PRESENTED BY : Anurag

Roll no:- 1703233

TOPIC : NETWORK SECURITY

Definition and Protection

Network Security is a set of rules and configurations

designed to protect the integrity, confidentiality and
accessibility of computer networks and data using
both software and hardware technologies.

Common Network Security Threats

• Malware
• Viruses
• Trojan Horse
• Worms
5 Ways to Protect our Network Security:

 Install a firewall

 Ensure proper access controls

 Use IDS/IPS to track potential packet floods

 Use network segmentation

 Use a virtual private network (VPN)

 Conduct proper maintenance

Fundamental of Network Security.

 Confidentiality

Only those who are supposed to access the data can access it.

 Integrity

The data that's there is only changed when it's

supposed to be.
 Authentication

You are who you say you are. While there can be various forms of
identification used, authentication is usually through a PIN like
your debit card uses or the login on your email account.

 Accounting

This means that everything you do is properly noted, and any

changes to data can be tied to a user account. To go back to the
debit card example, this would be your bank statement.
Advantages and Disadvantages of Network
Security.
Advantages of Network Security

 Protect data
As discussed, network security keeps a check on unauthorized access.
 Prevents cyber attack
Most of the attack on the network comes from internet.
 Levels of access
The security software gives different levels of access to different user.
 Centrally controlled
Unlike the desktop security software, the network security software is
controlled by a central user called network administrator.
 Disadvantages of Network Security

 Costly set up
The set up of a network security system can be a bit expensive. Purchasing the
software, installing it etc. can become costly especially for smaller networks.
 Time consuming
The software installed on some networks is difficult to work with. It needs
authentication using two passwords to ensure double security which has to be
entered every time you edit a document.
 Requires skilled staff
To manage large networks is not an easy task. It requires highly skilled technicians
who can handle any security issue that arises.
 Careless Admin
When the best software is installed and everything required is done, it is natural
for the admin to be careless at times.
Applications and Example of Network
Security.

E-mail Security

Nowadays, e-mail has become very widely used network application. Through e-mail,
sending a message directly from the sender’s machine to the recipient’s machine.

o E-Mail Security Services:

• Confidentiality
• Authentication
• Integrity
• Proof of submission
• Proof of delivery
 Examples of Network Security
Firewalls

One of the most basic and easily implemented methods of network security is the
firewall. A firewall can be either software based, such is what is provided with Windows,
or hardware based, such as a router. The basic idea behind a firewall is to allow
authorized access to a computer while blocking unauthorized access. This is
accomplished by configuring access conditions based on user defined rules, IP
addresses, and port accessibility
 Definition - What does Internet Protocol
Security (IPsec) mean?

 Internet protocol security (IPsec) is a set of protocols that provides security for Internet
Protocol. It can use cryptography to provide security. IPsec can be used for the setting up
of virtual private networks (VPNs) in a secure manner.

Also known as IP Security.

IP SECURITY(functional areas)
Authentication- The authentication mechanism
ensures that the received packet was sent by the
identified source. It also assures that the packet has
not been altered in transit.

Confidentiality- The confidentiality facility enables

communicating nodes to encrypt messages to
prevent eavesdopping by third parties.

Key management- It is concerned with secure

exchange of keys
Uses of IP Security –
IPsec can be used to do the following things:

• To encrypt application layer data.

• To provide security for routers sending routing data across the
public internet.
• To provide authentication without encryption, like to authenticate
that the data originates from a known sender.
• To protect network data by setting up circuits using IPsec tunneling
in which all data is being sent between the two endpoints is
encrypted, as with a Virtual Private Network(VPN) connection.
Benefits of IPsec
Provides strong security when implemented in a
firewall or router that can be applied to all traffic
crossing the perimeter.
IPsec is resistant to bypass if all traffic from the
outside must use IP and the firewall is the only
way of entrance from the Internet into the
organization.
Is below transport layer, hence transparent to
applications.
Can be transparent to end users.
Can provide security for individual users if
needed.
IPSec Document Overview
Authentication Header

Provides support for data integrity and

authentication of IP packets.

