Chapter No 05:-Network Security, Cyber Laws And Compliance Standards

Kerberos:-
1. Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-
secure network to prove their identity to one another in a secure manner
2. Kerberos is often called a third-party trusted authentication service. Kerberos keeps a database of all its
users and their private keys. Kerberos provides a secure means of authentication over insecure networks
3. Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted
network such as the internet

Working of Kerberos:-
1. In a Kerberos system, there is a designated site on the network, called the Kerberos server, which
performs centralized key management and administrative tasks
2. The server maintains a database containing the secret keys of all users, generates session keys whenever
two users wish to communicate securely, and authenticates the identity of a user who requests certain
network services

The Kerberos authentication process follows the same steps at both ends for each exchange:

1. AS_REQ → The initial authentication request. This message is directed to the Key Distribution
Center (KDC) component known as the Authentication Server (AS).
2. AS_REP → The reply of the Authentication Server (AS) to the previous request.
3. TGS_REQ → The request from the client to the Ticket Granting Server (TGS) for a service ticket
encrypted with the session key.
4. TGS_REP → The reply from the TGS to the previous request. It contains the requested service
ticket (encrypted using the secret key of the service) and a service session key generated by TGS
5. AP_REQ → The request the client sends to an application server to access a service. It contains:
1. The service ticket obtained from TGS with the previous reply.
2. An authenticator generated by the client, encrypted using the service session key (generated
by TGS).
6. AP_REP → The reply from the application server to the client to prove it is the expected server.
This packet is not always required. The client requests the server for it only when mutual
authentication is necessary.
IPsec:-
1. Internet Protocol Security (IPSec) is an open source protocol suite that secures communications across IP
networks such as LANs, WANs, and the Internet.
2. The protocol is designed to protect data integrity, ensure user confidentiality, and ensure authenticity at
the IP packet level.
3. It provides a stable, long-lasting base for network layer security in the TCP/IP protocol stack, residing
between the Internet layer and the transport layer.
4. IPSec supports all of the cryptographic algorithms in use today and can also accommodate newer, more
powerful algorithms as they become available.
Advantages:-
1. In a firewall, it gives high security to all traffic crossing the outside boundary
2. It can be transparent to end users
3. It can provide security for individual users if desired
Disadvantages:-
1. IPSec is very critical (sensitive) compared to other security protocols
2. It is complicated to configure

Operational Modes of IPSec:-

Transport Mode:-
This mode is designed for host to host communication.IPsec does not encapsulate a packet received from
upper layer.The original IP header is maintained and the data is forwarded based on the original attributes
set by upper layer protocol
Tunnel Mode:-
In tunnel mode the entire packet from upper layer is encapsulated before applying security protocol.Tunnel
mode is typically related with gateway activities.The encapsulation provides the ability to send several
session through a single gateway.

Authentication Header(AH) Protocol:-

1. AH protocol mainly focuses on authentication.The AH protocol is designed to provide data integrity and
IP packet authentication.
2. This protocol provides authentication of all part of contents of a packet by the addition of a header.The
IPsec AH is a header in IP packet which contains a cryptographic checksum(MD or hash) for the content of
packet.

Encapsulation security protocol (ESP):-

1. This protocol gives data confidentiality. ESP also offers security services such as confidentiality,
integrity, origin authentication
2. Encapsulating Security Payload (ESP) is a member of the Internet Protocol Security (IPsec) set of
protocols that encrypt and authenticate the packets of data between computers using a Virtual Private
Network (VPN).

