Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Amandeep Kaur Lecturer Computer Engg. GPC Khunimajra(Mohali)

Published byEdith Summers Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security Amandeep Kaur Lecturer Computer Engg. GPC Khunimajra(Mohali)"— Presentation transcript:

1 Network Security Amandeep Kaur Lecturer Computer Engg. GPC Khunimajra(Mohali)

2 What is computer Network A computer network, or simply a network, is a collection of computers and other hardware interconnected by communication channels that allow sharing of resources and information. Where at least one process in one device is able to send/receive data to/from at least one process residing in a remote device, then the two devices are said to be in a network

3 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents  sender encrypts message  receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and Availability: services must be accessible and available to users

4 Friends and enemies: Neel, Nikki, Trude  well-known in network security world  Neel, Nikki (lovers!) want to communicate “securely”  Trudy (intruder) may intercept, delete, add messages secure sender secure receiver channel data, control messages data Nikki Neel Trudy

5 Who might Neel, Nikki be?  … well, real-life Neel and Nikki!  Web browser/server for electronic transactions (e.g., on-line purchases)  on-line banking client/server  DNS servers  routers exchanging routing table updates  other examples?

6 There are bad guys (and girls) out there! Q: What can a “bad guy” do? A: a lot!  eavesdrop: intercept messages actively insert messages into connection  impersonation: can fake (spoof) source address in packet (or any field in packet)  hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place  denial of service: prevent service from being used by others (e.g., by overloading resources)

7 Internet security threats Packet sniffing:  broadcast media  promiscuous NIC reads all packets passing by  can read all unencrypted data (e.g. passwords)  e.g.: C sniffs B’s packets A B C src:B dest:A payload Countermeasures?

8 Internet security threats Packet sniffing: countermeasures  all hosts in organization run software that checks periodically if host interface in promiscuous mode.  one host per segment of broadcast media (switched Ethernet at hub) A B C src:B dest:A payload

9 Internet security threats IP Spoofing:  can generate “raw” IP packets directly from application, putting any value into IP source address field  receiver can’t tell if source is spoofed  e.g.: C pretends to be B A B C src:B dest:A payload Countermeasures?

10 Internet security threats IP Spoofing: ingress filtering  routers should not forward outgoing packets with invalid source addresses (e.g., datagram source address not in router’s network)  great, but ingress filtering can not be mandated for all networks A B C src:B dest:A payload

11 Internet security threats Denial of service (DOS):  flood of maliciously generated packets “swamp” receiver  Distributed DOS (DDOS): multiple coordinated sources swamp receiver  e.g., C and remote host SYN-attack A A B C SYN Countermeasures?

12 Internet security threats Denial of service (DOS): countermeasures  filter out flooded packets (e.g., SYN) before reaching host: throw out good with bad  traceback to source of floods (most likely an innocent, compromised machine) A B C SYN

13 What is Cyber Crime Computer crime refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Net crime refers to criminal exploitation of the Internet. Cybercrimes are defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)"

14 TYPES OF CYBER CRIMES Cyber terrorism Cyber pornography Defamation Cyber stalking (section 509 IPC) Sale of illegal articles-narcotics, weapons, wildlife Online gambling Intellectual Property crimes- software piracy, copyright infringement, trademarks violations, theft of computer source code Email spoofing Forgery Phising Credit card frauds Crime against persons Crime against Government Crime against property

15 TYPES OF CYBER CRIMES Cyber crimes Hacking Information Theft E-mail bombing Salami attacks Web jacking Denial of Service attacks Trojan attacks

16 NEED FOR CYBER LAWS TRACKING CYBER CRIMES INTELLECTUAL PROPERTY RIGHTS AND COPYRIGHTS PROTECTION ACT

17 IT ACT PROVISIONS email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law. Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. Digital signatures have been given legal validity and sanction in the Act.

