IP Security & Network Security

Module 3
IP Security

It refers to a collection of communication rules or protocols used to establish

secure network connections.
Internet Protocol (IP) is the common standard that controls how data is
transmitted across the internet.
IPSec enhances the protocol security by introducing encryption and
authentication
IPSec encrypts data at the source and then decrypts it at the destination. It
also verifies the source of the data.
IP Security
Importants

IPSec protects the data through Data Encryption.

IPSec provides Data Integrity.

IPSec is often used in Virtual Private Networks (VPNs) to create secure,

private connections.

IPSec protects from Cyber Attacks.

Features
Authentication: IPSec provides authentication of IP packets using digital
signatures or shared secrets. This helps ensure that the packets are not
tampered with or forged.

Confidentiality: IPSec provides confidentiality by encrypting IP packets,

preventing eavesdropping on the network traffic.

Integrity: IPSec provides integrity by ensuring that IP packets have not been
modified or corrupted during transmission.
Features
Key management: IPSec provides key management services, including key exchange and
key revocation, to ensure that cryptographic keys are securely managed.

Tunneling: IPSec supports tunneling, allowing IP packets to be encapsulated within another

protocol, such as GRE (Generic Routing Encapsulation) or L2TP (Layer 2 Tunneling Protocol).

Flexibility: IPSec can be configured to provide security for a wide range of network
topologies, including point-to-point, site-to-site, and remote access connections.

Interoperability: IPSec is an open standard protocol, which means that it is supported by a

wide range of vendors and can be used in heterogeneous environments.
IPSec Work?
IPSec (Internet Protocol Security) is used to secure data when it travels over
the Internet.

IPSec works by creating secure connections between devices, making sure

that the information exchanged is kept safe from unauthorized access.

IPSec majorly operates in two ways i.e. Transport Mode and Tunnel Mode.
Working
To provide security, IPSec uses two main protocols: AH (Authentication
Header) and ESP (Encapsulating Security Payload).
Both protocols are very useful as Authentication Header verifies the data that
whether it comes from a trusted source and hasn’t been changed, and ESP
has the work of performing authentication and also encrypts the data so that
it becomes difficult to read.
For Encryption, IPSec uses cryptographic keys. It can be created and shared
using a process called IKE (Internet Key Exchange), that ensures that both
devices have the correct keys to establish a secure connection.
Steps
When two devices communicate using IPSec, the devices first initiate the
connection by sending a request to each other.
After that, they mutually decide on protection of data using passwords or
digital certificates.
Now, they establish the secure tunnel for communication. Once the tunnel is
set up, data can be transmitted safely, as IPSec is encrypting the data and also
checking the integrity of the data to ensure that data has not been altered.
After the communication is finished, the devices can close the secure
connection. In this way, the IPSec works.
Transport:
IPSec transport mode encrypts only the data packet’s payload while leaving
the IP header unchanged.

The unencrypted packet header enables routers to determine the destination

address of each data packet.

As a result, IPSec transport is utilized in a closed and trusted network, such as

to secure a direct link between two computers.
Tunnel
The IPSec tunnel mode is appropriate for sending data over public networks
because it improves data security against unauthorised parties.

The computer encrypts all data, including the payload and header, and adds a
new header to it.
Protocols Used in IPSec
Encapsulating Security Payload (ESP)
Authentication Header (AH)
Internet Key Exchange (IKE)
Encapsulating Security Payload (ESP): It provides data integrity, encryption,
authentication, and anti-replay. It also provides authentication for payload.

Authentication Header (AH): It also provides data integrity, authentication,

and anti-replay and it does not provide encryption. The anti-replay protection
protects against the unauthorized transmission of packets. It does not protect
data confidentiality.
Internet Key Exchange (IKE): It is a network security protocol designed to
dynamically exchange encryption keys and find a way over Security
Association (SA) between 2 devices.
The Security Association (SA) establishes shared security attributes between
2 network entities to support secure communication.
Internet Key Exchange (IKE) provides message content protection and also
an open frame for implementing standard algorithms such as SHA and MD5.
The algorithm’s IP sec users produce a unique identifier for each packet. This
identifier then allows a device to determine whether a packet has been
correct or not.
IP Architecture
Architecture
IPSec (IP Security) architecture uses two protocols to secure the traffic or data
flow(ESP and AH).

IPSec Architecture includes protocols, algorithms, DOI, and Key

Management. All these components are very important in order to provide
the three main services:Confidentiality,Authenticity and Integrity
Uses of IP Security
To encrypt application layer data.
To provide security for routers sending routing data across the public
internet.
To provide authentication without encryption, like to authenticate that the
data originates from a known sender.
To protect network data by setting up circuits using IPsec tunneling in which
all data being sent between the two endpoints is encrypted, as with a Virtual
Private Network(VPN) connection.
Web Security
Web Security is an online security solution that will restrict access to harmful
websites, stop web-based risks, and manage staff internet usage.

Websites are always prone to security threats/risks.

