Network Security

Cybersecurity
 Network Security Overview
Network security is the activity created to protect the integrity of the network and data. Every
company or organization that handles a large amount of data, has a degree of solutions against many
cyber threats.
Any action intended to safeguard the integrity and usefulness of the data and network is known as
network security. This is a broad, all-encompassing phrase that covers software and hardware
solutions, as well as procedures, guidelines, and setups for network usage, accessibility, and general
threat protection.
Network security consists of policies and practices adopted to prevent monitor from unauthorized
access, misuse, modification, denial of a computer network and network accessible resources.
 Types of Network Security
Importantly there are 15 types of Network Security as follows:
● Wired & Wireless Networks ● Data loss Prevention

● Firewall ● Intrusion Prevention Systems

● EMail Security ● Mobile Device Security

● Anti-Virus & Anti-Malware Software ● Security Information

● Network Segmentation ● VPN

● Access Control ● Web Security

● Application Security ● Wireless Security

● Behavioral Analytics
Wired and Wireless Networks
 In a wired network, devices are connected to each other using cables.
Typically, wired networks are based on Ethernet Protocol, where devices are
connected using the Unshielded Twisted Pair (UTP) cables to different switches.
These switches are further connected to the network router for accessing the
internet.

In wireless network, the device is connected to an access point through

radio transmissions. The access points are further connected through cables to
switch/router for external network access.

Wireless networks have gained popularity due to the mobility offered by

them.Mobile devices need not be tied to a cable and can roam freely within the
wireless network range. This ensures efficient information sharing and boosts
productivity.
 Firewalls
Firewalls put up a barrier between your trusted internal
network and untrusted outside networks, such as the Internet.
They use a set of defined rules to allow or block traffic. A firewall
can be hardware, software, or both. Cisco offers unified threat
management (UTM) devices and threat-focused next generation
firewalls.
 Firewall Services

● Packet Filtering
● Stateful Packet Inspection
● Proxying
● Network Address Translation
 Packet Filtering

Packet Filtering is one of the core services provided by firewalls. Packets can
be filtered (permitted or denied) based on a wide range of criteria:

● Source Address
● Destination Address
● Protocol Type (IP, TCP, UDP, ICMP, ESP, etc)
● Source Port
● Destination Port
 Stateful Packet Inspection
Stateful packet inspection provides services beyond simple packet- filtering, by additionally
tracking TCP or UDP sessions between devices.

For example, stateful inspection can track connections that originate from the trusted
network. This session information is kept in a state session table, which allows temporary holes to be
opened in the firewall for the return traffic, which might otherwise be denied.

Connections from the untrusted network to the trusted network are also monitored, to prevent
Denial of Service (DoS) attacks. If a high number of half-open sessions are detected, the firewall can be
configured to drop the session (and even block the source), or send an alert message indicating an
attack is occurring.

A half-open TCP session indicates that the three-way handshake has not yet completed. A
half-open UDP session indicates that no return UDP traffic has been detected. A large number of half-
opened sessions will chew up resources, while preventing legitimate connections from being established.
 Proxying
A proxy server, by definition, is used to make a request on behalf of another device. It essentially
serves as a middle-man for communication between devices. This provides an element of security, by
hiding the actual requesting source. All traffic will seem to be originated from the proxy itself.

Traditionally, proxy servers were used to cache a local copy of requested external data. This
improved performance in limited-bandwidth environments, allowing clients to request data from the proxy,
instead of the actual external source.

Other services that proxy servers can provide:

• Logging
• Content Filtering
• Authentication
 Network Address Translation
NAT (Network Address Translation)

The rapid growth of the Internet resulted in a shortage of IPv4 addresses. In response, the powers that
be designated a specific subset of the IPv4 address space to be private, to temporarily alleviate this
problem.

A public address can be routed on the Internet. Thus, devices that should be Internet accessible (such
web or email servers) must be configured with public addresses.

