2. What is Network Security?
•securing the computer networks of the
organizations against various type of threats and
attacks
•measures taken to control and monitor network
resources and services running on the computer
network.
3. Types of Attacks:
•Interruption: Denying service to legitimate users.
These are attacks on system Availability.
•Interception: Unauthorized user gaining access to a
service. This is an attack on Confidentiality.
•Modification: Unauthorized access and tampering of
data. This is an attack on Integrity.
•Fabrication: This means creation of wrong or
counterfeit data. This is an attack on Authenticity.
4. Stages of an Attack
• Initial Information Gathering: eg: domain name of a company’s
website, name of machines, IP addresses and ranges etc.
• Network Probe: by pinging at the various systems to see which
systems are alive. a port scanning tool which can assess which ports
are unused in an organization’s server and to which ports connections
can be made.
• Gaining Unauthorized Access : attacker tries to gain root or
administrator access by guessing passwords and if he gets root access
he can install other softwares and services.
5. Continued…
• Capturing the Network: by installing various hacking tools in
the system. These tools further attack other systems in the
network.
• Grabbing/Destroying data: confidential information about
the organization including customer profiles, credit card nos.
and the attacker can easily destroy files or misuse the
information.
6. Different types of Attacks:
•IP Spoofing
•DoS Attacks
•Network Packet
Sniffers
•Password Attacks
•Man-in-the-
middle Attacks
7. Network Security – Intrusion Detection
Systems(IDS)
• hardware/software that monitors and analyses
computers and network activities for any event that
may suggest an intrusion by an unauthorized person
or an attacker.
• reports them in form of alerts in real-time for the
network administrators to take corrective action.
8.
9. Concepts of IDS
•Knowledge-Based IDS: uses previous knowledge about attacks
also known as signatures stored in databases to detect and
report current attempts of intrusion.
•Advantage : false alarm rates are low
•Disadvantage: require much more resources for database
storage.
•Behaviour-Based IDS: monitors the behaviour of users or
analyses user patterns in order to detect any anomaly(unusual
behaviour) to identify any intrusion. For example: the amount of
data currently being uploaded/downloaded in the network,
protocols being used etc.
• Advantage: new kind of vulnerability can be detected
• Disadvantage: high false alarm rate.
10. Virtual Private Networks(VPN)
• is a network of virtual channels or circuits that
provides a secure medium of sending data over public
or unsecured network like the Internet.
• allows a trusted network to communicate with
another trusted network over untrusted public
networks.
• used to extend the internal private network of an
organization to the external network or different
geographical locations.
11. VPN Protocols
• SSL Protocol: SSL stands for Secure Sockets Layer. It is a protocol that provides
confidentiality and authentication of data which is being sent through the
encrypted channel. This protocol mainly consists of three sub-protocols:
• Handshake Protocol: In this phase, both the client and server on either sides
first establish cryptographic capabilities and the key to be used for actual
encryption later on. This is done by using same algorithms on both sides.
Also the Server is authenticated using digital certificates and client
authentication is optional.
• Record protocol: In this sub-phase, the data is encrypted using the key
decided in the above phase and sent between the client and the Server.
• Alert protocol: In case of any error or any problem in transmission, both
sided can alert each other by special error messages.
12. IPSec Protocol:
Stands for Internet protocol Security and is a protocol that provides authentication,
confidentiality of data by encrypting the IP packets. It contains sub protocols:
• Internet Key Exchange Protocol: used for negotiating the keys and algorithms that
will be used later on in other sub protocols. Diffie-Hellman algorithm which is used
for key agreement between two parties for Symmetric cryptography.
• Authentication Header Protocol: This sub protocol works in two modes:
• Transport Mode: In this mode the IP packet which contains three parts: IP header,
TCP header and Data part – out of these the TCP header and Data parts are used for
creating a hash like authentication code using algorithms decided earlier and this is
known as the AH header. The AH header is inserted in between the IP header and
the TCP header. Used for Host-to-Host VPNs.
• Tunnel Mode: In tunnel mode a new IP header is created and the entire packet is
used for creating hash. In the final packet AH header is inserted in between the New
IP header and the Old IP header. The tunnel mode is used for Site-to-Site VPNs.
13. Continued:
• Encapsulating Security Payload Protocol: This sub protocol ensures
confidentiality by encrypting the contents of the packets received after AH
protocol has finished its job and a ESP header is added to the packet. The
packet is then sent through the communication channel. This sub protocol
works in two modes:
• Transport Mode: In this mode the IP packet which contains three parts-IP
header, TCP header and Data part – out of these the TCP header and Data
parts are encrypted using algorithms and key decided earlier and a new
header called the ESP header is inserted in between the IP header and the
TCP header. The Transport mode is used for Host-to-Host VPNs.
• Tunnel Mode: In tunnel mode a new IP header is created and the entire
packet is encrypted. In the final packet ESP header is inserted in between the
New IP header and the Old IP header. The tunnel mode is used for Site-to-
Site VPNs.