client requesting the resource. In this fashion all
ongoing traffic between the internal user and the external server is being routed

-D R
through the proxy.

O
Since only the proxy is visible to the outside network, the stringent security measures
can be implemented it to protect it from external threats. Proxy servers are usually
dual-homed, that is, there are no direct connections between the internal users and

V
AF PY
the external servers and that there is no IP forwarding. This ensures that the internal
network is always veiled from direct outside access ensuring that there is no passive
fingerprinting (operating system detection by studying default settings of data
packets).
DR O

The proxy firewalls mainly consist of two variants: circuit level gateways or application
level gateways.
C

T
A circuit-level gateway is that form of firewall which blocks all incoming traffic to
any host but itself. Internally, the client machines run software to allow them to
T

establish a connection with the circuit-level gateway machine. To the outside world
it appears that all communication from your internal network is actually originating
NO

from the circuit-level gateway.

A circuit-level gateway monitors the handshaking between packets from trusted
clients or servers to untrusted hosts and vice versa to determine whether a requested
session is legitimate. To filter packets in this way, a circuit-level gateway relies on
DO

data contained in the packet headers for the Internet’s TCP session-layer protocol.
L

The gateway maintains a table of established connections, allowing data to pass

NA

when session information matches an entry in the table. When the session is
completed, the gateway removes the associated entry in the table and closes the
circuit this session used. This ensures that no sessions are left idle and thus vulnerable
to security of the network.
FI

A circuit-level gateway, however, does have one inherently vulnerable characteristic.

Once a circuit-level gateway establishes a connection, any application can run across
that connection because a circuit-level gateway filters packets only at the session
layer of the OSI model. In other words, a circuit-level gateway cannot examine the
Management Information application-level content of the packets it relays between a trusted network and an
System: 194 untrusted network. Because a circuit-level gateway does not filter individual packets
but blindly relays packets back and forth across established connections, a hacker Information and System Security
on an untrusted network could possibly slip malicious packets past the gateway. The
hacker could then deal directly with an internal server, such as a WWW server,
which may not be as carefully monitored or configured as the firewall itself.
NOTES
Another method of implementing firewalls using proxy servers is by using
Application-level Gateways. Like a circuit-level gateway, an application-level
gateway intercepts incoming and outgoing packets, runs proxies that copy and

ST
forward information across the gateway, and functions as a proxy server, preventing
any direct connection between a trusted server or client and an untrusted host.
However, the proxies that an application-level gateway runs differ in two important

O
ways from the pipe proxies that a circuit-level gateway uses:
• The proxies are application specific.

P
• The proxies can filter packets at the application layer of the OSI model.
Application-specific proxies accept only packets generated by services they are

-D R
designed to copy, forward, and filter. For example, only a Telnet proxy can copy,
forward, and filter Telnet traffic. If a network relies only on an application-level

O
gateway, incoming and outgoing packets cannot access services for which there is
not a proxy. For example, if an application-level gateway ran FTP and Telnet proxies,
only packets generated by these services could pass through the firewall. All other

V
AF PY
services would be blocked.
An application-level gateway, unlike a circuit-level gateway, runs proxies that examine
and filter individual packets, rather than simply copying them and blindly forwarding
DR O

them across the gateway. Application-specific proxies check each packet that passes
through the gateway, verifying the contents of the packet up through the application
layer (which is the highest layer) of the OSI model. These proxies can filter particular
C

T
kinds of commands or information in the application protocols the proxies are designed
to copy, forward, and filter.
T

An application-level gateway is one of the most secure firewalls available, but many
users claim that the security an application-level gateway offers has a drawback—
NO

lack of transparency. Ideally, an application-level gateway would be as transparent

as it is secure. Users on the trusted network would not notice that they were
accessing Internet services through a firewall. However in reality, users often
experience delays or must perform multiple logins before they are connected to the
Internet or an intranet via an application-level gateway.
DO

13.6.2 Software Vulnerability Control

NA

A software vulnerability is some defect (commonly called a “bug”) in software

which may allow a third party or program to gain unauthorized access to some
resource. Software vulnerability control is one of the most important parts of
information system and network security for the following reasons:
FI

