Module 3 :IP Security and

Network Security
-Prof. Rani Singh
● Reference Book
● 1. Atul Kahate – Cryptography and Network Security
● 2. Kaufman C, Perlman R and Speciner - “Network
Security”, Privtae Communication in a public world
● 3. William Stallings – Cryptography and Network Security:
Applications and standards
● 4. Network Security and Cryptography: Bernard Menezes
● 5. Cryptography and Information Security, V.K. Pachghare
 IP Security and Network Security
● Module 3:- IP Security and Network Security
● Introduction to IP Security,
● IP Security Architecture
● IP Diagram, Applications of Ipsec
● Web Security
● Password
● Email Security
● Program Security
● OS Security
● Network Security
● intruders, and Intrusion Detection.
●
 What Is IP Security
IP Security (IPsec) is a framework of open standards for
ensuring secure private communications over IP networks
through cryptographic security services. It operates at the
network layer and provides several security features,
including:
⚫ IPSec (IP Security) architecture :-uses two protocols to
secure the traffic or data flow. These protocols are ESP
(Encapsulation Security Payload) and AH (Authentication
Header). IPSec Architecture includes protocols,
algorithms, DOI, and Key Management. All these
components are very important in order to provide the
three main services:
⚫ Confidentiality
⚫ Authentication
⚫ Integrity
⚫ 1. Architecture: Architecture or IP Security Architecture
covers the general concepts, definitions, protocols,
algorithms, and security requirements of IP Security
technology.
⚫ 2. ESP Protocol: ESP(Encapsulation Security Payload)
provides a confidentiality service. Encapsulation Security
Payload is implemented in either two ways:
⚫ ESP with optional Authentication.
⚫ ESP with Authentication.
⚫ 3. Encryption algorithm: The encryption algorithm is
the document that describes various encryption algorithms
used for Encapsulation Security Payload.
⚫ 4. AH Protocol: AH (Authentication Header) Protocol
provides both Authentication and Integrity service.
Authentication Header is implemented in one way only:
Authentication along with Integrity.
⚫ Security Parameter Index(SPI): This parameter is used by Security
Association. It is used to give a unique number to the connection built
between the Client and Server.
⚫ Sequence Number: Unique Sequence numbers are allotted to every
packet so that on the receiver side packets can be arranged properly.
⚫ Payload Data: Payload data means the actual data or the actual message.
The Payload data is in an encrypted format to achieve confidentiality.
⚫ Padding: Extra bits of space are added to the original message in order to
ensure confidentiality. Padding length is the size of the added bits of space
in the original message.
⚫ Next Header: Next header means the next payload or next actual data.
⚫ Authentication Data This field is optional in ESP protocol packet format.
⚫ How it works
⚫ IPsec uses cryptographic security services to protect
communications over IP networks. It includes protocols for
establishing mutual authentication and negotiating
cryptographic keys to use during a session.
⚫ Where it's used
⚫ IPsec is often used to set up virtual private networks
(VPNs).
⚫
⚫ Authentication Header covers the packet format and general
issues related to the use of AH for packet authentication and
integrity.
⚫ 5. Authentication Algorithm: The authentication Algorithm
contains the set of documents that describe the authentication
algorithm used for AH and for the authentication option of
ESP.
⚫ 6. DOI (Domain of Interpretation): DOI is the identifier that
supports both AH and ESP protocols. It contains values needed
for documentation related to each other.
⚫ 7. Key Management: Key Management contains the document
that describes how the keys are exchanged between sender and
receiver.
Purpose
⚫ IPsec protects data by encrypting IP packets and
authenticating the source of the packets. It can be
used to secure communication between two
computers, between a security gateway and a host, or
between two security gateways
⚫ How it's performed
⚫ IPsec is performed inside the IP module. It can be applied
with or without the knowledge of an Internet application.
⚫ Key management
⚫ The managing of the keying material required for
authentication and encryption is called key
management. The Internet Key Exchange (IKE) protocol
handles key management automatically.
⚫
 IP Diagram
● An IP datagram is a message that is transmitted over the internet using IP
protocols. It has a specific structure that consists of two parts: a header and a
payload:
● Header
● Contains addressing and control fields, such as the source and destination IP
addresses, version, length, and checksum. The header is at least 20 bytes long, but
can be longer.
