INTRODUCTION

Computer Network Security refers to the policies, practices, and

technologies used to protect the integrity, confidentiality, and availability
of computer networks and data. It involves securing both the hardware
and software technologies that comprise a network.

Key Objectives of Network Security

1. Confidentiality : Ensuring that data is only accessible to authorized
users.
2. Integrity : Ensuring that data is not altered or tampered with by
unauthorized individuals.
3. Availability : Ensuring that data and resources are available to
authorized users when needed.

Common Network Security Threats

1. Malware (Viruses, Worms, Trojans)
2. Phishing Attacks
3. Denial of Service (DoS) and Distributed DoS Attacks
4. Man-in-the-Middle Attacks
5. Ransomware

Basic Types of Network Security Measures

1. Firewalls – Control incoming and outgoing network traffic.
2. Antivirus and Antimalware Software – Detect and remove malicious
software.
3. Intrusion Detection and Prevention Systems (IDPS) – Monitor network
traffic for suspicious activity.
4. Virtual Private Networks (VPNs) – Encrypt data transmission over
public networks.
5. Access Control – Restrict access to network resources.
6. Encryption – Secure data through encoding.

ATTACK
In network security, an attack is any unauthorized attempt to access,
manipulate, disrupt, or damage a network, its data, or its resources. These
attacks can be carried out by individuals (hackers), groups (cybercriminal
organizations), or even nation-states.

1. Passive Attacks
Goal: To gather information without altering the data.
Examples:
Eavesdropping: Monitoring unencrypted network traffic.
Traffic Analysis: Analyzing traffic patterns to infer sensitive
information.

2. Active Attacks
Goal: To alter or disrupt data or system operations.
Examples:
Man-in-the-Middle (MitM): Intercepting and altering communication
between two parties.
Denial of Service (DoS): Overloading a network or system to make it
unavailable.

Common Types of Network Attacks

• Phishing : Tricking users into giving away sensitive data (like
passwords or credit cards).
• Ransomware : Encrypts files and demands payment to unlock them.
• Malware : Software designed to disrupt, damage, or gain
unauthorized access.

Prevent Network Attacks

• Use firewalls and intrusion prevention systems (IPS).
• Apply software patches and updates regularly.
• Implement strong authentication and access control.
• Encrypt sensitive data during transmission and storage.

SERVICES AND MECHANISM

In computer network security, services and mechanisms are two
fundamental concepts designed to protect data, systems, and
communication from unauthorized access, misuse, or failure. Here’s an
overview:

Security Services
Security services are the goals or functionalities that ensure network
security. They are typically defined by the ITU-T X.800 and ISO 7498-2
standards.

Common Security Services:

1. Authentication : Ensures that the sender and receiver of a message
are who they claim to be.
2. Access Control : Prevents unauthorized access to resources.
3. Data Confidentiality : Protects data from unauthorized disclosure.
4. Data Integrity : Ensures that the data has not been altered during
transmission.
5. Availability : Ensures that systems and services are available to
authorized users.

Security Mechanisms
Security mechanisms are the tools and techniques used to implement
security services. Think of them as the "how" behind achieving those
services.

Common Security Mechanisms:

1. Encryption : Converts data into unreadable form to ensure
confidentiality.
2. Digital Signatures : Provides authentication, integrity, and non-
repudiation.
3. Hash Functions : Checks integrity of data (e.g., SHA-256).
4. Authentication Protocols : Verify identities (e.g., Kerberos, OAuth).
5. Firewalls : Enforce access control between networks.

CRYPTOGRAPHY
Cryptography is the science of securing information. It transforms data
into a form that is unreadable to unauthorized users and ensures
confidentiality, integrity, and authentication in communication.

A. Plain Text
The original, readable message or data that needs to be protected.
Example: "Hello, Alice!" is plaintext if sent as-is in an email.
Vulnerability: If intercepted in plain form, it can be read by anyone.

