Network Security

The network security solutions protect various vulnerabilities of the computer systems such as:
1. Users
2. Locations
3. Data
4. Devices
5. Applications

Working on Network Security

The basic principle of network security is protecting huge stored data and networks in layers that
ensure the bedding of rules and regulations that have to be acknowledged before performing any
activity on the data.
These levels are:
1. Physical Network Security
2. Technical Network Security
3. Administrative Network Security
These are explained below:
1. Physical Network Security:
 Locking the Doors, Cameras and Guards, biometric systems
 most basic level
 external peripherals and routers that might be used for cable connections.
 This type serves two purposes. One is protected from unauthorized users, and the other is protected from
malicious activities.

2. Technical Network Security:

 Firewalls and Antivirus, Encryption
 protecting the data stored in the network or data involved in transitions through the
network

3. Administrative Network Security:

 Policies and Training, Access Control
 protects user behavior like how the permission has been granted and how the
authorization process takes place

Types of Network Security

The few types of network securities are discussed below:
1. Access Control
2. Antivirus and Anti-Malware Software
3. Cloud Security
4. Email Security
5. Firewalls
6. Application Security
7. Intrusion Prevention System(IPS)
1. Access Control: Network Access Control which ensures that only a handful of authorized personnel
must be able to work with the allowed amount of resources.

2. Antivirus and Anti-malware Software: Malicious software like Viruses, Trojans, and Worms is
handled by the same. This ensures that not only the entry of the malware is protected but also that the
system is well-equipped to fight once it has entered.
3. Cloud Security: Many businesses embrace SaaS applications for providing some of their employees
the allowance of accessing the data stored in the cloud. This type of security ensures creating gaps in
the visibility of the data.

4. Email Security: Email Security depicts the services, and products designed to protect the Email
Account and its contents safe from external threats. For Example, you generally see, fraud emails are
automatically sent to the Spam folder. because most email service providers have built-in features to
protect the content.

5. Firewalls: A firewall is a network security device, either hardware or software-based, which

monitors all incoming and outgoing traffic and based on a defined set of security rules accepts, rejects,
or drops that specific traffic. Before Firewalls, network security was performed by Access Control Lists
(ACLs) residing on routers.

6. Application Security: Application security denotes the security precautionary measures utilized at
the application level to prevent the stealing or capturing of data or code inside the application. It also
includes the security measurements made during the advancement and design of applications, as well as
techniques and methods for protecting the applications whenever.

7. Intrusion Prevention System(IPS): An intrusion Prevention System is also known as Intrusion

Detection and Prevention System. It is a network security application that monitors network or system
activities for malicious activity. The major functions of intrusion prevention systems are to identify
malicious activity, collect information about this activity, report it, and attempt to block or stop it.

Encryption standards & Algorithms

What is Data Encryption?

Method of protecting data by encoding it in such a way that it can only be decrypted or accessed by an
individual who holds the correct encryption key.
Data encryption is the process of converting data from a readable format to a scrambled piece of
information

How Does Data Encryption Work?

 Data that needs to be encrypted -> plaintext or cleartext
 Apart from the algorithms, one also needs an encryption key. Using said key and a suitable
encryption algorithm, the plaintext is converted into the encrypted piece of data, also known as
ciphertext

Why Do We Need Data Encryption?

 Authentication: Public key encryption proves that a website's origin server owns the private key
and thus was legitimately assigned an SSL certificate. In a world where so many fraudulent
websites exist, this is an important feature.
 Privacy
 Regulatory Compliance: A sampling of regulatory and compliance standards that enforce
encryption include HIPAA, PCI-DSS, and the GDPR.
 Security