E-Mail Security:-
1. E-mail is the most used application on the internet and the protection of e-mail is a very important issue
nowadays .
2. Email security permits an individual or organization to secure the access to e-mail addresses.E-mail
security includes:
a. Strong password
b. Password rotations
c. Spam filters
d. Anti-spam applications
SMTP(Simple Mail Transfer Protocol):-
1. SMTP stands for simple mail transfer protocol.SMTP is a set of communication rules that permit
software to communicate an electronic mail over the internet called as Simple Mail Transfer Protocol
2. SMTP also provides
a. Send one message to one or many receivers
b. Sending of any type of message is allowed such as text,video,audio, etc
c. It can also send the messages on different networks outside the internet
3. SMTP is used to send and route emails between email client and server.It defines the rules for
transferring e-mails across the networks.
4. SMTP follows a client-server protocol, which means email messages, commands and responses are
transmitted as a plaint text and it is a connection-oriented protocol.
How SMTP Works
1. SMTP uses a command and responses to transfer messages between an MTA client and MTA server
2. Each command or reply is terminated by a two-character End-of-line token
Advantages:-
1. SMTP is a relatively simple,text-based protocol
2. It is easy to implement and has higher speed
Disadvantages:-
1. SMTP lacks built-in encryption and authentication
2. SMTP is only used for sending emails only

Privacy-Enhanced Mail(PEM):-
1. Privacy Enhanced Mail (PEM) is an Internet standard that provides for secure exchange of electronic
mail
2. It allows use of several algorithms for data encryption, key management, and data integrity.
3. Three cryptographic function of PEM are as follow
a. Message integrity
b. Non-repudiation
c. Encryption
How does the PEM works:-
1. Canonical Conversion:-The email message travels in a uniform and independent format, regardless of
the operating system and architecture of the sender and the receiver
2. Digital Signature:-A digital signature for email communications is created in this stage.
3. Encryption:-In this step, a symmetric key is used to encrypt both the original email message and the
digital signature made in step 2.
4. Base-64 Encoding:-This is the last step in privacy-enhanced mail. The Base-64 Encoding process
converts any binary input into the printable character output.

PGP(Pretty Good Privacy):-

1. PGP stands for Pretty good privacy protocol and was designed to provide all the four aspects of security
i.e. Privacy,integrity, authentication, and non-repudiation in the sending of e-mail.
2. PGP uses Digital signature to provide the integrity, authentication and non-repudiation and it uses
combination of secret key and public key encryption to provide privacy.
3. It is an open source and freely available software package for e-mail security.
Working of PGP:-
1. Digital signature:-In this step Message Digest (MD) of the e-mail message is created using SHA-1
Algorithm
2. Compression:-Input message and digital signature are compressed together to reduce the size of final
message
3. Encryption:-Output from step 02 are encrypted with the symmetric key
4. Digital Enveloping:-In this step symmetric key used for encryption in step 03 is encrypted with the
receivers public key
5. Base 64 Encoding:-The Base-64 Encoding process converts any binary input into the printable character
output received from the step 04
PKI(Public Key Infrastructure):-
1. A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to
create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
2. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network
activities such as e-commerce, internet banking and confidential email.

3. It usually consists of the following component

a. A digital certificate also called a public key certificate
b. Private Key tokens
c. Registration authority
d. Certification authority
e. CMS or Certification management system
4.PKI and Encryption: The root of PKI involves the use of cryptography and encryption techniques. Both
symmetric and asymmetric encryption uses a public key. There is always a risk of MITM (Man in the
middle). This issue is resolved by a PKI using digital certificates.

Example of PKI
Digital Certificate:-
1. A digital certificate is an electronic document or container file that contains a key value and identifying
information about the entity that controls the key.
2. Digital certificate is issued by a trusted third party which proves sender’s identity to the receiver and
receiver’s identity to the sender.
3. A digital certificate is a certificate issued by a Certificate Authority (CA) to verify the identity of the
certificate holder.It is generated by CA (Certifying Authority) that involves four steps: Key Generation,
Registration, Verification, Creation.
4. Digital certificates provide a copy of the certificate holder's public key, which must match a matching
private key.
5. A digital signature attached to the certificate's container file certifies the file's origin and integrity. This
verification process often occurs when we download or update software via the Internet.
Advantages:-
1. Enhanced Security
2. Cost-Effectiveness
3. Trust and Credibility
Disadvantages:-
1. Management Complexity
2. Potential for security breaches
Steps for Digital Certificate Creation:

Step-1: Key generation is done by either user or registration authority. The public key which is generated
is sent to the registration authority and private key is kept secret by user.
Step-2: In the next step the registration authority registers the user.
Step-3: Next step is verification which is done by registration authority in which the user’s credentials are
being verified by registration authority. .
Step-4: In this step the details and sent to certificate authority by registration authority who creates the
digital certificate and give it to users and also keeps a copy to itself.

Cybercrime:-
1. Cybercrime is a generic term that refers to all criminal activities done using the medium of computers,
the Internet, cyberspace, and the worldwide web (or web).
2. Cybercrime (computer crime) is an illegal behavior, directed by means of electronic operations, that
targets the security of computer systems and the data processed by them
3. Computer-related crime is also called "cybercrime", "e-crime", or "digital technology crime". In other
words, the crime that involves and uses computer devices and the Internet is known as cybercrime
4. More and more criminals are exploiting the speed, convenience, and anonymity that modern technologies
offer in order to commit a diverse range of criminal activities
5. Cyber security is a potential activity by which information and other communication systems are
protected from and/or defended against unauthorized use, modification, or exploitation.

Hacking:-
1. Hacking refers to the unauthorized access of another computer system.It is the practice of modifying
features of a system to accomplish a goal outside its original purpose
2. Every act committed towards breaking into a computer and/or network is considered hacking, and it is an
offense
3. Hackers write or use readymade computer programs to attack the target computer
4. Some hackers have a destructive mindset and enjoy causing destruction
5. Others hack for personal monetary gain, such asaling credit card information,Transferring money from
various bank accounts to their own, Withdrawing stolen money,etc
Cracking:-
1. Cracking is a technique used to breach computer software or an entire computer security system, and
with malicious intentThough functionally the same as hacking, cracking is strictly used in a criminal sense.
2. The process of attempting to gain unauthorized access to a computer system or network by exploiting
vulnerabilities or weaknesses in its security is called cracking.
3. Cracking specifically refers to same as hacking, but with criminal intent.
4.Types of Cracking
 Password Cracking
 Software cracking
 Network cracking
 Application cracking
 Wireless cracking

Digital Forgery:-
1. Forgery is a criminal act that provides misleading information about a product or service.It is the process
of making, adapting, or imitating documents or objects with the intent to cause harm.
2. It is also called digital tampering.Digital forgery is the process of manipulating documents or images for
financial, social, or political gain.

Cyber Stalking/Harassment:-
1. Cyber stalking is stalking or harassment conducted over the internet.It may target individuals, groups, or
organizations and take various forms, including slander, defamation, and threats
2. Harassment via e-mail, text, or online messages is considered cyber harassment.Cyberstalking commonly
happens on social media, forums, and emails.
3. A stalker may be an online stranger or a person whom the target knows.It can take many forms inlcuding
the following.
a. Unwanted sexually explicit emails, text, or online messages.
b. Inappropriate or offensive advances on social networking sites or chat rooms
c. Threats of physical and/or sexual violence via email, text, or online messages
d. Hate speech – Language that denigrates, insults, or threatens an individual based on their identity, gender,
or other traits.

Cyber Pornography:-
1. Pornography refers to the presentation of sexually explicit behavior through photographs, videos, or other
media, intended to arouse sexual excitement
2. Child pornography is considered one of the most serious cybercrimes.It involves any visual depiction
(photographs, videos, or computer-generated images) that portrays a minor in sexually explicit conduct
Types of Cyber Pornography:
✔ Any photograph, video, or image that is considered obscene or unsuitable for minors.
✔ Computer-generated sexually explicit images involving minors.
✔ Internet is the most commonly used tool for such criminals to exploit children.
✔ Easy access to the internet makes children vulnerable to cyber predators.
✔ Pedophiles use pornographic content to lure children and then approach them for sexual exploitation.