• Virus programs use vulnerabilities in operating system and application software

to gain unauthorized access, spread, and do damage.
• Intruders use vulnerabilities in operating system and application software to
gain unauthorized access, attack other systems, and do damage.
• Some software itself may be hostile as discussed earlier. Management Information
Most unauthorized access would then most likely be done by employees of the System: 195
Information and System Security organization or the unauthorized access would be due to very sloppy firewall
administration or user error.
There are several countermeasures that may help ensure that unauthorized and
NOTES possibly hostile software does not run on your systems. These countermeasures
also limit the scope of the vulnerability. These countermeasures include:
Check your progress
• How does a firewall control • Run virus scan software on every organizational computer and update the
access to information virus scan database at least twice per week. Perform a full scan at least

ST
resources on a computer
network? once per week.
• Keep software security patches updated - Get on computer security advisory
mailing lists and update applicable software. With some systems such as

O
Windows systems you can set up a server to automatically update systems
on your network. One way to do thin in Windows 2000 systems and above is

P
to use a systems update server (SUS) and set your Windows domain policies
to have all computers regularly updated with approved updates as they are

-D R
released by Microsoft.
• Only allow approved software to be run on your computer systems so hostile

O
trojan programs are not run. This may involve locking your users down so
they cannot install software on their computer systems.

V
• Limit services on all servers and workstations to the minimum required. Be
AF PY
sure the network administrator is aware of all operating services especially
on all servers.
• Run vulnerability scanners both inside and outside your network to find
DR O

computers with vulnerabilities so you will know which ones need patched.
The cost of this should be weighed against the security need.
C

T
13.6.2.1 Running Virus Scan Software
Virus scan software should be run on every computer within the organization. This
will detect known viruses when they attempt to infiltrate the system if the virus scan
T

software is setup correctly. However, it should be kept into consideration that virus
NO

scan software can only detect viruses that are defined in their database. This raises
at least two concerns:
• Viruses not defined in the virus scan software will not be identified and stopped
by the scanner.
DO

• In order to keep virus scan software effective, it is must that the virus database
L

is updated at regular intervals so as new viruses are discovered, they will be

found by your virus scanner programs.
NA

To be most effective, virus scanner programs should be set up to do the following:

• Perform regular weekly or monthly scans of the entire computer system’s
local drives.
FI

• Scan all files when a scan is performed and donot allow any exclusions of
any directories such as the Recycle Bin.
• Be sure to prompt for user action when a virus is found. This way the user is
more likely to be aware of where the virus came from and they can call for
Management Information expert’s assistance if required.
System: 196
 • Set the system to scan files when a file is run, copied, renamed or created. Information and System Security

• Set up e-mail scanning to scan e-mail attachments. This can also be done at
the firewall, but should be done at least either at the firewall or on all client
computers. Scanning at both locations may be a good idea, if it is feasible.
NOTES
• Scanning of the web content for hostile content either at the firewall or client
Check your progress
computer depending on your setup. It should be kept in mind that scanning • How to ensure that your
for hostile e-mail or web content on the firewall may overburden the firewall. virus scan software remain

ST
effective
All virus incidents should be logged for future reference.
13.6.2.2 Update Software Security Patches

O
There are a wide variety of reasons for which the vendors or developers of software
routinely release updates for their software. Software updates, occasionally referred
to as patches, may be to address certain performance issues or might be to improve

P
the stability of the software. Many a times these patches are meant to plug security
holes (also known as bugs) that the developer of the software have identified or are

-D R
brought to their notice. These bugs leave the software vulnerable to the attacks by
hostile software or unauthorised access. It is thus very important to keep all of your

O
software – including operating system, application software and drivers – updated
to the latest versions.

V
AF PY
Patches can be installed on the individual computers linked to the information system
or may be applied via server from where the updates can be loaded the next time
users boot or use the applications.
DR O

13.6.2.3 Approved Software

Only approved software should be operated on the organization’s network. This is
C

so hostile programs cannot gain access to the network. As earlier discussed, hostile
T
programs may be written with some useful functionality, but may perform a hidden
task that the user is not aware of (for example Trojan horses). The ways to help
T

determine whether a program is hostile may include:

• Does the progam come from a reliable source?
NO

• Is there proof that the program came from the source such as a digital
signature?
• If the source code is available for the program, the code may be checked to
be sure there is no hostile content.
DO

