Unit - 4 Network security:Network security encompasses all the steps taken to protect the integrity of a computer network and the data within it. Network security is important because it keeps sensitive data safe from cyber attacks and ensures the network is usable and trustworthy. Successful network security strategies employ multiple security solutions to protect users and organizations from malware and cyber attacks, like distributed denial of service. A network is composed of interconnected devices, such as computers, servers and wireless networks. Many of these devices are susceptible to potential attackers. Network security involves the use of a variety of software and hardware tools on a network or as software as a service. Security becomes more important as networks grow more complex and enterprises rely more on their networks and data to conduct business. Security methods must evolve as threat actors create new attack methods on these increasingly complex networks. Types of network security software and tools Access control. This method limits access to network applications and systems to a specific group of users and devices. These systems deny access to users and devices not already sanctioned. Antivirus and antimalware. Antivirus and antimalware are software designed to detect, remove or prevent viruses and malware, such as Trojan horses, ransomware and spyware, from infecting a computer and, consequently, a network. Application security. It is crucial to monitor and protect applications that organizations use to run their businesses. This is true whether an organization creates that application or buys it, as modern malware threats often target open source code and containers that organizations use to build software and applications. Email security. Email is one of the most vulnerable points in a network. Employees become victims of phishing and malware attacks when they click on email links that secretly download malicious software. Email is also an insecure method of sending files and sensitive data that employees unwittingly engage in. Firewall. Software or firmware inspects incoming and outgoing traffic to prevent unauthorized network access. Firewalls are some of the most widely used security tools. They are positioned in multiple areas on the network. Next-generation firewalls offer increased protection against application-layer attacks and advanced malware defense with inline deep packet inspection. Intrusion detection system (IDS). An IDS detects unauthorized access attempts and flags them as potentially dangerous but does not remove them. An IDS and an intrusion prevention system (IPS) are often used in combination with a firewall. Intrusion prevention system. IPSes are designed to prevent intrusions by detecting and blocking unauthorized attempts to access a network. Security Goals The objective of security is to protect information from being stolen, compromised or attacked. security can be measured by at least one of three goals1. Protect the confidentiality of data. 2. Preserve the integrity of data. 3. Promote the availability of data for authorized users. These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs. The CIA triad is a security model that is designed to guide policies for information security within the premises of an organization or company. This model is also referred to as the AIC (Availability, Integrity, and Confidentiality) triad to avoid the confusion with the Central Intelligence Agency. The elements of the triad are considered the three most crucial components of security. The CIA criteria are one that most of the organizations and companies use when they have installed a new application, creates a database or when guaranteeing access to some data. For data to be completely secure, all of these security goals must come into effect. These are security policies that all work together, and therefore it can be wrong to overlook one policy. The CIA triad are- 1. Confidentiality Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of information. It involves the protection of data, providing access for those who are allowed to see it while disallowing others from learning anything about its content. It prevents essential information from reaching the wrong people while making sure that the right people can get it. Data encryption is a good example to ensure confidentiality. Encryption Encryption is a method of transforming information to make it unreadable for unauthorized users by using an algorithm. The transformation of data uses a secret key (an encryption key) so that the transformed data can only be read by using another secret key (decryption key). It protects sensitive data such as credit card numbers by encoding and transforming data into unreadable cipher text. This encrypted data can only be read by decrypting it. Asymmetric-key and symmetrickey are the two primary types of encryption. 2. Integrity Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from unauthorized user modification. It is the property that information has not be altered in an unauthorized way, and that source of the information is genuine. 3. Availability Availability is the property in which information is accessible and modifiable in a timely fashion by those authorized to do so. It is the guarantee of reliable and constant access to our sensitive data by authorized people. Non-Repudiation: Non-Repudiation means that the receiver must be able to prove that the received message has come from a specific sender. The sender must not deny sending a message that he or she send. The burden of proving the identity comes on the receiver. For example, if a customer sends a request to transfer the money from one account to another account, then the bank must have a proof that the customer has requested for the transaction. Threats to Information Security Threat can be anything that can take advantage of a vulnerability to breach security and negatively alter, erase, harm object or objects of interest. Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many users believe that malware, virus, worms, bots are all same things. But they are not same, only similarity is that they all are malicious software that behaves differently. Malware is a combination of 2 terms- Malicious and Software. So Malware basically means malicious software that can be an intrusive program code or anything that is designed to perform malicious operations on system. Phishing Attack Phishing is a type of cybersecurity attack that attempts to obtain data that are sensitive like Username, Password, and more. It attacks the user through mail, text, or direct messages. Now the attachment sends by the attacker is opened by the user because the user thinks that the email, text, messages came from a trusted source. It is a type of Social Engineering Attack. For Example, The user may find some messages like the lottery winner. When the user clicks on the attachment the malicious code activates that can access sensitive information details. Or if the user clicks on the link that was sent in the attachment they may be redirected to a different website that will ask for the login credentials of the bank. Preventive measures of phishing : Do not try to open any suspicious email attachments. Do not try to open any link which may seem suspicious. Do not try to provide any sensitive information like personal information or banking information via email, text, or messages. Always the user should have an antivirus to make sure the system is affected by the system or not. What is Ransomware? Ransomware is a malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, cyberattackers place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files. Some variants have added additional functionality – such as data theft – to provide further incentive for ransomware victims to pay the ransom. Ransomware has quickly become the most prominent and visible type of malware. Recent ransomware attacks have impacted hospitals’ ability to provide crucial services, crippled public services in cities, and caused significant damage to various organizations. SQL injection A SQL injection is a technique that attackers use to gain unauthorized access to a web application database by adding a string of malicious code to a database query. A SQL injection (SQLi) manipulates SQL code to provide access to protected resources, such as sensitive data, or execute malicious SQL statements. When executed correctly, a SQL injection can expose intellectual property, customer data or the administrative credentials of a private business. SQL injection attacks can be used to target any application that uses a SQL database, with websites being the most common prey. Malware and its types Malware is a program designed to gain access to computer systems, normally for the benefit of some third party, without the user’s permission. Malware includes computer viruses, worms, Trojan horses, ransomware, spyware and other malicious programs. Types of Malware: Viruses – A Virus is a malicious executable code attached to another executable file. The virus spreads when an infected file is passed from system to system. Viruses can be harmless or they can modify or delete data. Opening a file can trigger a virus. Once a program virus is active, it will infect other programs on the computer. Worms – Worms replicate themselves on the system, attaching themselves to different files and looking for pathways between computers, such as computer network that shares common file storage areas. Worms usually slow down networks. A virus needs a host program to run but worms can run by themselves. After a worm affects a host, it is able to spread very quickly over the network. Spyware – Its purpose is to steal private information from a computer system for a third party. Spyware collects information and sends it to the hacker. Trojan horse – A Trojan horse is malware that carries out malicious operations under the appearance of a desired operation such as playing an online game. A Trojan horse varies from a virus because the Trojan binds itself to nonexecutable files, such as image files, audio files. Adware – Adware is not exactly malicious but they do breach privacy of the users. They display ads on a computer’s desktop or inside individual programs. They come attached with free-to-use software, thus main source of revenue for such developers. They monitor your interests and display relevant ads. An attacker can embed malicious code inside the software and adware can monitor your system activities and can even compromise your machine. Spyware – It is a program or we can say software that monitors your activities on computer and reveal collected information to an interested party. Spyware are generally dropped by Trojans, viruses or worms. Once dropped they install themselves and sits silently to avoid detection. One of the most common example of spyware is KEYLOGGER. The basic job of keylogger is to record user keystrokes with timestamp. Thus capturing interesting information like username, passwords, credit card details etc. Security Technologies In order to protect organizations