UNIT-4

Network Security

Asst.Prof. Renuka Patel

Asst.Prof. Roshni Patel
 Network Security

 Network Security
Network security, focusing on various components such as firewalls, IP security,
VPNs, intrusion detection systems, and web security threats. Each topic is
explained in detail with examples to enhance understanding. The aim is to equip
readers with the knowledge necessary to navigate the complexities of network
security effectively.
 Network Security

1️⃣ Firewalls 🔥
A firewall is a security system that monitors and
controls incoming and outgoing network traffic
based on predefined security rules.

✅ Example:

 A corporate network blocks access to

malicious websites using a firewall.
 A home router has a built-in firewall to
prevent unauthorized access.
 Fire Wall
Types of Firewalls
Firewalls can be categorized based on deployment, working
mechanism, and implementation.

🔹 Personal Firewall (Host-Based Firewall)

✅ Definition:
•A software firewall installed on a single device (PC, laptop, or
smartphone) to protect it from threats.
✅ Example:
•Windows Defender Firewall (built into Windows OS).
•Mac Firewall (for macOS security).
✅ Pros:
✔ Protects individual devices from malware and hacking
attempts.
✔ Blocks unauthorized apps from accessing the internet.
✅ Cons:
✖ Does not protect the entire network.
 Fire Wall
Types of Firewalls

🔹 Network Firewall

✅ Definition:
•A firewall that protects an entire network instead of just one
device.
•Usually installed at entry points like routers, servers, or cloud
gateways.
✅ Example:
•Cisco ASA Firewall used by businesses.
•FortiGate Firewall used in corporate data centers.
✅ Pros:
✔ Provides security to multiple devices at once.
✔ Prevents external threats like hackers and malware.
✅ Cons:
✖ Requires proper configuration.
 Fire Wall
Types of Firewalls based on its Implementation

2️⃣ Software Firewall vs. Hardware Firewall

🔹 Software Firewall

✅ Definition:
•A firewall that runs as a software program on a
computer or server.
✅ Example:
•Windows Defender Firewall, Norton Firewall, McAfee
Firewall.
✅ Pros:
✔ Easy to install and configure.
✔ Suitable for personal and small business use.
✅ Cons:
✖ Consumes system resources (CPU and RAM).
 Fire Wall
Types of Firewalls based on its Implementation

2️⃣ Software Firewall vs. Hardware Firewall

🔹 Hardware Firewall
✅ Definition:
•A physical device that sits between a network and
the internet to filter traffic.
✅ Example:
•Cisco ASA, Palo Alto Networks Firewalls, FortiGate
Firewalls.
✅ Pros:
✔ Does not slow down individual computers.
✔ Provides strong security for business networks.
✅ Cons:
✖ Expensive and requires technical expertise.
 Fire Wall
3️⃣ Packet Filtering Firewall (How It Works)

✅ Definition:
•A firewall that examines each data packet’s header to decide
whether to allow or block it.
✅ How It Works:
•Checks source IP, destination IP, port number, and protocol.
•Uses rules to allow or block packets.
✅ Example Rule:
•"Block all incoming traffic from 192.168.1.100 on port 80
(HTTP)"
✅ Pros:
✔ Simple and fast.
✔ Effective for basic filtering.
✅ Cons:
✖ Cannot inspect actual content inside the packets.
✖ Vulnerable to spoofing attacks.
 Fire Wall
4️⃣ Design Principles of Firewalls

To build an effective firewall, certain security

principles must be followed:
🔹 Least Privilege: Only allow necessary access and
block everything else.
🔹 Defense in Depth: Use multiple layers of security
(firewall + antivirus + monitoring).
🔹 Fail-Safe Defaults: If a rule is missing, block the
connection instead of allowing it.
🔹 Separation of Duties: Different admins manage
different parts of security to reduce risks.
✅ Example:
•A company uses both a hardware firewall and a
software firewall for extra security.
 Fire Wall
🔹 What is a Trusted System?

A Trusted System is a highly secure computing

environment that ensures data confidentiality,
integrity, and availability by following strict security
policies and mechanisms. These systems are
designed to prevent unauthorized access, data
breaches, and cyber threats while maintaining a
high level of reliability.