2 Types of Data Encryption Techniques

Most internet security (IS) professionals break down encryption into three distinct methods: symmetric,
asymmetric, and hashing. These, in turn, are broken down into different types. We’ll explore each one
separately.
Symmetric Encryption Method
Also called private-key cryptography or a secret key algorithm, this method requires the sender and the
receiver to have access to the same key. So, the recipient needs to have the key before the message is
decrypted. This method works best for closed systems, which have less risk of a third-party intrusion.
On the positive side, symmetric encryption is faster than asymmetric encryption. However, on the
negative side, both parties need to make sure the key is stored securely and available only to the software
that needs to use it.
Asymmetric Encryption Method
Also called public-key cryptography, this method uses two keys for the encryption process, a public and a
private key, which are mathematically linked. The user employs one key for encryption and the other for
decryption, though it doesn’t matter which you choose first.
As the name implies, the public key is freely available to anyone, whereas the private key remains with
the intended recipients only, who need it to decipher the messages. Both keys are simply large numbers
that aren’t identical but are paired with each other, which is where the “asymmetric” part comes in.

In short, symmetric encryption uses one key for both locking and unlocking, like a regular lock and key.
Asymmetric encryption uses two keys, one for locking and one for unlocking, making it more secure for
communication.

Hashing
Hashing generates a unique signature of fixed length for a data set or message. Each specific message has
its unique hash, making minor changes to the information easily trackable. Data encrypted with hashing
cannot be deciphered or reversed back into its original form. That’s why hashing is used only as a method
of verifying data.
What is an Encryption Algorithm?
Used to convert data into ciphertext. By using the encryption key, an algorithm can alter data in a
predictable manner, resulting in the encrypted data appearing random, but it can be converted back into
plaintext by using the decryption key.

Best Encryption Algorithms

Here are five of the more common ones.
 AES.
Lock and Key: It's like having a special lock that uses the same key to both lock and unlock your
secret box. AES comes in different key sizes (128, 192, or 256 bits) for added security.

The Advanced Encryption Standard (AES) is the trusted standard algorithm used by the United
States government, as well as other organizations. Although extremely efficient in the 128-bit
form, AES also uses 192- and 256-bit keys for very demanding encryption purposes. AES is
widely considered invulnerable to all attacks except for brute force. Regardless, many internet
security experts believe AES will eventually be regarded as the go-to standard for encrypting data
in the private sector.

 DES (Data Encryption Standard):

Older Lock: DES is like an older lock that uses a small key (56 bits). It's not as secure as AES and is rarely
used today.

 Triple DES.
Triple Lock: It's like locking your secret box three times with DES for extra security.

Triple DES is the successor to the original Data Encryption Standard (DES) algorithm, created in
response to hackers who figured out how to breach DES. It’s symmetric encryption that was once
the most widely used symmetric algorithm in the industry, though it’s being gradually phased out.
TripleDES applies the DES algorithm three times to every data block and is commonly used to
encrypt UNIX passwords and ATM PINs.

 RSA. (Rivest-Shamir-Adleman)
Two Keys: Think of it as having two magic keys—one to lock and one to unlock. You give the
"unlock" key to others, and only you have the "lock" key.
RSA is a public-key encryption asymmetric algorithm and the standard for encrypting
information transmitted via the internet. RSA encryption is robust and reliable because it creates
a massive bunch of gibberish that frustrates would-be hackers, causing them to expend a lot of
time and energy to crack into systems.

 Blowfish.
Fast Lock: Blowfish is like a speedy lock that's also secure. You choose the key size, making it
adaptable.
 Blowfish is another algorithm that was designed to replace DES. This symmetric tool breaks
messages into 64-bit blocks and encrypts them individually. Blowfish has established a
reputation for speed, flexibility, and is unbreakable. It’s in the public domain, so that makes it
free, adding even more to its appeal. Blowfish is commonly found on e-commerce platforms,
securing payments, and in password management tools.

 Twofish. Twofish is Blowfish’s successor. It’s license-free, symmetric encryption that deciphers
128-bit data blocks. Additionally, Twofish always encrypts data in 16 rounds, no matter what the
key size. Twofish is perfect for both software and hardware environments and is considered one
of the fastest of its type. Many of today’s file and folder encryption software solutions use this
method.

 SHA (Secure Hash Algorithms):

Data Fingerprint: Instead of locking, SHA creates a unique "fingerprint" for data. It's used for
checking if data has been tampered with.

 PGP (Pretty Good Privacy):

Envelope for Messages: PGP wraps your message in a digital envelope, and only the intended
recipient has the "key" to open it.