B. Encryption
The process of converting plaintext into ciphertext using a
cryptographic algorithm and a key.
Purpose: To protect data from unauthorized access.

Types of Encryption
a) Symmetric Encryption
Symmetric encryption is a type of cryptography where the same
key is used for both encryption and decryption.
Both sender and receiver must share the same secret key.
Faster and more efficient for large data volumes.
Requires secure key distribution (major challenge).

• Common Algorithms:
AES (Advanced Encryption Standard)
DES (Data Encryption Standard)
3DES (Triple DES)
b) Asymmetric Encryption
Asymmetric encryption uses two different but mathematically
related keys: a public key and a private key.
The public key is used to encrypt data.
The private key is used to decrypt it.
Solves the key distribution problem in symmetric encryption.
Slower than symmetric encryption.
• Common Algorithms:
RSA (Rivest–Shamir–Adleman)
ECC (Elliptic Curve Cryptography)

C. Key
A value used by a cryptographic algorithm to perform encryption
and decryption.
 Importance: Security depends on the key, not the algorithm.

Types of Keys
• Symmetric Key
Uses one single key for both encryption and decryption.
Same key is shared between sender and receiver.
• Asymmetric Key
Uses a pair of keys: one public key for encryption and one private
key for decryption.
Different keys for sender and receiver.

D. Cipher Text
The encrypted form of plaintext. It is unreadable without the correct
key.
Example: "Zk4@#R2!" is ciphertext for "Hello" after encryption.
Use: Sent over networks to prevent data leaks.

E. Decryption
The process of converting ciphertext back to plaintext using a key.
Purpose: To retrieve the original message.
Note: Decryption is the reverse of encryption.

F. Cryptanalysis
The art/science of breaking cryptographic systems.
Helps improve cryptographic systems by identifying weaknesses.
Goal: To decrypt information without knowing the key.

Techniques:
Brute-force attack
Frequency analysis
Chosen plaintext/ciphertext attack

G. Public Key Encryption

A cryptographic system that uses two keys:
Public key: Used for encryption; shared openly.
Private key: Used for decryption; kept secret.
 Properties:
Only the holder of the private key can decrypt data encrypted with
the public key.
Used in email encryption, SSL/TLS (HTTPS), and digital signatures.

H. Digital Signatures
A cryptographic technique used to verify the authenticity and
integrity of a message.
How It Works:
1. The sender generates a hash of the message.
2. Encrypts the hash using their private key.
3. Sends the original message + digital signature.
4. Receiver uses sender’s public key to verify the signature.
Uses:
Proves the message was sent by the claimed sender.
Detects any alteration of the message.

I. Authentication
The process of verifying the identity of a user or device.
In Cryptography:
Ensures the message comes from a trusted source.
Often uses digital certificates, passwords, or biometric data.
Techniques:
Password-based
Two-Factor Authentication (2FA)
Public Key Infrastructure (PKI)

Authentication Applications in
Network Security
Authentication applications ensure that the identity of users, systems, or
entities is verified before granting access to resources. Below are key
authentication mechanisms used in secure communication.

a. Kerberos
 Kerberos is a network authentication protocol designed to provide
strong authentication for client-server applications using secret-key
cryptography.

Key Features
Uses symmetric encryption (usually AES or DES).
Based on trusted third-party authentication.
Eliminates the need to send passwords over the network.
Protects against replay attacks using timestamps and session keys.

Components:
Client: Requests services.
Server: Offers services.
Key Distribution Center (KDC): Consists of:
Authentication Server (AS): Authenticates users and issues Ticket
Granting Tickets (TGT).
Ticket Granting Server (TGS): Issues service tickets.

How it works:
1. Login: The client sends a request to AS.
2. AS Response: Returns TGT encrypted with the user’s key.
3. Service Request: Client uses TGT to request a service ticket
from TGS.
4. Access: The client uses the service ticket to access the desired
server.
Advantages:
Centralized authentication.
Single Sign-On (SSO).
No transmission of plain-text passwords.