18 IT ACT PROVISIONS The Act now allows Government to issue notification on the web thus heralding e- governance statutory remedy in case if anyone breaks into companies computer systems or network and causes damages or copies data

19 INTERNET AND ITS EFFECT 20% - 30% of Internet pornography consumption is by children of ages 12 - 17. MySpace is being used by predators to meet and entice kids online. Specific marketing strategies are being used to attract children to porn sites.

20 OFFENCES AND LAWS IN CYBER SPACE TAMPERING WITH COMPUTER DOCUMENTS HACKING WITH COMPUTER SYSTEM PUBLISHING OBSCENE MATERIAL ON INTERNET BREACHING OF CONFIDENTIALITY AND PRIVACY

21 IT Act 2000 In order to keep pace with the changing generation the Indian Parliament passed Information Technology (IT) Act, 2000. The IT Act has been conceptualized on the United Nations Commission on International Trade Law (UNCITRAL) Model Law The Act aims at providing legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communications commonly referred to as "electronic commerce" which involve the use of alternative to paper based methods of communication and storage of information and aims at facilitating electronic filing of documents with the government agencies.

22 Information Technology Act in a capsule Called the Information Technology Act, 2000. Came into force in June,2000 Extends to whole of India and also to people who contravene the provisions of the act outside India. Shall come into force as per notification by the Central govt. The Act applies to the whole of India. It also applies to any offence committed outside India by any person. It does not apply to the following. a negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881; a power-of-attorney as defined in section 1A of the Power-of-attorney Act, 1882;

23 Information Technology Act in a capsule a trust as defined in section 3 of the Indian Trusts Act, 1882; a will as defined in section 2 (h) of the Indian Succession Act, 1925 (39 of 1925) including any other testamentary disposition by whatever name called; any contract for the sale or conveyance of immovable property or any interest in such property; any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.

24 DIGITAL SIGNATURES: LEGITIMACY AND USE The Act has adopted the Public Key Infrastructure (PKI) for securing electronic transactions. A digital signature means an authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the other provisions of the Act. Thus a subscriber can authenticate an electronic record by affixing his digital signature. A private key is used to create a digital signature whereas a public key is used to verify the digital signature and electronic record. They both are unique for each subscriber and together form a functioning key pair.

25 DIGITAL SIGNATURES: LEGITIMACY AND USE Further, the Act provides that when any information or other matter needs to be authenticated by the signature of a person, the same can be authenticated by means of the digital signature affixed in a manner prescribed by the Central Government. The Act also gives the Central Government powers: a) to make rules prescribing the digital signature b) the manner in which it shall be affixed c) the procedure to identify the person affixing the signature d) the maintenance of integrity, security and confidentiality of records or e) payments and rules regarding any other appropriate matters

26 DIGITAL SIGNATURES: LEGITIMACY AND USE These signatures are to be authenticated by Certifying Authorities (CAs) appointed under the Act. These authorities would inter alia, have the license to issue Digital Signature Certificates (DSCs). The applicant must have a private key that can create a digital signature. This private key and the public key listed on the DSC must form the functioning key pair. Once the subscriber has accepted the DSC, he shall generate the key pair by applying the security procedure. Every subscriber is under an obligation to exercise reasonable care and caution to retain control of the private key corresponding to the public key listed in his DSC. The subscriber must take all precautions not to disclose the private key to any third party. If however, the private key is compromised, he must communicate the same to the Certifying Authority (CA) without any delay.

