A

NATIONAL LEVEL PAPER PRESENTATION

A Paper On

Presented By

Vishal A. Gondane Vishal G. Ramteke

B.E. 3rd Year. Comp. Sci. & Engg. B.E 3rd Year. Comp. Sci. & Engg.
Email ID: - vishalag_2021@yahoo.co.in Email ID: - ramkteke.vishal@gmail.com
Contact number: - 9766859008 Contact number: - 9970353301

Babasaheb Naik College of Engineering,

Pusad 445215, Yavatmal (M.S.)
Abstract stronger security solutions. Solutions like
Information systems in corporations, Internet security utilities, email bulking,
government agencies and other enriched encryption, virtual keyboard,
organizations have undergone a steady digital signature etc. Those solutions are
evolution. Internet security is a fashionable only components of an overall security
and fast-moving field; the attacks that are system, they are vital components, and
catching the headlines can change organization must invest the time required to
significantly from one year to the next. evaluate the best system for their needs and
Regardless of whether they’re directly then deploy it as quickly as possible.
relevant to the work you do, network-based Security breaches are an ever-present
attacks are so high-profile that they are danger, and there’s no time like the present
likely to have some impact, even if you only to protect your company’s valuable data.
use hacker stories to get your client to
allocate increased budgets to counter the
more serious threats. The point is, some
knowledge of the subject is essential for the
working security engineer. There are several
fashionable ideas, such as that information
can be secured by new trends such as
internet utilities, email bulking, enriched
encryption, virtual keyboard, digital
signature etc.
Of course, many attacks are
presented in the media as network hacking
when they are actually done in more
traditional ways. Security breaches are very
real and very dangerous. Every company
now recognizes how easily it can become
the victim of deliberate or random attacks.
Network security professionals are aware of
the threats, and are developing better and

2
 Contents
Introduction
• Introduction
A basic understanding of computer
• Threats affecting Information
networks is requisite in order to understand
Security
the principles of network security. An
1. E-mail Bombing
intruder with the right background and
2. Remote Keylogging software
malicious intent has many ways to infiltrate
3. Logic and Time bomb
internal company systems and network
Attacks
devices through the Internet connection.
4. Trojan Attacks
Once inside, the hacker has free reign to
5. Spyware Attacks
destroy, change, or steal data and these
6. Sniffing Attacks
actions because various sorts of network
• Network Securities
havoc. The most popular use of the Internet,
1. Internet Security Utilities
e-mail, is also insecure. The same hacker
2. E-mail spamming
with a protocol analyzer and access to
3. Enriched encryption format
routers and other network devices can
4. VPN Enhanced Security
intercept or change messages.
5. Virtual keyboard
The impressive development of
6. Hardware Firewall
computer networks has reached the point,
7. Digital Signature
where security becomes essential. Users
• Conclusion
want to exchange data in a secure way. The
• Bibliography
problem of network security is a complex
issue. Network security means a protection
of the network assets, which includes terms
like firewall, VPN enhanced security,
authentication, and cryptography. A firewall
is a barrier between two networks, an
internal network (trusted network) and an
external network (mistrusted network). A
VPN is a private data network that makes

