Chapter 4 Network Security in computer security

Getnet T. Email: getnet6202@gmail.com , College of Informatics , University of Gondar, January 11 , 2026
College of Informatics
Department of Computer Science
Computer Security (CoSc4035)
Chapter Four: Network Security
University of Gondar

Network Security
Objectives
By the end of this lesson, you will be able to:
• Explain fundamental concepts of network security
• Identify and analyze common network threats Compare and evaluate
security mechanisms at the application, transport, network, link, and
physical layers
• Demonstrate the use of network security protocols (e.g., TLS, IPsec,
HTTPS, secure email protocols)
• Identify WEP, WEP+, and WEP2 wireless network security
mechanisms
1
2
3
4

Network Security Basics
Threat on Networks
Network Security Protocols
Wireless Security
Contents
1
2
3
4
Network Security

Network Security Basics
1
Network Security

Network Security Basics Cont’d
1
Network Security

Threats on Network
2
 It’s any attempt by an individual or organization to
use computers or digital systems to steal, alter, expose,
disable, or destroy information, or to breach computer
systems, networks, or infrastructures
Network Security

Threats on Network Cont’d
2
Network Security

Network Security Protocols
3
Network Security

Network Security Protocols Cont’d
3
• How does ARP work?
– A computer that wants to access another computer for which it
knows its IP address broadcasts this address
– The owner responds by sending its Ethernet (MAC) address
Link Layer: ARP Spoofing
Network Security

3
• ARP Spoofing (also called ARP cache poisoning or ARP poison
routing) is a link layer attack
• It is a technique by which an attacker sends (spoofed) Address
Resolution Protocol (ARP) messages onto a local area network
• The aim is to associate the attacker's MAC address with the IP
address of another host, such as the default gateway, causing any
traffic meant for that IP address to be sent to the attacker
instead
• ARP spoofing may allow an attacker to intercept data frames on
a network, modify the traffic, or stop all traffic
• Often the attack is used as an opening for other attacks, such as
denial of service, man in the middle, or session hijacking attacks
Network Security

3
• How does it happen?
– Because ARP is a stateless protocol
– Hosts will automatically cache any ARP replies they
receive, regardless of whether they requested them. Even
ARP entries which have not yet expired will be
overwritten when a new ARP reply packet is received
– There is no method in the ARP protocol by which a host
can authenticate the peer from which the packet
originated
– This behavior is the vulnerability which allows ARP
spoofing to occur
Network Security

3
Network Layer Security: IPSec
 Internet Protocol Security (IPsec) provides for various
security services on the IP layer, in IPv4 as well as IPv6,
thus offering protection for protocols in the upper layers
 IPsec is typically used to secure communications between
hosts and security gateways
Network Security

 The set of security services that IPsec provides includes
 access control
 data integrity protection
 data origin authentication
 anti-replay protection
 confidentiality
 limited traffic flow confidentiality
3
Network Security

3
• Origin authentication (assures that a received packet was, in fact,
transmitted by the party identified as the source in the packet header and
the packet has not been altered in transit); IP-level authentication is
provided by inserting an Authentication Header (AH) into the packets
– AH also provides message integrity and anti-replay services
• Confidentiality (encrypts messages to prevent eavesdropping by third
parties); IP-level confidentiality is provided by inserting an Encapsulated
Security Payload (ESP) header into the packets.
• An ESP header can also do the job of the AH header in addition to
confidentiality
• Key management (concerned with the secure exchange of keys); Before
ESP can be used, it is necessary for the two ends of a communication link
to exchange the secret key that will be used for encryption.
• Similarly, AH needs an authentication key; Keys are exchanged with a
protocol called Internet Key Exchange (IKE)
• Note: the use of encryption always means the need for key management
Network Security

