UNIT-2

FUD
Fear, Uncertainty, and Doubt are the most motivating factors to change behavior. FUD is generally
a strategic attempt to influence public perception by disseminating negative and dubious/false
information designed to undermine the credibility of their beliefs. FUD is an intended tactic of
rhetoric and error, which was initially used in sales and marketing, especially in advanced
technologies to discourage customers to consider competition products
The F.U.D. [fear, uncertainty and doubts] is based on disinformation used, among others, in sales,
marketing, politics, or broadly understood propaganda. The goal of the strategy is to influence
perception by distributing negative ones and questionable or false information about the
competition / opponent, etc.

OSI MODEL
The OSI Model or the Open Systems Interconnection Model is a conceptual framework which
describes the functions of a networking system. It is used for the transfer of data over which

 In the 1970s the OSI Model was proposed and in the year 1984, it was published by the
International Organisation of Standardization (ISO)
 Using this model, troubleshooting has become easier as the error can be detected at
different levels
 This also helps in understanding the relationship and function of the software and
hardware of a computer network
 The concept that the OSI Model should be a seven-layer structure, was proposed by
Charles Bachman at Honeywell Information Systems
 The model initially did gain much popularity as it could not support the Internet protocol
suite which was not acceptable to a lot of IT Companies
 The seven layers of the structure are divided into two part: the upper layer or the host
layer and lower layer or the media layer
 l

The OSI model is divided into two layers: upper layers and lower layers.
The upper layer of the OSI model mainly deals with the application related issues, and they
are implemented only in the software. The application layer is closest to the end user. Both
the end user and the application layer interact with the software applications. An upper
layer refers to the layer just above another layer.
The lower layer of the OSI model deals with the data transport issues. The data link layer
and the physical layer are implemented in hardware and software. The physical layer is the
lowest layer of the OSI model and is closest to the physical medium. The physical layer is
mainly responsible for placing the information on the physical medium.

7 Layers of OSI Model

There are the seven OSI layers. Each layer has different functions. A list of seven layers are given
below:
1. Physical Layer
2. Data-Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer
1. Physical Layer
 It is the bottom-most or the first layer of the OSI Model
 It comprises the raw data which is further transmitted to the higher layers of the structure
 Preparing the physical devices in the network and accepting the received data for
transmission
 The termination of connection between two nodes of a network also takes place at this
stage
 This layer converts the digital bits into electrical, radio, or optical signals
2. Data Link Layer

 Access to get the data is achieved at this layer

 It breaks the input data into frames which makes analysing the data easier
 Ensures that the data received is free of any errors
 It controls the flow of data in the stipulated time duration and along with a set speed of
transmission
 The data is sent to the next layer in the form of packets which are then reviewed for
further processing
 Functions of the Data-link layer
o Framing: The data link layer translates the physical's raw bit stream into packets known as
Frames. The Data link layer adds the header and trailer to the frame. The header which is
added to the frame contains the hardware destination and source address.

o Physical Addressing: The Data link layer adds a header to the frame that contains a
destination address. The frame is transmitted to the destination address mentioned in the
header.
o Flow Control: Flow control is the main functionality of the Data-link layer. It is the
technique through which the constant data rate is maintained on both the sides so that no
data get corrupted. It ensures that the transmitting station such as a server with higher
processing speed does not exceed the receiving station, with lower processing speed.
o Error Control: Error control is achieved by adding a calculated value CRC (Cyclic
Redundancy Check) that is placed to the Data link layer's trailer which is added to the
message frame before it is sent to the physical layer. If any error seems to occurr, then the
receiver sends the acknowledgment for the retransmission of the corrupted frames.
o Access Control: When two or more devices are connected to the same communication
channel, then the data link layer protocols are used to determine which device has control
over the link at a given time.

3. Network Layer

 It acts as a network controller

 Transferring of variable data from one node to another, connected in a network, takes
place at this layer
 Each node has a specific address and the network layer ensures that the data is sent to its
destination address
 The data is sent in the form of fragments which are then connected to each other once the
processing is done

Functions of Network Layer:

 o Internetworking: An internetworking is the main responsibility of the network layer. It
provides a logical connection between different devices.
o Addressing: A Network layer adds the source and destination address to the header of the
frame. Addressing is used to identify the device on the internet.
o Routing: Routing is the major component of the network layer, and it determines the best
optimal path out of the multiple paths from source to the destination.
o Packetizing: A Network Layer receives the packets from the upper layer and converts them
into packets. This process is known as Packetizing. It is achieved by internet protocol (IP).
4. Transport Layer

The delivery of data packets is managed by the transport layer

 It manages the flow of data, segmentation and desegmentation and error control
 There are five classes of the transport protocol, starting from 0 and continuing till 4 (TP0 to
TP4)
 Fragmentation and reassembly of data packets occur that this stage

The two protocols used in this layer are:

Transmission Control Protocol
o It is a standard protocol that allows the systems to communicate over the internet.
o It establishes and maintains a connection between hosts.
o When data is sent over the TCP connection, then the TCP protocol divides the data
into smaller units known as segments. Each segment travels over the internet using
multiple routes, and they arrive in different orders at the destination. The
transmission control protocol reorders the packets in the correct order at the
receiving end.
User Datagram Protocol
o User Datagram Protocol is a transport layer protocol.
o It is an unreliable transport protocol as in this case receiver does not send any
acknowledgment when the packet is received, the sender does not wait for any
acknowledgment. Therefore, this makes a protocol unreliable.

