Unit-1

Introduction to Network Security:

Overview of Network Security: Computer security concepts, The OSI Security
architecture, Security attacks, Security services, Security Mechanisms, A Model for
Network Security, Intruders: Intrusion Detection, Malicious Software.
Cryptography
Cryptography is technique of securing information and communications
through use of codes so that only those person for whom the information is
intended can understand it and process it thus preventing unauthorized
access to information. The prefix “crypt” means “hidden” and suffix
“graphy” means “writing”.

Network Security
Network security is the field of cybersecurity focused on protecting
computer networks and systems from internal and external cyberthreats and
cyberattacks.

Open System Interconnections (OSI) architecture provides a systematic

framework for defining security attacks, mechanisms and services.
 Introduction

Cryptographic algorithms and protocols can be grouped into four main areas:
• Symmetric encryption: Used to conceal (hide) the contents of blocks or streams
of data of any size, including messages, files, encryption keys, and passwords.
• Asymmetric encryption: Used to conceal small blocks of data, such as encryption
keys and hash function values, which are used in digital signatures.
• Data integrity algorithms: Used to protect blocks of data, such as messages, from
alteration.
• Authentication protocols: These are schemes based on the use of cryptographic
algorithms designed to authenticate the identity of entities.
Computer Security

The protection afforded to an automated information system in order to

attain the applicable objectives of preserving the integrity, availability,
and confidentiality of information system resources (includes hardware,
software, firmware, information/data, and telecommunications).

This definition introduces three key objectives that are at the heart of
computer security:
• Confidentiality
• Integrity
• Availability
• Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is
not made available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information
related to them may be collected and stored and by whom and to whom that
information may be disclosed.

• Integrity: This term covers two related concepts:

Data integrity: Assures that information and programs are changed only
in a specified and authorized manner.
System integrity: Assures that a system performs its intended function in
an unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.

• Availability: Assures that systems work promptly and service is not denied to
authorized users
CIA Triad
3 levels of impact from a security breach

 Low
 Moderate
 High

Low:
The loss could be expected to have a limited adverse effect on
organizational operations, organizational assets, or individuals
1) The effectiveness of the functions is noticeably reduced
2) Results in minor damage to organizational assets
3) Results in minor financial loss
4) Results in minor harm to individuals
Moderate:
The loss could be expected to have a serious adverse effect on organizational operations,
organizational assets, or individuals
1) Effectiveness of the functions is significantly reduced
2) Results in significant damage to organizational assets
3) Results in significant financial loss
4) Results in significant harm to individuals that does not involve loss of life or serious
life threatening injuries

High:
The loss could be expected to have a severe or catastrophic adverse effect on
organizational operations, organizational assets, or individuals.
1) Results in major damage to organizational assets
2) Results in major financial loss
3) Results in severe harm to individuals involving loss of life or serious life threatening
injuries
Challenges of Computer Security

• Security is not as simple as it might first appear to the beginner.

• Having designed various security mechanisms, it is necessary to
decide where to use them.
• Security mechanisms typically involve more than a particular
algorithm or protocol.
• Computer and network security is essentially a battle of wits between
perpetrator and the designer.
• Security requires regular even constant monitoring, and this is
difficult in today’s short term overloaded environment.
OSI Security Architecture
ITU-T X.800 “Security Architecture for OSI” defines a systematic
way of defining and providing security requirements
It is useful to managers for providing security
It provides a useful, overview of many of the concepts for us
Threats and Attacks

Threat - A potential for violation of security, which exists when there is a

circumstance, capability, action, or event that could breach security and cause
harm. That is, a threat is a possible danger that might exploit a vulnerability.
vulnerability – a way by which loss can happen.

