Course: Computer & Network Security (3350704)

Unit 4
Network Security

By
Chaitali Vaghela
Lecturer,
Government Polytechnic for Girls,
Ahmedabad.
Contents

❖ Introduction
❖ Network Security
❖ Firewalls
❖ Security Topology
❖ Internet Protocol Security (IPSec)
❖ Email Security
Introduction

❖ Today's network architecture is complex and is faced with a threat

environment that is always changing and attackers that are always trying to
find and exploit vulnerabilities.
❖ These vulnerabilities can exist in a broad number of areas, including devices,
data, applications, users and locations.
❖ For this reason, there are many network security management tools and
applications in use today that address individual threats and exploits.
❖ Every organization that wants to deliver the services that customers and
employees demand must protect its network.
Network Security

❖ Network security is any activity designed to protect the usability and

integrity of your network and data.
❖ It includes both hardware and software technologies.
❖ It targets a variety of threats and it also stops them from entering or
spreading on your network.
❖ Effective network security manages access to the network.
❖ Network security combines multiple layers of defenses at the edge and in
the network.
❖ Each network security layer implements policies and controls.
❖ Authorized users gain access to network resources, but malicious actors are
blocked from carrying out exploits and threats.
Network Security (Cont.)

❖ There are many layers to consider when addressing network security across
an organization.
❖ Attacks can happen at any layer in the network security layers model, so
your network security hardware, software and policies must be designed to
address each area.
❖ Network security typically consists of three different controls:
➢ Physical Network Security
➢ Technical Network Security
➢ Administrative Network Security
Network Security (Cont.)

❖ Physical Network Security

➢ Physical security controls are designed to prevent unauthorized personnel from gaining physical
access to network components such as routers, cabling cupboards and so on.
➢ Controlled access, such as locks, biometric authentication and other devices, is essential in any
organization.
❖ Technical Network Security
➢ Technical security controls protect data that is stored on the network or which is in transit across,
into or out of the network.
➢ It needs to protect data and systems from unauthorized personnel, and it also needs to protect
against malicious activities from employees.
❖ Administrative Network Security
➢ Administrative security controls consist of security policies and processes that control user
behavior, including how users are authenticated, their level of access and also how IT staff
members implement changes to the infrastructure.
Types of Network Security

❖ Firewalls
❖ Email Security
❖ Anti-virus and Anti-malware software
❖ Access Control
❖ Virtual Private Networks (VPN)
❖ Application Security
❖ Intrusion Prevention System
❖ Web Security
❖ Wireless Security
Firewalls

❖ A firewall is a network security device that monitors incoming and outgoing

network traffic and permits or blocks data packets based on a set of security rules.
❖ Firewalls have been a first line of defense in network security for over 25 years.
❖ They establish a barrier between secured and controlled internal networks that can
be trusted and untrusted outside networks, such as the Internet
❖ Firewalls carefully analyze incoming traffic based on pre-established rules and
filter traffic coming from unsecured or suspicious sources to prevent attacks.
❖ Firewalls guard traffic at a computer’s entry point, called ports, which is where
information is exchanged with external devices.
➢ For example, “Source address 172.16.2.54 is allowed to reach destination 172.16.2.99 over port 22."
Firewalls (Cont.)
Firewalls (Cont.)

❖ A firewall can be hardware, software, or both.

❖ A firewall can be a network security device or a software program on a
computer.
❖ Each format (a firewall implemented as hardware or software) has different
functionality but the same purpose.
❖ A hardware firewall is a physical device that attaches between a computer
network and a gateway. For example, a broadband router.
❖ A software firewall is a simple program installed on a computer that works
through port numbers and other installed software.
Firewalls (Cont.)
Firewalls (Cont.)

❖ Firewalls are primarily used to prevent malware and network-based attacks.

