Chapter One

Introduction to computer security

 Introduction ……
Basic concepts of computer security
• Computer Security is the process of detecting and preventing any
unauthorized use of your laptop/computer.
• It involves the process of safeguarding against intruders from
using your personal or office-based computer resources with
malicious intent or for their own gains, or even for gaining any
access to them accidentally.
• The terms Computer security, network security and information
security are often used interchangeably.
• Network security is generally taken as providing protection at the
boundaries of an organization by keeping out intruders or hackers.
 measures to protect data during their transmission
 Introduction ……
• Network security starts from authenticating the user, commonly with
a username and a password.
• Once authenticated, a firewall enforces access policies such as
what services are allowed to be accessed by the network users.
• Information security, however, explicitly focuses on protecting data
resources from malware attack or simple mistakes by people within
an organization by use of data loss prevention (DLP) techniques.
• DLP techniques are used to identify sensitive data (in motion, at rest,
or in use).
• Care has to be taken to ensure the accuracy of the DLP technology is
high enough to ensure lower rates *of false-positive reporting
 Introduction ……
• Computer security is the protection of the items you value, called the
assets of a computer or computer system.
• There are many types of assets, involving hardware, software, data, people,
processes, or combinations of these.
• To determine what to protect, we must first identify what has value
and to whom.
• Cyberspace (internet, work environment, intranet) is becoming a
dangerous place for all organizations and individuals to protect their
sensitive data or reputation.
• This is because of the numerous people and machines accessing it. It is important to
mention that the recent studies have shown a big danger is coming from internal
threats or from disappointed employees like the Edward Snowden case, another
internal threat is that information material can be easily accessible over the intranet.
 What to secure?
• First of all, is to check the physical security by setting control systems like motion
alarms, door accessing systems, humidity sensors, temperature sensors.
All these components decrease the possibility of a computer to be stolen or damaged
by humans and environment itself.
• People having access to computer systems should have their own user id with
password protection.
• Monitors should be screen saver protected to hide the information from being
displayed when the user is away or inactive.
• Secure your network especially wireless, passwords should be used.
• Internet equipment as routers to be protected with password.
• Data that you use to store information which can be financial, or non-financial by
encryption.
• Information should be protected in all types of its representation in transmission
by encrypting it.
 Threats, vulnerabilities, controls, risks