27 DESPATCH & ACKNOWLEDGEMENT- ELECTRONIC RECORDS All electronic records sent by an originator, his agent or an information system programmed by or on his behalf are attributable to him Where the originator has not agreed with the addressee that the acknowledgement of receipt of electronic data shall be given in a manner, the acknowledgement may be given by Any communication by the addressee, automated or otherwise; or Any conduct of the addressee, sufficient to indicate to the originator that the electronic record has been received

28 DESPATCH & ACKNOWLEDGEMENT- ELECTRONIC RECORDS Where the originator had stipulated that it shall be binding only on receipt of acknowledgement, then unless acknowledgement has been received, it shall mean that the electronic data was never sent. Where no such stipulation was made, then the originator may give a notice to the addressee stating that no such acknowledgement has been received and specifying a time by which the acknowledgement must be received by him, if still no acknowledgement is received, he may after giving notice to the addressee treat the electronic data as never sent Unless otherwise agreed the dispatch of an electronic record occurs when it enters a computer resource outside the control of the originator

29 DESPATCH & ACKNOWLEDGEMENT- ELECTRONIC RECORDS Unless otherwise agreed the time of receipt of electronic record shall be determined as follows: if the addressee has designated a computer resource for the purpose of receiving electronic records- receipt occurs at the time when the electronic record enters the designated computer resource; or if the electronic is sent to a resource that is not designated, receipt occurs when it is retrieved by the addressee

30 Penalty for damage to computer, computer system etc. “Damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means Tampering with the computer source documents. Whoever knowingly or intentionally conceals, destroys, or alters or causes another to do the same any computer source code used for a computer, computer programme, computer system or computer network, shall be punishable with imprisonment up to three years, or with fine upto Rs. 2 lakhs or with both. Whoever commits hacking of the computer system shall be punished with imprisonment up to three years, or with fine upto Rs. 2 lakhs or with both.

31 Penalty for damage to computer, computer system etc. Whoever publishes or transmits or cause to be published any matter which is obscene, shall be punished on first conviction with imprisonment may extend upped five years with a fine of upped RS. 1,00,000 (for second and subsequent convictions, imprisonment of upped 10 years and a fine of upped RS. 2,00,000) The government may notify certain computer systems or networks as being "protected systems", unauthorized access to which may be punishable with imprisonment upped 10 years in addition to a fine.

32 Penalty for damage to computer, computer system etc. Whoever makes a misrepresentation to, or suppresses any material fact from the Controller of Certifying Authorities and whoever commits breach of confidentiality and privacy, having access to electronic data under the Act shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to RS. 1,00,000 or with both. Penalties have also been prescribed for publishing false digital signature certificates or for use of such certificates for fraudulent and unlawful purposes, which is imprisonment for a term which may extend to two years, or with fine which may extend to Rs. 1,00,000 or with both

33 ADJUDICATION /COMPENSATION The Act provides the following: a) Damages by way of compensation not exceeding Rs. 10 million may be imposed for unauthorized access, unauthorized downloading or copying of data, introduction of computer viruses or contaminants, disruption of systems, denial of access or tampering with or manipulating any computer/network. “Computer contaminant" means set of computer instructions designed: - to modify, destroy, record, transmit data or programe residing within a computer, computer system or computer network; or - by any means to usurp the normal operation of the computer, computer system, or computer network;

34 ADJUDICATION /COMPENSATION Computer data base" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video are prepared or being prepared or produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network; “Computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource;

35 ADJUDICATION /COMPENSATION b) The Act does provide that no penalty imposed under the Act shall prevent imposition of any other punishments attracted under any other law for the time being in force.

36 OFFENCES OUTSIDE INDIA The provisions of the Act shall also apply to offences or contravention outside India, if such offences or contravention involves a computer, computer system or computer network located in India.

37 CYBER REGULATIONS APPELLATE TRIBUNAL (CRAT) A Cyber Regulations Appellate Tribunal (CRAT) is to be set up for appeals from the order of any adjudicating officer. It consists of one person only- the Presiding Officer. No appeal shall lie from an order made by an adjudicating officer with the consent of the parties. Every appeal must be filed within a period of forty- five days from the date on which the person aggrieved receives a copy of the order made by the adjudicating officer. As per the Act a provision has been made to appeal from the decision of the CRAT to the High Court within sixty days of the date of communication of the order or decision of the CRAT.

