SlideShare a Scribd company logo

Network Security-Module_1.pdf

D
Dr. Shivashankar

This document outlines the course details for the Network Security course taught by Dr. Shivashankar. The course aims to help students understand network security concepts like services, mechanisms, transport layer security, IP security, intrusion detection, firewalls and malicious software. Students will learn about attacks on computers, security models, principles, threats like viruses, and management practices. The textbook and reference materials are also listed.

1 of 29
Download to read offline
NETWORK SECURITY (18EC821) Dr. Shivashankar Professor Department of Electronics & Communication Engineering RRIT, Bangalore 3/10/2023 1 Dr. Shivashankar, E&CE, RRIT
Course Outcomes After Completion of the course, student will be able to: ▪Explain network security services and mechanisms and explain security concepts. ▪Understand the concept of Transport Level Security and Secure Socket Layer. ▪Explain security concerns in Internet Protocol Security. ▪Explain Intruders, Intrusion detection and Malicious Software. ▪Describe Firewalls, Firewall characteristics, Biasing and Configuration. ▪Text Book: 1. Cryptography and Network Security Principles and Practice, Pearson Education Inc., William Stallings 5th Edition, ISBN: 978-81-317-6166-3. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003. ▪Reference: ▪Cryptography and Network Security, Behrouz A Forouzan, TMH, 2007. 3/10/2023 2 Dr. Shivashankar, E&CE, RRIT
Module-1 Attacks on Computers and Computer Security Network security is any activity designed to protect the usability and integrity of our network and data. • It includes both hardware and software technologies. • It targets a variety of threats. • It stops them from entering or spreading on your network. • Effective network security manages access to the network. 3/10/2023 3 Dr. Shivashankar, E&CE, RRIT
Module-1 Attacks on Computers and Computer Security Computer and network security are built on three pillars, commonly referred to by the C-I-A acronym: 1. Confidentiality: Refers to the protection of information transmitted over computer networks from unauthorized access, interception, or tampering. This is achieved through encryption and secure protocols such as SSL/TLS. 2. Integrity: the ability to ensure that a system and its data has not suffered unauthorized modification. Integrity protection protects not only data, but also operating systems, applications and hardware from being altered by unauthorized individuals. 3. Availability: protecting the functionality of support systems and ensuring data is fully available at the point in time (or period requirements) when it is needed by its users. The objective of availability is to ensure that data is available to be used when it is needed to make decisions 3/10/2023 4 Dr. Shivashankar, E&CE, RRIT
CONTI… ▪ A Threat is nothing but a possible event that can damage and harm an information system ▪ Security Threat is defined as a risk that which, can potentially harm Computer systems & organizations. ▪ Security attacks are mainly aimed at stealing altering or destroying a piece of personal and confidential information, stealing the hard drive space, and illegally accessing passwords. • Web security threats are constantly emerging and evolving, but many threats consistently appear at the top of the list of web security threats. These include: • Cross-site scripting (XSS) • SQL Injection • Phishing • Ransomware • Code Injection • Viruses and worms • Spyware • Denial of Service 3/10/2023 5 Dr. Shivashankar, E&CE, RRIT
CONTI… ▪Two typical examples of such security mechanisms were as follows: • Provide a user id and password to every user and use that information to authenticate a user • Encode information stored in the databases in some fashion so that it is not visible to users who donot have the right permissions. 3/10/2023 6 Dr. Shivashankar, E&CE, RRIT Fig. 1.1Example of information traveling from a client to a server over the Internet.
Modern Nature of Attacks Automating attacks ▪An automated threat is a type of computer security threat to a computer network or web application, characterized by the malicious use of automated tools such as Internet bots. ▪Automated threats are popular on the internet as they can complete large amounts of repetitive tasks with almost no cost to execute. Example: Credential stuffing. Scratching. Application layer DDoS. Captcha Bypass. Card Cracking, etc 3/10/2023 7 Dr. Shivashankar, E&CE, RRIT Fig. 1.2The changing nature of attacks due to automation
CONTI… Privacy concerns • Data privacy is concerned with the proper handling of sensitive information such as financial data and intellectual property data. • Cyber privacy can include both personally identifying information (PII) or non-identifying information which when aggregated can be used to identify - like a user's behavior on a website and cookie information. Example: ❖ Products you've purchased online. ❖ Search engine and browser histories. ❖ Location information. ❖ Financial data. ❖ Employee benefits service providers such as: Insurance companies. ... ❖ Preferred operational solutions for tasks like: Employee messaging. 3/10/2023 8 Dr. Shivashankar, E&CE, RRIT
CONTI… Security Approaches Trusted Systems A trusted system is a computer system that can be trusted to a specified extent to enforce as specified security policy. Trusted systems were initially of primary interest to the military. Trusted systems often use the term reference monitor. It is mainly responsible for all the decisions related to access controls. Naturally, following are the expectations from the reference monitor: (a) It should be tamper proof (b) It should always be invoked (c) It should be small enough so that it can be independently tested. 3/10/2023 9 Dr. Shivashankar, E&CE, RRIT
Security Models ▪An organization can take several approaches to implement its security model. ▪No security: In this simplest case, the approach could be a decision to implement no security at all. This approach cannot work for too long, as there are many ways an attacker can come to know about it. ▪Host security: In this scheme, the security for each host is enforced individually. This is a very safe approach, but the trouble is that it cannot scale well. ▪Network security: Host security is tough to achieve as organizations grow and become more diverse. In this technique, the focus is to control network access to various hosts and their services, rather than individual host security. This is a very efficient and scalable model. 3/10/2023 10 Dr. Shivashankar, E&CE, RRIT