Functions of Transport Layer:

o Service-point addressing: Computers run several programs simultaneously due to this
reason, the transmission of data from source to the destination not only from one computer
to another computer but also from one process to another process. The transport layer
adds the header that contains the address known as a service-point address or port
address. The responsibility of the network layer is to transmit the data from one computer
to another computer and the responsibility of the transport layer is to transmit the message
to the correct process.
o Segmentation and reassembly: When the transport layer receives the message from the
upper layer, it divides the message into multiple segments, and each segment is assigned
with a sequence number that uniquely identifies each segment. When the message has
arrived at the destination, then the transport layer reassembles the message based on their
sequence numbers.
 o Connection control: Transport layer provides two services Connection-oriented service and
connectionless service. A connectionless service treats each segment as an individual
packet, and they all travel in different routes to reach the destination. A connection-
oriented service makes a connection with the transport layer at the destination machine
before delivering the packets. In connection-oriented service, all the packets travel in the
single route.
o Flow control: The transport layer also responsible for flow control but it is performed end-
to-end rather than across a single link.
o Error control: The transport layer is also responsible for Error control. Error control is
performed end-to-end rather than across the single link. The sender transport layer
ensures that message reach at the destination without any error.
5. Session Layer

 The connection between the computers connected in a network is managed at this layer
 Establishment, management and termination between the remote and local application
takes place here
 Authentication and authorisation happen at this layer
 This layer can also terminate or end any session or transmission which is complete

Functions of Session layer:

o Dialog control: Session layer acts as a dialog controller that creates a dialog between two
processes or we can say that it allows the communication between two processes which
can be either half-duplex or full-duplex.
o Synchronization: Session layer adds some checkpoints when transmitting the data in a
sequence. If some error occurs in the middle of the transmission of data, then the
transmission will take place again from the checkpoint. This process is known as
Synchronization and recovery.

6. Presentation Layer

 The data is converted into the syntax or semantics which an application understands
 Before passing on the data any further, the data is formatted at this stage
 Functions including compression, encryption, compatible character code set, etc. are also
done at this layer of the model
 It serves as a data translator for the network

Functions of Presentation layer:

o Translation: The processes in two systems exchange the information in the form of
character strings, numbers and so on. Different computers use different encoding methods,
the presentation layer handles the interoperability between the different encoding methods.
It converts the data from sender-dependent format into a common format and changes the
common format into receiver-dependent format at the receiving end.
o Encryption: Encryption is needed to maintain privacy. Encryption is a process of converting
the sender-transmitted information into another form and sends the resulting message over
the network.
o Compression: Data compression is a process of compressing the data, i.e., it reduces the
number of bits to be transmitted. Data compression is very important in multimedia such as
text, audio, video.
7. Application Layer

 The interaction with the user or the user application takes place at this stage
 When identifying communication partners, the application layer determines the identity and
availability of communication partners for an application with data to transmit

Functions of Application layer:

o File transfer, access, and management (FTAM): An application layer allows a user to access
the files in a remote computer, to retrieve the files from a computer and to manage the
files in a remote computer.
o Mail services: An application layer provides the facility for email forwarding and storage.
o Directory services: An application provides the distributed database sources and is used to
provide that global information about various objects.

INTERNET MODEL
The Internet model is that independent networks connect to one another and, all together, provide
the global Internet. All these independent networks interoperate and form an Internet by
participating in a global routing system, subject only to technical standards and agreements with
neighbors (the technical terms here are peering and transit). The magic of the Internet is that in
order to communicate between a mobile phone connected to a broadband provider in the
Netherlands and a server in a data center in Kenya, the two networks at either end of the
connection do not need a relationship with each other. The magic of the Internet is that you only
need to connect to one other network that is already connected to the Internet to become part of
the global Internet. There is no center to the Internet, nor is there a central authority forcing the
independent networks to behave in certain ways. The Internet works because the independent
networks choose to internetwork by adhering to interoperable specifications and shared
convention, and they choose to do that because the value of the sum is much greater than the
sum of the parts. Network communication adheres to a layered architecture, which is commonly
described using the Internet model.

Home and enterprise networks connect through local ISPs and the Internet backbone
 The five layers of Internet communication

The application layer consists of the logical endpoints of the communication within applications;
for instance, a web browser operating at the application layer at one end may establish a
connection to a web server running in the application layer at the other endpoint. The applications
at the two hosts cannot directly communicate. Instead, the application opens a socket, the
software endpoint for the connection. Sockets can be considered a form of message passing IPC
that is primarily used for network communication; at either end, the processes write to and read
from the socket using system calls.
The sockets provide the process with an interface to the transport layer, which is typically
implemented in the OS. The transport layer provides some key services that make the network
communication more usable to the application layer. The transport layer breaks application layer
messages—which may be large—into fixed-size data segments for delivery. The transport layer
then provides a multiplexing service, allowing all processes on a single host to share a single
network connection. Multiplexing and demultiplexing are achieved through the use of a port
number, which is an integer associated with a particular process; at each host, only a single
process can be assigned to a particular port number at a time. the amount of data sent by
applications increases, networks can experience, when there is too much traffic on a network,
often leading to delays and dropped packets. o address this problem, some transport layer
protocols, such as Transmission Control Protocol (TCP), also provide flow control and reliable
transport services. TCP is also a connection-oriented protocol, which means that the two hosts
store persistent state information between messages.
When the transport layer needs to send or receive packets, the transport layer protocol contacts
the Internet layer. The Internet layer provides the logical structure of the connections between
hosts. That is, while the transport layer provides end-to-end communication for processes on the
two hosts, the Internet layer provides point-to-point communication between the hosts and
routers.The Internet Protocol (IP) operates at this layer, associating a logical identifier—known as
an IP address—with a host or router connected to the network. Network-layer protocols define
the routing path that packets will traverse through the Internet. the router examines the intended
destination IP address and sends the packet to another router, guess for the shortest path.
The lowest layers of this model are the link and physical layers, which are typically designed and
implemented together in the hardware devices. A desktop or server may be using
the Ethernet suite of protocols to send pulses of light over a fiber optic cable. Link layer protocols
can only send packets to other devices within the same network, as they are tied closely to the
physical connection. the purpose of Ethernet is to transmit bits between two devices that are
physically connected by a cable. Thus, what looks like a single connection or hop between routers
 in the Internet layer may require traversing several point-to-point links between switches in the
link layer.