38 POWERS OF POLICE TO SEARCH, ARREST, ETC. A police officer not below the rank of Deputy Superintendent of Police, or any other officer authorised by the Central Government has the power to enter any public place and arrest any person without a warrant if he believes that a cyber crime has been or is about to be committed. Public place includes public conveyance, any hotel, any shop or any other place intended for use by, or accessible to the public

39 NETWORK SERVICES PROVIDERS ( ISP) Network services providers shall not be liable under this Act for any third party information or data made available, if they prove that the offence or contravention was committed without their knowledge or that they had exercised all due diligence to prevent such offence. Network service provider means an intermediary: Third party information means any information dealt with by network service provider in his capacity as intermediary

40 OFFENCES BY COMPANIES In respect of offences by companies, in addition to the company, every person, who at the time the contravention was committed, was in charge of, and was responsible to the company for the conduct of the business of the company, shall be guilty of the contravention, unless he proves that the contravention took place without his knowledge or that he exercised all due diligence to prevent such contravention.

41 What Do We Mean by Cyber Ethics? Analysis of the nature and social impact of computer technology Corresponding formulation and justification of policies for the ethical use of such technology.

42 Examples of cyber ethics Don’t be cyber bully. Don’t use copyright information as your own. Don’t share personal information too easily. Don’t lie. Do use internet for research and information. Do shop, bank and pay bill online.

43 Thank you very much.

Download ppt "Network Security Amandeep Kaur Lecturer Computer Engg. GPC Khunimajra(Mohali)"

Similar presentations

PRESENTATION ON CYBER LAWS. BIBLIOGRAPHY LAWS RELATING TO COMPUTER,INTERNET AND E- COMMERCE.LAWS RELATING TO COMPUTER,INTERNET AND E- COMMERCE. BY:NANDAN.

PRESENTATION ON CYBER LAWS. BIBLIOGRAPHY LAWS RELATING TO COMPUTER,INTERNET AND E- COMMERCE.LAWS RELATING TO COMPUTER,INTERNET AND E- COMMERCE. BY:NANDAN.
Rohas Nagpal, Asian School of Cyber Laws.  Information Technology Act, 2000  Imprisonment upto 10 years  Compensation upto Rs 1 crore  Indian Penal.

Rohas Nagpal, Asian School of Cyber Laws.  Information Technology Act, 2000  Imprisonment upto 10 years  Compensation upto Rs 1 crore  Indian Penal.
ITA 2008: Law Enforcement & Incident Response -The way forward- By Talwant Singh Addl. Distt. & Sessions Judge Delhi

ITA 2008: Law Enforcement & Incident Response -The way forward- By Talwant Singh Addl. Distt. & Sessions Judge Delhi
The Information Technology Act, 2000 and The Information Technology (amendment) Act, 2008 A Comparative analysis By – Sagar Rahurkar.

The Information Technology Act, 2000 and The Information Technology (amendment) Act, 2008 A Comparative analysis By – Sagar Rahurkar.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
INDIAN CYBERLAW- SOME PERSPECTIVES INDIAN CYBERLAW- SOME PERSPECTIVES.

INDIAN CYBERLAW- SOME PERSPECTIVES INDIAN CYBERLAW- SOME PERSPECTIVES.
INFORMATION TECHNOLOGY ACT 2000 AN OVERVIEW. PRESENTATION OVERVIEW Need for the law Legal issues regarding offer, Acceptance and conclusion of contract.

INFORMATION TECHNOLOGY ACT 2000 AN OVERVIEW. PRESENTATION OVERVIEW Need for the law Legal issues regarding offer, Acceptance and conclusion of contract.
I NFORMATION T ECHNOLOGY A CT 2000. B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.

I NFORMATION T ECHNOLOGY A CT B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.

Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.

GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.
Business Law Module 4 Module IV: Information Technology Act 2000

Business Law Module 4 Module IV: Information Technology Act 2000

Similar presentations

Ads by Google