Computer Security

Chapter-Four

Network Security

1
Outline
 Network security basics.
 Threats on network.
 Trust, Weaknesses, Risk and Vulnerabilities.
 TCP/IP Suit Weaknesses and Buffer Overflows.
 Network security protocols.
 Application layer security.
 Web security.
 E-mail security.
 Transport layer security.
 Network layer security.
 Link layer security.
 Physical security.
 Wireless security.
2
Network Security

3
Cont.…

4
 Cont.…
 Network security focuses on Internet/Intranet security (TCP/IP
based networks). And attacks that use security holes of the
network protocol and their defense mechanisms.
 Applications, systems, and networks can be made secure through
the use of security protocols which provide a wide range of
encryption and authentication services.
 Each security protocol is placed within several layers of a
computing infrastructure, that is, network, transport, and
application layers.
 Security at the network layer is provided with IPSec and at
5
Cont.…

6
 Threats on Network
 Attackers abuse vulnerabilities of every protocol at every layer of
the OSI model to achieve their goals. Spoofing and phishing are
the most common types of attack to a network security.
 Spoofing attack:- is situation in which one person or program
successfully replicate another by falsifying data and thereby
gaining an illegitimate advantage.
 IP spoofing:- Putting a wrong IP address in the source IP
address of an IP packet.
 DNS spoofing:-Changing the DNS information so that it directs
to a wrong machine.
7
 Cont.…
 URL spoofing/Webpage phishing:-A legitimate web page
such as a bank's site is reproduced in "look and feel" on
another server under control of the attacker. This technique
often directs users to enter detailed information at a fake
website which appears almost identical to the legitimate one.
 Popular method of phishing is:-
 sending legitimate looking email containing a link to the fake
website.
 Registering fake website with a misspelled URL of popular
websites
8
Cont.…

9
 Network Layer Security: IP security (IPSec) overview
• IPSec is a set of security algorithms plus a general framework
that allows a pair of communicating entities to use whichever
algorithms provide security appropriate for the communication.
• Applications of IPSec.
• Secure branch office connectivity over the Internet: A company can
build a secure virtual private network over the Interenet or over a
public WAN.
• Secure remote access over the Internet: End user whose system is
equipped with IP secrity protocols can make a local call to an
interenet service provider(ISP) and gain access to a company
network.
10
 Benefits of IPSec
 When IPSec is implemented in a firewall or router, it provides strong
security that can be applied to all traffic crossing perimeter.
 IPSec in a firewall is resistant to bypass if all traffic from the outside must
use IP, and the firewall is the only means of entrance from Internet into
the organization.
 IPSec is below the transport layer(TCP, UDP) and so is transparent to
applications. There is no need to change software on a user or server
system when IPSec is implemented in the firewall or router.
 IPSec can be transparent to end users. There is no need to train users on
security mechanism.
 IPSec can provide security for individual users if needed.
11
 IPSec Routing Application
• IPSec can assure that:
• A router advertisement( a new router advertises its
presence)comes from authorized router.
• A neighbor advertisement(a router seeks to establish or
maintain a neighbor relationship with a router in another
routing domain) comes from an authorized router.
• A redirect message comes from the router to which the initial
packet was sent.
• A routing update is not forged.

12
 IPsec Archie: IP security (IPSec) services
• IPSec provides security services at the IP layer by enabling a system to
select required security protocols, determine the algorithms(s) to use
for the service(s) and put in place any cryptographic key required to
provide the requested services.
• Two protocols are used to provide security:
• Authentication Protocol & Combination of encryption/authentication protocol
• The service are as follows:-
• Access Control.
• Connectionless integrity.
• Data origin authentication.
• Rejection of replayed packets.
• Confidentiality (encryption).
13
Network Layer: IP security scenario …

14
 Cont.…
 IP security (IPSec) is a capability that can be added to Internet
Protocol (IPv4 or IPv6), by means of additional headers.
 IPSec includes three functional areas: authentication,
confidentiality, and key management.
 Authentication makes use of Hash algorithms (SHA,MD-5,MAC).
 Authentication can be applied to:-
 The entire original IP packet ( tunnel mode) or
 To all of the packet except for the IP header (transport mode).