❖ They can help in blocking application-layer attacks.
❖ These firewalls act as a gatekeeper or a barrier.
❖ They monitor every attempt between our computer and another network.
❖ They do not allow data packets to be transferred through them unless the
data is coming or going from a user-specified trusted source.
❖ Firewalls are designed in such a way that they can react quickly to detect
and counter-attacks throughout the network.
❖ They can work with rules configured to protect the network and perform
quick assessments to find any suspicious activity.
Need of Firewall

❖ Firewalls are needed to prevent following scenarios:

➢ Open Access
■ If a computer is running without a firewall, it is giving open access to other networks.
■ This means that it is accepting every kind of connection that comes through someone.
■ In this case, it is not possible to detect threats or attacks coming through the network.
■ Without a firewall, the devices will be vulnerable to malicious users and other unwanted
sources.
➢ Lost or Comprised Data
■ Without a firewall, The devices are accessible to everyone.
■ Anyone can access the device and have complete control over it, including the network.
■ In this case, cybercriminals can easily delete the data or use personal information for their
benefit.
➢ Network Crashes
■ In the absence of a firewall, anyone could access the network and shut it down.
■ It may lead to invest valuable time and money to get back the network in working state.
Design goals for a firewall

❖ All traffic from inside to outside, and vice versa, must pass through the
firewall.
➢ This is achieved by physically blocking all access to the local network except via the firewall.
❖ Only authorized traffic, as defined by the local security policy, will be allowed
to pass.
➢ Various types of firewalls are used, which implement various types of security policies.
❖ The firewall itself is immune to penetration.
➢ This implies that use of a trusted system with a secure operating system.
Firewall Rules

❖ Firewalls analyze each block of data packets entering or leaving the Intranet or the
host computer.
❖ Firewalls intercept network traffic at a computer's entry point, known as a port.
❖ Firewalls perform this task by allowing or blocking specific data packets (units of
communication transferred over a digital network) based on predefined security
rules.
❖ Based on a defined set of security rules, a firewall can perform three actions:
1. Accept: Allow the transmission of data packets.
2. Drop: Block data packets with no reply.
3. Reject: Block data packets and send “unreachable error” to the source.
❖ Rule sets can be based on several things indicated by packet data, including their
source, destination, and their content.
Types of Firewalls

❖ Firewalls are either categorized by the way they filter data, or by the system
they protect.
➢ When categorizing by what they protect, the two types are:
■ Network-based
■ Host-based
➢ When categorizing by filtering method, the main types are:
■ Packet filtering
■ Proxy service
■ Stateful inspection
■ Next Generation Firewall (NGFW)
Packet Filtering Firewall

❖ As the most “basic” and oldest type of firewall architecture, packet-filtering firewalls basically
create a checkpoint at a traffic router or switch.
❖ A packet filtering firewall is an efficient, yet affordable, software that inspects incoming packets
and decides whether to allow them to pass or reject them based on predefined parameters.
❖ The firewall performs a simple check of the data packets coming through the router—inspecting
information such as the destination and origination IP address, packet type, port number, and other
surface-level information without opening up the packet to inspect its contents.
❖ If the information packet doesn’t pass the inspection, it is dropped.
❖ It examines each packet independently and does not know whether any given packet is part of an
existing stream of traffic.
❖ The packet-filtering firewall is effective, but because it processes each packet in isolation, it can be
vulnerable to IP spoofing attacks and has largely been replaced by stateful inspection firewalls.
Packet Filtering Firewall (Cont.)

❖ Advantages:
➢ Need only one router
■ The key advantage of using packet filtering is that it requires the use of only one screening router to protect an
entire network.
➢ Highly efficient and fast
■ The packet filtering router works very fast and effectively and accepts and rejects the packets quickly based
upon the destination and source ports and addresses.
■ However, other firewall techniques show more time-consuming performance.
➢ Transparent to users
■ Packet filtering works independently without any need for user knowledge or cooperation.
■ Users won’t get to know about the transmission of packets until there is something that got rejected.
■ On the contrary, other firewalls require custom software, the configuration of client machines, or specific
training or procedures for users.
➢ Built-in packet filtering in routers
■ Packet filtering capacities are inbuilt in widely used hardware and software routing products.
■ Additionally, now most websites possess packet filtering techniques available in their routers itself, which also
makes this technique the most inexpensive one.
Packet Filtering Firewall (Cont.)

❖ Disadvantages:
➢ Filtration based on IP address or Port Information
■ The biggest disadvantage of packet filtering is that it works on the authentication of IP
address and port number and not based on the information like context or application.
➢ Packet filtering is stateless
■ Another big disadvantage of packet filtering is that it does not remember any past invasions
or filtered packets.
■ It tests every packet in isolation and is stateless which allows hackers to break the firewall
easily.
➢ No safety from address spoofing
■ The packet filtering does not protect from IP spoofing, in which hackers can insert fake IP
addresses in packets to intrude the network.
➢ Not a perfect option for all networks
■ The packet filtering firewalls implementation in highly desirable filters becomes difficult or
highly time-consuming.
Packet Filtering Firewall (Cont.)
Circuit-Level Gateways

❖ Circuit-level gateways monitor TCP handshakes and other network protocol

session initiation messages across the network as they are established
between the local and remote hosts to determine whether the session being
initiated is legitimate -- whether the remote system is considered trusted.
❖ However, they don't inspect the packets themselves.
❖ While circuit-level gateways provide a higher level of security than packet
filtering firewalls, they should be used in conjunction with other systems.
❖ For example, circuit-level gateways are typically used alongside
application-level gateways. This strategy combines attributes of packet- and
circuit-level gateway firewalls with content filtering.
Circuit-Level Gateways (Cont.)

