Unit - 4
Network security:Network security encompasses all the steps taken to protect the integrity of
a computer network and the data within it. Network security is important
because it keeps sensitive data safe from cyber attacks and ensures the
network is usable and trustworthy. Successful network security strategies
employ multiple security solutions to protect users and organizations from
malware and cyber attacks, like distributed denial of service.
A network is composed of interconnected devices, such as computers,
servers and wireless networks. Many of these devices are susceptible to
potential attackers. Network security involves the use of a variety of
software and hardware tools on a network or as software as a service.
Security becomes more important as networks grow more complex and
enterprises rely more on their networks and data to conduct business.
Security methods must evolve as threat actors create new attack methods
on these increasingly complex networks.
Types of network security software and tools

Access control. This method limits access to network applications and
systems to a specific group of users and devices. These systems deny
access to users and devices not already sanctioned.

Antivirus and antimalware. Antivirus and antimalware are software
designed to detect, remove or prevent viruses and malware, such as
Trojan horses, ransomware and spyware, from infecting a computer
and, consequently, a network.

Application security. It is crucial to monitor and protect applications
that organizations use to run their businesses. This is true whether an
organization creates that application or buys it, as modern malware
threats often target open source code and containers that organizations
use to build software and applications.

Email security. Email is one of the most vulnerable points in a
network. Employees become victims of phishing and malware attacks
when they click on email links that secretly download malicious
software. Email is also an insecure method of sending files and
sensitive data that employees unwittingly engage in.

Firewall. Software or firmware inspects incoming and outgoing traffic
to prevent unauthorized network access. Firewalls are some of the
most widely used security tools. They are positioned in multiple areas
on the network. Next-generation firewalls offer increased
protection against application-layer attacks and advanced malware
defense with inline deep packet inspection.

Intrusion detection system (IDS). An IDS detects unauthorized
access attempts and flags them as potentially dangerous but does
not remove them. An IDS and an intrusion prevention system (IPS)
are often used in combination with a firewall.