For example- when you are transferring data between client and server and
you have to protect that data that security of data is your web security.
Security Threat?
A threat is nothing but a possible event that can damage and harm an
information system.
A security Threat is defined as a risk that, can potentially harm Computer
systems & organizations.
Whenever an individual or an organization creates a website, they are
vulnerable to security attacks.
Security attacks are mainly aimed at stealing altering or destroying a piece of
personal and confidential information, stealing the hard drive space, and illegally
accessing passwords.
Web Security Threats
Cross-site scripting (XSS)
SQL Injection
Phishing
Ransomware
Code Injection
Viruses and worms
Spyware
Denial of Service
Web Security Threats
Cross Site Scripting (XSS) is a vulnerability in a web application that allows a
third party to execute a script in the user’s browser on behalf of the web
application.

Cross-site Scripting is one of the most prevalent vulnerabilities present on the

web today.

The exploitation of XSS against a user can lead to various consequences such
as account compromise, account deletion, privilege escalation, malware
infection and many more.
SQL Injection is a security flaw in web applications where attackers insert
harmful SQL code through user inputs.

This can allow them to access sensitive data, change database contents or
even take control of the system.

It’s important to know about SQL Injection to keep web applications secure.
Phishing is a form of online fraud in which hackers attempt to get your
private information such as passwords, credit cards, or bank account data.
This is usually done by sending false emails or messages that appear to be
from trusted sources like banks or well-known websites.
Scareware is a form of malware that is malicious software that poses as
legitimate computer security software and claims to detect a variety of threats
on the affected computer that do not actually exist. The users are then
informed that they have to purchase the scareware in order to repair their
computers and are barraged with aggressive and pop up notifications until
they supply their credit card number and pay up the desired amount for the
worthless scareware product.
Ransomware is a type of malware that is designed to block user access from
own system until a ransom fee is paid to ransomware creator. Ransomware is
a lot dangerous than a regular malware and spread through phishing emails
having infected attachments. Ransomware has emerged over the last few
years and can attack individuals or organizations.
Denial of Service (DoS) is a cyber-attack on an individual Computer or
Website with the intent to deny services to intended users. Their purpose is to
disrupt an organization’s network operations by denying access to its users.

Spyware is a breach of cyber security as it usually gets into the laptop/

computer system when a user unintentionally clicks on a random unknown
link or opens an unknown attachment, which downloads the spyware
alongside the attachment.
 Security Consideration
Updated Software : Need to always update your software

Beware of SQL Injection

Cross-Site Scripting (XSS)

Error Messages: careful about error messages

Data Validation: Proper testing of any input supplied by the user or application.

Password
Secure Electronic Transaction,
SET is a security protocol designed to ensure the security and integrity of
electronic transactions conducted using credit cards.
SET operates as a security protocol applied to those payments.
It uses different encryption and hashing techniques to secure payments over
the internet done through credit cards.
The SET protocol was supported in development by major organizations like
Visa, Mastercard, and Microsoft which provided its Secure Transaction
Technology (STT), and Netscape which provided the technology of Secure
Socket Layer (SSL).
SET
SET protocol includes Certification Authorities for making use of standard
Digital Certificates like X.509 Certificate.
Requirements in SET
● It has to provide mutual authentication i.e., customer (or cardholder)
authentication by confirming if the customer is an intended user or
not, and merchant authentication.
● It has to keep the PI (Payment Information) and OI (Order
Information) confidential by appropriate encryptions.
● It has to be resistive against message modifications i.e., no changes
should be allowed in the content being transmitted.
● SET also needs to provide interoperability and make use of the best
security mechanisms.
Participants in SET
Cardholder – customer

Issuer – customer financial institution

Merchant

Acquirer – Merchant financial

Certificate authority – Authority that follows certain standards and issues

certificates(like X.509V3) to all other participants.
SET functionalities
Provide Authentication
- Merchant Authentication – To prevent theft, SET allows customers to
check previous relationships between merchants and financial
institutions. Standard X.509V3 certificates are used for this verification.

- Customer / Cardholder Authentication – SET checks if the use of a

credit card is done by an authorized user or not using X.509V3 certificates.
Functionalities
Provide Message Confidentiality: Confidentiality refers to preventing
unintended people from reading the message being transferred. SET
implements confidentiality by using encryption techniques. Traditionally DES
is used for encryption purposes.

Provide Message Integrity: SET doesn’t allow message modification with the
help of signatures. Messages are protected against unauthorized modification
using RSA digital signatures with SHA-1 and some using HMAC with SHA-1,
Dual Signature: The dual signature is a concept introduced with SET, which
aims at connecting two information pieces meant for two different receivers :

Order Information (OI) for merchant

Payment Information (PI) for bank

● PI stands for payment information
● OI stands for order information
● PIMD stands for Payment Information Message Digest
● OIMD stands for Order Information Message Digest
● POMD stands for Payment Order Message Digest
● H stands for Hashing
● E stands for public key encryption
● KPc is customer's private key
● || stands for append operation
● Dual signature, DS= E(KPc, [H(H(PI)||H(OI))])
Purchase Request Generation: The process of purchase request generation
requires three inputs:

Payment Information (PI)

Dual Signature

Order Information Message Digest (OIMD)

Final
Purchase Request Validation on Merchant Side: The Merchant verifies by
comparing POMD generated through PIMD hashing with POMD generated
through decryption of Dual Signature
Email Security
It is a digital method by using it we exchange messages between people over
the internet or other computer networks

Email security refers to the steps where we protect the email messages and
the information that they contain from unauthorized access, and damage.

