SUBMITTED BY GUIDENCE OF

ANKIT PANDEY MS. DINESH KUMAR

ROLL NO.=0811010010
SECTION=A3
BRANCH=CS
 Introduction
 Network security addresses the vulnerabilities to which your
organization is exposed as a consequence of being connected
to a network.
Network security is a level of guarantee that all the machines
in a network are working optimally and the users of these
machines only possess the rights that were granted to them.
This can include:
preventing unauthorized people from acting on the system
maliciously
preventing users from performing involuntary operations that
are capable of harming the system
securing data by anticipating failures
guaranteeing that services are not interrupted
 Threats to network security include

Viruses : Computer programs written by devious programmers and designed to

replicate themselves and infect computers when triggered by a specific event

Trojan horse programs : Delivery vehicles for destructive code, which

appear to be harmless or useful software programs such as games

Vandals : Software applications or applets that cause destruction

Attacks : Including reconnaissance attacks (information-gathering activities to
collect data that is later used to compromise networks); access attacks (which
exploit network vulnerabilities in order to gain entry to e-mail, databases, or the
corporate network); and denial-of-service attacks (which prevent access to part or
all of a computer system)

Data interception : Involves eavesdropping on communications or altering

data packets being transmitted

Social engineering : Obtaining confidential network security information

through nontechnical means, such as posing as a technical support person and
asking for people's passwords
 Security Services
 Authentication
! The process of verifying the identity of a user

 Integrity
! Assurance that the data that arrives is the same as when it was sent.

 Confidentiality
! Assurance that sensitive information is not visible to an eavesdropper. This is
usually achieved using encryption
 Access Control
! The process of enforcing access right
 Non Repudiation
! Assurance that any transaction that takes place can subsequently be proved to
have taken place. Both the sender and the receiver agree that the exchange took
place.
 Classify Security Attacks

 passive attacks -In this the goal of the attacker is

to obtain information that is being transmitted. Two
types of passive attacks are release.
 obtain message contents, or
 monitor traffic flows
 Eavesdropping

 active attacks – modification of data stream to:

 masquerade of one entity as some other
 replay previous messages
 modify messages in transit
 denial of service
Threats Technically Defined
Masquerade:
! An entity claims to be another entity
Eavesdropping:
! An entity reads information it is not intended to read
Authorization Violation:
! An entity uses a service or resources it is not intended to use
Loss or Modification of (transmitted) Information:
! Data is being altered or destroyed
Denial of Communication Acts (Repudiation):
! An entity falsely denies its’ participation in a communication act
Forgery of Information:
! An entity creates new information in the name of another entity
Sabotage:
! Any action that aims to reduce the availability and / or correct
functioning of services or systems
 Web Security

• Basic Authentication
• Secure Socket Layer (SSL)

Basic Authentication
A simple user ID and password-based
authentication scheme, and provides the following:

– To identify which user is accessing the server

– To limit users to accessing specific pages (identified as
Universal Resource Locators, URLs
 SSL (Secure Socket Layer)
 transport layer security
service
 originally developed by
Netscape
 version 3 designed with
public input
 SSL receive data from
Application layer protocol
,then it compress, signed
and encrypt the data and
pass to reliable transport
layer protocol.
 uses TCP to provide a
reliable end-to-end service
 SSL has two layers of
protocols
 Cryptographic Techniques
 For network security two main applications of cryptographic algorithms
are of principal interest:
 Encryption of data: transforms plaintext data into ciphertext in order to
conceal its’ meaning
 Signing of data: computes a check value or digital signature to a given
plain- or ciphertext, that can be verified by some or all entities being able
to access the signed data

 Some cryptographic algorithms can be used for both purposes, some

are only secure and / or efficient for one of them.

 Principal categories of cryptographic algorithms:

 Symmetric cryptography using 1 key for en-/decryption or
signing/checking
 Asymmetric cryptography using 2 different keys for en-/decryption or
signing/checking
 Cryptographic hash functions using 0 keys (the “key” is not a
separate
input but “appended” to or “mixed” with the data).
 Symmetric Key Cryptography

•traditional private/secret/single key

cryptography uses one key
•shared by both sender and receiver
• also is symmetric, parties are equal
 Asymmetric Key Cryptography

•public-key/two-key/asymmetric cryptography involves the

use of two keys:
a public-key, which may be known by anybody, and can be used to encrypt
messages, and verify signatures
a private-key, known only to the recipient, used to decrypt messages,
and sign (create) signatures
•is asymmetric because
those who encrypt messages or verify signatures cannot decrypt
messages or create signatures
 Internet Firewall

A firewall is a device installed between the internal

network of an organization and the rest of the
internet
• A firewall is to control traffic flow between
networks.
• Firewall is usually classified as:
– Packet Filters
– Application Proxy
 Packet Filtering
• Most commonly
used firewall
technique
• Operates at IP level
• Checks each IP
packet against the Packet
filter rules before Non-Secure Secure
passing (or not Filtering
Network Network
passing) it on to its Server
destination.
• Very fast than other
firewall techniques
• Hard to configure
 Application Proxy
• Application Level
Gateway
• The communication
steps are as follows
– User connects
to proxy server
– From proxy Non-Secure Telnetd Telnet Secure
server, user Telnet Telnetd
Network Network
connects to
destination
server
• Proxy server can
provide Porxy Server
– Content
Screening
– Logging
– Authentication
 Summary

 information security is increasingly important

 have varying degrees of sensitivity of information
 cf military info classifications: confidential, secret etc
 subjects (people or programs) have varying rights of
access to objects (information)
 want to consider ways of increasing confidence in
systems to enforce these rights
 known as multilevel security
 subjects have maximum & current security level
 objects have a fixed security level classification