SlideShare a Scribd company logo

Unit 7 : Network Security

Chandan Gupta Bhagat
Chandan Gupta Bhagat

This document discusses network security and provides information on several related topics in 3 paragraphs or less: It begins with an overview of a general model for network security that involves designing secure algorithms, generating and distributing secret information, and specifying communication protocols. It then explains the principles of symmetric and asymmetric cryptography, noting examples like AES and RSA. The document concludes with a brief discussion of digital signatures and their importance in message authentication and ensuring data integrity.

1 of 50
Unit 7 : Network Security Chandan Gupta Bhagat https://chandanbhagat.com.np/me
Network Security  A Model for Network Security  Principles of cryptography: Symmetric Key and Public Key  Public Key Algorithm - RSA  Digital Signature Algorithm  Communication Security: IPSec, VPN, Firewalls, Wireless Security
A Model for Network Security
A Model for Network Security  A security-related transformation on the information to be sent. Examples include the encryption of the message, which scrambles the message so that it is unreadable by the opponent, and the addition of a code based on the contents of the message, which can be used to verify the identity of the sender. Model For Network Security
A Model for Network Security  Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An example is an encryption key used in conjunction with the transformation to scramble the message before transmission and unscramble it on reception.  A trusted third party may be needed to achieve secure transmission. For example, a third party may be responsible for distributing the secret information to the two principals while keeping it from any opponent. Or a third party may be needed to arbitrate disputes between the two principals concerning the authenticity of a message transmission.
A Model for Network Security  A general model shows that there are four basic tasks in designing a particular security service:  Design an algorithm for performing the security-related transformation. The algorithm should be such that an opponent cannot defeat its purpose.  Generate the secret information to be used with the algorithm.  Develop methods for the distribution and sharing of the secret information.  Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret information to achieve a particular security service.
A Model for Network Security  A general model of these other situations which reflects a concern for protecting an information system from unwanted access.  Most readers are familiar with the concerns caused by the existence of hackers, who attempt to penetrate systems that can be accessed over a network.  The hacker can be someone who, with no malign intent, simply gets satisfaction from breaking and entering a computer system.  The intruder can be a disgruntled employee who wishes to do damage or a criminal who seeks to exploit computer assets for financial gain (e.g., obtaining credit card numbers or performing illegal money transfers).
A Model for Network Security  Programs can present two kinds of threats:-  Information access threats: Intercept or modify data on behalf of users who should not have access to that data.  Service threats: Exploit service flaws in computers to inhibit use by legitimate users.  The security mechanisms needed to cope with unwanted access fall into two broad categories.  The first category might be termed a gatekeeper function. It includes password-based login procedures that are designed to deny access to all but authorized users and screening logic that is designed to detect and reject worms, viruses, and other similar attacks.  Once either an unwanted user or unwanted software gains access, the second line of defense consists of a variety of internal controls that monitor activity and analyze stored information in an attempt to detect the presence of unwanted intruders.
Principles of Cryptography
Symmetrical Encryption  This is the simplest kind of encryption that involves only one secret key to cipher and decipher information.  Symmetrical encryption is an old and best-known technique.  It uses a secret key that can either be a number, a word or a string of random letters.  It is a blended with the plain text of a message to change the content in a particular way.  The sender and the recipient should know the secret key that is used to encrypt and decrypt all the messages. AES, DES, RC5, and RC6 are examples of symmetric encryption.  The most widely used symmetric algorithm is AES-128, AES-192, and AES-256.  The main disadvantage of the symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it.
Symmetrical Encryption
Asymmetrical Encryption  Asymmetrical encryption is also known as public key cryptography, which is a relatively new method, compared to symmetric encryption.  Asymmetric encryption uses two keys to encrypt a plain text.  Secret keys are exchanged over the Internet or a large network.  It ensures that malicious persons do not misuse the keys.  It is important to note that anyone with a secret key can decrypt the message and this is why asymmetrical encryption uses two related keys to boosting security.  A public key is made freely available to anyone who might want to send you a message. The second private key is kept a secret so that you can only know.  A message that is encrypted using a public key can only be decrypted using a private key, while also, a message encrypted using a private key can be decrypted using a public key.  Security of the public key is not required because it is publicly available and can be passed over the internet. Asymmetric key has a far better power in ensuring the security of information transmitted during communication.  Asymmetric encryption is mostly used in day-to-day communication channels, especially over the Internet.  Popular asymmetric key encryption algorithm includes RSA, DSA etc
Asymmetrical Encryption
Symmetric Vs Asymmetric Encryption Characteristics Symmertic Asymmetric Key Same Key Different keys are used for Encryption and Decryption Speed Very Fast Slower Size Same or less than original text More than original text Known Keys Both parties should know the keys Either one of the keys is known by 2 parties Usage Confidentiality Confidentiality, Digital Signatures
Public Key Algorithm - RSA
RSA  RSA algorithm is a public key encryption technique and is considered as the most secure way of encryption. It was invented by Rivest, Shamir and Adleman in year 1978 and hence name RSA algorithm. Algorithm  The RSA algorithm holds the following features −  RSA algorithm is a popular exponentiation in a finite field over integers including prime numbers.  The integers used by this method are sufficiently large making it difficult to solve.  There are two sets of keys in this algorithm: private key and public key.  You will have to go through the following steps to work on RSA algorithm  Generate the RSA Modulus  Derived Number (e)  Public Key  Private Key
RSA • The initial procedure begins with selection of two prime numbers namely p and q, and then calculating their product N, as shown: • N=p*q • Here, let N be the specified large number. Step 1: Generate the RSA modulus • Consider number e as a derived number which should be greater than 1 and less than (p-1) and (q-1). • The primary condition will be that there should be no common factor of (p-1) and (q-1) except 1 Step 2: Derived Number (e)
RSA • The specified pair of numbers n and e forms the RSA public key and it is made public. Step 3: Public key • Private Key d is calculated from the numbers p, q and e. The mathematical relationship between the numbers is as follows − • ed = 1 mod (p-1) (q-1) • The above formula is the basic formula for Extended Euclidean Algorithm, which takes p and q as the input parameters. Step 4: Private Key
RSA Encryption Formula Consider a sender who sends the plain text message to someone whose public key is (n,e). To encrypt the plain text message in the given scenario, use the following syntax: C = Pe mod n Decryption Formula The decryption process is very straightforward and includes analytics for calculation in a systematic approach. Considering receiver C has the private key d, the result modulus will be calculated as: Plaintext = Cd mod n
RSA : Example  Generating Public Key  Select 2 prime numbers (p=53 and Q=59)  First part of public key n=p*q=3127  We need a small exponent e  Integer  Not a factor of n  1<e<φ(n)  Let us consider it to be 3  Generating Private key  We need to calculate φ(n)  Φ(n)=(p-1)(q-1) = 3016  Private key d = 𝑘×φ 𝑛 +1 𝑒 for some integer k  For k=2 d=2011 We have Public key n=3127 and e=3 Private key d=2011
RSA  Lets Encrypt “HI”  Convert the letters to numbers H=>8 and I=>9  Encrypted Data c=89e mod n  Encrypted Data comes to be 1394  Lets Decrypt 1394  Decrypted Data = cd mod n  Decrypted data comes out to be 89  8=>H and 9=>I = “HI” Public key n=3127 and e=3 Private key d=2011
Digital Signature Algorithm
Digital Signature Algorithm  Digital signatures are the public-key primitives of message authentication. In the physical world, it is common to use handwritten signatures on handwritten or typed messages. They are used to bind signatory to the message.  Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding can be independently verified by receiver as well as any third party.  Digital signature is a cryptographic value that is calculated from the data and a secret key known only by the signer.
Digital Signature Model Signer Verifier Data Hashing Function Hash Signature Algortihm Data Signature Signer’s Private Key Hashing Function Verification Algorithm Signer’s Public Key Equal Hash
Importance of Digital Signature  Message authentication : When the verifier validates the digital signature using public key of a sender, he is assured that signature has been created only by sender who possess the corresponding secret private key and no one else.  Data Integrity : In case an attacker has access to the data and modifies it, the digital signature verification at receiver end fails. The hash of modified data and the output provided by the verification algorithm will not match. Hence, receiver can safely deny the message assuming that data integrity has been breached.  Non-repudiation : Since it is assumed that only the signer has the knowledge of the signature key, he can only create unique signature on a given data. Thus, the receiver can present data and the digital signature to a third party as evidence if any dispute arises in the future. By adding public-key encryption to digital signature scheme, we can create a cryptosystem that can provide the four essential elements of security namely − Privacy, Authentication, Integrity, and Non- repudiation.
Encryption with Digital Signature  There are two possibilities  sign-then-encrypt  encrypt-then-sign  However, the crypto system based on sign-then-encrypt can be exploited by receiver to spoof identity of sender and sent that data to third party. Hence, this method is not preferred. The process of encrypt-then-sign is more reliable and widely adopted. This is depicted in the following illustration The receiver after receiving the encrypted data and signature on it, first verifies the signature using sender’s public key. After ensuring the validity of the signature, he then retrieves the data through decryption using his private key. Sender’s Side Encryption using Receiver’s Public Key Hashing Function Digital Signature with Sender’s Public Key Hash Data Encrypted Data + Digital Signature
Advantages of Digital Signature  Along with having strong strength levels, the length of the signature is smaller as compared to other digital signature standards.  The signature computation speed is less.  DSA requires less storage to work as compared to other digital standards.  DSA is patent free so it can be used free of cost. Disadvantages of Digital Signature Algorithm  It requires a lot of time to authenticate as the verification process includes complicated remainder operators. It requires a lot of time for computation.  Data in DSA is not encrypted. We can only authenticate data in this.  The digital signature algorithm firstly computes with SHA1 hash and signs it. Any drawbacks in cryptographic security of SHA1 are reflected in DSA because implicitly of DSA is dependent on it.  With applications in both secret and non-secret communications, DSA is of the US National Standard.
Communication Security
IP Security (IPSec)  Internet protocol security (IPsec) is a set of protocols that provides security for Internet Protocol. It can use cryptography to provide security. IPsec can be used for the setting up of virtual private networks (VPNs) in a secure manner.Also known as IP Security.  IPsec involves two security services:  Authentication Header (AH): This authenticates the sender and it discovers any changes in data during transmission.  Encapsulating Security Payload (ESP): This not only performs authentication for the sender but also encrypts the data being sent.  There are two modes of IPsec:  Tunnel Mode: This will take the whole IP packet to form secure communication between two places, or gateways.  Transport Mode: This only encapsulates the IP payload (not the entire IP packet as in tunnel mode) to ensure a secure channel of communication.