💡 In simple terms: A Trusted System is a computer

system built with strong security features that users
can rely on to process and store sensitive
information securely.
 Fire Wall
🔹 Key Characteristics of Trusted Systems

🔹 Authentication & Access Control:

•Ensures that only authorized users can access
specific data or system functions.
•Uses multi-factor authentication (MFA),
biometrics, smart cards, or digital certificates for
secure access.
🔹 Data Encryption:
•Encrypts stored and transmitted data to protect it
from unauthorized access.
•Uses AES (Advanced Encryption Standard), RSA, or
SHA-256 encryption algorithms to secure sensitive
data.
 Fire Wall
🔹 Audit and Monitoring:
•Keeps detailed logs of user activities, changes, and
system interactions.
•Helps detect and prevent insider threats and
unauthorized modifications.
🔹 Redundancy and Fault Tolerance:
•Implements backup and failover mechanisms to
ensure continuous operation even in case of failures
or cyberattacks.
🔹 Secure Communication Channels:
•Uses VPNs, TLS/SSL, and encrypted protocols
(HTTPS, SSH) for safe data transmission.
🔹 Defense Against Malware & Attacks:
•Protects against viruses, ransomware, and cyber
threats using firewalls, intrusion detection systems
(IDS), and sandboxing.
 Fire Wall
🔹 Examples of Trusted Systems

1️⃣ Military Networks (Defense Systems) ️

2️⃣ Banking Systems (Financial Security) 🏦
3️⃣ Healthcare Systems (Patient Data Protection) 🏥
4️⃣ Government and Law Enforcement Systems 👮♂️

2️⃣ Banking Systems (Financial Security) 🏦 Example

✅ Use Case:
•Banks need secure systems to protect customer accounts, financial
transactions, and payment processing.
✅ Example:
•SWIFT (Society for Worldwide Interbank Financial
Telecommunication):
• A secure global financial messaging system used by banks for
international money transfers.
• Implements multi-layer encryption, fraud detection, and access
control policies.
 Fire Wall
🔹 Why Are Trusted Systems Important?

✔ Protects sensitive information from hackers,

spies, and cybercriminals.
✔ Ensures only authorized users can access the
system, preventing insider threats.
✔ Maintains data integrity by preventing
unauthorized modifications or corruption.
✔ Provides secure communication channels for
government, military, healthcare, and financial
institutions.
✔ Reduces risks of cyberattacks, such as phishing,
ransomware, and man-in-the-middle (MITM)
attacks.
 Fire Wall
6️⃣ Kerberos Authentication Protocol 🔑
✅ Definition:
•A network authentication protocol that uses cryptographic
keys to securely verify users.
✅ How It Works:
1️⃣ The user logs in and requests authentication.
2️⃣ The Key Distribution Center (KDC) provides a ticket as proof
of identity.
3️⃣ The user presents this ticket to access services.
4️⃣ The server verifies the ticket and allows access.
✅ Example:
•Universities use Kerberos authentication to allow students to
log in once and access email, library, and portal without
entering a password multiple times.
✅ Pros:
✔ Secure authentication using encrypted tickets.
✔ Protects against password sniffing.
✅ Cons:
✖ If the Kerberos server is compromised, all user accounts
are at risk.
 IP Security

🔹 What is IP Security (IPSec)?

IPSec (Internet Protocol Security) is a security

framework that protects data while it travels over
the internet or private networks. It encrypts and
authenticates network traffic to prevent hacking,
spying, and data theft.

💡 Think of IPSec as a security guard for your

internet traffic—it ensures that only the right
people can access the data, and no one can read or
modify it while in transit.
 IP Security
🔹 Uses of IP Security (Why is it important?)

✅ 1️⃣ Secures Data Transmission

🔹 IPSec protects sensitive data, such as bank transactions, emails, and
corporate communications, from hackers.
✅ 2️⃣ Provides Authentication
🔹 Ensures that the sender and receiver are legitimate and not
impersonated by attackers (prevents "man-in-the-middle" attacks).
✅ 3️⃣ Prevents Data Tampering
🔹 Ensures that data is not modified while traveling over the network.
✅ 4️⃣ Enables Secure VPNs (Virtual Private Networks)
🔹 IPSec is widely used in VPNs to create a secure tunnel for remote
access and private communications.
✅ 5️⃣ Supports End-to-End Security
🔹 Works at the IP layer, securing all data traffic without needing
application-level security (unlike HTTPS, which only secures web
traffic).
 IP Security
🔹 Components of IP Security (IPSec)
IPSec consists of three main components:
1️⃣ Authentication Header (AH)
✅ Purpose: Ensures data integrity and authentication but does not
encrypt data.
✅ Example: If you send a message to a friend, AH ensures that the
message was not changed by anyone in between, but it does not hide the
message content.
2️⃣ Encapsulating Security Payload (ESP)
✅ Purpose: Provides encryption, authentication, and integrity of data.
✅ Example: If you send a confidential email, ESP encrypts the message so
that only the receiver can read it.
3️⃣ Security Associations (SA)
✅ Purpose: Defines security policies for data exchange between two
devices.
✅ Example: Two companies using a VPN agree on encryption algorithms
and authentication methods before sharing data.
 IP Security
🔹 IPSec Architecture (How does it work?)