Attack - An assault on system security that derives from an intelligent threat; that is,
an intelligent act that is a deliberate attempt (especially in the sense of a method or
technique) to evade security services and violate the security policy of a system.
Aspects of Security
The OSI security architecture focuses on security attacks, mechanisms, and
services. These can be defined briefly as follows
 consider 3 aspects of information security:
 Security attack: Any action that compromises the security of

information owned by an organization

 Security mechanism: A process (or a device incorporating such a

process) that is designed to detect, prevent, or recover from a security

attack
 Security service: A processing or communication service that

enhances the security of the data processing systems and the

information transfers of an organization.
Security Attacks
Two types of attacks
1. Passive Attacks
2. Active Attacks

Passive attack attempts to learn or make use of information from the

system but does not affect system resources.
Active attack attempts to alter system resources or affect their
operation
Passive Attack
Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions.
The goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are:
 Release of message contents - A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or confidential information.
 Traffic analysis - monitor traffic flow to determine location and identity of
communicating hosts and could observe the frequency and length of messages
being exchanged
• Passive attacks are very difficult to detect because they do not involve any
alteration of the data.
• Neither the sender nor receiver is aware that a third party has read the messages
or observed the traffic patterns.
• It is feasible to prevent the success of these attacks usually by means of
encryption.
• The emphasis in dealing with passive attacks is on prevention rather than
detection.
Active Attack
• Active attacks involve some modification of the data stream or
the creation of a false stream and can be subdivided into four
categories: masquerade, replay, modification of messages, and
denial of service.
Masquerade

• A masquerade takes place when one entity pretends to be a

different entity. A masquerade attack usually includes one of the
other forms of active attack.
Replay
• Replay involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect
Modification of messages
• Modification of messages simply means that some portion of a
legitimate message is altered, or that messages are delayed or
reordered, to produce an unauthorized effect.
Denial of service
• The denial of service prevents or inhibits the normal use or management
of communications facilities. This attack may have a specific target.
• An entity may suppress all messages directed to a particular destination
(e.g., the security audit service). Another form of service denial is the
disruption of an entire network, either by disabling the network or by
overloading it with messages so as to degrade performance.
Handling Attacks

 Passive attacks – focus on Prevention

• Easy to stop
• Hard to detect
 Active attacks – focus on Detection and Recovery
• Hard to stop
• Easy to detect
Security Services
A processing or communication service that is provided by a system to give a
specific kind of protection to system resources.
Security services implement security policies and are implemented by security
mechanisms.

X.800 divides these services into five categories and fourteen specific services

1. Authentication
2. Access Control
3. Data Confidentiality
4. Data Integrity
5. Nonrepudiation
1.Authentication :
The authentication service is concerned with assuring that a communication is
authentic.
The assurance that the communicating entity is the one that it claims to be.

• Peer entity authentication:

It provides for the corroboration of the identity of a peer entity in an association.
Two entities are considered peers if they implement to same protocol in different
systems; e.g., two TCP modules in two communicating systems.
It attempts to provide confidence that an entity is not performing a masquerade

• Data origin authentication:

It provides for the corroboration of the source of a data unit
It does not provide protection against the duplication or modification of data units.
This type of service supports applications like electronic mail, where there are no
prior interactions between the communicating entities.
2. Access Control:
It is the prevention of unauthorized use of a resource.
It is the ability to limit and control the access to host systems and applications via
communication links.
Each entity trying to gain access must first be identified or authenticated so that access
rights can be tailored to the individual

3. Data Confidentiality:
The protection of data from unauthorized disclosure.

• Connection Confidentiality: The protection of all user data on a connection.

• Connectionless Confidentiality: The protection of all user data in a single data block
• Selective-Field Confidentiality: The confidentiality of selected fields within the user
data on a connection or in a single data block.
• Traffic-Flow Confidentiality: The protection of the information that might be derived
from observation of traffic flows. Attacker not be able to observe source, destination,
frequency, length of the traffic.
4. Data Integrity:
The assurance that data received are exactly as sent by an authorized entity (i.e., contain
no modification, insertion, deletion, or replay).
• Connection Integrity with Recovery: Provides for the integrity of all user data on a
connection and detects any modification, insertion, deletion, or replay of any data within an
entire data sequence, with recovery attempted.
• Connection Integrity without Recovery: As above, but provides only detection without
recovery
• Selective-Field Connection Integrity: Provides for the integrity of selected fields within the
user data of a data block transferred over a connection and takes the form of determination of
whether the selected fields have been modified, inserted, deleted, or replayed.
• Connectionless Integrity: Provides for the integrity of a single connectionless data block and
may take the form of detection of data modification. Additionally, a limited form of replay
detection may be provided.
• Selective-Field Connectionless Integrity: Provides for the integrity of selected fields within a
single connectionless data block; takes the form of determination of whether the selected
fields have been modified.
5. Nonrepudiation:

Provides protection against denial by one of the entities involved in a

communication of having participated in all or part of the communication.
• Nonrepudiation, Origin: Proof that the message was sent by the specified
party.
• Nonrepudiation, Destination: Proof that the message was received by the
specified party
Security Mechanisms:
1.SPECIFIC SECURITY MECHANISMS
May be incorporated into the appropriate protocol layer in order to provide some of
the OSI security services

• Encipherment : The use of mathematical algorithms to transform data into a form

that is not readily intelligible.
• Digital Signature: Data appended to, or a cryptographic transformation of a data unit
that allows a recipient of the data unit to prove the source and integrity of the data unit
and protect against forgery
• Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or
stream of data units.
• Authentication Exchange: An act of confirming the identity of the user by means of
information exchange.
• Traffic Padding: The insertion of bits into gaps in a data stream to frustrate
traffic analysis attempts
• Routing Control: Enables selection of particular physically secure routes for
certain data and allows routing changes, especially when a breach of security
is suspected.
• Notarization: The use of a trusted third party to assure certain properties of a
data exchange.
2.PERVASIVE SECURITY MECHANISMS

Mechanisms that are not specific to any particular OSI security service or protocol
layer.
• Trusted Functionality: That which is perceived to be correct with respect to some
criteria (e.g., as established by a security policy).
• Security Label: The means used to associate a set of security attributes with a
specific information object as part of the data structure for that object.
• Event Detection: Detection of security-relevant events.
• Security Audit Trail: Data collected and potentially used to facilitate a security
audit, which is an independent review and examination of system records and
activities. (Audits ensure that appropriate policies and procedures have been
implemented and are working effectively)
• Security Recovery: Deals with requests from mechanisms, such as event handling
and management functions, and takes recovery actions
A Model for Network Security
Message transferred between two parties – principals (sender and receiver).
Exchange takes place in defined route using protocols by principals.
Some Techniques that need to protect information from threats, to maintain
confidentiality and authenticity.
1.Encryption-scrambels message
2.Secret information
3.Trusted third party

Four basic tasks in designing particular service

1.Design algorithm for performing security related transformation.
2.Generate secret information to be used with the algorithm
3.Develop methods for distribution and sharing of secret information
4.Specific protocol to be used by the two principals

The threats to programs

1.Information access threats-modify data on behalf of user.
2.Service threat- Exploit service flaws and inhibit use by legitimate users.
Viruses and worms are the two examples of software attacks.
Such attacks can be introduced into a system by means of a disk that contains
the unwanted logic.
They can also be inserted into a system across a network.
There are two security mechanisms to cope with unwanted access.
1. Gatekeeper function- Password based login
2. A variety of internal controls that monitor activity and analyze stored
information in an attempt to detect the presence of unwanted intruders
Intruders

One of the two most publicized threats to security is the intruder (the other is
viruses), often referred to as a hacker or cracker.
Intrusion is any set of actions that attempt to compromise the confidentiality,
integrity, or availability of a computer resource.

Three classes of intruders:

1. Masquerader: An individual who is not authorized to use the computer and
who penetrates a system’s access controls to exploit a legitimate user’s
account.(outsider)
2. Misfeasor: A legitimate user who accesses data, programs or resources, but
misuses his or her privileges.(insider)
3. Clandestine user: An individual who seizes supervisory control of the
system and uses this control to evade auditing and access controls or to suppress
audit collection
Examples of intrusion:

• Performing a remote root compromise of an e-mail server

• Defacing a Webserver
• Guessing and cracking passwords
• Copying a database containing credit card numbers
• Viewing sensitive data, including payroll records and medical information,
without authorization
• Running a packet sniffer on a workstation to capture usernames and passwords
• Using a permission error on an anonymous FTP server to distribute pirated
software and music files
• Dialing into an unsecured modem and gaining internal network access
• Posing as an executive, calling the help desk, resetting the executive’s e-mail
• Password, and learning the new password
• Using an unattended, logged-in workstation without permission
Intruder Behaviour Patterns
The techniques and behavior patterns of intruders are constantly shifting, to exploit newly
discovered weaknesses and to evade detection and countermeasures
The intruder patterns typically differ from those of ordinary users.
There are 3 intruder behavior pattern
1. Hacker
2. Criminal Enterprise
3. Internal Threat

