BIS (4360702) Prof.

Devanshi Dave

UNIT 1

Q.1 What is Information Security?

Information security is the practice of protecting information by mitigating
information risks. It involves the protection of information systems and the
information processed, stored and transmitted by these systems from
unauthorized access, use, disclosure, disruption, modification or destruction. This
includes the protection of personal information, financial information, and
sensitive or confidential information stored in both digital and physical forms.
Effective information security requires a comprehensive and multi-disciplinary
approach, involving people, processes, and technology.
Information Security is not only about securing information from unauthorized
access. Information Security is basically the practice of preventing unauthorized
access, use, disclosure, disruption, modification, inspection, recording or
destruction of information. Information can be a physical or electronic one.
Information can be anything like Your details or we can say your profile on social
media, your data on mobile phone, your biometrics etc. Thus Information Security
spans so many research areas like Cryptography, Mobile Computing, Cyber
Forensics, Online Social Media, etc.
During First World War, Multi-tier Classification System was developed keeping in
mind the sensitivity of the information. With the beginning of Second World War,
formal alignment of the Classification System was done. Alan Turing was the one
who successfully decrypted Enigma Machine which was used by Germans to
encrypt warfare data.
Effective information security requires a comprehensive approach that considers
all aspects of the information environment, including technology, policies and
procedures, and people. It also requires ongoing monitoring, assessment, and
adaptation to address emerging threats and vulnerabilities.

Q.2 Why do we Need Information Security? What are its advantages

and disadvantages.
We use information security to protect valuable information assets from a wide
range of threats, including theft, espionage, and cybercrime. Information security
is necessary to ensure the confidentiality, integrity, and availability of information,
whether it is stored digitally or in other forms such as paper documents. Here are
some key reasons why information security is important:
1
BIS (4360702) Prof. Devanshi Dave

1. Protecting sensitive information: Information security helps protect sensitive

information from being accessed, disclosed, or modified by unauthorized
individuals. This includes personal information, financial data, and trade
secrets, as well as confidential government and military information.
2. Mitigating risk: By implementing information security measures, organizations
can mitigate the risks associated with cyber threats and other security
incidents. This includes minimizing the risk of data breaches, denial-of-service
attacks, and other malicious activities.
3. Compliance with regulations: Many industries and jurisdictions have specific
regulations governing the protection of sensitive information. Information
security measures help ensure compliance with these regulations, reducing the
risk of fines and legal liability.
4. Protecting reputation: Security breaches can damage an organization’s
reputation and lead to lost business. Effective information security can help
protect an organization’s reputation by minimizing the risk of security incidents.
5. Ensuring business continuity: Information security helps ensure that critical
business functions can continue even in the event of a security incident. This
includes maintaining access to key systems and data, and minimizing the impact
of any disruptions.

Advantages of Information Security :

Information security has many uses, including:

1. Confidentiality: Keeping sensitive information confidential and protected from
unauthorized access.
2. Integrity: Maintaining the accuracy and consistency of data, even in the
presence of malicious attacks.
3. Availability: Ensuring that authorized users have access to the information
they need, when they need it.
4. Compliance: Meeting regulatory and legal requirements, such as those related
to data privacy and protection.
5. Risk management: Identifying and mitigating potential security threats to
prevent harm to the organization.
6. Disaster recovery: Developing and implementing a plan to quickly recover
from data loss or system failures.
7. Authentication: Verifying the identity of users accessing information systems.
8. Encryption: Protecting sensitive information from unauthorized access by
encoding it into a secure format.
9. Network security: Protecting computer networks from unauthorized access,
theft, and other types of attacks.
10. Physical security: Protecting information systems and the information they
store from theft, damage, or destruction by securing the physical facilities that
house these systems.

2
BIS (4360702) Prof. Devanshi Dave

Disadvantages of Information Security :

Information security faces many challenges and issues, including:
1. Cyber threats: The increasing sophistication of cyber attacks, including
malware, phishing, and ransomware, makes it difficult to protect information
systems and the information they store.
2. Human error: People can inadvertently put information at risk through actions
such as losing laptops or smartphones, clicking on malicious links, or using
weak passwords.
3. Insider threats: Employees with access to sensitive information can pose a
risk if they intentionally or unintentionally cause harm to the organization.
4. Legacy systems: Older information systems may not have the security
features of newer systems, making them more vulnerable to attack.
5. Complexity: The increasing complexity of information systems and the
information they store makes it difficult to secure them effectively.
6. Mobile and IoT devices: The growing number of mobile devices and internet
of things (IoT) devices creates new security challenges as they can be easily
lost or stolen, and may have weak security controls.
7. Integration with third-party systems: Integrating information systems with
third-party systems can introduce new security risks, as the third-party systems
may have security vulnerabilities.
8. Data privacy: Protecting personal and sensitive information from
unauthorized access, use, or disclosure is becoming increasingly important as
data privacy regulations become more strict.
9. Globalization: The increasing globalization of business makes it more difficult
to secure information, as data may be stored, processed, and transmitted
across multiple countries with different security requirements.

Q.3 Explain Security Attacks : Active, Passive and Denial of Service.

A vulnerable application could subject people and systems to several kinds of harm.
An attack occurs when a malevolent actor takes advantage of security flaws or
vulnerabilities to harm others. In this article, we’ll examine various attack methods,
so that you’ll know what to watch out for when safeguarding your application.
Active attacks:
Active attacks are a type of cybersecurity attack in which an attacker attempts to
alter, destroy, or disrupt the normal operation of a system or network.
Active attacks involve the attacker taking direct action against the target system or
network, and can be more dangerous than passive attacks, which involve
simply monitoring or eavesdropping on a system or network.
Types of active attacks are as follows:
 Masquerade
 Modification of messages

3
BIS (4360702) Prof. Devanshi Dave

 Repudiation
 Replay
 Denial of Service
Masquerade –
Masquerade is a type of cybersecurity attack in which an attacker pretends to be
someone else in order to gain access to systems or data. This can involve
impersonating a legitimate user or system to trick other users or systems into
providing sensitive information or granting access to restricted areas.
There are several types of masquerade attacks, including:
Username and password masquerade: In a username and password masquerade
attack, an attacker uses stolen or forged credentials to log into a system or
application as a legitimate user.
IP address masquerade: In an IP address masquerade attack, an attacker spoofs
or forges their IP address to make it appear as though they are accessing a
system or application from a trusted source.
Website masquerade: In a website masquerade attack, an attacker creates a
fake website that appears to be legitimate in order to trick users into
providing sensitive information or downloading malware.
Email masquerade: In an email masquerade attack, an attacker sends an email
that appears to be from a trusted source, such as a bank or government
agency, in order to trick the recipient into providing sensitive information or
downloading malware.

Masquerade Attack

4
BIS (4360702) Prof. Devanshi Dave

Modification of messages –
It means that some portion of a message is altered or that message is delayed or
reordered to produce an unauthorized effect. Modification is an attack on the
integrity of the original data. It basically means that unauthorized parties not only
gain access to data but also spoof the data by triggering denial-of-service attacks,
such as altering transmitted data packets or flooding the network with fake data.
Manufacturing is an attack on authentication. For example, a message meaning
“Allow JOHN to read confidential file X” is modified as “Allow Smith to read
confidential file X”.

Modification of messages

Repudiation –
Repudiation attacks are a type of cybersecurity attack in which an attacker
attempts to deny or repudiate actions that they have taken, such as making a
transaction or sending a message. These attacks can be a serious problem because
they can make it difficult to track down the source of the attack or determine who
is responsible for a particular action.
There are several types of repudiation attacks, including:
Message repudiation attacks: In a message repudiation attack, an attacker sends
a message and then later denies having sent it. This can be done by using
spoofed or falsified headers or by exploiting vulnerabilities in the messaging
system.