A private address is only intended for use within an organization, and can never be routed on the
internet.
 Email Security
Email gateways are the number one threat vector for a
security breach. Attackers use personal information and social
engineering tactics to build sophisticated phishing campaigns to
deceive recipients and send them to sites serving up malware.
An email security application blocks incoming attacks and
controls outbound messages to prevent the loss of sensitive
data.
Anti-Virus & for
"Malware," short Anti-Malware
"malicious software," Software
includes viruses,
worms, Trojans, ransomware, and spyware. Sometimes malware
will infect a network but lie dormant for days or even weeks. The
best antimalware programs not only scan for malware upon
entry, but also continuously track files afterward to find
anomalies, remove malware, and fix damage.
 Network Segmentation
Software-defined segmentation puts network traffic into different
classifications and makes enforcing security policies easier. Ideally, the
classifications are based on endpoint identity, not mere IP addresses.
You can assign access rights based on role, location, and more so that
the right level of access is given to the right people and suspicious
devices are contained and remediated.
 Access Control
Not every user should have access to your network. To keep
out potential attackers, you need to recognize each user and
each device. Then you can enforce your security policies. You
can block noncompliant endpoint devices or give them only
limited access. This process is network access control (NAC).
 Application Security
Any software you use to run your business needs to be
protected, whether your IT staff builds it or whether you buy it.
Unfortunately, any application may contain holes, or
vulnerabilities, that attackers can use to infiltrate your network.
Application security encompasses the hardware, software, and
processes you use to close those holes.
 Behavioral Analysis
To detect abnormal network behavior, you must know what
normal behavior looks like. Behavioral analytics tools
automatically discern activities that deviate from the norm. Your
security team can then better identify indicators of compromise
that pose a potential problem and quickly remediate threats.
 Data Loss Prevention
Organizations must make sure that their staff does not send
sensitive information outside the network. Data loss prevention,
or DLP, technologies can stop people from uploading,
forwarding, or even printing critical information in an unsafe
manner.
 Intrusion Prevention System
An intrusion prevention system (IPS) scans network traffic to
actively block attacks. Cisco Next-Generation IPS (NGIPS)
appliances do this by correlating huge amounts of global threat
intelligence to not only block malicious activity but also track the
progression of suspect files and malware across the network to
prevent the spread of outbreaks and reinfection.
 Mobile Device Security
Cybercriminals are increasingly targeting mobile devices and
apps. Within the next 3 years, 90 percent of IT organizations may
support corporate applications on personal mobile devices. Of
course, you need to control which devices can access your
network. You will also need to configure their connections to
keep network traffic private.
 Security Information
SIEM products pull together the information that your
security staff needs to identify and respond to threats. These
products come in various forms, including physical and virtual
appliances and server software.
 Virtual Private Network
A virtual private network encrypts the connection from an
endpoint to a network, often over the Internet. Typically, a
remote-access VPN uses IPsec or Secure Sockets Layer to
authenticate the communication between device and network.
 Web Security
A web security solution will control your staff’s web use,
block web-based threats, and deny access to malicious websites.
It will protect your web gateway on site or in the cloud. "Web
security" also refers to the steps you take to protect your own
website.
 Wireless Security
Wireless networks are not as secure as wired ones. Without
stringent security measures, installing a wireless LAN can be like
putting Ethernet ports everywhere, including the parking lot. To
prevent an exploit from taking hold, you need products
specifically designed to protect a wireless network.
Steps to improve Network Security
● Establish and enforce a proven password strategy
● Use a secure backup plan
● Purchase Some protection
● Create a security culture
 Zero-Trust Network Access
Zero Trust Network Access (ZTNA) is an IT security solution that provides
secure remote access to an organization’s applications, data, and services based
on clearly defined access control policies. ZTNA differs from virtual private
networks (VPNs) in that they grant access only to specific services or
applications, where VPNs grant access to an entire network. As an increasing
number of users access resources from home or elsewhere, ZTNA solutions can
help eliminate gaps in other secure remote access technologies and methods.
 OSI Model
The OSI model, created in 1984 by ISO, is a reference framework that
explains the process of transmitting data between computers. It is divided into
seven layers that work together to carry out specialised network functions,
allowing for a more systematic approach to networking.
 7 Layers of OSI
● Application Layer
● Presentation Layer
● Session Layer
● Transport Layer
● Network Layer
● Data-Link Layer
● Physical Layer
 Physical Layer
The lowest layer of the OSI reference model is the physical layer. It is
responsible for the actual physical connection between the devices. The physical
layer contains information in the form of bits. It is responsible for transmitting
individual bits from one node to the next. When receiving data, this layer will
get the signal received and convert it into 0s and 1s and send them to the Data
Link layer, which will put the frame back together.
 Functions of Physical Layer:

● Bit synchronization: The physical layer provides the synchronization of the bits by providing
a clock. This clock controls both sender and receiver thus providing synchronization at the bit
level.
● Bit rate control: The Physical layer also defines the transmission rate i.e. the number of bits
sent per second.
● Physical topologies: Physical layer specifies how the different, devices/nodes are arranged in
a network i.e. bus, star, or mesh topology.
● Transmission mode: Physical layer also defines how the data flows between the two
connected devices. The various transmission modes possible are Simplex, half-duplex and
full-duplex.

