1
NETWORK SECURITY AND
CRYPTOGRAPHY
NETWORK SECURITY AND CRYPTOGRAPHY
ABSTRACT:
This is not world shattering problem, some times outlined of the pages of press, nor
does other suggest it the nonexistent ‘urban myth’. But, the threat is real: the problem is
“network security”. Like other problems facing IT professionals, this threat should also be
assessed realistically.
It is important to identify those areas, which are causing insecurity to the computer,
and which are the likely sources of the threat. The appropriate security tools should be
selected, designed to provide a layered defense of the system. It is important that to look at
the way data is handled within the organization; and to take the routine precaution to
minimize the risk
Any computer that is connected to the network can never be completely secured.
The threat from virus is always ready to attack. This report provides the information that
enables to identify the virus threat and certain anti-virus tools to be encountered.
These days everybody is more security conscious as they browse and conduct
business on the Internet. As with any type of security, be it personnel or domestic, the
likelihood of an internet security breach depends on one’s degree of preparedness and use of
proper prevention tools. This report mainly focuses on creating an effective “internet
security policy” and some recent development in this field.
Different security issues related to the Information technology are provided. The
report provides certain practices that can be implemented by any organization, if it wants to
protects the confidentially, availability and integrity of its system data when it contracts with
outside parties to install, configure, manage or update any of its Information technology.
Finally the report highlights some current issues as such as
cryptography
Network security and
2
Network security
INTRODUCTION:
Providing network security means controlling system to prevent any accidental and /
or intentional data loss. There are two types of the security
1. Physical security
2. Logical security
Where physical security includes all the hardware units of a network against unauthorized
access against any natural disaster. The logical security deals with protecting your data from
authorized access from nature disaster.
Problems:





Data destruction or modification
Interface and interruption of network traffic.
Theft of viewing and private information
Execution of authorized transaction
Installation or transfer of malicious application or virus
These thread in a network fall into general categories as follow:
Destruction:
Data and hardware can be destroyed accidentally entry or intentionally.
Corruption:
Data that has been corrupted is often wormless.
Interruption:
If the network goes down, you cannot use resource’s you need and this is
downloading. Thus, downtime means unavailability of data, which indirectly loss of money.
Disclosure:
Any confidential data can be encrypted.
This whole task of network security is divided into two basic types:
 Internal network security
 External network security
1. Internal Network Security:
It is nothing but preventing users on the same LAN from accessing files and other
resources. They are not authorized for that data. General consideration and methods of
managing internal security:
 Create acceptable use policies for all users of the network
 Required complex passwords for their respective account.
 Design a hierarchy of group permission
 Carefully implement your files and folder share.
 Understand the security methods of your network operating system.
Some topics related to internal security:
 Account security
 Files and directory permission
 Practice and user education
3
Account Security:
A network operating system uses ‘logon’ process so that no access to information is
given without accountability. Window NT use concept of user account to security and
accountability for information contain on the server. In this step it required the authenticable
user and password. Authenticable can access network recourses.
Basic security model used by window are:

User level security

Share level security
User level security model is based on individual account create for each user, where
administrator will be set different permission to access recourses by this account. In share
level each user can set his password and can protect his data on his computer only.
To manage account security following point should be followed:
 Remove the guest account or carefully limit it
 Remove default name.
 Remove access to important criteria network resources
 To maintain password security
 Restrict login time
 Limit access to network resources
 Use software that employee encryption
 Use the data redundancy on the server
 Set account lock out policies
Lets see how to maintain password security and set account lock out policies.
1. Maintain Password Security:
In fact user account property specify users password, password change and specify
the whether the user has permission to change his/her password. Following are the group
policies that maintain password security.
 Get user to change their network password are regularly.
 Set reused policies or enforce password history.
 Enforce password complexity
 Control password encryption
 Minimum password length
The password must meet complexity requirement. The password that supply for
their account must meet following criteria:
 Password must contain at least size character account
 Password cannot contain any part of user name
 Password must contain three of following four characteristics: Uppercase,
Lowercase letters, numeric & symbols.
2.To set account lock out policies:
A can make sufficient numbers of guesses and find out a password for any specific
account. This is known as “Burst Force” method. Most of the operating system user an
account lockout policies feature that prevents anyone from repeatedly trying to guesses a
password to a given account. There are three policies:
4



Account lock out duration
Account lock out threshold
Reset account lock out counter.
External Security:
Outside of your private n/w there are potential hazards and these hazards come into
a your network through Internet connection .The users outside your private n/w may attack
your system and unauthorized access to your private data.
To avoid these unauthorized access to prevent data of your n/w by user external
to your private n/w Security system is provided is nothing by 'External security In short
external security is process of securing the private n/w from external threats. Different
threats are given as below
 Front door threats
 Back door threats
 Denial threats
Front door threats:
These threats arise when user from outside your n/w finds users password and log on
to your network. It prints to issue of "password cracking" Here external attacker try to gain
system access through another user's account i.e It is possible because selecting of weak
password. Different solutions for the front door threat are as follows
 Separate network recourses access from outside the wan
 Control users accessing LAN from outside the LAN
 Setup the separate remote account for remote user
 Setup VPN services
 Maintain password security
 Change password regularity
Back door threat:
Any software or hardware bugs in network security. The common method for
gaining access to a system by external users include:
 Password weakness
 Networking spoofing
 Social engineering
Networking spoofing:
In this a system presents itself to the network as it were a difficult system.
Internet security:
The most common security as to implement a firewall between you and internet. In
the computer, connective, and security, a firewall prevent the spread of security breach. A
firewall provide a common front against. With a firewall, the security feature of a network
can be concentrate on the machine that the Internet can access. Three more common
configuration of firewall1 The bastion host and proxy server.
2 Packet filtering
3 Password/encryption method
5
Virus
It is destructive computer program that alter store file or system configuration and
copies itself onto external disk other computer. Virus cause problem by altering file and
configuration or by growing exponentially, which interrupt the data flow. In simple words a
‘Computer virus program piece of self replicating code attached to some other piece of
code’.
Some strategies to protect from virus:
Teach network user about virus and how to prevent them.


How virus cause?
From where virus cause?
Ask user to avoid downloading of untested program from Internet.
Always boot server from same server.
Clean DOS workstation, Master boot records using Floppy Disk.
Perform regular back from server.
Control entry point on workstation and server.
Use your network Operating System security features to limit access to susceptible file.
Malicious Software:
Trojan Horse:
It is a program that is design to disguise itself as something harmless,
waiting for writes movement to do it’s dead. A Trojan horse can be a code hidden in
program such as game or spreadsheet that look safe to run but has hidden side affect. When
the program runs, it seems to function as the user aspect, but actually it is destroying,
damaging, or altering the information in the background. It is a program on it’s own and
does not required a host program in which to embed itself.
Worms:
Worm is another form of destructive or dangerous program. It can run by itself and
can spawn a fully working version of itself to another machine Worm are so named because
they move across the network without leaving detectable sign. The difference between virus
and worm is same as between virus and Trojan Horse, as virus embedded itself inside
another program or boot code, where as Trojan Horse and worm are self sufficient and can
run by itself.
The necessary characteristics of worm are:
 It is able to replicate.
 It is self-content and does not required host.
 It is activating by creating process. It needs a multitasking system.
 It is the network worm. It can replicate across communication line.
6
Disaster Recovery Plane:
It is process that documents how a network recovers from a disaster that destroys its
data or stops it’s functioning. This is a step for preparing for worst. A typical disaster
recovery plane include following consideration:
 Disaster scenarios
 Communication
 Accessing need
 Offside storage
 Critical components
1. Accessing Need:
 It consider the following points:
 Plan for all possible happening
 Define counter measures for these possible happing.
 Calculate the overall time needed to resolve problem.
 Inform to top management about network risks.
 Plan with key business consideration
2. Disaster Scenarios:
This step considers all possible situations that may lead to disaster. There can be
many situation due to which disaster occur. Broadly disaster scenarios can be group into:
 Power failure
 Building failure.
 Flood
 Fire
Main disaster scenarios related to computer network can be:
 Network server failure
 Network device failure
3. Communication:
When disaster may occur and of course, what should be the point consider if disaster
occur in particular scenarios. Now communication is the major step while planning for
disaster recovery. If a disaster occur you will take some action to recover data from that
disaster or recover the situation and make it functioning normally. But before, this action
you need to inform respective authorities and concern people about disaster, which is
nothing but communication.
Who will take action against disaster, administrator should inform to following
authority of company:
 CEO or president
 Vice president
 Head of affected area
 Supervisor
 Employees of affected area
7
4. Offside storage:
One of precaution for protecting your data and avoiding your data loss, you should
have backup of your network. Once you have backup of your data and if you lost your
original data in disaster, you can have that data back from its backup location that is you can
restore your lost data from that data backup. So taking backup of data is quite important and
routine step in your network. Now there are many considerations about taking backup as:
 What data should be backup?
 What should be backup mediator form?
 What should be backup policies?
5. Critical components for rebuilding:
As we are saying that disaster recovery plan consider if any disaster occur what
should be done to establish normal network environment and normal data processing and
how to recover that lost data. Now if disaster, which can destroy all network instillation,
equipment and networks data occur, one need to rebuild the whole network. When you are
installing network for first time, you will consider what are the basic components or build
block of network and you will consider cost of all components. In sum, you will consider
what are the component in network that can be used to rebuild the network disaster occur.
This step of disaster recovery plan mainly consider following point:
 Computer equipment
 Network connecting devices
 Any other hardware devices
 Software replacement
 Hardware replacement
 Cost estimate of replace equipment
8
ENCRYPTION AND DECRIPTION BASED ON CRYPTOLOGY
As time is going on the dependency of the Computer is going on. Probably in this
view Time Magazine auto “MAN OF THE YEAR 1982 IS NOT A MAN, BUT A
MACHINE COMPUTER”.
For the first few decades of their Existence, computer networks were primarily used
by corporate employee for sharing Printers. Under these conditions security did Not get a lot
of attention. But now as Millions of ordinary citizens are using Networks for banking
shopping and filling Their fax return, network security is looming On the horizon as a
potentially massive Problem. Security is a broad topic and covers Multitude sins, in its
simplest form it is concerned with.


Nosy people can modify messages intended for
other recipients.
With people trying to access remote service that they are not authorized to
use.
CRRPTOLOGY:
It is the study of principles of secret Writing and of methods of breaking codes and
Cipher
CRYPTOGRAPHY:
It deals with the methodologies for Encryption and decryption i.e. design of
Cryptosystems.
CRYPTANALYSIS:
In this the strength of the algorithm are Studied with the ultimate aim of breaking the
Cryptosystems.
CODEWORD:
A codeword is a word, which stands for an other word, which needs to be concealed.
A group of words corresponding to another group of words which need to be concealed.
CIPHER:
A key or set of keys is used along an Algorithm to produced a cipherext from Plaintext
the key set is secret whereas the Algorithm may be known.
ENCRYPTION:
The process of converting Plaintext into cipher text is called as encryption.
DECRYPTION:
The reverse process i.e. converting cipherext into Plaintext is called as Decryption.
9
ENCRYPTION METHODS:
Encryption methods have historically being divided into two categories


Substitutional ciphers
Transpositional ciphers.
1.Substitutional ciphers:
In a Substitutional ciphers, each letter or group of letters is replaced by another
letters or group of letters to distinguish it. The four basic classes of substitution ciphers are:

Caesar substitution

Simple/Monoalphabetic substitution

Polygram substitution

Polyalphabetic substitution
1. CAESAR SUBSTITUTOIN:
The oldest cipher known as the cease cipher. In this method, a becomes D, b
becomes E, c becomes f… z becomes c
For e.g.
Attack-------DWWDEFN
2. SIMPLE/ MONOALPHABETIC SUBSTITUTION:
It is similar to Caesar but here 26 letter map outs some other letter.
For e.g.
Plain text a b c d e f g h I j k l m n o p q r s t u v w x y z
Clip text q w e r t y u I o p a s d f g h j k l z x c v b n m
This general system is called Monoalphabetic substitution, with the key being the
26-letter string corresponding to the full alphabet. For the key above attack become Q Z Z Q
EA
3. POLYGRAMS:
There are the most general cipher theypermit arbitrary substitutions for group of
Plaintext character.
In English most common two letter combinations or diagrams are th , in , er , re ,
and an and most common 3 letters combinations are ion , ing the & and trigrams .
4. POLUALPHABETIC:
To make the job of cryptoanalyst more difficult, it is necessary to smooth out the
frequency of the cipherext, so the letters representing e , t etc not stand out so clearly.
One way to achieve this goal is to intrudes multiple cipher alphabets, the be used in rotation
what is known as Polyalphabetic cipher.
10
“Mapping is one to one as in simple substitution, but can change within the single
message.”
TRANSPOSITION CIPHERS:
Substitution ciphers and coded preserve the order of the Plaintext symbol but
distinguish them. Transposition cipher, in contrast, recorder the letters but do not distinguish
them.
 Simple (Reversing the message)
MY NAME IS BHAVANA
LOCA AREA NETWORK
KAPEED SI EMAN YM
KROTEN AREA LACOL
 Geometric pattern decoding :
In this, the message is rearranged with the aid of some type of geometric figure, a
typical example being a 2 dimensional array of matrix. First the Plaintext message is written
with the figure according to a particular pattern .The cipherext is then created by taking the
letters of the figure according to a different path. For eg. Suppose the Plaintext word
ENGINEERING STUDENTS is written into a 4*5 matrix by rows as follows
Col no. 1 2 3 4 5
Ciphertext E N G
E E R
G S T
G S T
E NT
I N
I N
U D
U D
S
ALGORITHMS
 SECRET ALGORITHM :
Transposition and substitution can be implemented with simple circuits,(fig. 1.2) a
shows a device, known as ‘Box used to effect a transposition on an 8-bit input. If 8 Bits are
designated from top to bottom as 01234567, the output of His particular P’Box is 3607125.
By appropriate internal wiring a P Box can be made to perform any transposition and do it
particularly the speed of light.
Substitution is performing by S Box. In this example a 3’Bit Plaintext is entered and
a 3bit ciphertext is output. A 3bit input Selects one of the 8 lines existing from the first stage
and sets it to 1 all the other lines are 0(zero). 2nd stage is P’Box, the 3rd Stage encodes the