Intrusion prevention system. IPSes are designed to prevent
intrusions by detecting and blocking unauthorized attempts to access
a network.
Security Goals
The objective of security is to protect information from being stolen, compromised or
attacked. security can be measured by at least one of three goals1. Protect the confidentiality of data.
2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.
These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all
security programs. The CIA triad is a security model that is designed to guide
policies for information security within the premises of an organization or company.
This model is also referred to as the AIC (Availability, Integrity, and
Confidentiality) triad to avoid the confusion with the Central Intelligence Agency.
The elements of the triad are considered the three most crucial components of
security.
The CIA criteria are one that most of the organizations and companies use when
they have installed a new application, creates a database or when guaranteeing
access to some data. For data to be completely secure, all of these security goals
must come into effect. These are security policies that all work together, and
therefore it can be wrong to overlook one policy.
The CIA triad are-
1. Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized
disclosure of information. It involves the protection of data, providing access for
those who are allowed to see it while disallowing others from learning anything about
its content. It prevents essential information from reaching the wrong people while
making sure that the right people can get it. Data encryption is a good example to
ensure confidentiality.
Encryption
Encryption is a method of transforming information to make it unreadable for
unauthorized users by using an algorithm. The transformation of data uses a secret
key (an encryption key) so that the transformed data can only be read by using
another secret key (decryption key). It protects sensitive data such as credit card
numbers by encoding and transforming data into unreadable cipher text. This
encrypted data can only be read by decrypting it. Asymmetric-key and symmetrickey are the two primary types of encryption.
2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and
safeguarded from unauthorized user modification. It is the property that information
has not be altered in an unauthorized way, and that source of the information is
genuine.
3. Availability
Availability is the property in which information is accessible and modifiable in a
timely fashion by those authorized to do so. It is the guarantee of reliable and
constant access to our sensitive data by authorized people.
Non-Repudiation: Non-Repudiation means that the receiver must be able to prove
that the received message has come from a specific sender. The sender must not
deny sending a message that he or she send. The burden of proving the identity
comes on the receiver. For example, if a customer sends a request to transfer the
money from one account to another account, then the bank must have a proof that
the customer has requested for the transaction.
Threats to Information Security
Threat can be anything that can take advantage of a vulnerability to breach
security and negatively alter, erase, harm object or objects of interest.
Software attacks means attack by Viruses, Worms, Trojan Horses etc.
Many users believe that malware, virus, worms, bots are all same things. But
they are not same, only similarity is that they all are malicious software that
behaves differently.
Malware is a combination of 2 terms- Malicious and Software. So Malware
basically means malicious software that can be an intrusive program code or
anything that is designed to perform malicious operations on system.
Phishing Attack
Phishing is a type of cybersecurity attack that attempts to obtain data that
are sensitive like Username, Password, and more. It attacks the user through
mail, text, or direct messages. Now the attachment sends by the attacker is
opened by the user because the user thinks that the email, text, messages
came from a trusted source. It is a type of Social Engineering Attack. For
Example, The user may find some messages like the lottery winner. When
the user clicks on the attachment the malicious code activates that can
access sensitive information details. Or if the user clicks on the link that was
sent in the attachment they may be redirected to a different website that will
ask for the login credentials of the bank.
Preventive measures of phishing :
 Do not try to open any suspicious email attachments.
 Do not try to open any link which may seem suspicious.
 Do not try to provide any sensitive information like personal information or
banking information via email, text, or messages.
 Always the user should have an antivirus to make sure the system is
affected by the system or not.
What is Ransomware?
Ransomware is a malware designed to deny a user or organization access
to files on their computer. By encrypting these files and demanding a
ransom payment for the decryption key, cyberattackers place organizations
in a position where paying the ransom is the easiest and cheapest way to
regain access to their files. Some variants have added additional
functionality – such as data theft – to provide further incentive for
ransomware victims to pay the ransom.
Ransomware has quickly become the most prominent and visible type of
malware. Recent ransomware attacks have impacted hospitals’ ability to
provide crucial services, crippled public services in cities, and caused
significant damage to various organizations.
SQL injection
A SQL injection is a technique that attackers use to gain unauthorized
access to a web application database by adding a string of malicious code
to a database query.
A SQL injection (SQLi) manipulates SQL code to provide access to
protected resources, such as sensitive data, or execute malicious SQL
statements. When executed correctly, a SQL injection can expose
intellectual property, customer data or the administrative credentials of a
private business.
SQL injection attacks can be used to target any application that uses a
SQL database, with websites being the most common prey.
Malware and its types
Malware is a program designed to gain access to computer systems,
normally for the benefit of some third party, without the user’s permission.
Malware includes computer viruses, worms, Trojan horses, ransomware,
spyware and other malicious programs.
Types of Malware:

Viruses –
A Virus is a malicious executable code attached to another executable
file. The virus spreads when an infected file is passed from system to
system. Viruses can be harmless or they can modify or delete data.
Opening a file can trigger a virus. Once a program virus is active, it will
infect other programs on the computer.

Worms –
Worms replicate themselves on the system, attaching themselves to
different files and looking for pathways between computers, such as
computer network that shares common file storage areas. Worms usually
slow down networks. A virus needs a host program to run but worms can
run by themselves. After a worm affects a host, it is able to spread very
quickly over the network.

Spyware –
Its purpose is to steal private information from a computer system for a
third party. Spyware collects information and sends it to the hacker.

Trojan horse –
A Trojan horse is malware that carries out malicious operations under the
appearance of a desired operation such as playing an online game. A
Trojan horse varies from a virus because the Trojan binds itself to nonexecutable files, such as image files, audio files.
Adware – Adware is not exactly malicious but they do breach privacy
of the users. They display ads on a computer’s desktop or inside
individual programs. They come attached with free-to-use software,
thus main source of revenue for such developers. They monitor your
interests and display relevant ads. An attacker can embed malicious
code inside the software and adware can monitor your system
activities and can even compromise your machine.
 Spyware – It is a program or we can say software that monitors your
activities on computer and reveal collected information to an interested
party. Spyware are generally dropped by Trojans, viruses or worms.
Once dropped they install themselves and sits silently to avoid
detection.
One of the most common example of spyware is KEYLOGGER. The
basic job of keylogger is to record user keystrokes with timestamp. Thus
capturing interesting information like username, passwords, credit card
details etc.