Security Management Practices Good security management practices always talk of a security policy being in place. A good security policy and its proper implementation go a long way in ensuring adequate security management practices. A good security policy generally takes care off our key aspects, as follows: • Affordability Cost and effort in security implementation. • Functionality Mechanism of providing security. • Cultural issues Whether the policy gels well with people’s expectations, working style and beliefs. • Legality Whether the policy meets the legal requirements. Once a security policy is in place, the following points should be ensured. (a) Explanation of the policy to all concerned. (b) Outline everybody’s responsibilities. (c) Use simple language in all communications. (d) Establishment of accountability. (e) Provision for exceptions and periodic reviews. 3/10/2023 11 Dr. Shivashankar, E&CE, RRIT
Principles of Security • The purpose of the cyber security principles is to provide strategic guidance on how an organisation can protect their systems and data from cyber threats. • These cyber security principles are grouped into four key activities: ➢ Govern: Identifying and managing security risks. ➢ Protect: Implementing controls to reduce security risks. ➢ Detect: Detecting and understanding cyber security events to identify cyber security incidents. ➢ Respond: Responding to and recovering from cyber security incidents. 3/10/2023 12 Dr. Shivashankar, E&CE, RRIT
Confidentiality • Confidentiality measures are designed to prevent unauthorized disclosure of information. • The purpose of the confidentiality principle is to keep personal information private and to ensure that it is visible and accessible only to those individuals who own it or need it to perform their organizational functions. ➢ Example: confidential email message sent by A to B, which is accessed by C without the permission or knowledge of A and B. This type of attack is called as interception. ➢ Interception causes loss of message confidentiality. 3/10/2023 13 Dr. Shivashankar, E&CE, RRIT Fig. 1.4Loss of confidentiality
Authentication ▪The process of verifying the identity of a user or information. User authentication is the process of verifying the identity of a user when that user logs in to a computer system. ▪The main objective of authentication is to allow authorized users to access the computer and to deny access to unauthorized users. ▪Operating Systems generally identify/authenticates users using the following 3 ways: Passwords, Physical identification, and Biometrics. ▪Fabrication is possible in absence of proper authentication mechanisms. 3/10/2023 14 Dr. Shivashankar, E&CE, RRIT Fig. 1.5Absence of authentication
Integrity • Integrity is the ability to ensure that a system and its data has not suffered unauthorized modification. • Integrity protection protects not only data, but also operating systems, applications and hardware from being altered by unauthorized individuals. ➢ User C somehow manages to access it, change its contents and send the changed message to user B. User B has no way of knowing that the contents of the message were changed after user A had sent it. User A also does not know about this change. ➢ This type of attack is called as modification. 3/10/2023 15 Dr. Shivashankar, E&CE, RRIT Fig. 1.6Loss of integrity
Non-repudiation • The assurance that someone cannot deny the validity of something. • A legal concept that is widely used in information security and refers to a service, which provides proof of the origin of data and the integrity of the data. • In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity and integrity of that message. ➢ Digital signatures (combined with other measures) can offer non- repudiation when it comes to online transactions. 3/10/2023 16 Dr. Shivashankar, E&CE, RRIT Fig. 1.7Establishing non-repudiation
Access Control • Access control is a fundamental component of data security that dictates who’s allowed to access and use company information and resources. • Through authentication and authorization, access control policies make sure users are who they say they are and that they have appropriate access to company data. • Access control can also be applied to limit physical access to campuses, buildings, rooms, and datacenters. • Access control specifies and controls who can access what. ➢ Authentication ➢ Authorization ➢ Access ➢ Manage ➢ Audit 3/10/2023 17 Dr. Shivashankar, E&CE, RRIT
Availability • Protecting the functionality of support systems and ensuring data is fully available at the point in time when it is needed by its users. • The objective of availability is to ensure that data is available to be used when it is needed to make decisions. There are mainly two threats to availability of the system which are as follows: 1. Denial of Service 2. Loss of Data Processing Capabilities 3/10/2023 18 Dr. Shivashankar, E&CE, RRIT Fig. 1.8Attack on availability
Ethical and Legal Issues ▪Piracy, copyright issues, prevention of loss, trade secrets, patent issues, access rights, and privacy problems are all ethical issues in the computer world. ▪Classically, the ethical issues in security systems are classified into the following four categories: ▪Privacy – This deals with the right of an individual to control personal information. ▪Accuracy – This talks about the responsibility for the authenticity, fidelity and accuracy of information. ▪Property – Here we find out the owner of the information. We also talk about who controls access. ▪Accessibility – This deals with the issue of the type of information an organization has the right to collect. And in that situation, it also expects to know the measures which will safeguard againstany unforeseen eventualities. 3/10/2023 19 Dr. Shivashankar, E&CE, RRIT
CONTI… When dealing with legal issues, we need to remember that there is a hierarchy of regulatory bodies that govern the legality of information security. We can roughly classify them as follows. • International: e.g. International Cybercrime Treaty • Federal: e.g. FERPA, GLB, HIPAA, DMCA, Teach Act, Patriot Act, Sarbanes-Oxley Act, etc. • State: e.g. UCITA, SB 1386, etc. • Organization: e.g. Computer use policy 3/10/2023 20 Dr. Shivashankar, E&CE, RRIT
Types of Attacks ▪ Network attacks are unauthorized actions on the digital assets within an organizational network. Malicious parties usually execute network attacks to alter, destroy, or steal private data. ▪Example: ▪Criminal Attacks: The sole aim of the attackers is to maximize financial gain by attacking computer systems. ▪Publicity Attacks : the aim of the attacker is to gain publicity. ▪Publicity attacks occur because the attackers want to see their names appear on television news channels and newspapers. 3/10/2023 21 Dr. Shivashankar, E&CE, RRIT Fig. 1.9Classification of attacks as understood in general terms