WIRELESS SECURITY PROTOCOLS

Wireless security is the practice of protecting wireless networks from unauthorized access,
eavesdropping, tampering, and other potential threats.
To protect against these threats, multiple wireless security protocols have been developed to
secure wireless communications and ensure privacy and confidentiality. Such protocols work by
implementing security measures like encryption and authentication.
 Encryption: Makes wireless communication unintelligible to anyone but those with the right
encryption keys.
 Authentication: Ensures that only those users and devices whose identities have been properly
verified can join the network.

Types of wireless security protocols

Most wireless APs come with the ability to enable one of four wireless encryption standards:
1. Wired Equivalent Privacy (WEP)
2. Wi-Fi Protected Access (WPA)
3. WPA2
4. WPA3
WEP (Wired Equivalent Privacy) is the first of Wireless Security Protocols. It has developed at
1999. It was developed to protect the wireless data between Clients and Access Points
(APs) towards hackers. At the beginning maximum 64-bit encryption was allowed WEP was
using 64-bit encryption. After the restrictions, 128-bit WEP was widely used but it has
too vulnerable to the password hacks. Cybersecurity experts detect many vulnerabilities of this
first Wireless Security Protocol. So, Wi-Fi Alliance retired it offically at 2004. World WEP (Wired
Equivalent Privacy) is not a secure protocol and it is outdated.

WPA (Wi-Fi Protected Access)

Wi-Fi Protected Access (WPA) was developed at 2003 by Wi-Fi Alliance. Because of the
vulnerabilities of WEP, a new protocol must be developed. It is done with Wi-Fi Protected Access
(WPA). The keys used by WPA were 256-bit, a significant increase over the 64 bit and 128-bit keys
used in the WEP system. . With WPA, some additional security mechanisms has
developed. “Temporal Key Integrity Protocol (TKIP)” With TKIP, key system had changed top Per-
Packet.

TKIP contained a set of the following functions to improve WLAN security:

 use of 256-bit keys;
 per-packet key mixing, which generates a unique key for each packet;
 automatic broadcast of updated keys;
 message integrity check;
 larger IV size using 48 bits; and
 mechanisms to reduce IV reuse.
One noticeable disadvantage of WPA was that since it was made for WEP-enabled devices, so
the core components were majorly the same for WPA and WEP.

WPA2
WPA2 (Wi-Fi Protected Access 2) is the second generation of the Wi-Fi Protected Access wireless
security protocol. WPA2 standard was ratified by IEEE in 2004 as 802.11i. WPA2 ensures that data
sent or received over your wireless network is encrypted, and only people with your network
password have access to it. WPA2 replaces TKIP with two stronger encryption and authentication
mechanisms:
1. Advanced Encryption Standard (AES), an encryption mechanism; and
2. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), an
authentication mechanism.
Unfortunately, like it’s predecessor, WPA2-enabled access points (usually routers) are vulnerable
to attacks through WEP.
WPA2
Pros:
 Addresses many security flaws of its predecessors
 Uses the strongest encryption method: AES
 Required by the Wi-Fi Alliance for use on all Wi-Fi certified products
 256-bit key for encryption
Cons:
 Still contains some security vulnerabilities
 Requires the most processing power.

WPA3
WPA3 (Wi-Fi Protected Access 3) is the newest wireless security protocol designed to encrypt data
using a frequent and automatic encryption type called Perfect Forward Secrecy. In 2018, Wi-Fi
Alliance began certification for WPA3, the most recent wireless security standard and the one
experts now consider the most secure. WPA3 mandates the adoption of Protected Management
Frames, which help guard against eavesdropping and forging. WPA3-Personal uses CCMP-128 and
AES-128. WPA3 addresses WPA2's KRACK vulnerability with a more secure cryptographic
handshake, replacing the PSK four-way handshake with Simultaneous Authentication of Equals
(SAE), a version of the Internet Engineering Task Force's dragonfly handshake. SAE also
eliminates the reuse of encryption keys, requiring a new code with every interaction. SAE limits
users to active, on-site authentication attempts -- flagging anyone who has exceeded a certain
number of password guesses. This capability should make the typical Wi-Fi network more resistant
to offline dictionary attacks. Wi-Fi Alliance also introduced a new protocol called Wi-Fi Easy
Connect, which simplifies the onboarding process for IoT devices that don't have visual
configuration interfaces via a mechanism such as a QR code scan. Finally, an additional feature
called Wi-Fi Enhanced Open makes connecting to public Wi-Fi networks safer by automatically
encrypting information between each client and AP using a new unique key.

