UNIT The Internet Protocol (IP) is the principal communications protocol in the Internet_protocol uite for relaying datagrams across network boundaries. Its routing function enables internetworking, and ssentially establishes the Internet. IP has the task of delivering packets from the source host to the destination host solely based on the [P idresses in the packetheaders. For this purpose, IP defines packet structures that encapsulate the data to delivered. It also defines addressing methods that are used to label the datagram with source and lestination information. istorically, IP was the connectionless datagram service in the original Transmission Control rogram introduced by Vint_Cerf andBob__Kahnin 1974; the other being the connection- riented Transmission Control Protocol (TCP). The Internet protocol suite is therefore often referred to as ‘CPAP. first major version of IP, Internet Protocol Version 4 (IPv4), is the dominant protocol of the Internet. its successor is Internet Protocol Version 6 (IPv6). What is Internet Protocol (IP)? (short for Internet Protocol) specifies the technical format ofpackets and the addressing scheme for computers to communicate over a network. Most networks combine IP with a higher-level protocol led Transmission Control Protocol (TCP), which establishes a virtual connection between a destination asource. by itself can be compared to something like the postal system. It allows you to address a package and ‘op it in the system, but there's no direct link between you and the recipient. TCP/IP, on the other hand, lishes a connection between two hosts so that they can send messages back and forth for a period of ime. TCP/ Me hort for Transmission Control ProtocoV/Internet Protocol, TCP/IP is a set of rules (protocols) soverning communications among all computers on the Internet. More specifically, TCP/IP dictates how formation should be packaged (turned into bundles of information called packets), sent, and received, as J] as how to get to its destination, TCP/IP was developed in 1978 and driven by Bob Kahn and Vint rf. @”TCP/IP Packet 32 bits How does TCP/IP work? jAs the name implies, TCP/IP is a combination of two separate protocols: Transmission Control Protocol LCP) and Internet Protocol (IP). The Intemet Protocol standard dictates the logistics of packets sent out ver networks; it tells packets where to go and how to get there. IP has a method that lets any computer on the Internet forward packet to another computer that is one or more intervals closer to the packet's fecipient. You can think of it like workers ina line passing boulders from a quarry to a mining cart, [The Transmission Control Protocol is responsible for ensuring the reliable transmission of data across Intemet-connected networks. TCP checks packets for errors and submits requests for re-transmissions if yy are found. three of the most common TCP/IP protocols + HTTP. Used between a web client and a web server, for non-secure data transmissions, A. web client (i.e. Internet browser on a computer) sends a request to a web server to view a web page. The Web server receives that request and sends the web page information back to the web client. + HTTPS - Used between a web client and a web server, for secure data transmissions. Often used for sending credit eard transaction data or other private data from a web client (i.e. Intemet browser on a computer) to a web server. + FIP Used between two or more computers. One computer sends data to or receives data from another computer directly [Domain names and TCP/IP addresses [The TCP/P address for a website or web server is typically not easy to remember. To re in a medy this issue, Pidomain_name is used instead. For example, 45.79.151.23 is the IP address for the Computer Hopename. Using this method, instead of a set o to remember Computer Hope's web address. Internet Protocol Versions There are currently two version of Internet Protocol (IP): JPv4 and a new version called IPv6. IPv6 is an volutionary upgrade to the Internet Protocol. IPV6 will coexist with the older IPv4 for some time. What is IPv4 -- Internet Protocol Version 4? v4 (Internet Protocol Version 4) i the fourth revision of the Internet Protocol (IP) used to to identify devices on anetwork through an addressing system. The Internet Protocol is designed for use in interconnected systems of packet-switched computer communication networks (see RFC:791). Pv4 is the most widely deployed Internet protocol used to connect devices to the Internet, IPv4 uses a 32- itaddress scheme allowing for a total of 2°32 addresses (just over 4 billion addresses). With the growth f thelnternet it is expected that the number of unused IPv4 addresses will eventually run out because very device - including computers, smartphones and game consoles -- that connects to the Internet uires an address. [NW Intemet addressing system Intemet Protocol version 6 (IPv6) is being deployed to fulfil the need for more Internet addresses. ‘hat is IPY6 -- Internet Protocol Version 6? Pv6 (Internet Protocol Version 6) is also called IPng (Internet Protocol next generation) and it is the fet version of the Internet Protocol (IP) reviewed in the IETF standards committees to replace the ‘urrent version of IPv4 (Internet Protocol Version 4). Pv6 is the successor to Internet Protocol Version 4 (IPv4). It was designed as an evolutionary upgrade to be Internet Protocol and will, in fact, coexist with the older IPv4 for some time. IPV6 is designed to allow Internet to grow steadily, both in terms of the number of hosts connected and the total amount of data fic transmitted, PV6 is often referred to as the "next generation” Internet standard and has been under development now pines the mid-1990s. IPv6 was bom out of concem that the demand for IP addresses would exceed the Wailable supply. [While increasing the pool of addresses is one of the most often-talked about benefit of IPv6, there are other important technological changes in IPv6 that will improve the IP protocol: No more NAT (Network Address Translation) Auto-configuration ‘No more private address collisions Better multicast routing Simpler header format Simplified, more efficient routing True quality of service (QoS), also called "flow labeling" Built-in authentication and privacy support Flexible options and extensions Easier administration (say good-bye to DHCP) [The following table lists the important differences between IPv4 and IPV6.IPy4 addresses are 32 bit length 1PV6 adidresses are 128 bit length. [WPv4 addresses are binary _numbers represented in a 1PV6 addresses are binary numbers represented in hexadecimals, iecimals. |LPSec support is only optional. Inbuilt IPSee support |Fragmentation is forwardins is done by sender and forwarding ‘ragmentation is done only by sender. routers. Fretmentation Packet flow identification is available within the IPv6 INo packet f iticati Ee et header using the Flow Label field. hecksum field is available in IPv4 header No checksum field in IPv6 header. (Options fields are available in IPv4 header. ‘No option fields, but IPv6 Extension headers are available, Adc Resolution Protocol (ARP) is available to Address Resolution Protocol (ARP) is replaced with a function ImapIPv4 addresses to MAC addresses. ofNeighbor Discovery Protocol (NDP). i linternet Group Management Protocol (IGMP) is used to IGMP is replaced with Multicast Listener Discovery (MLD) Imanage multicast group membership. messages Broadcast messages are not available. Instead a link-local scope [Broadcast messages are available. “All nodes” multicast IPv6 address (FFO2::1) is used for broadcast similar functionality. [Manual configuration (Static) of IPv4 addresses or IDHCP (Dynamic configuration) is required to Auto-configuration of addresses is available. [configure IPv4 addresses. Connecting Devices - Hub, Repeater, Switch, Bridge, Router, Gateway # LECT cordess Nea ones computer POS TaN € ay FON FONUSE CLAN Power TH x s a} which lead in loss of data. Hence, in order to pr led signal. In addition, it has all the and the Hubs are that only one @ particular time. If multiple devices transmit data Switch The term intelligent refers to the decision ik layer, it has knowledge of the MAC Fig 4: Switch tence, in the Fig 1, if data has to be set ., the data is transferred to the Computer B only, and not to any other computers eonnecte » it establishes a ink between the sender and the recei - This also means that when data is ‘ing sent from A to B, ‘Computer C can es tablish a link with Computer D and communication can take lace between them. So, simultaneous data transfer is possible in a switch, Also, Hub. wut a Switch does not. t is also to be noted that estinations, and also c i sends information only to the desired in be implemented in the Switches, revent this, the |CIBri A bridge is also a device which works in the Data Link Layer, but is more primitive when compared to a ‘witch. Initial bridges were used to connect only 2 LAN’s, but the most recent ones perform similar operation as the switches. It also works on the principle of transfer of information using the MAC addresses of the ports Fig 5: Bridge i can be noted is that the normal ADSL modem can be connected via bridging also. The only difference is that, when bridging is used, each time the device has to be connected to the internet, it has to dial to the internet and establish a connection. Also, a bridge alone cannot be used to connect to the internet, because, J) fhe bridge works in the Data Link Layer, and has no knowledge of the IP Addresses, which are used in the internet, [Router (Any computer can be connected to the internet [DEModulation operations. But, MODEM, which performs the MODulation and the when there are more than one computer at home or in an organization, and ‘ou have a single intemet connection, you need a Router. Router is a device which is used when multiple levices need to connect to the Internet using the same IP. {Any Internet Service