5
BIS (4360702) Prof. Devanshi Dave

Transaction repudiation attacks: In a transaction repudiation attack, an attacker

makes a transaction, such as a financial transaction, and then later denies having
made it. This can be done by exploiting vulnerabilities in the transaction processing
system or by using stolen or falsified credentials.
Data repudiation attacks: In a data repudiation attack, an attacker modifies or
deletes data and then later denies having done so. This can be done by
exploiting vulnerabilities in the data storage system or by using stolen or falsified
credentials.
Replay –
It involves the passive capture of a message and its subsequent transmission to
produce an authorized effect. In this attack, the basic aim of the attacker is to save
a copy of the data originally present on that particular network and later on use
this data for personal uses. Once the data is corrupted or leaked it is insecure and
unsafe for the users.

Replay

Denial of Service –
Denial of Service (DoS) is a type of cybersecurity attack that is designed to make a
system or network unavailable to its intended users by overwhelming it with traffic
or requests. In a DoS attack, an attacker floods a target system or network with
traffic or requests in order to consume its resources, such as bandwidth, CPU
cycles, or memory, and prevent legitimate users from accessing it.
There are several types of DoS attacks, including:
Flood attacks: In a flood attack, an attacker sends a large number of packets or
requests to a target system or network in order to overwhelm its resources.
6
BIS (4360702) Prof. Devanshi Dave

Amplification attacks: In an amplification attack, an attacker uses a third-party

system or network to amplify their attack traffic and direct it towards the
target system or network, making the attack more effective.
To prevent DoS attacks, organizations can implement several measures, such
as:
1.Using firewalls and intrusion detection systems to monitor network traffic and
block suspicious activity.
2.Limiting the number of requests or connections that can be made to a system
or network.
3.Using load balancers and distributed systems to distribute traffic across
multiple servers or networks.
4.Implementing network segmentation and access controls to limit the impact of
a DoS attack.

Denial of Service

Passive attacks: A Passive attack attempts to learn or make use of information

from the system but does not affect system resources. Passive Attacks are in the
nature of eavesdropping on or monitoring transmission. The goal of the opponent
is to obtain information that is being transmitted. Passive attacks involve an
attacker passively monitoring or collecting data without altering or destroying it.
Examples of passive attacks include eavesdropping, where an attacker listens in on
network traffic to collect sensitive information, and sniffing, where an attacker
captures and analyzes data packets to steal sensitive information.

7
BIS (4360702) Prof. Devanshi Dave

Types of Passive attacks are as follows:

 The release of message content
 Traffic analysis

The release of message content –

Telephonic conversation, an electronic mail message, or a transferred file may
contain sensitive or confidential information. We would like to prevent an
opponent from learning the contents of these transmissions.

Passive attack

Traffic analysis –
Suppose that we had a way of masking (encryption) information, so that the
attacker even if captured the message could not extract any information from the
message.
The opponent could determine the location and identity of communicating host
and could observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of the communication that was
taking place.
The most useful protection against traffic analysis is encryption of SIP traffic. To do
this, an attacker would have to access the SIP proxy (or its call log) to determine
who made the call.

8
BIS (4360702) Prof. Devanshi Dave

Traffic analysis

Q.4 Explain CIA Triad.

When talking about network security, the CIA triad is one of the most important
models which is designed to guide policies for information security within an
organization.

CIA stands for :

1. Confidentiality
2. Integrity
3. Availability

9
BIS (4360702) Prof. Devanshi Dave

These are the objectives that should be kept in mind while securing a network.
Confidentiality
Confidentiality means that only authorized individuals/systems can view sensitive
or classified information. The data being sent over the network should not be
accessed by unauthorized individuals. The attacker may try to capture the data
using different tools available on the Internet and gain access to your information.
A primary way to avoid this is to use encryption techniques to safeguard your data
so that even if the attacker gains access to your data, he/she will not be able to
decrypt it. Encryption standards include AES (Advanced Encryption Standard)
and DES (Data Encryption Standard). Another way to protect your data is through a
VPN tunnel. VPN stands for Virtual Private Network and helps the data to move
securely over the network.