3
use of the public network infrastructure.
Encryption is to encode data into human
unreadable format. Here the external
network is the Internet. Cryptography is
used to provide data integrity, entity
authentication and digital signatures.
The benefits of connecting to the
Internet are clear. This paper discusses the
risks you face when you connect to the
Internet, describes the types of attacks that
can occur, and offers an overview of firewall
technology, which can protect your network
from hackers. Specifically, the
discusses the implementation of a network
securities and what you should consider in
choosing the type of security you require.
Threats in Information
security
E-mail Bombing
Abusers repeatedly sending an email
message to a particular address at a specific
victim site characterize email bombing. In
many instances, the messages will be large
and constructed from meaningless data in an
effort to consume additional system and
network resources. Multiple accounts at the
target site may be abused, increasing the
denial of service impact. In Internet usage,
an e-mail bomb is a form of net abuse
consisting of sending huge volumes of e-
mail to an address in an attempt to overflow
the mailbox or overwhelm the server where
the email address is hosted in a denial-of-
service attack. There are two methods of
perpetrating an e-mail bomb, mass mailing
and list linking.
Remote Keylogging softwares
Remote Keylogger offers users the
ability to remotely monitor a computer via a
web browser, without even having physical
paper
access to the PC. It will allow you to
remotely install the monitoring system
through an email attachment without the PC
user recognizing the installation at all. And
you can access the activity logs from
anywhere via you favorite web browser.
Remote Keylogger comes with a
configuration program that allows you to
create a remote install module that you e-
mail to the remote PC you wish to monitor.
You must attach this file you create to an
email, and then send it to the remote PC.
From there the user must download and run
the attached file to install Remote
Keylogger. You can choose to enable or
disable the 'alert user' option that Remote
Keylogger has. Once the user runs the file,
their activities will be stored on our servers,
so you can view them from any location -
4
securely, of course. To aid the install
process, you can give any name to the install
module you create such as CoolPictures.exe
or FunGame.exe (it must always end with
the .exe extension to run).
Logic and Time bomb Attacks
A logic bomb is a piece of code
intentionally inserted into a software system
that will set off a malicious function when
specified conditions are met. For example, a
programmer may hide a piece of code that
starts deleting files (such as the salary
database), should they ever leave the
company. Software that is inherently
malicious, such as viruses and worms, often
contain logic bombs that execute a certain
payload at a pre-defined time or when some
other condition is met. This technique can be
used by a virus or worm to gain momentum
and spread before being noticed. Many
viruses attack their host systems on specific
dates, such as Friday the 13th or April Fool's
Day. Trojans that activate on certain dates
are often called "time bombs". To be
considered a logic bomb, the payload should
be unwanted and unknown to the user of the
software. As an example, trial programs
with code that disables certain functionality
after a set time are not normally regarded as
logic bombs
Trojan Attacks
Trojans are intelligent programs
made by the hackers act as a computer virus.
Trojans are small programs that effectively
give “hackers” remote control over your
entire Computer. Hackers send Trojan on
the target machine, target machine operating
system, considers Trojan file is system file
and hence OS don’t allow deleting it by an
anti-virus tool. Thereafter Trojans starts
working, the Trojan program sends all the
system information to the hacker. And here
is the hacker got an access of the target
system. Trojan attacks are very common and
old attack; there are so many anti-virus
utilities that trap Trojans, hence it is not so
harmful for your system.
Spyware Attacks
Spyware is also an intelligent
program, which investigates your system
secretly and sends all the information back
to the hacker. There are so many Spyware
programs available on the Internet. Spyware
doesn’t consist of any virus code and hence
it is not so much easy to detect them. Now
days Spyware attacks are very famous in
computer and mobile hacking.
5
Sniffing Attacks threats. Some of the famous software’s are

A sniffer is an application or device Norton Internet Security, etrust threat

that can read, monitor, and capture network management software, and Avira premium

data exchanges and packets. If the packets Internet security etc. These utilities are also

are not encrypted, a sniffer provides a full helpful to Spam Spyware and Trojans.

view of the data that is inside of the packet.

Even encapsulated (tunneled) packets can be
opened and read if they are not encrypted.
Using a sniffer, an attacker can do the
following:
• Analyze network and access
information, eventually causing the
network to stop responding or
become corrupted.
• Read private communications.

Trends in information
Securities
Why Securities are essential?
Today’s world is fast growing in Internet
area and criminal minds take its misuse to
explore their negative thinking ideas and
terrorism.

How to overcome it?

Internet Security Utilities
They’re so many utilities available
on the Internet and very powerful to protect
your system against vulnerabilities and

6
 Data that can be read and understood

E-mail spamming without any special measures is called

plaintext or clear text. The method of
E-mail spam, also known as "bulk e-
disguising plaintext in such a way as to hide
mail" or "junk e-mail," is a subset of spam
its substance is called encryption.
that involves nearly identical messages sent
Encrypting plaintext results in unreadable
to numerous recipients by e-mail. A
format called cipher text. The process of
common synonym for spam is unsolicited
reverting cipher text to its original plaintext
bulk e-mail (UBE). Definitions of spam
is called decryption
usually include the aspects that email is
unsolicited and sent in bulk "UCE" refers
specifically to "unsolicited commercial e-
mail.". E-mail spam slowly but
exponentially grew for several decades to
several billion messages a day. Spam has
frustrated, confused, and annoyed e-mail
users. Laws against spam have been Encryption and Decryption

