Masquerading attack
Pretending to be another entity
What are the four main types of security violations?
- Breach of confidentiality (unauthorised data access)
- Breach of integrity (unauthorised data modification)
- Breach of availability (unauthorised data destruction)
- Theft of service (unauthorised resource use)
Replay attack
Maliciously resending valid data
Man-in-the-middle
Intercepting and altering communications
At which 4 levels must security be implemented?
- Physical (data centres, hardware)
- Human (prevent social engineering)
- Operating System (protection mechanisms)
- Network (secure communications)
Threats: Trojan Horse
Disguised malware e.g. fake login
Threats: Logic Bomb
Triggers under specific conditions
Threats: Buffer Overflow
Overwrites memory to exploit
Threats: Virus
Self-replicating code infects files
Symmetric Encryption
Uses one shared skey to encrypt/decrypt
Asymmetric Encryption
Uses public key (encrypt) and private key (decrypt)
How does RSA encryption work?
- Generate primes p and q; compute N=p*q
- Public key: (ke, N)
- Private key: (kd, N)
Worms
Self-replicating malware e.g. Morris worm
Denial of Service attacks
Overloads systems to deny service e.g. traffic floods
Plaintext
Original message
Ciphertext
Encrypted message
Cipher
Algorithm for encryption/decryption
Why is cryptography essential in networks?
Prevents eavesdropping/spoofing by ensuring:
- Confidentiality (only authorised parties read data)
- Authentication (verify sender/receiver)