 Diffie-Hellman:
Secret Key Exchange: Imagine two people sharing secrets in a locked box. Diffie-Hellman helps
them safely exchange keys, so they can communicate securely.

Should You Use Symmetric or Asymmetric Encryption?

Symmetric encryption, which employs a single key, is preferable for data-at-rest. Data contained
in databases must be encrypted to prevent it from being hacked or stolen. Because this data only
has to be secure until it needs to be retrieved in the future, it does not require two keys, simply the
one supplied by symmetric encryption.
Asymmetric encryption, on the other hand, should be used on data transferred to other persons
via email. If only symmetric encryption was used on data in emails, an attacker may steal or
compromise the material by obtaining the key used for encryption and decryption. Since their
public key was used to encrypt the data, the sender and receiver ensure that only the recipient
may decrypt the data using asymmetric encryption.
Both methods of encryption are used in conjunction with other procedures, such as digital
signature or compression, to give further data protection.

What are the 4 basic types of encryption systems?

 Advanced Encryption Standard (AES)

  Triple DES

 Blowfish

 Rivest-Shamir-Adleman (RSA)

What are the three types of encryption?

DES, AES, and RSA are the three primary encryption types

Network Security Devices

Physical or virtualised hardware appliances, with vendor specific software installed.

Businesses purchase commodity server hardware and install custom software to create their own network
security device.

Types of Network Security Devices

1. Firewall:
 Function: Acts as a barrier between a trusted network and untrusted networks,
controlling incoming and outgoing traffic based on a set of rules.
 Types: There are hardware firewalls (dedicated devices) and software firewalls (software
applications).
 Handle more traffic and has better vendor support.
 Provide separation between your internal network and the wider Internet. They can block
connections on specific ports, from specific IP addresses, and from machines or networks
matching other criteria. Most firewalls are configured to deny incoming traffic by default,
providing a baseline of security for your network.

2. Intrusion Detection System (IDS):

 Function: Monitors network traffic for suspicious or malicious activity and generates
alerts or reports when potential threats are detected.
 Types: Network-based IDS (NIDS) and host-based IDS (HIDS).

3. Intrusion Prevention System (IPS):

 Function: Similar to IDS but has the ability to actively block or prevent detected threats
from entering the network.
 Types: Network-based IPS (NIPS) and host-based IPS (HIPS).
 One of the most useful features of network-based intrusion protection is that it can talk to
firewalls and other network hardware in real time as threats are discovered. As an
example, an IPS system could detect a device with malware installed from the unusual
and suspicious network traffic it produces. Afterwards, the IPS can request that the
 firewall quarantines this infected device on its own partitioned subnet so that it is unable
to cause further damage.

4. Antivirus/Anti-Malware Appliances:
 Function: Scans network traffic and endpoints for viruses, malware, and other malicious
software to prevent infections.
 Deployment: Typically used as appliances or software on servers.

5. Virtual Private Network (VPN) Concentrator:

 Function: Provides secure remote access to the network by creating encrypted
connections (tunnels) for remote users or branch offices.
 Usage: Essential for remote work and secure communications between geographically
dispersed locations.
 With the rise of remote work, every company needs to ensure that their internal network
resources are accessible securely from anywhere. A virtual private network or VPN
device can help here. In effect, when employees connect to the VPN, their traffic enters
the internal network from the VPN device instead of going straight to the Internet.
In addition to security benefits, VPN gateways give employees access to printers, Intranet
sites, and other internal devices, saving time and improving productivity.

6. Proxy Server:
 Function: Acts as an intermediary between client devices and the internet, enhancing
security and anonymity by masking users' IP addresses.
 Use Cases: Content filtering, caching, and anonymizing web browsing.