• A reliable third party may be able to check out the software and certify that
it is safe.
NA

• Does the author of the program attempt to hide their identity? If the author of
the program attempts to hide their identity then there may be reason for
suspicion. If the program author does not hide their identity and can be
reached, it is less likely that the program is a hostile program.
FI

• Has this program been run by other people or organizations for some period
of time with no adverse consequences?
Some of the above issues are not proof that a program is safe, but are merely
indicators. As mentioned earlier, computer security is not an exact science and it is Management Information
a matter of reducing the chance of an intrusion. Probably the best method of being System: 197
Information and System Security sure of the reliability of a program is to allow a reliable third party to check the
program.

13.7 Cryptography
NOTES
Until modern times, cryptography referred almost exclusively to encryption, the
process of converting ordinary information (plaintext) into unintelligible gibberish

ST
(i.e., ciphertext). Decryption is the reverse, moving from unintelligible ciphertext to
plaintext. A cipher (or cypher) is a pair of algorithms which creates the encryption
and the reversing decryption. The detailed operation of a cipher is controlled both by
the algorithm and, in each instance, by a key. This is a secret parameter (ideally,

O
known only to the communicants) for a specific message exchange context. Keys
are important, as ciphers without variable keys are trivially breakable and therefore

P
less than useful for most purposes. Historically, ciphers were often used directly for
encryption or decryption, without additional procedures such as authentication or

-D R
integrity checks.
Encryption is the transformation of data into some unreadable form. Its purpose is to

O
ensure privacy by keeping the information hidden from anyone for whom it is not
intended, even those who can see the encrypted data. Decryption is the reverse of

V
encryption ; it is the transformation of encrypted data back into some intelligible form.
AF PY
Encryption and decryption require the use of some secret information, usually referred
to as a key. Depending on the encryption mechanism used, the same key might be
used for both encryption and decryption, while for other mechanisms, the keys used
DR O

for encryption and decryption might be different.

But today’s cryptography is more than secret writing, more than encryption and
C

T
decryption. Authentication is as fundamental a part of our lives as privacy. We use
authentication though out our everyday life, when we sign our name to some document
for instance, and as we move to a world where our decisions and agreements are
T

communicated electronically, we need to replicate these procedures.

NO

But the field of cryptography contains even more when we include some of the
things cryptography enables us to do. With just a few basic tools it is possible to build
elaborate schemes and protocols which allow us to pay using electronic money, to
prove we know certain information without revealing the information itself, and to
DO

share a secret quantity in such a way that no fewer than three from a pool of five
L

people (for instance) can reconstruct the secret.

NA

While modern cryptography is growing increasingly diverse, cryptography is

fundamentally based on problems that are difficult to solve. A problem may be
difficult because its solution requires some secret knowledge, such as decrypting an
encrypted message or signing some digital document, or the problem may be hard
FI

because it is intrinsically difficult to complete, such as finding a message which

produces a given hash value.
So as the field of cryptography has advanced, the dividing lines for what is and what
is not cryptography have become blurred. Cryptography today might be summed up
Management Information as the study of techniques and applications that depend on the existence of difficult
System: 198 problems. A cryptanalyst attempts to compromise cryptographic mechanisms, and
cryptology (from the Greek kryptóslógos, meaning “hidden word”) is the discipline Information and System Security
of cryptography and cryptanalysis combined
Within the context of any application-to-application communication, there are some
specific security requirements, including: NOTES
• Authentication: The process of proving one’s identity. (The primary forms
of host-to-host authentication on the Internet today are name-based or
Check your progress
• What is software
address-based, both of which are notoriously weak.)

ST
vulnerability?
• Privacy/confidentiality: Ensuring that no one can read the message except • List various mechanisms to
control software
the intended receiver. vulnerability.

O
• Integrity: Assuring the receiver that the received message has not been
altered in any way from the original.
Non-repudiation: A mechanism to prove that the sender really sent this

P
•
message.