CONTI… Legal Attacks • In a legal attack, attackers try to make judge doubtful about the security of the computer system. • i.e. attacker attacks on the system and later on tries to convey to the judge that there is a problem within the computer system, it’s not his/her fault. • Fraud, scams, identity theft, grand theft, destruction, intellectual property theft are some of the legal attacks. 3/10/2023 22 Dr. Shivashankar, E&CE, RRIT
Attacks Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. ▪Two types: 3/10/2023 23 Dr. Shivashankar, E&CE, RRIT Active Attack Passive Attack Modification in information takes place. Modification in the information does not take place. Danger to Integrity as well as availability. A danger to Confidentiality. Due to active attacks, the execution system is always damaged. While due to passive attack, there is no harm to the system Victim gets informed about the attack. Victim does not get informed about the attack. System resources can be changed. System resources are not changing.
The Practical Side of Attacks ▪A security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware ▪Two types ▪Application level attacks –The attacker attempts to access, modify or prevent access to information of a particular application or to the application itself. • Credit card information on the Internet or changing the contents of a message to change the amount in a transaction, etc. •Network level attacks –An attempt to either slow down or completely bring to halt, a computer network. 3/10/2023 24 Dr. Shivashankar, E&CE, RRIT Fig. 1.13Practical side of attacks
Virus A virus is a computer program that attaches itself to another legitimate program and causes damage to the computer system or to the network. During its lifetime, a virus goes through four phases: (a) Dormant phase: Here, the virus is idle. It gets activated based on certain action or event (e.g. the user typing a certain key or certain date or time is reached, etc). This is an optional phase. (b) Propagation phase: In this phase, a virus copies itself and each copy starts creating more copies of self, thus propagating the virus. (c) Triggering phase: A dormant virus moves into this phase when the action/event for which it was waiting is initiated. (d) Execution phase: This is the actual work of the virus, which could be harmless (display some message on the screen) or destructive (delete a file on the disk). Viruses can be classified into the following categories: (a) (a) Parasitic virus: This is the most common form of viruses. Such a virus attaches itself toexecutable files and keeps replicating. Whenever the infected file is executed, the virus looks forother executable files to attach itself and spread. (b) (b) Memory-resident virus: This type of virus first attaches itself to an area of the main memory andthen infects every executable program that is executed. (c) (c) Boot sector virus: This type of virus infects the master boot record of the disk and spreads on thedisk when the operating system starts booting the computer. (d) (d) Stealth virus: This virus has intelligence built in, which prevents anti-virus software programsfrom detecting it. (e) (e) Polymorphic virus: A virus that keeps changing its signature (i.e. identity) on every execution,making it very difficult to detect. (f) (f) Metamorphic virus: In addition to changing its signature like a polymorphic virus, this type ofvirus keeps rewriting itself every time, making its detection even harder. 3/10/2023 25 Dr. Shivashankar, E&CE, RRIT
Worms • A computer worm is a type of malware whose primary function is to self- replicate and infect other computers while remaining active on infected systems. • A computer worm duplicates itself to spread to uninfected computers. • It often does this by exploiting parts of an operating system that are automatic and invisible to the user. • Typically, a user only notices a worm when its uncontrolled replication consumes system resources and slows or halts other tasks. • A computer worm is not to be confused with WORM, or write once, read many. • Computer worms often rely on vulnerabilities in networking protocols, such as File Transfer Protocol, to propagate. • After a computer worm loads and begins running on a newly infected system, it will typically follow its prime directive: to remain active on an infected system for as long as possible and spread to as many other vulnerable systems as possible. 3/10/2023 26 Dr. Shivashankar, E&CE, RRIT
Cookies • A piece of data from a website that is stored within a web browser that the website can retrieve at a later time. • Cookies are used to tell the server that users have returned to a particular website. • When users return to a website, a cookie provides information and allows the site to display selected settings and targeted content. • Cookies also store information such as shopping cart contents, registration or login credentials, and user preferences. • This is done so that when users revisit sites, any information that was provided in a previous session or any set preferences can be easily retrieved. • Advertisers use cookies to track user activity across sites so they can better target ads. While this particular practice is usually offered to provide a more personalized user experience, some people also view this as a privacy concern. Type of Cookies ▪Session cookies are also known as transient cookies or per-session cookies. ▪Persistent cookies are stored for a specific length of time. These cookies remain on your device until they expire or are deleted. ▪First-party cookies are cookies set by websites that users directly visit. ▪Super cookies are similar to session cookies in that they also track user behavior and browsing history. 3/10/2023 27 Dr. Shivashankar, E&CE, RRIT
MCQ 1. First boot sector virus is (A) Computed (B) Mind (C) Brain (D) Elk cloner 2. The linking of computers with a communication system is called (A) Assembling (B) Interlocking (C) Pairing (D) Networking 3. The phrase ____ describe viruses, worms, Trojan horse attack applets and attack scripts. (A) Spam (B) Phishing (C) Malware (D) Virus 4. Abuse messaging systems to send unsolicited is (A) Phishing (B) Adware (C) Firewall (D) Spam 5. A person who uses his or her expertise to gain access to other people’s computers to get information illegally or do damage is a (A) Hacker (B) Analyst (C) Spammer (D) Programmer 6. Malicious access are unauthorized (A) Destruction of data (B) Modification of data (C) Reading of data (D) All of these 7. Encrypted passwords are used for (A) Security purpose (B) Passwords list secret (C) Faster execution (D) Both (a) and (b) 8. A firewall (A) Separates a network into multiple domains (B) May need to allow http to pass (C) Limits network access between the two security domains and maintains and logs all connections (D) is a computer or router that sits between the trusted and untrusted 3/10/2023 28 Dr. Shivashankar, E&CE, RRIT
Thanks 3/10/2023 29 Dr. Shivashankar, E&CE, RRIT