7. Load Balancer:
 Function: Distributes network traffic evenly across multiple servers or data centers to
ensure high availability and optimal performance.
 Benefits: Prevents network overload and improves scalability.
8. Network Access Control (NAC) System:
 Function: Enforces policies to control which devices can connect to the network and
under what conditions.
 Use Cases: Ensures that only authorized and compliant devices can access the network.
9. Unified Threat Management (UTM) Appliance:
 Function: Combines multiple security features into a single device, such as firewall,
antivirus, intrusion detection, and content filtering.
 Simplification: Streamlines network security management.
 In a modern business network, administrators might control a half dozen or more separate
network appliances with security functions. If multiple products come from different
vendors, managing a quickly-unfolding network threat can be challenging.
 UTMs combine a network firewall, an intrusion detection system, an intrusion prevention
system, and other features. For smaller businesses or those without significant IT
resources, using a UTM can save lots of time and money. However, UTMs are not
always better than discrete equipment: they create a single point of failure that can take
down the whole network if something goes wrong.
 10. Content Filtering Appliance:
 Function: Filters and blocks access to websites and online content based on predefined
policies, helping to enforce acceptable use policies.
 Use Cases: Prevents access to inappropriate or malicious websites.

Attack Types
1) Malware Attacks:
Explanation: Malware (malicious software) includes viruses, worms, Trojans, and spyware. These
programs are designed to infect computers and networks, causing damage, stealing data, or gaining
unauthorized access.
Objective: The goal of malware attacks is often to compromise the integrity and confidentiality of data or
gain control over network resources.

2) Phishing Attacks:
Explanation: Phishing involves tricking individuals into revealing sensitive information like passwords
or credit card numbers. Attackers use fake emails, websites, or messages that appear legitimate.
Objective: The aim is to steal personal or financial information for fraudulent purposes.

3) Denial-of-Service (DoS) Attacks:

Explanation: In DoS attacks, attackers flood a network or system with traffic, overwhelming it and
causing it to become unavailable to users.
Objective: To disrupt network services and deny access to legitimate users.

4) Distributed Denial-of-Service (DDoS) Attacks:

Explanation: DDoS attacks involve multiple compromised devices (botnets) that simultaneously flood a
target network or server with traffic.
Objective: Similar to DoS attacks, DDoS attacks aim to disrupt services, but they are more powerful due
to the sheer volume of traffic.

5) Man-in-the-Middle (MitM) Attacks:

Explanation: In MitM attacks, an attacker intercepts communication between two parties without their
knowledge. The attacker can eavesdrop, modify, or manipulate the data.
Objective: To intercept sensitive information or manipulate communications for malicious purposes.

6) SQL Injection:
Explanation: Attackers inject malicious SQL code into input fields of a web application. If not properly
validated, this code can manipulate or access the database.
Objective: To gain unauthorized access to databases or manipulate data within them.

7) Cross-Site Scripting (XSS):

Explanation: Attackers inject malicious scripts into web applications, which are then executed by
unsuspecting users' browsers.
Objective: To steal user information, sessions, or compromise web application functionality.

8) Password Attacks:
Explanation: These attacks involve attempting to guess or crack passwords through methods like brute
force, dictionary attacks, or password spraying.
Objective: To gain unauthorized access to accounts, systems, or networks.

9) Eavesdropping (Sniffing):
Explanation: Attackers capture and monitor network traffic to intercept sensitive information, such as
login credentials or confidential data.
Objective: To gather valuable data for malicious purposes.

10) Ransomware Attacks:

Explanation: Ransomware encrypts a victim's data and demands a ransom in exchange for the decryption
key.
Objective: To extort money from individuals or organizations by locking them out of their own data.
These attack types highlight the diverse range of threats that network security measures aim to defend
against. Organizations must implement comprehensive security strategies to protect against these threats
effectively.

