Scribd
Upload
10K views69 pages

Network Security Bangla Book

Network security aims to protect computer networks from unauthorized access, theft of resources, and disruption of services. Common challenges in network security include account management, configuration management, fault management, performance management, and security management. Key steps to secure a network are file access security, backup systems, service uptime, fault tolerance, physical security, WAN link redundancy, antivirus updates, firewalls, and message encryption. Network troubleshooting faces challenges from physical media issues, network interface cards, protocol mismatches, network congestion, broadcast storms, power problems, server issues, and hardware conflicts.

Uploaded by

Md Nurul Islam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10K views69 pages

Network Security Bangla Book

Network security aims to protect computer networks from unauthorized access, theft of resources, and disruption of services. Common challenges in network security include account management, configuration management, fault management, performance management, and security management. Key steps to secure a network are file access security, backup systems, service uptime, fault tolerance, physical security, WAN link redundancy, antivirus updates, firewalls, and message encryption. Network troubleshooting faces challenges from physical media issues, network interface cards, protocol mismatches, network congestion, broadcast storms, power problems, server issues, and hardware conflicts.

Uploaded by

Md Nurul Islam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 69

18/April/2014

Feni Computer Institute

লেকচার # মামুন স্যার


স্ংকেন: শরীফু ে ইস্োম লেংকন

Network Security &


Troubleshooting
Data Telecommunication & Network Engineering
Shariful Islam lincon
Network Security & Troubleshooting

Unit: One
Basic Concept of Network Security and
Troubleshooting

1.1 Introduction to Network Security & Troubleshooting

NETWORK SECURITY:
঑ ই ।
঑ ঑ - ঑
঑ । Network এ Computer এ Resource
, Network Security । আ Network
Security
data / / । Network security
আ এ এ Security System- , Un-wanted User
এ Login , Computer resource Secure
এ Source to Destination এ Data আ -
ই ।

NETWORK TRO TROUBLESHOOTING:


এ ঑ System Fail ।
- Network Slow down, Network disconnect, Attack by hacker
ই । এই Diagnosing process-
Network Troubleshooting ।

Ipconfig/ifconfig, ping, Tracert, Netstar, Pathping/mtr, Route ই


Basic Network Troubleshooting Tools এ ।

Feni Computer Institute |Shariful islam lincon 1


Network Security & Troubleshooting

1.2 Challenges faced in Network

এ ঑ এ Network Administrator –
challenges Faced ,

 Account Management:
Network Resource User/User Group ,
User- level এ Permission এ ISP এ
ই Account Management এ আ঑ ।
 Configuration Management:
঑ Hardware/Software installation, repair, modification,
expansion or upgrading Vendor -

 Fault Management:
Fault detect ই Fault management ।
Hardware/software tools ঑ Fault

 Performance Management:
঑ ই Fault এ Backup System এ
Network এ Down time । এই
ই Network ferformance
monitoring এ Network up time

 Security Management:
Network User- Access level control, Firewall configuration,
Filtering, Antivirus Software installation এ data encryption ই
Security Management এ আ঑ ।

Feni Computer Institute |Shariful islam lincon 2


Network Security & Troubleshooting

1.3 Steps of Securing Networks

঑ ঑ ঑ Security
, Step by Stem আ ।

 File Access Security: Read, Write, Execution এই


Permission user এ File/Folder Access

 Backup System: ঑ ঑ Data
, Hard disk mirroring remote storage
Backup System ।
 Service Time : এ ঑ ই - user 24
hour’s service । আ ঑ up-time
Backup device এ device এ
UPS ।
 Fault-Tolerant : ঑ Brand এ ঑ ই

এ ই Network security

 Physical/Environmentntal security: Server Room এ -
biometrics device এ
। Network device EMI effect
EMI ই ।
 WAN Link : WAN
Backup WAN Link

 Network এ ই Update
Antivirus Software ।
 - ঑ Windows OS- Update

 Fhishing ঑ Anti-Fhishing Software

Feni Computer Institute |Shariful islam lincon 3
Network Security & Troubleshooting

 Firewall: ঑ Firewall
। Firewall এ Program
঑ আ Packet reject ।
Software-based Personal firewall program

 DSL Cable MODEM ঑ internet ঑
Hardware Firewall এ ।
 Message Encryption: ঑ data আ - ই
Encryption System , Data
access ।
 Wirless network এ - Disable
এ wirless security WEP WPA Enable ।
SSID Broadcast- Shutdown এ ই ঑ Access
point ।

1.4 Challenges faced in troubleshooting.

এ ঑ Adminestator-
Hardware & Software । Network
Problem -

 Physical Media: Cable, Connector, Hub, Interface card ই


Physical media install আ , ই এ
diagonistic ।
 Network Interface Card (NIC): NIC MotherBoard এ
আ এ LED ই ।
 NIC Driver installation আ Test ।
 Network Protocol Mismatch : ঑ এ host host এ
Communication ই NIC – Protocol
support আ Support ।

Feni Computer Institute |Shariful islam lincon 4


Network Security & Troubleshooting

 Network Congestion: ঑ , ঑

Network capacity ।
 Broadcast Storms( ): ,

 Power Problem: এ Network service time ,
ই UPS ঑ ।
 Server Problem: client-server network এ server ঑ ।
ই server computer ই high configuration hardware-software
ই service ।
 Hardware conflict ( ): ঑ ই
IRQ (Interrupt Request Line) number । এ
ই এ ই IRQ number Hardware conflict

1.5 Steps to troubleshoot a network.

Network এ built-in tools ,


এ Network admin এ । এই tools এ
আ -

# ipconfig/all

Network এ physical connection আ ই


এই । Host_Name, IP_Address, Subnet_Mask,
Gateway, DNS, MAC_Address ই এ ।

# Ping

IP Address এ ঑ Active আ ,
ই ping command ।

# tracert

router path এই ।
Feni Computer Institute |Shariful islam lincon 5
Network Security & Troubleshooting