❖ Advantages:
➢ Only processes requested transactions; all other traffic is rejected.
➢ Easy to set up and manage
➢ Low cost and minimal impact on end-user experience
❖ Disadvantages:
➢ If they aren't used in conjunction with other security technology, circuit-level gateways offer
no protection against data leakage from devices within the firewall.
➢ No application layer monitoring.
➢ Requires ongoing updates to keep rules current.
Circuit-Level Gateways (Cont.)
Proxy Firewalls (Application-level Gateways)

❖ Proxy firewalls operate at the application layer to filter incoming traffic between your network and
the traffic source—hence, the name “application-level gateway.”
❖ These firewalls are delivered via a cloud-based solution or another proxy device.
❖ It works at Application Layer of OSI model.
❖ Rather than letting traffic connect directly, the proxy firewall first establishes a connection to the
source of the traffic and inspects the incoming data packet.
❖ This check is similar to the stateful inspection firewall in that it looks at both the packet and at the
TCP handshake protocol.
❖ However, proxy firewalls may also perform deep-layer packet inspections, checking the actual
contents of the information packet to verify that it contains no malware.
❖ Once the check is complete, and the packet is approved to connect to the destination, the proxy
sends it off.
❖ If there’s one drawback to proxy firewalls, it’s that they can create significant slowdown because of
the extra steps in the data packet transferal process.
Proxy Firewalls (Application-level Gateways)
Stateful Inspection Firewall

❖ A stateful firewall is a firewall that monitors the full state of active network
connections.
❖ Stateful packet inspection is also known as the dynamic packet filtering.
❖ Stateful inspection firewalls, in addition to verifying and keeping track of
established connections, also perform packet inspection to provide better,
more comprehensive security.
❖ Rely on algorithms to recognize and process application layer data instead
of running application specific proxies.
Stateful Inspection Firewall (Con.)

❖ They filter packets at Network Layer, determine whether session packets are
legitimate and evaluate contents of packet at the application layer.
❖ It allows direct connection between client & host.
❖ For example, when you connect to a Web server and that Web server must respond
to you, the stateful firewall has the proper access open and ready for the
responding connection. When the connection ends, that opening is closed.
❖ Advantages:
➢ high level of security,
➢ good performance,
➢ transparency to end users.
❖ Disadvantage:
➢ Expensive
Stateful Inspection Firewall (Con.)
Stateful vs Stateless Firewalls

❖ Stateless firewalls are designed to protect networks based on static

information such as source and destination.
❖ Whereas stateful firewalls filter packets based on the full context of a given
network connection, stateless firewalls filter packets based on the individual
packets themselves.
❖ The main difference between a stateful firewall and a stateless firewall is
that a stateful firewall will analyze the complete context of traffic and data
packets, constantly keeping track of the state of network connections
(hense “stateful”).
❖ A stateless firewall will instead analyze traffic and data packets without
requiring the full context of the connection.
Trusted systems

❖ One way to enhance the ability of a system to defend against intruders and
malicious programs is to implement trusted system technology.
❖ A system on which we rely to enforce the security policies and strategies is
referred as a trusted system.
❖ Once a trusted system is breached, it leads to the compromise of security
policies governing the whole system setup.
❖ Thus, a trusted system is the central figure to implement an organization’s
security policies and provides assurance, trust and security.
Trusted systems (Cont.)