Hackers:
Traditionally those who hack into computers. The hacking community is a strong in which
status is determined by level of competence. Thus, attackers often look for targets of
opportunity and then share the information with others.
Criminals:
Criminal hackers usually have specific targets, or at least classes of targets in mind.
Once a site is penetrated, the attacker acts quickly, scooping up as much valuable
information as possible and exiting. IDSs and IPSs can also be used for these types of
attackers but may be less effective because of the quick in-and-out nature of the attack.
For e-commerce sites, database encryption should be used for sensitive customer
information, especially credit cards. For hosted e-commerce sites (provided by an
outsider service), the e-commerce organization should make use of a dedicated server
(not used to support multiple customers) and closely monitor the provider’s security
services.

Insider Attacks:
Insider attacks are among the most difficult to detect and prevent. Employees already
have access and knowledge about the structure and content of corporate databases.
Insider attacks can be motivated by revenge or simply a feeling of entitlement.
Intrusion Techniques:

 The objective of the intruder is to gain access to a system.

 Most initial attacks use system or software vulnerabilities that allow a user to execute
code that opens a back door into the system.
 Alternatively, the intruder attempts to acquire information that should have been
protected. In some cases, this information is in the form of a user password. With
knowledge of some other user’s password, an intruder can log in to a system and
exercise all the privileges accorded to the legitimate user.
 The password file can be protected in one of two ways:
One-way function:
The system stores only the value of a function based on the user’s password. When
the user presents a password, the system transforms that password and compares it
with the stored value. In practice, the system usually performs a one-way
transformation (not reversible) in which the password is used to generate a key for
the one-way function and in which a fixed-length output is produced.

Access control:
Access to the password file is limited to one or a very few accounts. If one or both of
these countermeasures are in place, some effort is needed for a potential intruder to
learn passwords
Intrusion
Any unauthorized access, not permitted attempt to access/damage or
malicious use of information resources

Intrusion Detection
Detection of break-ins and break-in attempts via automated software
systems

Intrusion Detection Systems(IDS)

Defense systems, which detect and possibly prevent intrusion detection
activities
INTRUSION DETECTION
• If an intrusion is detected quickly enough, the intruder can be identified and ejected
from the system before any damage is done or any data are compromised.
• An effective intrusion detection system can prevent intrusions
• Intrusion detection is based on the assumption that the behavior of the intruder differs
from that of a legitimate user in ways that can be quantified.
• We cannot expect that there will be a crisp, exact distinction between an attack by an
intruder and the normal use of resources by an authorized user.
The typical behavior of an intruder differs from the typical behavior of an authorized user,
there is an overlap in these behaviors. Thus, a loose interpretation of intruder behavior,
which will catch more intruders, will also lead to a number of “false positives,” or
authorized users identified as intruders. On the other hand, an attempt to limit false positives
by a tight interpretation of intruder behavior will lead to an increase in false negatives, or
intruders not identified as intruders
Two approaches to intrusion detection:

Statistical anomaly detection

Rule-based detection
 Statistical anomaly detection

Involves the collection of data relating to the behavior of legitimate users over a period of
time. Then statistical tests are applied to observed behavior to determine whether that
behavior is not legitimate user behavior.

This techniques fall into two broad categories:

 Threshold detection
 Profile-based systems

Threshold detection: This approach involves defining thresholds for the frequency of
occurrence of various events. It involves counting the number of occurrences of a specific
event type over an interval of time. If the count surpasses the threshold, then intrusion is
assumed.

Profile-based anomaly detection: A profile of the activity of each user is developed and
used to detect changes in the behavior of individual accounts.
 Rule-based intrusion detection

Rule-based techniques involves an attempt to define a set of rules that can be

used to decide that a given behavior is that of an intruder.
1. Anomaly detection: Rules are developed to detect deviation from previous usage
patterns.
2. Penetration identification: An expert system approach that searches for
suspicious behavior.