# netstst –a

, port virus/Trojan
determine এই tool ।

# nslookup

website এ IP_address, DNS, MAC_Address, Host_name ই


এই tool ।

# hostname

এই tool ।

# finger

঑ User- information এই tool


Feni Computer Institute |Shariful islam lincon 6


Network Security & Troubleshooting

Unit: Two
Understand Cryptography
2.1 Introduction to Cryptography

CRYPTOGRAPHY:
Cryptography । Plain Text
data/message Un-readable
Key এ Encryption এ
Encrypted data Readable plain text এ convert
Decryption । আ plain text– Encryption
& decryption overall process cryptography ।

Fig 2.1: Cryptography

আ Cryptography system Kerckhoff’s


এ Algorithm এ এ Secret key

Feni Computer Institute |Shariful islam lincon 7


Network Security & Troubleshooting

2.2 Fundamentals of cryptography principles

CRYPTOGRAPHY PRINCIPLE ( ):
‚All algorithm must be public, only the key’s are Secret‛
cryptography Encryption & decryption process ই
Key Cryptography ।

Plain Text : abcdef

Encrypt Text: BCDEF

Key: convert small to capital and move right 1

এ small letter Encrypt data Capital


letter এই Algorithm এ small to capital letter এ convert
Public ই । letter letter
replace Secrete। এই Encrypted data
decryption ই Decryption algorithm এ এই Secrete key
। এই secrete key
ই এই Encrypted data- read ।

Worldwide এ ই Standard Software এ


data আ - ‚All algorithm must be public, only the key’s
are Secret‛ এই software development এ
Principles of cryptography ।

Feni Computer Institute |Shariful islam lincon 8


Network Security & Troubleshooting

2.3 Substituting & Transposition Ciphers

SUBSTITUTING CIPHERS:
Plain Text Encryption Text Cipher
Text । A substitution cipher replaces one symbol with another
Substitution cipher Plain text এ Symbol
Symbol/Group of symbol Replace Encrypt

Fig 2.3.a: Simple Substitution cipher process

Fig 2.3.a Symbol (Rotate)


13 Symbol Replace cipher text এ convert
। এ 13 Secret Key। Substituting cipher A to
Z 26 Symbol এ Plaintext, ciphertext এ Key
ই (Integer) ।

Fig 2.3.b: Representation of characters in modulo 26

Example:

Feni Computer Institute |Shariful islam lincon 9


Network Security & Troubleshooting

2.3.b figure ‚hello‛ Encrypt Secret key


15।

(Hello)Plain Text = (WTAAD)Cipher Text

এ Secret Key 15 ‚WTAAD‛ Decrypt


;

(WTAAD)Cipher Text = (Hello)Plain Text

TRANSPOSITION CIPHERS:
Transposition cipher plain text এ Symbol
Column এ Row by row এ এ
Column Secret key এ এ ,
Column symbol Cipher text এ Convert

Feni Computer Institute |Shariful islam lincon 10


Network Security & Troubleshooting

2.4

Fig 2.3.c: Transposition cipher

2.4 Brief discussion of different mode of ciphers (Electronic code


books mode, Cipher block chaining mode, Cipher feedback mode,
Stream cipher mode, Counter mode)

ELECTRONI CODE BOOK MODE:


Encrypt ECB
। ECB System এ এ message- 64-bit এ
block এ । Last block এ bit padding
64-bit block এ ।

Feni Computer Institute |Shariful islam lincon 11


Network Security & Troubleshooting

Message
Break into
blocks
M1 M2 M3 M4 M5 M6 M7
Encrypt
E E E E E E E with secret
key
C1 C2 C3 C4 C5 C6 C7
Fig.2.4(a): ECB Encryption

এ block এ ই Secret key Encrypt


ciphertext এ । decrept ঑
block এ ই Secret key Plaintext এ ।

঑ এ single block এ ECB এ


঑ multi-blocks এ Block এ identical information
ECB এ Worst ( ) method in Encryption
process ।

CIPHER BLOCK CHAINING MODE:

P0 P1 P2 P3 C0 C1 C2 C3

Key D D D D
IV
Decreption
Encryption

IV
Key E E E E

P0 P1 P2 P3
C0 C1 C2 C3

Fig. 2.4(b) CBC System

ECB এ আ CBC- develop


। এই এ message– 64-bit block
এ । এ CBC এ 64-bit এ Random number

Feni Computer Institute |Shariful islam lincon 12


Network Security & Troubleshooting

IV (initialization vector) । IV- plaintext block


(P0) এ XOR এ Secret-key Encrypt ciphertext
(C0) ।

এ ২ plaintext block (P1) এ C1 XOR


Secret-key Encrypt ciphertext (C1) । এ এই
chain ।

Encryption এ Ci = E(Pi XOR IV) C3 = E(P3 XOR C2)


এ Decryption এ Pi = (IV XOR Ci) P2 = (C2 XOR C1)।

COUNTER MODE:

Fig.2.4(c): Counter mode (Encryption)

এই এ 64-bit এ Random number IV


(initialization vector) । এ Plain message 64bit’s
Plaintext Block এ , P0, P1, P2,… Pn
। এই plaintext block ( P0) IV
XOR Encrypted_key Encrypted Ciphertext (C0) এ
। এই IV এ এ এ এ IV
P1, P2, … Pn XOR Encrypted_key Encrypted
Cipher text C1, C2, …. Cn এ ।

Feni Computer Institute |Shariful islam lincon 13


Network Security & Troubleshooting

CIPHER FEEDBACK MODE:

Fig.2.4(d): Cipher Feedback mode (a)Encryption (b)Decryption

এই 64-bit shift register এ Shift register এ


Left most byte- Plaintext block XOR’ed
Encryption_key Encryption Cipher Text এ । এ
এই Cipher text block shift register এ Right most byte এ Push
। এই plaintext block- cipher text এ

STREAM CIPHER MODE:

Fig.2.4(E): Stream Cipher Mode

এই PlainText এ Bit Indivisual Key-Stream এ


bit XOR’ed Cipher Text এ ।

Feni Computer Institute |Shariful islam lincon 14


Network Security & Troubleshooting

Unit: Three
Key Management Concept
3.1 Basic Concept of key management

KEY MANAGEMENT:
Cryptosystem এ cryptographic key Key generation,
exchange, storage, use and replacement ই Key
management । Key management system এ Cryptographic protocol
designe, key server, user procedures এ Protocol