IP Security (IPSec)  The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets. The protocols needed for secure key exchange and key management are defined in it. Uses of IP Security  IPsec can be used to do the following things:  To encrypt application layer data.  To provide security for routers sending routing data across the public internet.  To provide authentication without encryption, like to authenticate that the data originates from a known sender.  To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
IP Security (IPSec) Components of IP Security  Encapsulating Security Payload (ESP) : It provides data integrity, encryption, authentication and anti replay. It also provides authentication for payload.  Authentication Header (AH) : It also provides data integrity, authentication and anti replay and it does not provide encryption. The anti replay protection, protects against unauthorized transmission of packets. It does not protect data’s confidentiality. IP HDR AH TCP Data
IPSec : Internet Key Exchange (IKE)  It is a network security protocol designed to dynamically exchange encryption keys and find a way over Security Association (SA) between 2 devices.  The Security Association (SA) establishes shared security attributes between 2 network entities to support secure communication.  The Key Management Protocol (ISAKMP) and Internet Security Association which provides a framework for authentication and key exchange.  ISAKMP tells how the set up of the Security Associations (SAs) and how direct connections between two hosts that are using IPsec.  Internet Key Exchange (IKE) provides message content protection and also an open frame for implementing standard algorithms such as SHA and MD5.  The algorithm’s IP sec users produces a unique identifier for each packet. This identifier then allows a device to determine whether a packet has been correct or not.  Packets which are not authorized are discarded and not given to receiver.
IP Security (IPSec)  IPsec provides the following security services for traffic at the IP layer:  Data origin authentication : identifying who sent the data.  Confidentiality (encryption) : ensuring that the data has not been read en route.  Connectionless integrity : ensuring the data has not been changed en route.  Replay protection : detecting packets received more than once to help protect against denial of service attacks. IP HDR TCP Data Original Packet ESP HDR Data ESP Trailer IP HDR TCP ESP Authentic ation Encryption Authentication
IP Security (IPSec) Applications of IPSec  As we all know to help in the security of a network the Internet community has done lot of work and developed application-specific security mechanisms in numerous application areas, including electronic mail (Privacy Enhanced Mail, Pretty Good Privacy [PGP]), network management (Simple Network Management Protocol Version 3[SNMPv3]), Web access (Secure HTTP, Secure Sockets Layer [SSL]), and others. Benefits of IPSec  When IPSec is implemented in a firewall or router, it provides strong security whose application is to all traffic crossing this perimeter. Traffic within a company or workgroup does not incur the overhead of securityrelated processing.  IPSec is below the transport layer (TCP, UDP), and is thus transparent to applications. There is no need to change software on a user or server system when IPSec is implemented in the firewall or router.  Even if IPSec is implemented in end systems, upper layer software, including applications is not affected. IPSec can be transparent to end users.
VPN  VPN stands for Virtual Private Network (VPN) that allows a user to connect to a private network over the Internet securely and privately.  VPN creates an encrypted connection that is called VPN tunnel and all Internet traffic and communication is passed through this secure tunnel. Types  Remote Access VPN: Remote Access VPN permits a user to connect to a private network and access all its services and resources remotely. The connection between the user and the private network occurs through the Internet and the connection is secure and private. Remote Access VPN is useful for home users and business users both.  Site to Site VPN: A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large companies. Companies or organizations, with branch offices in different locations, use Site-to-site VPN to connect the network of one office location to the network at another office location.  Intranet based VPN: When several offices of the same company are connected using Site-to-Site VPN type, it is called as Intranet based VPN.  Extranet based VPN: When companies use Site-to-site VPN type to connect to the office of another company, it is called as Extranet based VPN.
Types of VPN Protocols  Internet Protocol Security (IPSec): Internet Protocol Security, known as IPSec, is used to secure Internet communication across an IP network. IPSec secures Internet Protocol communication by verifying the session and encrypts each data packet during the connection. IPSec runs in 2 modes:  Transport mode  Tunneling mode The work of transport mode is to encrypt the message in the data packet and the tunneling mode encrypts the whole data packet. IPSec can also be used with other security protocols to improve the security system.  Layer 2 Tunneling Protocol (L2TP): L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined with another VPN security protocol like IPSec to establish a highly secure VPN connection. L2TP generates a tunnel between two L2TP connection points and IPSec protocol encrypts the data and maintains secure communication between the tunnel.  Point–to–Point Tunneling Protocol (PPTP): PPTP or Point-to-Point Tunneling Protocol generates a tunnel and confines the data packet. Point- toPoint Protocol (PPP) is used to encrypt the data between the connection. PPTP is one of the most widely used VPN protocol and has been in use since the early release of Windows. PPTP is also used on Mac and Linux apart from Windows.
Types of VPN Protocols  SSL and TLS: SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN connection where the web browser acts as the client and user access is prohibited to specific applications instead of entire network. Online shopping websites commonly uses SSL and TLS protocol. It is easy to switch to SSL by web browsers and with almost no action required from the user as web browsers come integrated with SSL and TLS. SSL connections have “https” in the initial of the URL instead of “http”.  OpenVPN: OpenVPN is an open source VPN that is commonly used for creating Point-to-Point and Site-to-Site connections. It uses a traditional security protocol based on SSL and TLS protocol.  Secure Shell (SSH): Secure Shell or SSH generates the VPN tunnel through which the data transfer occurs and also ensures that the tunnel is encrypted. SSH connections are generated by a SSH client and data is transferred from a local port on to the remote server through the encrypted tunnel.
Firewall  A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.  Accept : allow the traffic  Reject : block the traffic but reply with an “unreachable error”  Drop : block the traffic with no reply  A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the Internet.  A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.
Firewall
Firewall  Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are rules that determine whether network access should be granted or denied to specific IP address.  But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.  Connectivity to the Internet is no longer optional for organizations.  However, accessing the Internet provides benefits to the organization; it also enables the outside world to interact with the internal network of the organization.  This creates a threat to the organization. In order to secure the internal network from unauthorized traffic, we need a Firewall.
How does Firewall Work?  Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming from unsecured or suspicious sources to prevent attacks.  Firewalls guard traffic at a computer’s entry point, called ports, which is where information is exchanged with external devices. For example, “Source address 172.18.1.1 is allowed to reach destination 172.18.2.1 over port 22."  Think of IP addresses as houses, and port numbers as rooms within the house. Only trusted people (source addresses) are allowed to enter the house (destination address) at all—then it’s further filtered so that people within the house are only allowed to access certain rooms (destination ports), depending on if they're the owner, a child, or a guest. The owner is allowed to any room (any port), while children and guests are allowed into a certain set of rooms (specific ports).
Types of Firewall  Host- based Firewalls : Host-based firewall is installed on each network node which controls each incoming and outgoing packet. It is a software application or suite of applications, comes as a part of the operating system. Host-based firewalls are needed because network firewalls cannot provide protection inside a trusted network. Host firewall protects each host from attacks and unauthorized access.  Network-based Firewalls : Network firewall function on network level. In other words, these firewalls filter all incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic using rules defined on the firewall. A Network firewall might have two or more network interface cards (NICs). A network-based firewall is usually a dedicated system with proprietary software installed. Generation of Firewall Firewalls can be categorized based on its generation
Types of Firewall  First Generation- Packet Filtering Firewall : Packet filtering firewall is used to control network access by monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers).  Incoming packets from network 192.168.21.0 are blocked.  Incoming packets destined for internal TELNET server (port 23) are blocked.  Incoming packets destined for host 192.168.21.3 are blocked.  All well-known services to the network 192.168.21.0 are allowed.  Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient.  Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when certain application and protocols (like HTTP, FTP) are being misused.  Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed these days to stop modern security breaches like advance malware attacks and application-layer attacks.
Wireless Security  Like the system's security and data security, keeping a sound knowledge about different wireless security measures is also essential to know for security professionals. It is because different wireless security mechanisms have a different level of strength and capabilities.  There are automated wireless hacking tools available that have made cybercriminals more powerful. List of some of these tools are:  AirCrack.  AirSnort.  Cain & Able.  Wireshark.  NetStumbler etc.  Different various techniques of hacking include remote accessing, shoulder surfing, wireless router's dashboard accessing, and brute-forcing attack that are used to penetrate wireless security.
What is Wireless Security?  Wireless security revolves around the concept of securing the wireless network from malicious attempts and unauthorized access.  The wireless security can be delivered through different ways such as:  Hardware-based: where routers and switches are fabricated with encryption measures protects all wireless communication. So, in this case, even if the data gets compromised by the cybercriminal, they will not be able to decrypt the data or view the traffic's content.  Wireless setup of IDS and IPS: helps in detecting, alerting, and preventing wireless networks and sends an alarm to the network administrator in case of any security breach.  Wireless security algorithms: such as WEP, WPA, WPA2, and WPA3. These are discussed in the subsequent paragraphs.
Wired Equivalent Privacy (WEP)  Wired Equivalent Privacy (WEP) is the oldest security algorithm of 1999.  It uses the initialization vector (IV) method. The very first versions of the WEP algorithm were not predominantly strong enough, even for that time when it got released.  But the reason for this weak release was because of U.S. limits on the exporting of different cryptographic technologies, which led the manufacturing companies to restrict their devices to 64-bit encryption only.  As the limitation was withdrawn, the 128 bit and 256 bit WEP encryption were developed and came into the wireless security market, though 128 became the standard one.
Wi-Fi Protected Access (WPA)  Wi-Fi Protected Access (WPA) was the next Wi-Fi Alliance's project that replaced the increasingly noticeable vulnerabilities of WEP standard.  WPA was officially adopted in the year 2003, one year before the retirement of WEP.  WPA's most common configuration is with WPA-PSK, which is abbreviated as Pre-Shared Key.  WPA uses 256-bit, which was a considerable enhancement above the 64-bit as well as 128-bit keys.
Wi-Fi Protected Access II (WPA2)  Wi-Fi Protected Access II (WPA2) became official in the year 2006 after WPA got outdated.  It uses the AES algorithms as a necessary encryption component as well as uses CCMP (Counter Cipher Mode - Block Chaining Message Authentication Protocol) by replacing TKIP.
Wi-Fi Protected Access 3 (WPA3)  Wi-Fi Protected Access 3 (WPA3) is the latest, and the third iteration of this family developed under Wi-Fi Alliance.  It has personal as well as enterprise security-support feature and uses 384-bit Hashed Message Authentication Mode, 256-bit Galois / Counter Mode Protocol (GCMP-256), as well as Broadcast/Multicast Integrity Protocol of 256-bit.  WPA3 also provides perfect forward secrecy mechanism support.
Thank you https://chandanbhagat.com.np/me
Ad