● Payload
● Carries the actual data to be sent over the network. The maximum carrying capacity
of the datagram is 65,535 bytes of data.
● The Internet Protocol (IP) is the fundamental protocol that defines how data is sent
between computers on the internet. IP is connectionless, which means it sends each
packet independently. This means that packets can take different routes and arrive
out of order.
● .
⚫ The IP protocol makes a “best-effort” to deliver
packets. This means that it doesn't handle
datagram duplication, delayed or out-of-order
delivery, corruption of data, or datagram loss
 Applications of Ipsec
⚫ Internet Protocol Security (IPsec) is a group of protocols that secure connections between devices
by encrypting and authenticating IP packets. IPsec has many applications, including:
⚫ Securing data over public networks: IPsec protects data sent over the internet by encrypting it and
authenticating the source of the packets.

⚫ Setting up VPNs: IPsec is often used to create virtual private networks (VPNs) that allow secure data
transmission over the internet. VPNs allow businesses to extend their networks across the internet
and protect sensitive data.

⚫ Router security: IPsec can be used to secure routers when sending data over the internet.
⚫ Encrypting application data: IPsec can encrypt application data.
⚫ Authenticating data: IPsec can quickly authenticate data that originates from a known sender.
⚫ IPsec uses IP filtering to determine which traffic should be protected. It also includes protocols for
establishing mutual authentication and negotiating cryptographic keys.
⚫
Benefits of IPSec
⚫ When IPSec is implemented in a firewall or router, it provides strong security whose
application is to all traffic crossing this perimeter. Traffic within a company or
workgroup does not incur the overhead of security-related processing.

⚫ IPSec is below the transport layer (TCP, UDP), and is thus transparent to applications.
There is no need to change software on a user or server system when IPSec is
implemented in the firewall or router.

⚫ Even if IPSec is implemented in end systems, upper layer software, including

applications is not affected. IPSec can be transparent to end users.

⚫ There is no need to train users on security mechanisms, issue keying material on a

per-user basis, or revoke keying material when users leave the organization. IPSec can
provide security for individual users if needed. This feature is useful for offsite workers
and also for setting up a secure virtual subnetwork within an organization for sensitive
applications.
 Web Security
⚫ Web security, also known as cybersecurity for web
applications and services, refers to the protection of
websites, web applications, and web services from
cyberattacks and unauthorized access. It involves a
range of practices, tools, and protocols designed to
safeguard websites and users' data from being stolen,
manipulated, or disrupted.
 Key aspects of web security include
⚫ Authentication: Ensuring that users are who they say they are, often through mechanisms like
passwords, multi-factor authentication (MFA), and tokens.
⚫ Authorization: Controlling what authenticated users are allowed to do within the web
application, based on roles and permissions.
⚫ Encryption: Protecting data as it travels over the internet using protocols like SSL/TLS (HTTPS) to
prevent eavesdropping or interception.
⚫ Data Integrity: Ensuring that data is not altered during transmission between the client and the
server.
⚫ Vulnerability Management: Identifying, assessing, and mitigating weaknesses in web
applications through patching and updates. Common vulnerabilities include SQL injection,
cross-site scripting (XSS), and cross-site request forgery (CSRF).
⚫ Firewall Protection: Web application firewalls (WAF) help monitor and filter incoming and
outgoing traffic, defending against malicious traffic and common attacks.
⚫ Secure Configuration: Ensuring web servers, applications, and databases are properly configured
and not using default or weak settings.
⚫ Monitoring and Logging: Tracking activities, detecting breaches, and
understanding attack patterns using logs and monitoring systems.
⚫ By implementing strong web security measures, organizations can protect
their users’ data, maintain trust, and comply with privacy and security
regulations (e.g., GDPR, HIPAA).
 What’s the Purpose of Web Security

⚫ 1. Data Protection
⚫ Confidentiality: Web security ensures that
sensitive information, such as personal data,
financial records, and intellectual property, is
protected from unauthorized access and theft.
⚫ Integrity: It prevents data from being tampered
with or altered by malicious actors during
transmission.
⚫ 2. Preventing Cyber attacks
⚫ Web security helps protect against cyberattacks like
hacking, malware, phishing, and denial-of-service (DoS)
attacks that can disrupt operations, steal data, or cause
financial loss.