3.2 Brief discussion on symmetric-key and public-key distribution

Network Protection & Authentication এ Encryption ।


Encryption ই । -

 Symmetric-Key Encryption
 Asymmetric Public-key Encyption

SYMMETRIC-KEY ENCRYPTION:

Fig.3.2(a): Simple Model of Symmetric Encryption

Feni Computer Institute |Shariful islam lincon 15


Network Security & Troubleshooting

Sender & receiver এ ই Secret key Encryptiom &


decryption ঐ Secret key- Symmetric key এ
Overall process Symmetric key encryption । Symmetric-Key
Encryption এ Encryption process ।

a) Plain Text: এ এ Text, input ।


b) Encryption Algorithm: এ Plaintext Substitution Transposition
Algorithm ।
c) Secret Key: এই Secret key Substitution Transposition
এ এই Key এ Authorized user এই
Text- decrept ।
d) Cipher Text: Plaintext এ Secret key ciper text

e) Decrept-Key: এই Ciper text – secret key
Plaintext এ ।

ASYMMETRIC-KEY ENCRYPTION:
Public & Private ’ key Assymetric-key
encryption । এ Public & Private ই Key,
mathematicaly co-related এ message- Encrypted এ
Decrept । এ Puiblic-key & private-key Encryption
Public-key Encryption ।

Bob Public Key Bob Private Key

Alice Bob
Transmitted
PlainText ciphertext PlainText

Input Output

Encryption Algorithm Decreption Algorithm

Feni Computer Institute |Shariful islam lincon 16


Network Security & Troubleshooting

(b)Encryption

Alice Private Key Alice Public Key

Alice Bob
Transmitted
PlainText ciphertext PlainText

Input Output

Encryption Algorithm Decreption Algorithm

(c)Authentication

Fig.3.2(b,c): Encryption & Authentication using by Public-Key

Public-key Encryption Encryption & Authentication এই


’ message ।

, Alice, Bob এ message , ই Alice এই message


Bob এ Public-key Encrypted এ tansmission media
Bob এ । এ Bob এই Message receive
Private-key Decrept । এ
, message এ Bob । আ এই
঑ Authentication।

Alice Bob message ,


Private-key আ এ Encrypted message, Bob এ
। Bob এ Alice এ public key ,
Encryted message Decrept এ ,
message Alice ।

3.3 Brief discussion on DES (Data Encryption Standard) & AES


(Advanced encrypting Standard).

Feni Computer Institute |Shariful islam lincon 17


Network Security & Troubleshooting

DATA ENCRYPTION STANDART (DES):


Data Encryption Standard (DES) 1975 The National Institute
of Standards and Technology (NIST) Symmetric-key
Block Cipher। এ 64 bit’s এ plain text 56 bit’s key 64
bit’s এ cipher text এ ।

Fig.3.3(a): Encryption and decryption with DES


DES encryption process permutation - initial and final
permutations এ 6 eistel rounds ।

Feni Computer Institute |Shariful islam lincon 18


Network Security & Troubleshooting

Fig.3.3(b):General structure of DES

Fig.3.3(c): Initial and final permutation steps in DES

Initial permutations এ 64 bit’s plain text এ key-independent


transposition এ final permutations এ inverse transposition । 16
Feistel rounds এ Stage এ Leftmost 32 bit’s stage
এ Rightmost 32 bit’s Exchange Left output
stage এ Right output এ just a copy আ Right output
stage এ Left & Right most 32bit’s XORed output.

Feni Computer Institute |Shariful islam lincon 19


Network Security & Troubleshooting

Fig.3.3(d): Initial and final permutation steps in DES


Decryption এ ঑ এ এ ই key । Steps
Reverse Order এ ।

Advanced Encrypting Standard (AES):


DES এ আ DES এ
1997 develop Advanced Encrypting Standard
(AES)। এ Rules -

 Algorithm ই Symmetric block cipher এ Public ।


 Overall design ই Public ।
 Key lengths 28, 92,256 bit’s Support ।
 Software & Hardware ই implement ।

3.4 Symmetric & Public key signature

SYMMETRIC KEY SIGNATURE:


A, KA (B, RA, t, p)
Alice

Bob
BB

KB (A, RA, t, p, KBB (A, t, p))

Fig.3.3(a): Symmetric key signature

এই BB- Big Brother এ Central Authority


। user/client এ secret key choose এ
BB এ by hand ।

Alice, Bob এ Plaintext P KA (B, RA, t, p)


BB এ । ;
Feni Computer Institute |Shariful islam lincon 20
Network Security & Troubleshooting

B – Bob’s identity

RA – Is a random number chosen by Alice

t – is a timestamp to ensure freshness

এ KA (B, RA, t, p) Message KA encrypt BB এ


। এ BB এ Decrypt এ KB (A, RA, t, p, KBB (A, t, p))
Message Bob এ Sent । BB Bob
message এ Plaintext of Alice এ BB এ Signature message KBB (A, t, p)
KB encrypt ।

PUBLIC KEY SIGNATURE:


Symmetric key signature BB-Big Brother এ
এ message- BB Read message এ overall security
। এই Public key signature develop

Alice Transmission line Bob

Bob’s Alice’s
P
Alice’s
Private
Bob’s
Private Public
P
Public Key,
Key, DA EB Key DB Key, EA

DA(P) EB(DA(P)) DA(P)


Fig.3.3(b): Public key signature

Alice, Bob এ message P এ Plaintext P এ


Alice’s এ Private key DA । , এ Bob’s
এ Public key EB এ EB(DA(P)) Transmission media
Bob’s computer এ sent ।

Feni Computer Institute |Shariful islam lincon 21


Network Security & Troubleshooting

Bob এই message receive এই message


private key (DB) transform এ transform message
আ Alice’s public key EA Plaintext এ convert

3.5 Discussion on different types of security services (Confidentiality,


Integrity, Authentication, Non-repudiation and authentication).

i. CONFIDENTIALITY:
এ Unauthorized user’s এ data/information ।
ii. INTEGRITY:
Sender data , receiver ঐ data receive
integrity ।
iii. AUTHENTICATION:
sender receiver এ data আ - ।
iv. NON-REPUDIATION AND AUTHENTICATION:
It deals with digital signature client/receiver
receive signature এ sender এ
deal signature এ এ ।