CRYPTOGRAPHY
Encryption and Decryption:
Cryptography involves two phases at its most fundamental level: Encryption and Decryption.
Encryption uses a cipher to encrypt and transform the plaintext into ciphertext. On the other hand,
decryption transforms the ciphertext into plaintext by employing the same cipher.

The most popular application of cryptography when sending electronic data is encrypting and
decrypting emails and other plaintext messages. The simplest method is the " secret key" or
symmetric approach.
The secret key is used to encrypt data, and after decoding, the secret key and encoded message
are sent to the recipient. What is the problem, then? A third party is all they need to decode and
analyze the message if it is intercepted.
Cryptologists developed the asymmetric or "public key" approach to solve this issue. Each user, in
this case, has two keys: a private key and a public key. Senders request the recipient's public key
before encrypting and sending the message.
Purpose of Cryptography
Cryptography is a method of protecting information and communications through the use of codes,
so that only those for whom the information is intended can read and process it. "Crypto" indicates
"hidden," and "graphy" indicates "writing," respectively. The techniques used in cryptography to
secure data are based on mathematical principles and a set of rule-based calculations known as
algorithms . These algorithms generate cryptographic keys, create digital signatures, safeguard
data privacy, enable online browsing on the Internet.
Cryptography aims to keep data and messages private and inaccessible to possible threats or bad
actors. It frequently works invisibly to encrypt and decrypt the data you send through email, social
media, applications, and website interactions.
The process where an ordinary plain text is converted to cipher text which is the text made such
that intended receiver of the text can only decode it and hence this process is known as
encryption. The process of conversion of cipher text to plain text this is known as decryption.
Features Of Cryptography:
1. Confidentiality: Information can only be accessed by the person for whom it is intended
and no other person except him can access it.
2. Integrity: Information cannot be modified in storage or transition between sender and
intended receiver without any addition to information being detected.
3. Non-repudiation: The creator/sender of information cannot deny his intention to send
information at later stage.
4. Authentication: The identities of sender and receiver are confirmed. As well as
destination/origin of information is confirmed.
Types of Cryptography
Symmetric key Cryptography: With the encryption technique, the sender and the recipient use
the same shared key to encrypt and decrypt messages.Although symmetric key systems are
quicker and easier to use, they have the drawback of requiring a secure key exchange between
the sender and the receiver. Data Encryption System (DES) is the most widely used symmetric key
encryption method.

Hash Functions: In this algorithm, no key is used. The plain text is used to produce a hash value
that has a fixed length, making it challenging to retrieve the plain text's information. Hash
functions are widely used by operating systems to encrypt passwords.

Asymmetric Key Cryptography: This approach uses a set of keys to encrypt and decrypt data.
Public keys are used for encryption, whereas private keys are used for decryption. The Public Key
and Private Key are different from one another. Even if everyone knows the public key, only the
intended recipient may decode the message since only he can access the private key.

Cryptographic Algorithms
Cryptosystems encrypt and decrypt information using cryptographic algorithms, or ciphers, to
secure communications between computer systems, devices, and applications.
A cipher suite uses three different algorithms: one for encryption, message authentication, and key
exchange. This process, integrated into protocols and developed using software that runs on
operating systems (OS) and networked computer systems, involves:
 o Data encryption and decryption using the production of public and private keys
o To authenticate messages, use digital signature and verification
o Key exchange
o
Advantages
Access Management: Access control can use cryptography to guarantee that only individuals
with the appropriate authorizations are granted access to a resource. The resource is encrypted
and can only be accessed by those with the proper decryption key.
Secure Communication: Cryptography is essential for private communication over the Internet.
It provides safe methods for sending sensitive data like bank account numbers, passwords, and
other private information over the Internet.
Protection against attacks: Attacks like replay and man-in-the-middle attacks can be defended
against with the help of cryptography. It provides techniques for identifying and preventing these
assaults.
Compliance with legal requirements: Businesses can use cryptography to help them deal with
several legal obligations, such as data protection and privacy laws.
Applications of Cryptography
Computer passwords: Cryptography is frequently used in computer security, especially when
creating and managing passwords. When users log in, their password is hashed and contrasted
with the previously saved hash. To store them, passwords are first hashed and encrypted. This
method encrypts the passwords so that even if hackers can access the password database, they
can't comprehend the passwords.
Digital Currencies: Cryptography is also used by digital currencies like Bitcoin to secure
transactions and prevent fraud. Since advanced algorithms and cryptographic keys safeguard
transactions, tampering with or creating fake transactions is practically impossible.
Secure web browsing: Cryptography protects users from eavesdropping in on their
conversations and man-in-the-middle attacks and provides online browsing security. The Secure
Sockets Layer (SSL) and Transport Layer Security (TLS) protocols use public key cryptography to
encrypt data between the web server and the client, creating a secure communication channel.
Digital signatures: Digital signatures are used to sign papers and act as the handwritten
signature's digital copy. Cryptography is used to create digital signatures, and public key
cryptography is used to verify them. Digital signatures are becoming more widely used, and many
countries have laws that make them legally binding.
Authentication: When logging into a computer, cryptography is employed as the authentication
method, for example, a bank account or a secure network. The authentication protocols use
cryptographic techniques to validate the user's identity and possession of the necessary access
privileges to the resource.
Cryptocurrencies: Cryptocurrencies like Bitcoin and Ethereum largely rely on cryptography to
protect transactions, prevent fraud, and uphold the integrity of the network. Transactions are
protected by complicated algorithms and cryptographic keys, making it nearly impossible to tamper
with or fake transactions.
End-to-End Encryption: Email, instant messages, and video chats are all examples of two-way
communications protected by end-to-end encryption. Even if a message is encrypted, this
guarantees that only the intended recipients can decode it. End-to-end encryption is frequently
employed in messaging apps like WhatsApp and Signal, offering users high protection and
anonymity.
TLS/SSL
SSL and TLS are both cryptographic protocols used to increase security by encrypting
communication over computer networks. SSL stands for Secure Sockets Layer.TLS stands for
Transport Layer Security. TLS is the successor of SSL 3.0. While the term SSL is still dominant,
most people actually mean TLS when they talk about SSL because the public versions of SSL have
long been deprecated. So today there is no longer just one SSL certificate or one TLS certificate. In
fact, all "SSL certificates" are actually SSL TLS certificates. SSL TLS can be used for a variety of
applications including securing data over:

 HTTPS,
 FTPS,
 SMTP, etc.
A cryptographic protocol must adhere to certain requirements in order to be deemed secure.
SSL and TLS properties:

 The connection is private due to encryption.

 The identity of the peer can be authenticated using public key cryptography.
 Each message transmitted includes a message integrity check to ensure the connection is
reliable.

How does SSL TLS encryption work

There are a number of steps involved in establishing a secure SSL TLS connection. To demonstrate
how SSL/TLS connections work.

1. Client Hello. The client sends information along with a set of options to the server
regarding SSL communication (SSL version number, cipher settings, etc).
2. Server Hello. The server makes a decision and provides it back to the client based on the
options provided.
3. Server Key Exchange. The server provides information to the client regarding the
session key as well as its public key.
4. Client Key Exchange. The client authenticates the server's certificate and confirms the
server's selected encryption algorithm.
5. Client/Server Begin Secure Communications. Both the client and server confirm that
all subsequent communications will be encrypted.

Benefits of SSL TLS

There are a variety of benefits associated with securing connections using SSL/TLS. A few
examples of these benefits include the following:

 Improves security. By transmitting information over an encrypted connection between

the client and the server, this makes it much harder for anyone to "listen in" on the
communication between both parties. This is especially important when dealing with the
transfer of secure information such as credit cards.
 Instills trust. Related to the previous benefit, using an SSL TLS connection also helps
instill trust in your site's visitors. Seeing that a website is using SSL/TLS gives visitors who
log in to your site a sense of security. Furthermore, an SSL/TLS certificate is required in
order for customers to make a credit card purchase on a website. Read more about why
you should be establishing SSL trust for your business.
  Easily deployed. Traditionally, SSL certificates are purchased from a certificate authority
for a given time period. In the case of using SSL on a website, this certificate would be
uploaded to your server and thus provide a secure connection for visitors. However, Let's
Encrypt now offers SSL certificates for free which can be deployed directly from your
server. KeyCDN also offers a Let's Encrypt integration to secure the connection from our
edge servers to your visitors.
 Ability to use HTTP/2. HTTP/2 is the second major update to the HTTP protocol. It
offers many improvements over it's predecessor such as the use of header compression,
one connection for parallelism, is fully multiplexed, etc. Currently no browsers support
HTTP/2 unencrypted, therefore through installing an SSL certificate, you have the
opportunity to take advantage of the benefits of HTTP/2 given that your server supports it.

Difference between SSL) and (TLS)

SSL TLS

1
SSL stands for Secure Socket Layer. TLS stands for Transport Layer Security.

2 SSL (Secure Socket Layer) supports TLS (Transport Layer Security) does not
the Fortezza algorithm. support the Fortezza algorithm.

3 TLS (Transport Layer Security) is the 1.0

SSL (Secure Socket Layer) is the 3.0 version. version.
In TLS(Transport Layer Security), a Pseudo-
4 In SSL( Secure Socket Layer), the Message random function is used to create a master
digest is used to create a master secret. secret.
In TLS(Transport Layer Security), Hashed
5 In SSL( Secure Socket Layer), the Message Message Authentication Code protocol is
Authentication Code protocol is used. used.

6 SSL (Secure Socket Layer) is more complex

than TLS(Transport Layer Security). TLS (Transport Layer Security) is simple.

7 SSL (Secure Socket Layer) is less secured as TLS (Transport Layer Security) provides high
compared to TLS(Transport Layer Security). security.

8 TLS is highly reliable and upgraded. It

SSL is less reliable and slower. provides less latency.

9
SSL has been depreciated. TLS is still widely used.

10 TLS uses protocol to set up implicit

SSL uses port to set up explicit connection. connection.