Threats
• Most organizations take action against credible threats before they happen.
• Natural threats can be planned for by understanding what has happened before.
 An example would be floods, tornados, or earthquakes.
• Threat actors, on the other hand, aiming to destroy data and disrupt operations are
two of the leading fears that organizations try to defend against first.
• Security programs are purpose-built to address security threats by defending
against “what if” scenarios.
A good example of potential threats involves malware, ransomware, and
viruses.
• Attackers often focus on the total destruction of an asset, Distributed Denial of
Services (DDoS), or social engineering to accomplish their goals.
 Threats, vulnerabilities, controls, risks…….
Vulnerabilities
• Vulnerabilities exist in systems, regardless of make, model, or
version.
• The term vulnerability exposes potential weak points in hardware
and software.
• In applications, the vulnerability can often be fixed by the
manufacturer to harden and prevent exploitation of the weakness.
• Unauthorized access can be an example of someone taking
advantage of a vulnerability.
• The system should only allow authorized access and if someone
unauthorized is granted access, it violates IT security and bypasses
access control.
 Threats, vulnerabilities, controls,
risks…….
Risk
• When it comes to risks, organizations are looking at what may cause
potential harm to systems and the overall business.
• Several examples of systems susceptible to IT risk include operating
systems, and sensitive data.
• Organizations go to great lengths to mitigate, transfer, accept, and avoid
risks.
• A risk assessment is often the first line of defense to reduce security risk.
• In order to better prepare for the predictability of risks, assessments are
necessary to baseline an attack surface.
• Organizations should invest in a risk management program to better
understand how to measure risk
 Threats, vulnerabilities, controls,
risks…….
Controls
• Information security controls are measures taken to reduce information
security risks such as information systems breaches, data theft, and
unauthorized changes to digital information or systems.
These security controls are intended to help protect the availability, confidentiality, and
integrity of data and networks, and are typically implemented after an information
security risk assessment.
• Security controls come in the form of:
• Access controls including restrictions on physical access such as security guards at
building entrances, locks, and perimeter fences.
• Procedural controls such as security awareness education, security framework
compliance training, and incident response plans and actions.
• Technical controls such as multi-factor user authentication at login (login) and logical
access controls, antivirus software, firewalls.
• Compliance controls such as privacy laws and cyber security frameworks and standards
 Goals of computer Security(Security
Services)
 Every security system must provide a bundle of security functions/services
that can assure the secrecy of the system.
 These functions are usually referred to as the goals of the security system.
 These goals can be listed under the following five main categories:
1. Authentication
2. Secrecy or Confidentiality
3. Integrity
4. Non-Repudiation
5. Service Reliability and Availability:
 Goals of computer security…..
1. Authentication: Authentication means before sending and receiving data using the
system, the receiver and sender identity should be verified.
2. • Secrecy or Confidentiality: This function is how most people find a secure system. It
means only the authenticated people are able to interpret the message or content
and no one else.
• Data confidentiality prevents unauthorized entities from accessing confidential
information.
• Data confidentiality assures that confidential data/information is not made
available to unauthorized entities in the system
3. Integrity: Integrity means that the content of the transferred data is assured to be
free from any type of modification between the end points (sender and receiver).
Generally, integrity assures the accuracy and consistency of data and systems, which
means guarding against improper modification or destruction of data and systems in an
unauthorized or undetected manner.
• A loss of integrity is the unauthorized change or destruction of data or systems
 Goals of computer security……
4. Non-Repudiation: In this function implies that neither the sender nor the
receiver can falsely deny that they have sent a certain message.
5. Service Reliability and Availability: Since secure systems usually get attacked
by intruders, which may affect their availability and type of service to their
users.
• The availability ensures that computer networks and systems work properly and
services are accessible and are not denied for authorized users.
• Specifically, availability ensures timely and reliable access to information and
services on computer networks and systems.
• A loss of availability leads to the disruption of access to the information and
services on the systems.
• Availability is the most important security service for some services on
computer networks and systems.
• Highly available systems or services remain available at all timely.
Summary
 Security attack……
• A security attack is an unauthorized attempt to steal, damage, or expose
data from an information system such as your website.
• We can classify security attacks as passive and active attacks.
• Passive attacks
• A passive attack attempts to learn or make use of information from the
system but does not affect the system resources.
• The passive attackers are in the nature of eavesdropping on, or
monitoring of transmissions with a goal of obtaining information being
transmitted.
• The passive attacks are very difficult to detect because they do not
involve any alteration of data.
• Measures are available to prevent their success.
• Two types of passive attacks are: release of message content & traffic
analysis.
 Security attack……
 Release of message content:
- Outsider learns content of transmission
 Traffic analysis:
- By monitoring frequency and length of messages, even encrypted, nature of
communication may be guessed.
• Active attack
• Alter system resources or affects their operation.
• Difficult to prevent active attacks absolutely.
• Classification of active attacks/threats:
Interruption
Interception
Modification
Fabrication
 Active attack……

However, abnormalities from the normal flow of information will happen

if there is an attack or a threat: These threats can be classified as:
• Interruption
• Interception
• Modification
• Fabrication
 Active attack……
Interruption

Examples of interruption are destruction of a piece of hardware, the cutting of cable and
disabling of a file management system
Active attack……
Active attack……
Active attack……
 Security policies and mechanisms
 Security policy
 is a statement of what is, and what is not, allowed.
 Policies may be presented mathematically, as a list of allowed (secure) and disallowed (non-
secure) states.
 For our purposes, we will assume that any given policy provides an accepted description of
secure states and non-secure states.
 Security mechanism:
• is a method, tool, or procedure for enforcing a security policy.
• A mechanism that is designed to detect, prevent or recover the system from the security
attacks.
• The security mechanisms are :
 Encipherment: The use of mathematical algorithms to transfer the data into a form that is
not readily understandable.
 Digital signatures: Used to protect the data against forgery. It is appended to the data unit
that allows a recipient of the data unit to prove the source and integrity of the data unit.
 Access Control: These mechanisms enforce access rights to resources.
 Security mechanism……..

Data integrity: A variety of mechanisms are used to

assure the integrity of data unit.
 Authentication exchange: A mechanism intended to
ensure the identity of an entity by means of information
exchange.
Traffic padding: The insertion of bits into gaps in a data
stream to control traffic analysis attacks.
Notarization: The use of trusted third party to assure
certain properties of a data exchange.
 Routing control: Enables selection of particular
physically secure routes for certain data and allows.
 Prevention, detection, and deterrence