Feni Computer Institute |Shariful islam lincon 22


Network Security & Troubleshooting

Unit: Four
Communication & Application Layer Security
4.1 Fundamental of Communication and Application layer security

Computer Network Communication OSI Layer


Communication setup । এ High-level Strong Firewall
঑ Software layer (Datalink to Application layer) এ
। Application layer এ Protocol Data Unit
HTTP, FTP, SMTP ই high level protocol
। এই High level protocol Filtering, Accept, Reject
Application level security ।

4.2 Various TCP/IP Attacks (Denial of Service, Stealth attack, Non-


technical attack, Malicious & Non-Malicious attack)

Dos Attack:

Denial of Service (DoS) এ Distributed denial-of-service (DDoS)


এ এ আ , ই Network
resource/Server/Host- ই
। DoS attack এ /
DDoS ই /
। DoS ,
঑ , এ এ nameservers
ই ঑ ই ।

এ ই
এ Range আ । এ ই এই Range ,
,
। এ
঑ ।
এই এ । DoS/DDoS এ

Feni Computer Institute |Shariful islam lincon 23


Network Security & Troubleshooting

এ আ এ /এ
service request , Overloded Traffic । ই
এই আ , Real IP Address Hide
Proxy server IP
Address service request ।

Stealth attack:

4.3 IP Session Hijacking

Cookie এ ই Logon User- information


- User ID, Password, IP Address এ URL ই
আ । এই cookie file এ logon
time এ এই Cookie file – (Web Browser) ।
এ , এই http cookie Attack Access
ই । আ
Cookie – Attack IP Session Hijacking ।

4.4 Different types of security (Wirless security-Bluetooth & WAP


security, Web security, E-mail security etc.)

E-mail security:

4.5 Discuss on Threats, Virus, Active-X

Threats:

ই Threats । Threats । -

Feni Computer Institute |Shariful islam lincon 24


Network Security & Troubleshooting

 Denial of service:
Attacks make computer resources (e.g., bandwidth, disk space,
or CPU time) unavailable to its intended users.
 Unauthorised access:
Access without permission issues by a rightful owner of devices
or networks.
 Impersonation
 Worms:
 Viruses

:
ই এ user এ ই

আ ।

Feni Computer Institute |Shariful islam lincon 25


Network Security & Troubleshooting

Unit: Five
Authentication Protocol Concepts
5.1 Authentication Based on Share Secret Key.

1 A

2 RB

Alice 3 KAB (RB) Bob

4 RA

5
KAB (RA)

Fig.5.1: Authentication Based on Share Secret Key

এ ,

A, B Alice & Bob এ identity ।

RA & RB Alice এ Bob এ Random number ।

KAB Shared secret key by Alice & Bob।

Fig.5.1 এ Authentication Based on Share Secret Key এ Step


Step এ । Share Secret Key
Authentication Step আ ;

Step 1: Alice, Bob A,RA message ।

Step 2: Bob RA KAB Encrypt এ Alice এ


RB,KAB(RA) feedback ।

Feni Computer Institute |Shariful islam lincon 26


Network Security & Troubleshooting

Step 3: Alice RB,KAB(RA) Authentication


আ KAB(RB) Bob এ ।

এই Share Secret Key Authentication ।

5.2 Diffie-Hellaman Key Exchange Method.

Fig 5.2: Diffie-Hellaman Key Exchange Method

Here,

Alice and Bob exchange a Prime number (n) and a Generator


(g) in clear text, such that n>g and g is primitive Root of n.

Let,

n = 47

g=3

Alice Picks x = 8

Bob Picks y = 10

So that,

Alice ( n, g, gx mod n ) = (47, 3, 38 mod 47) = (47, 3,28)

Bob (gy mod n) = (17) ----------------------- (i)

Alice Computes = (gy mod n)x mod n [From equation (i)]

= 17 mod 47 = 4
Feni Computer Institute |Shariful islam lincon 27
Network Security & Troubleshooting

Bob Computes = (gx mod n)y mod n

= 28 mod 47 [-: gx mod n = 28 ]

=4

এই Alice & Bob এ calculation এ


Alice & Bob Authentic message আ -
। এ secret key value 4।

5.3 Authentication using a Key Distribution center (KDC).

KA Encrypted with Alice-KDC secret key Session key between Alice and Bob

KB Encrypted with Bob-KDC secret key

Fig.5.3: Authentication by KDC

এ KDC – Key Distribution center ঑


Secret Key । KDC এ Operation BB(Big Brother) এ

Alice, Bob Message , Alice KDC এ


Alice & Bob এ Identity (A,B) message ।

Feni Computer Institute |Shariful islam lincon 28


Network Security & Troubleshooting

এ message KDC এ এ Bob এ secret key


Encryption + Encrypted message আ Alice এ Secret
key Encrypt । এ KA(KB(A,B,KS)) এই message
Alice এ feed-back ।

এ Alice, KDC এ Message Secret key


Decrypt এ KB(A,B,KS) Bob এ sent ।
এ KS = Sessional Key ’ End station এ Time
synchronization ।

5.4 Authentication using public key cryptography.

Public_Key infrastructure
(PKI) derectory

EB (A, RA)
Alice 6 Bob
EA (RA, RB, KS)
7

KS (RB)

Fig.5.4: Mutual Authentication using public_key cryptography

এই system এ PKI-Public key infrastructure directory/server এ


঑ Public_key এ এ
request Publick_key । PKI directory
Alice & Bob authentication
-

1. Alice, PKI directory – Bob এ Public_key EB



Feni Computer Institute |Shariful islam lincon 29
Network Security & Troubleshooting

2. PKI Derectory, Alice- Bob এ Public_key EB ।


3. এ Alice এ Random number RA এ Alice’s identity ‘A’ – EB
Encrypted , EB(A, RA) message- Bob এ sent

4. EB(A, RA) message Bob, PKI directory – Allice
এ Public_key EA ।
5. PKI Derectory, Bob- Allice এ Public_key EA ।
6. এ Bob এ Random number RB, Allice Random
number RA এ Communication time এ Session
key generate , EA Encrypted , EA(RA, RB, KS)
message- Allice এ feedback ।
7. এ Allice, Bob- Ackhnowladgement KS(RB)
message Bob এ sent ।

এই public key cryptography Alice & Bob


Authentication ।

Feni Computer Institute |Shariful islam lincon 30


Network Security & Troubleshooting

Unit: Six
Understand the Concept of Filtering
6. undamentals of iltering and it’s components.

