Chapter 8: Security in Computer Networks

8.1 What is Network Security?

• Goals: Confidentiality, integrity, authentication, and availability.

• Threats: Eavesdropping, impersonation, message modification, and DoS attacks.

8.1 Introduction to Network Security

Key Concepts:

• Network Security Goals:

o Confidentiality: Ensuring that data is accessible only to authorized users.
o Integrity: Protecting data from being altered or tampered with.
o Availability: Ensuring that network services are accessible and functioning
properly when needed.
o Authentication: Verifying the identity of users and devices.
o Authorization: Granting permissions and access rights to authenticated users.
o Non-Repudiation: Ensuring that actions or transactions cannot be denied after
they have occurred.

Important Questions:

1. Q: What are the primary goals of network security? A: The primary goals are
confidentiality, integrity, availability, authentication, authorization, and non-repudiation.
2. Q: How do authentication and authorization differ? A: Authentication verifies the
identity of a user or device, while authorization determines the permissions and access
rights granted to the authenticated user.

8.2 Principles of Cryptography

• Encryption: Transforming data to prevent unauthorized access.

o Symmetric Key Encryption: Same key for encryption and decryption (e.g.,
AES).
o Public Key Encryption: Different keys for encryption and decryption (e.g.,
RSA).
• Digital Signatures: Provide authenticity and integrity.
• Hash Functions: Produce a fixed-size hash from variable-size input (e.g., SHA-256).
8.2 Principles of Cryptography

Key Concepts:

• Encryption: Transforming readable data (plaintext) into an unreadable format

(ciphertext) using a cryptographic algorithm and key.
o Symmetric Encryption: Uses the same key for both encryption and decryption
(e.g., AES, DES).
o Asymmetric Encryption: Uses a pair of keys (public and private) for encryption
and decryption (e.g., RSA).
• Hash Functions: Generate a fixed-size hash value from input data, used for integrity
verification (e.g., SHA-256, MD5).
• Digital Signatures: Provide a way to verify the authenticity and integrity of digital
messages or documents, using asymmetric encryption.
• Certificates and Public Key Infrastructure (PKI): Systems for managing public keys
and digital certificates to secure communications.

Important Questions:

1. Q: What is the difference between symmetric and asymmetric encryption? A: Symmetric

encryption uses the same key for both encryption and decryption, making it fast and
efficient for large data transfers. Asymmetric encryption uses a pair of keys, where one
key encrypts data and the other decrypts it, providing better security for key exchange
and authentication.
2. Q: How do hash functions contribute to network security? A: Hash functions generate a
unique hash value from input data, which can be used to verify the data’s integrity. Any
change in the input data results in a different hash value, helping to detect tampering or
corruption.

8.3 Authentication: Who Are You?

• Authentication Protocols: Verify the identity of users and devices.

o Passwords, Biometrics, Two-Factor Authentication: Common methods.
o Kerberos, Certificates: Protocols and technologies for secure authentication.

8.3 Network Security Measures

Key Concepts:
 • Firewalls: Devices or software that monitor and control incoming and outgoing network
traffic based on predetermined security rules.
o Packet-Filtering Firewalls: Inspect each packet and block or allow it based on
source and destination IP addresses, ports, or protocols.
o Stateful Inspection Firewalls: Track the state of active connections and make
decisions based on the context of the traffic.
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): Monitor
network or system activities for malicious activities or policy violations.
o IDS: Detect and alert on suspicious activity but do not take action to prevent it.
o IPS: Detect and automatically take action to block or mitigate the suspicious
activity.
• Virtual Private Networks (VPNs): Create secure, encrypted connections over public
networks, protecting data transmission and providing remote access.
• Access Control Lists (ACLs): Rules that define which users or systems can access
resources and what operations they can perform.

Important Questions:

1. Q: What is the difference between an IDS and an IPS? A: An IDS detects and alerts on
suspicious activities but does not take action to prevent them. An IPS, on the other hand,
detects and actively blocks or mitigates the threats.
2. Q: How do firewalls enhance network security? A: Firewalls enhance security by
filtering traffic based on rules that define allowed and blocked traffic, helping to prevent
unauthorized access and protect the network from attacks.

8.4 Integrity: Securing Data from Alteration

• Message Integrity: Ensures data has not been altered.

o MAC (Message Authentication Code): Provides integrity and authentication.
o Digital Signatures: Bind the message with the sender’s private key.