Recommended

Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
Dr. Shivashankar
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. Shivashankar
Dr. Shivashankar
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
Dr. Shivashankar
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
rajakhurram
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake
Alok Tripathi
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
Prafull Johri
 

Recommended

Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
Dr. Shivashankar
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. Shivashankar
Dr. Shivashankar
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
Dr. Shivashankar
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
rajakhurram
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake
Alok Tripathi
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography ppt
Thushara92
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
OECLIB Odisha Electronics Control Library
 
Email security
Email securityEmail security
Email security
Baliram Yadav
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
ajeet singh
 
Cryptography-Known plain text attack
Cryptography-Known plain text attack Cryptography-Known plain text attack
Cryptography-Known plain text attack
amiteshg
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
IGZ Software house
 
MODULE-4_CCN.pptx
MODULE-4_CCN.pptxMODULE-4_CCN.pptx
MODULE-4_CCN.pptx
Dr. Shivashankar
 
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
SMTP - SIMPLE MAIL TRANSFER PROTOCOLSMTP - SIMPLE MAIL TRANSFER PROTOCOL
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
Vidhu Arora
 
Network layer tanenbaum
Network layer tanenbaumNetwork layer tanenbaum
Network layer tanenbaum
Mahesh Kumar Chelimilla
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar ppt
Smriti Rastogi
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
vimal kumar
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
chauhankapil
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
PrinceKumar851167
 
Ch07
Ch07Ch07
Ch07Joe Christensen
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
Jazmine Brown
 
Concept Of Cyber Security.pdf
Concept Of Cyber Security.pdfConcept Of Cyber Security.pdf
Concept Of Cyber Security.pdf
FahadZaman38
 

More Related Content

What's hot

Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography ppt
Thushara92
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
OECLIB Odisha Electronics Control Library
 
Email security
Email securityEmail security
Email security
Baliram Yadav
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
ajeet singh
 
Cryptography-Known plain text attack
Cryptography-Known plain text attack Cryptography-Known plain text attack
Cryptography-Known plain text attack
amiteshg
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
IGZ Software house
 
MODULE-4_CCN.pptx
MODULE-4_CCN.pptxMODULE-4_CCN.pptx
MODULE-4_CCN.pptx
Dr. Shivashankar
 
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
SMTP - SIMPLE MAIL TRANSFER PROTOCOLSMTP - SIMPLE MAIL TRANSFER PROTOCOL
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
Vidhu Arora
 
Network layer tanenbaum
Network layer tanenbaumNetwork layer tanenbaum
Network layer tanenbaum
Mahesh Kumar Chelimilla
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar ppt
Smriti Rastogi
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
vimal kumar
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
chauhankapil
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
PrinceKumar851167
 

What's hot (20)

Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography ppt
 
Firewalls
FirewallsFirewalls
Firewalls
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Email security
Email securityEmail security
Email security
 
Email security
Email securityEmail security
Email security
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Cryptography-Known plain text attack
Cryptography-Known plain text attack Cryptography-Known plain text attack
Cryptography-Known plain text attack
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
 
MODULE-4_CCN.pptx
MODULE-4_CCN.pptxMODULE-4_CCN.pptx
MODULE-4_CCN.pptx
 
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
SMTP - SIMPLE MAIL TRANSFER PROTOCOLSMTP - SIMPLE MAIL TRANSFER PROTOCOL
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
 
Network layer tanenbaum
Network layer tanenbaumNetwork layer tanenbaum
Network layer tanenbaum
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar ppt
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
Ch07
Ch07Ch07
Ch07
 

Similar to Network Security-Module_1.pdf

Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
Jazmine Brown
 
Concept Of Cyber Security.pdf
Concept Of Cyber Security.pdfConcept Of Cyber Security.pdf
Concept Of Cyber Security.pdf
FahadZaman38
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
 
Report on Network Security And Privacy
Report on Network Security And PrivacyReport on Network Security And Privacy
Report on Network Security And Privacy
Manan Gadhiya
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
WE-IT TUTORIALS
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptx
Arumugam90
 
Cryptography and Network Security Principles and PracticeEigh
Cryptography and Network Security Principles and PracticeEighCryptography and Network Security Principles and PracticeEigh
Cryptography and Network Security Principles and PracticeEigh
MargenePurnell14
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
IRJET Journal
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
avinashkumar1912
 