(Filtering): ঑ এ Filtering এ এ
Security System, data packet, service ই ঑
Pass or reject ।

Filtering components Port filtering, IP Address


Filtering, MAC Address Filtering, Packet Filtering, Protocol Filtering,
website/ Web content Filtering, Network Filtering ই ।

6.2 Principles of Packet Filtering

PACKET FILTERING:
Header information
Pass or reject Packet Filtering ।

Packet Filtering
Router Configuration । -

 protocol type

 IP address

 TCP/UDP port

 Fragment number

 Source routing information ই ।

6.3 Understand Protocol, IP address filtering, Port filtering etc.

Feni Computer Institute |Shariful islam lincon 31


Network Security & Troubleshooting

Protocol Filtering:
Protocol Filtering এ IP Protocol - UDP, TCP,
ICMG IGMP ই filtering table Pass or reject

IP Address Filtering:
IP Address ঑ Block IP Address
Filtering । আ source IP Address
Source Router IP Address IP Address Filtering এ
data packet- Pass/reject ।

Port Filtering:
Port number Appplication service এ Virtual address। -
http Service এ port 80, এ IP Address এ
‚ 92. 68.2. :80‛ এই ঑ ।

Port number list -


Port Description

20 File Transfer Protocol (FTP)

21 File Transfer Protocol (FTP)

22 Secure Shell Protocol (SSH)

23 Telnet

25 Simple Mail Transfer Protocol (SMTP)

53 Domain Name Server (DNS)

80 World Wide Web (HTTP

Port Filtering এ আ data packet এ Port number


, Port এ packet pass আ -
packet reject ।

Feni Computer Institute |Shariful islam lincon 32


Network Security & Troubleshooting

6.4 Encrypted authentication & Effective broder security.

Encrypted Authentication:

Encrypted Authentication allows users on the public network to prove


their identity to the firewall in order to gain access to the private
network from external location এ ঑
ই ( ) ই ঑
Firewall । এ
Private network এ Connection setup ঑ Firewall
এ data আ - এ data আ -
Encrypted Firewall এ । ই
Encrypted Authentication এ Firewall এ Security ।
Private network এ Tunneling Client PC-
Client Software installed ।

Windows NT operating System এ Account Name and Password


Shared secret authentication এ Encrypted Authentication

Effective Border security:

এ Border security control -


- , ঑ Effective Border
Security Network Resources
। ঑ Effective Border Security , ই
঑ এ / /
ঐ ঑ - Packet filtering, Network
Address Translation, and high-level service proxy ই

Firewall এ service/Security software run


এ System complexity এ service/Security software
, এই ঑
Feni Computer Institute |Shariful islam lincon 33
Network Security & Troubleshooting

System এ bug/ এ ঑
আ ।

ই Effective Border security ঑ Service


running Minimize , এ System complexity এ
Firewall device/machine Network security &
performance ।

Firewall Low to Highest Effective Border security


;

1. Filtered packet sevices.


2. Single firewall with internal public servers.
3. Single firewall with external public servers.
4. Dual firewall or Multihomed firewalls.
5. Enterprise firewalls.
6. Disconnection.

Feni Computer Institute |Shariful islam lincon 34


Network Security & Troubleshooting

Unit: Seven
Understand the Sockets and Services
7.1 Understand the Sockets & Services.

(SOCKET):
঑ inter-process communication এ endpoint
(Socket) । Computer communication
internet protocol , Network socket internet
Socket ।

Socket API (Application Program Interface) –


Provide , Application Program এ Network Socket এ
। internet Socket API’s Berkeley sockets
Standard ।

IP ঑ , Port ঐ
Application এ ।

:- , ই
TCP/IP এ 20-21 । File
Transfer Protocol এ 20-21 Port number ।

TCP/IP Network–এ Computer to Computer Host এ


Communication IP এ ঐ
Port number। Socket IP Address এ Port
number এ ।

Socket = (Source_IP_Address + Source_Application_Port_Number


+ Destination_IP_Address + Destination_Application_Port_Number)

Feni Computer Institute |Shariful islam lincon 35


Network Security & Troubleshooting

SERVICES:

। - File transfer, E-mail, Voice & video Call,
chat, Data backup, Web hosting আ । এই
port
protocol oriented।

Example: Daytime, DNS, Echo, FTP, Gopher, http, NFS, POP3,


SNMP, Telnet ই Network service Protocol.

Socket Service ;

 How complex is the service?


 How might the service be asused?
 What information does the service dispense?
 How much of a dialog does the service allow?
 How programmable or configurable is the service?
 What other services does the service rely on?
 What sont of authentication does the service use?

7.2 Use & types of Socket.

USE & TYPES OF SOCKET:


internet এ Socket ; -

1. Datagram Sockets:
Datagram Socket Connectionless socket , User
Datagram Protocol (UDP) ।
2. Stream Sockets:
এ এ Connection-Oriented Socket Transmission Control
Protocol (TCP) Stream Control Transmission Protocol
(SCTP) ।

Feni Computer Institute |Shariful islam lincon 36


Network Security & Troubleshooting

3. Raw Sockets:
এ Raw IP Socket ঑ । এ Routers এ
Network Equipment এ । Raw socket OSI-Layer
এ Transmission layer এ bypassed এ Application এ
Packet Header Accessible ।

আ এ Non-Internet Sockets
Transport Protocol - Systems Network Architecture (SNA), Unix
Domain Sockets (UDS) internal inter-process communication এ
implement ।

7.3 Introduction to different services protocols (Daytime, DNS, Echo,


FTP, Gopher, http, NFS, POP3, SNMP, Telnet etc.)