Security Technologies
In order to protect organizations from cyber attacks, several technologies
are available to fight against them.
2. Intrusion Detection System
An intrusion Detection System(IDS) can be defined as the technology which
monitors all the traffic that enters the organization to ensure that those are
not malicious. It can also be considered a tool responsible for checking the
traffic and raising the alert if the traffic is found malicious or appears to be
originated from the untrusted source. This technology is mainly concerned
with giving a close view of the traffic to ensure that it is something that the
organization should allow to get in.
Firewall
The firewall works as the first layer of protection of any system or network.
There are various types of Firewalls based on their role. In order to protect
the internet, network firewalls are used, while in order to protect the web
application, there are web application firewalls. This technology has been
developed to ensure that the internal network is protected from unusual
traffic, and nothing malicious could make it to the internal network. The
technology ensures that the ports should be open only for the appropriate
communication, and the untrusted data should not hit the system anyhow.
The firewall could either allow the traffic to enter or could configure the
port filtration to make sure that all the traffic passes through it must be
useful for the service running on any particular port,
6. Antivirus
Antivirus is another technology used in cybersecurity. As its name states, it
protects the system from the virus. The virus is nothing but the malicious
code that makes the host or network to take unexpected actions. It is
deployed in the network and can also be used as endpoint protection. All
the devices connected to the network can have an antivirus installed in
them to protect themselves from virus attacks. In order to detect whether
the particular file is a virus, the antivirus used the signatures present in the
repository of that antivirus. The latest antivirus has the capability to
leverage the anomalies to detect the virus and take action against it.
3. Intrusion Prevention System
Intrusion Prevention System(IPS) may be defined as the technology or tool
that takes action against the traffic that is labelled malicious by the IDS.
Usually, the IPS drops the packet entering into the system once it is
considered untrusted. It is the main protection point that makes sure that
malicious traffic should not enter into the organization’s network. It is IPS
that makes sure that all the traffic that enters the system should comply
with the policies that are defined by the organizations so that it should not
affect the working of the systems in any way.
What is a Firewall?
A firewall can be defined as a special type of network security device or a software
program that monitors and filters incoming and outgoing network traffic based on a
defined set of security rules. It acts as a barrier between internal private networks and
external sources (such as the public Internet).
The primary purpose of a firewall is to allow non-threatening traffic and prevent
malicious or unwanted data traffic for protecting the computer from viruses and
attacks. A firewall is a cybersecurity tool that filters network traffic and helps users
block malicious software from accessing the Internet in infected computers.
Firewall: Hardware or Software
This is one of the most problematic questions whether a firewall is a hardware or
software. As stated above, a firewall can be a network security device or a software
program on a computer. This means that the firewall comes at both levels,
i.e., hardware and software, though it's best to have both.
Each format (a firewall implemented as hardware or software) has different
functionality but the same purpose. A hardware firewall is a physical device that
attaches between a computer network and a gateway. For example, a broadband
router. On the other hand, a software firewall is a simple program installed on a
computer that works through port numbers and other installed software.
Apart from that, there are cloud-based firewalls. They are commonly referred to as
FaaS (firewall as a service). A primary advantage of using cloud-based firewalls is that
they can be managed centrally. Like hardware firewalls, cloud-based firewalls are best
known for providing perimeter security.
Why Firewall
Firewalls are primarily used to prevent malware and network-based attacks.
Additionally, they can help in blocking application-layer attacks. These firewalls act as
a gatekeeper or a barrier. They monitor every attempt between our computer and
another network. They do not allow data packets to be transferred through them
unless the data is coming or going from a user-specified trusted source.
Firewalls are designed in such a way that they can react quickly to detect and
counter-attacks throughout the network. They can work with rules configured to
protect the network and perform quick assessments to find any suspicious activity. In
short, we can point to the firewall as a traffic controller.
What is Biometrics Access Control System ?
Biometrics Access control security systems are designed to restrict
physical entry to only users with authorization. Many organizations,
governmental and private, have started adopting high label of access
control security systems for physical entry into their facilities. Whether it
is a simple non intelligent access control system like a punching in a
password, or advanced biometric systems that scan and permit entry
very specifically, there are many advantages to employing these security