15
 Cont.…

 Transport Modes:-Provides protection primarily for upper-

layer protocols.
 That is, extends to the payload of an IP packet.
 E.g. a TCP or UDP segment or ICMP packet.
 Is used for end to end communication between two hosts. E.g.
a client and server, or two workstations.
 Tunnel Mode:-Provides protection to the entire IP packet.
 To achieve this, after the AH or ESP fields are added to the IP
packet, the entire packet plus security fields is treated as the
payload of new “outer” IP packet with a new outer IP header.
16
Tunnel mode for AH and ESP

17
Transport mode for AH and ESP

18
 Cont.…
 Confidentiality:- is provided by an encryption format known as
encapsulating security payload.
 Both tunnel and transport modes can be accommodated. IPSec defines
a number of techniques for key management. The Internet
community has developed application-specific security
mechanisms in a number of application areas, including:-
 Electronic mail (S/MIME, PGP),
 client/server (Kerberos),
 Web access (Secure Sockets Layer), and others.
 However, users have some security concerns that cut across protocol
layers. For example, an enterprise can run a secure, private TCP/IP
19
 Cont.…
 Disallowing links to untrusted sites.
 Encrypting packets that leave the organization, and
 Authenticating packets that enter the organization.
 By implementing security at the IP level, an organization can
ensure secure networking.

20
 Trust, Weaknesses, Risk and Vulnerabilities
 A network security threat is a threat to your network and
data systems. Any attempt to breach your network and obtain
access to your data is a network threat.
 There are different kinds of network threats, and each has different
goals. Some, like distributed denial-of-service (DDoS) attacks,
seek to shut down your network or servers by overwhelming it
with requests.
 Other threats, like malware or credential theft, are aimed at
stealing your data.
 Still others, like spyware, will insert themselves into your
organization‘s network, where they‘ll lie in wait, collecting 21
 Cont.…
 There are four main kinds of network threats:-
1. External threats:- Threats made by outside organizations or individuals,
attempting to get into your network.
2. Internal threats:- These are threats from malicious insiders, such as
dissatisfied or improperly vetted employees who are working for someone
else. These are common. According to Forrester, 46% of breaches in 2019
involved insiders like employees and third-party partners.
3. Structured threats:- Organized attacks by attackers who know what
they‘re doing and have a clear aim or goal in mind. State-sponsored
attacks, for example, fall into this category.
4. Unstructured attacks:- disorganized attacks, often by amateurs with
no concrete goal in mind.
22
 Cont.…
 If threats are attackers throwing rocks at a wall, a vulnerability
is a weak spot in the wall a place where attackers can break a
window, or pull out a loose rock and let themselves in.
 Put simply, vulnerabilities are flaws in your systems that can be
exploited by attackers.
 These are often not malicious errors, but simply mistakes
or things that have been overlooked.
 Some Common network threats:- Network threats
come in a variety of forms and are constantly evolving and
changing. The most common threats are:-
23
 Cont.…
1. Phishing:- Phishing attacks are attempts to trick people into
opening suspicious links or downloading malicious programs.
Phishing campaigns are currently one of the most popular
methods of attack, according to Microsoft.
2. Ransomware:- Ransomware enters your systems, encrypts
your data, and holds it hostage until you pay the attackers‘
ransom. Once the ransom is paid, the attackers will apparently
give you control of your data, but criminals don‘t always keep
their word.

24
 Cont.…
 3. Malware:- Malware can be ransomware, a virus, or a worm that
infects first a device, then the whole network.
 4. DDoS attacks:- DDoS attacks overwhelm your servers with
requests for information, forcing sites, servers, and applications to
shut down.
 5.Advanced Persistent Threats (APTs): an unauthorized
attacker codes into a system network and stays there quietly,
collecting information.
 6. SQL Injection:- SQL injection attacks inject malicious code into
a site or application using SQL queries in order to exploit security
25
TCP/IP Suit Weaknesses and Buffer Overflows
 All major OS have made improvements in their implementations of
the protocol stack that mitigate or disable many of the attacks
described below. Of course, the attack tools also improve.
 A number of enhancements for TCP/IP have been made that are
not yet in common use. Several of them (e.g. IPv6) involve heavy
use of encryption and require more computing power. As
computing power in end-user hosts increases, we expect to see
these universally
deployed.