⚫ Strong protection reduces the risk of vulnerabilities such as
SQL injection, cross-site scripting (XSS), and cross-site
request forgery (CSRF).
⚫ 3. Maintaining Customer Trust
⚫ Users are more likely to interact with and trust
websites that prioritize security, especially those that
display HTTPS with SSL/TLS encryption. This trust is
critical for businesses, especially e-commerce and
financial services.
⚫ Breaches or leaks can damage reputations, leading to
loss of customers.
⚫ 4. Ensuring Business Continuity
⚫ Availability: Security helps ensure that websites and
services are accessible and operational, avoiding
downtime caused by attacks like Distributed
Denial-of-Service (DDoS) that can cause financial loss
or disrupt operations.
⚫ Backup and Recovery: Web security measures often
include backup and disaster recovery systems to
restore operations quickly after an attack.
⚫ 5. Compliance with Regulations
⚫ Many industries and regions have strict data privacy
and security laws, such as GDPR (General Data
Protection Regulation) or HIPAA (Health Insurance
Portability and Accountability Act). Strong web
security helps businesses avoid costly fines and legal
penalties by complying with these regulations.
⚫ 6. Reducing Financial Loss
⚫ Cyberattacks can lead to significant financial losses
through theft, ransom demands, legal fees, and
downtime. By protecting against attacks, web security
helps reduce the risk of such financial impacts.
⚫ It also reduces costs related to fixing vulnerabilities
after a breach or dealing with the aftermath of an
attack.
⚫ 7. Safeguarding Intellectual Property
⚫ For businesses that rely on proprietary information,
web security helps protect intellectual property such
as trade secrets, designs, software, and product
development data from being stolen or exposed.
⚫ 8. Enhancing User Experience
⚫ By blocking malicious traffic and maintaining the
smooth operation of websites, security helps ensure a
seamless and safe user experience without
interruptions, slowdowns, or unauthorized pop-ups.
⚫ 9. Improving Search Engine Rankings
⚫ Search engines like Google prioritize secure websites
(using HTTPS) in their rankings. Having strong web
security can improve a site's SEO performance,
attracting more visitors.
⚫ 10. Preventing Legal Liabilities
⚫ Failing to protect user data or experiencing a
significant breach could result in legal liabilities,
lawsuits, or loss of business partnerships. Strong web
security helps reduce the likelihood of these scenarios.
⚫ In short, web security not only protects assets but also
contributes to business success, user trust, and
regulatory compliance. It is an essential investment for
maintaining long-term stability in the digital world.
 Password
⚫ A Password is a secret combination of
characters (letters, numbers, and symbols) used to
verify your identity and grant access to a computer
system, online account, or other secured resource.
Passwords protect your personal information, data,
and online accounts from unauthorized access.
 Creating a Pass word
⚫ Creating a strong and secure password is fundamental.
⚫ The following are some tips and guidelines which can help you do this:
⚫ Ideally a password should be at least 16 characters long.
⚫ A password needs to include a combination of letters and numbers, as
well as special characters.
⚫ Avoid using consecutive letters or numbers in your passwords.
⚫ Never use the word ‘password’, or repeat the same number or letter.
⚫ A password used for one account should not be used for multiple
accounts.
⚫ There should be no personal information used in the password, such
as a child’s or pet’s name, date of birth, phone number or address.
 Why is Password Security Important?
⚫ If passwords are not strong and safe there can be grave
consequences as cybercriminals will be able to gain access
to one’s account, and as a result:
⚫ Steal personally identifiable information such as addresses
and bank account details.
⚫ Steal the victim’s identity.
⚫ Steal money, often leading to considerable financial losses.
⚫ Start up a disinformation campaign about a company, share
data with competing companies.
⚫ Store data to request ransom payments.
 Email Security
⚫ Email (short for electronic mail) is a digital method by
using it we exchange messages between people over the
internet or other computer networks. With the help of this,
we can send and receive text-based messages, often an
attachment such as documents, images, or videos, from
one person or organization to another. In this article, we
will understand the concept of email security, how we
can protect our email, email security policies, and email
security best practices, and one of the features of email is
an email that we can use to protect the email from
unauthorized access.
 Why is email security important?
⚫ Protection Against Cyberattacks: Email is a top goal for cybercriminals.