SECURE SHELL PROTOCOLS

SSH stands for Secure Shell or Secure Socket Shell. It is a cryptographic network protocol that
allows two computers to communicate and share the data over an insecure network such as the
internet. It is used to login to a remote server to execute commands and data transfer from one
machine to another machine.
SSH communication security Ltd created the SSH protocol to provide safe communication with a
distant system.
Secure communication encrypts communication with a public key across an unsecure channel and
uses a strong password authentication. It replaces unprotected remote login protocols like
TELNET, rlogin, rsh, and others, as well as insecure file transfer protocols like FTP.
Its security characteristics are commonly utilised by network administrators for remote
management of systems and applications.
The SSH protocol protects a network against DNS spoofing, IP source routing, and IP spoofing
attacks.
How SSH protects communications:
1.Before SSH

2. After SSH:
Use of SSH Protocol:
1. It offers users safe access and automates procedures.
2. It is a simple and safe method of transferring files from one machine to another over an
unsecured network.
3. It also gives users remote instructions.
4. It assists users in managing network infrastructure as well as other important system
components.
5. It is used to log in to shell on a remote system (Host), replacing Telnet and rlogin, and to run a
single command on the host, replacing rsh.
6. It works in tandem with the rsync software to backup, copy, and mirror files securely and
efficiently.
7. It is capable of forwarding a port.
8. We can use SSH to automate the login to a remote server, such as OpenSSH.
9. We can safely access the web using the SSH client’s encrypted proxy connection, which
supports the SOCKS protocol.
Working of SSH:

The SSH protocol operates on a client-server basis, which means it links a secure shell client
programme (End where the session is shown) to the SSH server (End where session executes). It
was designed to replace insecure login protocols such as Telnet and rlogin, and so fulfils the same
job.
The command used to initiate an SSH connection is: ssh username@sshserver.com
The architecture of SSH Protocol
The SSH architecture is made-up of three well-separated layers. These layers are:
1. Transport Layer
2. User-authentication layer
3. Connection Layer
The SSH protocol architecture is an open architecture; hence it provides great flexibility and
enables SSH use for many other purposes instead of only a secure shell. In the architecture, the
transport layer is similar to the transport layer security (TLS). The User-authentication layer can be
used with the custom authentication methods, and the connection layer allows multiplexing
different secondary sessions into a single SSH connection.
Transport Layer
The transport layer is the top layer of the TCP/IP protocol suite. For SSH-2, this layer is responsible
for handling initial key exchange, server authentication, set up encryption, compression, and
integrity verification. It works as an interface for sending and receiving plaintext packets with sizes
up to 32, 768bytes.
User authentication Layer
As its name suggests, the user authentication layer is responsible for handling client authentication
and provides various authentication methods. The authentication is done at the client-side; hence
when a prompt occurs for a password, it usually for an SSH client rather than a server, and the
server responds to these authentications.
This layer includes various methods of authentication; these methods are:
o Password: Password authentication is a straightforward way of authentication. It includes
the feature to change the password for easy access. But it is not used by all the
applications.
o Public-key: The public-key is a public key-based authentication method, which supports
DSA, ECDSA, or RSA keypairs.
o Keyboard-interactive: It is one of the versatile authentication methods. In this, the
server sends a prompt to enter information & the client sends it back with keyed-in
responses by the user. It is used to provide a one-time password or OTP authentication.
o GSSAPI: In this method, the authentication is performed by external methods such as
Kerberos 5 or NTLM, which provide the single sign-on capability to SSH sessions.
Connection Layer
The connection layer defines various channels through which SSH services are provided. It defines
the concept of channels, channel requests, and global requests. One SSH connection can host
different channels simultaneously and can also transfer data in both directions simultaneously.
Channel requests are used in the connection layer to relay out-of-band channel-specific data, for
example, the altered size of a terminal window or the exit code of a server-side process. The
standard channel types of connection layer are:
o shell: It is used for terminal shells, SFTP, and exec requests.
o direct-tcpip: It is used for the client-to-server forwarded connections.
o forwarded-tcpip: It is used for the server-to-client forwarded connections.

Generally, Terminal is any device that terminates a communication channel. The terminal is the
device you use to interact with your computer system. In computer terminology, a terminal is an
input/output (I/O) device, usually consisting of a keyboard and monitor, that acts as a front end
for a mainframe, terminal server, or other back-end processing device.

TERMINAL ACCESS AND FILE TRANSFER

To access an Evolute Terminal and perform file transfers, you can follow these general steps:
Connect to the Terminal: Ensure that you have the necessary credentials (username and
password) to access the Evolute Terminal. You may need SSH (Secure Shell) access or a similar
method provided by your hosting or server provider.
SSH Access: If SSH access is required, you can use a terminal emulator program like PuTTY
(Windows) or the built-in Terminal (Linux/macOS). Use the following command to connect:
ssh username@hostname_or_IP
Replace username with your username, and hostname_or_IP with the server's hostname or IP
address.
File Transfer: For file transfer, you can use SCP (Secure Copy Protocol) or SFTP (SSH File
Transfer Protocol). Here are examples for both:
SCP: To copy a local file to the remote server, use a command like this:
scp /path/to/local/file username@hostname_or_IP:/path/to/remote/destination
To copy a file from the server to your local machine:
scp username@hostname_or_IP:/path/to/remote/file /path/to/local/destination
SFTP: You can use SFTP by typing sftp username@hostname_or_IP in your terminal. This
opens an SFTP session, and you can use commands like put to upload files and get to download
files.
File Management: Once connected, you can navigate the remote file system, create, delete, or
move files and directories, depending on your permissions.
Disconnect: After you're done, make sure to disconnect from the Evolute Terminal to secure your
connection:
Exit
Remember to replace username, hostname_or_IP, and file paths with your specific
information. Additionally, ensure that you have the necessary permissions and access rights on the
remote server for file transfers.