DAYTIME PROTOCOL:
Daytime Service- Internet Protocol Suite এ এ Protocol
1983 RFC 867 । এ RFC 867
ARPA Internet community এ standard।

Daytime Service Support এ Server এ


Host connected via TCP/UDP Port 13 Server ঐ Host
Date & time Unspecified format এ এ
ASCII character string ।

Daytime service ঑ Host Server এ


Input request এ ।

*** স্াভভ ার বা লনটওয়ার্কভ ক্লক টাইম Provide করার জনয Daytime Protocol বযবহার
করা ।***

TCP Based Daytime Service:


Server TCP Port 13 host Connection request
। Host to server এ connection setup Server ঐ
Feni Computer Institute |Shariful islam lincon 37
Network Security & Troubleshooting

Host এ Date & time Unspecified format এ


এ ASCII character string এ host receiving
acknowledgement ঑ ।

UDP Based Daytime Service:


UDP Port 13 host UDP datagram ।
UDP Datagram receive ঐ Host এ
Date & time Unspecified format এ এ
ASCII character string এ host receiving acknowledgement
এ ।

Daytime Syntax:

Weekday, Month Day, Year Time-Zone

Ex- Tuesday, February 22, 2012 11:37:25-GMT

SMTP- Simple Message Transfer Protocol এ Daytime Syntax


; dd mmm yy hh:mm:ss zzz

Ex- 02 FEB 12 07:45:25 GMT

Daytime Service এ ;

 Complexity – Simple
 Abuse potential – Minimal
 Information sensivity – None
 Dialog - Minimal
 Programmability and configurability – None

DNS – DOMAIN NAME SYSTEM:


঑ IP Address
Network Service DNS। IP

Feni Computer Institute |Shariful islam lincon 38


Network Security & Troubleshooting

Address
Domain name system । DNS এ
’ -

 Host Name
 Domain Name

Ex- bdnews24.com

এ bdnew24 host/computer name আ .com ঐ


host/computer- Domain name।

DNS Server Name Server ঑ ’ zone এ । -

 Forward zone host name এ IP Address ।


 Reverse zone IP Address এ Host Name ।

DNS No.53 Port এই ।

Fig 7.3: Domain name system

DNS এ ;

 Complexity – Complex
 Abuse potential – High

Feni Computer Institute |Shariful islam lincon 39


Network Security & Troubleshooting

 Information sensivity – Minimal


 Dialog - Minimal
 Programmability and configurability – High

Echo Protocol:
Echo Internet Protocol Suite এ এ Protocol RFC 867
। এ RFC 862 ARPA Internet community
এ standard। এ IP Network এ testing and
measurement tools ।

Echo Protocol Support এ


TCP/UDP এ No.7 Port ঐ
এ identical copy feedback receive ।

Echo এ ;

 Complexity – Simple
 Abuse potential – Minimal
 Information sensivity – None
 Dialog - Minimal
 Programmability and configurability – None

FTP:
File transfer protocol (FTP) এ এ Service
ই ঑ FTP Server এ
User name এ Password Login , এ
File/folder/software/data download Upload । FTP
linux to linux linux to
unix, windows, MAC ই ঑ ।

Feni Computer Institute |Shariful islam lincon 40


Network Security & Troubleshooting

FTP service access No.21-21 port ।

FTP এ ;

 Complexity – Complex
 Abuse potential – High
 Information sensivity – Medium
 Dialog - High
 Programmability and configurability – High

GOPHER:
এ এ এ Tool, menu interface এ user-
data group data
। Text ঑ Gopher

gopher service access No.70 port ।

Gopher এ ;

 Complexity – Simple
 Abuse potential – Minimal
 Information sensivity – Low
 Dialog - Minimal
 Programmability and configurability – Low

HTTP:
WWW-World wide web এ http-Hyper Text
Protocol , port number 80।

http এ ;

Feni Computer Institute |Shariful islam lincon 41


Network Security & Troubleshooting

 Complexity – Complex
 Abuse potential – High
 Information sensivity – Medium
 Dialog - High
 Programmability and configurability – High

NFS:
NFS-Network File System Unix Linux Environment এ
Network User – diretyory file access
। এ NFS distribution file system schema

NFS এ ;

 Complexity – Complex
 Abuse potential – High
 Information sensivity – High
 Dialog - High
 Programmability and configurability – Medium.

POP 3:
POP 3 – Post Office Protocol version-3 mail clien
software & Mail server এ interface client এ mail download
। POP-3 service access No.110 port ।

POP এ ;

 Complexity – Simple
 Abuse potential – Medium
 Information sensivity – Medium

Feni Computer Institute |Shariful islam lincon 42


Network Security & Troubleshooting

 Dialog - Minimal
 Programmability and configurability – Low

SMTP:
SMTP – Simple Mail Transfer Protocol Mail Server এ mail
। SMTP service access No.25 port

SMTP এ ;

 Complexity – Copmlex
 Abuse potential – Medium
 Information sensivity – Medium
 Dialog - Minimal
 Programmability and configurability – High

SNMP:
SNMP-Simple Network Management Protocol এ network
Troubleshooting tool network status এ
঑ report, Admin । এ UDP port 161

SNMP এ ;

 Complexity – Medium
 Abuse potential – High
 Information sensivity – High
 Dialog - Minimal
 Programmability and configurability – Medium

Feni Computer Institute |Shariful islam lincon 43


Network Security & Troubleshooting

TELNET:
LAN/MAN/WAN ঑ Remote login
Access Telnet protocol । এ
port number 23।

Telnet এ ;

 Complexity – Simple
 Abuse potential – High
 Information sensivity – High
 Dialog - Minimal
 Programmability and configurability – None

Feni Computer Institute |Shariful islam lincon 44


Network Security & Troubleshooting

Unit: Eight
Virtual Private Networks Concept
8.1 Introduction to VPN

এ (VPN): Virtual Private Network VPN ই এ


‚ ‛ Private Data আ - ।
Back-Bone Network Internet- Private
Network এ Resource Access VPN । Public
Network Internet ই ই এ
এ আ । ই
আ - এ
, আ এই ই Private
Network এ ঑ VPN। এই
User/Client এ Private Network- ই এ
Virtual path এ VPN, Data packet – Internet
এ এই Data- ঑ Read/Access
। আ এ ঑ এ
আ এ আ ঑

Fig. 8.1: VPN System

Feni Computer Institute |Shariful islam lincon 45


Network Security & Troubleshooting

Public network এ এ Authorized VPN User ই Private Network


এ Resource access ।

VPN এ :

, Facebook , এ আ
FaceBook ই আ VPN ।
Facebook আ এ আ VPN Server
Access , ঐ VPN Server এ login এ
Virtually Facebook ।