Provider (ISP) provides a single IP, and especially for personal use, the IP address is igned dynamically. This is done because, suppose, an ISP has 1000 IP addresses, it does not mean that t has 1000 customers. An ISP assumes that not all devices will be connected to the internet at the same ime. Hence, when a user wants to access the internet, any IP address from the pool of IP addresses from the ISP will be assigned to connect the user to the internet, ig 6: Router lence, the router does the job of connecting multi iple devices in a LAN to the intemet using the same IP ress, Since the router works in the Network Layer, it does forwarding on the basis of IP addresses, [The WiFi routers that are commonly used now are the IE] : ‘BE 802.11 big standard router, which is explained below.WEEE 802.11 EEE 802.11 is a standard for WiFi, There are several different technologies/ generations that have been implemented. As mentioned, the recent modems are TEER, 802.11 b/g modems. The word b/g has the meaning as follows: 0 TEBE 802.11 b standard uses 2.4GHz band and has a maximum transfer rate of 11 Mbps, while the HEEI F 802.11 g standard uses 2.4 GHz band and has maximum transfer rate of 54 Mbps. ‘Thus the b/g modem refers to a dual bandwidth modem, which is compatible with both the b and g standards, The Yandards are mainly differentiated based on the distance and speed of data trans The more recent IEE 802.11 N standard has the capability to provide speeds of over 100 Mbps, It ay uses multiple wireless signals and antennas, and has increased signal intensity in order to be able n Provide network for greater distances, It employs MIMO technology, wherein spatial encoding is used, The spatial pre-coding is done at the transmitter and the post-coding is done at the receiver, Recently, [Reliance Communications was in news for implementing MIMO technology to improve its 3G data nsfer speeds, Brouter PBrouter (Bridging Router) is a device which has two functions, Brouter acts as a router for known ae (known by the router and those on the network) and hence works in the network layer. For data kets with unknown protocols, it acts as a bridge by connecting two different networks which is the lunction of a bridge - and this works in the data-link layer. Jateway The Gateway devices work in the Transport I implemented. A gateway is necessary when ILAN’s which are to be connected together. layer and above, where the different network technologies are there are different technologies implemented by the ws Fig 7: Gateway function The Fig 7 shows the working of a gateway. Consider 2 networks, say in New York, and a network in [London. If data has to be sent from one place to another, we need to sure that the network technologies hat are being used by both the networks are the same, If not, we need to use a Gateway In the more common example, we use ieee technologies. The telephone networ ifferent technologies are being used telephone network and intern rk follows the ISDN, and In this case, the let networks, which works on the Internet follows the IP. Here, 2 router fails to work, since the router cannotjunderstand the functionalities of both the networks, Hence, we require a Gateway, which acts as a ranslator in communicating between the 2 networks. }Need for Security, Business Needs, Threats, Attacks, Legal, Ethical and Professional Issues.# [Business Needs First Information security performs four important functions for an organization: 1. Protects the organization’s ability to function 2. Enables the safe operation of applications implemented on the organization’s IT systems. 3. Protects the data the organization collects and uses. 4. Safeguards the technology assets in use at the organization, 1. Protecting the fun nality of an organization * Decision makers in organizations must set policy and operate their organizations in compliance with the complex, shifting legislation that controls the use of technology. 2. Enabling the safe operation of applications * Organizations are under immense pressure to acquire and operate integrated, efficient, and capable applications * The modem organization needs to create an environment that safeguards applications using the organization's IT systems, particularly those applications that serve as important ‘elements of the infrastructure of the organization. 