Recommended

Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DES
Hemant Sharma
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
Gopal Sakarkar
 
Routing protocols for ad hoc wireless networks
Routing protocols for ad hoc wireless networks Routing protocols for ad hoc wireless networks
Routing protocols for ad hoc wireless networks
Divya Tiwari
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Unit 5 Application Layer
Unit 5 Application LayerUnit 5 Application Layer
Unit 5 Application Layer
KalpanaC14
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
JAINAM KAPADIYA
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
Dr.Florence Dayana
 
Routing in Mobile Ad hoc Networks
Routing in Mobile Ad hoc NetworksRouting in Mobile Ad hoc Networks
Routing in Mobile Ad hoc Networks
Sayed Chhattan Shah
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
Triad Square InfoSec
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
SHUBHA CHATURVEDI
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
Syed Bahadur Shah
 
Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...
Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...
Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...
Salah Amean
 
NIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureNIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference Architecture
Thanakrit Lersmethasakul
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithm
Prateek Pandey
 
S/MIME
S/MIMES/MIME
S/MIME
maria azam
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In Cryptography
Aadya Vatsa
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Dr. Shashank Shetty
 
AODV (adhoc ondemand distance vector routing)
AODV (adhoc ondemand distance vector routing) AODV (adhoc ondemand distance vector routing)
AODV (adhoc ondemand distance vector routing)
ArunChokkalingam
 
Routing protocols in ad hoc network
Routing protocols in ad hoc networkRouting protocols in ad hoc network
Routing protocols in ad hoc network
NIIS Institute of Business Management, Bhubaneswar
 
Symmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptSymmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.ppt
HassanAli980906
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Lecture 23 27. quality of services in ad hoc wireless networks
Lecture 23 27. quality of services in ad hoc wireless networksLecture 23 27. quality of services in ad hoc wireless networks
Lecture 23 27. quality of services in ad hoc wireless networks
Chandra Meena
 
Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layer
Naiyan Noor
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
Introduction to cryptography and types of ciphers
Introduction to cryptography and types of ciphersIntroduction to cryptography and types of ciphers
Introduction to cryptography and types of ciphers
Aswathi Nair
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
Rajapriya82
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa Crptosystem
Amlan Patel
 
Computer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowComputer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU Lucknow
Brijesh Vishwakarma
 
Ad

More Related Content

What's hot (20)

Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
Dr.Florence Dayana
 
Routing in Mobile Ad hoc Networks
Routing in Mobile Ad hoc NetworksRouting in Mobile Ad hoc Networks
Routing in Mobile Ad hoc Networks
Sayed Chhattan Shah
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
Triad Square InfoSec
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
SHUBHA CHATURVEDI
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
Syed Bahadur Shah
 
Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...
Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...
Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...
Salah Amean
 
NIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureNIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference Architecture
Thanakrit Lersmethasakul
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithm
Prateek Pandey
 
S/MIME
S/MIMES/MIME
S/MIME
maria azam
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In Cryptography
Aadya Vatsa
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Dr. Shashank Shetty
 
AODV (adhoc ondemand distance vector routing)
AODV (adhoc ondemand distance vector routing) AODV (adhoc ondemand distance vector routing)
AODV (adhoc ondemand distance vector routing)
ArunChokkalingam
 