8.4 Securing Network Applications

Key Concepts:

• Secure Sockets Layer (SSL) and Transport Layer Security (TLS): Protocols that
provide secure communication over a network, using encryption and authentication to
protect data.
• Secure Email Protocols:
 o S/MIME: Secure/Multipurpose Internet Mail Extensions, provides encryption and
digital signatures for email.
o PGP (Pretty Good Privacy): Encrypts and signs emails, ensuring confidentiality
and authenticity.
• Secure File Transfer Protocols:
o SFTP: Secure File Transfer Protocol, uses SSH for secure file transfers.
o FTPS: FTP Secure, uses SSL/TLS for secure file transfers.
• Secure Web Communications: HTTPS (HTTP over SSL/TLS) secures web browsing
by encrypting the communication between the client and server.

Important Questions:

1. Q: How does HTTPS ensure secure web communications? A: HTTPS encrypts the
communication between the client and server using SSL/TLS, protecting the data from
eavesdropping and tampering, and ensuring the authenticity of the server.
2. Q: What are the differences between SFTP and FTPS? A: SFTP uses SSH to provide a
secure file transfer, encrypting both the data and the command channels. FTPS uses
SSL/TLS to secure FTP, encrypting data and command channels separately.

8.5 Key Distribution and Certification

• Key Distribution: Securely sharing cryptographic keys.

o Diffie-Hellman Key Exchange: Allows secure key exchange over an insecure
channel.
o Public Key Infrastructure (PKI): Uses digital certificates to manage public
keys.

8.5 Wireless Network Security

Key Concepts:

• WEP (Wired Equivalent Privacy): An early, now considered insecure, protocol for
securing wireless networks.
• WPA/WPA2 (Wi-Fi Protected Access): Security protocols that improve upon WEP,
using stronger encryption (e.g., TKIP and AES) and authentication methods.
• 802.1X Authentication: A network access control protocol that provides an
authentication mechanism for devices trying to connect to a LAN or WLAN.
• Rogue Access Points: Unauthorized wireless access points that can be used to intercept
or tamper with network traffic.
Important Questions:

1. Q: Why is WEP considered insecure for wireless network security? A: WEP has several
vulnerabilities, such as weak encryption keys and predictable key streams, making it
susceptible to various attacks that can easily compromise the network.
2. Q: What enhancements do WPA2 provide over WEP for securing wireless networks? A:
WPA2 uses stronger encryption algorithms (e.g., AES), provides more robust
authentication through 802.1X, and includes mechanisms to ensure the integrity of the
network traffic.

8.6 Securing Email

• PGP (Pretty Good Privacy): Encrypts and signs emails.

• S/MIME (Secure/Multipurpose Internet Mail Extensions): Extends MIME to support
secure email.

8.6 Network Security Protocols

Key Concepts:

• IPsec (Internet Protocol Security): A suite of protocols that secure IP communications

by authenticating and encrypting each IP packet.
o Transport Mode: Encrypts only the payload of each IP packet, leaving the
header untouched.
o Tunnel Mode: Encrypts the entire IP packet, encapsulating it in a new packet
with a new header.
• SSL/TLS: Provides secure communication over the Internet by encrypting data between
clients and servers.
• SSH (Secure Shell): Provides secure remote login and other secure network services
over an insecure network.
• Kerberos: A network authentication protocol that uses secret-key cryptography to
securely authenticate users and services.

Important Questions:

1. Q: How does IPsec in tunnel mode differ from transport mode? A: Tunnel mode encrypts
the entire IP packet, including the header, encapsulating it within a new packet. Transport
mode encrypts only the payload, leaving the original header intact, suitable for end-to-
end communication.
 2. Q: What is the role of Kerberos in network security? A: Kerberos provides secure
authentication by using secret-key cryptography, issuing tickets that prove the identity of
users and services, preventing eavesdropping and replay attacks.

8.7 Securing TCP Connections: SSL and TLS

• SSL/TLS: Protocols for secure communication over TCP.

o Handshake Protocol: Establishes a secure session with key exchange.
o Record Protocol: Transmits encrypted data securely.

8.7 Network Security Threats and Attacks

Key Concepts:

• Malware: Malicious software designed to disrupt, damage, or gain unauthorized access

to systems (e.g., viruses, worms, trojans).
• Phishing: Fraudulent attempts to obtain sensitive information by masquerading as a
trustworthy entity.
• Denial-of-Service (DoS) Attacks: Attempts to make a network resource unavailable to
users by overwhelming it with traffic.
• Man-in-the-Middle (MitM) Attacks: An attacker intercepts and possibly alters the
communication between two parties.
• SQL Injection: An attack that exploits vulnerabilities in a database layer by inserting
malicious SQL queries.
• Cross-Site Scripting (XSS): An attack where malicious scripts are injected into
otherwise benign websites.