Authentication is based on the use of a message

authentication code (MAC), hence the two parties
must share a secret key
The Authentication Header consists of the following
fields :
Next Header (8 bits): Identifies the type of header
immediately following this header.
Payload Length (8 bits): Length of Authentication
Header in 32-bit words, minus 2.
Reserved (16 bits): For future use.
Security Parameters Index (32 bits): Identifies a
security association.
Sequence Number (32 bits): A monotonically
increasing counter value
Authentication Data (variable): A variable-length field
(must be an integral number of 32-bit words) that
contains the Integrity Check Value (ICV), or MAC
Encapsulating Security Payload (ESP)

 provides message content

confidentiality & limited
 traffic flow confidentiality
 can optionally provide the
same authentication
 services as AH
 Because message
authentication is provided by
 ESP, the use of AH is deprecated
 supports range of ciphers,
modes, padding
 The ESP consists of the following fields :
 Security Parameters Index (32 bits): Identifies a security association
 Sequence Number (32 bits): A monotonically increasing counter value; this
 provides an anti-replay function
 Payload Data (variable): This is a transport-level segment (transport mode) or
 IP packet (tunnel mode) that is protected by encryption
 Padding (0–255 bytes): for various reasons
 Pad Length (8 bits): Indicates the number of pad bytes immediately preceding
 this field
 Next Header (8 bits): Identifies the type of data contained in the payload data
 field by identifying the first header in that payload
 Integrity Check Value (variable): A variable-length field that contains the
 Integrity Check Value computed over the ESP packet minus the Authentication
 Data field
What is Cryptography

 Cryptography
 In a narrow sense
 Mangling information into apparent unintelligibility
 Allowing a secret method of un-mangling
 In a broader sense
 Mathematical techniques related to information security
 About secure communication in the presence of adversaries
 Cryptanalysis
 The study of methods for obtaining the meaning of encrypted
information without accessing the secret information
 Cryptology
 Cryptography + cryptanalysis
What is Encryption / Decryption
Encryption –
◦ The process of converting plain text into an
unintelligible format (cipher text) is called
Encryption.
Decryption –
◦ The process of converting cipher text into a plain
text is called Decryption.
What are the Types of Cryptography

 Symmetric Key
Cryptography (Secret Key
Cryptography)
 ◦ Same Key is used by both parties
 Advantages
 1. Simpler and Faster
 Disadvantages
 1. Less Secured
What are the Types of Cryptography

 Asymmetric Key
Cryptography (Public Key
Cryptography)
 ◦ 2 different keys are used
 ◦ Users get the Key from an
Certificate Authority
 Advantages
 1. More Secured
 2. Authentication
 Disadvantages
 1. Relatively Complex
IPV4 vs IPV6
DIfference
 IPV6

 1Version (4-bits): It represents the version of Internet Protocol, i.e. 0110.

 2Traffic Class (8-bits): These 8 bits are divided into two parts. The most significant 6 bits are used for
Type of Service to let the Router Known what services should be provided to this packet. The least
significant 2 bits are used for Explicit Congestion Notification (ECN).

 3Flow Label (20-bits): This label is used to maintain the sequential flow of the packets belonging to a
communication. The source labels the sequence to help the router identify that a particular packet
belongs to a specific flow of information. This field helps avoid re-ordering of data packets. It is
designed for streaming/real-time media.
 4.Payload Length (16-bits): This field is used to tell the routers how much information a
particular packet contains in its payload. Payload is composed of Extension Headers and
Upper Layer data. With 16 bits, up to 65535 bytes can be indicated; but if the Extension
Headers contain Hop-by-Hop Extension Header, then the payload may exceed 65535
bytes and this field is set to 0.

 5Next Header (8-bits): This field is used to indicate either the type of Extension Header, or if
the Extension Header is not present then it indicates the Upper Layer PDU. The values for
the type of Upper Layer PDU are same as IPv4’s.

 6Hop Limit (8-bits): This field is used to stop packet to loop in the network infinitely. This is
same as TTL in IPv4. The value of Hop Limit field is decremented by 1 as it passes a link
(router/hop). When the field reaches 0 the packet is discarded.

 7 Source Address (128-bits): This field indicates the address of originator of the packet.

 8Destination Address (128-bits): This field provides the address of intended recipient of the
packet.