 Prevention
 Security measures must be taken to protect information from unauthorized modification,
destruction, or disclosure whether accidental or intentional.
 During the prevention phase, security policies, controls and processes should be designed
and implemented.
 Security policies, security awareness programs and access control procedures, are all
interrelated and should be developed early on.
 The information security policy is the basis from which all else is built.
 Detection:
 Detection of a system compromise is extremely critical. With the ever-increasing threat
environment, no matter what level of protection a system may have, it will get
compromised given a greater level of motivation and skill.
 There is no full proof “silver bullet” security solution.
 A defense in layers strategy should be deployed so when each layer fails, it fails safely to a
known state and sounds an alarm. The most important element of this strategy is timely
detection and notification of a compromise.
 Intrusion detection systems (IDS) are utilized for this purpose.
 Prevention, detection, and deterrence…….
• IDS have the capability of monitoring system activity and notifies responsible
persons when activities warrant investigation.
• The systems can detect attack signatures and also changes in files,
configurations and activity.
• To be protected, the entire system should be monitored. Intrusion detection
tools should be strategically placed at the network and application levels.
• However, monitoring a busy network or host is not a simple task.
• Intrusion detection tools must have the ability to distinguish normal system
activity from malicious activity. This is more of an art than a science.
• The IDS must be fine-tuned or ‘tweaked” in order for the IDS to work in
accord with a particular network or host. This tuning process must take into
account known threats, as well as intruder.
Thank you !!!
 Chapter Two
Computer Threat
 A computer system threat in general can include anything
deliberate, unintended, or caused by natural disaster that effects in
data loss/manipulation or physical destruction of hardware.
 Categorized as physical threats and non-physical threats.
 Physical threats cause damage to hardware or theft to system or
hard disk that holds critical data.
 Non-physical threats target the data and the software on the
computer systems by corrupting the data or by exploiting the errors
in the software.
 Malicious code
Malicious code
• is harmful computer programming scripts designed to create
or exploit system vulnerabilities.
• designed by a threat actor to cause unwanted changes,
damage, or ongoing access to computer systems.
• It may result in back doors, security breaches/break,
information and data theft, and other potential damages to
files and computing systems.
• Many malicious code types can harm your computer by
finding entry points that lead to your precious data.
 Malicious code

Among the ever-growing list, here are some common

culprit.
• Viruses
• Worms
• Trojan horse
• spyware
 Malicious code ……
Viruses
 Viruses are self-replicating malicious code that attaches to
programs to execute.
 These files travel via documents and other file downloads,
allowing the virus to break into your device.
 Once the virus executes, it can self-propagate and spread
through the system and connected networks.
 A virus can’t spread without human actions such as running a
virus-infected application on a computer.
 Virus can’t be controlled by remote.
 Malicious code(virous ……)

Following are a couple of characteristics of any virus that infects your computers.

 They reside in a computer’s memory and activates themselves while the

program that is attached starts running.
 Example: They attach themselves in general to the explorer.exe in windows
OS because it is the process that is running all the time, so you should be
cautious when this process starts to consume too much of your computer
capacities.
 They modify themselves after the infection phase like the source codes,
extensions, new files, etc. so it is harder for an antivirus to detect them.
 They always try to hide themselves in the operating systems in the following
ways:
 Encrypts itself into cryptic symbols, and
 Decrypt themselves when they replicate or execute.
 Malicious code ……
Worms:
 Stand-alone program which spreads copies of itself via
network.
 Worms are malware that spreads from computer to
computer through a network.
 It takes advantage of the flaw in the security of
computers.
 it doesn’t need a software program to latch on and
multiply its infected code.
 A worm has the same structure as a virus but it can spread
from one computer to another without any human action.
 Cont…..
Major abnormalities a system exhibits when infected by worms are slowing
down the system, the appearance of unfamiliar icons, performance
degrading, and unusual opening of applications.
 Additionally, when worms infect a system, it may send and receive random
emails.
Worms is also a computer program like virus but it does not modify the
program. It replicate itself more and more to cause slow down the
computer system.
Worms can be controlled by remote.
Trojan horses:
Trojan Horse does not replicate itself like virus and worms.
It is a hidden piece of code which steal the important information of user. it
doesn’t destroy the system.
For example, Trojan horse software observe the e-mail ID and password
while entering in web browser for logging.
 Malicious code ……
 Spyware:
• is malicious software that enters a user’s computer, gathers data from the
device and user, and sends it to third parties without their consent.
• A commonly accepted spyware definition is a strand of malware designed to
access and damage a device without the user’s consent.
• Spyware collects personal and sensitive information that it sends to
advertisers, data collection firms, or malicious actors for a profit. Attackers use
it to track, steal, and sell user data, such as internet usage, credit card, and
bank account details, or steal user credentials to spoof their identities.
• Spyware is one of the most commonly used cyberattack methods that can be
difficult for users and businesses to identify and can do serious harm to
networks. It also leaves businesses vulnerable to data breaches and data
misuse, often affects device and network performance, and slows down user
activity.
 Difference between Virus, Worm and Trojan
Horse:
Virus Worm Trojan Horse
Virus is a software or computer Worms replicate itself to cause slow Trojan Horse rather than replicate
program that connect itself to down the computer system. capture some important information
another software or computer about a computer system or a
program to harm computer system. computer network.