Important Questions:

1. Q: What is a Man-in-the-Middle (MitM) attack and how can it be mitigated? A: A MitM

attack involves an attacker intercepting and possibly altering communication between
two parties without their knowledge. It can be mitigated using secure communication
protocols like SSL/TLS and employing strong authentication methods.
2. Q: Describe how SQL injection works and how it can be prevented. A: SQL injection
exploits vulnerabilities in a web application's database layer by injecting malicious SQL
statements through input fields. It can be prevented by using parameterized queries and
prepared statements that separate SQL code from user input.
8.8 Securing Network Layer: IPsec

• IPsec: Suite of protocols for securing IP communications.

o AH (Authentication Header): Provides integrity and authentication.
o ESP (Encapsulating Security Payload): Provides confidentiality, integrity, and
authentication.
o Modes: Transport mode (secure communication between two hosts) and tunnel
mode (secure communication between networks).

8.8 Network Security Management

Key Concepts:

• Security Policies: Documents that define the rules, guidelines, and procedures for
maintaining security in an organization.
• Incident Response: Processes and actions taken to manage and mitigate the effects of a
security breach or attack.
• Security Audits: Systematic evaluations of an organization’s security posture,
identifying vulnerabilities and ensuring compliance with policies.
• User Education and Training: Programs to educate users on security best practices and
how to recognize and avoid security threats.

Important Questions:

1. Q: Why are security policies important in an organization? A: Security policies establish

the rules and procedures for protecting the organization's assets and information, guiding
how to handle security threats and ensuring compliance with regulatory requirements.
2. Q: What is the purpose of a security audit? A: A security audit evaluates an
organization's security measures, identifies vulnerabilities, assesses the effectiveness of
security controls, and ensures compliance with security policies and standards.

8.9 Securing Wireless LANs

• WEP, WPA, WPA2: Protocols for securing wireless communications.

• 802.1X: Authentication framework for wireless networks.

8.10 Operational Security: Firewalls and Intrusion Detection Systems

• Firewalls: Monitor and control incoming and outgoing network traffic.

o Packet-Filtering Firewalls: Examine headers and decide based on predefined
rules.
o Stateful Firewalls: Keep track of active connections and decide based on state.
 • Intrusion Detection Systems (IDS): Detect and respond to suspicious activities.
o Signature-Based, Anomaly-Based: Detection methods.

8.11 Network Management and Security

• SNMP (Simple Network Management Protocol): Manages devices on IP networks.

• Security Policies and Procedures: Guidelines to secure and manage networks.

Key Concepts

1. Principles of Network Security:

o Confidentiality: Ensuring that information is accessible only to those authorized.
o Integrity: Protecting data from unauthorized modification.
o Availability: Ensuring that services are accessible and usable as expected.
2. Cryptography:
o Symmetric Encryption: Uses the same key for both encryption and decryption
(e.g., AES).
o Asymmetric Encryption: Uses a pair of keys (public and private) for encryption
and decryption (e.g., RSA).
3. Authentication:
o Verifies the identity of users or devices before allowing access to resources.
o Methods include passwords, biometrics, and digital certificates.
4. Message Integrity and Digital Signatures:
o Ensures that messages have not been tampered with.
o Digital signatures provide a way to verify the authenticity and integrity of a
message.
5. Network Security Tools:
o Firewalls: Control incoming and outgoing network traffic based on
predetermined security rules.
o Intrusion Detection Systems (IDS): Monitor network traffic for suspicious
activity and potential threats.
6. Security Protocols:
o SSL/TLS: Secure Sockets Layer / Transport Layer Security, provides secure
communication over a computer network.
o IPsec: A suite of protocols for securing internet protocol communications by
authenticating and encrypting each IP packet.

Sample Questions and Answers

1. Q: How does asymmetric encryption differ from symmetric encryption? A: Asymmetric

encryption uses a pair of keys – a public key for encryption and a private key for
decryption – allowing secure communication even if the encryption key is shared openly.
 Symmetric encryption uses the same key for both encryption and decryption, requiring
secure key distribution and management.
2. Q: What role do firewalls play in network security? A: Firewalls act as a barrier between
a trusted internal network and untrusted external networks. They monitor and filter
incoming and outgoing traffic based on security rules, preventing unauthorized access
and protecting against various types of cyberattacks.