3. Protecting data that organizations collect & use © Protecting data in motion * Protecting data at rest © Both are critical aspects of information security. * The value of data motivates attackers to seal, sabotage, or corrupt it. * It is essential for the protection of integrity and value of the organization’s data 4. Safeguarding Technology assets in organizations + Must add secure infrastructure services based on the size and scope of the enterprise. * Organizational growth could lead to the need for public key infrastructure, PKI, an integrated system of software, encryption methodologies. Threats To protect an organization’s information, you must 1. Know yourself (ie) be familiar wit the information to be protected, and the process it. 2. Know the threats you face To make sound decisions about information security, various threats facing the organization, systems that store, transport and : management must be informed about the its application, data and information systems.A threat is an object, person, or other entity, that represents a constant danger to an asset. ‘Threats to Information Security Categories of threat Examples ts of human error or failure ~ Accidents, employee mistakes ‘ompromises to intellectual property Piracy, copyright infringement [Deliberate acts of espionage or trespass-- Unauthorized access and/or/data collection [Deliberate acts of information extortion Blackmail or information disclosure [Deliberate acts of sabotage or vandalism —- Destruction of systems or information Deliberate acts of thet ~~ _ Illegal confiscation of equipment or information [Deliberate software attacks - Viruses, worms, macros, denial-of-service Forces of nature Fire, flood, earthquake, lightning [Deviations in quality of service - ISP, power or WAN service providers [Technical hardware failures or errors -- Equipment failure [Technical software failures or errors - Bugs, code problems, unknown loopholes Technological obsolescence -- Antiquated or outdated technologies [Chreats 1. Acts of Human Error or Failure: ‘* Acts performed without intent or malicious purpose by an authorized user. * because of in experience ,improper training, © Making of incorrect assumptions. One of the greatest threats to an organization’s information security is the organization’s own employees. * Entry of erroneous data * accidental deletion or modification of data ‘+ storage of data in unprotected areas. * Failure to protect information an be prevented with Training Ongoing awareness activities Verification by a second party Many military applications have robust, dual- approval controls built in . 2. Compromises to Intellectual Property * is defined as the ownership of ideas and control over the tangible or virtual representation of those ideas. * Intellectual property includes trade secrets, copyrights, trademarks, and patents, © Once intellectual property has been defined and properly identified, breaches to IP constitute a threat to the security of this information. © Organization purchases or leases the IP of other organizations. * Most Common IP breach is the unlawful use or duplication of software based intellectual property more commonly known as software Piracy. © Software Piracy affects the world economy. © USS provides approximately 80% of world’s software.a A, a in addition to the laws surrounding software piracy, two watch dog organizations investigate allegations o! oftware abuse. a 1. Software and Information Industry Association (SILA) (.e)Software Publishers Association 2. Business Software Alliance (BSA) i as * Another effort to combat (take action against) piracy is the online registration process. B. Deliberate Acts of Espionage or Trespass * Electronic and human activities that can breach the confidentiality of information. * When an unauthorized individual’s gain access to the information an organization is trying to Protect is categorized as act of espionage or trespass. Attackers can use many different methods to access the information stored in an information system, Competitive Intelligencefuse web browser to get information from market research] . Industrial espionage(spying) 3. Shoulder Surfing(ATM) ne ‘Trespass Can lead to unauthorized real or virtual actions that enable information gatherers to enter Dremises or systems they have not been authorized to enter. Sound principles of authentication & authorization can help organizations protect valuable information and systems. © Hackers-> illegally” There are generally two skill levels among hackers, Expert Hackers> Masters of several operating systems. * Unskilled Hackers “People who use and create computer software to gain access to information Programming languages, networking protocols, and Damage the image of organization Cyber terrorism-Cyber terrorists hack systems to conduct terrorist activities throu, 7 ist act igh network of 6. Deliberate Acts of Theft {Megat taking of another's property isa constant problem, print an organization, property can be physica, electron, or intellectual, Physical theft can be controlled by installation of alan systems, Trained security professionals, : Electronic theft control is under research, [?