IPSec operates in two modes:

🔷 1️⃣ Transport Mode (Used for Direct Communication)
✔ Encrypts only the data (payload), not the IP header.
✔ Commonly used for internal communication within an
organization.
🔹 Example: A company secures emails sent between
employees within the same office network.
🔷 2️⃣ Tunnel Mode (Used for VPNs)
✔ Encrypts both the data and the IP header.
✔ Used for secure communication over the internet (e.g., in
VPNs).
🔹 Example: An employee working from home connects to the
company’s internal network via VPN, ensuring all data
remains private.
 IP Security
🔹 Example of How IPSec Works in VPNs

Let’s say Alice (employee) works remotely and wants to

access her company’s internal network securely.

✅ Step 1: Alice connects to a VPN using IPSec.

✅ Step 2: IPSec encrypts her internet traffic, ensuring
no hacker can read or modify the data.
✅ Step 3: The company’s firewall decrypts the data,
allowing Alice to access internal resources securely.

💡 Without IPSec, hackers could steal passwords, spy

on emails, or modify financial transactions.
 Virtual Private Network (VPN)
Virtual Private Network (VPN) –

🔹 What is a VPN? (Introduction)

A VPN (Virtual Private Network) is a technology that

creates a secure and encrypted connection between a
user and the internet. It allows users to access the
internet safely and privately by routing their traffic
through a remote server, hiding their real IP address.

💡 Think of a VPN as a private tunnel on the internet

that keeps your data safe from hackers, governments,
and ISPs (Internet Service Providers).
 Virtual Private Network (VPN)
Virtual Private Network (VPN) –

✅ Why Do We Use a VPN?

🔹 Privacy: Hides your real IP address and prevents

websites from tracking your location.
🔹 Security: Encrypts your internet traffic to protect
against hackers, especially on public Wi-Fi.
🔹 Access Restricted Content: Allows you to bypass geo-
restrictions (e.g., watching Netflix content from other
countries).
🔹 Safe Remote Work: Employees can securely access
company networks from anywhere in the world.
 Virtual Private Network (VPN)
Virtual Private Network (VPN) –

🔹 VPN Architecture (How Does a VPN Work?)

A VPN consists of three main components:

1️⃣ VPN Client (User Device) 💻
✔ The software or app installed on a user's device
(computer, phone, tablet).
✔ The VPN client encrypts all outgoing internet
traffic before sending it through the VPN tunnel.
🔹 Example: A remote worker uses a VPN app on
their laptop to connect to their company's internal
network securely.
 Virtual Private Network (VPN)
Virtual Private Network (VPN) –

🔹 VPN Architecture (How Does a VPN Work?)

2️⃣ VPN Server 🌐

✔ A remote computer that receives encrypted data

from the user and forwards it to the internet.
✔ It assigns a new IP address to hide the user’s real
location.
🔹 Example: If you're in India but connect to a VPN
server in the USA, websites will think you're browsing
from the USA.
 Virtual Private Network (VPN)
Virtual Private Network (VPN) –

🔹 VPN Architecture (How Does a VPN Work?)

3️⃣ VPN Tunnel 🔒

✔ A secure, encrypted pathway between the VPN

client and VPN server.
✔ Prevents hackers and ISPs from spying on data.

🔹 Example: When using public Wi-Fi at an airport, a

VPN tunnel hides your data from cybercriminals.
 Virtual Private Network (VPN)
Virtual Private Network (VPN) –

🔹 Types of VPN Architecture

1️⃣ Remote Access VPN (For Individual Users) 🎧

✔ Used by individuals to securely connect to the internet.
✔ Common for remote workers accessing a company network.
🔹 Example: An employee working from home connects to their company’s VPN to access
internal files securely.

2️⃣ Site-to-Site VPN (For Organizations) 🏢

✔ Connects two or more office locations securely over the internet.
✔ Used by companies with multiple branches to share data safely.
🔹 Example: A company with offices in New York and London uses a site-to-site VPN to
share internal resources securely.
 Virtual Private Network (VPN)
Virtual Private Network (VPN) –
🔹 How a VPN Works (Step-by-Step)

1️⃣ User connects to a VPN app (client) on their device.

2️⃣ VPN encrypts the user’s internet traffic.
3️⃣ The data is sent through a secure tunnel to the VPN server.
4️⃣ The VPN server assigns a new IP address to the user.
5️⃣ The encrypted data is sent to the internet, appearing as if it came from the VPN server.