Limitations:
Requires synchronized clocks.
Single point of failure (KDC).

b. X.509 Authentication Service

X.509 is a standard that defines the format of public key certificates
used in Public Key Infrastructure (PKI) for authentication.
Issued by: Certificate Authorities (CAs)
 Key Components:
Public Key Certificate: Contains subject name, public key, CA
signature, expiration date, and serial number.
Certificate Authority (CA): Trusted entity that signs and issues
certificates.
Registration Authority (RA): Verifies identities before certificates are
issued.

Certificate Structure:
Version
Serial Number
Signature Algorithm
Issuer
Validity Period (Not Before – Not After)
Subject
Subject Public Key Info
Issuer Signature

Authentication Process:
1. Client receives the server’s certificate.
2. Verifies certificate using CA’s public key.
3. Extracts the public key to encrypt a session key or validate
signatures.
Advantages:
Based on public key cryptography.
Trust can be established hierarchically (chain of trust).
Widely used in SSL/TLS, email, VPNs.

Limitations:
Requires robust CA infrastructure.
Certificate revocation and management overhead.

c. Directory Authentication Service (LDAP)

A Directory Authentication Service provides a central repository for
storing identity and authentication data using protocols like LDAP
(Lightweight Directory Access Protocol).

Usage:
Centralized user authentication and authorization.
 Integrates with services like Active Directory, OpenLDAP.

Key Features:
Hierarchical structure (tree-like).
Stores credentials, certificates, roles, groups.
Supports binding for authentication:
Simple Bind: Username and password.
SASL Bind: Supports Kerberos or external authentication
mechanisms.

Authentication Process:
1. Client connects and binds to the directory.
2. Credentials are validated against stored information.
3. Access is granted based on identity and group memberships.

Advantages:
Centralized user management.
Scalable and efficient for large organizations.
Supports multiple authentication methods.

Limitations:
Simple bind can expose passwords if not encrypted.
May require additional services for security (e.g., TLS/SSL for LDAP).

d. Pretty Good Privacy (PGP)

PGP is an encryption program that provides confidentiality and
authentication for email and file transfer.
Developed by: Phil Zimmermann

Key Features:
Combines symmetric and asymmetric encryption.
Uses a web of trust instead of a CA.
Encrypts both the message and digital signature.

How it works:
1. Message is compressed.
2. A session key is generated (symmetric).
3. The message is encrypted using the session key.
4. The session key is encrypted using the recipient’s public key.
 5. Digital signature is created using sender’s private key.

Authentication:
Recipients verify the sender’s identity using the sender’s public key.
Trust is based on manual key verification and trust relationships.

Advantages:
High level of security.
Provides confidentiality, integrity, and authenticity.
No need for centralized authority.

Limitations:
Complex key management.
Web of trust is less scalable than PKI.

e. S/MIME (Secure/Multipurpose Internet Mail Extensions)

S/MIME is a standard for public key encryption and signing of MIME
data, often used to secure email communication.
Built on: MIME standard for formatting email.

Key Features:
Uses X.509 certificates for identity verification.
Provides confidentiality, message integrity, and non-repudiation.

How it works:
1. Sender signs the email using their private key.
2. Encrypts the message with a symmetric key.
3. The symmetric key is encrypted using the recipient’s public key.
4. Recipient decrypts the symmetric key using their private key, then
decrypts the message.

Authentication:
Uses digital signatures to verify sender’s identity.
Verifies signature using the sender’s public certificate.

Advantages:
End-to-end email security.
Based on standard X.509 certificates and PKI.
 Transparent to users (if client supports it).

Limitations:
Requires a trusted CA infrastructure.
Certificate management can be complex.

IP Security Architecture
IPSec is a framework of open standards for ensuring private, secure
communications over IP networks, using cryptographic security services.
It’s defined by a series of protocols developed by the Internet Engineering
Task Force (IETF).

Key Goals of IPSec:

• Confidentiality – Encryption hides data from unauthorized users.
• Integrity – Ensures data is not tampered with during transit.
• Authentication – Verifies the identities of the communicating parties.
• Anti-replay protection – Prevents attackers from resending captured
packets.

IPSec operates at the Network Layer (Layer 3), unlike SSL/TLS which
operates at the Application Layer.

➢ Authentication Header (AH)

 Authentication Header (AH) is one of the two main IPSec protocols
(the other being ESP).

Purpose:
Provides connectionless integrity, data origin authentication, and
optional anti-replay protection for IP packets.

How AH Works:
It adds a new header (AH) to the IP packet.
AH protects most parts of the IP packet, including the IP header
fields that don’t change in transit.

Format of AH:
Next Header: Specifies the protocol (e.g., TCP, UDP) of the payload.
Payload Length: Length of AH.
Security Parameters Index (SPI): Identifies the security association.
Sequence Number: Provides anti-replay protection.
Authentication Data: Integrity check value (e.g., HMAC).
➢ Encapsulating Security Payload (ESP)
Encapsulating Security Payload (ESP) is the second major protocol
used in IPSec.

Purpose:
Provides Confidentiality (via encryption) ,Integrity, Authentication,
and Anti-replay protection.

How ESP Works:

Encrypts the payload and optionally adds an ESP header and trailer.
Can operate in Transport Mode (encrypts only the payload) or Tunnel
Mode (encrypts the entire IP packet).

Format of ESP:
SPI
Sequence Number
Payload Data (Encrypted)
Padding
Authentication Data (Optional)

➢ Security Associations (SAs)

 An SA is a set of parameters that define how two devices will
communicate securely.

Each SA includes:
Encryption algorithm and key
Authentication method and key
SPI (Security Parameter Index)
Lifetime of the key
Mode (Transport or Tunnel)

Combining SAs:
When both authentication and encryption are needed, multiple SAs
may be used together.

Methods:
1. Transport adjacency – Applying AH and ESP in succession to the
same IP packet.
2. Iterated tunneling – Multiple tunnel SAs are used (packet
encapsulated multiple times).
3. Bundle – Applying both AH and ESP together in a predefined
order.

➢ Key Management
IPSec requires secure key exchange mechanisms to function properly.
Keys must be agreed upon without being intercepted.

Two Main Approaches:

1. Manual Keying:
Keys and SAs are configured manually on both ends.
Simple but not scalable or secure for large networks.
2. Automated Keying:
Uses the Internet Key Exchange (IKE) protocol to automate key
negotiation and management.
More secure and scalable.

IKE (Internet Key Exchange):

Phase 1: Establishes an IKE SA to protect further negotiation.
Phase 2: Negotiates the IPSec SAs to be used for actual data
transfer.
IKE uses Diffie-Hellman key exchange for securely sharing keys.
 IPSec Modes: Transport vs Tunnel
Mode Description Use Case
Transport Encrypts only the payload of IP packets End-to-end
communication
Tunnel Encrypts the entire IP packet (adds a new header)
Gateway-to-gateway or VPNs

WEB SECURITY

Web Security refers to the protection of websites, web applications, and

data transmitted over the Internet from cyber threats such as data
breaches, phishing, man-in-the-middle (MitM) attacks, and malware.

Why Web Security is Important:

Protects user privacy and confidential data
Maintains data integrity and authentication
Builds user trust
Prevents unauthorized access and financial losses

Web Security Requirements

Confidentiality : Information is accessible only to authorized users.
Integrity : Data cannot be modified undetectably.
Authentication : Verifying the identity of users/systems.
Non-repudiation : Ensures the sender cannot deny sending the message.
Access Control : Ensures only authorized users can access resources.
Availability : Systems remain functional and accessible.