Routing protocols in ad hoc network
Routing protocols in ad hoc networkRouting protocols in ad hoc network
Routing protocols in ad hoc network
NIIS Institute of Business Management, Bhubaneswar
 
Symmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptSymmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.ppt
HassanAli980906
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Lecture 23 27. quality of services in ad hoc wireless networks
Lecture 23 27. quality of services in ad hoc wireless networksLecture 23 27. quality of services in ad hoc wireless networks
Lecture 23 27. quality of services in ad hoc wireless networks
Chandra Meena
 
Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layer
Naiyan Noor
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
Introduction to cryptography and types of ciphers
Introduction to cryptography and types of ciphersIntroduction to cryptography and types of ciphers
Introduction to cryptography and types of ciphers
Aswathi Nair
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
Rajapriya82
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
Dr.Florence Dayana
 
Routing in Mobile Ad hoc Networks
Routing in Mobile Ad hoc NetworksRouting in Mobile Ad hoc Networks
Routing in Mobile Ad hoc Networks
Sayed Chhattan Shah
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
Triad Square InfoSec
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
SHUBHA CHATURVEDI
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
Syed Bahadur Shah
 
Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...
Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...
Data Mining: Concepts and Techniques chapter 07 : Advanced Frequent Pattern M...
Salah Amean
 
NIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureNIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference Architecture
Thanakrit Lersmethasakul
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithm
Prateek Pandey
 
S/MIME
S/MIMES/MIME
S/MIME
maria azam
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In Cryptography
Aadya Vatsa
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Dr. Shashank Shetty
 
AODV (adhoc ondemand distance vector routing)
AODV (adhoc ondemand distance vector routing) AODV (adhoc ondemand distance vector routing)
AODV (adhoc ondemand distance vector routing)
ArunChokkalingam
 
Routing protocols in ad hoc network
Routing protocols in ad hoc networkRouting protocols in ad hoc network
Routing protocols in ad hoc network
NIIS Institute of Business Management, Bhubaneswar
 
Symmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptSymmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.ppt
HassanAli980906
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Lecture 23 27. quality of services in ad hoc wireless networks
Lecture 23 27. quality of services in ad hoc wireless networksLecture 23 27. quality of services in ad hoc wireless networks
Lecture 23 27. quality of services in ad hoc wireless networks
Chandra Meena
 
Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layer
Naiyan Noor
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
Introduction to cryptography and types of ciphers
Introduction to cryptography and types of ciphersIntroduction to cryptography and types of ciphers
Introduction to cryptography and types of ciphers
Aswathi Nair
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
Rajapriya82
 

Similar to Unit 7 : Network Security (20)

Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa Crptosystem
Amlan Patel
 
Computer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowComputer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU Lucknow
Brijesh Vishwakarma
 
Encryption
EncryptionEncryption
Encryption
Naiyan Noor
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
Uttara University
 
Email Encryption using Tri-Cryptosystem Based on Android
Email Encryption using Tri-Cryptosystem Based on AndroidEmail Encryption using Tri-Cryptosystem Based on Android
Email Encryption using Tri-Cryptosystem Based on Android
IRJET Journal
 
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
IJECEIAES
 
Review on variants of Security aware AODV
Review on variants of Security aware AODVReview on variants of Security aware AODV
Review on variants of Security aware AODV
ijsrd.com
 
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEYMETHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
IJNSA Journal
 
RSA Algorithem and information about rsa
RSA Algorithem and information about rsaRSA Algorithem and information about rsa
RSA Algorithem and information about rsa
Mohsin Ali
 
Ch34508510
Ch34508510Ch34508510
Ch34508510
IJERA Editor
 
Achieving data integrity by forming the digital signature using RSA and SHA-1...
Achieving data integrity by forming the digital signature using RSA and SHA-1...Achieving data integrity by forming the digital signature using RSA and SHA-1...
Achieving data integrity by forming the digital signature using RSA and SHA-1...
IOSR Journals
 
CRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfCRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdf
BhuvanaR13
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography
Durgesh Malviya
 
RSA 32-bit Implementation Technique
RSA 32-bit Implementation TechniqueRSA 32-bit Implementation Technique
RSA 32-bit Implementation Technique
Universitas Pembangunan Panca Budi
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
Pavithra renu
 
Cryptography
CryptographyCryptography
Cryptography
amiable_indian
 
PUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptPUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.ppt
RizwanBasha12
 
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
International Journal of Science and Research (IJSR)
 
Data Security With Colors Using Rsa
Data Security With Colors Using RsaData Security With Colors Using Rsa
Data Security With Colors Using Rsa
IJERA Editor
 
Elementry Cryptography
Elementry CryptographyElementry Cryptography
Elementry Cryptography
Tata Consultancy Services
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa Crptosystem
Amlan Patel
 
Computer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowComputer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU Lucknow
Brijesh Vishwakarma
 
Encryption
EncryptionEncryption
Encryption
Naiyan Noor
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
Uttara University
 
Email Encryption using Tri-Cryptosystem Based on Android
Email Encryption using Tri-Cryptosystem Based on AndroidEmail Encryption using Tri-Cryptosystem Based on Android
Email Encryption using Tri-Cryptosystem Based on Android
IRJET Journal
 
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
IJECEIAES
 
Review on variants of Security aware AODV
Review on variants of Security aware AODVReview on variants of Security aware AODV
Review on variants of Security aware AODV
ijsrd.com
 
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEYMETHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
IJNSA Journal
 
RSA Algorithem and information about rsa
RSA Algorithem and information about rsaRSA Algorithem and information about rsa
RSA Algorithem and information about rsa
Mohsin Ali
 
Ch34508510
Ch34508510Ch34508510
Ch34508510
IJERA Editor
 
Achieving data integrity by forming the digital signature using RSA and SHA-1...
Achieving data integrity by forming the digital signature using RSA and SHA-1...Achieving data integrity by forming the digital signature using RSA and SHA-1...
Achieving data integrity by forming the digital signature using RSA and SHA-1...
IOSR Journals
 
CRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfCRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdf
BhuvanaR13
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography
Durgesh Malviya
 
RSA 32-bit Implementation Technique
RSA 32-bit Implementation TechniqueRSA 32-bit Implementation Technique
RSA 32-bit Implementation Technique
Universitas Pembangunan Panca Budi
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
Pavithra renu
 
Cryptography
CryptographyCryptography
Cryptography
amiable_indian
 
PUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptPUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.ppt
RizwanBasha12
 
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
International Journal of Science and Research (IJSR)
 
Data Security With Colors Using Rsa
Data Security With Colors Using RsaData Security With Colors Using Rsa
Data Security With Colors Using Rsa
IJERA Editor
 
Elementry Cryptography
Elementry CryptographyElementry Cryptography
Elementry Cryptography
Tata Consultancy Services
 
Ad

More from Chandan Gupta Bhagat (20)

Unit 3 - URLs and URIs
Unit 3 - URLs and URIsUnit 3 - URLs and URIs
Unit 3 - URLs and URIs
Chandan Gupta Bhagat
 
Unit 2 : Internet Address
Unit 2 : Internet AddressUnit 2 : Internet Address
Unit 2 : Internet Address
Chandan Gupta Bhagat
 
Unit 6 : Application Layer
Unit 6 : Application LayerUnit 6 : Application Layer
Unit 6 : Application Layer
Chandan Gupta Bhagat
 
Unit 5 : Transport Layer
Unit 5 : Transport LayerUnit 5 : Transport Layer
Unit 5 : Transport Layer
Chandan Gupta Bhagat
 
Unit 4 - Network Layer
Unit 4 - Network LayerUnit 4 - Network Layer
Unit 4 - Network Layer
Chandan Gupta Bhagat
 
Unit 3 - Data Link Layer - Part B
Unit 3 - Data Link Layer - Part BUnit 3 - Data Link Layer - Part B
Unit 3 - Data Link Layer - Part B
Chandan Gupta Bhagat
 
Unit 3 - Data Link Layer - Part A
Unit 3 - Data Link Layer - Part AUnit 3 - Data Link Layer - Part A
Unit 3 - Data Link Layer - Part A
Chandan Gupta Bhagat
 
Computer Network - Unit 2
Computer Network - Unit 2Computer Network - Unit 2
Computer Network - Unit 2
Chandan Gupta Bhagat
 