🔹 Real-World Example: Using a VPN for Netflix 📺

🔹 Suppose you're in India, but you want to watch a TV show available only in the USA on
Netflix.
🔹 You connect to a VPN server in the USA.
🔹 Netflix thinks you're browsing from the USA and unlocks the content.
🔹 Your real location remains hidden.
 Intrusion Detection
🔹 What is Intrusion Detection?

Intrusion Detection refers to the process of

monitoring network or system activities to identify
unauthorized access, attacks, or security threats. It
helps in detecting hackers, malware, and suspicious
activities before they can cause serious damage.

🔹 Example: Imagine you have a security camera

installed at your home. If an intruder tries to break
in, the camera detects the unusual activity and
sends an alert. Similarly, Intrusion Detection
Systems (IDS) monitor networks and computers for
suspicious behavior.
 Intrusion Detection

🔹 Types of Intrusion Detection Systems (IDS)

There are two main types of Intrusion Detection Systems (IDS):
1️⃣ Host-Based Intrusion Detection System (HIDS) ️
✔ Installed directly on a computer or server.
✔ Monitors system files, logs, and processes for unusual activity.
✔ Alerts if any unauthorized changes occur.
🔹 Example: An IDS installed on a bank’s database server detects if an employee tries to
access restricted financial records.
2️⃣ Network-Based Intrusion Detection System (NIDS) 🌐
✔ Monitors the entire network traffic for malicious activities.
✔ Detects hacking attempts, malware, and data breaches.
✔ Works by analyzing incoming and outgoing data packets.
🔹 Example: A NIDS system installed in a company network detects a hacker trying to
break into an internal database.
 Intrusion Detection
🔹 Classification of Intrusion Detection (How IDS Works?)
There are two main ways IDS detects intrusions:

1️⃣ Signature-Based Detection 🛑 (Known Attacks)

✔ Works like an antivirus – it detects threats based on a predefined list of attack
signatures.
✔ It is effective for known attacks but cannot detect new threats.
🔹 Example: A company’s IDS system blocks a hacker’s attack because it recognizes the
hacker’s behavior from a previous incident.
2️⃣ Anomaly-Based Detection ⚠️ (Unknown Attacks)
✔ Detects unusual or abnormal activities that deviate from normal behavior.
✔ Uses Machine Learning (AI) to identify new and unknown threats.
✔ Effective against zero-day attacks (new hacking techniques).
🔹 Example: If an employee logs into the company server at 3 AM from a different
country, an anomaly-based IDS detects this suspicious behavior and alerts the security
team.
 Intrusion Detection
🔹 How Intrusion Detection Works? (Step-by-Step Process)

1️⃣ Monitoring: IDS continuously observes system/network activities.

2️⃣ Detection: Identifies suspicious behavior using signature-based or anomaly-based
detection.
3️⃣ Alerting: Sends an alert to the security team if a potential threat is found.
4️⃣ Response: The organization investigates and takes action (blocking the attacker,
strengthening security, etc.).

🔹 Real-World Example of IDS in Action

🔹 Scenario: A hacker sends multiple fake login requests to a company's website to guess a
password (Brute Force Attack).
🔹 How IDS Helps: The company’s IDS detects this unusual login attempt pattern and
blocks the hacker’s IP address automatically.
 Web Security Threats and Protection Approaches
🔹 Web Security Threats
Web security threats are cyber attacks that target
websites, web applications, or web servers. These
attacks aim to steal data, disrupt services, or gain
unauthorized access.
Common Web Security Threats:
1️⃣ Phishing 🎣
•Fake emails or websites trick users into revealing
personal data.
•Example: A fake banking website asks users to enter
their login details.
2️⃣ SQL Injection (SQLi) 🛠
•Hackers insert malicious SQL code into input fields to
access a database.
•Example: Entering " OR 1=1 --“in a login field could
trick the system into logging in without a password.
 Web Security Threats and Protection Approaches
3️⃣ Cross-Site Scripting (XSS) 🖥
•Attackers inject malicious scripts into web pages to steal
user data.
•Example: A hacker embeds JavaScript into a comment
box that sends users’ cookies to them.
4️⃣ Denial-of-Service (DoS) & Distributed DoS (DDoS) 🛑
•Hackers flood a website with traffic, making it slow or
unavailable.
•Example: A botnet sends millions of fake requests to a
shopping website, crashing it.
5️⃣ Man-in-the-Middle (MITM) Attack 🎭
•An attacker intercepts data between two parties.
•Example: Public Wi-Fi hackers capture login credentials
during online banking.
 Web Security Threats and Protection Approaches
🔹 Approaches to Web Security (How to Protect Websites?)
1️⃣ Use HTTPS with SSL/TLS 🔒
•Ensures secure communication between a website and users.
•Example: A bank website uses HTTPS to encrypt customer transactions.
2️⃣ Web Application Firewall (WAF) 🚧
•Blocks malicious traffic before it reaches a website.
•Example: A WAF detects and stops an SQL injection attack.
3️⃣ Regular Security Updates & Patching 🔄
•Fix vulnerabilities in web applications.
•Example: A company updates its CMS software to prevent attacks.
4️⃣ Multi-Factor Authentication (MFA) 🔑
•Requires an additional verification step besides a password.
•Example: Logging in requires both a password and an OTP sent via SMS.
5️⃣ Secure Coding Practices 🖥
•Developers write code that avoids vulnerabilities like XSS and SQL injection.
•Example: Using prepared statements in SQL queries to prevent SQLi.
 SSL Architecture and Protocol