- Deliberate Software Attacks Because of malicious code or mal* These software components are designed to damage, destroy or deny service to the target system. * More common instances are Virus, Worms, Trojan horses, Logic bombs, Backdoors. * “The British Internet Service Provider Cloudnine” be the first business “hacked out of e) irus ‘* Segments of code that performs malicious actions. * Virus transmission is at the opening of Email attachment files. * Macro virus-> Embedded in automatically executing macrocode common in word processors, spreadsheets and database applications. * Boot Virus-> infects the key operating files located in the computer's boot sector. ‘orms * A wom is a malicious program that replicates itself constantly, without requiring another Program to provide a safe environment for replication. * Worms can continue replicating themselves until they completely fill available resources, such as memory, hard drive space, and network bandwidth. * Eg: MS-Blaster, MyDoom, Netsky, are multifaceted attack worms. © Once the worm has infected a computer , it can redistribute itself to all e-mail addresses found on the infected system. © Furthermore, a worm can deposit copies of itself onto all Web servers that the infected systems can reach, so that users who subsequently visit those sites become infected. [Trojan Horses © Are software programs that hide their true nature and reveal their designed behavior only when activated. Trojan horse releases Trojan horse Trojan horse is |___—._— its payload, monitors arrives via E- |__| activated when computer activity, mail or the software or installs back door, or software such attachment is transmits information as free games executed to hacker ‘Trojan horse Attack Back Door or Trap Door A Virus or Worm has a payload that installs a backdoor or trapdoor component in a system, which allows the attacker to access the system at will with special privileges. Eg: Back Orifice Polymorphism ‘© A Polymorphic threat is one that changes its apparent shape over time, making it undetectable by techniques that look for preconfigured signatures. These viruses and Worms actually evolve, changing their size, and appearance to elude detection by antivirus software programs.ry Virus kerver irus & Worm Hoaxes Peainst your wishes. ms Data Sending Trojans Proxy Trojans * FTP Trojans Security software disabler Trojans Denial of service attack Trojans(DOS) A program or piece of code that be loaded on to your computer, without your knowledge and run Worm A program or al gorithm that replicates itself over a computer network and usuall fmalicious actions. 3 ic [Projan Horse A destructive program that masquerade on beginning application, unlike viruses, Trojan horse do hot replicate themselves. Blended threat Blended threats combine the characteristics of virus, worm, Trojan horses & malicious code with and Internet Vulnerabilities. Antivirus Program A Utility that searches a hard disk for viruses and removes any that found. [Forces of Nature Fire: Structural fire that damages the building. Also encompasses smoke damage from a fire or ater damage from sprinkles systems. Flood: Can sometimes be mitigated with flood insurance and/or business interruption Insurance. Earthquake: Can sometimes be mitigated with specific causality insurance and/or business interruption insurance, but is usually a separate policy. Lightning: An Abrupt, discontinuous natural electric discharge in the atmosphere. Landslide/Mudslide: The downward sliding of a mass of earth & rocks directly damaging all parts sf the information systems. Tornado/Severe Windstorm: Huricane/typhoon: Tsunami fa Electrostatic Discharge (ESD): Dust Contamination:They must also prepare contin ecovery plans, business continui face of these threats, Deviations in Quality of Service A product or service is not delivered to the organization as expected. The Organization's information sy: interdependent support systems. It includes power grids, telecom networks, Janitorial staff & garbage haulers, This degradation of service is a form of availability disruption. [Internet Service Issues Internet service Provider(ISP) failures can considerably undermine the availability of information, |€ The web hosting services are usually arranged with an agreement providing minimum service levels known as a Service level Agreement (SLA). When a Service Provider fails to meet SL, by the client, but these wency plans for continued operations, such as disaster ity plans, and incident response plans, to limit losses in the stem depends on the successfil operation of many Parts suppliers, service vendors, and even the 'y services can affect the organizations are telephone, cable television, natural or propane gas, and custodial services. The loss of these services can i water, waste water, trash pickup, pair the ability of an organization to function, For an example, ifthe waste water system fails, an organization might be prevented from allowing employees into the building. This would stop normal business operations. Power Irregul ies * Fluctuations due to power excesses. ¢ ‘© Power shortages & © Power losses This can pose problems for organizations that provide inade information systems equipment. © When voltage levels spike (experience a momentary inerease),or su increase ), the extra voltage can severely damage or destroy equipment. + The more expensive uninterruptible power supply (UPS) can protect against spikes and surges. quately conditioned power for their irge ( experience prolonged (echnical Hardware Failures or Errors * Resulting in unreliable service or lack of availability ‘* Some errors are terminal, in that they result in unrecoverable loss of equipment. Some errors are intermittent, in that they resulting in faults that are not easily repeated. [Lechnical software failures or errorsMiwite called as TCP hijacking attack, Aan attacker Monitors Packets from it Sey fom the network, modifies * Spam is unsolicited commercial E-mail. * Ithas been used to make malicious code attacks more effective. 