Virus replicates itself. Worms are also replicates itself. But Trojan horse does not replicate
itself.
Virus can’t be controlled by remote. Worms can be controlled by remote. Like worms, Trojan horse can also be
controlled by remote.

Spreading rate of viruses are While spreading rate of worms are And spreading rate of Trojan horse is
moderate. faster than virus and Trojan horse. slow in comparison of both virus and
worms.

The main objective of virus to modify The main objective of worms to eat The main objective of Trojan horse to
the information. the system resources. steal the information.

Viruses are executed via executable Worms are executed via weaknesses Trojan horse executes through a
files. in system. program and interprets as utility
software.
 Class of Attacks ….
• There are three classes of attack that are commonly found in today's network environment:
Reconnaissance attacks
Access attacks and
Denial of service (DoS)
Reconnaissance attacks
• When I hear the word reconnaissance, I think of a military reconnaissance mission. The
soldier is sent out to gather important information about an area of interest. The same
holds true for a reconnaissance attack on a computer network.
• The hacker surveys a network and collects data for a future attack. Important information
that can be compiled during a reconnaissance attack includes the following:
Ports open on a server
Ports open on a firewall
IP addresses on the host network
Hostnames associated with the IP addresses
 Class of Attacks (Reconnaissance
Attacks……)
• As with access attacks, there are four main subcategories or
methods for gathering network data:
• Packet sniffers (also known as network monitors)
• Ping sweeps/ ICMP
• Port scans
• Information queries
• These attacks can happen in both logical and physical
approaches.
• Whether the information is gathered via searching the network
or through social engineering and physical surveillance, these
attacks can be preventable as well.
 Class of Attacks ….

• Logical Reconnaissance refers to anything that is done in the

digital spectrum and doesn’t require a human on the other side to
complete the reconnaissance attack. Ping sweeps and port scans,
are two methods of discovering both if the system is there and
what it is looking for on the network.
• Physical Reconnaissance:
 It crosses the lines of what a network admin has control of.
 There are elements that will never be protected fully like
locations as well as security elements like cameras, mantraps,
door locks or guards. However, these can play into physically
securing a network.
 Access attacks
http://cisco.num.edu.mn/CCNA_R&S1/course/module11/11.2.2.3/11.2.2.
3.html
 Access attacks exploit known vulnerabilities in authentication services,
FTP services, and web services to gain entry to web accounts,
confidential databases, and other sensitive information.
 An access attack allows an individual to gain unauthorized access to
information that they have no right to view.
 One of the most common types of access attacks is the password attack.
 Password attacks can be implemented using a packet sniffer to yield
user accounts and passwords that are transmitted as clear text.
Password attacks can also refer to repeated attempts to log in to a
shared resource, such as a server or router, to identify a user account,
password, or both. These repeated attempts are called dictionary
attacks or brute-force attacks
 Access attacks …….
Denial of Service (DoS) Attacks
• A denial-of-service (DoS) attack occurs when legitimate users are unable to
access information systems, devices, or other network resources due to the
actions of a malicious cyber threat actor.
• Services affected may include email, websites, online accounts (e.g., banking),
or other services that rely on the affected computer or network.
• A denial-of-service condition is accomplished by flooding the targeted host or
network with traffic until the target cannot respond or simply crashes,
preventing access for legitimate users.
• DoS attacks can cost an organization both time and money while their
resources and services are inaccessible.
 Denial of Service (DoS) Attacks…..