Malware, phishing attacks, and other threats often arrive via email. In fact,
94% of malware is delivered through email channels1. By implementing robust
email security measures, organizations can defend against these threats.
⚫ Reducing Risk: Cybersecurity incidents can have devastating consequences,
including financial losses, operational disruptions, and damage to an
organization’s reputation. Effective email security helps protect your brand,
reputation, and bottom line.
⚫ Compliance: Email security ensures compliance with data protection laws like
GDPR and HIPAA. By safeguarding sensitive information, organizations avoid
legal fines and other intangible costs associated with cyberattacks.
⚫ Productivity Enhancement: With email security in place, disruptions caused
by threats like phishing emails are minimized. This allows organizations to
focus more on business growth and less on handling security incidents.
 Benefits of Email Security
⚫ Shielding Against Phishing and Spoofing Attacks: Email
security isn’t just about tech jargon; it’s like having a digital
bodyguard. It helps spot and tackle threats like phishing or
spoofing. These sneaky attacks can lead to serious breaches and
even unleash malware or other nasty viruses.
⚫ Locking Down Data: Think of email encryption as a virtual vault.
It keeps sensitive info—like credit card numbers, bank accounts,
and employee details—safe from prying eyes. No more accidental
leaks or costly data breaches!
⚫ Whispers Only: Secure email encryption ensures that only the
right people get the message. It’s like passing a secret note in
class—except the teacher won’t intercept it. Your confidential
content stays confidential.
⚫ Spotting the Bad Apples: Email security acts like a spam filter on steroids. It
sniffs out malicious or spammy emails that might sneak past regular defenses.
No more falling for those “You’ve won a million dollars!” scams!
⚫ Top-Secret Protection: Imagine your company’s secrets—intellectual
property, financial records, and classified info—wrapped in a digital force field.
Email security shields them from cyber villains like hackers and
cybercriminals.
⚫ Real-Time Guardian: Zero-day exploits? Not on our watch! Email security
solutions provide real-time protection. It’s like having a superhero squad that
fights off malware and spam before they even knock on your inbox.
⚫ Locking Up Identity Theft: Email encryption keeps attackers from swiping
your login credentials or personal data. No more compromised accounts or
identity theft nightmares.
 Types of Email threats
⚫ Phishing: Imagine a crafty imposter pretending to be your bank or
favorite online store. They send you an email, asking for your sensitive
info—like passwords or credit card details. Sneaky, right?
⚫ Social Engineering: Think of it as digital manipulation. The bad guys
sweet-talk or scare people into revealing confidential stuff. It’s like a
cyber con artist pulling off a heist.
⚫ Spear Phishing: This one’s like a sniper attack. Instead of casting a
wide net, the attacker aims at specific individuals or organizations.
They craft personalized emails, luring victims into their trap.
⚫ Ransom ware: Picture your files locked up in a digital vault. The
villain—malicious software—holds them hostage until you pay a
ransom. It’s like a cyber kidnapper!
⚫ Malware: Sneaky software that infiltrates your computer without
askingpermission. It’s like a digital ninja wreaking havoc behind the
scenes.
⚫ Spoofing: Imagine someone wearing a disguise at a masquerade
ball. Attackers forge email headers, making messages look
legit—even when they’re not. Trust no masked stranger!
⚫ Man-in-the-Middle Attack: Visualize a sneaky eavesdropper
intercepting your messages. They can read, alter, or inject new
content. It’s like a cyber spy messing with your convo.
⚫ Data Exhilaration: Sophisticated thieves sneak into an
organization’s email system. They swipe sensitive data—like
secret recipes from a chef’s kitchen. Recipe theft, anyone?
⚫ Denial of Service: Attackers flood email servers with a deluge
of messages. Servers buckle under the pressure, like a dam
bursting. Chaos ensues!
⚫ Account Takeover: Imagine a cyber burglar breaking
into your email house. They use your account to send
spam, phishing emails, or snoop around your secrets.
⚫ Identity Theft: Someone swipes your personal
info—name, address, social security number. They
wear your identity like a stolen cloak, committing
digital crimes.
 Steps should be taken to Secure Email
⚫ Choose a secure password: Password must be at least 12
characters long, and contains uppercase and lowercase letters,
digits, and special characters.
⚫ Two-factor authentication: Activate the two-factor
authentication, which adds an additional layer of security to
your email account by requiring a code in addition to your
password.
⚫ Use encryption: It encrypts your email messages so that only
the intended receiver can decipher them. Email encryption can
be done by using the programs like PGP or S/MIME.
⚫ Keep your software up to date. Ensure that the most recent
security updates are installed on your operating system and
email client.
⚫ Beware of phishing scams: Hackers try to steal your personal
information by pretending as someone else in phishing scams. Be
careful of emails that request private information or have suspicious
links because these are the resources of the phishing attack.
⚫ Choose a trustworthy email service provider: Search for a service
provider that protects your data using encryption and other security
measures.
⚫ Use a VPN: Using a VPN can help protect our email by encrypting our
internet connection and disguising our IP address, making it more
difficult for hackers to intercept our emails.
⚫ Upgrade Your Application Regularly: People now frequently access
their email accounts through apps, although these tools are not perfect
and can be taken advantage of by hackers. A cybercriminal might use a
vulnerability, for example, to hack accounts and steal data or send
spam mail. Because of this, it’s important to update your programs
frequently.
 Email Security Policies
⚫ The email policies are a set of regulations and
standards for protecting the privacy, accuracy, and
accessibility of email communication within the
organization. An email security policy should include
the following essential components:
⚫ Appropriate Use: The policy should outline what comprises
acceptable email usage inside the organization, including who is
permitted to use email, how to use it, and for what purpose email we
have to use.
⚫ Password and Authentication: The policy should require strong
passwords and two-factor authentication to ensure that only
authorized users can access email accounts.
⚫ Encryption: To avoid unwanted access, the policy should mandate
that sensitive material be encrypted before being sent through email.
⚫ Virus Protection: The policy shall outline the period and timing of
email messages and attachment collection.
⚫ Retention and Detection: The policy should outline how long email
messages and their attachments ought to be kept available, as well as
when they should continue to be removed.
⚫ Training: The policy should demand that all staff members take a course on
email best practices, which includes how to identify phishing scams and other
email-based threats.
⚫ Incident Reporting: The policy should outline the reporting and
investigation procedures for occurrences involving email security breaches or
other problems.
⚫ Monitoring: The policy should outline the procedures for monitoring email
communications to ensure that it is being followed, including any logging or
auditing that will be carried out.
⚫ Compliance: The policy should ensure compliance with all essential laws and
regulations, including the health
⚫ Insurance rules, including the health portability and accountability act and
the General Data Protection Regulation (GDPR)(HIPPA).
⚫ Enforcement: The policy should specify the consequences for violating the
email security policy, including disciplinary action and legal consequences if
necessary.
⚫ Hence, organizations may help safeguard sensitive
information and lower the risk of data breaches and
other security incidents by creating an email security
strategy.
 Program Security
⚫ Program security refers to the measures and practices put
in place to protect software applications (programs) from
threats and vulnerabilities. These threats can include
unauthorized access, data breaches, malware attacks, and
other malicious activities that could compromise the
confidentiality, integrity, or availability of the program and
its data.
⚫ Here are key components of program security:
⚫ Authentication and Authorization: Ensuring that only authorized users
have access to the program and can perform permitted actions.
⚫ Data Encryption: Encrypting sensitive data within the program to prevent
unauthorized access.
⚫ Input Validation: Verifying and sanitizing inputs to prevent attacks such as
SQL injection, buffer overflows, and cross-site scripting (XSS).
⚫ Error Handling and Logging: Properly managing errors and logging
activities to prevent leakage of sensitive information and provide a trail for
auditing.
⚫ Patch Management: Regularly updating the program to fix vulnerabilities
and security flaws.
⚫ Access Controls: Implementing rules and restrictions to ensure that users
have the necessary permissions for certain functionalities and data.
⚫ 7.Code Review and Testing: Conducting regular
security reviews and testing of the program to identify
and fix potential vulnerabilities early in the
development process.
⚫ In essence, program security is about safeguarding a
software application throughout its lifecycle, from
design to deployment, to ensure that it can resist
attacks and remain reliable, secure, and trustworthy.
