Chapter 4
Chapter 4
Network Security
Network security
Is any system, device, or action designed to protect the
safety and reliability of a network and its data.
Network security manages access to a network by
stopping a variety of threats from entering and
spreading through a system.
• Network security is focused on protecting files,
documents, and information from those types of
attacks.
• Most commonly, network security starts with
authentication in the form of a username and
password, but it can also employ other tools like
firewalls, anti-virus programs, and virtual private
networks (VPNs) to protect the network’s information.
Benefits of Network Security
Email Security
Growing use of e-mail communication for important and crucial
transactions demands provision of certain fundamental security
services as the following:
• Confidentiality − E-mail message should not be read by
anyone but the intended recipient.
• Authentication − E-mail recipient can be sure of the identity
of the sender.
• Integrity − Assurance to the recipient that the e-mail message
has not been altered since it was transmitted by the sender.
• Non-repudiation − E-mail recipient is able to prove to a third
party that the sender really did send the message.
• Proof of submission − E-mail sender gets the confirmation
that the message is handed to the mail delivery system.
• Proof of delivery − Sender gets a confirmation that the
recipient received the message.
Cont. ……
Security services such as privacy, authentication, message
integrity, and non-repudiation are usually provided by using
public key cryptography.
Here are the protocols and schemes used in email security.
Pretty Good Privacy (PGP) is an e-mail encryption scheme.
It works at an application layer.
It has become the de-facto standard for providing security services
for e-mail communication.
S/MIME: S/MIME is a secure e-mail standard. It is based on
an earlier non-secure e-mailing standard called MIME.
A secure e-email communication in a captive network can be
provided by adapting to PGP.
For e-mail security over Internet, where mails are exchanged
with new unknown users very often, S/MIME is considered as
a good option.
Application Layer Security
Web Security
Secure web browsing is provided by HTTPS (Secured
HTTP).
o It stands for HTTP over SSL.
o This protocol is used to provide the encrypted and
authenticated connection between the client web browser
and the website server.
The secure browsing through HTTPS ensures that the
following content are encrypted:
URL of the requested web page.
Web page contents provided by the server to the
user client.
Contents of forms filled in by user.
Cookies established in both directions.
Transport Layer Security
The security at this layer is mostly used to secure HTTP based web transactions
on a network.
The main protocols that provides security scheme at the transport layer are TLS
and SSL.
Transport Layer Security (TLS)
• TLS protocols operate above the TCP layer. Design of these protocols uses
popular Application Program Interfaces (API) to TCP, called “sockets" for
interfacing with TCP layer.
• Applications are now interfaced to Transport Security Layer instead of TCP
directly.
• Transport Security Layer provides a simple API with sockets, which is similar and
analogous to TCP's API.
• TLS is designed to operate over TCP, the reliable layer 4 protocol (not on UDP
protocol), to make design of TLS much simpler, because it doesn't have to worry
about ‘timing out’ and ‘retransmitting lost data’.
• The TCP layer continues doing that as usual which serves the need of TLS.
Secure Socket Layer (SSL)
• SSL provides network connection security through confidentiality, authentication
and reliability.
– It is available for all TCP applications and is support by almost all web browsers. It
provides ease in doing business with new online entities.
– It developed primarily for web e-commerce.
Network Layer Security
– Firewall
– Proxy server
– IDS/IPS
– Virtual Private network