• The primary focus of a DoS attack is to oversaturate the capacity of a

targeted machine, resulting in denial-of-service to additional requests. The
multiple attack vectors of DoS attacks can be grouped by their similarities.
• DoS attacks typically fall in 2 categories:
1. Buffer overflow attacks
An attack type in which a memory buffer overflow can cause a machine to consume
all available hard disk space, memory, or CPU time.
This form of exploit often results in sluggish behavior, system crashes, or other
deleterious server behaviors, resulting in denial-of-service.
2. Flood attacks
By saturating a targeted server with an overwhelming amount of packets, a
malicious actor is able to oversaturate server capacity, resulting in denial-of-service.
In order for most DoS flood attacks to be successful, the malicious actor must have
more available bandwidth than the target.
 Program flaws (Non-malicious)
Flaw
 A term flaw that describes a problem that exists in hardware and
software.
 A flaw is a security risk, cause the program to crash, or cause other
issues. To resolve flaws, the software developer release updates or
patches that updates the code and corrects the issue.
 Programmers are not ‘robots’ but human beings who occasionally
commit mistakes unintentionally. Some of these mistakes do cause any
damage to the program e.g., spelling mistakes.
 Three such common non- malicious programming errors are:
 Buffer overflows,
 The time-of-check to time-of-use (TOCTTOU)
 incomplete mediation.
 Program flaws……..
Buffer overflows
• A buffer-overflow occurs when a memory reference which is beyond the
declared boundary occurs. When an array/ string is declared, a finite memory is
reserved for that variable. E.g., int arr [5] will reserve five memory slots.
• When a reference like ‘arr [5] =22;’ the subscript is out of bounds.
• Some compiler checks for such errors while some don’t (e.g., C compiler).
• Now, for those which don’t check such errors, the question arises as to Where
‘22’ went since no “Buffer Overflow” error happens.
• The answer to that lies as to what is adjacent to arr [4] (the last element of
array). The number ‘22’ will be written in adjacent block of arr [4]. If that
location contained any user’ data- that data will be over-written.
• If at the same spot any program is located (system or user), an attacker can
create a fake overflow and place his own software(code) at that location next to
arr [4].
 Program flaws……..
Buffer overflows
 Program flaws……..
 Incomplete Mediation:
 It means incomplete checking.
 Mediation implements access control that specifies who can access
what
 Incomplete mediation is easy to exploit and attackers use it to cause
security problems.
 For example consider following URL:
 https://www.somesite.com/subpage/userinput&parm1=(808)555-
1212&parm2=2004Jan01.The two parameters look like a telephone
number and a date.
 Probably the client's (user's) web browser enters those two values in
their specified format for easy processing on the server's side.
 Incomplete Mediation …..

• What would happen if parm2 were submitted as 1800Jan01? Or 1800Feb30? Or

2048Min32? Or 1Aardvark2Many? Something would likely fail.
• As with buffer overflows, one possibility is that the system would fail catastrophically,
with a routine's failing on a data type error as it tried to handle a month named "Min" or
even a year (like 1800) which was out of range.
• Another possibility is that the receiving program would continue to execute but would
generate a very wrong result. Then again, the processing server might have a default
condition, deciding to treat 1Aardvark2Many as 3 July 1947. The possibilities are endless.
• One way to address the potential problems is to try to anticipate them. For instance, the
programmer in the examples above may have written code to check for correctness on
the client's side (that is, the user's browser). The client program can search for and screen
out errors. Or, to prevent the use of nonsense data, the program can restrict choices only
to valid ones.
• For example, the program supplying the parameters might have solicited them by using a
drop-down box or choice list from which only the twelve conventional months would
have been possible choices.
 Program flaws……..
Time-of-Check to Time-of-Use (TOCTTOU)

The problem is called a time-of-check to time-of-use flaw because it

exploits the delay between the two times. That is, between the time the
access was checked and the time the result of the check was used, a
change occurred, invalidating the result of the check.
• The time-of-check to time-of-use (TOCTTOU) flaw concerns mediation that
is performed with a "bait and switch" in the middle. It is also known as a
serialization or synchronization flaw.
 Program flaws……..
 Controls to protect against program flaws in execution
 The following are the major controls that need to be taken to control program flaws in the
execution.
 Proper input validation
 Preserve Operating System command structure
 Constraining operations within the boundaries of a memory buffer.
 Protecting external control of file name, path, and data.
 Effectively controlling code generation also known as conde injection
 Properly initialization of variables in a program
 Applying proper error handling in a program
 Beyond these, programmers should also put into consideration the following countermeasures to
ensure program flaws.
 Apply software engineering techniques.
 Use Information hiding and encapsulation
 Apply Modularity.
 Use Mutual suspicion
 Ensure confinement
Thank you !!!
 Chapter Three 3.
Cryptography and Encryption Technique
Basic cryptographic term
Definition:
 Cryptography is associated with the process of converting
ordinary plain text into unintelligible text and vice-versa.
 It is a method of storing and transmitting data in a particular
form so that only those for whom it is intended can read and
process it.
 Cryptography not only protects data from theft or alteration,
but can also be used for user authentication.
 Basic cryptographic term….
 Basic terminologies:
• Plaintext-text that is not computationally tagged, specially formatted, or
written in code.
• Encryption(encipherment): the process of transforming information (plaintext)
using an algorithm (cipher) to make it unreadable to anyone except those
possessing special knowledge.
• Cypher-text: It is the encrypted text. Plaintext is what you have before
encryption, and cipher-text is the encrypted result.
• The term cipher is sometimes used as a synonym for ciphertext, but it more
properly means the method of encryption rather than the result.
• Decryption (decipherment): the process of making the encrypted information
readable again
• Key: the special knowledge shared between communicating parties
 Basic cryptographic term...