10
BIS (4360702) Prof. Devanshi Dave

Integrity
The next thing to talk about is integrity. Well, the idea here is to make sure that
data has not been modified. Corruption of data is a failure to maintain data
integrity. To check if our data has been modified or not, we make use of a hash
function.
We have two common types: SHA (Secure Hash Algorithm) and MD5(Message
Direct 5). Now MD5 is a 128-bit hash and SHA is a 160-bit hash if we’re using SHA-
1. There are also other SHA methods that we could use like SHA-0, SHA-2, and SHA-
3.
Let’s assume Host ‘A’ wants to send data to Host ‘B’ to maintain integrity. A hash
function will run over the data and produce an arbitrary hash value H1 which is
then attached to the data. When Host ‘B’ receives the packet, it runs the same
hash function over the data which gives a hash value of H2. Now, if H1 = H2, this
means that the data’s integrity has been maintained and the contents were not
modified.

Availability
This means that the network should be readily available to its users. This applies to
systems and to data. To ensure availability, the network administrator should
maintain hardware, make regular upgrades, have a plan for fail-over, and prevent
bottlenecks in a network. Attacks such as DoS or DDoS may render a network
unavailable as the resources of the network get exhausted. The impact may be
significant to the companies and users who rely on the network as a business tool.
Thus proper measures should be taken to prevent such attacks.

11
BIS (4360702) Prof. Devanshi Dave

Q.5 What are the security services and mechanism? Explain in detail.

 Security services and mechanisms are closely related because a mechanism or

combination of mechanisms are used to provide a service.

Security services

 Authentication: assures recipient that the message is from the source that
it claims to be from.
 Access Control: controls who can have access to resource under what condition
 Availability: available to authorized entities for 24/7.
 Confidentiality: information is not made available to unauthorized individual
 Integrity: assurance that the message is unaltered

12
BIS (4360702) Prof. Devanshi Dave

 Non-Repudiation: protection against denial of sending or receiving in the

communication.

Security Mechanisms

Types of Security Mechanism are:

1. Encipherment :
This security mechanism deals with hiding and covering of data which helps
data to become confidential. It is achieved by applying mathematical
calculations or algorithms which reconstruct information into not readable
form. It is achieved by two famous techniques named Cryptography and
Encipherment. Level of data encryption is dependent on the algorithm used for
encipherment.
2. Access Control :
This mechanism is used to stop unattended access to data which you are
sending. It can be achieved by various techniques such as applying passwords,
using firewall, or just by adding PIN to data.
3. Notarization :
This security mechanism involves use of trusted third party in communication. It
acts as mediator between sender and receiver so that if any chance of conflict is
reduced. This mediator keeps record of requests made by sender to receiver for
later denied.
4. Data Integrity :
This security mechanism is used by appending value to data to which is created
by data itself. It is similar to sending packet of information known to both
sending and receiving parties and checked before and after data is received.
When this packet or data which is appended is checked and is the same while
sending and receiving data integrity is maintained.
13
BIS (4360702) Prof. Devanshi Dave

5. Authentication exchange :
This security mechanism deals with identity to be known in communication.
This is achieved at the TCP/IP layer where two-way handshaking mechanism is
used to ensure data is sent or not
6. Bit stuffing :
This security mechanism is used to add some extra bits into data which is being
transmitted. It helps data to be checked at the receiving end and is achieved by
Even parity or Odd Parity.
7. Digital Signature :
This security mechanism is achieved by adding digital data that is not visible to
eyes. It is form of electronic signature which is added by sender which is
checked by receiver electronically. This mechanism is used to preserve data
which is not more confidential but sender’s identity is to be notified.

14