Statistical anomaly detection is effective against masqueraders. On the other hand,

rule-based approaches may be able to recognize misfeasers.
Audit Records

A fundamental tool for intrusion detection is the audit record. Some record of
ongoing activity by users must be maintained as input to an intrusion detection
system.
Basically, two plans are used:
• Native audit records: Virtually all multiuser operating systems include
accounting software that collects information on user activity. no additional
collection software is needed. The disadvantage is that the native audit records
may not contain the needed information or may not contain it in a convenient
form.
• Detection-specific audit records: A collection facility can be implemented that
generates audit records containing only that information required by the intrusion
detection system.
A good example of detection-specific audit records is one developed by Dorothy
Denning
Subject: Initiators of actions. All activity arises through commands issued by
subjects.
Action: Operation performed by the subject on or with an object , for example, login,
read, perform I/O, execute.
Object: Receptors of actions. Examples include files, programs, messages, records,
terminals, printers etc.
Exception-Condition: Denotes which, if any, exception condition is raised on return.
Resource-Usage: gives the list of amount used of some resource.
Time-Stamp: Unique time-and-date stamp identifying when the action took place.
 Rule-based anomaly detection

The rule-based approach, historical audit records are analyzed to identify usage
patterns and to generate automatically rules that describe those patterns. Rules may
represent past behavior patterns of users, programs, privileges, time slots, terminals,
and so on.
Rule-based anomaly detection does not require knowledge of security vulnerabilities
within the system. Rather, the scheme is based on observing past behavior and, in
effect, assuming that the future will be like the past.
Rule-based penetration
identification
• Penetration identification: An expert system approach that searches for
suspicious behavior.
• The key feature of such systems is the use of rules for identifying known
penetrations or penetrations that would exploit known weaknesses.
• Rules can also be defined that identify suspicious behavior, even when the
behavior is within the bounds of established patterns of usage.
The Base-Rate Fallacy
• An intrusion detection system should detect a substantial percentage of
intrusions while keeping the false alarm rate at an acceptable level.
• If the system frequently triggers an alert when there is no intrusion (a false
alarm), then either system managers will begin to ignore the alarms, or much
time will be wasted analyzing the false alarms.
• It is very difficult to meet the standard of high rate of detections with a low rate
of false alarms.
• If the actual numbers of intrusions is low compared to the number of legitimate
uses of a system, then the false alarm rate will be high
• A study of existing intrusion detection systems, indicated that current systems
have not overcome the problem of the base-rate fallacy.
Distributed Intrusion Detection

Until recently, work on intrusion detection systems focused on single-system

standalone facilities. The typical organization, however, needs to defend a
distributed collection of hosts supported by a LAN or internetwork.

It is possible to mount a defense by using stand-alone intrusion detection

systems on each host, a more effective defense can be achieved by
coordination and cooperation among intrusion detection systems across the
network.
Distributed Intrusion Detection

A distributed intrusion detection system may need to deal with different audit
record formats. In a heterogeneous environment, different systems will employ
different native audit collection systems and, if using intrusion detection, may
employ different formats for security-related audit records.

One or more nodes in the network will serve as collection and analysis points
for the data from the systems on the network. Thus, either raw audit data or
summary data must be transmitted across the network. Therefore, there is a
requirement to assure the integrity and confidentiality of these data

Either a centralized or decentralized architecture can be used.