Cloud_Security.pptx
Cloud_Security.pptxCloud_Security.pptx
Cloud_Security.pptx
NishantAnand39
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
JeganathanJayaran
 
security of information systems
security of information systems security of information systems
security of information systems
♥♛❁Sukla♥❀njoyng Breath♥
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-Commerce
Hem Pokhrel
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Peter Choi
 
I0516064
I0516064I0516064
I0516064
IOSR Journals
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
Zara Nawaz
 

Similar to Network Security-Module_1.pdf (20)

Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Concept Of Cyber Security.pdf
Concept Of Cyber Security.pdfConcept Of Cyber Security.pdf
Concept Of Cyber Security.pdf
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 
Report on Network Security And Privacy
Report on Network Security And PrivacyReport on Network Security And Privacy
Report on Network Security And Privacy
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptx
 
Cryptography and Network Security Principles and PracticeEigh
Cryptography and Network Security Principles and PracticeEighCryptography and Network Security Principles and PracticeEigh
Cryptography and Network Security Principles and PracticeEigh
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
 
Cloud_Security.pptx
Cloud_Security.pptxCloud_Security.pptx
Cloud_Security.pptx
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
security of information systems
security of information systems security of information systems
security of information systems
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-Commerce
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
 
I0516064
I0516064I0516064
I0516064
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 

More from Dr. Shivashankar

21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
Dr. Shivashankar
 
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
Dr. Shivashankar
 
21 Scheme_ MODULE-3_CCN.pdf
21 Scheme_ MODULE-3_CCN.pdf21 Scheme_ MODULE-3_CCN.pdf
21 Scheme_ MODULE-3_CCN.pdf
Dr. Shivashankar
 
21_Scheme_MODULE-1_CCN.pdf
21_Scheme_MODULE-1_CCN.pdf21_Scheme_MODULE-1_CCN.pdf
21_Scheme_MODULE-1_CCN.pdf
Dr. Shivashankar
 
21 Scheme_MODULE-2_CCN.pdf
21 Scheme_MODULE-2_CCN.pdf21 Scheme_MODULE-2_CCN.pdf
21 Scheme_MODULE-2_CCN.pdf
Dr. Shivashankar
 
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdfWireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Dr. Shivashankar
 
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdfWireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Dr. Shivashankar
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
Dr. Shivashankar
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
Dr. Shivashankar
 
MODULE-3_CCN.pptx
MODULE-3_CCN.pptxMODULE-3_CCN.pptx
MODULE-3_CCN.pptx
Dr. Shivashankar
 
MODULE-1_CCN.pptx
MODULE-1_CCN.pptxMODULE-1_CCN.pptx
MODULE-1_CCN.pptx
Dr. Shivashankar
 
MODULE-2_CCN.pptx
MODULE-2_CCN.pptxMODULE-2_CCN.pptx
MODULE-2_CCN.pptx
Dr. Shivashankar
 
MODULE-5_CCN.pptx
MODULE-5_CCN.pptxMODULE-5_CCN.pptx
MODULE-5_CCN.pptx
Dr. Shivashankar
 

More from Dr. Shivashankar (13)

21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
 
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
 
21 Scheme_ MODULE-3_CCN.pdf
21 Scheme_ MODULE-3_CCN.pdf21 Scheme_ MODULE-3_CCN.pdf
21 Scheme_ MODULE-3_CCN.pdf
 
21_Scheme_MODULE-1_CCN.pdf
21_Scheme_MODULE-1_CCN.pdf21_Scheme_MODULE-1_CCN.pdf
21_Scheme_MODULE-1_CCN.pdf
 
21 Scheme_MODULE-2_CCN.pdf
21 Scheme_MODULE-2_CCN.pdf21 Scheme_MODULE-2_CCN.pdf
21 Scheme_MODULE-2_CCN.pdf
 
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdfWireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
 
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdfWireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
 
MODULE-3_CCN.pptx
MODULE-3_CCN.pptxMODULE-3_CCN.pptx
MODULE-3_CCN.pptx
 
MODULE-1_CCN.pptx
MODULE-1_CCN.pptxMODULE-1_CCN.pptx
MODULE-1_CCN.pptx
 
MODULE-2_CCN.pptx
MODULE-2_CCN.pptxMODULE-2_CCN.pptx
MODULE-2_CCN.pptx
 
MODULE-5_CCN.pptx
MODULE-5_CCN.pptxMODULE-5_CCN.pptx
MODULE-5_CCN.pptx
 

Recently uploaded

Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSETECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
DuvanRamosGarzon1
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
SamSarthak3
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
ViniHema
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
Jayaprasanna4
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
Divya Somashekar
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
seandesed
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
FluxPrime1
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
Kamal Acharya
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
MuhammadTufail242431
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 

Recently uploaded (20)

Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSETECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 