➢ Secure Socket Layer (SSL)

 SSL (Secure Socket Layer) is a cryptographic protocol designed to
provide secure communication over the internet.
SSL is now deprecated and has been replaced by TLS, but it's
foundational to understanding modern web security.

SSL Architecture
SSL sits between the Application Layer (e.g., HTTP) and the
Transport Layer (e.g., TCP).

Features of SSL:
Authentication using certificates (typically server-side).
Data confidentiality through symmetric encryption (e.g., AES, 3DES).
Data integrity using MAC (Message Authentication Code).
Session keys negotiated using public-key cryptography (RSA, DH).
SSL Handshake Process:
1. Client Hello: Client sends supported SSL versions, cipher suites,
and a random value.
2. Server Hello: Server responds with chosen cipher suite, certificate,
and its random value.
3. Key Exchange: Client and server use public-key cryptography to
exchange a session key.
4. Session Established: Both sides use the session key for encrypted
communication.

➢ Transport Layer Security (TLS)

TLS (Transport Layer Security) is the successor to SSL and provides
stronger encryption, better performance, and improved security.

TLS Enhancements Over SSL:

Stronger ciphers and key exchange mechanisms.
Better message authentication (e.g., HMAC).
Protection against downgrade attacks.
Forward secrecy using ephemeral keys (in modern versions).

TLS Versions:
TLS 1.0 – Deprecated.
TLS 1.1 – Deprecated.
TLS 1.2 – Widely used.
TLS 1.3 – Latest, faster and more secure (removes obsolete
algorithms).
 TLS Handshake Process (TLS 1.3 – simplified):
1. Client sends ClientHello with supported algorithms.
2. Server responds with ServerHello, key, and certificate.
3. Client and server derive the same session key.
4. Both confirm the handshake and begin encrypted communication.

Advantages of TLS:
End-to-end encryption.
Server and optional client authentication.
Used in HTTPS, email (SMTP/IMAP/POP over TLS), VoIP, etc.

➢ Secure Electronic Transaction (SET)

SET (Secure Electronic Transaction) was a standard protocol
developed by Visa and MasterCard to secure credit card transactions
over the internet.
SET was never widely adopted but introduced several innovative
ideas that influenced later secure payment protocols.

SET Architecture:
Involves four parties:
Cardholder (Customer)
Merchant
Payment Gateway
Certificate Authority (CA)

Key Features of SET:

Authentication of cardholder and merchant.
Confidentiality of payment information.
Integrity of transaction data.
Dual Signature – Separates order and payment information, ensuring
merchants cannot access credit card details.

SET Transaction Flow:

1. Cardholder registers with a CA and obtains a digital certificate.
2. Merchant also has a digital certificate.
3. During payment : Cardholder sends order info + encrypted
payment info with dual signature.
Merchant forwards payment info to the payment gateway.
Gateway processes the payment and responds with approval.
 Merchant completes the order.

Why SET Failed:

Complex setup (certificates, software).
Lack of user-friendly tools.
High cost and low merchant adoption.
Emergence of simpler alternatives like 3D Secure (Visa/Mastercard)
and SSL/TLS-secured HTTPS payments.

NETWORK SECURITY
MANAGEMENT

Network Management Security refers to the protection of network

management systems and communications from threats such as
unauthorized access, eavesdropping, data tampering, and spoofing.

These systems are responsible for:

Monitoring device performance
Managing configurations
Detecting faults
Ensuring overall network health

➢ SNMP: Simple Network Management Protocol

SNMP is a standard protocol used for managing devices on IP
networks, including:
Routers
Switches
Servers
Workstations
Printers

SNMP Components
1. Managed Devices: Network nodes with SNMP agents.
2. Agents: Software that resides on managed devices and
collects/manage data.
3. Network Management Station (NMS): Central system that
communicates with agents to manage the network.

SNMP Architecture
Communication Model:
SNMP operates over UDP (port 161 for queries, 162 for traps).
The manager (NMS) sends requests (GET, SET) to the agent.
The agent replies with responses, or sends traps (unsolicited alerts)
to the manager.

Management Information Base (MIB):

A virtual database of network objects.
Objects are identified by Object Identifiers (OIDs).
Example: 1.3.6.1.2.1.1.5 represents the system name.
SNMPv1: Communication Facility
SNMPv1 is the first version of the protocol, introduced in 1988.

Features:
Simple and lightweight
Operates using a community string for access control

Common operations:
GET: Retrieve value of an object
SET: Modify object
GET-NEXT: Get next OID
TRAP: Send alert to manager

Security in SNMPv1:
Very weak: Uses clear-text community strings as "passwords"
Example: public (read-only), private (read-write)
No encryption or authentication

Vulnerable to:
Packet sniffing
Spoofing
Unauthorized access
 SNMPv1 is not secure and is considered obsolete for modern
networks.

➢ SNMPv3: Secure Network Management

SNMPv3, defined in RFC 3410, adds robust security mechanisms
lacking in earlier versions.

SNMPv3 Architecture:
SNMPv3 introduces a modular architecture with three main
components:
1. User-based Security Model (USM):
Provides authentication, encryption, and privacy
2. View-based Access Control Model (VACM):
Fine-grained access control to MIB objects
3. Security Subsystem:
Manages keys, users, and access rights

SNMPv3 Security Features:

Authentication : Verifies message origin using HMAC (MD5 or SHA)
Privacy (Encryption) : Protects message content using DES or AES
Access Control : Limits access to data using views and roles
Message Integrity : Ensures data is not modified in transit

SNMPv3 Communication Steps:

1. Manager and agent are configured with Usernames
Authentication and encryption keys
2. Manager sends a request with User credentials
Message authentication code (HMAC)
Encrypted data (if required)
3. Agent verifies, decrypts (if needed), and processes the request
4. Agent sends a secured response back

SNMPv3 Modes of Operation:

Mode Authentication Encryption Use Case

noAuthNoPriv No No Monitoring non-sensitive data
authNoPriv Yes No Authenticated access
authPriv Yes Yes Full security (recommended)

SYSTEM SECURITY
System Security – Overview
System Security encompasses all the methods and tools used to protect
computers, networks, and information systems from unauthorized access,
cyber threats, and operational failures. It involves policies, technologies,
and practices designed to detect, prevent, and recover from security
breaches.

System security is a foundational element of cybersecurity, which deals

not only with external threats but also with internal risks, software
vulnerabilities, and improper configurations.

1. Intruders
An intruder is an individual or software that attempts to gain
unauthorized access to a system. The goal may be to steal data,
disrupt services, or compromise system integrity.

Types of Intruders:
• Masqueraders:
External attackers who don’t have authorized access.
Gain access using stolen credentials, brute force attacks, or
phishing scams.

• Misfeasors:
Internal users who have legitimate access but misuse it.
For example, an employee accessing customer data without
permission.

• Clandestine Users:
Usually gain root or administrative privileges.
 Try to hide their actions from logging or monitoring systems.
May install rootkits or backdoors for long-term access.

Intruder Motivations:
Financial gain (e.g., ransomware, data theft)
Espionage (corporate or state-sponsored)
Political/ideological reasons (hacktivism)
Revenge or sabotage (disgruntled insiders)
Curiosity or challenge (often in the case of script kiddies)

Intrusion Detection Approaches:

Host-based IDS (HIDS): Monitors individual devices for suspicious
behavior.
Network-based IDS (NIDS): Analyzes network traffic for anomalies.
Anomaly-based: Detects deviations from normal behavior.
Signature-based: Detects known attack patterns.

2. Viruses and Related Threats – Malware Landscape

• Virus
Needs a host file to replicate.
Often spreads via email attachments, USB drives, or pirated
software.