26
 Attack Techniques
 Sniffing:- is eavesdropping (overhearing) on the network. A
(packet) sniffer is a wire-tap program. Sniffing is the act by
machine S of making copies of a network packet sent by machine
A intended to be received by machine B. Such sniffing, strictly
speaking, is not a TCP/IP problem, but it is enabled by the near-
universal choice of Ethernet, a broadcast media, as the physical
and data link layers.
 Sniffing can be used for monitoring the health of a network as well
as capturing the passwords used in telnet, rlogin, and FTP
connections.
27
 Cont.…
 Attackers sniff the data necessary in the exploits described below.
 Depending on the equipment used in a LAN, sniffers run either on
the victim machine whose traffic is of interest or on some other
host in the same subnet as the victim.
 An attacker at large on the Internet has other techniques that
make it possible to install remotely a sniffer on the victim machine.
Attacks that do not sniff and therefore cannot see the
information in the packet flows are called blind attacks.
 Buffer overflow:- A large number of TCP/IP server programs
suffer from a class of programming errors known as buffer
28
 Cont.…
 Many of these server programs run with the privileges of a super
user.
 Among the many servers that suffer from such bugs are several
implementations of FTP servers, the ubiquitous DNS server
program called bind, the popular mail server called send-mail,
and the Web server.
 An attacker supplies cleverly constructed inputs to such programs
causing them to transfer control to executable code that has
supplied.
 A typical code produces a shell that can interact with from a
29
 Cont.…
 Spoofing:- refers to altering (portions of) a packet so that the
overall packet remains structurally legitimate (e.g., checksums
are valid) but the info it contains is fake.
 Spoofing often accompanies sniffing, but may newly
manufacture packets with fake values. Spoofed packets are
injected into the network.

30
 Network Security Protocol
 Network Security:- This area covers the use of cryptographic
algorithms in network protocols and network applications. It protect
data in your network.
 IPSec:-It provides authentication, integrity, and data privacy
between any two IP entities.
 With IPSec, you can create virtual private networks (VPN). A VPN enables
an enterprise to extend its private network across a public network, such
as the Internet, through a secure tunnel called a security association.
 IPSec VPNs enable the secure transfer of data over the public Internet for
same-business and business to-business communications, and
protect sensitive data within the enterprise's internal network.
31
Cont.…

32
 Cont.…
 SSL and TLS:-The SSL protocol provides data encryption, data
origin authentication, and message integrity. It also provides
server and client authentication using X.509 certificates. SSL
begins with a
handshake during which the server is authenticated to the client
using X.509 certificates. Also, the client can optionally be
authenticated to the server. During the handshake, security
session parameters, such as cryptographic algorithms, are
negotiated and session keys are created.
 After the handshake, the data is protected during
33
 Cont.…
 During the SSL handshake, the client and server exchange a list
of algorithms. The algorithm that is selected is based on the best
match between the client list and the server list.
 You can limit the selectable algorithms by configuring a subset of
allowable algorithms at the server. Servers can support encryption by
using AES, Triple DES, and other encryption algorithms (RC2, RC4, and
DES). Cryptographic hardware, if available, is used for certain
cryptographic algorithms.
 TLS is based on SSL and is defined by the Internet Engineering Task Force
(IETF). SSL is not defined by the IETF.

34
 Application Layer Security
 Application layer security:- It refers to ways of protecting web
applications at the application layer from malicious attacks. Since the
application layer is the closest layer to the end user, it provides hackers
with the largest threat surface. Poor app layer security can lead to
performance and stability issues, data theft, and in some cases the
network being taken down.
 Examples of application layer attacks include (DDoS) attacks,
HTTP floods, SQL injections, cross-site scripting, parameter
tampering, and Slow Loris attacks. To combat these and more, most
organizations have an arsenal of application layer security protections,
such as web application firewalls (WAFs), secure web gateway
35
 Web Security Threats & Approaches
 What is Web Security?:-Web security refers to networks,
computer system and data are protected from unauthorized
person or group.

36
 Purpose of Web Security
 To prevent security attack like Passive attack and Active Attack.
Web security maintains the smooth operation of any business that
uses computers and prevents hackers and malware from
manipulating your systems, software, or network.
 How can achieve Web Security?

 Various tools & technologies are available to achieve web

security:-

37
Cont.…

38
 Cont.…
 Web & Network Firewall:- Web Application firewall sets between
your website server and the data Connection. The purpose is to
read every bit of data that passes through it and to protect your
site.
 Keep your software & plugins up to date: Updates are vital to
the health and security of your website.
 Backup your data:- Back up your site regularly. You should
maintain backups of all your website files in case your site
becomes inaccessible or your data is lost.