Network Security-Module_1.pdf

  • 1. NETWORK SECURITY (18EC821) Dr. Shivashankar Professor Department of Electronics & Communication Engineering RRIT, Bangalore 3/10/2023 1 Dr. Shivashankar, E&CE, RRIT
  • 2. Course Outcomes After Completion of the course, student will be able to: ▪Explain network security services and mechanisms and explain security concepts. ▪Understand the concept of Transport Level Security and Secure Socket Layer. ▪Explain security concerns in Internet Protocol Security. ▪Explain Intruders, Intrusion detection and Malicious Software. ▪Describe Firewalls, Firewall characteristics, Biasing and Configuration. ▪Text Book: 1. Cryptography and Network Security Principles and Practice, Pearson Education Inc., William Stallings 5th Edition, ISBN: 978-81-317-6166-3. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003. ▪Reference: ▪Cryptography and Network Security, Behrouz A Forouzan, TMH, 2007. 3/10/2023 2 Dr. Shivashankar, E&CE, RRIT
  • 3. Module-1 Attacks on Computers and Computer Security Network security is any activity designed to protect the usability and integrity of our network and data. • It includes both hardware and software technologies. • It targets a variety of threats. • It stops them from entering or spreading on your network. • Effective network security manages access to the network. 3/10/2023 3 Dr. Shivashankar, E&CE, RRIT
  • 4. Module-1 Attacks on Computers and Computer Security Computer and network security are built on three pillars, commonly referred to by the C-I-A acronym: 1. Confidentiality: Refers to the protection of information transmitted over computer networks from unauthorized access, interception, or tampering. This is achieved through encryption and secure protocols such as SSL/TLS. 2. Integrity: the ability to ensure that a system and its data has not suffered unauthorized modification. Integrity protection protects not only data, but also operating systems, applications and hardware from being altered by unauthorized individuals. 3. Availability: protecting the functionality of support systems and ensuring data is fully available at the point in time (or period requirements) when it is needed by its users. The objective of availability is to ensure that data is available to be used when it is needed to make decisions 3/10/2023 4 Dr. Shivashankar, E&CE, RRIT
  • 5. CONTI… ▪ A Threat is nothing but a possible event that can damage and harm an information system ▪ Security Threat is defined as a risk that which, can potentially harm Computer systems & organizations. ▪ Security attacks are mainly aimed at stealing altering or destroying a piece of personal and confidential information, stealing the hard drive space, and illegally accessing passwords. • Web security threats are constantly emerging and evolving, but many threats consistently appear at the top of the list of web security threats. These include: • Cross-site scripting (XSS) • SQL Injection • Phishing • Ransomware • Code Injection • Viruses and worms • Spyware • Denial of Service 3/10/2023 5 Dr. Shivashankar, E&CE, RRIT
  • 6. CONTI… ▪Two typical examples of such security mechanisms were as follows: • Provide a user id and password to every user and use that information to authenticate a user • Encode information stored in the databases in some fashion so that it is not visible to users who donot have the right permissions. 3/10/2023 6 Dr. Shivashankar, E&CE, RRIT Fig. 1.1Example of information traveling from a client to a server over the Internet.
  • 7. Modern Nature of Attacks Automating attacks ▪An automated threat is a type of computer security threat to a computer network or web application, characterized by the malicious use of automated tools such as Internet bots. ▪Automated threats are popular on the internet as they can complete large amounts of repetitive tasks with almost no cost to execute. Example: Credential stuffing. Scratching. Application layer DDoS. Captcha Bypass. Card Cracking, etc 3/10/2023 7 Dr. Shivashankar, E&CE, RRIT Fig. 1.2The changing nature of attacks due to automation
  • 8. CONTI… Privacy concerns • Data privacy is concerned with the proper handling of sensitive information such as financial data and intellectual property data. • Cyber privacy can include both personally identifying information (PII) or non-identifying information which when aggregated can be used to identify - like a user's behavior on a website and cookie information. Example: ❖ Products you've purchased online. ❖ Search engine and browser histories. ❖ Location information. ❖ Financial data. ❖ Employee benefits service providers such as: Insurance companies. ... ❖ Preferred operational solutions for tasks like: Employee messaging. 3/10/2023 8 Dr. Shivashankar, E&CE, RRIT
  • 9. CONTI… Security Approaches Trusted Systems A trusted system is a computer system that can be trusted to a specified extent to enforce as specified security policy. Trusted systems were initially of primary interest to the military. Trusted systems often use the term reference monitor. It is mainly responsible for all the decisions related to access controls. Naturally, following are the expectations from the reference monitor: (a) It should be tamper proof (b) It should always be invoked (c) It should be small enough so that it can be independently tested. 3/10/2023 9 Dr. Shivashankar, E&CE, RRIT
  • 10. Security Models ▪An organization can take several approaches to implement its security model. ▪No security: In this simplest case, the approach could be a decision to implement no security at all. This approach cannot work for too long, as there are many ways an attacker can come to know about it. ▪Host security: In this scheme, the security for each host is enforced individually. This is a very safe approach, but the trouble is that it cannot scale well. ▪Network security: Host security is tough to achieve as organizations grow and become more diverse. In this technique, the focus is to control network access to various hosts and their services, rather than individual host security. This is a very efficient and scalable model. 3/10/2023 10 Dr. Shivashankar, E&CE, RRIT
  • 11. Security Management Practices Good security management practices always talk of a security policy being in place. A good security policy and its proper implementation go a long way in ensuring adequate security management practices. A good security policy generally takes care off our key aspects, as follows: • Affordability Cost and effort in security implementation. • Functionality Mechanism of providing security. • Cultural issues Whether the policy gels well with people’s expectations, working style and beliefs. • Legality Whether the policy meets the legal requirements. Once a security policy is in place, the following points should be ensured. (a) Explanation of the policy to all concerned. (b) Outline everybody’s responsibilities. (c) Use simple language in all communications. (d) Establishment of accountability. (e) Provision for exceptions and periodic reviews. 3/10/2023 11 Dr. Shivashankar, E&CE, RRIT
