Chapter 8

Network Security
Er. Abhijeet Karna
Department of Ethical Hacking and Cyber-security
Softwarica College of IT & E-Commerce, Kathmandu
 Properties of secure communication
• Secure communication is when two entities are communicating
and do not want a third party to listen in.
• This means that only the sender and receiver can listen and
transmit each other while other cannot intercept that
communication
• Fundamentally, There are 3 properties of a secure
communication
• Secrecy
• Authentication
• Message Integrity
 Secrecy/confidentiality
• This means only the sender and intended
receiver should be able to understand the
contents of transmitted message
• In any communication there is possibility of
eavesdropping (i.e. someone may be
intercepting the message)
• This problem of secrecy is solved by the
means of encryption and decryption.
• This aspect of secrecy is probably the most
commonly perceived meaning of the term
“Secure Communication”.
 Authentication
• Authentication is the act of validating that users are whom they
claim to be. This is the first step in any security process.
• It is the process of confirming the identity of the parties involved in
the communication.
• Suppose if someone calls on the phone claiming to be your bank
and asking for your account number, secret PIN, and account
balance for verification purpose.
• Would you give that information out over the Phone??
• Tools used for authentication are: Passwords, One-time pins,
Authentication apps, biometrics, etc.
 Message integrity
• Suppose you download a file from the Internet. How can you be 100%
sure that you have downloaded intended content as provided by the
provider not something like malware.
• In the same way, if the sender and receiver are able to authenticate
each other, they also want to insure that the content of their
communication is not altered, either maliciously or by accident, in
transmission.
• Tools which are used for message integrity are check-summing
techniques that we encountered in reliable transport and data link
protocols.
• These includes CRC, Cryptographic Hash Functions.
 Cryptography
• There are two types of cryptography one is symmetric key cryptography and
other is Asymmetric Cryptography.
• In Symmetric Key Cryptography, the users use same pre-shared key which is
both used to encrypt and decrypt messages
 Asymmetric Cryptography
• Asymmetric cryptography, also known as public-key cryptography, is
a process that uses a pair of related keys -- one public key and one
private key
• A public key is a cryptographic key that can be used by any person to
encrypt a message so that it can only be deciphered by the intended
recipient with their private key.
• A private key -- also known as a secret key -- is shared only with key's
initiator
• Many protocols rely on asymmetric cryptography, including the
transport layer security (TLS) and secure sockets layer (SSL)
protocols, which make HTTPS possible.
 Firewall
• A firewall is a system designed to prevent unauthorized access to or
from a private network.
• Firewalls carefully analyze incoming traffic based on pre-established
rules and filter traffic coming from unsecured or suspicious sources to
prevent attacks.
• Think of IP addresses as houses, and port numbers as rooms within
the house. Only trusted people (source addresses) are allowed to
enter the house (destination address) at all—then it’s further filtered
so that people within the house are only allowed to access certain
rooms (destination ports), depending on if they're the owner, a child,
or a guest. The owner is allowed to any room (any port), while
children and guests are allowed into a certain set of rooms (specific
ports).
 Types of firewall (Software firewall)
• There are mainly two types of firewall. These can be either software
or hardware
• SOFTWARE FIREWALL
• A software firewall is a program installed on each computer and regulates
traffic through port numbers and applications, while a physical firewall is a
piece of equipment installed between your network and gateway.
• Packet-filtering firewalls are divided into two categories: state-full and
stateless.
• Stateless firewalls examine packets independently of one another and lack
context, making them easy targets for hackers.
• In contrast, state-full firewalls remember information about previously passed
packets and are considered much more secure.
 Types of firewall (Hardware firewall)
• A hardware firewall is a physical device much like a server that filters the
traffic going to a computer.
• A hardware firewall is a physical device much like a server that filters the
traffic going to a computer. While a user would normally plug a network
cable directly into a computer or server, with a hardware firewall, the cable
is plugged into the firewall first.
• The firewall sits between the external network and the server, providing an
antivirus solution and a hard barrier against intrusions.
• A hardware firewall provides several benefits:
• Can be used to intelligently control the traffic that reaches your server
• Can be configured with specific rules for all traffic
• Can ease the burden on other server resources. For example, you can disable
software firewalls, which can free up much-needed memory and processor power
 Types of firewall (Hardware firewall)
• A hardware firewall is a physical device much like a server that filters the
traffic going to a computer.
• A hardware firewall is a physical device much like a server that filters the
traffic going to a computer. While a user would normally plug a network
cable directly into a computer or server, with a hardware firewall, the cable
is plugged into the firewall first.
• The firewall sits between the external network and the server, providing an
antivirus solution and a hard barrier against intrusions.
• A hardware firewall provides several benefits:
• Can be used to intelligently control the traffic that reaches your server
• Can be configured with specific rules for all traffic
• Can ease the burden on other server resources. For example, you can disable
software firewalls, which can free up much-needed memory and processor power
 Virtual Private Network
• The term virtual private network
(abbreviated VPN) describes any
technology that can encapsulate
and transmit network data,
typically Internet Protocol data,
over another network.
• Such a system enables users to
access network resources that
may otherwise be inaccessible
from the public internet.
 Network Attacks
• What is a network attack?
 Network attacks are unauthorized actions on the digital assets
within an organizational network.
 Malicious parties usually execute network attacks to alter,
destroy, or steal private data.
 Perpetrators in network attacks tend to target network
perimeters to gain access to internal systems.