Note:

1. Hub, Repeater, Modem, and Cables are Physical Layer devices.

2. Network Layer, Data Link Layer, and Physical Layer are also known as Lower Layers or Hardware Layers.
 Data-Link Layer
The data link layer is responsible for the node-to-node delivery of the message. The main function of this
layer is to make sure data transfer is error-free from one node to another, over the physical layer. When a
packet arrives in a network, it is the responsibility of the DLL to transmit it to the Host using its MAC
address.
The Data Link Layer is divided into two sublayers:

1. Logical Link Control (LLC)

2. Media Access Control (MAC)

The packet received from the Network layer is further divided into frames depending on the frame size of
the NIC(Network Interface Card). DLL also encapsulates Sender and Receiver’s MAC address in the header.
The Receiver’s MAC address is obtained by placing an ARP(Address Resolution Protocol) request onto the
wire asking “Who has that IP address?” and the destination host will reply with its MAC address.
Functions of the Data Link Layer:

● Framing: Framing is a function of the data link layer. It provides a way for a sender to transmit a set
of bits that are meaningful to the receiver. This can be accomplished by attaching special bit
patterns to the beginning and end of the frame.
● Physical addressing: After creating frames, the Data link layer adds physical addresses (MAC
addresses) of the sender and/or receiver in the header of each frame.
● Error control: The data link layer provides the mechanism of error control in which it detects and
retransmits damaged or lost frames.
● Flow Control: The data rate must be constant on both sides else the data may get corrupted thus,
flow control coordinates the amount of data that can be sent before receiving an
acknowledgment.
● Access control: When a single communication channel is shared by multiple devices, the MAC sub-
layer of the data link layer helps to determine which device has control over the channel at a given
time.
Note:

1. Packet in the Data Link layer is referred to as Frame.

2. Data Link layer is handled by the NIC (Network Interface Card) and device drivers of host
 Network Layer
The network layer works for the transmission of data from one host to the
other located in different networks. It also takes care of packet routing i.e.
selection of the shortest path to transmit the packet, from the number of routes
available. The sender & receiver’s IP addresses are placed in the header by the
network layer.
Functions of the Network Layer:

● Routing: The network layer protocols determine which route is suitable from
source to destination. This function of the network layer is known as routing.
● Logical Addressing: To identify each device on Internetwork uniquely, the network
layer defines an addressing scheme. The sender & receiver’s IP addresses are
placed in the header by the network layer. Such an address distinguishes each
device uniquely and universally.

Note:

1. Segment in the Network layer is referred to as Packet.

2. Network layer is implemented by networking devices such as routers and switches.
 Transport Layer
The transport layer provides services to the application layer and takes
services from the network layer. The data in the transport layer is referred to as
Segments. It is responsible for the end-to-end delivery of the complete message.
The transport layer also provides the acknowledgment of the successful data
transmission and re-transmits the data if an error is found.
At the sender’s side: The transport layer receives the formatted data from the
upper layers, performs Segmentation, and also implements Flow and error
control to ensure proper data transmission. It also adds Source and Destination
port numbers in its header and forwards the segmented data to the Network
Layer.
Note: The sender needs to know the port number associated with the receiver’s
application.
Generally, this destination port number is configured, either by default or manually. For
example, when a web application requests a web server, it typically uses port number 80,
because this is the default port assigned to web applications. Many applications have
default ports assigned.
At the receiver’s side: Transport Layer reads the port number from its header and
forwards the Data which it has received to the respective application. It also performs
sequencing and reassembling of the segmented data.
Functions of the Transport Layer :

● Segmentation and Reassembly: This layer accepts the message from the (session)
layer, and breaks the message into smaller units. Each of the segments produced has
a header associated with it. The transport layer at the destination station
reassembles the message.
● Service Point Addressing: To deliver the message to the correct process, the
transport layer header includes a type of address called service point address or port
address. Thus by specifying this address, the transport layer makes sure that the
message is delivered to the correct process.
Services Provided by Transport Layer :