Computer Network - Unit 1
Computer Network - Unit 1Computer Network - Unit 1
Computer Network - Unit 1
Chandan Gupta Bhagat
 
ASP.NET
ASP.NETASP.NET
ASP.NET
Chandan Gupta Bhagat
 
Efficient Docker Image | MS Build Kathmandu
Efficient Docker Image | MS Build KathmanduEfficient Docker Image | MS Build Kathmandu
Efficient Docker Image | MS Build Kathmandu
Chandan Gupta Bhagat
 
Better Understanding OOP using C#
Better Understanding OOP using C#Better Understanding OOP using C#
Better Understanding OOP using C#
Chandan Gupta Bhagat
 
Parytak sahayatri
Parytak sahayatriParytak sahayatri
Parytak sahayatri
Chandan Gupta Bhagat
 
Developing windows 8 apps
Developing windows 8 appsDeveloping windows 8 apps
Developing windows 8 apps
Chandan Gupta Bhagat
 
Digilog
DigilogDigilog
Digilog
Chandan Gupta Bhagat
 
IOE assessment marks and attendance system
IOE assessment marks and attendance systemIOE assessment marks and attendance system
IOE assessment marks and attendance system
Chandan Gupta Bhagat
 
BLOGGING
BLOGGINGBLOGGING
BLOGGING
Chandan Gupta Bhagat
 
Oblique parallel projection
Oblique parallel projectionOblique parallel projection
Oblique parallel projection
Chandan Gupta Bhagat
 
Brainstorming session
Brainstorming sessionBrainstorming session
Brainstorming session
Chandan Gupta Bhagat
 
Presentation of 3rd Semester C++ Project
Presentation of 3rd Semester C++ ProjectPresentation of 3rd Semester C++ Project
Presentation of 3rd Semester C++ Project
Chandan Gupta Bhagat
 
Unit 3 - URLs and URIs
Unit 3 - URLs and URIsUnit 3 - URLs and URIs
Unit 3 - URLs and URIs
Chandan Gupta Bhagat
 
Unit 2 : Internet Address
Unit 2 : Internet AddressUnit 2 : Internet Address
Unit 2 : Internet Address
Chandan Gupta Bhagat
 
Unit 6 : Application Layer
Unit 6 : Application LayerUnit 6 : Application Layer
Unit 6 : Application Layer
Chandan Gupta Bhagat
 
Unit 5 : Transport Layer
Unit 5 : Transport LayerUnit 5 : Transport Layer
Unit 5 : Transport Layer
Chandan Gupta Bhagat
 
Unit 4 - Network Layer
Unit 4 - Network LayerUnit 4 - Network Layer
Unit 4 - Network Layer
Chandan Gupta Bhagat
 
Unit 3 - Data Link Layer - Part B
Unit 3 - Data Link Layer - Part BUnit 3 - Data Link Layer - Part B
Unit 3 - Data Link Layer - Part B
Chandan Gupta Bhagat
 
Unit 3 - Data Link Layer - Part A
Unit 3 - Data Link Layer - Part AUnit 3 - Data Link Layer - Part A
Unit 3 - Data Link Layer - Part A
Chandan Gupta Bhagat
 
Computer Network - Unit 2
Computer Network - Unit 2Computer Network - Unit 2
Computer Network - Unit 2
Chandan Gupta Bhagat
 
Computer Network - Unit 1
Computer Network - Unit 1Computer Network - Unit 1
Computer Network - Unit 1
Chandan Gupta Bhagat
 
ASP.NET
ASP.NETASP.NET
ASP.NET
Chandan Gupta Bhagat
 
Efficient Docker Image | MS Build Kathmandu
Efficient Docker Image | MS Build KathmanduEfficient Docker Image | MS Build Kathmandu
Efficient Docker Image | MS Build Kathmandu
Chandan Gupta Bhagat
 
Better Understanding OOP using C#
Better Understanding OOP using C#Better Understanding OOP using C#
Better Understanding OOP using C#
Chandan Gupta Bhagat
 
Parytak sahayatri
Parytak sahayatriParytak sahayatri
Parytak sahayatri
Chandan Gupta Bhagat
 
Developing windows 8 apps
Developing windows 8 appsDeveloping windows 8 apps
Developing windows 8 apps
Chandan Gupta Bhagat
 
Digilog
DigilogDigilog
Digilog
Chandan Gupta Bhagat
 
IOE assessment marks and attendance system
IOE assessment marks and attendance systemIOE assessment marks and attendance system
IOE assessment marks and attendance system
Chandan Gupta Bhagat
 
BLOGGING
BLOGGINGBLOGGING
BLOGGING
Chandan Gupta Bhagat
 
Oblique parallel projection
Oblique parallel projectionOblique parallel projection
Oblique parallel projection
Chandan Gupta Bhagat
 
Brainstorming session
Brainstorming sessionBrainstorming session
Brainstorming session
Chandan Gupta Bhagat
 
Presentation of 3rd Semester C++ Project
Presentation of 3rd Semester C++ ProjectPresentation of 3rd Semester C++ Project
Presentation of 3rd Semester C++ Project
Chandan Gupta Bhagat
 
Ad

Recently uploaded (20)

Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025
Mebane Rash
 
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptxSCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
Ronisha Das
 
Phoenix – A Collaborative Renewal of Children’s and Young People’s Services C...
Phoenix – A Collaborative Renewal of Children’s and Young People’s Services C...Phoenix – A Collaborative Renewal of Children’s and Young People’s Services C...
Phoenix – A Collaborative Renewal of Children’s and Young People’s Services C...
Library Association of Ireland
 
Geography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjectsGeography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjects
ProfDrShaikhImran
 
To study Digestive system of insect.pptx
To study Digestive system of insect.pptxTo study Digestive system of insect.pptx
To study Digestive system of insect.pptx
Arshad Shaikh
 
New Microsoft PowerPoint Presentation.pptx
New Microsoft PowerPoint Presentation.pptxNew Microsoft PowerPoint Presentation.pptx
New Microsoft PowerPoint Presentation.pptx
milanasargsyan5
 
apa-style-referencing-visual-guide-2025.pdf
apa-style-referencing-visual-guide-2025.pdfapa-style-referencing-visual-guide-2025.pdf
apa-style-referencing-visual-guide-2025.pdf
Ishika Ghosh
 
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulsepulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
sushreesangita003
 
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACYUNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
DR.PRISCILLA MARY J
 
How to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odooHow to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odoo
Celine George
 
Exploring-Substances-Acidic-Basic-and-Neutral.pdf
Exploring-Substances-Acidic-Basic-and-Neutral.pdfExploring-Substances-Acidic-Basic-and-Neutral.pdf
Exploring-Substances-Acidic-Basic-and-Neutral.pdf
Sandeep Swamy
 
Quality Contril Analysis of Containers.pdf
Quality Contril Analysis of Containers.pdfQuality Contril Analysis of Containers.pdf
Quality Contril Analysis of Containers.pdf
Dr. Bindiya Chauhan
 
To study the nervous system of insect.pptx
To study the nervous system of insect.pptxTo study the nervous system of insect.pptx
To study the nervous system of insect.pptx
Arshad Shaikh
 
Introduction to Vibe Coding and Vibe Engineering
Introduction to Vibe Coding and Vibe EngineeringIntroduction to Vibe Coding and Vibe Engineering
Introduction to Vibe Coding and Vibe Engineering
Damian T. Gordon
 
Metamorphosis: Life's Transformative Journey
Metamorphosis: Life's Transformative JourneyMetamorphosis: Life's Transformative Journey
Metamorphosis: Life's Transformative Journey
Arshad Shaikh
 
P-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 finalP-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 final
bs22n2s
 
Social Problem-Unemployment .pptx notes for Physiotherapy Students
Social Problem-Unemployment .pptx notes for Physiotherapy StudentsSocial Problem-Unemployment .pptx notes for Physiotherapy Students
Social Problem-Unemployment .pptx notes for Physiotherapy Students
DrNidhiAgarwal
 
The ever evoilving world of science /7th class science curiosity /samyans aca...
The ever evoilving world of science /7th class science curiosity /samyans aca...The ever evoilving world of science /7th class science curiosity /samyans aca...
The ever evoilving world of science /7th class science curiosity /samyans aca...
Sandeep Swamy
 
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
larencebapu132
 
2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx
contactwilliamm2546
 
Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025
Mebane Rash
 
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptxSCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
Ronisha Das
 
Phoenix – A Collaborative Renewal of Children’s and Young People’s Services C...
Phoenix – A Collaborative Renewal of Children’s and Young People’s Services C...Phoenix – A Collaborative Renewal of Children’s and Young People’s Services C...
Phoenix – A Collaborative Renewal of Children’s and Young People’s Services C...
Library Association of Ireland
 
Geography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjectsGeography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjects
ProfDrShaikhImran
 
To study Digestive system of insect.pptx
To study Digestive system of insect.pptxTo study Digestive system of insect.pptx
To study Digestive system of insect.pptx
Arshad Shaikh
 
New Microsoft PowerPoint Presentation.pptx
New Microsoft PowerPoint Presentation.pptxNew Microsoft PowerPoint Presentation.pptx
New Microsoft PowerPoint Presentation.pptx
milanasargsyan5
 
apa-style-referencing-visual-guide-2025.pdf
apa-style-referencing-visual-guide-2025.pdfapa-style-referencing-visual-guide-2025.pdf
apa-style-referencing-visual-guide-2025.pdf
Ishika Ghosh
 
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulsepulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
sushreesangita003
 
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACYUNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
DR.PRISCILLA MARY J
 
How to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odooHow to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odoo
Celine George
 
Exploring-Substances-Acidic-Basic-and-Neutral.pdf
Exploring-Substances-Acidic-Basic-and-Neutral.pdfExploring-Substances-Acidic-Basic-and-Neutral.pdf
Exploring-Substances-Acidic-Basic-and-Neutral.pdf
Sandeep Swamy
 
Quality Contril Analysis of Containers.pdf
Quality Contril Analysis of Containers.pdfQuality Contril Analysis of Containers.pdf
Quality Contril Analysis of Containers.pdf
Dr. Bindiya Chauhan
 
To study the nervous system of insect.pptx
To study the nervous system of insect.pptxTo study the nervous system of insect.pptx
To study the nervous system of insect.pptx
Arshad Shaikh
 
Introduction to Vibe Coding and Vibe Engineering
Introduction to Vibe Coding and Vibe EngineeringIntroduction to Vibe Coding and Vibe Engineering
Introduction to Vibe Coding and Vibe Engineering
Damian T. Gordon
 
Metamorphosis: Life's Transformative Journey
Metamorphosis: Life's Transformative JourneyMetamorphosis: Life's Transformative Journey
Metamorphosis: Life's Transformative Journey
Arshad Shaikh
 
P-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 finalP-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 final
bs22n2s
 
Social Problem-Unemployment .pptx notes for Physiotherapy Students
Social Problem-Unemployment .pptx notes for Physiotherapy StudentsSocial Problem-Unemployment .pptx notes for Physiotherapy Students
Social Problem-Unemployment .pptx notes for Physiotherapy Students
DrNidhiAgarwal
 
The ever evoilving world of science /7th class science curiosity /samyans aca...
The ever evoilving world of science /7th class science curiosity /samyans aca...The ever evoilving world of science /7th class science curiosity /samyans aca...
The ever evoilving world of science /7th class science curiosity /samyans aca...
Sandeep Swamy
 
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
larencebapu132
 
2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx2541William_McCollough_DigitalDetox.docx
2541William_McCollough_DigitalDetox.docx
contactwilliamm2546
 

Unit 7 : Network Security

  • 1. Unit 7 : Network Security Chandan Gupta Bhagat https://chandanbhagat.com.np/me
  • 2. Network Security  A Model for Network Security  Principles of cryptography: Symmetric Key and Public Key  Public Key Algorithm - RSA  Digital Signature Algorithm  Communication Security: IPSec, VPN, Firewalls, Wireless Security
  • 3. A Model for Network Security
  • 4. A Model for Network Security  A security-related transformation on the information to be sent. Examples include the encryption of the message, which scrambles the message so that it is unreadable by the opponent, and the addition of a code based on the contents of the message, which can be used to verify the identity of the sender. Model For Network Security
  • 5. A Model for Network Security  Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An example is an encryption key used in conjunction with the transformation to scramble the message before transmission and unscramble it on reception.  A trusted third party may be needed to achieve secure transmission. For example, a third party may be responsible for distributing the secret information to the two principals while keeping it from any opponent. Or a third party may be needed to arbitrate disputes between the two principals concerning the authenticity of a message transmission.
  • 6. A Model for Network Security  A general model shows that there are four basic tasks in designing a particular security service:  Design an algorithm for performing the security-related transformation. The algorithm should be such that an opponent cannot defeat its purpose.  Generate the secret information to be used with the algorithm.  Develop methods for the distribution and sharing of the secret information.  Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret information to achieve a particular security service.
  • 7. A Model for Network Security  A general model of these other situations which reflects a concern for protecting an information system from unwanted access.  Most readers are familiar with the concerns caused by the existence of hackers, who attempt to penetrate systems that can be accessed over a network.  The hacker can be someone who, with no malign intent, simply gets satisfaction from breaking and entering a computer system.  The intruder can be a disgruntled employee who wishes to do damage or a criminal who seeks to exploit computer assets for financial gain (e.g., obtaining credit card numbers or performing illegal money transfers).
  • 8. A Model for Network Security  Programs can present two kinds of threats:-  Information access threats: Intercept or modify data on behalf of users who should not have access to that data.  Service threats: Exploit service flaws in computers to inhibit use by legitimate users.  The security mechanisms needed to cope with unwanted access fall into two broad categories.  The first category might be termed a gatekeeper function. It includes password-based login procedures that are designed to deny access to all but authorized users and screening logic that is designed to detect and reject worms, viruses, and other similar attacks.  Once either an unwanted user or unwanted software gains access, the second line of defense consists of a variety of internal controls that monitor activity and analyze stored information in an attempt to detect the presence of unwanted intruders.
  • 10. Symmetrical Encryption  This is the simplest kind of encryption that involves only one secret key to cipher and decipher information.  Symmetrical encryption is an old and best-known technique.  It uses a secret key that can either be a number, a word or a string of random letters.  It is a blended with the plain text of a message to change the content in a particular way.  The sender and the recipient should know the secret key that is used to encrypt and decrypt all the messages. AES, DES, RC5, and RC6 are examples of symmetric encryption.  The most widely used symmetric algorithm is AES-128, AES-192, and AES-256.  The main disadvantage of the symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it.
  • 12. Asymmetrical Encryption  Asymmetrical encryption is also known as public key cryptography, which is a relatively new method, compared to symmetric encryption.  Asymmetric encryption uses two keys to encrypt a plain text.  Secret keys are exchanged over the Internet or a large network.  It ensures that malicious persons do not misuse the keys.  It is important to note that anyone with a secret key can decrypt the message and this is why asymmetrical encryption uses two related keys to boosting security.  A public key is made freely available to anyone who might want to send you a message. The second private key is kept a secret so that you can only know.  A message that is encrypted using a public key can only be decrypted using a private key, while also, a message encrypted using a private key can be decrypted using a public key.  Security of the public key is not required because it is publicly available and can be passed over the internet. Asymmetric key has a far better power in ensuring the security of information transmitted during communication.  Asymmetric encryption is mostly used in day-to-day communication channels, especially over the Internet.  Popular asymmetric key encryption algorithm includes RSA, DSA etc
  • 14. Symmetric Vs Asymmetric Encryption Characteristics Symmertic Asymmetric Key Same Key Different keys are used for Encryption and Decryption Speed Very Fast Slower Size Same or less than original text More than original text Known Keys Both parties should know the keys Either one of the keys is known by 2 parties Usage Confidentiality Confidentiality, Digital Signatures
  • 16. RSA  RSA algorithm is a public key encryption technique and is considered as the most secure way of encryption. It was invented by Rivest, Shamir and Adleman in year 1978 and hence name RSA algorithm. Algorithm  The RSA algorithm holds the following features −  RSA algorithm is a popular exponentiation in a finite field over integers including prime numbers.  The integers used by this method are sufficiently large making it difficult to solve.  There are two sets of keys in this algorithm: private key and public key.  You will have to go through the following steps to work on RSA algorithm  Generate the RSA Modulus  Derived Number (e)  Public Key  Private Key
  • 17. RSA • The initial procedure begins with selection of two prime numbers namely p and q, and then calculating their product N, as shown: • N=p*q • Here, let N be the specified large number. Step 1: Generate the RSA modulus • Consider number e as a derived number which should be greater than 1 and less than (p-1) and (q-1). • The primary condition will be that there should be no common factor of (p-1) and (q-1) except 1 Step 2: Derived Number (e)
  • 18. RSA • The specified pair of numbers n and e forms the RSA public key and it is made public. Step 3: Public key • Private Key d is calculated from the numbers p, q and e. The mathematical relationship between the numbers is as follows − • ed = 1 mod (p-1) (q-1) • The above formula is the basic formula for Extended Euclidean Algorithm, which takes p and q as the input parameters. Step 4: Private Key
  • 19. RSA Encryption Formula Consider a sender who sends the plain text message to someone whose public key is (n,e). To encrypt the plain text message in the given scenario, use the following syntax: C = Pe mod n Decryption Formula The decryption process is very straightforward and includes analytics for calculation in a systematic approach. Considering receiver C has the private key d, the result modulus will be calculated as: Plaintext = Cd mod n
  • 20. RSA : Example  Generating Public Key  Select 2 prime numbers (p=53 and Q=59)  First part of public key n=p*q=3127  We need a small exponent e  Integer  Not a factor of n  1<e<φ(n)  Let us consider it to be 3  Generating Private key  We need to calculate φ(n)  Φ(n)=(p-1)(q-1) = 3016  Private key d = 𝑘×φ 𝑛 +1 𝑒 for some integer k  For k=2 d=2011 We have Public key n=3127 and e=3 Private key d=2011
  • 21. RSA  Lets Encrypt “HI”  Convert the letters to numbers H=>8 and I=>9  Encrypted Data c=89e mod n  Encrypted Data comes to be 1394  Lets Decrypt 1394  Decrypted Data = cd mod n  Decrypted data comes out to be 89  8=>H and 9=>I = “HI” Public key n=3127 and e=3 Private key d=2011
  • 23. Digital Signature Algorithm  Digital signatures are the public-key primitives of message authentication. In the physical world, it is common to use handwritten signatures on handwritten or typed messages. They are used to bind signatory to the message.  Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding can be independently verified by receiver as well as any third party.  Digital signature is a cryptographic value that is calculated from the data and a secret key known only by the signer.
  • 24. Digital Signature Model Signer Verifier Data Hashing Function Hash Signature Algortihm Data Signature Signer’s Private Key Hashing Function Verification Algorithm Signer’s Public Key Equal Hash
  • 25. Importance of Digital Signature  Message authentication : When the verifier validates the digital signature using public key of a sender, he is assured that signature has been created only by sender who possess the corresponding secret private key and no one else.  Data Integrity : In case an attacker has access to the data and modifies it, the digital signature verification at receiver end fails. The hash of modified data and the output provided by the verification algorithm will not match. Hence, receiver can safely deny the message assuming that data integrity has been breached.  Non-repudiation : Since it is assumed that only the signer has the knowledge of the signature key, he can only create unique signature on a given data. Thus, the receiver can present data and the digital signature to a third party as evidence if any dispute arises in the future. By adding public-key encryption to digital signature scheme, we can create a cryptosystem that can provide the four essential elements of security namely − Privacy, Authentication, Integrity, and Non- repudiation.
  • 26. Encryption with Digital Signature  There are two possibilities  sign-then-encrypt  encrypt-then-sign  However, the crypto system based on sign-then-encrypt can be exploited by receiver to spoof identity of sender and sent that data to third party. Hence, this method is not preferred. The process of encrypt-then-sign is more reliable and widely adopted. This is depicted in the following illustration The receiver after receiving the encrypted data and signature on it, first verifies the signature using sender’s public key. After ensuring the validity of the signature, he then retrieves the data through decryption using his private key. Sender’s Side Encryption using Receiver’s Public Key Hashing Function Digital Signature with Sender’s Public Key Hash Data Encrypted Data + Digital Signature
  • 27. Advantages of Digital Signature  Along with having strong strength levels, the length of the signature is smaller as compared to other digital signature standards.  The signature computation speed is less.  DSA requires less storage to work as compared to other digital standards.  DSA is patent free so it can be used free of cost. Disadvantages of Digital Signature Algorithm  It requires a lot of time to authenticate as the verification process includes complicated remainder operators. It requires a lot of time for computation.  Data in DSA is not encrypted. We can only authenticate data in this.  The digital signature algorithm firstly computes with SHA1 hash and signs it. Any drawbacks in cryptographic security of SHA1 are reflected in DSA because implicitly of DSA is dependent on it.  With applications in both secret and non-secret communications, DSA is of the US National Standard.
  • 29. IP Security (IPSec)  Internet protocol security (IPsec) is a set of protocols that provides security for Internet Protocol. It can use cryptography to provide security. IPsec can be used for the setting up of virtual private networks (VPNs) in a secure manner.Also known as IP Security.  IPsec involves two security services:  Authentication Header (AH): This authenticates the sender and it discovers any changes in data during transmission.  Encapsulating Security Payload (ESP): This not only performs authentication for the sender but also encrypts the data being sent.  There are two modes of IPsec:  Tunnel Mode: This will take the whole IP packet to form secure communication between two places, or gateways.  Transport Mode: This only encapsulates the IP payload (not the entire IP packet as in tunnel mode) to ensure a secure channel of communication.
  • 30. IP Security (IPSec)  The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets. The protocols needed for secure key exchange and key management are defined in it. Uses of IP Security  IPsec can be used to do the following things:  To encrypt application layer data.  To provide security for routers sending routing data across the public internet.  To provide authentication without encryption, like to authenticate that the data originates from a known sender.  To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
