In this lecture, professor Gunes talked about Network Security.
There is no security in internet because of its initial design. Early security flaws involved phone phreaking, where when you whistle a correct tone into the phone, you could reset the trunk lines. Robert Morris created a worm in 1988 that infected computers to see how many computers that were on the internet. Due to poor coding, he brought down around 6,000 computers on the internet. Kevin Mitnick was the first hacker on FBI's Most Wanted list. He stole many credit cards and served time for his crimes. He now a security consultant.
Some worms in history, including the Sapphire Worm, was the fast computer worm in history. Infect more than 90 percent of vulnerable hosts within 10 minutes. Back in the day, patches and system updates were more "optional", there were no automatic updates. This lead to huge problems, because people that weren't computer people, wouldn't update their software. DoS attacks involve something sending out bogus requests to overload a system.
The number of desktops grew exponentially in the 80s, but there were still no emphasis on security. It wasn't initially designed for commercial purposes. It was designed for a group of people with mutually trusting users.
For parties of different services (the provider, the user, the attacker), they all have different concerns about what they would like to protect. In the bank example in the slides, the bank service provider wants to protect their money, where users should not be able to change the amount of money whenever they want. The good guys have to think like the bad guys to protect what they are planning to do.
The basic security services that are essential in network communication are: authentication, authorization, availability, confidentially, integrity, and non-repudiation. Different types of security attacks are passive and active attacks, Passive attacks include message eaves dropping and monitoring transmissions, while active attacks include masquerade, replay, modification of message contents, and denial of service attacks, the general modification of the data stream.
Very informative article. So many types of security applications are available to secure the information that travels across the network. One of the most promising and best solution is digital signature scheme which is trusted widely.
ReplyDeleteelectronic signature