1. Connection-Oriented Service
2. Connectionless Service

1. Connection-Oriented Service: It is a three-phase process that includes

● Connection Establishment
● Data Transfer
● Termination/disconnection

In this type of transmission, the receiving device sends an acknowledgment, back to the
source after a packet or group of packets is received. This type of transmission is reliable
and secure.
Note:

1. Data in the Transport Layer is called Segments.

2. Transport layer is operated by the Operating System. It is a part of the OS and
communicates with the Application Layer by making system calls.
3. The transport layer is called as Heart of the OSI model.
4. Device or Protocol Use : TCP, UDP NetBIOS, PPTP
 Session Layer
This layer is responsible for the establishment of connection, maintenance of sessions, and
authentication, and also ensures security.

Functions of the Session Layer

● Session establishment, maintenance, and termination: The layer allows the two processes
to establish, use, and terminate a connection.
● Synchronization: This layer allows a process to add checkpoints that are considered
synchronization points in the data. These synchronization points help to identify the error so
that the data is re-synchronized properly, and ends of the messages are not cut prematurely
and data loss is avoided.
● Dialog Controller: The session layer allows two systems to start communication with each
other in half-duplex or full-duplex.
Note:

1. All the below 3 layers(including Session Layer) are integrated as a

single layer in the TCP/IP model as the application Layer”.
2. Implementation of these 3 layers is done by the network application
itself. These are also known as Upper Layers or Software Layers.
3. Device or Protocol Use : NetBIOS, PPTP.
For example:-
Let us consider a scenario where a user wants to send a message through some
Messenger application running in his browser. The “Messenger” here acts as the
application layer which provides the user with an interface to create the data. This
message or so-called Data is compressed, encrypted (if any secure data), and converted
into bits (0’s and 1’s) so that it can be transmitted.
 Presentation Layer
The presentation layer is also called the Translation layer. The data from the application layer is
extracted here and manipulated as per the required format to transmit over the network.

Functions of the Presentation Layer

● Translation: For example, ASCII to EBCDIC.

● Encryption/ Decryption: Data encryption translates the data into another form or code. The
encrypted data is known as the ciphertext and the decrypted data is known as plain text. A
key value is used for encrypting as well as decrypting data.
● Compression: Reduces the number of bits that need to be transmitted on the network.

Note: Device or Protocol Use: JPEG, MPEG, GIF

 Application Layer
At the very top of the OSI Reference Model stack of layers, we find the Application
layer which is implemented by the network applications. These applications produce the
data, which has to be transferred over the network. This layer also serves as a window for
the application services to access the network and for displaying the received information
to the user.
Example: Application – Browsers, Skype Messenger, etc.

Note:

1. The application Layer is also called Desktop Layer.

2. Device or Protocol Use : SMTP

Functions of the Application Layer:

The main functions of the application layer are given below.

● Network Virtual Terminal: It allows a user to log on to a remote host.

● FTAM- File transfer access and management: This application allows a user to
access files in a remote host, retrieve files in a remote host, and manage or
control files from a remote computer.
● Mail Services: Provide email service.
● Directory Services: This application provides distributed database sources
and access for global information about various objects and services.

Note: OSI model acts as a reference model and is not implemented on the Internet because of its
late invention. The current model being used is the TCP/IP model.
 Flow of Data in OSI Model
When we transfer information from one device to another, it travels through 7 layers of
OSI model. First data travels down through 7 layers from the sender’s end and then
climbs back 7 layers on the receiver’s end.
Let’s look at it with an Example:
Luffy sends an e-mail to his friend Zoro.