It involves ensuring the confidentiality, integrity, and availability of email

messages, as well as safeguarding against phishing attacks, spam, viruses, and
another form of malware.
Framing features of Email
Guidelines for using Email- Email policy should contain at least the
guidelines for the content,general usage and it performs according to the
accepted standards of Email Security.
Management of E-mail- Managerial policies must launch the right to test
messages passing over the Email System.
This testing could be viruses or content.
Usage of E mail for confidential Communication - Policies for directing
confidential communication contain a facility for encoding the data before
transmission and authorizing them with digital signatures.
Program Security
A strong security program helps your organization ensure the confidentiality,
integrity, and availability of your client and customer information, as well as
the organization's private data through effective security management
practices and controls.

A security program is the entirety of an organization's security policies,

procedures, tools and controls.
Commonly used security software programs
Advanced malware protection software
Application security software
Firewall software
Endpoint security software
Web security software
Network security software
Email security software
Internet of Things (IoT) security software
OS Security
Measures to prevent a person from illegally using resources in a computer
system, or interfering with them in any manner.

These measures ensure that data and programs are used only by authorized
users and only in a desired manner, and that they are neither modified nor
denied to authorized users.

Protection refers to a mechanism that controls the access of programs,

processes, or users to the resources defined by a computer system.
Security can be attacked in the following
Authorization

Browsing

Trap doors

Invalid Parameters

Line Tapping

Electronic Data Capture

Lost Line

Improper Access Controls

Waste Recovery

Rogue Software
Goal of Security System
Integrity: Users with insufficient privileges should not alter the system’s vital
files and resources, and unauthorized users should not be permitted to access
the system’s objects.
Secrecy: Only authorized users must be able to access the objects of the
system. Not everyone should have access to the system files.
Availability: No single user or process should be able to eat up all of the
system resources; instead, all authorized users must have access to them. A
situation like this could lead to service denial.
Threats to Operating System
Malware- Malicious software and refers to any software that is designed to
cause harm to computer systems, networks, or users.

Network Intrusion-A system called an intrusion detection system (IDS)

observes network traffic for malicious transactions and sends immediate
alerts when it is observed.

It is software that checks a network or system for malicious activities or policy

violations.
Buffer Overflow Technique-The buffer overflow technique can be employed
to force a server program to execute an intruder-supplied code to breach the
host computer system’s security.

It has been used to a devastating effect in mail servers and other Web
servers.
Network Security
Any action intended to safeguard the integrity and usefulness of your data
and network is known as network security.

Network security is defined as the activity created to protect the integrity of

your network and data.

Network security is the practice of protecting a computer network from

unauthorized access, misuse, or attacks. It involves using tools, technologies,
and policies to ensure that data traveling over the network is safe and secure,
keeping sensitive information away from hackers and other threats.
Types of Network Security
● Email Security
● Cloud Network Security
● Web Security
● Intrusion Prevention System(IPS)
● Antivirus and Anti-malware Software
● Firewalls Security
● Application Security
● Wireless Security
● Web Security
Intruders
In network security, “intruders” are unauthorized individuals or entities who
want to obtain access to a network or system to breach its security. Intruders
can range from inexperienced hackers to professional and organized cyber
criminals.
Types of Intruders
Masquerader: Masqueraders are outsiders and hence they don’t have direct
access to the system, they aim to attack unethically to steal data.

Misfeasor: Misfeasors are insiders and they have direct access to the system,
which they aim to attack unethically for stealing data/ information.

Clandestine User: A Clandestine User can be any of the two, insiders or

outsiders, and accordingly, they can have direct/ indirect access to the system,
which they aim to attack unethically by stealing data/ information.
Intrusion Detection System (IDS)
An Intrusion Detection System (IDS) is a security tool that monitors a
computer network or systems for malicious activities or policy violations.

It helps detect unauthorized access, potential threats, and abnormal activities

by analyzing traffic and alerting administrators to take action.

An IDS is crucial for maintaining network security and protecting sensitive data
from cyber-attacks.
Working of Intrusion Detection System(IDS)
● An IDS (Intrusion Detection System) monitors the traffic on a computer
network to detect any suspicious activity.
● It analyzes the data flowing through the network to look for patterns and
signs of abnormal behavior.
● The IDS compares the network activity to a set of predefined rules and
patterns to identify any activity that might indicate an attack or intrusion.
● If the IDS detects something that matches one of these rules or patterns,
it sends an alert to the system administrator.
● The system administrator can then investigate the alert and take action to
prevent any damage or further intrusion.