Unit 10: Network Security: 2.

Signing Algorithms: To create a digital signature, signing algorithms like email

10.1 Cryptography, Digital signature: programs create a one-way hash of the electronic data which is to be signed. The
signing algorithm then encrypts the hash value using the private key (signature key).
Cryptography:
This encrypted hash along with other information like the hashing algorithm is the
Cryptography is technique of securing information and communications through use of
digital signature. This digital signature is appended with the data and sent to the
codes so that only those people for whom the information is intended can understand it and
verifier. The reason for encrypting the hash instead of the entire message or
process it. Thus, preventing unauthorized access to information. The prefix “crypt” means
document is that a hash function converts any arbitrary input into a much shorter
“hidden” and suffix graph means “writing”.
fixed length value. These saves time as now instead of signing a long message a
Features of Cryptography are as follows:
shorter hash value has to be signed and moreover hashing is much faster than signing.
1. Confidentiality:
3. Signature Verification Algorithms: Verifier receives Digital Signature along with
Information can only be accessed by the person for whom it is intended and no other
the data. It then uses Verification algorithm to process on the digital signature and the
person except him can access it.
public key (verification key) and generates some value. It also applies the same hash
2. Integrity:
function on the received data and generates a hash value. Then the hash value and the
Information cannot be modified in storage or transition between sender and intended
output of the verification algorithm are compared. If they both are equal, then the
receiver without any addition to information being detected.
digital signature is valid else it is invalid.
3. Non-repudiation:
The creator/sender of information cannot deny his or her intention to send 10.2 Firewalls:
information at later stage. A firewall is a network security device, either hardware or software-based, which monitors
4. Authentication: all incoming and outgoing traffic and based on a defined set of security rules it accepts,
The identities of sender and receiver are confirmed. As well as destination/origin of rejects or drops that specific traffic.
information is confirmed. Accept: allow the traffic
Types of Cryptography: Reject: block the traffic but reply with an “unreachable error”
In general there are three types of cryptography: Drop: block the traffic with no reply
1. Symmetric Key Cryptography: A firewall establishes a barrier between secured internal networks and outside untrusted
It is an encryption system where the sender and receiver of message use a single network, such as the Internet.
common key to encrypt and decrypt messages. Symmetric Key Systems are faster
and simpler but the problem is that sender and receiver have to somehow exchange
key in a secure manner. The most popular symmetric key cryptography system is
Data Encryption System (DES).
2. Hash Functions:
There is no usage of any key in this algorithm. A hash value with fixed length is
calculated as per the plain text which makes it impossible for contents of plain text to
be recovered. Many operating systems use hash functions to encrypt passwords.
3. Asymmetric Key Cryptography: Types of Firewall
Under this system a pair of keys is used to encrypt and decrypt information. A public Firewalls are generally of two types: Host-based and Network-based.
key is used for encryption and a private key is used for decryption. Public key and 1. Host- based Firewalls: Host-based firewall is installed on each network node which
Private Key are different. Even if the public key is known by everyone the intended controls each incoming and outgoing packet. It is a software application or suite of
receiver can only decode it because he alone knows the private key. applications, comes as a part of the operating system. Host-based firewalls are
Digital signature: needed because network firewalls cannot provide protection inside a trusted network.
A digital signature is a mathematical technique used to validate the authenticity and Host firewall protects each host from attacks and unauthorized access.
integrity of a message, software or digital document. 2. Network-based Firewalls: Network firewall function on network level. In other
1. Key Generation Algorithms: Digital signature are electronic signatures, which words, these firewalls filter all incoming and outgoing traffic across the network. It
assures that the message was sent by a particular sender. While performing digital protects the internal network by filtering the traffic using rules defined on the
transactions authenticity and integrity should be assured, otherwise the data can be firewall. A Network firewall might have two or more network interface cards (NICs).
altered or someone can also act as if he was the sender and expect a reply. A network-based firewall is usually a dedicated system with proprietary software
installed.
10.3 Virtual private network: address. That logical IP address sticks to the mobile device no matter where it may
VPN stands for virtual private network. A virtual private network (VPN) is a technology roam. An effective mobile VPN provides continuous service to users and can seamlessly
that creates a safe and encrypted connection over a less secure network, such as the switch across access technologies and multiple public and private networks.
internet. Virtual Private network is a way to extend a private network using a public Hardware VPN
network such as internet. The name only suggests that it is Virtual “private network” i.e. Hardware VPNs offer a number of advantages over the software-based VPN. In addition to
user can be the part of local network sitting at a remote location. It makes use of tunneling enhanced security, hardware VPNs can provide load balancing to handle large client loads.
protocols to establish a secure connection. Administration is managed through a Web browser interface. A hardware VPN is more
Features of Virtual Private Network expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic
1. VPN ensures security by providing an encrypted tunnel between client and VPN server. option for large businesses than for small businesses or branch offices. Several vendors,
2. VPN is used to bypass many blocked sites. including Irish vendor InvizBox, offer devices that can function as hardware VPNs.
3. VPN facilitates Anonymous browsing by hiding your IP address.
4. Also, most appropriate Search Engine Optimization (SEO) is done by analyzing the
data from VPN providers which provide country wise stats of browsing a particular
product. This method of SEO is used widely my many internet marketing managers to
form new strategies.
VPN protocols
VPN protocols ensure an appropriate level of security to connected systems when the
underlying network infrastructure alone cannot provide it. There are several different
protocols used to secure and encrypt users and corporate data. They include:
 IP security (IPsec)
 Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
 Point-To-Point Tunneling Protocol (PPTP)
 Layer 2 Tunneling Protocol (L2TP)
 OpenVPN
Types of VPNs
Network administrators have several options when it comes to deploying a VPN. They
include:
Remote access VPN
Remote access VPN clients connect to a VPN gateway server on the organization's
network. The gateway requires the device to authenticate its identity before granting access
to internal network resources such as file servers, printers and intranets. This type of VPN
usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the
connection.
Site-to-site VPN
In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one
location to a network in another location. End-node devices in the remote location do not
need VPN clients because the gateway handles the connection. Most site-to-site VPNs
connecting over the internet use IPsec. It is also common for them to use
carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs.
Here, too, it is possible to have either Layer 3 connectivity (MPLS IP VPN) or Layer 2
(virtual private LAN service) running across the base transport.
Mobile VPN
In a mobile VPN, a VPN server still sits at the edge of the company network, enabling
secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are
not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP