TBC602 Network Security and Cyber

Law - Important Points

Unit 1: Introduction to Network Security

Introduction to Network Security

 - Protects networks from unauthorized access and attacks.
 - Ensures data confidentiality, integrity, and availability.
 - Includes hardware, software, and policy measures.

Goals of Network Security

 - Confidentiality: Ensuring only authorized access to data.
 - Integrity: Preventing unauthorized data modification.
 - Availability: Ensuring systems are accessible when needed.

ISO Security Architecture

 - Defines a standard framework for network security services.
 - Applies to each layer of the OSI model.
 - Helps in implementing consistent security mechanisms.

Attacks & Categories of Attacks

 - Active Attacks: Modify or disrupt data (e.g., DoS).
 - Passive Attacks: Eavesdrop on communications (e.g., sniffing).
 - Classified as internal or external threats.

Network Security Services

 - Authentication: Verifies user identity.
 - Access Control: Restricts access to network resources.
 - Data Confidentiality: Prevents unauthorized disclosure.

Mechanisms
 - Encryption, Digital Signatures, Firewalls.
 - Intrusion detection and prevention systems (IDS/IPS).
 - Security protocols like SSL/TLS.

Authentication Applications (Kerberos)

 - Ticket-based authentication protocol.
 - Uses symmetric key cryptography.
 - Prevents password exposure over network.
X.509 Directory Authentication Service
 - Uses digital certificates for identity verification.
 - Part of the Public Key Infrastructure (PKI).
 - Commonly used in SSL/TLS.

Unit 2: Application Layer & Transport Layer Security

Application Layer Security

 - Protects application-specific data (e.g., emails, web).
 - Applies encryption and digital signatures.
 - Ensures end-to-end secure communication.

Security Threats & Countermeasures

 - Threats include phishing, malware, and spoofing.
 - Countermeasures: antivirus, firewalls, encryption.
 - Security training and awareness are essential.

SET Protocol
 - Secure Electronic Transaction for online payments.
 - Involves cardholder, merchant, and payment gateway.
 - Uses encryption and digital certificates.

Electronic Mail Security

 - Involves PGP and S/MIME technologies.
 - Ensures confidentiality and authenticity of emails.
 - Prevents email tampering and interception.

PGP (Pretty Good Privacy)

 - Encrypts emails using both public and private keys.
 - Supports digital signatures for integrity.
 - Widely used for secure personal communications.

S/MIME
 - Standard for public key encryption of emails.
 - Provides message integrity and authentication.
 - Built into many email applications.

SSL/TLS
 - Secure protocols for web and email communications.
 - Provide encryption and secure data transfer.
 - TLS is the modern replacement for SSL.
Wireless Transport Layer Security
 - TLS adapted for wireless communication.
 - Used in mobile devices and wireless networks.
 - Ensures secure data transmission over air.

Unit 3: IP Security & System Security

IP Security (IPSec)
 - Secures IP packets using encryption and authentication.
 - Used in VPNs for secure remote access.
 - Includes protocols like AH and ESP.

Authentication Header (AH)

 - Provides data integrity and authentication.
 - No encryption, only authenticates the packet.
 - Prevents spoofing attacks.

Encapsulating Security Payload (ESP)

 - Provides both encryption and authentication.
 - Can operate in transport or tunnel mode.
 - Used widely in secure VPNs.

Intruders
 - Unauthorized users trying to access systems.
 - Can be internal or external attackers.
 - Detected using IDS/IPS tools.

Intrusion Detection System (IDS)

 - Monitors network for suspicious activities.
 - Alerts administrators on detecting threats.
 - Types: Host-based and Network-based IDS.

Viruses
 - Malicious code that replicates and spreads.
 - Can damage files, slow systems, or steal data.
 - Requires antivirus tools to detect and remove.

Firewall Design Principles

 - Filters incoming and outgoing traffic.
 - Implements rules to allow or block connections.
 - Acts as the first line of network defense.
Trusted Systems
 - Systems with verified and controlled access.
 - Ensure secure handling of data and operations.
 - Often used in high-security environments.

OS Security
 - Secures operating systems from threats.
 - Includes updates, patches, and access controls.
 - Disables unnecessary services and ports.

Program Security
 - Developing software with security in mind.
 - Avoids buffer overflows and code injection.
 - Follows secure coding practices.

Unit 4: Cyber Law & IT Act

Introduction to Cyber Law

 - Deals with legal issues related to cyberspace.
 - Covers cybercrime, data protection, and privacy.
 - Defines laws for internet-based activities.

Cyber Crime & Cyber Criminals

 - Crimes using computers and networks.
 - Examples: hacking, phishing, cyberstalking.
 - Cyber criminals exploit digital vulnerabilities.

Object and Scope of IT Act

 - Recognizes digital records and signatures legally.
 - Promotes e-governance and secure transactions.
 - Applies to cybercrimes and digital contracts.

Digital Signatures & E-Records

 - Ensure document authenticity and integrity.
 - Legally accepted under the IT Act.
 - Used in emails, contracts, and government services.

E-Governance
 - Use of digital tools for public services.
 - Improves transparency and efficiency.
 - Backed by IT Act provisions.
Unit 5: Advanced Security Concepts

Basics of Network Security

 - IP addresses uniquely identify devices.
 - Port numbers allow app-level communication.
 - Sockets combine IP and port to manage traffic.

IP Hiding & Tracing

 - VPN hides real IP to protect identity.
 - Tools like traceroute trace packet paths.
 - Used in tracking cyber attackers.

Scanning Techniques
 - Ping sweep finds live hosts on network.
 - Port scanning identifies open ports.
 - Used in vulnerability assessment.

Fingerprinting
 - Active: Direct queries to find system info.
 - Passive: Observes traffic to detect systems.
 - Helps in identifying OS and services.

Buffer Overflow Attacks

 - Overflowing memory buffers to inject code.
 - Types: Stack, Heap, String, Integer overflow.
 - Can crash or take control of systems.

Internal Attacks
 - Caused by insiders with access.
 - Examples: Email misuse, mobile data theft.
 - Often harder to detect than external attacks.

Dumpster Diving & Shoulder Surfing

 - Dumpster Diving: Recover data from trash.
 - Shoulder Surfing: Spy on user screen or keyboard.
 - Common low-tech social engineering tactics.

DOS Attacks
 - Denial of Service attacks overload systems.
 - Examples: Ping of Death, Teardrop, SYN Flood.
 - DDoS involves multiple attacking systems.