UNIT-I

Data & Network Security

 Syllabus
Need for Security, Security Attack, Security
Services, Information Security, Methods of
Protection, Basics of Cryptography:
Terminologies used in Cryptography,
Substitution Techniques, Transposition
Techniques, Network Security, Threats in
Networks, Network Security Controls.
 Need for Information security
1.Protecting the functionality of the
organization
2.Enabling the safe operation of applications
3.Protecting the data that the organization
collect and use
4.Safeguarding technology assets in
organizations
 Attacks in Information Security

• Passive Attack: Passive attacks are in the nature of eavesdropping

on, or monitoring of, transmissions. The goal of the opponent is to
obtain information that is being transmitted.
• Active Attacks: An Active attack attempts to alter system resources
or affect their operations. Active attacks involve some modification
of the data stream or the creation of false statements. Types of active
attacks are as follows: 
• Masquerade
• Modification of messages
• Repudiation
• Replay
• Denial of Service
 Masquerade

A masquerade attack takes place when one entity

pretends to be a different entity. A Masquerade
attack involves one of the other forms of active
attacks. Masquerade assaults may be performed
using the stolen passwords and logins.
 Modification of messages

It means that some portion of a message is

altered or that message is delayed or reordered to
produce an unauthorized effect. Modification is
an attack on the integrity of the original data. It
basically means that unauthorized parties not
only gain access to data but also alter the
transmitted data packets or flooding the network
with fake data.
 Repudiation

This attack occurs when the network is not

completely secured or the login control has been
tampered with. With this attack, the author’s
information can be changed by actions of a
malicious user in order to save false data in log
files, up to the general manipulation of data on
behalf of others.
 Replay

It involves the passive capture of a message and

its subsequent transmission to produce an
authorized effect. In this attack, the basic aim of
the attacker is to save a copy of the data
originally present on that particular network and
later on use this data for personal uses. 
 Denial of Service

It prevents the normal use of communication

facilities. This attack may have a specific target.
For example, an entity may suppress all
messages directed to a particular destination.
Another form of service denial is the disruption
of an entire network either by disabling the
network or by overloading it with messages so as
to degrade performance. 
 Security Services
X.800 defines a security service as a service
provided by a protocol layer of communicating
open systems, which ensures adequate security
of the systems or of data transfers. Security
services are processing or communication
service that is provided by a system to give a
specific kind of protection to system resources;
security services implement security policies and
are implemented by security mechanisms.
 Authentication
The authentication service is concerned with assuring that a
communication is authentic. In the case of a single message,
such as a warning or alarm signal, the function of the
authentication service is to assure the recipient that the message
is from the source that it claims to be from. In the case of an
ongoing interaction, such as the connection of a terminal to a
host, two aspects are involved. First the service assures that the
two entities are authentic Second, the service must assure that
the connection is not interfered with in such a way that a third
party can masquerade as one of the two legitimate parties for
the purposes of unauthorized transmission or reception.
 Access Control
In the context of network security, access
control is the ability to limit and control the
access to host systems and applications via
communications links. To achieve this, each
entity trying to gain access must first be
identified, or authenticated, so that access rights
can be tailored to the individual.
 Data Confidentiality
Confidentiality is the protection of transmitted
data from passive attacks. With respect to the
content of a data transmission, several levels of
protection can be identified. The other aspect of
confidentiality is the protection of traffic flow
from analysis. This requires that an attacker not
be able to observe the source and destination,
frequency, length, or other characteristics of the
traffic on a communications facility.
 Data Integrity
A connection-oriented integrity service, one that deals with
a stream of messages, assures that messages are received
as sent, with no duplication, insertion, modification,
reordering, or replays. The destruction of data is also
covered under this service. Thus, the connection-oriented
integrity service addresses both message stream
modification and denial of service. On the other hand, a
connectionless integrity service, one that deals with
individual messages without regard to any larger context,
generally provides protection against message modification
only.
 Nonrepudiation
Nonrepudiation prevents either sender or
receiver from denying a transmitted message.
Thus, when a message is sent, the receiver can
prove that the alleged sender in fact sent the
message. Similarly, when a message is received,
the sender can prove that the alleged receiver in
fact received the message.
 Information Security 
Information Security is not only about securing
information from unauthorized access. Information Security
is basically the practice of preventing unauthorized access,
use, disclosure, disruption, modification, inspection,
recording or destruction of information. Information can be
physical or electronic one. Information can be anything like
Your details or we can say your profile on social media,
your data in mobile phone, your biometrics etc. Thus
Information Security spans so many research areas like
Cryptography, Mobile Computing, Cyber Forensics, Online
Social Media etc. 
 Methods of Protection
Firewall
Network Segmentation
Remote Access VPN
Zero Trust Network Access (ZTNA)
Email Security
 Firewall