from cyber attacks, several technologies are available to fight against them. 2. Intrusion Detection System An intrusion Detection System(IDS) can be defined as the technology which monitors all the traffic that enters the organization to ensure that those are not malicious. It can also be considered a tool responsible for checking the traffic and raising the alert if the traffic is found malicious or appears to be originated from the untrusted source. This technology is mainly concerned with giving a close view of the traffic to ensure that it is something that the organization should allow to get in. Firewall The firewall works as the first layer of protection of any system or network. There are various types of Firewalls based on their role. In order to protect the internet, network firewalls are used, while in order to protect the web application, there are web application firewalls. This technology has been developed to ensure that the internal network is protected from unusual traffic, and nothing malicious could make it to the internal network. The technology ensures that the ports should be open only for the appropriate communication, and the untrusted data should not hit the system anyhow. The firewall could either allow the traffic to enter or could configure the port filtration to make sure that all the traffic passes through it must be useful for the service running on any particular port, 6. Antivirus Antivirus is another technology used in cybersecurity. As its name states, it protects the system from the virus. The virus is nothing but the malicious code that makes the host or network to take unexpected actions. It is deployed in the network and can also be used as endpoint protection. All the devices connected to the network can have an antivirus installed in them to protect themselves from virus attacks. In order to detect whether the particular file is a virus, the antivirus used the signatures present in the repository of that antivirus. The latest antivirus has the capability to leverage the anomalies to detect the virus and take action against it. 3. Intrusion Prevention System Intrusion Prevention System(IPS) may be defined as the technology or tool that takes action against the traffic that is labelled malicious by the IDS. Usually, the IPS drops the packet entering into the system once it is considered untrusted. It is the main protection point that makes sure that malicious traffic should not enter into the organization’s network. It is IPS that makes sure that all the traffic that enters the system should comply with the policies that are defined by the organizations so that it should not affect the working of the systems in any way. What is a Firewall? A firewall can be defined as a special type of network security device or a software program that monitors and filters incoming and outgoing network traffic based on a defined set of security rules. It acts as a barrier between internal private networks and external sources (such as the public Internet). The primary purpose of a firewall is to allow non-threatening traffic and prevent malicious or unwanted data traffic for protecting the computer from viruses and attacks. A firewall is a cybersecurity tool that filters network traffic and helps users block malicious software from accessing the Internet in infected computers. Firewall: Hardware or Software This is one of the most problematic questions whether a firewall is a hardware or software. As stated above, a firewall can be a network security device or a software program on a computer. This means that the firewall comes at both levels, i.e., hardware and software, though it's best to have both. Each format (a firewall implemented as hardware or software) has different functionality but the same purpose. A hardware firewall is a physical device that attaches between a computer network and a gateway. For example, a broadband router. On the other hand, a software firewall is a simple program installed on a computer that works through port numbers and other installed software. Apart from that, there are cloud-based firewalls. They are commonly referred to as FaaS (firewall as a service). A primary advantage of using cloud-based firewalls is that they can be managed centrally. Like hardware firewalls, cloud-based firewalls are best known for providing perimeter security. Why Firewall Firewalls are primarily used to prevent malware and network-based attacks. Additionally, they can help in blocking application-layer attacks. These firewalls act as a gatekeeper or a barrier. They monitor every attempt between our computer and another network. They do not allow data packets to be transferred through them unless the data is coming or going from a user-specified trusted source. Firewalls are designed in such a way that they can react quickly to detect and counter-attacks throughout the network. They can work with rules configured to protect the network and perform quick assessments to find any suspicious activity. In short, we can point to the firewall as a traffic controller. What is Biometrics Access Control System ? Biometrics Access control security systems are designed to restrict physical entry to only users with authorization. Many organizations, governmental and private, have started adopting high label of access control security systems for physical entry into their facilities. Whether it is a simple non intelligent access control system like a punching in a password, or advanced biometric systems that scan and permit entry very specifically, there are many advantages to