88 trivial nuisance rather than an attack, Another form of E-mail attack that is also a DOS called a.m & Attacker routes large quantities of e-mail tothe target, * The target ofthe attack receives unmanageably large volumes of By sending large e-mails, attackers can take advantage Internet and trick them into sending many e-mails to an The target e-mail address is buried under thousands or e “unsolicited e-mail. of poorly configured e-mail systems on the address chosen by the attacker, -ven millions of unwanted e-mails, sniffers © A sniffer isa program or device that can monitor data traveling over a network, Unauthorized sniffers can be extremely dangerous to a network's security, because they are virtually impossible to detect and can be inserted almost anywhere, Sniffer often works on TCP/IP networks, where they are sometimes called * ‘packet Sniffers”, Social Engineering © It is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. * Anaattacker gets more information by calling others inthe company and asserting hisher authority by mentioning chiefs name. [Buffer Overflow© A buffer overflow is an application error that occurs when more data is sent to a buffer than it can handle. * Attacker can make the target system execute instructions, [Timing Attack * Works by exploring the contents of a web browser’s cache. + These attacks allow a Web designer to create a malicious form of cookie, that is stored on the client's system, * The cookie could allow the designer to collect information on how to access password- protected sites. \Attacks * Anattack is an act of or action that takes advantage of a vulnerability to compromise a controlled system. * It is accomplished by a threat agent that damages or steals an organization's information or physical asset. * Vulnerability is an identified weakness in a controlled system, where controls are not present or are no longer effective. ‘© Attacks exist when a specific act or action comes into play and may cause a potential loss. jous code © The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. © The state-of-the-art malicious code attack is the polymorphic or multivector, worm. © These attack programs use up to six known attack vectors to exploit a variety of vulnerabilities in commonly found information system devices. [Attack Replication Vectors IP scan & attack Web browsing Virus Unprotected shares Mass mail Simple Network Management Protocol(SNMP) ayaeye l1. IP scan & attack ‘The infected system scans a random or local range of IP addresses and targets any of several vulnerabilities known to hackers. 2. Web browsing If the infected system has write access to any Web pages, it makes all Web content files _html,.asp,.cgi & others) infectious, so that users who browse to those pages become infected. B. VirusEach infected machine infects certain common exec tutable or script files on all computers to which ft can write with virus code that can cause infection, #4. Unprotected shares Using vulnerabilities in file systems and the way many organizations configure them, the infected machine copies the viral component to all locations it can reach. 5. Mass Mail By sending E-mail infections to addresses found in the address book, the infected machine infects frany users, whose mail -reading programs also automatically run the program & infect other systems. f- Simple Network Management Protocol (SNMP) * By using the widely known and common passwords that were employed in early versions of this Protocol, the attacking program can gain control of the device. Most vendors have closed these Vulnerabilities with software upgrades. Hoaxes A more devious approach to attacking the computer systems is the transmission of a virus hoax with a real virus attached. Even though these users are trying to avoid infection, they end up sending the attack on to their co- workers. ackdoors * Using a known or previously unknown and newly discovered access mechanism, gain access to a system or network resource through a back door. * Sometimes these entries are left behind by system desi to as trap doors. A trap door is hard to detect, because very often the programmer who puts it in place also makes the access exempt from the usual audit logging features of the system. an attacker can igners or maintenance staff, and thus referred Password Crack ® © Attempting to reverse calculate a password is often called cracking, * A password can be