❖ Trusted system will provide following features:

➢ Protect data and resources on the basis of levels of security.
➢ Users can be granted clearance to access certain categories of data.
➢ It provides multilevel security system.
■ No read up
● A subject can only read an object of lower or equal security.
● This is referred to as simple security property.
■ No write down
● A subject can only write into an object of greater or equal security level.
● This is referred to as *-property (star property).
Kerberos Authentication

❖ In mythology, Kerberos (also known as Cerberus) is a

large, three-headed dog that guards the gates to the
underworld to keep souls from escaping.
❖ Kerberos is an authentication protocol for client/server
applications.
❖ It is used to verify the identity of a user or host.
❖ It uses symmetric key cryptography and requires trusted
third-party authorization to verify user identities.
❖ It has made the internet and its users more secure, and
enables users to do more work on the Internet and in the
office without compromising safety.
Kerberos Authentication (Cont.)

❖ Kerberos was initially developed in the 1980s by Massachusetts Institute of

Technology (MIT) computer scientists.
❖ Microsoft introduced their version of Kerberos in Windows 2000.
❖ It has also become a standard for websites and Single-Sign-On
implementations across platforms.
❖ Kerberos authentication is currently the default authorization technology
used by Microsoft Windows, and implementations of Kerberos exist in Apple
OS, FreeBSD, UNIX, and Linux.
Kerberos Authentication (Cont.)

❖ Characteristics of Kerberos authentication:

➢ Accurately verify users
➢ Plain text passwords are never sent across an insecure network.
➢ Only a single login is required per session.
➢ Every login has three stages of authentication.
➢ Encryption protects all access keys and tickets.
➢ Authentication is mutual, so both users and providers are safe from scams.
➢ Enforce strong security policy.
Kerberos Authentication (Cont.)

❖ Every Kerberos authentication involves a Key Distribution Center (KDC).

❖ The KDC acts as a trusted third-party authentication service, and it operates
from the Kerberos server.
❖ Kerberos uses the concept of a Ticket Granting Service.
❖ With Kerberos, users never authenticate themselves to the service directly.
❖ Instead, they go through a series of steps performed by different parts of the
Key Distribution Center.
❖ A client that wishes to use a service has to receive a ticket ( a time related
cryptographic message), which gives the access to requested service.
Kerberos Authentication (Cont.)

❖ KDC consists of three main components:

➢ An authentication server (AS)
■ The AS performs initial authentication when a user wants to access a
service.
➢ A ticket granting server (TGS)
■ This server connects a user with the service server (SS).
➢ A Kerberos database
■ This database stores IDs and passwords of verified users.
Kerberos Authentication (Cont.)
Authentication Server (AS)

❖ The AS Verifies Users with Decryption.

❖ The Kerberos protocol starts with the user requesting access to a service through the
Authentication Server.
❖ This request is partially encrypted with a secret key, the user’s password.
❖ The password is a shared secret between the user and the AS.
❖ The AS can only decrypt the request if the user encrypted the message with the right password.
❖ If the password is wrong, the AS cannot interpret the request.
❖ In that case, AS does not verify the user, and the authentication process fails.
❖ Once it decrypts the request, the AS creates a ticket-granting ticket (TGT) and encrypts it with the
TGS’s secret key.
❖ This key is a shared secret between the AS and the Ticket Granting Server.
❖ A TGT contains a client/TGS session key, an expiration date, and the client’s IP address
❖ Once it issues a TGT, the AS sends it to the user..
Ticket Granting Server (TGS)

❖ The TGS Connects Users to Service Servers.

❖ The user sends the TGT to the TGS.
❖ If the ticket is valid and the user has permission to access the service, the
TGS issues a service ticket.
❖ A service ticket contains the client ID, client network address, validity period,
and client/server session key.
❖ The service ticket is encrypted with a secret key shared with the service
server.
❖ The user then sends the ticket to the service server along with the service
request.
❖ The SS decrypts the key and grants access to the requested resources.
Kerberos Authentication Steps

❖ Step 1: The User Sends a Request to

the AS.
❖ Step 2: The AS Issues a TGT
❖ Step 3: The User Sends a Request to
the TGS
❖ Step 4: TGS Issues a Service Ticket
❖ Step 5: The User Contacts the File
Server with the Service Ticket
❖ Step 6: The User Opens the
Document
Kerberos Authentication (Cont.)
❖ Benefits of Kerberos Authentication:
➢ Improved Security
■ Cryptography, multiple secret keys, and third-party authorization make Kerberos one of the industry’s most
secure verification protocols.
➢ Access Control
■ With Kerberos, the company gets a single point for enforcing security policies and keeping track of logins.
➢ Transparency and Auditability
■ Kerberos makes it easy to see who requested what and at what time.
➢ Mutual Authentication
■ Kerberos enables users and service systems to authenticate each other.
■ At each step of the authentication process, both the user and the server systems know that they are interacting
with authentic counterparts
➢ Limited Ticket Lifetime
■ Short ticket lifetimes are great for preventing brute-force and replay attacks.
➢ Reusable Authentications
■ Kerberos authentications are reusable and durable.
■ The user only verifies to the Kerberos system once.
■ For the lifetime of the ticket, the user can authenticate to network services without re-entering personal data.
■ Single sign-on is the most direct end-user benefit of Kerberos.
Kerberos Authentication (Cont.)