 OS Security
⚫ Operating System (OS) security is the practice of
implementing safeguards and security measures to protect
the OS from threats, vulnerabilities, and attacks. The goal
is to ensure the confidentiality, integrity, and availability of
the system and its resources. Given that the OS controls
hardware and software interactions, its security is critical
for the safe operation of all applications running on it.
⚫ Here’s a breakdown of the essential components of OS
security:
⚫ 1. User Authentication
⚫ Purpose: To ensure that only authorized users can
access the system.
⚫ Methods: Passwords, biometrics, smart cards,
two-factor authentication (2FA), or tokens to verify
user identity.
⚫ 2. Access Control
⚫ Purpose: To restrict unauthorized users or processes
from accessing certain system resources.
⚫ Types:
⚫ Discretionary Access Control (DAC): Users have
control over their own data.
⚫ Mandatory Access Control (MAC): The system
enforces security policies.
⚫ Role-Based Access Control (RBAC): Access is given
based on roles and responsibilities.
⚫ Now electronic information takes many of the roles performed by paper
documents
⚫ ● Several aspects of electronic document makes its services challenging
⚫ ● Since electronic document is a sequence of bits there is no difference
between original and any number of copies
⚫ ● Altering bits in a computer memory leaves no physical traces
⚫ ● Proof of authenticity of electronic document is not based on the physical
characteristics of the document
⚫ 3. File and Data Protection
⚫ Purpose: To protect sensitive data stored on the system
from unauthorized access or corruption.
⚫ Methods: File permissions (read, write, execute), data
encryption, secure file systems, and backup solutions.
⚫ 4. Patch Management
⚫ Purpose: To keep the OS secure by regularly updating it
with patches and security fixes.
⚫ Methods: Automatically applying updates, monitoring for
vulnerabilities, and ensuring systems are always
up-to-date.
⚫ 5. Intrusion Detection and Prevention Systems
(IDS/IPS)
⚫ Purpose: To detect and prevent unauthorized access,
malware, or any suspicious activities.
⚫ Methods: Using security tools that monitor, log, and
analyze system activity for unusual or malicious
behavior.
⚫ 6. Malware and Virus Protection
⚫ Purpose: To prevent, detect, and remove malicious
software that could harm the system.
⚫ Methods: Antivirus programs, firewalls, and regular
system scans to detect viruses, trojans, spyware, and
other malware.
⚫ 7. Encryption
⚫ Purpose: To protect sensitive data stored on the system or
transmitted over networks from eavesdropping or theft.
⚫ Methods: Using encryption algorithms for files,
communications (SSL/TLS), and secure file transfers.
⚫ 8. System and Network Security
⚫ Purpose: To secure both the operating system and the
network it is connected to.
⚫ Methods: Configuring firewalls, securing network
protocols (e.g., SSH for remote access), and monitoring
network traffic for anomalies.
⚫ 9. Logging and Auditing
⚫ Purpose: To track user activities, system events, and security
incidents for later analysis.
⚫ Methods: Enabling system logging (e.g., syslog in Unix-based
systems), audit trails, and event logging to detect unauthorized
actions or system misbehavior.
⚫ 10. Kernel Security
⚫ Purpose: To protect the core of the operating system, ensuring
that malicious software or users cannot directly modify or
damage the OS kernel.
⚫ Methods: Implementing kernel integrity checks, address space
layout randomization (ASLR), and hardware-level protections.
⚫ 11. Virtualization and Isolation
⚫ Purpose: To isolate different applications or users from each other and prevent the
impact of vulnerabilities from spreading.
⚫ Methods: Using virtual machines (VMs) or containers to create isolated environments
where each service or user operates independently.
⚫ 12. Security Policies
⚫ Purpose: To establish rules and guidelines for how the OS should handle various
security threats and incidents.
⚫ Methods: Enforcing password policies, setting user privilege restrictions, and
monitoring compliance with organizational security policies.
⚫ access to sensitive locations.
▪ In summary, OS security involves a comprehensive set of tools, techniques, and
policies that work together to protect the system from both internal and
external threats, ensuring that it remains stable, secure, and functional.
⚫ 13. Backup and Disaster Recovery
⚫ Purpose: To ensure data and system availability in
case of hardware failure, corruption, or attack.
⚫ Methods: Regularly scheduled backups, offsite data
storage, and a comprehensive disaster recovery plan.