employing these security systems. Biometric systems will collect and store this data in order to use it for verifying personal identity. The combination of biometric data systems and biometrics recognition/ identification technologies creates the biometric security systems. The biometric security system is a lock and capture mechanism to control access to specific data. In order to access the biometric security system, an individual will need to provide their unique characteristics or traits which will be matched to a database in the system. If there is a match, the locking system will provide access to the data for the user. The locking and capturing system will activate and record information of users who accessed the data. What is Cryptography in Computer Network? cryptography refers to the science and art of transforming messages to make them secure and immune to attacks. It is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography not only protects data from theft or alteration but can also be used for user authentication. Components There are various components of cryptography which are as follows − Plaintext and Ciphertext The original message, before being transformed, is called plaintext. After the message is transformed, it is called ciphertext. An encryption algorithm transforms the plaintext into ciphertext; a decryption algorithm transforms the ciphertext back into plaintext. The sender uses an encryption algorithm, and the receiver uses a decryption algorithm. Cipher We refer to encryption and decryption algorithms as ciphers. The term cipher is also used to refer to different categories of algorithms in cryptography. This is not to say that every sender-receiver pair needs their very own unique cipher for secure communication. On the contrary, one cipher can serve millions of communicating pairs. Key A key is a number (or a set of numbers) that the cipher, as an algorithm, operates on. To encrypt a message, we need an encryption algorithm, an encryption key, and plaintext. These create the ciphertext. To decrypt a message, we need a decryption algorithm, a decryption key, and the ciphertext. These reveal the original plaintext. 1. Symmetric key cryptography – It involves the usage of one secret key along with encryption and decryption algorithms which help in securing the contents of the message. The strength of symmetric key cryptography depends upon the number of key bits. It is relatively faster than asymmetric key cryptography. There arises a key distribution problem as the key has to be transferred from the sender to the receiver through a secure channel. 2. Asymmetric key cryptography: It is also known as public-key cryptography because it involves the usage of a public key along with the secret key. It solves the problem of key distribution as both parties use different keys for encryption/decryption. It is not feasible to use for decrypting bulk messages as it is very slow compared to symmetric key cryptography. Five Cryptography Tools Cyber security professionals can use multiple cryptography tools to build and fortify their computer system defenses. Here’s a look at five key tools that cyber security specialists can integrate into their strategies. Security Tokens A security token is a physical device that holds information that authenticates a person’s identity. The owner plugs the security token into a system — via a computer’s USB port, for example — to gain access to a network service. It’s like swiping a security card to get into an office. A bank might issue security tokens to customers to use as an extra layer of security when they log in to their accounts. Key-Based Authentication Key-based authentication is a method that employs asymmetric algorithms to confirm a client’s identity and can be an effective substitute for using passwords to verify a client. The key factors at play in key-based authentication are public and private keys that confirm identity. In public key authentication, each user is given a pair of asymmetric keys. Users store their public keys in each system they want access to, while the private keys are safely maintained on the device with which the user connects to the secured systems. When connecting, the server authenticates the user with the public key and asks the user to decrypt it using the corresponding private key. Docker The Docker software platform builds applications based on containers: small selfcontained environments that share an operating system kernel but otherwise run in isolation from one another. By their nature, Docker containers are secure. More security can be added by enabling one of several applications that fortify the system. Java Cryptography Architecture The popular Java programming language has built-in cryptographic functions. The Java Cryptography Architecture (JCA) is integrated with the core Java application programming interface (API). The JCA contains APIs that handle security functions that include encryption, managing keys, generating random numbers securely and validating certificates. These APIs provide a way for developers to build security into application code. SignTool Another security tool embedded in an operating system is Microsoft SignTool (SignTool.exe). A command-line tool, SignTool can digitally sign and time-stamp files and verify signatures in files. It’s automatically installed with Microsoft Visual Studio, a software development environment. SignTool allows software developers to certify that the code they developed is theirs and that it hasn’t been tampered with since it was published.