SECURITY ASPECTS IN COMPUTER NETWORKS: COMPLETE CUET STUDY NOTES
1. Introduction to Network Security
In our modern, fully connected world, being alone is technically the only ideal situation for individual security. A computer with no links to external devices is free from network threats, but this is unrealistic given the necessity of digital communication for education, e-commerce, and socialisation.
Network security is the protection of devices and data from illegitimate access or misuse. Threats exploit vulnerabilities or weaknesses in communication systems to cause harm, steal information, or damage reputations.
2. Malware: Threats and Prevention
Malware is a short term for "MALicious softWARE". It is any software developed with the intention to damage hardware, steal data, or cause trouble for users.
2.1 Viruses
Definition: Coined by Fred Cohen in 1985, the term is borrowed from biological science. A computer virus is a piece of code created to hamper resources like CPU time, memory, or sensitive files.
Working: It spreads on contact by copying or inserting its code into other executable files. It remains dormant until the infected file is executed by a user.
Examples: CryptoLocker, ILOVEYOU, and Stuxnet.
2.2 Worms
Definition: Standalone malware programs that do not need a host program to insert their code into.
Difference from Virus: While a virus requires human intervention (opening a file) to replicate, a worm replicates on its own and spreads through the network.
Examples: Code Red, Nimda, and the Morris Worm.
2.3 Trojan Horse
Definition: Named after the wooden horse used by ancient Greeks to infiltrate Troy, this malware looks like legitimate software.
Working: It tricks the user into installing it. Unlike viruses or worms, it does not self-replicate; it spreads through user interaction like downloading attachments.
Danger: Often creates "backdoors" to give hackers access to the system.
2.4 Adware
Purpose: Created to generate revenue for developers by displaying unsolicited advertisements via pop-ups or installation screens.
Mechanism: It often uses "pay per click" to charge clients for the number of clicks on displayed ads. While usually harmless, it can pave the way for other malware by displaying unsafe links.
2.5 Other Malware Types
Ransomware: Targets user data by blocking access or encrypting it, demanding payment (often in cryptocurrency like Bitcoin) to unlock it. A famous example is WannaCry, which infected 200,000 computers in 2017.
Spyware: Gathers information about a person or organisation without their knowledge, often selling internet usage data to advertisers or capturing credit card details.
Keyloggers: Software or hardware that records every key pressed by a user. This reveals passwords and private conversations.
3. Antivirus and Their Workings
Antivirus software (also called anti-malware) has evolved from simple virus-removal tools into suites that provide prevention, detection, and removal for a wide range of malware.
3.1 Methods of Identification
Signature-based Detection: Uses a Virus Definition File (VDF), a database of known "virus signatures" (unique byte sequences). This method requires regular updates; an outdated VDF is as good as having no protection.
Sandbox Detection: Executes a new application in a virtual environment (sandbox) to observe its behaviour before allowing it access to actual system resources.
Heuristics: Compares the source code of a suspected program against a database of known patterns followed by malware. If the majority of code matches, it is flagged.
Real-time Protection: Observes the behaviour of applications while they are executing in the active memory (RAM) to catch malware that might have been dormant.
4. Spam and Cookies
4.1 Spam
Spam refers to unwanted data, advertisements, or invitations sent repeatedly to a large number of users. Most common as email spam, it creates junk in inboxes and often tricks users into downloading malware. Modern email services use automatic detection algorithms to filter these messages.
4.2 Cookies
Concept: A small file or data packet stored by a website on a client's computer to record browsing information.
Purpose: They record items in e-commerce carts, login credentials, language preferences, and search queries to enhance user experience.
Types:
Session Cookies: Track current sessions and terminate them after a time-out (essential for banking).
Authentication Cookies: Check if a user is already logged in to prevent repeated logins.
Threats: Some malware disguises itself as "supercookies". "Zombie cookies" are persistent and get recreated even after deletion. Third-party cookies can share data with advertisers without user consent.
5. Web Security: HTTP vs. HTTPS
Both are protocols governing data transmission over the World Wide Web.
HTTP (HyperText Transfer Protocol): Sends information over the network "as is". It does not scramble data, making it vulnerable to hackers. It is sufficient for public info like news portals.
HTTPS (Secure): Encrypts data before transmission and decrypts it at the receiver end. It is mandatory for handling personal information and banking credentials. HTTPS websites require an SSL Digital Certificate.
6. Firewall
A firewall is a network security system designed to protect a trusted private network from unauthorised access originating from an untrusted outside network like the Internet.
Implementation: Can be hardware, software, or both.
Function: Acts as a network filter, monitoring incoming and outgoing traffic based on predefined security rules.
Types:
Network Firewall: Placed between two or more networks to monitor traffic between them.
Host-based Firewall: Installed on a single computer to monitor traffic to and from that specific machine.
7. Hackers and Crackers
These are individuals with thorough knowledge of computer systems, networks, and programming who find vulnerabilities to gain unauthorised access.
White Hats (Ethical Hackers): Security experts who use their knowledge with good intentions to find and fix flaws. Organisations hire them to strengthen systems.
Black Hats (Crackers): Use their knowledge unethically to break the law and disrupt security by exploiting loopholes.
Grey Hats: Neutral hackers who exploit vulnerabilities for fun or as a challenge, rather than for monetary or political gain.
Hacktivists: Hackers whose goal is to bring about political or social change.
8. Advanced Network Security Threats
8.1 Denial of Service (DoS)
Mechanism: An attacker limits or stops an authorised user from accessing a resource by overloading it with illegitimate requests.
Effect: A website flooded with packets from different IP addresses becomes overloaded and cannot serve legitimate users.
DDoS (Distributed DoS): A more dangerous variant where flooded requests come from Zombies (compromised computers) distributed globally. The attacker uses a Bot-Net (network of zombie machines) to carry out the attack.
8.2 Intrusion Problems
Network intrusion refers to any unauthorised activity on a network.
Asymmetric Routing: Sending intrusion packets through multiple paths to bypass network sensors.
Buffer Overflow: Exploiting a programming error to overwrite memory areas with malicious code that is executed later.
Traffic Flooding: Flooding detection systems with so many packets that they become incapable of monitoring effectively.
8.3 Snooping vs. Eavesdropping
Snooping (Sniffing): The secret capture and analysis of network traffic. Malicious users tap into a communication channel and record the data. If data is not encrypted, it is highly vulnerable.
Eavesdropping: An unauthorised real-time interception or monitoring of private communication (phone calls, VoIP, video conferences).
Key Difference: Eavesdropping happens in real-time (like listening at a window), while snooping involves capturing data for later analysis (like copying a letter addressed to someone else).
9. Summary of Preventive Measures
Software: Use and regularly update antivirus and anti-malware software.
Infrastructure: Enforce firewall protection.
Best Practices:
Avoid pirated software; use Free and Open Source Software (FOSS).
Always check for the "https://" and lock icon in the browser address bar.
Use Online Virtual Keyboards (which randomise layout) instead of On-Screen keyboards to avoid keyloggers.
Regularly back up important data.
Never click links or download attachments from unsolicited/spam emails.
Scan removable storage devices (pen drives, SSDs) before use.
Avoid entering sensitive data on unknown networks or public computers.