39
 Cont.…
 Keep your website clean:- Every database, application or
plugins on your website is another possible point of entry for
hackers. You should delete any files, databases or applications
from your website that are no longer in use.
 Strong password policy:- It is important to use strong
passwords to protect against brute force, password should be
complex, containing uppercase and lowercase letters, numbers
and special characters.
 Scan your website for vulnerabilities:- regularly perform web
security scans to check for website and server vulnerabilities. 40
 Cont.…
 Use of Antivirus:- Antivirus software helps protect your
computer against malwares and other incoming threats. It
searches for known threats and monitors the behavior of all
programs and flagging suspicious behavior.

41
 What are Web Security Threats?
 Web security threats are vulnerabilities within website and
applications or attacks launched by malicious users. Web security
threats are designed to breach security of website or applications.
Web security threats involve malicious people and organizations,
as well as the tools they use to leverage the internet in an attempt
to infiltrate your network or devices. The most common
security threats are malware, phishing, denial of services,
SQL injection.

42
 Cont.…
 Modification of Message:- Message should not be altered
during transmission it is also called as data breach. It means some
confidential and sensitive information gets exposed. It is one kind
of threat.
 Denial of Services:- It is known as DDOS (Distributed Denial of
Services). It is a web security threat that involves attackers
flooding servers with large volumes of internet traffic to disrupt
service and take websites offline. The sheer volume of fake traffic
results in the target network or server being overwhelmed, which
leaves them inaccessible.
43
 Cont.…
 Phishing: Phishing attack targeting users through email, text
message or social media messaging sites. Attackers impersonate
of real user or website, users can trust that link and click on given
link and provide sensitive information like account number,
credit/debit card data and login credentials. User Can lost their
money, sensitive information etc.....
 SQL Injection: SQL stands for structured query language. SQL is
used to search and query database. SQL Injection is a website
security threats. SQL injection is the placement of malicious code
in SQL statement, via webpage input.
44
 Cont.…
 Using SQL injection hacker can retrieve credential and some
sensitive information.
 Malware:- Malware stands for "Malicious Software”. It is a file
or code, typically delivered over a network, that infects, explores,
steals or conduct virtually any behavior an attacker wants.

45
 Classification of Web Security Threats
 Web security threats are classify based on security attack:
Passive and Active attacks. Another way to classify Web
security threats is in terms of the location of the threat:

46
Web Security Threats

47
 Web Security Approaches
 A number of approaches to providing Web security are possible.
The various approaches that have been considered are similar in
the services and the mechanisms that they are used. But it may
be differed with respect to their scope of applicability and their
relative location within the TCP/IP protocol stack.

48
 Cont.…
 Network Level:- One way to provide Web security is to use IP
security (IPsec). The advantage of using IPsec is that it is
transparent to end users and applications and provides a general-
purpose solution. Furthermore, IPsec includes a filtering capability
so that only selected traffic need incur the overhead of IPsec
processing.
 Transport Level:- Another relatively general-purpose solution is
to implement security just above TCP. The foremost example of
this approach is the Secure Sockets Layer (SSL) and the follow-on
Internet standard known as Transport Layer Security (TLS).
49
 Cont.…
 At this level, there are two implementation choices. For full
generality, SSL (or TLS) could be provided as part of the
underlying protocol suite and therefore be transparent to
applications. Alternatively, SSL can be embedded in specific
packages. For example, Netscape and Microsoft Explorer browsers
come equipped with SSL, and most Web servers have
implemented the protocol.
 Application Level: Application-specific security services are
embedded within the particular application. The advantage of this
approach is that the service can be tailored to the specific needs
50
 Wireless Security
 Wireless security is the prevention of unauthorized access or
damage to computers or data in wireless networks, which
include Wi-Fi networks. The term may also refer to the protection
of the wireless network itself from opponents seeking to
damage the confidentiality,
integrity, or availability of the network. The most common type is
Wi-Fi security, which includes Wired Equivalent Privacy (WEP)
and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11
standard from 1997. It is a very weak security standard: the
password it uses can often be cracked in a few minutes with a
51
 Cont.…
 WEP was outdated in 2003 by WPA, or Wi-Fi Protected Access. WPA
was a quick alternative to improve security over WEP. The current
standard is WPA2; some hardware cannot support WPA2 without
firmware upgrade or replacement. WPA2 uses an encryption
device that encrypts the network with a 256-bit key; the
longer key length improves security over WEP. Enterprises often
enforce security using a certificate-based system to authenticate
the connecting device, following the standard 802.11X.

52
End.

53