Firewalls control incoming and outgoing traffic

on networks, with predetermined security rules.
Firewalls keep out unfriendly traffic and is a
necessary part of daily computing. Network
Security relies heavily on Firewalls, and
especially Next Generation Firewalls, which
focus on blocking malware and application-layer
attacks.
 Network Segmentation

Network segmentation defines boundaries between

network segments where assets within the group have a
common function, risk or role within an organization.
For instance, the perimeter gateway segments a
company network from the Internet. Potential threats
outside the network are prevented, ensuring that an
organization’s sensitive data remains inside.
Organizations can go further by defining additional
internal boundaries within their network, which can
provide improved security and access control.
 Remote Access VPN

Remote access VPN provides remote and secure

access to a company network to individual hosts
or clients, such as telecommuters, mobile users,
and extranet consumers. Each host typically has
VPN client software loaded or uses a web-based
client. Privacy and integrity of sensitive
information is ensured through multi-factor
authentication, endpoint compliance scanning,
and encryption of all transmitted data.
 Zero Trust Network Access (ZTNA)

The zero trust security model states that a user should

only have the access and permissions that they require
to fulfill their role. This is a very different approach
from that provided by traditional security solutions,
like VPNs, that grant a user full access to the target
network. Zero trust network access (ZTNA) also
known as software-defined perimeter (SDP) solutions
permits granular access to an organization’s
applications from users who require that access to
perform their duties.
 Email Security
• Email security refers to any processes,
products, and services designed to protect your
email accounts and email content safe from
external threats. Most email service providers
have built-in email security features designed
to keep you secure, but these may not be
enough to stop cybercriminals from accessing
your information.
•  
 Terminologies used in cryptography
Plaintext
original message
Ciphertext
encrypted or coded message
Encryption
convert from plaintext to ciphertext (enciphering)
Decryption
restore the plaintext from ciphertext (deciphering)
Key
information used in cipher known only to sender/receiver
Cipher
a particular algorithm (cryptographic system)
Cryptography
study of algorithms used for encryption
Cryptanalysis
study of techniques for decryption without knowledge of plaintext
Cryptology
areas of cryptography and cryptanalysis
 Types of ciphering techniques
• Substitution cipher
Monoalphabetic
Polyalphabetic
• Transposition cipher
 Monoalphabetic Cipher
Less secure
Contains frequency of letters same as the
message.
The space between words is left blank.
Brute force algorithm can decrypt it.
It is not used nowadays.
The same alphabet in the message will be
made up of similar code letters.
Polyalphabetic Cipher
More secure than a Monoalphabetic
cipher.
It does not contain the same frequency of
letters as in the message.
The space between the words are also
mapped to some letters.
Brute force algorithm cannot decrypt it.
It is used more frequently than
Monoalphabetic cipher.
The same alphabet in the code may or
may not be made of similar code letters.
 Transposition cipher
Transposition Cipher is a cryptographic
algorithm where the order of alphabets in the
plaintext is rearranged to form a cipher text. In
this process, the actual plain text alphabets are
not included. A very different kind of mapping is
achieved by performing some sort of
permutation on the plaintext letters. This
technique is referred to as a transposition
cipher.
 Threats to Information Security

• Information Security threats can be many like Software

attacks, theft of intellectual property, identity theft, theft of
equipment or information, sabotage, and information
extortion. 
• Threat can be anything that can take advantage of a
vulnerability to breach security and negatively alter, erase,
harm object or objects of interest. 
• Software attacks means attack by Viruses, Worms, Trojan
Horses etc. Many users believe that malware, virus, worms,
bots are all same things. But they are not same, only similarity
is that they all are malicious software that behaves differently.
Basic Information security controls fall
into three groups: 
• Preventive controls, which address weaknesses in
your information systems identified by your risk
management team before you experience a
cybersecurity incident.
• Detective controls, which alert you to
cybersecurity breach attempts and also warn you
when a data breach is in progress, so your
cybersecurity staff can begin to limit the damage. 
• Corrective controls, such as backups used after a
cybersecurity incident, to minimize data loss and
damage to information systems; and to restore
your information systems as quickly as possible.
Information security controls can also be
classified into several areas of data protection
• Physical access controls. This includes restrictions on physical access such as
security guards at building entrances, locks, close circuit security cameras, and
perimeter fences. 
• Cyber access controls. These are cybersecurity controls and policies such as
up-to-date firewalls, password policies, and software applications that alert
you to cybersecurity risks like ransomware attacks and phishing.
• Procedural controls. This includes security awareness education, security
framework compliance training, and incident response plans and procedures
put in place to enhance network security. 
• Technical controls. Increasingly common are controls such as multi-factor
user authentication at login, and also granting internal access to your IT
system on a need-to-know basis. 
• Compliance controls. This means adherence to privacy laws and
cybersecurity frameworks and standards designed to minimize security risks.
These typically require an information security risk assessment, and impose
information security requirements. For example, if your company is required
to be in compliance with the NIST cybersecurity framework but isn’t, it can
face monetary penalties until those compliance controls are put into place.