• Worm
Standalone malware.
Exploits network vulnerabilities to spread autonomously (e.g.,
WannaCry).

• Trojan Horse:
Appears legitimate (e.g., fake antivirus or games).
Often used to open backdoors into systems.

• Spyware & Adware:

Tracks user activity (spyware) or floods system with ads (adware).
Often bundled with free downloads or browser plugins.

• Ransomware:
Encrypts files and demands payment in cryptocurrencies.
 Common in healthcare, education, and government sectors.
• Rootkits:
Hide their presence and that of other malware.
Modify system components like kernel modules or bootloaders.

Best Practices for Protection:

Use licensed antivirus solutions with regular updates.
Implement network segmentation to limit malware spread.
Maintain regular data backups.
Educate users on recognizing social engineering attacks.
Keep systems patched against known vulnerabilities (e.g., CVEs).

3. Firewall Design Principles – Network Border Security

Firewalls act as barriers between trusted internal networks and
untrusted external environments like the Internet. They enforce
policies that define what kind of network traffic is allowed or denied.

Firewall Design Principles Explained:

1. Default Deny Rule:
All incoming and outgoing traffic is blocked unless explicitly
allowed.
Prevents unauthorized access by default.

2. Principle of Least Privilege:

Only necessary services and ports should be open.
Reduces the attack surface.

3. Segmentation of Network Zones:

Example: Separate a web server (DMZ) from the internal
database to contain breaches.

4. Redundancy and High Availability:

Deploy firewalls in failover configurations to ensure availability
even during outages.

5. Logging and Alerting:

 All firewall activity should be logged and integrated with SIEM
systems.Helps in real-time monitoring and post-incident
analysis.

a. Policy Review and Testing:

Regular updates and audits of firewall rules.
Ensure policies reflect changes in infrastructure or business
needs.

Firewall Deployment Scenarios:

Perimeter Firewalls: Protect the entire organization from external
threats.
Host-based Firewalls: Protect individual systems.
Cloud-native Firewalls: Built into platforms like AWS, Azure, or GCP.
Internal Firewalls: Used to separate departments or sensitive areas
inside a network.

4. Case Tools & Software Platforms – Real-World Context

• Security Tools in Practice:

Antivirus and Endpoint Protection:

Kaspersky, Symantec, Bitdefender, Windows Defender
Provide malware scanning, real-time protection, and quarantine
capabilities.

Intrusion Detection/Prevention:
Snort: Open-source IDS with rule-based detection.
Suricata: Advanced multi-threaded IDS/IPS.
Zeek (formerly Bro): Network monitoring and analysis platform.

Firewalls:
pfSense: Open-source firewall and router software.
Cisco ASA and FortiGate: Enterprise-grade firewalls.
Cloud firewalls: AWS Security Groups, Azure NSGs.

SIEM (Security Information and Event Management):

Splunk, IBM QRadar, Elastic SIEM
 Aggregate and correlate security logs for threat detection and
compliance.

Endpoint Detection and Response (EDR):

CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint

These tools help detect threats, respond quickly to breaches, and

comply with data protection regulations (like GDPR, HIPAA).

5. Configuration Management – Keeping Systems Secure and

Consistent
It is the practice of standardizing and controlling IT resources,
including system settings, software versions, hardware
configurations, and access controls.

Why Configuration Management Matters for Security:

Prevents unauthorized changes to system configurations.
Reduces the risk of misconfiguration-based attacks (e.g., open ports,
weak encryption).
Ensures all systems comply with organizational security policies.
Supports quick rollback and recovery in case of failure.

Configuration Management Tasks:

Enforcing password policies.
Disabling unused services and ports.
Ensuring all systems have antivirus installed.
Verifying proper firewall and logging settings.
Monitoring and reporting configuration drift (unintended changes).