❖ Weaknesses of Kerberos Authentication:

➢ The Kerberos Server Is a Single Point of Failure
■ If the Kerberos server goes down, users cannot log in.
➢ Strict Time Requirements
■ Date/time configurations of the involved hosts must always be synchronized within
predefined limits.
■ Otherwise, authentications fail because tickets have a limited availability period.
➢ Every Network Service Needs its Kerberos Keys
■ Each network service that requires a different hostname needs its set of Kerberos
keys.
➢ All Nodes Must Be Compatible with Third-Party Authentication
■ Both user machines and service servers must be designed with Kerberos
authentication in mind.
Security Topology

❖ The security topology of your network defines the network design and
implementation from a security perspective.
❖ A security topology is the arrangement of hardware devices on a network
with respect to internal security requirements and needs for public access.
❖ Unlike a network topology, Security topology is more concerned with access
methods, security, and technologies being used.
❖ Topologies are created by dividing networks into security zones providing
both a multi-layered defense strategy and different levels of security
corresponding with the purpose of each specific zone.
Security Topology (Cont.)

❖ Security topology covers four primary areas of concern:

1. Design Goals
■ The design goals of a security topology must deal with issues of confidentiality,
integrity, availability, and accountability.
2. Security zone
■ The term security zone describes design methods that isolate systems from other
systems or networks.
■ Security zones allow you to isolate systems from unauthorized users.
■ Security zone design is an important aspect of computer security.
Security Topology (Cont.)

❖ Security topology covers four primary areas of concern:

3. Technologies
■ The three technologies this section will focus on are Virtual Local Area Networks
(VLANs), Network Address Translation (NAT) and Tunneling.
■ These technologies allow you to improve security in your network at very little
additional cost.
4. Business Requirements
■ An organization or business is well served if they make a conscious examination of the
security situation they are in.
■ This includes identifying assets, doing a comprehensive risk assessment, identifying
threats, and evaluating vulnerabilities.
■ These four components will help the business principals understand what they are up
against and how to cost effectively address these issues.
Security Topology (Cont.)

❖ Everyone in a network does not need to have access to all of the assets in the network.
❖ Networks can be isolated from each other using hardware and software.
❖ Some machines on the network can be configured to be in a certain address ranges and
others to be in a different address range.
❖ This separation makes the two networks invisible to each other unless a router connects
them.
❖ Some of the newer data switches also allows partition of networks into smaller networks
or private zones.
❖ Followings are the four most common security zones:
➢ Internet
➢ Intranet
➢ Extranet
➢ DMZ
Internet

❖ The Internet is a global network that connects computer and networks

together.
❖ The Internet can be used by anybody who has access to an Internet portal or
an Internet Service Provider.
Intranet

❖ Intranets are private networks implemented and maintained by an individual

company or organization.
❖ Intranet access is limited to systems within the Intranet. Intranets use the
same technologies used by the Internet.
❖ Intranets can be connected to the Internet but are not available for access to
users that are not authorized to be part of the Intranet.
❖ Access to the Intranet is granted to trusted users inside the corporate
network or to users in remote locations.
Intranet (Cont.)
Extranet

❖ Extranets extend Intranets to include outside connections to partners.

❖ An Extranet allows you to connect to a partner by a private network or a
connection using a secure communications channel using the Internet.
❖ Extranet connections involve connections that are between trustworthy
organizations.
❖ This network provides a connection between the two organizations.
❖ This connection may be through the Internet. If so, these networks would
use a Tunneling protocol to accomplish a secure connection.
Extranet (Cont.)
DMZ

❖ A DMZ (demilitarized zone) is a physical or logical subnetwork that

separates an internal local area network (LAN) from other un-trusted
networks, usually the Internet.
❖ A common DMZ meaning is a subnetwork that sits between the public
internet and private networks.
❖ It exposes external-facing services to untrusted networks and adds an extra
layer of security to protect the sensitive data stored on internal networks,
using firewalls to filter traffic.
❖ The end goal of a DMZ is to allow an organization to access untrusted
networks, such as the internet, while ensuring its private network or LAN
remains secure.
DMZ (Cont.)

❖ Any service that is being provided to users on the Internet should be placed
in the DMZ.
❖ The most common services are:
➢ Web server
➢ Mail server
➢ FTP server
➢ VoIP server
DMZ (Cont.)
DMZ Designs

❖ There are numerous ways to construct a network with a DMZ.

❖ The two major methods are:
1. Single Firewall
■ A modest approach to network architecture involves using a single firewall, with a
minimum of 3 network interfaces.
■ The DMZ will be placed Inside of this firewall.
■ The tier of operations is as follows:
● The external network device makes the connection from the Internet Service
Provider(ISP)
● The internal network is connected by the second device
● Connections within the DMZ is handled by the third network device.
DMZ Designs (Cont.)

❖ There are numerous ways to construct a network with a DMZ.

❖ The two major methods are:
2. Dual Firewall
■ The more secure approach is to use two firewalls to create a DMZ.
■ The first firewall (referred to as the “frontend” firewall) is configured to only allow
traffic destined for the DMZ.
■ The second firewall (referred to as the “backend” firewall) is only responsible for the
traffic that travels from the DMZ to the internal network.
■ An effective way of further increasing protection is to use firewalls built by separate
vendors, because they are less likely to have the same security vulnerabilities.
■ While more effective, this scheme can be more costly to implement across a large
network.
DMZ Network Benefits

❖ Protection of Internet-Facing Systems

➢ Email servers, web applications, and other Internet-facing systems need access to sensitive
data.
➢ Placing these systems on the DMZ enables them to be accessible to the public Internet
while still being protected by the external firewall..
❖ Protection of Internal Systems
➢ Some systems on the DMZ (such as FTP servers) pose a threat to the systems within an
organization’s network.
➢ Placing these systems on a DMZ ensures that another layer of security inspection exists
between these systems and the organization’s internal network.
DMZ Network Benefits (Cont.)

❖ Limited Lateral Movement

➢ Cyber attackers commonly exploit a system to gain a foothold on a network, then expand
their access from that foothold.
➢ Since the most vulnerable and exploitable systems are located on the DMZ, it is more
difficult to use them as a foothold to gain access to and exploit the internal protected
network.
❖ Preventing Network Scanning
➢ Attackers commonly scan organizations’ networks to identify computers and software that
may be vulnerable to exploitation.
➢ Implementing a DMZ structures the network so that only systems that are intended to be
Internet-facing are actually visible and scannable from the public Internet.
DMZ Network Benefits (Cont.)

❖ Improved Access Control

➢ Placing a firewall between the internal network and Internet-facing systems enables all
connections between these systems to be inspected.
➢ This allows the organization to strictly define and enforce access controls to provide
protection to the internal systems.
❖ Improved Network Performance
➢ Internet-facing systems are designed to be accessed frequently by external users.
➢ Placing these systems on a DMZ reduces load on internal network infrastructure and
firewalls, improving their performance.
VLAN: Virtual Local Area Network

❖ A local area network (LAN) is typically a collection of devices connected to a single

switch.
❖ A virtual local area network (VLAN) typically involves grouping devices on a single switch.
❖ VLANs (Virtual LANs) are logical grouping of devices in the same broadcast domain.
❖ A VLAN (virtual LAN) is a subnetwork which can group together collections of devices on
separate physical local area networks (LANs).
❖ A VLAN allows a network administrator to create groups of logically networked devices
that act as if they are on their own independent network.
❖ VLANs make it easy for network administrators to partition a single switched network to
match the functional and security requirements of their systems without having to run
new cables or make major changes in their current network infrastructure.
VLAN: Virtual Local Area Network (Cont.)

❖ VLANs are also important because they can help improve the overall
performance of a network by grouping together devices that communicate
most frequently.
❖ VLANs also provide security on larger networks by allowing a higher degree
of control over which devices have access to each other.
❖ VLANs tend to be flexible because they are based on logical connections,
rather than physical.
❖ Many organizations have a WAN (wide area network) due to their expansive
offices and large teams. In these scenarios, having multiple VLANs would
greatly expedite network operations.
VLAN: Virtual Local Area Network (Cont.)