PORT FORWARDING IN A WORD OF CAUTION

Port forwarding can be a powerful tool for routing network traffic, but it comes with risks. Here are
some words of caution when considering port forwarding:
Security Risks: Port forwarding can expose your network or devices to potential security threats.
Opening ports without proper security measures can make your network vulnerable to attacks and
unauthorized access.
Only Forward What's Necessary: Avoid forwarding all ports or using wide port ranges. Only
open the ports that are required for specific applications or services, and close them when they are
no longer needed.
Use Strong Passwords: If you're accessing a device or service behind a forwarded port, make
sure to use strong, unique passwords. Weak or default passwords can be exploited by attackers.
Regularly Update and Patch: Keep your devices and services up to date with the latest security
patches and updates. Vulnerabilities in software can be targeted by attackers.
Monitor and Log: Regularly check logs and monitor network traffic for unusual activity. This can
help you detect and respond to potential threats in a timely manner.
Consider Alternatives: If possible, consider using VPNs (Virtual Private Networks) or other
secure methods for remote access instead of exposing ports directly. VPNs provide an additional
layer of security.
Router Settings: Configure your router's port forwarding settings carefully. Ensure that you
understand the options and the impact they have on your network's security.
Regularly Review Port Forwarding Rules: Periodically review and audit your port forwarding
rules. Remove any rules that are no longer necessary.
Limit Access: If you're forwarding ports for remote access, restrict access to only trusted IP
addresses or ranges. This reduces the potential attack surface.
Backup and Restore: Before making significant changes to port forwarding or router settings,
create backups of your router configurations so that you can restore them in case of issues.
In summary, while port forwarding can be useful, it should be done with caution and a focus on
security. Always prioritize the security of your network and devices when configuring port
forwarding rules.
MAN-IN-THE-MIDDLE ATTACK IN SSL/TLS AND SSH
A Man-in-the-Middle (MitM) attack is a cybersecurity threat where an attacker intercepts
communication between two parties, often without their knowledge, and can potentially eavesdrop
on or manipulate the data being transmitted. MitM attacks can occur in both SSL/TLS (Secure
Sockets Layer/Transport Layer Security) and SSH (Secure Shell) protocols. Here's how they can be
executed in each of these protocols:
SSL/TLS (HTTPS):
Interception: An attacker positions themselves between the client and the server during the
initial handshake of the SSL/TLS connection. This can be achieved by various means, including
ARP spoofing, DNS spoofing, or compromising a network device.
SSL/TLS Handshake: The attacker intercepts the initial SSL/TLS handshake messages between
the client and the server. During this handshake, they may impersonate the server to the client
and the client to the server.
Certificate Forgery: The attacker may present a forged SSL/TLS certificate to the client, which
appears to be valid but is issued by a different entity (the attacker) instead of the legitimate
certificate authority (CA).
Decryption or Data Manipulation: With the intercepted SSL/TLS traffic, the attacker can
decrypt the data sent between the client and server. They can also modify or inject malicious
content into the communication.
SSH:
Interception: Similar to SSL/TLS MitM attacks, in SSH MitM attacks, the attacker intercepts the
initial connection setup between the SSH client and server.
Host Key Impersonation: The attacker may impersonate the SSH server by presenting a
fraudulent host key to the SSH client. The client may accept the bogus key if it hasn't previously
stored the legitimate key.
Passive Eavesdropping: Once in the middle of the connection, the attacker can passively
eavesdrop on the SSH session, potentially capturing sensitive information, such as login
credentials.
Active Manipulation: In some cases, the attacker may actively manipulate the SSH session,
injecting malicious commands or altering the transmitted data.
To defend against MitM attacks in both SSL/TLS and SSH:
Use Certificates and Keys: Ensure that you only accept SSL/TLS certificates and SSH host keys
from trusted sources. Keep your certificate authorities (CAs) and SSH host keys secure.
Verify Certificates and Fingerprints: Manually verify SSL/TLS certificates and SSH host key
fingerprints to detect any anomalies or changes.
Use VPNs or Encrypted Tunnels: Establish a VPN (Virtual Private Network) or encrypted tunnel
before connecting via SSH or browsing with SSL/TLS. This can provide an additional layer of
security.
Regularly Monitor and Audit: Continuously monitor your network for suspicious activity and
regularly audit your SSL/TLS and SSH configurations.
MitM attacks can be highly sophisticated, so it's crucial to stay vigilant and adopt best practices for
securing your communications over these protocols.

WIRELESS TRANSPORT LAYER SECURITY (WTLS)