Tools:
Ansible – Simple automation using YAML playbooks.
Puppet – Uses a declarative language to enforce states.
Chef – Manages configurations using Ruby.
SaltStack – Suitable for real-time configuration management.
 INDEX
S.no. TOPICS
1 Introduction to Computer Network Security
1.1 Attacks
1.2 Security Services
1.3 Security Mechanisms
2 Cryptography
2.1 Plain Text and Cipher Text
2.2 Encryption and Decryption
2.3 Cryptographic Keys
2.4 Cryptanalysis
2.5 Public key Encryption
2.6 Digital Signatures
2.7 Authentication in Cryptography
3 Network Security
3.1 Authentication Applications
3.1.1 Kerberos
3.1.2 X.509 Authentication Service
3.1.3 Directory Authentication Service
3.2 Email Security
3.2.1 Pretty Good Privacy (PGP)
3.2.2 Secure/Multipurpose Internet Mail Extensions

4 IP Security Architecture
4.1 Overview of IP Security
4.2 Authentication Header (AH)
4.3 Encapsulating Security Payload (ESP)
4.4 Combining Security Associations
4.5 Key Management in IPSec
5 Web Security
5.1 Web Security Requirements
5.2 Secure Socket Layer (SSL)
5.3 Transport Layer Security (TLS)
5.4 Secure Electronic Transactions (SET)
6 Network Management Security
6.1 Overview of SNMP Architecture
6.2 SNMPv1 Communication Facility
6.3 SNMPv3 Security Enhancements
7 System Security
7.1 Intruders and Attack Methods
7.2 Viruses and Related Threats
7.3 Firewalls Design Principles
Examples Using Available Software Platforms /
7.4
Case Tools
7.5 Configuration Management in System Security

A PROJECT REPORT ON
“COMPUTER NETWORK SECURITY”
 Submitted to Maa Shakumbhari University , Saharanpur

In Partial Fulfilment for the award of degree of

Bachelor Of
Computer Application

Submitted To Submitted By
Prof. ………………… Name – Abhay Sharma
………………………… Course – BCA 6th Semester
Doon College of Education RollNo - 222801410002
Saharanpur

Department of Education
DOON COLLAGE OFEDUCATION, SAHARANPUR (U.P.)

Certificate
This is to certify that the project entitled “Computer Network Security “ is
the Bona fide record project report work done by Abhay Sharma under the
guidance of Prof. …………….. and during the year 2024 – 2025 submitted to
Doon College of Education , Saharanpur affiliated to Maa Shakumbhari
University in the partial fulfilment for the award of the Degree of Bachelor
Of Computer Application.

The project report defended in front of the Department steering

Committee
Composed by

Signature of Candidate Signature of Guide

Acknowledgement
I would like to express my special thanks to my parents for giving me this
opportunity to study in the college. I would also like to thanks my elder
brother for her support.

I would also thank and gratitude to the Faculty of Education Department

who gave me opportunity to do this ( Project Report ) on Application of
Computer Network Security in Real world and who also helped me in
completing my Survey Report.
 Declaration

I, Abhay Sharma , hereby declare that the presented in this project report
titled "Computer Network Security" is an original and independent work
carried out by me under the guidance of Prof. ………………….. at DOON
COLLAGE OF EDUCATION, SAHARANPUR.

I confirm that the project report is based on a thorough study and analysis
of various number systems and their applications. The content of this
report, including data, findings, and conclusions, is the result of my
project efforts and is not copied from any other sources. All sources of
information and references used in this study have been duly cited and
acknowledged. I also declare that this project report has not been
submitted, either in full or in part, for any other degree or diploma at this
or any other institution.

I understand that any form of academic dishonesty, including plagiarism

or misrepresentation of work, will be treated seriously and may result in
disciplinary action in accordance with the academic policies of (Maa
Shakumbhari University).

Name – ABHAY SHARMA

Class – BCA 6th Semester
Roll No – 222801410002