❖ There are three types of VLAN:

1. A Protocol VLAN
■
■ It handles traffic based on its protocol.
■ A switch will segregate or forward traffic based on the traffics protocol.
2. Static VLAN
■ It is also referred to as port-based VLAN
■ Port-based VLANs groups virtual local area network by port.
■ It needs a network administrator to assign the ports on a network switch to a virtual
network.
3. Dynamic VLAN
■ It allows a network administrator just to define network membership based on device
characteristics, as opposed to switch port location.
VLAN: Virtual Local Area Network (Cont.)

❖ Advantages:
➢ Security:
■ Groups that have sensitive data are separated from the rest of the network, decreasing the
chance of confidential breaches.
➢ Cost reduction
■ Cost savings result from reduced need for expensive network upgrades and more efficient
use of existing bandwidth and uplinks.
➢ Better performance
■ Dividing flat Layer 2 networks into multiple logical workgroups (broadcast domains) reduces
unnecessary traffic on the network and boosts performance.
➢ Shrink broadcast domains
■ Dividing a network into VLANs reduces the number of devices in the broadcast domain.
➢ Better network management
■ VLANs make it easier to manage the network because users with similar network
requirements share the same VLAN.
VLAN: Virtual Local Area Network (Cont.)

❖ Disadvantages:
➢ A packet can leak from one VLAN to other.
➢ An injected packet may lead to a cyber-attack.
➢ Threat in a single system may spread a virus through a whole logical network.
➢ You require an additional router to control the workload in large networks.
➢ You can face problems in interoperability.
➢ A VLAN cannot forward network traffic to other VLANs.
Tunneling

❖ In the physical world, tunneling is a way to cross terrain or boundaries that

could not normally be crossed.
❖ Similarly, in networking, tunnels are a method for transporting data across a
network using protocols that are not supported by that network.
❖ Tunneling works by encapsulating packets: wrapping packets inside of other
packets.
➢ Packets are small pieces of data that can be re-assembled at their destination into a larger
file.
Tunneling (Cont.)

❖ A technique of internetworking called Tunneling is used when source and

destination networks of same type are to be connected through a network of
different type.
❖ In essence, the packets for one protocol are encapsulated in the packets of
another protocol.
❖ Example: Point-to-Point Tunneling Protocol encapsulates its own packets
into the TCP/IP protocol.
❖ Encapsulation is often combined with encryption to increase the level of
security.
Tunneling (Cont.)
IPSec

❖ Within the term "IPsec," "IP" stands for "Internet Protocol" and "sec" for
"Security."
❖ The Internet Protocol is the main routing protocol used on the Internet.
❖ It designates where data will go using IP addresses.
❖ IPsec is secure because it adds encryption and authentication to this
process.
❖ IPsec is a group of protocols that are used together to set up encrypted
connections between devices.
❖ It helps keep data sent over public networks secure.
❖ IPsec is often used to set up VPNs, and it works by encrypting IP packets,
along with authenticating the source where the packets come from.
IPSec (Cont.)

❖ IPsec can be used in protecting data flows between hosts, between

networks, or between network-to-host.
❖ Internet Protocol security (IPsec) uses cryptographic security services to
protect communications over Internet Protocol (IP) networks.
❖ IP security (IPSec) is a capability that can be added to current version of the
Internet Protocol (IPv4 or IPv6), by means of additional headers.
❖ IPSec is not a single protocol.
❖ Instead, IPSec provides a set of security algorithms plus a general
framework that allows a pair of communicating entities to use whichever
algorithms provide security appropriate for the communication.
Main Function areas of IPSec

❖ Authentication
➢ The authentication mechanism assures that a received packet was transmitted
by the party identified as the source in the packet header, and that the packet has
not been altered in transit.
❖ Confidentiality
➢ The confidentiality facility enables communicating nodes to encrypt messages
to prevent eavesdropping by third parties.
❖ Key Management
➢ The key management facility is concerned with the secure exchange of keys.
IPSec Architecture
IPSec Architecture (Cont.)

❖ IPSec (IP Security) architecture uses two protocols to secure the traffic or
data flow.
➢ ESP (Encapsulation Security Payload)
➢ AH (Authentication Header).
❖ IPSec Architecture include protocols, algorithms, DOI, and Key Management.
❖ All these components are very important in order to provide the three main
services:
➢ Confidentiality
➢ Authentication
➢ Integrity
IPSec Architecture Component

❖ Architecture or IPSec Architecture

➢ It covers the general concepts, definitions, protocols, algorithms and security requirements
of IP Security technology.
❖ ESP Protocol
➢ ESP(Encapsulation Security Payload) provide the confidentiality service.
➢ Encapsulation Security Payload is implemented in either two ways:
■ ESP with optional Authentication.
■ ESP with Authentication.
❖ Encryption Algorithm
➢ Encryption algorithm is the document that describes various encryption algorithm used for
Encapsulation Security Payload.
IPSec Architecture Component (Cont.)