systems.
Biometric systems will collect and store this data in order to use it for
verifying personal identity. The combination of biometric data systems
and biometrics recognition/ identification technologies creates the
biometric security systems. The biometric security system is a lock and
capture mechanism to control access to specific data. In order to access
the biometric security system, an individual will need to provide their
unique characteristics or traits which will be matched to a database in
the system. If there is a match, the locking system will provide access to
the data for the user. The locking and capturing system will activate and
record information of users who accessed the data.
What is Cryptography in Computer
Network?
cryptography refers to the science and art of transforming messages to make them
secure and immune to attacks. It is a method of storing and transmitting data in a
particular form so that only those for whom it is intended can read and process it.
Cryptography not only protects data from theft or alteration but can also be used for
user authentication.
Components
There are various components of cryptography which are as follows −
Plaintext and Ciphertext
The original message, before being transformed, is called plaintext. After the
message is transformed, it is called ciphertext. An encryption algorithm transforms
the plaintext into ciphertext; a decryption algorithm transforms the ciphertext back
into plaintext. The sender uses an encryption algorithm, and the receiver uses a
decryption algorithm.
Cipher
We refer to encryption and decryption algorithms as ciphers. The term cipher is also
used to refer to different categories of algorithms in cryptography. This is not to say
that every sender-receiver pair needs their very own unique cipher for secure
communication. On the contrary, one cipher can serve millions of communicating
pairs.
Key
A key is a number (or a set of numbers) that the cipher, as an algorithm, operates
on. To encrypt a message, we need an encryption algorithm, an encryption key, and
plaintext. These create the ciphertext. To decrypt a message, we need a decryption
algorithm, a decryption key, and the ciphertext. These reveal the original plaintext.
1. Symmetric key cryptography – It involves the usage of one secret key
along with encryption and decryption algorithms which help in securing
the contents of the message. The strength of symmetric key cryptography
depends upon the number of key bits. It is relatively faster than
asymmetric key cryptography. There arises a key distribution problem as
the key has to be transferred from the sender to the receiver through a
secure channel.
2. Asymmetric key cryptography: It is also known as public-key
cryptography because it involves the usage of a public key along with the
secret key. It solves the problem of key distribution as both parties use
different keys for encryption/decryption. It is not feasible to use for
decrypting bulk messages as it is very slow compared to symmetric key
cryptography.
Five Cryptography Tools
Cyber security professionals can use multiple cryptography tools to build and fortify
their computer system defenses. Here’s a look at five key tools that cyber security
specialists can integrate into their strategies.
Security Tokens
A security token is a physical device that holds information that authenticates a
person’s identity. The owner plugs the security token into a system — via a
computer’s USB port, for example — to gain access to a network service. It’s like
swiping a security card to get into an office. A bank might issue security tokens to
customers to use as an extra layer of security when they log in to their accounts.
Key-Based Authentication
Key-based authentication is a method that employs asymmetric algorithms to
confirm a client’s identity and can be an effective substitute for using passwords to
verify a client. The key factors at play in key-based authentication are public and
private keys that confirm identity.
In public key authentication, each user is given a pair of asymmetric keys. Users
store their public keys in each system they want access to, while the private keys are
safely maintained on the device with which the user connects to the secured
systems.
When connecting, the server authenticates the user with the public key and asks the
user to decrypt it using the corresponding private key.
Docker
The Docker software platform builds applications based on containers: small selfcontained environments that share an operating system kernel but otherwise run in
isolation from one another. By their nature, Docker containers are secure. More
security can be added by enabling one of several applications that fortify the system.
Java Cryptography Architecture
The popular Java programming language has built-in cryptographic functions. The
Java Cryptography Architecture (JCA) is integrated with the core Java application
programming interface (API). The JCA contains APIs that handle security functions
that include encryption, managing keys, generating random numbers securely and
validating certificates. These APIs provide a way for developers to build security into
application code.
SignTool
Another security tool embedded in an operating system is Microsoft SignTool
(SignTool.exe). A command-line tool, SignTool can digitally sign and time-stamp files
and verify signatures in files. It’s automatically installed with Microsoft Visual Studio,
a software development environment. SignTool allows software developers to certify
that the code they developed is theirs and that it hasn’t been tampered with since it
was published.