-D R
Cryptography, then, not only protects data from theft or alteration, but can also be
used for user authentication. There are, in general, three types of cryptographic

O
schemes typically used to accomplish these goals: secret key (or symmetric)
cryptography, public-key (or asymmetric) cryptography, and hash functions, each of
which is described below. In all cases, the initial unencrypted data is referred to as

V
AF PY
plaintext. It is encrypted into ciphertext, which will in turn (usually) be decrypted
into usable plaintext.
13.7.1 Types of Cryptographic Algorithms
DR O

There are several ways of classifying cryptographic algorithms. Here they will be
categorized based on the number of keys that are employed for encryption and
C

decryption, and further defined by their application and use. The three types of
T
algorithms that will be discussed here are:
• Secret Key Cryptography (SKC): Uses a single key for both encryption
T

and decryption
NO

• Public Key Cryptography (PKC): Uses one key for encryption and another
for decryption
• Hash Functions: Uses a mathematical transformation to irreversibly
“encrypt” information
DO

L
NA
FI

Figure 13.2 : Types of Cryptographic Algorithms Management Information

System: 199
Information and System Security 13.7.1.1 Secret Key Cryptography
With secret key cryptography, a single key is used for both encryption and decryption.
As shown in the Figure 13.1 the sender uses the key (or some set of rules) to
NOTES encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies
the same key (or ruleset) to decrypt the message and recover the plaintext. Because
Check your progress a single key is used for both functions, secret key cryptography is also called
• What is a cryptography? symmetric encryption.

ST
With this form of cryptography, it is obvious that the key must be known to both the
sender and the receiver; that, in fact, is the secret. The biggest difficulty with this
approach, of course, is the distribution of the key.

O
Secret key cryptography schemes are generally categorized as being either stream
ciphers or block ciphers.

P
• Stream ciphers operate on a single bit (byte or computer word) at a time
and implement some form of feedback mechanism so that the key is constantly

-D R
changing.

O
• Block cipher is called so because the scheme encrypts one block of data at
a time using the same key on each block.
In general, the same plaintext block will always encrypt to the same ciphertext

V
AF PY
when using the same key in a block cipher whereas the same plaintext will encrypt
to different ciphertext in a stream cipher.
13.7.1.2 Public-Key Cryptography
DR O

Public-key cryptography has been said to be the most significant new development
in cryptography in the last 300-400 years. Modern public key cryptography was first
C

T
described publicly by Stanford University professor Martin Hellman and graduate
student Whitfield Diffie in 1976. Their section describes a two-key crypto system in
which two parties could engage in a secure communication over a non-secure
T

communications channel without having to share a secret key.

NO

PKC depends upon the existence of so-called one-way functions, or mathematical

functions that are easy to computer whereas their inverse function is relatively
difficult to compute.
Generic PKC employs two keys that are mathematically related although knowledge
DO

of one key does not allow someone to easily determine the other key. One key is
L

used to encrypt the plaintext and the other key is used to decrypt the ciphertext. The
important point here is that it does not matter which key is applied first, but that both
NA

keys are required for the process to work. Because a pair of keys are required, this
approach is also called asymmetric cryptography.
In PKC, one of the keys is designated the public key and may be advertised as
widely as the owner wants. The other key is designated the private key and is never
FI

revealed to another party. It is straight forward to send messages under this scheme.
Suppose A wants to send B a message. A encrypts some information using B public
key, B decrypts the ciphertext using his private key. This method could be also used
to prove who sent a message; A, for example, could encrypt some plaintext with her
Management Information private key, when B decrypts using A’s public key, he knows that A sent the message
System: 200
and A cannot deny having sent the message (non-repudiation).
13.7.1.3 Hash Functions Information and System Security

Hash functions, also called message digests and one-way encryption, are algorithms
that, in some sense, use no key. Instead, a fixed-length hash value is computed
based upon the plaintext that makes it impossible for either the contents or length of NOTES
the plaintext to be recovered. Hash algorithms are typically used to provide a digital
fingerprint of a file’s contents, often used to ensure that the file has not been altered
by an intruder or virus. Hash functions are also commonly employed by many

ST
operating systems to encrypt passwords. Hash functions, then, provide a measure
of the integrity of a file.
Hash functions are sometimes misunderstood and some sources claim that no two

O
files can have the same hash value. This is, in fact, not correct. Consider a hash
function that provides a 128-bit hash value. There are, obviously, 2128 possible hash

P
values. But there are a lot more than 2128 possible files. Therefore, there have to be
multiple files – in fact, there have to be an infinite number of files – that can have the

-D R
same 128-bit hash value.