❖ AH Protocol
➢ AH (Authentication Header) Protocol provides both Authentication and Integrity
service.
➢ Authentication Header is implemented in one way only: Authentication along with
Integrity.
❖ Authentication Algorithm
➢ Authentication Algorithm contains the set of the documents that describe
authentication algorithm used for AH and for the authentication option of ESP.
❖ DOI (Domain of Interpretation):
➢ DOI is the identifier which support both AH and ESP protocols.
➢ It contains values needed for documentation related to each other.
❖ Key Management
➢ Key Management contains the document that describes how the keys are exchanged
between sender and receiver.
IPSec Services

❖ Services are provided by the AH and ESP protocols.

Email Security

❖ In virtually all distributed environments, electronic mail is the most heavily used
network-based application.
❖ It is also the only distributed application that is widely used across all
architectures and vendor platforms.
❖ Because of its ubiquity and inherent vulnerabilities, email is a popular vector for
cyber attacks.
❖ These attacks include spamming, phishing and Malware, such as viruses, worms,
Trojan horses, and spyware.
❖ Email is also a common entry point for attackers looking to gain a foothold in an
enterprise network and obtain valuable company data.
❖ Email security is the set of methods used for keeping email correspondence and
accounts safe from these attacks.
Email Security (Cont.)

❖ Email security is a multi-layered discipline involving several types of

software and technology.
❖ Email security is a term for describing different procedures and techniques
for protecting email accounts, content, and communication against
unauthorized access, loss or compromise.
❖ There are multiple ways to ensure the security of enterprise email accounts
❖ But it’s important to combine employee education with comprehensive
security policies and procedures.
Recommended policies and procedures for Email Security

❖ Password Cycling
➢ Require employees to use strong passwords and mandate frequent password changes.
➢ This helps to ensure that, even if a password is compromised, its use can be limited.
❖ Secure Login
➢ Ensure that webmail applications use encryption.
➢ This is standard functionality, but critical to prevent emails from being intercepted by
malicious actors.
❖ Spam Filtering
➢ Implement scanners and other tools to scan messages and block emails containing
malware or other malicious files before they reach end users.
➢ Even relatively benign spam – such as marketing offers – can hamper productivity if
employees have to manually remove it from their inboxes.
Recommended policies and procedures for Email Security

❖ Spyware Protection
➢ A robust cyber security program or a dedicated spyware removal service that can dispose of
malicious email attachments and repair altered files/settings.
❖ Email Encryption
➢ Encryption technologies such as OpenPGP let users encrypt emails between sender and
recipient.
➢ This is a necessity for businesses where sensitive information is shared frequently via
communication platforms like email.
❖ Employee Education
➢ Engage employees in ongoing security education around email security risks and how to
avoid falling victim to phishing attacks over email.
➢ Some companies send their own employees mock phishing emails in order to test their
resistance to these attacks
References

❖ Cryptography and Network Security by Behrouz Forouzan and Debdeep

Mukhopadhyay
❖ Cryptography and Network Security Principles and Practices by William Stallings
❖ Principles Of Computer Security CompTIA Security+ And Beyond by By Wm.
Arthur Conklin, Greg White, Chuck Cothren, Roger L. Davis, Dwayne Williams
❖ Security+ Study Guide by Michael A. Pastore
❖ https://www.forcepoint.com/cyber-edu/network-security
❖ https://www.cisco.com/c/en_in/products/security/what-is-network-security.html
❖ https://www.forcepoint.com/cyber-edu/firewall
References (Cont.)

❖ https://www.javatpoint.com/firewall
❖ https://searchsecurity.techtarget.com/definition/firewall
❖ https://www.varonis.com/blog/kerberos-authentication-explained/
❖ https://phoenixnap.com/blog/kerberos-authentication
❖ https://www.fortinet.com/resources/cyberglossary/what-is-dmz
❖ https://www.cloudflare.com/en-in/learning/network-layer/what-is-tunneling/
❖ https://www.proofpoint.com/us/threat-reference/email-security
❖