  • 12. Principles of Security • The purpose of the cyber security principles is to provide strategic guidance on how an organisation can protect their systems and data from cyber threats. • These cyber security principles are grouped into four key activities: ➢ Govern: Identifying and managing security risks. ➢ Protect: Implementing controls to reduce security risks. ➢ Detect: Detecting and understanding cyber security events to identify cyber security incidents. ➢ Respond: Responding to and recovering from cyber security incidents. 3/10/2023 12 Dr. Shivashankar, E&CE, RRIT
  • 13. Confidentiality • Confidentiality measures are designed to prevent unauthorized disclosure of information. • The purpose of the confidentiality principle is to keep personal information private and to ensure that it is visible and accessible only to those individuals who own it or need it to perform their organizational functions. ➢ Example: confidential email message sent by A to B, which is accessed by C without the permission or knowledge of A and B. This type of attack is called as interception. ➢ Interception causes loss of message confidentiality. 3/10/2023 13 Dr. Shivashankar, E&CE, RRIT Fig. 1.4Loss of confidentiality
  • 14. Authentication ▪The process of verifying the identity of a user or information. User authentication is the process of verifying the identity of a user when that user logs in to a computer system. ▪The main objective of authentication is to allow authorized users to access the computer and to deny access to unauthorized users. ▪Operating Systems generally identify/authenticates users using the following 3 ways: Passwords, Physical identification, and Biometrics. ▪Fabrication is possible in absence of proper authentication mechanisms. 3/10/2023 14 Dr. Shivashankar, E&CE, RRIT Fig. 1.5Absence of authentication
  • 15. Integrity • Integrity is the ability to ensure that a system and its data has not suffered unauthorized modification. • Integrity protection protects not only data, but also operating systems, applications and hardware from being altered by unauthorized individuals. ➢ User C somehow manages to access it, change its contents and send the changed message to user B. User B has no way of knowing that the contents of the message were changed after user A had sent it. User A also does not know about this change. ➢ This type of attack is called as modification. 3/10/2023 15 Dr. Shivashankar, E&CE, RRIT Fig. 1.6Loss of integrity
  • 16. Non-repudiation • The assurance that someone cannot deny the validity of something. • A legal concept that is widely used in information security and refers to a service, which provides proof of the origin of data and the integrity of the data. • In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity and integrity of that message. ➢ Digital signatures (combined with other measures) can offer non- repudiation when it comes to online transactions. 3/10/2023 16 Dr. Shivashankar, E&CE, RRIT Fig. 1.7Establishing non-repudiation
  • 17. Access Control • Access control is a fundamental component of data security that dictates who’s allowed to access and use company information and resources. • Through authentication and authorization, access control policies make sure users are who they say they are and that they have appropriate access to company data. • Access control can also be applied to limit physical access to campuses, buildings, rooms, and datacenters. • Access control specifies and controls who can access what. ➢ Authentication ➢ Authorization ➢ Access ➢ Manage ➢ Audit 3/10/2023 17 Dr. Shivashankar, E&CE, RRIT
  • 18. Availability • Protecting the functionality of support systems and ensuring data is fully available at the point in time when it is needed by its users. • The objective of availability is to ensure that data is available to be used when it is needed to make decisions. There are mainly two threats to availability of the system which are as follows: 1. Denial of Service 2. Loss of Data Processing Capabilities 3/10/2023 18 Dr. Shivashankar, E&CE, RRIT Fig. 1.8Attack on availability
  • 19. Ethical and Legal Issues ▪Piracy, copyright issues, prevention of loss, trade secrets, patent issues, access rights, and privacy problems are all ethical issues in the computer world. ▪Classically, the ethical issues in security systems are classified into the following four categories: ▪Privacy – This deals with the right of an individual to control personal information. ▪Accuracy – This talks about the responsibility for the authenticity, fidelity and accuracy of information. ▪Property – Here we find out the owner of the information. We also talk about who controls access. ▪Accessibility – This deals with the issue of the type of information an organization has the right to collect. And in that situation, it also expects to know the measures which will safeguard againstany unforeseen eventualities. 3/10/2023 19 Dr. Shivashankar, E&CE, RRIT
  • 20. CONTI… When dealing with legal issues, we need to remember that there is a hierarchy of regulatory bodies that govern the legality of information security. We can roughly classify them as follows. • International: e.g. International Cybercrime Treaty • Federal: e.g. FERPA, GLB, HIPAA, DMCA, Teach Act, Patriot Act, Sarbanes-Oxley Act, etc. • State: e.g. UCITA, SB 1386, etc. • Organization: e.g. Computer use policy 3/10/2023 20 Dr. Shivashankar, E&CE, RRIT
  • 21. Types of Attacks ▪ Network attacks are unauthorized actions on the digital assets within an organizational network. Malicious parties usually execute network attacks to alter, destroy, or steal private data. ▪Example: ▪Criminal Attacks: The sole aim of the attackers is to maximize financial gain by attacking computer systems. ▪Publicity Attacks : the aim of the attacker is to gain publicity. ▪Publicity attacks occur because the attackers want to see their names appear on television news channels and newspapers. 3/10/2023 21 Dr. Shivashankar, E&CE, RRIT Fig. 1.9Classification of attacks as understood in general terms
  • 22. CONTI… Legal Attacks • In a legal attack, attackers try to make judge doubtful about the security of the computer system. • i.e. attacker attacks on the system and later on tries to convey to the judge that there is a problem within the computer system, it’s not his/her fault. • Fraud, scams, identity theft, grand theft, destruction, intellectual property theft are some of the legal attacks. 3/10/2023 22 Dr. Shivashankar, E&CE, RRIT