hashed using the same algorithm and compared to the hashed results, If they are same, the password has been cracked. * The (SAM) Security Account Manager file contains the hashed representation of the user’s password. Brute Force ‘© The application of computing & network resources to a password is called a Brute force attack. © This is often an attempt to repeatedly guess passwords to commonh called a password attack. try every possible combination of options of ly used accounts, it is sometimes ictional * This is another form of the brute force attack noted above for guessing passwords,* The dictionary attack narrows the field by selecting specific accounts to attack and uses a list of ‘commonly used passwords instead of random combinations. nial —of- Services jervice(DD. ‘The atacker sends a large number of connection or information requests to a target. ‘his may result inthe system crashing, or simply becoming unable to perform ordinary functions, DDOS is an attack in which a coor dinated stream of requests is launched dagainst a target from ‘many locations at the same. spoofing It is a technique used to gain unauthorized access to computers, where in the intruder sends tants 10 a computer that has an IP address that indicates that the messages are coming from a ‘trusted host. : eh Data: Payload IP source: [1p destination: 192.168.0.25 | 100.0.0.75 Original IP packet C From hacker's system Data: Payload [IP source IP destination: 100.0.0.80 | 100.0.0.75 Dees) Spoofed (modified) IP packet Spoofed packet Sent to target Firewall allows packet in, mistaking it for : legitimate traftieCommunications Act of 2002 ommunications 1934 Regulates interstate and of 1934,updated by foreign Telecommunications. Telecommunications Deregulation & Competition Act Computer Fraud & | Threats to computers 1986 Defines and formalizes laws Abuse Act to counter threats from computer related acts and offenses. Computer Security | Federal Agency | 1987 Requires all federal computer Act of 1987 Information Security systems that —_contain classified information to have surety plans in place, and requires periodic security training for all individuals who operate, design, or manage such systems. Economie Espionage | Trade secrets. 1996 Designed to prevent abuse of Act of 1996 information gained by an individual working in one company and employed by another. Electronic Cryptography 1986 Also referred to as the Communications Federal Wiretapping Act; Privacy Act of 1986 regulates interception and disclosure of electronic information, Federal Privacy Act | Privacy 1974 Governs federal agency use of 1974 of personal information, Gramm-Leach-Bliley | Banking 1999 Focuses on __ facilitating Act of 1999 affiliation among banks, insurance and securities firms; it has significant impact on the privacy of personal information used by these industries, Health Insurance | Health care privacy 1996 Regulates collection, storage, Portability and and transmission of sensitive Accountability Act personal health care information, National Information | Criminal intent 1996 Categorized crimes based on Infrastructure defendant's authority to protection Act of access computer and criminal 1996 intent, Sarbanes-Oxley Act | Financial Reporting 2002 Affects how public organizations and accounting firms deal with corporate governance. “arise|| | disclosure, and the practice of public accounting. Security and | Use and sale of software | 1999 Clarifies use of encryption Freedom through | that uses or enables for people in the United Encryption Act of | encryption, states and permits all persons ene in the U.S, to buy or sell any encryption product and states that the government cannot require the use of any kind of key escrow system for encryption products. U.S.A, Patriot Act of 2001 Defi fer penalties for Or prosecution of terrorist crimes. K MANAGEMENT Definition: ‘The formal process of identifying and controlling the risks facing an organization is called risk management. It is the probability of an undesired event causing damage to an asset. There are three steps 1. Risk Identification. 2. Risk Assessment 3. Risk Control Risk Identification: It is the process of examining and documenting the security posture of an rganization’s information technology and the risk it faces. isk Assessment: It is the documentation of the results of risk identification. isk Control: It is the process of applying controls to reduce the risks to an organization's data and formation systems. ‘o keep up with the competition, organizations must design and create safe environments in which usiness process and procedures can function. [These environments must maintain Confidentiality & Privacy and assure the integrity of organizational \iata-objectives that are met through the application of the principles of risk management {Components of Risk Management Risk Management Risk Identification Risk Control Risk Assessment is the documented result of Selecting Strategy the risk identification process ft