 TLS provides transport layer security for Internet
applications
 It provides for confidentiality and data integrity over a
connection between two end points
 TLS operates on a reliable transport, such as TCP, and is
itself layered into
 TLS Record Protocol
 TLS Handshake Protocol
3
Transport Layer Security (TLS)
Network Security

 Advantage of TLS
 applications can use it transparently to securely
communicate with each other
 TLS is visible to applications, making them aware of
the cipher suites and authentication certificates
negotiated during the set-up phases of a TLS session
3
Network Security

 TLS Record Protocol layers on top of a reliable
connection-oriented transport, such as TCP
 TLS Record Protocol
 provides data confidentiality using symmetric key
cryptography
 provides data integrity using a keyed message
authentication checksum (MAC)
 The keys are generated uniquely for each session based
on the security parameters agreed during the TLS
handshake
3
TLS Record Protocol
Network Security

 Basic operation of the TLS Record Protocol
1. read messages for transmit
2. fragment messages into manageable chunks of data
3. compress the data, if compression is required and
enabled
4. calculate a MAC
5. encrypt the data
6. transmit the resulting data to the peer
3
TLS Record Protocol
Network Security

 At the opposite end of the TLS connection, the basic
operation of the sender is replicated, but in the reverse
order
1. read received data from the peer
2. decrypt the data
3. verify the MAC
4. decompress the data, if compression is required and
enabled
5. reassemble the message fragments
6. deliver the message to upper protocol layers
3
TLS Record Protocol
Network Security

 TLS Handshake Protocol is layered on top of the TLS
Record Protocol
 TLS Handshake Protocol is used to
 authenticate the client and the server
 exchange cryptographic keys
 negotiate the used encryption and data integrity
algorithms before the applications start to
communicate with each other
3
TLS Handshake Protocol
Network Security

3
DNS Spoofing
• If the attacker has access to a name server it can modify it so that it gives
false information
e.g., redirecting www.ebay.com to map to own (attacker’s) IP address
• ƒ
The cache of a DNS name server can be poisoned with false information
using some simple techniques
Web Browsers as Threats
• ƒ
We obtain most of our browsers on-line
• ƒ
Potential problems that can come from malicious code within the browser
– ƒ
Inform the attacker of the activities of the user
– Inform the attacker of passwords typed in by the user
– ƒ
Downgrade browser security (e.g., reduce key length used in SSL)
Application Layer Security
Network Security

3
• E-mails transit through various servers before reaching
their destinations
• ƒ
By default, they are visible by anybody who has access
to the servers
• ƒ
SMTP protocol has security holes and operational
limitations
• ƒ
E-mail security can be improved using tools and
protocols like PGP and S/MIME
– ƒ
PGP: Pretty Good Privacy
– ƒ
S/MIME: Secure Multi-Purpose Internet Mail Extension
E-mail Security
Network Security

3
PGP
• ƒ
Philip R. Zimmerman is the creator of PGP
• ƒ
PGP is an open-source, freely available software package for e-mail security
• ƒ
There are several software implementations available as freeware for most
desktop operating systems
• PGP provides confidentiality and authentication services that can be used for
e-mail and file storage applications
• It provides authentication through the use of digital signature, confidentiality
through the use of symmetric encryption, compression using the ZIP
algorithm, and e-mail compatibility using the radix-64 (Base 64) encoding
scheme
• PGP incorporates tools for developing a public-key trust model and public-
key certificate management
E-mail Security
Network Security

3
S/MIME Functions
• S/MIME is a protocol used for encrypting or decrypting digitally signed E-
mails
• This means that users can digitally sign their emails as the owner(sender) of
the e-mail
• Emails could only be sent in NVT 7-bit format in the past, due to which
images, videos, or audio were not a part of e-mail attachments.
• Bell Communications launched the MIME standard protocol in 1991 to
increase the email's restricted functionality.
• S/MIME is an upgrade of MIME (Multipurpose Internet Mail Extensions).
Due to the limitations of MIME, S/MIME came into play.
• S/MIME is based on asymmetric cryptography which means that
communications can be encrypted or decrypted using a pair of related keys
namely public and private keys
E-mail Security
Network Security