O
13.8 Summary
The topics covered in this unit aimed at providing the sedimentary knowledge of

V
AF PY
various issues related to security of information systems and information resources.
The information systems designed for businesses must include provisions and features
to assure security of information resources and allied infrastructure. Information
security is the ongoing process of exercising due care and due diligence toprotect
DR O

information, and information systems, from unauthorized access, use,

disclosure,destruction, modification, or disruption.
C

T
13.9 Key Terms
T
NO

• Access Control: Refers to providing access to only legitimate and authorized

users of the information system
• Access Threats: Threats directed towards gaining unauthorized access to
the information
DO

• Authentication: Refers to confirming a user’s identity.

L

• Availability: Information system property which refers to guarantee access

to information system services or resources.
NA

• Block cipher: Cryptographic keys that encrypt one block of data at a time
using the same key on each block.
• Confidentiality: is the property that ensures that the information or the data
FI

stored on the enterprise’s information infrastructure or transmitted through it

is available to authorized systems or individuals only.
• Cryptography: The study of methods of converting ordinarily readable
information (plaintext) into unintelligible gibberish (i.e., ciphertext).
• Decryption key: Algorithm used to encrypt ciphertext into plaintext. Management Information
System: 201
Information and System Security • Decryption: Process of converting cipher text into plaintext.
• Denial-of-service attack: Explicit attempt by attackers to prevent legitimate
users of information system services from using that service.

NOTES • Eavesdropping: Unauthorized and passive monitoring of information systems

and network for information system.
Check your progress • Encryption key: Algorithm used to encrypt plaintext into ciphertext.
• Discuss classification of

ST
cryptographic techniques. • Encryption: Process of converting plaintext into ciphertext.
• Firewalls: Special case of network access control mechanisms that can
protect organization’s internal networks from external security threats.

O
• Hash Functions: Cryptographic methods which use a mathematical
transformation to irreversibly (one-way) encrypt information.

P
• Hostile software: Malicious software code having potential to adversely
affect the information system and allied resources.

-D R
• Information Security Threat: any condition that may result or is having the
potential to result in a condition that might lead to loss, misuse, fraud,

O
misrepresentation, destruction, modification or denial of data and other
information processing resources that may cause financial or operational
hardships to the parties to the information system.

V
AF PY
• Integrity: Refers to verifying that the data is not modified without requisite
permissions.
• Interception: Unauthorized and active monitoring of information systems
DR O

and network for information system.

• Masquerading: An attempt to act like or impersonate someone else or some
C

other system.
T
• Modification threat: Any unauthorized attempt of modification of information
system resources.
T

• Non-repudiation: Provisions that guarantee that none of the parties involved

NO

in an operation can deny the operation at a later date.

• Packet Filtering: Firewall mechanism where network access is controlled
by scanning data packets headers for access control rules.
• Proxy Firewalls: Firewall implemented by placing a dedicated machine to
DO

scan and monitor the incoming and outgoing data traffic of an organization.
L

• Public Key Cryptography (PKC): Cryptographic methods which use one

NA

key for encryption and another for decryption.

• Secret Key Cryptography (SKC): Cryptographic methods which use a
single key for both encryption and decryption.
• Snooping: Looking through information files at a particular location in the
FI

hope of finding something interesting.

• Software patches: software updates by their developers/vendors to plug
security holes.
• Software Security Holes: Security vulnerabilities due to badly designed
Management Information and maintained software on information systems.
System: 202
 • Spyware: A type of program that usually comes with a useful application but sends Information and System Security
information to its creator about what the computer user is doing on the internet.
• Stateful Packet Inspection (SPI): Firewall mechanism where network
access is controlled by scanning data packets headers as well as contents for
NOTES
access control rules.
• Stream ciphers: Cryptographic keys that operate on a single bit (byte or
computer word) at a time and implement some form of feedback mechanism

ST
so that the key is constantly changing.
• Trojan: Hostile software which disguise themselves as having certain desirable utility.
Viruses: Hostile software which attaches itself to a host program and have

O
•
potential to replicate and self-propagate.

P
-D R
O
V
AF PY
DR OC

T
T
NO
DO

L
NA
FI

Management Information
System: 203