 Historical background
• Encryption or cryptography which means secret writing, is probably the
strongest defense in the arsenal of computer security protection.
• Well disguised data cannot easily be read, modified, or fabricated.
• Simply put, encryption is like a machine: you put data into one end,
gears spin and lights flash, you receive modified data out in the other
end.
• In fact, some encryption devices used during the World War II operated
with actual gears and rotors and these devices were effective in
deterring the opposite side from reading the protected messages.
• Now the machinery has been replaced by computer algorithms but, the
principle is the same. A transformation makes data difficult for an
outsider to interrupt
 Cipher Techniques

What is Cipher?

 Cipher is a frequently used algorithm in cryptology, a subject concerned with the

study of cryptographic algorithm.
 It is a method of encrypting and decrypting data.

 There are various types of ciphers, including:

 Substitution ciphers
 Transposition ciphers
 Permutation ciphers
 Private-key cryptography
 Public-key cryptography
 Cipher Techniques…..

Transposition Cipher
Example:
 Exercise
• Given the plain text , P = “meet me near the clock tower at twelve
midnight tonite”
• create a table and give its cipher text. [use 5 column]
 Cipher Techniques….

Substitution cipher
• In a Substitution cipher, any character of plain text from the given fixed set of
characters is replaced by some other character from the same set depending
on a key. For example with a shift of 1, A would be replaced by B, B would
become C, and so on.
• Note: Special case of Substitution cipher is known as Caesar cipher where the
key is taken as 3.
• Caesar cipher (or) shift cipher
• The Caesar cipher is a simple encryption technique that was used by Julius Caesar
to send secret messages to his allies. It works by shifting the letters in the
plaintext message by a certain number of positions, known as the “shift” or “key”
• The Caesar cipher involves replacing each letter of the alphabet with the letter
standing 3 places further down the alphabet.
 Example

plain text : pay more money

Cipher text: SDB PRUH PRQHB
Note that the alphabet is wrapped around,
 so that letter following „z‟ is „a‟.
 For each plaintext letter p, substitute the cipher
text letter c such that C = E(p) = (p+3) mod 26
A shift may be any amount, so that general
Caesar algorithm is C = E (p) = (p+k) mod 26
Where k takes on a value in the range 1 to 25.
 The decryption algorithm is simply P = D(C) =
(C-k) mod 26
 Exercise

Given the plain text , P = “ CRYPTOGRAPHYISFUN “ and key(shift) = 11

then Give the cipher text, C . Use the alphabets
 Conventional encryption algorithm
Conventional encryption is a cryptographic system that uses the same key used by the
sender to encrypt the message and by the receiver to decrypt the message. It was the
only type of encryption in use prior to the development of public-key encryption.
Conventional encryption has mainly 5 ingredients.
1.Plain text – It is the original data that is given to the algorithm as an input.
2.Encryption algorithm – This encryption algorithm performs various transformations
on plain text to convert it into ciphertext.
3. Secret key – The secret key is also an input to the algorithm. The encryption
algorithm will produce different outputs based on the keys used at that time.
4. Ciphertext – It contains encrypted information because it contains a form of
original plaintext that is unreadable by a human or computer without proper cipher
to decrypt it. It is output from the algorithm.
5. Decryption algorithm :This is used to run encryption algorithms in reverse.
Ciphertext and Secret key is input here and it produces plain text as output
Cont…
 Cont….
Cryptanalysis:
• Cryptanalysis is the study of ciphertext, ciphers and cryptosystems with the aim of
understanding how they work and finding and improving techniques for defeating or
weakening them.
• For example, cryptanalysts seek to decrypt ciphertexts without knowledge of the plaintext
source, encryption key or the algorithm used to encrypt it;
• Ciphertext:
 refers to encrypted text transformed from plaintext using an encryption algorithm.
 You can’t read ciphertext until you convert it into plaintext or decrypt it with a key.
 Cipher: is an algorithm used to encrypt or decrypt data.
 It is a series of well-defined steps to follow to encrypt or decrypt plaintext.