SSH KEYS

SSH (Secure Shell) keys are a pair of cryptographic keys used for secure communication between a client
and a server. SSH keys provide a secure way to authenticate and establish encrypted connections over a
network, such as the internet. SSH keys are commonly used for remote login, file transfers, and other
secure network services.
Here's a brief overview of SSH keys and how they work:
1. Key Pair: SSH keys consist of two parts: a private key and a public key. These keys are
mathematically related, but they serve different purposes.
 Private Key: The private key is kept secret and should never be shared with anyone. It is
used to authenticate the user or client to the server. Whoever possesses the private key
can prove their identity to the server.
 Public Key: The public key is shared with the server or other users. It can be freely
distributed. The public key is used by the server to verify the client's identity. If the server
can successfully verify the client's identity using the public key, it allows access.
2. Key Pair Generation: SSH key pairs are typically generated using key generation tools.
Common algorithms used for SSH keys include RSA, DSA, and ECDSA. The key pair is
generated on the client machine, and the private key is securely stored there.
3. Authentication: When a user attempts to log in to a remote server or perform other secure
actions, the client presents its public key to the server. The server checks whether the
 corresponding public key is authorized for that user. If authorized, the server sends a challenge to
the client, which is signed with the private key. If the server can verify the signature using the
stored public key, the client is authenticated and granted access.
4. Security Benefits:
 SSH keys are more secure than traditional password-based authentication because they
are resistant to brute-force attacks.
 They allow for automated, secure, and passwordless logins, making them suitable for
scripts and automated processes.
 SSH keys can be protected with a passphrase, adding an extra layer of security. This
means that even if someone gains access to the private key file, they would still need to
know the passphrase to use it.
5. Key Management: Proper key management is essential. Private keys should be kept secure and
never shared. Public keys should be distributed to the servers or users where authentication is
required.
SSH keys are widely used in various IT and DevOps scenarios for secure access to servers, version
control systems, and other networked resources. They are a fundamental component of secure
communication in many organizations and are considered a best practice for remote access and
automation.

Q.) Which of the following options is correct based on the below statements?
Statement I : SSH keys can be used to hide backdoors.
Statement II : SSH keys are changed on regular basis.
Statement II: SSH keys cannot be kept offline.
Statement IV : SSh keys replaced the insecure .rhosts authentication that was vulnerable to active
network-level attacks.
A. Except Statement III, all are true
B. Only I and IV are true
C. All Statements are true
D. Except Statement II, all are false

Answer: C

Q). Which of the following is/are the applications of ssh-keygen?

A. Authenticating hosts
B. All of the mentioned options
C. Single sign-on
D. Automated logins
Answer: B

Distributed Coordination:
Imagine you have a group of people working together on a project. Each person has a specific task, and
they need to communicate and coordinate their actions to get the job done smoothly. Distributed
coordination in computer science is similar. It's about making sure that different parts of a computer
system work together efficiently.
In a computer system, there can be multiple components like servers, databases, and software
applications, and they need to cooperate to complete tasks. Distributed coordination helps them do that by
managing things like who gets to use shared resources, who can access data, and when different parts
should perform their tasks. It's like ensuring everyone in the group knows what they're doing and doesn't
interfere with each other.
One common example of distributed coordination is in distributed databases, where data is stored in
different locations, and the system needs to ensure that updates happen in the correct order and that no
one overwrites someone else's changes.
Point Coordination Function (PCF):
Now, let's talk about the Point Coordination Function (PCF), which is a concept often associated with
wireless networks, especially Wi-Fi.
Think of a Wi-Fi network as a busy radio station. Many devices, like smartphones and laptops, want to
talk to the radio station (access point) and share their information (data). To avoid everyone talking at
once and causing interference (like everyone talking over each other on the radio), we need a way to
manage who gets to transmit data when.
The PCF in a Wi-Fi network is like the traffic cop or the radio station DJ. It decides which device gets to
"speak" on the network at any given time. It takes turns, allowing one device to send data, then another,
and so on. This way, there's order and fairness in how devices access the network.
The PCF is responsible for making sure data is sent and received efficiently, without collisions or chaos.
It helps organize the "conversation" among devices in a way that prevents data from getting lost or
garbled.
So, in simple terms, distributed coordination is like teamwork among different parts of a computer
system, and the Point Coordination Function in Wi-Fi networks is like the traffic cop making sure devices
take turns talking on the network to avoid chaos and interference.

Q). Which of the following function for collision avoidance before transmission is optional?
A. both Distributed Coordination Function and Point Coordination Function
B. Point Coordination Function
C. None of the mentioned options
D. Distributed Coordination Function
Answer: B