Wireless Transport Layer Security (WTLS) is a security protocol specifically designed for securing
wireless communications in mobile and embedded devices. WTLS is a variation of the well-known
Transport Layer Security (TLS) protocol, which is used to secure data transmission over the
internet.
Here are some key points about WTLS:
Purpose: WTLS was developed to address the unique security challenges presented by wireless
networks, particularly those with lower bandwidth and higher latency, as well as the limitations of
mobile and embedded devices.
Security Features: WTLS provides authentication, data integrity, and confidentiality for data
exchanged between a mobile device and a server over a wireless connection. It uses encryption to
protect data in transit.
Cipher Suites: WTLS supports a subset of the cipher suites found in TLS. These cipher suites
specify the cryptographic algorithms and key exchange mechanisms used to secure the
communication.
Certificates: Just like TLS, WTLS can use X.509 digital certificates for server authentication.
Mobile devices can verify the authenticity of a server's certificate to ensure they are connecting to
the correct server.
Session Resumption: WTLS supports session resumption to minimize the overhead associated
with establishing secure connections, which is important for devices with limited processing power
and battery life.
Error Handling: WTLS includes mechanisms for dealing with the unique challenges of wireless
networks, such as reordering of packets and network disruptions. It can handle these issues while
maintaining the security of the connection.
Deprecated: It's important to note that WTLS is considered outdated, and its usage has
significantly declined with the widespread adoption of more modern security protocols like TLS 1.2
and TLS 1.3. These newer protocols are designed to provide improved security and efficiency and
are used in both wireless and wired network scenarios.
Transition to TLS: Organizations and services that were once reliant on WTLS have generally
migrated to using standard TLS for security in wireless communications due to its broader support
and better security features.
IEEE 802.1X
IEEE 802.1X is a network authentication protocol used to enhance network security, particularly in
wired and wireless LANs (Local Area Networks). It provides a framework for authenticating and
authorizing devices before they are granted access to the network. Here are key points about
802.1X:
Authentication: 802.1X primarily focuses on device authentication. It ensures that devices
connecting to a network are legitimate and authorized. Common authentication methods include
username/password, digital certificates, and other forms of credentials.
Port-Based Control: In 802.1X, network ports (both physical and virtual) are treated as points of
entry. These ports are initially in a "closed" state, preventing data traffic. They are only opened for
devices that successfully authenticate.
Supplicant, Authenticator, and Authentication Server: The key components of an 802.1X
network are the supplicant (the device trying to connect), the authenticator (the network device
controlling access, like a switch or wireless access point), and the authentication server (which
validates the supplicant's credentials).
EAP (Extensible Authentication Protocol): 802.1X often uses EAP to encapsulate the
authentication process. EAP allows for various authentication methods, making it flexible and
suitable for different network environments. Examples of EAP methods include EAP-TLS, EAP-
PEAP, and EAP-MD5.
Dynamic VLAN Assignment: 802.1X can be used to dynamically assign VLANs (Virtual LANs) to
authenticated devices. This enables network segmentation and helps isolate devices based on their
roles or security levels.
Enhanced Security: By ensuring that only authorized devices can access the network, 802.1X
enhances network security. It helps protect against unauthorized access and potential threats
posed by rogue devices.
Guest Network Access: 802.1X can also be used to provide secure guest network access.
Guests can be authenticated and isolated from the main network to prevent unauthorized access
to sensitive resources.
Common Use Cases: 802.1X is commonly used in enterprise environments, educational
institutions, and any setting where network security is a top priority. It's often employed in
conjunction with WPA2/WPA3 for securing wireless networks.
802.1X and Wired and Wireless Networks: While 802.1X is often associated with wireless
networks (Wi-Fi), it can also be applied to wired Ethernet connections. In wired scenarios, it's
typically used to control access to Ethernet ports on switches.
Compatibility: Most modern network equipment and operating systems support 802.1X, making
it a widely adopted and effective security measure.
IP SECURITY
IPsec, which stands for Internet Protocol Security, is a suite of protocols and technologies used to
secure and encrypt communication over IP networks. It's commonly used to provide secure data
transmission over the internet, private networks, and virtual private networks (VPNs). Here are key
aspects of IPsec:
Security Services: IPsec offers various security services, including confidentiality (encryption),
data integrity (ensuring data is not tampered with during transmission), and authentication
(verifying the identity of communicating parties).
Two Main Protocols: IPsec consists of two main protocols: Authentication Header (AH) and
Encapsulating Security Payload (ESP). AH provides authentication and integrity protection, while
ESP provides encryption and optional authentication and integrity protection.
Modes of Operation: IPsec can operate in two modes: Transport mode and Tunnel mode.
Transport Mode: In this mode, only the payload (actual data) of the IP packet is encrypted
and/or authenticated. The header information remains intact.
Tunnel Mode: In tunnel mode, the entire original IP packet, including the header, is encrypted
and/or authenticated. The entire packet is then encapsulated within a new IP packet.
Security Associations (SAs): IPsec uses SAs to manage security parameters such as keys,
encryption algorithms, and authentication methods for secure communication between two
devices. Each SA is identified by a Security Parameter Index (SPI).
Key Management: Key management is a critical aspect of IPsec. It involves generating,
distributing, and managing encryption keys and authentication credentials between communicating
parties. There are several methods for key management, including manual keying and automated
protocols like Internet Key Exchange (IKE).
Authentication Methods: IPsec supports various authentication methods, including pre-shared
keys (PSKs), digital certificates, and public key infrastructure (PKI) for verifying the identity of
devices or users.
Use Cases:
Site-to-Site VPNs: IPsec is commonly used to establish secure connections between remote
offices or networks over the internet.
Remote Access VPNs: It's used for secure access to corporate networks for remote workers.
Host-to-Host Communication: IPsec can be used to secure communication between individual
devices or hosts.
Protocols Compatibility: IPsec is a standardized protocol suite supported by many operating
systems and network devices, making it versatile for cross-platform deployments.
Security Policies: Administrators can define security policies that determine which traffic should
be protected by IPsec, what level of security is applied, and which authentication and encryption
methods are used.
IPsec and IPv4/IPv6: IPsec can work with both IPv4 and IPv6 networks, ensuring that it's
adaptable to modern network environments.