sporadically implemented, with some being

opt-out and others requiring opt in e-mail. VPN enhanced security
The total volume of spam (over 100 billion Virtual private network (VPN)
emails per day as of April 2008) has leveled connections enabled with PPTP and L2TP
off slightly in recent years, and is no longer are authenticated by using PPP user-level
growing exponentially. The amount received authentication methods. These include
by most e-mail users has decreased, mostly Password Authentication Protocol (PAP),
because of better filtering. About 80% of all Challenge Handshake Authentication
spam is sent by fewer than 200 spammers. Protocol (CHAP), Shiva Password
Botnets, networks of virus infected Authentication Protocol (SPAP), Microsoft
computers, are used to send about 80% of Challenge Authentication Protocol (MS-
spam. CHAP), and optionally, Extensible
Authentication Protocol (EAP).
Enriched encryption format

7
By using the new Extensible Authentication
Protocol (EAP) and Internet Protocol
security (IPsec) security options, a virtual
private network provides enhanced security
for remote users. For example, if your
remote access server has been configured to
require EAP for authorization, the highest
level of authentication is enforced for the
dial-up or virtual network connections of the
remote access server. By taking advantage
of Point-to-Point Protocol (PPP)
authentication and encryption options,
defining PPTP filtering on your remote
access server, and restricting remote access
servers on the Internet to only accept
authenticated PPTP clients who encrypt
data, your system administrator can tighten
data security and manage remote users much
more efficiently.
In some environments, data is so
sensitive that it needs to be physically
separated, and hidden, from the majority of
corporate users. Finance or human resources
data are examples of this type of data.
Corporations can use VPN connections
through a VPN server to physically separate
extremely sensitive data servers, yet allow
secure access to the data by selected users.
Users on the corporate intranet who have
been granted the appropriate permissions
can establish a remote client VPN
connection with the VPN server and can
access the protected resources of the
sensitive department network. Additionally,
all communication across the VPN is
encrypted for data confidentiality. Users
who do not have proper permissions to
establish a VPN with the VPN server cannot
see the hidden server.
8
Virtual keyboard
A virtual keyboard is a software
and/or hardware component that allows a
user to enter characters. A virtual keyboard
can usually be operated with multiple input
devices, which may include an actual
keyboard, a computer mouse, a headmouse,
and an eyemouse. On a desktop PC, the
primary purpose of a virtual keyboard is to
provide an alternative mechanism for
disabled users that can not use a physical
keyboard.
Hardware Firewall
A hardware firewall is a small metal
box filled with the plugs openings, or ports.
You hook your computer into the box and
then set it up on your computer, just as you
would new printer or other peripheral.
Because it’s not physiaclly on your machine,
a hardware firewall is somewhat vulnerable
than a software firewall. You could look at a
hardware firewall as a mini computer, and
the price of hardware firewall reflects this
difference, Hardware firewalls are typically
owned by larger bussiness.
Digital signature
In digital signature instead of
encrypting information using someone else's
public key, you encrypt it with your private
key. Public key digital signatures provide
authentication and data integrity. A digital
signature also provides non-repudiation,
which means that it prevents the sender from
claiming that he or she did not actually send
the information. If the information can be
decrypted with your public key, then it must
have originated with you. Thus digital
signature serves the same purpose as a
handwritten signature.
Conclusion
Everyone has a different idea of what
``security'' is, and what levels of risk are
acceptable. It's important to build systems
and networks in such a way that the user is
not constantly reminded of the security
system around him. As and when new
security methods are developed, breaking of
9
these methods has increased. So measures
have to be taken to fill the loopholes.
Technologies such as Proxy Servers
and Firewalls will always be there, but
security can never be asserted till the time
these preventive and protective measures are
implemented properly. Hence, the best way
to thwart malicious is to stay one step ahead
of them.

Digital Signature

References
www.guruji.com
www.packetstormsecurity.com
www.hackingmobilephones.com
www.howstuffworks.com
www.google.com
www.webopedia.com
www.networksecurityassults.com
www.securityadviser.com
www.opendns.com

10