selected input line in binary sequences would be 24506713.
The real power of this basic elements only becomes apparent when we cascade a
whole series of boxes to form a Product chipper. In this example, 12 input lines are
transposed by the 1st stage theoretically, it would be possible to have the 2nd Stage is an S
Box that mapped a 12 bit no. On to another 12 bit numbers. However, such a device would
need 212 =4096 Crossed wires in its middle stage. Instead, the input broken up in to 4 groups
of 3 bits, each of which is substitute Independently of the others.
11
PUBLIC KEY ALGPRITHM:
In 1976, Diffie and Hellman proposed a radicallynew kind of Cryptosystems, in
which encryption and decryption keys are different and decryption key could not be derived
from the encryption key. In their proposal , the (keyed = encryption algorithm E, and the
(keyed) encryption algorithm E ,and the keyed decryption algorithm D , had to meet the
following requirements => D(E(P)) = P
It is exceedingly different to deduce D from E.
E can’t be broken by a chosen Plaintext attack.
The first requirement says that if we apply D to an encrypted message (P), we get
the original Plaintext message, P, back. The second requirement specks for itself. The third
requirement is needed because, as we shall see in a moment introducer may experiments
with the algorithm to their hearts content. Under these conditions, Therese no reason that the
encryption key cannot be made public.
THE RSA ALGORITHM:
This method is discovered by Rivest, Shamir, and Adleman. Their method is based
on some principles from number theory. Here the summarized format
1.
2.
3.
4.
Choose two larger , P and Q(Typical greater than 10 )
Compute n = P*Q and Z = (P-1)(Q-1)
Choose a relatively primes to Z and call it d.
Find e such that e*d = l mod z.
Now with this methods to encrypt a message, P compute e =Pe(mod n). It can be
proven that for all P in the specific range, the encryption and decryption function is inverses.
To perform encryption need e and n.To perform decryption functions you need d and
n.Therefore the public key consists of the pai (e,n) and private key consists of (d,n).
Now an example of RSA algorithm is given in fig. 1.3 for this example we have
chosen p = 3 and q=11, given n = 33 , z = 20.A suitable value for d is d = 7. Because 7 and
20 have no common factors. With these choice e can be found by solving the equation 7e
=1(mod 20) , i.e e=3. The ciphertext ,c , for a Plaintext , p is given by c =cp3(mod 33). The
fig. Shows the encryption of the plaintext “SUN” as an example
Symbolic
S
U
N
C7
13492928512
1801088541
78125
Numeric
19
21
14
p3
6859
9261
2744
c7(mod 33)
19
21
14
p3(mod33)
28
21
5
symbolic
s
u
n
As the primes chosen for this example so small, p must be less than 3 so each
Plaintext block can contain only a single character. If instead we had cosine P and q =
10100.We should have n = 10200, so each block could be up to 664 bits (2664 = 10200 or 83 8 bit
12
characters verses 8 characters for DES. Their communications. Today several factor have
combined to simulate great interest in the commercial applications of Data encryption based
on Cryptolgy.
These are various application fields in which there is a great need of providing security of
information from getting it open to the enemies some of these fields are
IMPORTANCE:
Until recently, Cryptology has been of interest primarily to military and Diplomat
communities private individuals and even commercial it necessary to encrypt for protection
of:
HACKER – Using Encryption technique nobody could be able to steal their secret data.
BUSINESSMAN – If a Business company uses Encryption techniques then it is cure that
nobody could be able to discover their secret information or marketing plan.
SPY - Fails to learn an enemy military strength because of encryption techniques of the data.
Having so much advantages and top-most security these techniques are widely used in dayto-day life.
Using ENCRYPTION AND DECRYPTION techniques can keep our information
secret and can have complete privacy.
13
REFERENCE
1.
INTRODUCING TO CRYPTOLOGY
-BECKETT, BRIAN
2.
CRYPTOLOGY – THE TECHNIQUE
-DROTHY DERNING
3.
COMPUTER NETWORKS
-TANNENBAUM
4.
NETWORKING: A BEGINEER GUIDE
-BRUCE A. HALLBURGE.
5.
THE COMPLETE REFERENCE OF NETWORKING
-ZOKER
6.
DATA COMMUNICATION AND NETWORKING
-GODBOLE