, Facebook ,
১ 1-2-3 Facebook
আ VPN Server , 1-4-2-3
। Facebook Data VPN Server
আ data packet এ VPN Server ১ আ
। এ Gateway server , এ
Facebook এ data packet।

8.2 Characteristics & Types of VPN

Characteristics of an Effective VPN:

Virtual Private etwork VP Communication এ


;
Feni Computer Institute |Shariful islam lincon 46
Network Security & Troubleshooting

 Authentication: VP Source to destination এ data sent



 Access Control: irewall এ network এ
limitation ।
 Confidentiality: destination data message receive

 Data integrity: Public network এ VP Data
data message এ integrity ।
 Cost effective: VP public network
private data আ - ।
 Security: VP Data- Public network
এ transmission , এই ৩
Read access ।

VPN – ’ । - Remore
access VPN এ Site-to-site VPN।

Remote Access VPN:


এ এ , Authorized clients
Private Network access ।

Feni Computer Institute |Shariful islam lincon 47


Network Security & Troubleshooting

Puplic network/
Internet

Fig.8.2.a: Remote access VPN

Remote Access , Authorized client


VPN software installation internet এ
Private Network Access ।

Feni Computer Institute |Shariful islam lincon 48


Network Security & Troubleshooting

Site-to-Site VPN:

Fig.8.2.b: Site-to-Site VPN

Public network/ internet এ ই Private


Network - secure data আ - Site-
to-Site VPN । Public network এ leased
line private network to Private network এ Tunnel

VPN এ আ । -

 Router or Firewall based VPN


এ Public & private network এ
Inbound এ Outbound Data traffic ঑
VPN Service ।
Feni Computer Institute |Shariful islam lincon 49
Network Security & Troubleshooting

 Stand-Alone Device based VPN


঑ VPN
(DSP- Digital Signal Processor) VPN
Device , processor - data
encryption & tunneling ।
 Network Server based VPN
VPN Server এ এ VPN Client- VPN
Connection Remote access service router to router VPN

- BD proxy

8.3 Configuration VPN

VPN Configure PPTP Point-to-Point Tunneling


Protocol install । PPTP install -

 TCP/IP install আ এ Network


Adapter VPN এ TCP/IP
Bound ।
 VPN install, configure এ Test
RAS- Remote Access Service ।

8.4 Securing Remote Access (For ISP & Dialup Chats)

Private Network এ remote login User


’ ।

Feni Computer Institute |Shariful islam lincon 50


Network Security & Troubleshooting

Fig.8.4.a: Dialup system

: Public Switch Telephone System (PSTN)


এ এ Analog/digital modem এ
এ User name &
Password ঐ ঑ login । এ Dialup system
। এই bandwidth ঑ আ ।

Fig.8.4.b: Remote Access Via ISP

: এই Remote User ই এ ISP-


Broadband Line internet এ VPN

Feni Computer Institute |Shariful islam lincon 51


Network Security & Troubleshooting

Private Network এ login । এই


আ Bandwidth ঑ ।

Feni Computer Institute |Shariful islam lincon 52


Network Security & Troubleshooting

Unit: Nine
Understand the concept of Firewall
9.1 Define & classify Firewall.

FIREWALL:

Fig. 9.1: Firewall

Computer networking এ firewall এ security system,


network to network এ data আ - control ।
Firewall, data flow control । ঑
firewall , data/information firewall
। data- ঑
firewall ই data- আ আ ।
ই ঑ data packet আ firewall testing

঑ এ firewall । -

 Packet level firewall


 Application level firewall
 Circuit level firewall etc.

Application level firewall application, presentation & session


layer এ আ circuit level firewall transport layer এ।

Feni Computer Institute |Shariful islam lincon 53


Network Security & Troubleshooting

9.2 Understand NT & Linux Firewall.

NT as a Firewall:

Windows NT Operating system Firewall Support । এ


Simple packet and PPTP filtering support
Software এ Network Address Translation Application
proxy Service Support । Windows NT Firewall এ
ই , এ Higher network performance ঑
ই ।

Windows NT supports three primary firewalling features:

 Packet filtering
 Encrypted tunneling
 Encrypted authentication

Linux firewall: এ Open source Operating System kernel এ


iptables এ built-in firewall solution ।
Port number – Block/un-block ই
Firewall configurte । - Proxy Service block
, #kill –kill 8080

Security Enhanced Linux SELinux এ Firewall Level


। -

 Enforcing: Enforce the default SELinux policy default


fairewall ই ।
 Premissive: Enable SELinux in Premissive mode

 Disabled: Disable SELinux.

9.3 Relative study of different OS’s firewall.

Feni Computer Institute |Shariful islam lincon 54


Network Security & Troubleshooting

9.4 Single firewall (Internal & External) public Server.

Fig. Single firewall for Public server

Single Firewall এ complete border security solution।


঑ এ Public network connection single
firewall firewall management ।
এ ঑ Firewall এ Public Server
, Public user- Access
Firewall এ আ আ ,
Private Network এ Security এ , internal
private network client ঑ ঑ ।
এই Private network- Firewall এ
Enternal private network এ External Private Network এই ’
এ Public server- External Private network এ
। এ আ এ আ External
Public network client ঑ আ ।
এই ঑ Full border security single firewall
এ External Private Network এ
Dual/multihomed Firewall ।

Feni Computer Institute |Shariful islam lincon 55


Network Security & Troubleshooting

9.5 Multihomed & Enterprise firewall

Multihomed: Multi Homed এ এ , এ Host এ


Physicaly এ ই ঑ এ Data links এ
। Multihoming System Load balancing,
redundancy, and disaster recovery এ । Firewall
Multi-Homed Environment এ Multi-Homed
Firewall ।

Multi Homed Firewall ;

 Single link, Multiple IP Address


 Multiple interface, Single IP address per interface
 Multiple links, Single IP Address
 Multiple Links, Multiple IP address ই ।

Fig: Multi-homed Firewall

Feni Computer Institute |Shariful islam lincon 56


Network Security & Troubleshooting

Enterprise Firewall:

এ ঑ এ Firewall এ Firewall
এ single, centralized firewall policy ঑
firewalls ঐ firewall Enterprise
Firewall ।