Cyber Terorrism:-
1. Cyber terrorism is an act of terrorism that uses information systems or digital technology.It involves
internet-based attacks in terrorist activities, including large-scale disruptions of computer networks
2. Cyber-attacks include
· Unlawful attacks and threats against computers, networks, and databases.
· Hacking and disrupting important systems.
· Water contamination, power grid disruptions, explosions, plane crashes, and severe economic damage.
3. When cyberattacks are carried out to intimidate or coerce governments or people to achieve political or
social objectives, they are classified as cyber terrorism.
4. Example: Hacking into government computer systems, website defacement, and data destruction
5. Cyber terrorism can be International,domestic or political.Terrorist groups use their own technology to
attack victims' computers

Cyber Defammation:-
1. Cyber defamation occurs when defamatory content is published online with the intent to harm someone's
reputation.
2. It involves the publication of false, misleading, or damaging material against a person or entity using
computers or the internet
3. Cyber defamation is publishing of defamatory material against another person with the help of computers
or internet.
4. Cyber defamation is not a specific criminal offense but is prosecuted under traditional defamation laws
when carried out via digital media.

Cyber Law:-
1. Cyber law is the area of law that deals with the internet relationship to technological and electronic
elements including computer, software, hardware and Information systems
2. Cyber law is a term that is used to describe the legal issues related to use of communications technology,
i.e. the Internet
Advantages:-
1. Organizations/Companies are now able to carry out e-commerce using the legal infrastructure provided
by the Act
2. Digital signatures have been given legal validity and sanction in the Act
3. The IT Act also addresses the important issues of security, which are so critical to the success of
electronic transactions
4. It has opened the doors for the entry of corporate companies for issuing Digital Signatures Certificates in
the business of being Certifying Authorities

Categories of Cyber Laws:-

There are three major categories that cybercrime falls into: individual, property and government. The types
of methods used and difficulty levels vary depending on the category:

·1.Crime against Property: This is similar to a real-life instance of a criminal illegally possessing an
individual’s bank or credit card details. The hacker steals a person’s bank details to gain access to funds,
make purchases online or run phishing scams to get people to give away their information. They could also
use malicious software to gain access to a web page with confidential information.

2.Crime against Individual: This category of cybercrime involves one individual distributing malicious or
illegal information online. This can include cyber stalking, distributing pornography and trafficking.

3.Crime against Government: This is the least common cybercrime, but is the most serious offense. A
crime against the government is also known as cyber terrorism. Government cybercrime includes hacking
government websites, military websites or distributing propaganda. These criminals are usually terrorists or
enemy governments of other nations.
Cobit Framework:-

1. COBIT is a framework for Information Technology (IT) management and IT governance

2. COBIT stands for Control Objectives for Information and Related Technology.
It is a framework created by the ISACA (Information Systems Audit and Control Association) for IT
governance and management
3. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical
issues, and business risks
4. COBIT has been considered as a high-level IT governance framework combining IT security, IT audit,
and IT assurance
5. COBIT provides an internal control system or framework to manage business requirements for
Effectiveness,Efficiency, Confidentiality, Integrity, Availability, Compliance,Reliability of information
6. The COBIT framework is based on the principle:"To provide the information that the organization
requires to achieve its objectives, the organization requires investing in and managing and controlling IT
resources using a structured set of processes to provide the services which deliver the required enterprise
information."

Criteria that COBIT refers to as business requirements for information:

1. Effectiveness:The information is relevant, timely, correct, consistent, and applicable to the business
process
2. Efficiency:The information is optimal for productive as well as economical use of resources
3. Confidentiality:The information is protected from unauthorized use
4. Integrity:The information is accurate and complete and valid for business
5. Availability:It means that the information will be available whenever required by the business process.