⚫ 14. Physical Security
⚫ Purpose: To prevent unauthorized physical access to
the computer system, which could allow for OS
tampering or theft.Methods: Securing server rooms,
using locked cases for physical hardware, and
implementing biometric or keycard
 Network Security
⚫ Any action intended to safeguard the integrity and
usefulness of your data and network is known as network
security. In other words, Network security is defined as the
activity created to protect the integrity of your network and
data.
⚫ Network security is the practice of protecting a computer
network from unauthorized access, misuse, or attacks. It
involves using tools, technologies, and policies to ensure
that data traveling over the network is safe and secure,
keeping sensitive information away from hackers and other
threats.
How Does Network Security Work?
⚫ Network security uses several layers of protection, both at
the edge of the network and within it. Each layer has rules
and controls that determine who can access network
resources. People who are allowed access can use the
network safely, but those who try to harm it with attacks or
other threats are stopped from doing so.
⚫ The basic principle of network security is protecting huge
stored data and networks in layers that ensure the bedding
of rules and regulations that have to be acknowledged
before performing any activity on the data. These levels are:
⚫ Types of Network Security
⚫ There are several types of network security through
which we can make our network more secure, Your
network and data are shielded from breaches,
invasions, and other dangers by network security. Here
below are some important types of network security:
⚫ Physical Network Security: This is the most basic level that includes
protecting the data and network through unauthorized personnel
from acquiring control over the confidentiality of the network. The
same can be achieved by using devices like biometric systems.
⚫ Technical Network Security: It primarily focuses on protecting the
data stored in the network or data involved in transitions through the
network. This type serves two purposes. One is protected from
unauthorized users, and the other is protected from malicious
activities.
⚫ Administrative Network Security: This level of network security
protects user behavior like how the permission has been granted and
how the authorization process takes place. This also ensures the level
of sophistication the network might need for protecting it through all
the attacks. This level also suggests necessary amendments that have
to be done to the infrastructure.
Key Aspect of Net work security
⚫ Here are the types of network security:
⚫ 1. Firewalls
⚫ Monitor and control incoming and outgoing traffic based on
security rules.
⚫ 2. Intrusion Detection and Prevention Systems (IDPS)
⚫ IDS: Detects suspicious activity and alerts administrators.
⚫ IPS: Blocks or mitigates threats in real-time.
⚫ 3. Virtual Private Networks (VPNs)
⚫ Secures data transmission over public networks via encrypted
tunnels.
⚫ Encryption: Encryption ensures that data transmitted
over the network is unreadable to unauthorized users.
Common encryption methods include SSL/TLS for
web traffic and VPNs (Virtual Private Networks) for
secure remote access.
⚫ Access Control: This involves restricting network
access to authorized users only. It includes
mechanisms like multi-factor authentication (MFA),
role-based access control (RBAC), and network
segmentation.
⚫ Virtual Private Networks (VPNs): VPNs provide
secure connections over public networks by encrypting
the traffic between the user and the network.
⚫ Network Monitoring: Continuous monitoring of
network traffic helps detect unusual activities that may
indicate security breaches, such as spikes in traffic or
unusual access patterns.
⚫.
⚫ Antivirus and Antimalware Software: These tools
detect, prevent, and remove malicious software that could
compromise network security.
⚫ Security Information and Event Management (SIEM):
SIEM tools collect and analyze log data from different
network devices to identify potential security incidents.
⚫ Network Segmentation: This divides a network into
smaller parts or zones, each with different security levels,
to limit access and contain potential security breaches
⚫ Virtual Private Networks (VPNs): VPNs provide
secure connections over public networks by encrypting
the traffic between the user and the network.
⚫ Network Monitoring: Continuous monitoring of
network traffic helps detect unusual activities that may
indicate security breaches, such as spikes in traffic or
unusual access patterns.
⚫ Antivirus and Antimalware Software: These tools
detect, prevent, and remove malicious software that
could compromise network security.
⚫ Security Information and Event Management
(SIEM): SIEM tools collect and analyze log data from
different network devices to identify potential security
incidents.
⚫ Network Segmentation: This divides a network into
smaller parts or zones, each with different security
levels, to limit access and contain potential security
breaches.
Common Threats Addressed by Network Security
⚫ Hacking: Unauthorized access to network resources.
⚫ Denial-of-Service (DoS) attacks: Flooding a network
with traffic to overwhelm and disable it.Phishing and
Social Engineering: Attacks that trick users into
revealing confidential information.
⚫.
⚫ Man-in-the-Middle (MITM) attacks: Intercepting
and altering communications between two parties.
⚫ Malware and Ransomware: Malicious software that
compromises network resources or data
Intruders and Intrusion Detection
⚫ In information security, intruders refer to individuals or
entities that attempt to bypass security mechanisms to gain
unauthorized access to systems, networks, or data.
⚫ Intrusion detection is the process of monitoring and
analyzing system activities to detect these intrusions,
whether they come from outside attackers (external
intruders) or malicious insiders (internal intruders).
Intrusion detection systems (IDS) play a crucial role in
detecting such threats in real time and raising alarms to
prevent further damage.
⚫ Common External Intruders:-
⚫ Script Kiddies: Inexperienced hackers who use pre-made
tools and scripts to launch attacks
⚫ Hacktivists: Individuals or groups motivated by political
or social causes, targeting systems as part of protest
activities.
⚫ Cybercriminals: Professionals who engage in hacking for
profit, often part of organized groups conducting attacks
like ransomware, phishing, or identity theft.
⚫ Nation-State Actors: Highly sophisticated attackers
sponsored by governments to engage in cyber-espionage,
sabotage, or warfare
⚫ Internal Intruders (Insiders)
⚫ Description: These are individuals within an organization,
such as employees, contractors, or business partners, who
misuse their access privileges. Insider threats can be
malicious or accidental.
⚫ Common Internal Intruders:
⚫ Disgruntled Employees: Individuals seeking revenge or
harboring ill-will toward the organization.
⚫ Careless Users: Employees who unintentionally create
security risks by ignoring protocols or making mistakes (e.g.,
clicking on phishing links, poor password management).
⚫ Malicious Insiders: Individuals intentionally
compromising security for financial gain, espionage, or
sabotage.
⚫ Methods Used by Intruders:-
⚫ Social Engineering: Tricking individuals into divulging confidential
information or performing actions that compromise security (e.g., phishing,
pretexting).
⚫ Password Cracking: Gaining access to systems by guessing or decrypting
passwords using brute-force attacks, dictionary attacks, or rainbow tables.
⚫ Malware Deployment: Introducing malicious software, such as viruses,
worms, ransomware, or keyloggers, to compromise systems.
⚫ Exploiting Vulnerabilities: Taking advantage of flaws in software, hardware,
or configurations to gain unauthorized access.
⚫ Denial of Service (DoS/DDoS): Overloading a system or network with traffic
to cause a service disruption, potentially masking other intrusion attempts.
⚫ Man-in-the-Middle Attacks (MitM): Intercepting and altering
communications between two parties without their knowledge.
 Intrusion Detection Systems (IDS)
⚫ An Intrusion Detection System (IDS) is a security
tool used to monitor network or system activities for
malicious behavior or policy violations. When an
intrusion is detected, the IDS sends an alert to
administrators, helping them respond quickly to
prevent further compromise. IDS solutions are
commonly categorized based on their detection
methods and the types of activities they monitor.
⚫ Intrusion Detection Techniques:-
⚫ Pattern Matching: Looks for specific patterns of known attacks
in network traffic or system logs (used by signature-based IDS).
⚫ Heuristic Analysis: Identifies unknown attacks by analyzing
behaviors that deviate from the established norm.
⚫ Statistical Analysis: Uses statistical models to identify unusual
patterns in system usage (e.g., excessive CPU or memory usage).
⚫ Machine Learning: Employs algorithms to continuously learn
and adapt to new types of threats by analyzing large datasets of
normal and abnormal behaviors.
 Types of IDS
⚫ Network-Based IDS (NIDS):-onitors network traffic
for signs of malicious activity or anomalies.
⚫ 2. Host-Based IDS (HIDS):-Monitors activity on
individual systems or devices.
⚫ 3. Signature-Based IDS:-Detects intrusions by
comparing activities to a database of known attack
patterns or "signatures.
4:Anomaly-Based IDS:-Detects intrusions by
identifying deviations from normal system behavior.
5. Hybrid IDS:-Combines both signature-based and
anomaly-based detection techniques.