3
• Advantages of S/MIME
o It offers verification.
o It offers integrity to the message.
o By the use of digital signatures, it facilitates non-repudiation of origin.
o It offers seclusion.
o Data security is ensured by the utilization of encryption.
o Transfer of data files like images, audio, videos, documents, etc. in a
secure manner
E-mail Security
Network Security

3
E-mail Security
Network Security
Feature PGP S/MIME
Design Primarily designed for
processing plain text.
Designed to process both emails
and multimedia files
cost Less expensive More expensive
Use case Suitable for personal and office
use
Primarily used in industrial
environment and large
organizations
Efficiency Less efficient More efficient
Key exchange Depends on user key exchange
(e.g., Web of Trust).
Relies on a hierarchically valid
certificate (PKI) for key exchange
Public Keys Typically supports up to 4096-
bit public keys.
Generally uses smaller 1024-bit
public keys
Used in VPNs Can be used in VPNs Primarily used for email services,
not in VPNs

Wireless Security
4
 WEP is a protocol that adds security to wireless local area networks (WLANs)
based on the 802.11 Wi-Fi standard
 It’s used to protect wireless communication from eavesdropping and to prevent
from unauthorized access to a wireless network
 The original implementation of WEP supported so-called 40-bit encryption,
having a key of length 40 bits and 24 additional bits (IVs) of system
generated data (64 bits total)
 40 bit WEP encryption is too easy to decode
 WEP relies on a secret key
 WEP uses the RC4 encryption algorithm, which is known as a stream cipher
 WEP has significant weaknesses, such as vulnerabilities to various hacking
methods, making it easy for attackers to break the encryption and access the
network. Because of these issues
 WEP has been largely replaced by more secure protocols like WPA and WPA2
Wireless Equivalent Privacy (WEP)
Network Security

Wireless Security
4
 Is also known as WEP+
 WEP+ enhances WEP security by avoiding weak IVs
 It is only completely effective when WEP+ is used at both ends of the wireless
connection.
 WPA use Temporal Key Integrity Protocol (TKIP) to addresses the encryption
weaknesses of WEP
 TKIP employs a per-packet key, which means that it dynamically generates a
new 128-bit key for each packet and thus prevents the types of attacks that
compromise WEP
 Key component of WPA is built-in authentication that WEP doesn’t offer
 WPA provides roughly comparable security to VPN tunneling with WEP, with
the benefit of easier administration and use
Wi-Fi Protected Access (WPA)
Network Security

Wireless Security
4
 One variation of WPA is called WPA pre shared key or WPA-PSK
 To use WPA-PSK, a person sets a static key or “passphrase” as with WEP
 By using TKIP, WPA-PSK automatically changes the keys at a present time
interval, making it much more difficult for hackers to find and exploit them
 WPA uses the RC4 cipher
 Keys are rotated frequently, and the packet counter prevents packet replay or
packet re injection attacks
Wi-Fi Protected Access (WPA)
Network Security

Wireless Security
4
 Wi-Fi protected access 2 (WPA2) gives wireless networks both confidentiality
and data integrity
 The layer 2-based WPA2 better protect the network
 WPA2 uses a new encryption method called CCMP (counter-mode with
CBC-MAC protocol)
 CCMP is based on advanced encryption standard (AES)
 Compared to the original Temporal Key Integrity Protocol (TKIP) used by
WPA, CCMP is more robust and dependable
 AES is stronger algorithm than RC4
Wi-Fi Protected Access 2 (WPA2)
Network Security

Network Security
Thank You

Chapter 4 Network Security in computer security

More Related Content

What's hot

Similar to Chapter 4 Network Security in computer security

More from Getnet Tigabie Askale -(GM)

Recently uploaded

Chapter 4 Network Security in computer security