এই এ Security workstation firewall policy


firewall এ Authentication process replicated

Feni Computer Institute |Shariful islam lincon 57


Network Security & Troubleshooting

Unit: Ten
Understand the basic concept of
Hacking
10.1 Define Hacking

HACKING:
Computer networking System এ Hacker এ এ
/ এ
Computer/Network system এ
এই ।

Hacking Hacker এ ,

10.2 Different types of hackers

TYPES OF HACKER:
Hacking এ Hacker ই ।
Hacking এ -
আ ঑
Hacking - ।

 : এ Computer ই ঑
। এ । এ ই ঑

 : ই
। এ ।
ই ঑ এ ই ।
 : এ এ এ ঑
। এ ই ঑
আ ঑ ।
Feni Computer Institute |Shariful islam lincon 58
Network Security & Troubleshooting

 : এ । এ
এ Hide ঑ । এ
এ । Programming এ এ

 : এ Tools Script । Tools
Script এ Hacking ।
 : এ এ Beginner.

10.3 Understand methods of hacking.

এ ঑ Access
। -

1. ঑ ।
2. Internet Network এ ।
3. RAS- Remote Access Service Remote Control
Server এ ।

Attacks tools & techniques , step by step


Hacking attacks এ :

 Target Selection: এ ঑
Attack ।
 Target Identification: এই target
information এ information
bug ।

Feni Computer Institute |Shariful islam lincon 59


Network Security & Troubleshooting

 Attack Method Selection: এই information এ


Terget এ এ এ Attack method ।
Attack apply ;
 Eavesdropping and snooping
 Denial-of-service
 Impersonation
 Man-in-the-middle
 Hijacking ই ।

 Attack Progression: এই এ Attack


method apply Attack ।

====================================================

Hacking এ method । hacking method


আ -

Password Hacking:
Password website এ computer এ main security system।
Computer etwork hacker’s এ
। Password (cracking)
-

#Social Engineering: Social media - Facebook,


Email, Blog ই ই
UserName & Password
hacking ।

#Dictionary Attack: Password ঑ আ


Dictionary Attack Software Hacking
। User name এ Password এ database
login এ User name এ
Password login Dictionary attack । real
Feni Computer Institute |Shariful islam lincon 60
Network Security & Troubleshooting

IP hide Dictionary Attack এ ই ,


login Block ঑ ।

#Fhishing: PHP Script language


ই Sign in/sign up page , ই
Username & Password collection Process Fhishing ।

঑ sign in Link এ

:
঑ ঑
আ । ঑ এ ই , , ঑ ।
MAC Linux OS ঑ আ

# ই : ই এ user এ

ই আ ।

# : এ ই Execute ঑ আ
। এ ই , ই , ঑ ই ।

# ঑ : ঑ এ ই ই আ
আ আ ।

Web Hacking:
#Cross site scripting (XSS): XSS ই ,
website এ । XSS এ web
application এ । Script
language XSS ।

, ই এই ই hacking

Feni Computer Institute |Shariful islam lincon 61


Network Security & Troubleshooting

#Remote File Inclusion (RFI): RFI এ website এ


ই ই include । ই include
shall , Server side command execute

#Local File Inclusion (LFI): #cd /etc/passwd


information LFI ।

এ ।
আ । Network
hacking, warless hacking, Windows hacking আ
আ ই ।

10.4 Understand the attacks.

ATTACKS:

Feni Computer Institute |Shariful islam lincon 62


Network Security & Troubleshooting

Computer এ Computer Network এ attacks এ এ ,


Computer Computer Network এ information/data/
, , , , এ information /data/
Access ।

Common Types of Attack:

 Man-in-the-middle attack – intercepts messages that are intended


for a valid device
 Ping sweeps and port scans
 Hijacking and Spoofing -sets up a fake device and trick others
to send messages to it
 Sniffing – capture packet as they travel through the network
 DoS and DDoS

Feni Computer Institute |Shariful islam lincon 63


Network Security & Troubleshooting

Substituting data/message Encrypt এ


java program code:

import java.io.*;

public class Substituting {

public static void main(String[] args) throws IOException {

String Name;

InputStreamReader IN = new InputStreamReader(System.in);

BufferedReader BR = new BufferedReader(IN);

System.out.println("Please enter a line of message:");

Name = BR.readLine();

int L = Name.length();

char A[]=Name.toCharArray();

for(int i=0; i<=L; i++){

switch (A[i])

case 'a':

A[i] = 'S';

break;

case 'b':

A[i] = 'T';

break;

case 'c':

A[i] = 'U';

break;

case 'd':

Feni Computer Institute |Shariful islam lincon 64


Network Security & Troubleshooting

A[i] = 'V';

break;

case 'e':

A[i] = 'W';

break;

case 'f':

A[i] = 'X';

break;

case 'g':

A[i] = 'Y';

break;

case 'h':

A[i] = 'Z';

break;

case 'i':

A[i] = 'A';

break;

case 'j':

A[i] = 'B';

break;

case 'k':

A[i] = 'C';

break;

case 'l':

A[i] = 'D';

Feni Computer Institute |Shariful islam lincon 65


Network Security & Troubleshooting

break;

case 'm':

A[i] = 'E';

break;

case 'n':

A[i] = 'F';

break;

case 'o':

A[i] = 'G';

break;

case 'p':

A[i] = 'H';

break;

case 'q':

A[i] = 'I';

break;

case 'r':

A[i] = 'J';

break;

case 's':

A[i] = 'K';

break;

case 't':

A[i] = 'L';

break;

Feni Computer Institute |Shariful islam lincon 66


Network Security & Troubleshooting

case 'u':

A[i] = 'M';

break;

case 'v':

A[i] = 'N';

break;

case 'w':

A[i] = 'O';

break;

case 'x':

A[i] = 'P';

break;

case 'y':

A[i] = 'Q';

break;

case 'z':

A[i] = 'R';

break;

System.out.print("Cipher Text: "+A[i]);

Output:

Please enter a line of message: abcdefghijklmnopqr

Feni Computer Institute |Shariful islam lincon 67


Network Security & Troubleshooting

Cipher Text: STUVWXYZABCDEFGHIJKLMNOPQ

Feni Computer Institute |Shariful islam lincon 68

You might also like