  • 23. Attacks Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. ▪Two types: 3/10/2023 23 Dr. Shivashankar, E&CE, RRIT Active Attack Passive Attack Modification in information takes place. Modification in the information does not take place. Danger to Integrity as well as availability. A danger to Confidentiality. Due to active attacks, the execution system is always damaged. While due to passive attack, there is no harm to the system Victim gets informed about the attack. Victim does not get informed about the attack. System resources can be changed. System resources are not changing.
  • 24. The Practical Side of Attacks ▪A security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware ▪Two types ▪Application level attacks –The attacker attempts to access, modify or prevent access to information of a particular application or to the application itself. • Credit card information on the Internet or changing the contents of a message to change the amount in a transaction, etc. •Network level attacks –An attempt to either slow down or completely bring to halt, a computer network. 3/10/2023 24 Dr. Shivashankar, E&CE, RRIT Fig. 1.13Practical side of attacks
  • 25. Virus A virus is a computer program that attaches itself to another legitimate program and causes damage to the computer system or to the network. During its lifetime, a virus goes through four phases: (a) Dormant phase: Here, the virus is idle. It gets activated based on certain action or event (e.g. the user typing a certain key or certain date or time is reached, etc). This is an optional phase. (b) Propagation phase: In this phase, a virus copies itself and each copy starts creating more copies of self, thus propagating the virus. (c) Triggering phase: A dormant virus moves into this phase when the action/event for which it was waiting is initiated. (d) Execution phase: This is the actual work of the virus, which could be harmless (display some message on the screen) or destructive (delete a file on the disk). Viruses can be classified into the following categories: (a) (a) Parasitic virus: This is the most common form of viruses. Such a virus attaches itself toexecutable files and keeps replicating. Whenever the infected file is executed, the virus looks forother executable files to attach itself and spread. (b) (b) Memory-resident virus: This type of virus first attaches itself to an area of the main memory andthen infects every executable program that is executed. (c) (c) Boot sector virus: This type of virus infects the master boot record of the disk and spreads on thedisk when the operating system starts booting the computer. (d) (d) Stealth virus: This virus has intelligence built in, which prevents anti-virus software programsfrom detecting it. (e) (e) Polymorphic virus: A virus that keeps changing its signature (i.e. identity) on every execution,making it very difficult to detect. (f) (f) Metamorphic virus: In addition to changing its signature like a polymorphic virus, this type ofvirus keeps rewriting itself every time, making its detection even harder. 3/10/2023 25 Dr. Shivashankar, E&CE, RRIT
  • 26. Worms • A computer worm is a type of malware whose primary function is to self- replicate and infect other computers while remaining active on infected systems. • A computer worm duplicates itself to spread to uninfected computers. • It often does this by exploiting parts of an operating system that are automatic and invisible to the user. • Typically, a user only notices a worm when its uncontrolled replication consumes system resources and slows or halts other tasks. • A computer worm is not to be confused with WORM, or write once, read many. • Computer worms often rely on vulnerabilities in networking protocols, such as File Transfer Protocol, to propagate. • After a computer worm loads and begins running on a newly infected system, it will typically follow its prime directive: to remain active on an infected system for as long as possible and spread to as many other vulnerable systems as possible. 3/10/2023 26 Dr. Shivashankar, E&CE, RRIT
  • 27. Cookies • A piece of data from a website that is stored within a web browser that the website can retrieve at a later time. • Cookies are used to tell the server that users have returned to a particular website. • When users return to a website, a cookie provides information and allows the site to display selected settings and targeted content. • Cookies also store information such as shopping cart contents, registration or login credentials, and user preferences. • This is done so that when users revisit sites, any information that was provided in a previous session or any set preferences can be easily retrieved. • Advertisers use cookies to track user activity across sites so they can better target ads. While this particular practice is usually offered to provide a more personalized user experience, some people also view this as a privacy concern. Type of Cookies ▪Session cookies are also known as transient cookies or per-session cookies. ▪Persistent cookies are stored for a specific length of time. These cookies remain on your device until they expire or are deleted. ▪First-party cookies are cookies set by websites that users directly visit. ▪Super cookies are similar to session cookies in that they also track user behavior and browsing history. 3/10/2023 27 Dr. Shivashankar, E&CE, RRIT
  • 28. MCQ 1. First boot sector virus is (A) Computed (B) Mind (C) Brain (D) Elk cloner 2. The linking of computers with a communication system is called (A) Assembling (B) Interlocking (C) Pairing (D) Networking 3. The phrase ____ describe viruses, worms, Trojan horse attack applets and attack scripts. (A) Spam (B) Phishing (C) Malware (D) Virus 4. Abuse messaging systems to send unsolicited is (A) Phishing (B) Adware (C) Firewall (D) Spam 5. A person who uses his or her expertise to gain access to other people’s computers to get information illegally or do damage is a (A) Hacker (B) Analyst (C) Spammer (D) Programmer 6. Malicious access are unauthorized (A) Destruction of data (B) Modification of data (C) Reading of data (D) All of these 7. Encrypted passwords are used for (A) Security purpose (B) Passwords list secret (C) Faster execution (D) Both (a) and (b) 8. A firewall (A) Separates a network into multiple domains (B) May need to allow http to pass (C) Limits network access between the two security domains and maintains and logs all connections (D) is a computer or router that sits between the trusted and untrusted 3/10/2023 28 Dr. Shivashankar, E&CE, RRIT