🔹What is SSL?

✔ SSL (Secure Sockets Layer) is a protocol that

encrypts communication between a web browser
and a web server to prevent hackers from
intercepting data.
✔ It uses public and private key encryption to
ensure secure transmission.
✔ SSL has been replaced by TLS (Transport Layer
Security), but the term “SSL” is still widely used.
 SSL Architecture and Protocol
🔹 SSL Architecture
SSL consists of three main components:
1️⃣ Handshake Protocol 🤝
•Establishes a secure connection between the
client and server.
•Example: When a user visits a secure website,
their browser and the website agree on
encryption methods.
2️⃣ Record Protocol 📄
•Encrypts the actual data being transmitted.
•Example: A credit card number entered on an e-
commerce site is encrypted before being sent.
3️⃣ Alert Protocol ⚠
•Sends error messages in case of security issues.
•Example: A warning appears when a website’s
SSL certificate is expired.
 SSL Architecture and Protocol

🔹 SSL/TLS Protocol Steps (How SSL Works?)

1️⃣ Client Hello – The browser requests a secure

connection from the server.
2️⃣ Server Hello – The server responds with an SSL
certificate and encryption details.
3️⃣ Key Exchange – The browser and server agree
on a secret key.
4️⃣ Secure Communication – Data is encrypted and
transmitted securely.
5️⃣ Connection Termination – The session ends
when the communication is complete.
 TLS Architecture and Protocol

🔹 Transport Layer Security (TLS)

✔ TLS is the upgraded version of SSL and provides
better security.
✔ TLS 1.3 is the latest version and is faster and
more secure than previous versions.
✔ TLS vs SSL:
•TLS uses stronger encryption algorithms.
•TLS is more efficient in performance.
•Modern web browsers no longer support SSL
(only TLS).
🔹 Example of TLS in Action:
•A bank website uses TLS encryption to protect
user logins and transactions.
•An email provider secures messages using TLS
encryption between mail servers.
 TLS Architecture and Protocol
🔹 Real-Life Applications of TLS
1️⃣ Web Browsing (HTTPS)
•TLS encrypts website traffic to protect user data.
•Example: https://www.amazon.com uses TLS to secure online shopping transactions.
2️⃣ Email Encryption (SMTP, IMAP, POP3 over TLS)
•Secures email communication to prevent interception.
•Example: Gmail uses TLS to encrypt emails sent between users.
3️⃣ Online Banking & Payments
•Protects sensitive transactions, preventing hackers from stealing information.
•Example: PayPal and bank websites use TLS for secure payments.
4️⃣ Virtual Private Networks (VPNs)
•TLS encrypts VPN traffic to secure internet connections.
•Example: A company VPN uses TLS to allow employees to access the company network
securely.
5️⃣ VoIP (Voice Calls Over the Internet)
•TLS secures voice and video communication.
•Example: Apps like Zoom and WhatsApp use TLS to protect calls.
 TLS Architecture and Protocol
🔹 Steps in TLS Handshake (How TLS Establishes a Secure Connection)
1️⃣ Client Hello:
•The client (browser) sends a request to the server (website), specifying supported encryption
algorithms.
2️⃣ Server Hello:
•The server responds with its SSL/TLS certificate, encryption method, and a unique session
key.
3️⃣ Key Exchange:
•The client verifies the server’s certificate and uses asymmetric encryption to establish a
shared secret key.
4️⃣ Session Encryption Begins:
•Both parties switch to symmetric encryption using the shared key for secure communication.
5️⃣ Secure Data Transmission:
•The client and server exchange encrypted data securely.
6️⃣ Session Termination:
•Once communication is complete, the session ends securely.