  • 31. IP Security (IPSec) Components of IP Security  Encapsulating Security Payload (ESP) : It provides data integrity, encryption, authentication and anti replay. It also provides authentication for payload.  Authentication Header (AH) : It also provides data integrity, authentication and anti replay and it does not provide encryption. The anti replay protection, protects against unauthorized transmission of packets. It does not protect data’s confidentiality. IP HDR AH TCP Data
  • 32. IPSec : Internet Key Exchange (IKE)  It is a network security protocol designed to dynamically exchange encryption keys and find a way over Security Association (SA) between 2 devices.  The Security Association (SA) establishes shared security attributes between 2 network entities to support secure communication.  The Key Management Protocol (ISAKMP) and Internet Security Association which provides a framework for authentication and key exchange.  ISAKMP tells how the set up of the Security Associations (SAs) and how direct connections between two hosts that are using IPsec.  Internet Key Exchange (IKE) provides message content protection and also an open frame for implementing standard algorithms such as SHA and MD5.  The algorithm’s IP sec users produces a unique identifier for each packet. This identifier then allows a device to determine whether a packet has been correct or not.  Packets which are not authorized are discarded and not given to receiver.
  • 33. IP Security (IPSec)  IPsec provides the following security services for traffic at the IP layer:  Data origin authentication : identifying who sent the data.  Confidentiality (encryption) : ensuring that the data has not been read en route.  Connectionless integrity : ensuring the data has not been changed en route.  Replay protection : detecting packets received more than once to help protect against denial of service attacks. IP HDR TCP Data Original Packet ESP HDR Data ESP Trailer IP HDR TCP ESP Authentic ation Encryption Authentication
  • 34. IP Security (IPSec) Applications of IPSec  As we all know to help in the security of a network the Internet community has done lot of work and developed application-specific security mechanisms in numerous application areas, including electronic mail (Privacy Enhanced Mail, Pretty Good Privacy [PGP]), network management (Simple Network Management Protocol Version 3[SNMPv3]), Web access (Secure HTTP, Secure Sockets Layer [SSL]), and others. Benefits of IPSec  When IPSec is implemented in a firewall or router, it provides strong security whose application is to all traffic crossing this perimeter. Traffic within a company or workgroup does not incur the overhead of securityrelated processing.  IPSec is below the transport layer (TCP, UDP), and is thus transparent to applications. There is no need to change software on a user or server system when IPSec is implemented in the firewall or router.  Even if IPSec is implemented in end systems, upper layer software, including applications is not affected. IPSec can be transparent to end users.
  • 35. VPN  VPN stands for Virtual Private Network (VPN) that allows a user to connect to a private network over the Internet securely and privately.  VPN creates an encrypted connection that is called VPN tunnel and all Internet traffic and communication is passed through this secure tunnel. Types  Remote Access VPN: Remote Access VPN permits a user to connect to a private network and access all its services and resources remotely. The connection between the user and the private network occurs through the Internet and the connection is secure and private. Remote Access VPN is useful for home users and business users both.  Site to Site VPN: A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large companies. Companies or organizations, with branch offices in different locations, use Site-to-site VPN to connect the network of one office location to the network at another office location.  Intranet based VPN: When several offices of the same company are connected using Site-to-Site VPN type, it is called as Intranet based VPN.  Extranet based VPN: When companies use Site-to-site VPN type to connect to the office of another company, it is called as Extranet based VPN.
  • 36. Types of VPN Protocols  Internet Protocol Security (IPSec): Internet Protocol Security, known as IPSec, is used to secure Internet communication across an IP network. IPSec secures Internet Protocol communication by verifying the session and encrypts each data packet during the connection. IPSec runs in 2 modes:  Transport mode  Tunneling mode The work of transport mode is to encrypt the message in the data packet and the tunneling mode encrypts the whole data packet. IPSec can also be used with other security protocols to improve the security system.  Layer 2 Tunneling Protocol (L2TP): L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined with another VPN security protocol like IPSec to establish a highly secure VPN connection. L2TP generates a tunnel between two L2TP connection points and IPSec protocol encrypts the data and maintains secure communication between the tunnel.  Point–to–Point Tunneling Protocol (PPTP): PPTP or Point-to-Point Tunneling Protocol generates a tunnel and confines the data packet. Point- toPoint Protocol (PPP) is used to encrypt the data between the connection. PPTP is one of the most widely used VPN protocol and has been in use since the early release of Windows. PPTP is also used on Mac and Linux apart from Windows.
  • 37. Types of VPN Protocols  SSL and TLS: SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN connection where the web browser acts as the client and user access is prohibited to specific applications instead of entire network. Online shopping websites commonly uses SSL and TLS protocol. It is easy to switch to SSL by web browsers and with almost no action required from the user as web browsers come integrated with SSL and TLS. SSL connections have “https” in the initial of the URL instead of “http”.  OpenVPN: OpenVPN is an open source VPN that is commonly used for creating Point-to-Point and Site-to-Site connections. It uses a traditional security protocol based on SSL and TLS protocol.  Secure Shell (SSH): Secure Shell or SSH generates the VPN tunnel through which the data transfer occurs and also ensures that the tunnel is encrypted. SSH connections are generated by a SSH client and data is transferred from a local port on to the remote server through the encrypted tunnel.
  • 38. Firewall  A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.  Accept : allow the traffic  Reject : block the traffic but reply with an “unreachable error”  Drop : block the traffic with no reply  A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the Internet.  A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.
  • 40. Firewall  Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are rules that determine whether network access should be granted or denied to specific IP address.  But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.  Connectivity to the Internet is no longer optional for organizations.  However, accessing the Internet provides benefits to the organization; it also enables the outside world to interact with the internal network of the organization.  This creates a threat to the organization. In order to secure the internal network from unauthorized traffic, we need a Firewall.
  • 41. How does Firewall Work?  Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming from unsecured or suspicious sources to prevent attacks.  Firewalls guard traffic at a computer’s entry point, called ports, which is where information is exchanged with external devices. For example, “Source address 172.18.1.1 is allowed to reach destination 172.18.2.1 over port 22."  Think of IP addresses as houses, and port numbers as rooms within the house. Only trusted people (source addresses) are allowed to enter the house (destination address) at all—then it’s further filtered so that people within the house are only allowed to access certain rooms (destination ports), depending on if they're the owner, a child, or a guest. The owner is allowed to any room (any port), while children and guests are allowed into a certain set of rooms (specific ports).
  • 42. Types of Firewall  Host- based Firewalls : Host-based firewall is installed on each network node which controls each incoming and outgoing packet. It is a software application or suite of applications, comes as a part of the operating system. Host-based firewalls are needed because network firewalls cannot provide protection inside a trusted network. Host firewall protects each host from attacks and unauthorized access.  Network-based Firewalls : Network firewall function on network level. In other words, these firewalls filter all incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic using rules defined on the firewall. A Network firewall might have two or more network interface cards (NICs). A network-based firewall is usually a dedicated system with proprietary software installed. Generation of Firewall Firewalls can be categorized based on its generation
  • 43. Types of Firewall  First Generation- Packet Filtering Firewall : Packet filtering firewall is used to control network access by monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers).  Incoming packets from network 192.168.21.0 are blocked.  Incoming packets destined for internal TELNET server (port 23) are blocked.  Incoming packets destined for host 192.168.21.3 are blocked.  All well-known services to the network 192.168.21.0 are allowed.  Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient.  Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when certain application and protocols (like HTTP, FTP) are being misused.  Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed these days to stop modern security breaches like advance malware attacks and application-layer attacks.
  • 44. Wireless Security  Like the system's security and data security, keeping a sound knowledge about different wireless security measures is also essential to know for security professionals. It is because different wireless security mechanisms have a different level of strength and capabilities.  There are automated wireless hacking tools available that have made cybercriminals more powerful. List of some of these tools are:  AirCrack.  AirSnort.  Cain & Able.  Wireshark.  NetStumbler etc.  Different various techniques of hacking include remote accessing, shoulder surfing, wireless router's dashboard accessing, and brute-forcing attack that are used to penetrate wireless security.
  • 45. What is Wireless Security?  Wireless security revolves around the concept of securing the wireless network from malicious attempts and unauthorized access.  The wireless security can be delivered through different ways such as:  Hardware-based: where routers and switches are fabricated with encryption measures protects all wireless communication. So, in this case, even if the data gets compromised by the cybercriminal, they will not be able to decrypt the data or view the traffic's content.  Wireless setup of IDS and IPS: helps in detecting, alerting, and preventing wireless networks and sends an alarm to the network administrator in case of any security breach.  Wireless security algorithms: such as WEP, WPA, WPA2, and WPA3. These are discussed in the subsequent paragraphs.
  • 46. Wired Equivalent Privacy (WEP)  Wired Equivalent Privacy (WEP) is the oldest security algorithm of 1999.  It uses the initialization vector (IV) method. The very first versions of the WEP algorithm were not predominantly strong enough, even for that time when it got released.  But the reason for this weak release was because of U.S. limits on the exporting of different cryptographic technologies, which led the manufacturing companies to restrict their devices to 64-bit encryption only.  As the limitation was withdrawn, the 128 bit and 256 bit WEP encryption were developed and came into the wireless security market, though 128 became the standard one.
  • 47. Wi-Fi Protected Access (WPA)  Wi-Fi Protected Access (WPA) was the next Wi-Fi Alliance's project that replaced the increasingly noticeable vulnerabilities of WEP standard.  WPA was officially adopted in the year 2003, one year before the retirement of WEP.  WPA's most common configuration is with WPA-PSK, which is abbreviated as Pre-Shared Key.  WPA uses 256-bit, which was a considerable enhancement above the 64-bit as well as 128-bit keys.
  • 48. Wi-Fi Protected Access II (WPA2)  Wi-Fi Protected Access II (WPA2) became official in the year 2006 after WPA got outdated.  It uses the AES algorithms as a necessary encryption component as well as uses CCMP (Counter Cipher Mode - Block Chaining Message Authentication Protocol) by replacing TKIP.
  • 49. Wi-Fi Protected Access 3 (WPA3)  Wi-Fi Protected Access 3 (WPA3) is the latest, and the third iteration of this family developed under Wi-Fi Alliance.  It has personal as well as enterprise security-support feature and uses 384-bit Hashed Message Authentication Mode, 256-bit Galois / Counter Mode Protocol (GCMP-256), as well as Broadcast/Multicast Integrity Protocol of 256-bit.  WPA3 also provides perfect forward secrecy mechanism support.