• Types of Attacks:
• Active Attack
• Passive Attack
 Network Attacks
• Types of Attacks:
• Active Attack
• Passive Attack

• In passive network attacks, malicious parties gain unauthorized

access to networks, monitor, and steal private data without making
any alterations.

• Active network attacks involve modifying, encrypting, or damaging

data.
 Different Types of Attacks
• Eavesdropping
• Data Modification
• Identity Spoofing (IP Address Spoofing)
• Password Based Attacks
• Denial of Service Attack
• Man-In-The-Middle-Attack
• Compromised-Key Attack
• Sniffer Attack
• Application-Layer Attack
 Eavesdropping
• Majority of network communications
occur in an unsecured or “cleartext”
format.
• Allows attacker to “listen in” or read the
network traffic.
• Known as Sniffing or Snooping
• Biggest security issue faced by network
administrators in an enterprise.
• Prevention
• In order to prevent the eavesdropping of data traversed on your network,
you must have strong encryption services based on cryptography.
 Identity Spoofing
• Computers are identified in an operating system or network by
a valid IP Address.
• Possible for IP Address to be falsely assumed (identity
spoofing).
• Special Programs to construct IP packets that appear to
originate from valid addresses inside the corporate intranet.
• After gaining access with a valid IP, attacker can modify, delete or
reroute your data, As well as perform a number of other attacks.
 Data Modification
• Step One – Read Data

• Step Two – Alter Data

• Modify data in the packet without the knowledge of

the sender or receiver.

• Example: Purchase Requisitions, exchange of items,

amounts and billing information
 Password Based Attacks
• Access Rights to a computer or network resources are
determined by who you are (username and password)

• If an attacker gains access to a valid user account he is able

to do whatever that user can do

• Obtain lists of valid user and computer names and network

information.
• Modify server and network configurations, including access
controls and routing tables.
• Modify, reroute, or delete your data.
 Denial of Service Attack
• Prevents normal use of computer or network by valid users (Unlike
Password Based Attack)
• After gaining access to the network
• Randomize the attention of your internal Information Systems staff so that
they do not see the intrusion immediately, which allows the attacker to make
more attacks during the diversion.
• Send invalid data to applications or network services, which causes abnormal
termination or behavior of the applications or services.
• Flood a computer or the entire network with traffic until a shutdown occurs
because of the overload.
• Block traffic, which results in a loss of access to network resources by
authorized users.
 Application-Layer Attack
• Once the attacker has gained access, he can do any of
the following:
• Read, add, delete, or modify your data or operating system.
• Introduce a virus program that uses your computers and software
applications to copy viruses throughout your network.
• Introduce a Sniffer program to analyze your network and gain
information that can eventually be used to crash or to corrupt your
systems and network.
• Abnormally terminate your data applications or operating systems.
• Disable other security controls to enable future attacks
 Prevention
• Always have some type of security plan in place.
• Have some sort of encryption service based on cryptography.
• Make sure all applications are up-to-date in order to have as
little vulnerabilities as possible.
The END