Step 1: Luffy interacts with e-mail application like Gmail, outlook, etc. Writes his email to
send. (This happens in Layer 7: Application layer)
Step 2: Mail application prepares for data transmission like encrypting data and formatting it for
transmission. (This happens in Layer 6: Presentation Layer)
Step 3: There is a connection established between the sender and receiver on the internet. (This
happens in Layer 5: Session Layer)
Step 4: Email data is broken into smaller segments. It adds sequence number and error-checking
information to maintain the reliability of the information. (This happens in Layer 4: Transport Layer)
Step 5: Addressing of packets is done in order to find the best route for transfer. (This happens in
Layer 3: Network Layer)
Step 6: Data packets are encapsulated into frames, then MAC address is added for local devices and
then it checks for error using error detection. (This happens in Layer 2: Data Link Layer)
Step 7: Lastly Frames are transmitted in the form of electrical/ optical signals over a physical network
medium like ethernet cable or WiFi.
After the email reaches the receiver i.e. Zoro, the process will reverse and decrypt the e-mail
content. At last, the email will be shown on Zoro’s email client.
 TCP/IP
TCP/IP stands for Transmission Control Protocol/Internet
Protocol and is a suite of communication protocols used to
interconnect network devices on the internet. TCP/IP is also
used as a communications protocol in a private computer
network (an intranet or extranet).
 The main work of TCP/IP is to transfer the data of a computer
from one device to another. The main condition of this process is
to make data reliable and accurate so that the receiver will
receive the same information which is sent by the sender. To
ensure that, each message reaches its final destination
accurately, the TCP/IP model divides its data into packets and
combines them at the other end, which helps in maintaining the
accuracy of the data while transferring from one end to another
end.
 Difference between TCP & IP
TCP and IP are different protocols of Computer Networks.
The basic difference between TCP (Transmission Control
Protocol) and IP (Internet Protocol) is in the transmission of
data. In simple words, IP finds the destination of the mail and
TCP has the work to send and receive the mail. UDP is another
protocol, which does not require IP to communicate with
another computer. IP is required by only TCP. This is the basic
difference between TCP and IP.
 How does TCP/IP model work?
Whenever we want to send something over the internet
using the TCP/IP Model, the TCP/IP Model divides the data into
packets at the sender’s end and the same packets have to be
recombined at the receiver’s end to form the same data, and
this thing happens to maintain the accuracy of the data. TCP/IP
model divides the data into a 4-layer procedure, where the data
first go into this layer in one order and again in reverse order to
get organized in the same way at the receiver’s end.
 Layers of TCP/IP
● Application Layer
● Transport Layer
● Network Layer
● Data Link Layer
 OSI Vs TCP/IP Model
Some key differences between the OSI model and the TCP/IP Model are:

1. TCP/IP model consists of 4 layers but OSI model has 7 layers. Layers 5,6,7 of the OSI model
are combined into the Application Layer of TCP/IP model and OSI layers 1 and 2 are
combined into Network Access Layers of TCP/IP protocol.
2. The TCP/IP model is older than the OSI model, hence it is a foundational protocol that
defines how should data be transferred online.
3. Compared to the OSI model, the TCP/IP model has less strict layer boundaries.
4. All layers of the TCP/IP model are needed for data transmission but in the OSI model, some
applications can skip certain layers. Only layers 1,2 and 3 of the OSI model are necessary for
data transmission.
 Email Security
Email security is the process of ensuring the availability, integrity and authenticity of
email communications by protecting against unauthorized access and email threats. Email
enables billions of connected people and organizations to communicate with one another to
send messages. Since email is at the foundation of how the internet is used, it has long
been a target for malicious attacks.

Email security aims to help prevent attacks and abuse of email communication
systems. Within the domain of email security, there are various email security protocols that
technology standards organizations have proposed and recommended to help limit email
risks. Protocols can be deployed by email clients and email servers, such as Microsoft
Exchange and Microsoft 365, to help ensure the secure transit of email. Looking beyond just
protocols, email security gateways can help organizations and individuals to protect email
from various threats.
 Types of Email Attacks
● Phishing
● Spamming
● Malware Delivery
● Business Email Compromise (BEC)
● Ransomware
● Man-in-the-Middle Attack
● Data Exfiltration
 Benefits of Email Security
● Availability
● Authenticity
● Fraud Prevention
● Malware Prevention
● Phishing Protection
● Real-Time Defense
 Best Practises of Email Security
● Enforce Encrypted Connections
● Encrypt Email
● Create Strong Passwords
● Use 2FA or MFA
● Train on Anti-Phishing
● Use Domain Authentication
● Employ a secure Email Gateway
● Use secure Wi-Fi networks
 Some of the common features and functionalities offered by most of
the Email security tools are:

● Malware and Antivirus

● Spam & Phishing Detection
● Email Encryption
● Data Loss Prevention
● Anti-Spoofing
● Reporting and Analytics
Thank You