Architecture of Distributed Intrusion Detection

• Host agent module: An audit collection module

operating as a background process on a
monitored system. Its purpose is to collect data
on security- related events on the host and
transmit these to the central manager.
• LAN monitor agent module: Operates in the
same fashion as a host agent module except that
it analyzes LAN traffic and reports the results to
the central manager.
• Central manager module: Receives reports
from LAN monitor and host agents and processes
and correlates these reports to detect intrusion.
Agent Architecture
• The agent captures each audit record produced by the
native audit collection system.
• A filter is applied that retains only those records that are
of security interest. These records are then reformatted
into a standardized format referred to as the host audit
record (HAR).
• Next, a template-driven logic module analyzes the
records for suspicious activity.
• When suspicious activity is detected, an alert is sent to
the central manager.
Honeypots
Honeypots are decoy systems that are designed to lure (tempt) a potential attacker away
from critical systems.
Honeypots are designed to
• divert an attacker from accessing critical systems
• collect information about the attacker’s activity
• encourage the attacker to stay on the system long enough for administrators to respond
• These systems are filled with fabricated information designed to appear valuable but that
a legitimate user of the system wouldn’t access. Thus, any access to the honeypot is
suspect.
• The system is instrumented with sensitive monitors and event loggers that detect these
accesses and collect information about the attacker’s activities, administrators have time
to mobilize and log and track the attacker without ever exposing productive systems.
Intrusion Detection Exchange Format
• To facilitate the development of distributed intrusion detection systems that can function
across a wide range of platforms and environments, standards are needed to support
interoperability.
• The purpose of the working group is to define data formats and exchange procedures for
sharing information of interest to intrusion detection and response systems and to
management systems that may need to interact with them.
The output of this working group include-
• A requirements document, which describes the high-level functional requirements for
communication between intrusion detection systems and requirements for communication
between intrusion detection systems and with management systems.
• A common intrusion language specification, which describes data formats that satisfy the
requirements.
• A framework document, which identifies existing protocols best used for communication
between intrusion detection systems and describes how the devised data formats relate to
them.
 MALICIOUS SOFTWARE
Malicious software is software that is intentionally included or inserted in a system for a harmful purpose.
A virus is a piece of software that can “infect” other programs by modifying them; the modification includes a
copy of the virus program, which can then go on to infect other programs.
A worm is a program that can replicate itself and send copies from computer to computer across network
connections.
Types of Malicious Software
Backdoor
Logic Bomb
Trojan Horses
Mobile Code
Multiple-Threat Malware
Malicious software can be divided into two categories: those that need a host program, and those that are
independent.
Dependent malware (parasitic), are essentially fragments of programs that cannot exist independently of some
actual application program, utility, or system program. Viruses, logic bombs, and backdoors are examples.
Independent malware is a self-contained program that can be scheduled and run by the operating system. Worms
and bot programs are examples.
Key categories of malicious software

Backdoor

• A backdoor, also known as a trapdoor, is a secret entry point into a program that allows
someone who is aware of the backdoor to gain access without going through the usual
security access procedures.
• Programmers have used backdoors legitimately for many years to debug and test
programs; such a backdoor is called a maintenance hook.
• The backdoor is code that recognizes some special sequence of input or is triggered by
being run from a certain user ID or by an unlikely sequence of events.
• Backdoors become threats when unscrupulous programmers use them to gain
unauthorized access
Logic bomb

• The logic bomb is code embedded in some legitimate program that is set to
“explode” when certain conditions are met.
• Examples of conditions that can be used as triggers for a logic bomb are the
presence or absence of certain files, a particular day of the week or date, or a
particular user running the application.
• Once triggered, a bomb may alter or delete data or entire files, cause a machine
halt, or do some other damage
Trojan Horses

• A Trojan horse is a useful program containing hidden code that, when invoked, performs
some unwanted or harmful function.
• Trojan horse programs can be used to accomplish functions indirectly that an
unauthorized user could not accomplish directly.
• For example, to gain access to the files of another user on a shared system, a user could
create a Trojan horse program that, when executed, changes the invoking user’s file
permissions so that the files are readable by any user.
• Placing it in a common directory and naming it such that it appears to be a useful utility
program or application
• Another common motivation for the Trojan horse is data destruction but it may also be
quietly deleting the user’s files
Trojan horses fit into one of three models:

• Continuing to perform the function of the original program and additionally

performing a separate malicious activity
• Continuing to perform the function of the original program but modifying the
function to perform malicious activity
• Performing a malicious function that completely replaces the function of the
original program
Mobile code

• Mobile code is transmitted from a remote system to a local system and then executed
on the local system without the user’s explicit instruction.
• Often acts as a mechanism for a virus, worm, or Trojan horse to be transmitted to the
user’s workstation.
• Popular vehicles for mobile code include Java applets, ActiveX, JavaScript, and
VBScript
• Unauthorized data access or root compromised
Multiple Threat Malware

A multipartite virus infects in multiple ways. Typically, the multipartite

virus is capable of infecting multiple types of files, so that virus eradication
must deal with all of the possible sites of infection. A blended attack uses
multiple methods of infection or transmission, to maximize the speed of
contagion and the severity of the attack.
THANK YOU