Computer Networks

UNIT-6
Security

 Introduc on: -
 Any ac on intended to safeguard the integrity and usefulness of your data
and network is known as network security.
 In other words, Network security is defined as the ac vity created to protect
the integrity of your network and data.

 Security services/Key Principles of security: -

 The processing or communica on service that is provided by a system to give
specific kind of protec on to system resources, security services implement
security policies and are implemented by security mechanisms.

1. Message Authen ca on: - Ensures that the message has not been altered
during transmission. This can be achieved through passwords, biometric
authen ca on, or digital cer ficates. Example: A Message Authen ca on
Code (MAC) appended to a file ensures it was not tampered with during
transfer.
 Computer Networks

2. En ty Authen ca on: Confirms the iden ty of a person or device, ensuring

they are who they claim to be. Example: Logging into a website using
creden als like a username and password or biometric verifica on.
3. Confiden ality: - It Keeps data private from unauthorized access. It Ensures
that informa on is accessible only to authorized individuals. Example: HTTPS
encrypts data during transmission so a ackers can't intercept sensi ve
informa on like passwords.
4. Integrity: - It ensures data isn't altered maliciously or accidentally. Example:
File downloads use checksums (like MD5) to verify that the file wasn't
corrupted.
5. Non-repudia on: - It prevents denial of ac ons or message sent or in other
words non-repudia on means making sure that once someone does
something, like sending a message or making a transac on, they can't deny
it later. It provides proof that the ac on was really done by them. Example:
A digital signature on a legal document prevents the signer from denying
their involvement later.
6. Access Control: - It restricts resources to authorized users. Example: Only
managers can view salary details in an HR system, while employees can only
view their own records.

 Need of Security:
1. Protect Sensi ve Data: Prevents unauthorized access to confiden al
informa on, like personal or financial data.
2. Ensure Privacy: Safeguards user privacy by preven ng data breaches.
3. Prevent Cybera acks: Defends against a acks like hacking, malware, and
phishing that could harm the network and can stole the sensi ve
informa on.
4. Maintain Data Integrity: Ensures that data isn't altered or tampered with
during transmission.
5. Ensuring Opera onal Efficiency: A secure network ensures uninterrupted
business opera ons, preven ng produc vity losses.
 Computer Networks

 Threats: -
 These are poten al or actual a acks that can harm the network or its
components.
 Threats refer to poten al or actual ac ons or events that can compromise
the security, integrity, or func onality of a network or its components.
 Threats may originate from various sources, including external
cybercriminals, malicious insiders, or even natural disasters, each posing
different risks to the confiden ality, availability, and integrity of the network.
 Types: -
1. Malware: Malicious so ware such as viruses, worms, and trojans designed
to disrupt, damage, or gain unauthorized access to a system.
2. Phishing: A form of social engineering where a ackers deceive users into
revealing sensi ve informa on, like passwords or financial details.
3. Man-in-the-middle (MITM): An a acker intercepts and poten ally alters
communica on between two par es without them knowing.
4. Denial-of-service (DoS) a acks: A acks that overload a network or system,
making it unavailable to users.
5. Hacking: Unauthorized access to a network or system, o en to steal data,
compromise systems, or cause harm.

 Vulnerability: -
 These are weaknesses or gaps in a network, system, or so ware that can be
exploited by threats.
 Vulnerabili es can exist in hardware, so ware, protocols, or even human
behavior.
 Types:
1. Unpatched So ware: So ware that has not been updated with the latest
security patches or fixes, leaving it open to exploits.
2. Weak Passwords: Using easy-to-guess or default passwords increases the
likelihood of unauthorized access.
3. Misconfigured Firewalls: Incorrectly configured firewalls that fail to block
malicious traffic or allow unauthorized access.
4. Unencrypted Communica on: Sending sensi ve data without encryp on
makes it easy for a ackers to intercept and read.
 Computer Networks

5. Human Error: Some mes, vulnerabili es arise from human ac ons, such as
sharing passwords, falling for phishing a empts, or neglec ng to apply
security patches.

 A acks in Networking: -
 A network a ack is any a empt to disrupt, compromise or gain unauthorized
access to a computer network or its resources.
 Network a acks can be classified into several categories, depending on the
method used, the target and the intent of the a acker.
 The goal of these a acks can range from stealing sensi ve data to disrup ng
services.

 Types:
 Computer Networks

1. Ac ve a acks: are unauthorized ac ons that alter the system or data. In an

ac ve a ack, the a acker will directly interfere with the target to damage or
gain unauthorized access to computer systems and networks. This is done by
injec ng hos le code into communica ons.
 Types of ac ve a acks are as follows:
o Masquerade A ack
o Modifica on of Messages
o Repudia on
o Replay A ack
o Denial of Service (DoS) A ack.

2. Passive a acks: A Passive a ack a empts to learn or make use of

informa on from the system but does not affect system resources. The goal
of the opponent is to obtain informa on that is being transmi ed. Passive
a acks involve an a acker passively monitoring or collec ng data without
altering or destroying it.
 Types of Passive a acks are as follows:
o The Release of Message Content
o Traffic Analysis

 Internal a acks: - These occur from within an organiza on, typically by

opera onal failures or trusted individuals (employees, contractors, etc.) who
exploit their access to harm the network or steal data. For example, data
breaches caused by employees mishandling sensi ve informa on or
unauthorized access to confiden al data can be considered internal a acks.
 External a acks: - External a acks are risks that arise from outside the
organiza on. These can include cybera acks, natural disasters, economic
fluctua ons, or even regulatory changes. Example: Hackers a emp ng to
breach a network via the internet using techniques like SQL injec on or DDoS
a acks.
 Computer Networks

 ITU-T X.800 Security Architecture: -

 ITU-T X.800 Security Architecture is a framework developed by the
Interna onal Telecommunica on Union (ITU)
 It defines a set of security services, mechanisms, and concepts that can be
used to achieve network security.
 The OSI (Open Systems Interconnec on) Security Architecture defines
a systema c approach to providing security at each layer of a networking
model.
 OSI (Open Systems Interconnec on) security refers to a set of protocols,
standards, and techniques used to ensure the security of data and
communica ons in a network environment based on the OSI model. OSI
Security Architecture focuses on these concepts:

1. Security A ack: - A security a ack is an a empt by a person or

en ty to gain unauthorized access to disrupt or compromise the
security of a system, network, or device. These are defined as the
ac ons that put at risk an organiza on’s safety. They are further
classified into 2 sub-categories:
o Ac ve a acks.
o Passive a acks.

2. Security Mechanisms: - The mechanism that is built to iden fy any

breach of security or a ack on the organiza on, is called a security
 Computer Networks

mechanism. Security Mechanisms are also responsible for

protec ng a system, network, or device against unauthorized
access, tampering, or other security threats. E.g. Encryp on, Digital
Signature, Traffic padding, Rou ng control.

3. Security services: - Security services refer to the different services

available for maintaining the security and safety of an organiza on.
They help in preven ng any poten al risks to security. Security
services are divided into 5 types:

o Authen ca on.
o Access control.
o Data confiden ality.
o Data integrity.
o Non-repudia on.

 Security mechanisms: -
 The network is very necessary for sharing informa on whether it is at the
hardware level such as printer, scanner, or at the so ware level. Therefore,
security mechanisms can also be termed as is set of processes that deal with
recovery/protec on from security a acks.
 Hence, security mechanisms are technical tools or methods used to enforce
the security policies and protect the network from threats and a acks.
 Computer Networks

1. Encipherment: - It refers to the process of conver ng plaintext (readable

data) into ciphertext (unreadable data) using an encryp on algorithm and a
key. The purpose of encipherment is to protect sensi ve informa on by
making it unreadable to unauthorized par es. Only those with the correct
decryp on key can revert the ciphertext back to its original, readable form.
2. Digital Signature: - This security mechanism is achieved by adding digital data
that is not visible with naked eyes by an individual. It is form of electronic
signature which is added by sender which is checked by receiver
electronically.
3. Access Control: - This mechanism is used to stop una ended access to data
which you are sending. It can be achieved by various techniques such as
applying passwords, using firewall, or just by adding PIN to data.
4. Data Integrity: - This security mechanism is used by appending value to data
to which is created by data itself. It is similar to sending packet of informa on
known to both sending and receiving par es and checked before and a er
data is received. When this packet or data which is appended is checked and
is the same while sending and receiving data integrity is maintained.
5. Authen ca on Exchange: - This security mechanism deals with iden ty to
be known in communica on. This is achieved at the TCP/IP layer where two-
way handshaking mechanism is used to ensure data is sent or not.
6. Bit Stuffing: - This security mechanism is used to add some extra bits into
data which is being transmi ed. It helps data to be checked at the receiving
end and is achieved by Even parity or Odd Parity.
7. Traffic Padding: - It involves adding fake or dummy data to a communica on
to mask the actual size and nature of the transmi ed data. This technique
helps protect against traffic analysis, where a ackers try to infer sensi ve
informa on based on pa erns in the traffic.
8. Notariza on: - This security mechanism involves use of trusted third party in
communica on. It acts as mediator between sender and receiver so that if
any chance of conflict is reduced.
 Computer Networks

 Security Policies: -
 Security policies in networking are formalized rules and guidelines that
define how network resources should be protected from unauthorized
access, misuse, or destruc on.
 It is a wri en document in the organiza on which is responsible for how to
protect the organiza ons from threats and how to handles them when they
will occur.
1. Regulatory Policies: - To ensure data privacy, security, and compliance with
specific regula ons. These policies are designed to ensure that an
organiza on complies with legal and regulatory requirements related to data
protec on, privacy, and network security.
2. Advisory Policies: - Advisory policies are network security policies that
recommend or suggest best prac ces or guidelines for network users,
administrators, or managers. They are not mandatory or enforceable, but
they aim to educate and inform the network community about the expected
behaviors and responsibili es. For example, an advisory policy may advise
network users to avoid opening suspicious email a achments, use strong
passwords, or report any security incidents.
3. User policies: - These policies govern the behavior and responsibili es of
individual users within a network. To ensure that all users follow secure
prac ces while interac ng with network resources and data, thereby
reducing the risk of accidental or malicious security incidents. Example:
se ng a strong password, non-sharing of pin/passwords etc.
 Computer Networks

 Opera onal model of Network Security: -

 A Network Security Model exhibits how the security service has been
designed over the network to prevent the opponent from causing a threat to
the confiden ality or authen city of the informa on that is being
transmi ed through the network.

 Any security service would have the three components discussed below:
 The network security model presents the two communicating
party’s sender and receiver who mutually agrees to exchange the
information. The sender has information to share with the receiver.

 But sender cannot send the message on the information cannel in the
readable form as it will have a threat of being attacked by the opponent. So,
before sending the message through the information channel, it should
be transformed into an unreadable format.

 Secret information is used while transforming the message which will also
be required when the message will be retransformed at the recipient side.
That’s why a trusted third party is required which would take the
 Computer Networks

responsibility of distributing this secret information to both the parties

involved in communication.

 So, considering this general model of network security, one must consider
the following four tasks while designing the security model.

 To transform a readable message at the sender side into an unreadable

format, an appropriate algorithm should be designed such that it should be
difficult for an opponent to crack that security algorithm.

 Next, the network security model designer is concerned about

the generation of the secret information which is known as a key.
This secret information is used in conjunction with the security algorithm in
order to transform the message.

 Now, the secret information is required at both the ends, sender’s end and
receiver’s end. At sender’s end, it is used to encrypt or transform the
message into unreadable form and at the receiver’s end, it is used to decrypt
or retransform the message into readable form.

 So, there must be a trusted third party which will distribute the secret
information to both sender and receiver. While designing the network
security model designer must also concentrate on developing the
methods to distribute the key to the sender and receiver.
 Computer Networks

 Symmetric and Asymmetric Keys: -

 Symmetrical Key Cryptography also known as conventional or single-key
encryption was the primary method of encryption before the introduction of
public key cryptography in the 1970s. In symmetric-key algorithms, the same
keys are used for data encryption and decryption. This type of cryptography
plays a crucial role in securing data because the same key is used for both
encryption and decryption.

 In asymmetric Key cryptography, there are two keys, also known as key
pairs: a public key and a private key. The public key is publicly distributed.
Anyone can use this public key to encrypt messages, but only the recipient,
who holds the corresponding private key, can decrypt those messages.
"Public-key cryptography" is another representation used to refer to
Asymmetric Key cryptography.
 Computer Networks

 Elements of Informa on security/CIA Triad: -

 Informa on security is necessary to ensure the confiden ality, integrity, and
availability of informa on, whether it is stored digitally or in other forms such
as paper documents. Informa on Security programs are built around 3
objec ves, commonly known as CIA – Confiden ality, Integrity, Availability.

1. Confiden ality: - Means informa on is not disclosed to unauthorized

individuals, en es and process. For example, if we say I have a password
for my Gmail account but someone saw while I was doing a login into
Gmail account. In that case my password has been compromised and
Confiden ality has been breached.
2. Integrity: - Means maintaining accuracy and completeness of data. This
means data cannot be edited in an unauthorized way. For example,
Emails can be digitally signed using public-key cryptography. This ensures
that the email originated from the claimed sender and hasn't been
tampered with during transit.
3. Availability: - Informa on should be consistently and readily accessible
for authorized par es. This involves properly maintaining hardware and
technical infrastructure and systems that hold and display the
informa on. For example, E-commerce websites o en use redundant
servers to ensure that the site remains accessible even if one server fails.
Computer Networks
 Computer Networks

 IPSec: -
 IP security is a collec on of protocols designed by the Internet Engineering
Task Force to provide security for a packet at the network layer.
 It is used to ensure the confiden ality, integrity and authen city of data
transmi ed over different types of networks.
Components of IPSec: -
1. Encapsula ng Security Payload (ESP): -
 Encapsula ng Security Payload (ESP) provides encryp on, authen ca on,
and integrity for secure data transfer in IPSec.
 ESP’s authen ca on data are added at the end of the packet.
 ESP protocol was designed a er the AH was already in use.

2. Authen ca on Header (AH): -

 It is designed to authen cate the source host and to ensure the integrity of
the payload carried in the IP packet.
 The protocol uses a hash func on and a symmetric (secret) key to create a
message, then it is inserted in the authen ca on header.
 AH protocol provides source authen ca on and data integrity, but not
privacy/encryp on.

3. Internet Key Exchange (IKE): -

 Internet Key Exchange (IKE) is a protocol used to establish a secure
communica on channel between two devices by exchanging cryptographic
keys.
 Computer Networks

 Dynamic Key Exchange and Security Association (SA): IKE establishes SAs
between two devices for secure communication, using ISAKMP as a
framework for authentication and key exchange.
 Message Protection and Algorithms: IKE secures messages and supports
algorithms like SHA and MD5 to ensure data integrity, generating unique
identifiers for each packet to detect tampering.
 Packet Validation: IKE discards unauthorized packets by verifying their
integrity using the generated identifiers, ensuring only valid packets reach
the receiver.

Working: -

 When two devices communicate using IPSec, the devices first initiate the
connection by sending a request to each other. After that, they mutually
decide on protection of data using passwords or digital certificates. Now,
they establish the secure tunnel for communication. Once the tunnel is set
up, data can be transmitted safely, as IPSec is encrypting the data and also
checking the integrity of the data to ensure that data has not been altered.
After the communication is finished, the devices can close the secure
connection. In this way, the IPSec works.
 IPSec majorly operates in two ways i.e. Transport Mode and Tunnel Mode.
 Transport Mode: Encrypts only the payload, leaving the IP header
unchanged.
 Tunnel Mode: Encrypts the entire packet (IP header + payload),
encapsulating it in a new IP header.
 Computer Networks

 SSL: -
 SSL, or Secure Sockets Layer, is an Internet security protocol that encrypts
data to keep it safe.
 It was created by Netscape in 1995 to ensure privacy, authentication, and
data integrity in online communications.
 SSL is the older version of what we now call TLS (Transport Layer Security)
and websites using SSL/TLS have “HTTPS” in their URL instead of “HTTP.”
 An SSL (Secure Sockets Layer) certificate is a digital file/document signed by
a trusted authority that verifies a website's identity and allows a secure
connection between a browser and the website:

 Working: -
 SSL/TLS Handshake: When a browser connects to a secure website (HTTPS),
the server presents its SSL/TLS certificate.
 Verification: The browser verifies the certificate’s validity through a trusted
Certificate Authority (CA). It checks the certificate’s expiration date,
signature, and whether it’s been revoked.
 Session Key Creation: The browser generates a symmetric session key if the
certificate is valid. It encrypts this key using the server’s public key and
sends it back to the server.
 Encryption: The server decrypts the session key using its private key. Both
the server and browser now share a symmetric key used for the duration of
the session.
 Secure Connection: A safe connection is established, with all transmitted
data encrypted using the symmetric session key.
 This entire process occurs in milliseconds, ensuring a seamless and secure
user experience without noticeable delays.
 Computer Networks

 HTTPs: -
 HTTPS (Hypertext Transfer Protocol Secure) is a secure version of the HTTP
protocol that uses the SSL/TLS protocol to encrypt data sent between a web
browser and a website.
 It uses port 443 by default instead of HTTP’s port 80.
 The HTTPS protocol makes it possible for website users to transmit sensitive
data such as credit card numbers, banking information, and login credentials
securely over the internet.
 For this reason, HTTPS is especially important for securing online activities
such as shopping, banking, and remote work. However, HTTPS is quickly
becoming the standard protocol for all websites, whether or not they
exchange sensitive data with users.
 HTTPS adds encryption, authentication, and integrity to the HTTP protocol:

 Working: -

 HTTPS enhances HTTP by wrapping it within SSL/TLS, encrypting

communication between the client and server to protect data like request
URLs, headers, cookies, query parameters, and website content. While
metadata like IP addresses and session duration remain visible, all exchanged
data is encrypted, ensuring confidentiality and integrity.
 Authentication is handled via SSL/TLS using X.509 certificates, which bind
public-private key pairs to entities like websites or organizations. The public
key enables:

o Encrypting messages only the private key holder can decrypt.

o Verifying digital signatures from the corresponding private key.

 Certificates signed by trusted Certificate Authorities (CAs) confirm a

website's identity, ensuring secure and authenticated communication.
 Computer Networks

 S/MIME: -
 S/MIME stands for Secure/Mul purpose Internet Mail Extensions. It is the
secure version of MIME.
 S/MIME is a protocol used for encryp ng or decryp ng digitally signed E-
mails.
 This means that users can digitally sign their emails as the owner(sender) of
the e-mail.
 Due to the limita ons of MIME, S/MIME came into play. S/MIME is based
on asymmetric cryptography which means that communica ons can be
encrypted or decrypted using a pair of related keys namely public and
private keys.
 Computer Networks

 Working: -
Email Encryp on Steps: -

 Encryp on Process: -
1. Sender clicks "Send," and the original message is captured.
2. Recipient's public key encrypts the message.
3. Encrypted message replaces the original message.
4. Encrypted email is sent to the recipient.

 Decryp on Process: -
1. Recipient receives the email.
2. Encrypted message is retrieved.
3. Recipient's private key decrypts the message.
4. Original message is displayed to the recipient.

Digital Signature Steps: -

 Signing Process: -
1. Sender clicks "Send," capturing the original message.
2. Message hash is calculated.
3. Sender's private key encrypts the hash.
4. Encrypted hash is added to the email.
5. Email is sent to the recipient.

 Verifica on Process: -
1. Recipient receives the signed email.
 Computer Networks

2. Original message's hash value is calculated.

3. Encrypted hash is retrieved from the email.
4. Sender's public key decrypts the encrypted hash.
5. Decrypted hash matches the calculated hash to verify the signature.

 IDS: -
 It stands for Intrusion Detec on System.
 Systems that iden fy unauthorized access by hackers and malicious actors.
 A system called an intrusion detec on system (IDS) observes network traffic
for malicious transac ons and sends immediate alerts when it is observed.
 It is a so ware that checks a network or system for malicious ac vi es or
policy viola ons.
 Working of Intrusion Detec on System (IDS): -
 An IDS (Intrusion Detec on System) monitors the traffic on a computer
network to detect any suspicious ac vity.
 It analyzes the data flowing through the network to look for pa erns and
signs of abnormal behavior.
 The IDS compares the network ac vity to a set of predefined rules and
pa erns to iden fy any ac vity that might indicate an a ack or intrusion.
 If the IDS detects something that matches one of these rules or pa erns, it
sends an alert to the system administrator.
 The system administrator can then inves gate the alert and take ac on to
prevent any damage or further intrusion.

 Types of IDS: -
1. Network Intrusion Detec on System (NIDS): Network intrusion detec on
systems (NIDS) are set up at a planned point within the network to examine
traffic from all devices on the network
 Computer Networks

2. Host Intrusion Detec on System (HIDS): Host intrusion detec on systems

(HIDS) run on independent hosts or devices on the network. A HIDS
monitors the incoming and outgoing packets from the device only.

 Firewall: -
 A firewall is a network security device, either hardware or so ware-based,
which monitors all incoming and outgoing traffic and based on a defined set
of security rules accepts, rejects, or drops that specific traffic.
 It is just like a wall/barrier to the network traffic from public network to
private network and in posi on to do following three tasks with that traffic:
 Accept: allow the traffic
 Reject: block the traffic but reply with an “unreachable error”
 Drop: block the traffic with no reply

 Types: -
1. Host based firewall: - So ware firewall that is installed on a computer which
protects that computer only. A lot of an virus programs come with a host-
based firewall. E.g. Windows defender firewall.
2. Network based firewall: - It is the combina on of hardware and so ware. It
protects the en re network. It is present in the network layer of OSI network
model. It is present between a public (ISP) and a private network. The
 Computer Networks

network-based firewall can be a standalone product/hardware device and

can be pre-installed in a router.

 Working: -
 A firewall works by filtering network traffic based on a set of security rules. It
inspects incoming and outgoing packets and decides whether to allow or
block them based on these rules.
 Traffic Inspec on: The firewall checks each packet of data for characteris cs
like source/des na on IP addresses, port numbers, and protocol types (TCP,
UDP, ICMP).
 Rule Matching: The firewall compares these packet details against
predefined rules. Each rule specifies condi ons like allowed ports, IP
addresses, or protocols.
 Ac on Applica on: When a packet matches a rule, an associated ac on is
applied (allow, block, or log). If no rule matches, the firewall defaults to its
preconfigured policy (accept, reject, or drop).
 Default Policy: The firewall enforces a default policy to handle packets that
don't match any rules, ensuring secure handling of unknown traffic.
 This process ensures that only authorized traffic is allowed while blocking or
restric ng poten ally harmful or unauthorized connec ons.