• Finally, a cryptosystem is a suite of cryptographic algorithms used to secure or

encrypt information.
• It typically uses three algorithms one for key generation, another for encryption, and
one more for decryption.
 Cryptographic System
Cryptographic System
• Most practical cryptographic systems combine two elements:
 algorithm which is a set of rules that specify the mathematical steps
needed to encipher or decipher data.
A cryptographic key (a string of numbers or characters), or keys.
• The algorithm uses the key to select one relationship between plaintext and
ciphertext out of the many possible relationships the algorithm provides.
The selected relationship determines the composition of the algorithm's
result. There are two main types of cryptographic processes:
• Symmetric, or secret key, algorithms, in which the same key value is used in
both the encryption and decryption calculations.
• Asymmetric, or public key, algorithms, in which a different key is used in the
decryption calculation than was used in the encryption calc
 Cryptographic System(cont…)
Symmetric key cryptography
 In this scheme, the same key is used to encrypt the plaintext and decrypt the cipher
text.
 Symmetric encryption can also be either a stream cipher or block cipher with the
former being the process of encrypting each of input text one by one whereas the
latter being the process of enciphering a block of the input text at once.
 Data Encryption Standard (DES)
 Data Encryption Standard (DES) is a block cipher with a 56-bit key length
that has played a significant role in data security.
 Data encryption standard (DES) has been found vulnerable to very
powerful attacks therefore, the popularity of DES has been found slightly
on the decline.
 DES is a block cipher and encrypts data in blocks of size of 64 bits each,
which means 64 bits of plain text go as the input to DES, which produces
64 bits of ciphertext.
 The same algorithm and key are used for encryption and decryption, with
minor differences.
 The key length is 56 bits.
 DES….
• DES is based on the two fundamental attributes of cryptography:
Substitution (also called confusion) and
Transposition (also called diffusion).
• DES consists of 16 steps, each of which is called a round.
• Each round performs the steps of substitution and
transposition.
 DES…
Triple DES Algorithm
• Triple DES, first proposed in 1981 by Merkle and
Hellman, is a block cipher that uses a three fold
DES algorithm.
• The Triple DES (TDES or 3DES) uses three keys – K1,
K2 and K3. Using three keys is encryption,
decryption and encryption again, for K1, K2 and
K3, respectively.
• There is also a two-key variant, where k1 and k3
are t
• The most notable uses of Triple DES include the
electronic payment industry.
• Various Microsoft products also use it to protect
user content and system data.
• Applications like Firefox also use Triple DES for
encrypting website authentication login
credentials.
 Steps of the DES Algorithm

The DES algorithm is a complex process involving several steps in both

encryption and decryption.
 Steps of the DES Algorithm….

The encryption procedure consists of five stages. These are

Broad level steps in DES
 Cont….
Initial Permutation(IP)
Example:
• The Initial Permutation process occurs only once, that
too before the first round.
• This is an adjustment process.
• It is more or less a jugglery of bit positions of the
original text block.
• For example(next slide), the IP process replaces the first
bit with the 58th bit of original text, the second bit with
the 50th bit, the third with the 42nd bit, and so on.
• After the IP process is complete, the permuted 64-bit
text block is divided into two half blocks, each
consisting of 32 bits. These two blocks are Left Plain
Text (LPT) and Right Plain Text (RPT).
 Cont….

Fig: Initial Permutation

 Step 1: Key Transformation
 Before the process begins, every 8th bit of the initial DES’s 64-bit
key is eliminated. Hence, the bit positions eliminated are 8, 16,
24, 32, 40, 48, 56 and 64, thus, forming a 56-bit key.
 Now, the Key Transformation includes generating a sub-key
containing 48-bit positions from the 56-bit key. The 56-bit key
divides into two halves, each of which is 28-bit. Depending on the
number of the round, these halves get shifted by a position or
two. For example, for the 1st,2nd,9th and 16th rounds, each of the
two halves shifts by one position. For the remaining ones, they
shift by two.
 This process produces a 48-bit key. During the shifting procedure,
some bits in the 56-bit key are lost. And thus, it forms the 48-bit
key.
 This process is called compression permutation.
 Using different subset of key bits in each round makes DES not easy to crack.
 Step 2: Expansion Permutation
• After IP, we had two halves
LPT and RPT.
• During this process, i.e., the
expansion permutation, the
RPT is expanded into 48-bit
from 32-bit.
• The 32-bit RPT first divides
into eight blocks. Each of
these blocks contains 4 bits.
Then an extra two bits are
added to each 4-bit block
resulting in 6-bit blocks.
• After this, the bits undergo a
permutation procedure to form
48-bit data. Further, an XOR
function applies to the 48-bit
RPT and the 48-bit key
acquired from the compression
permutation procedure.
S-Box substitution
S-box
Steps for Decryption
DES Algorithm – Pros and Cons
 Application of DES Algorithm

• It is used in random generation

• It is deployed when not-so-strong in needed
• It is used to develop a new form of DES, called Triple
DES(using 168-bit key formed bits using three keys )
 Why Learn an DES That Has Become
Irrelevant?
 Although DES has lost ground and is no longer the gold standard of
encryption standards, you can still learn a lot by understanding DES.
 DES was the first encryption standard and the core of all the latest
encryption standards.
 To have proper in-depth knowledge about data encryption, it’s
always best to start from the very beginning.
 Advanced Encryption Standard (AES) and It’s Working
• The Advanced Encryption Standard (AES) cipher, also known as "Rijndael" is
a popular, secure, widely used symmetric key block cipher algorithm, used
officially as recommended encryption technology standard in the United
States.
• AES comprises three block ciphers, AES-128, AES-192 and AES-256.
• Each cipher encrypts and decrypts data in blocks of 128 bits using
cryptographic keys of 128-, 192- and 256-bits, respectively.
• Symmetric or secret key ciphers use the same key for encrypting and
decrypting, so both the sender and the receiver must know and use the same
secret key.
• All key lengths are deemed sufficient to protect classified information up to
the "Secret" level with "Top Secret" information requiring either 192- or 256-
bit key lengths.
 What is Symmetric or Secret key?

• Symmetric key cryptography

systems use the same key for
both to encrypt the plain text
and to decrypt the cipher text.
• Symmetric key systems have
the advantage of being simple
and fast.
• However, the important factor
to be considered is that the
parties involved must exchange
the key in a secured way.
 Cont…
• AES is based on a design principle known as a substitution-
permutation network, combination of both substitution
and permutation, and is fast in both software and hardware.
• Unlike its predecessor DES, AES does not use a Feistel
network.
• AES is a variant of Rijndael which has a fixed block size of
128 bits, and a key size of 128, 192, or 256 bits.
• AES operates on a 4 × 4 column-major order matrix of
bytes, termed the state, although some versions of Rijndael
have a larger block size and have additional columns in the
state.
• Most AES calculations are done in a special finite field.
• For instance, if there are 16 bytes b0, b1… b15, these bytes
are represented as this matrix:
 Cont…

• The key size used for an AES cipher specifies the number of repetitions of
transformation rounds that convert the input, called the plaintext, into the
final output, called the cipher text. The numbers of cycles of repetition are
as follows:

 Each round consists of several processing steps, each containing four

similar but different stages, including one that depends on the encryption
key itself. A set of reverse rounds are applied to transform cipher text back
into the original plaintext using the same encryption key.
 Encryption Process

 Data encryption using AES

consists of several rounds,
depending on the cipher
blocks, i.e. AES-128, AES-192
and AES-256.
 A typical round in AES
encryption comprise of four
sub-processes.
 The first round process is
depicted below
 Encryption Process……
AES works on the following 4 steps:

The above figure illustrates the sub

processes of the intermediate rounds,
the initial and final rounds comprise of
subtle different process.
Cont….
 Cont….
ShiftRows
• The ShiftRows step operates on the rows of the
state; it cyclically shifts the bytes in each row by
a certain offset.
• For AES, the first row is left unchanged. Each
byte of the second row is shifted one to the left.
• Similarly, the third and fourth rows are shifted
by offsets of two and three respectively.
• For blocks of sizes 128 bits and 192 bits, the
shifting pattern is the same.
• Row n is shifted left circular by n-1 bytes.
• For a 256-bit block, the first row is unchanged
and the shifting for the second, third and fourth
row is 1 byte, 3 bytes and 4 bytes respectively—
this change only applies for the Rijndael cipher
when used with a 256-bit block, as AES does not
use 256-bit blocks
 Cont….
MixColumns
• In the MixColumns step, the four bytes
of column of the state are combined
using an invertible linear
transformation.
• The MixColumns function takes four
bytes as input and outputs four bytes,
where each input byte affects all four
output bytes.
• Together with ShiftRows, MixColumns
provides diffusion in the cipher.
• During this operation, each column of
state is transformed by multiplying with
a fixed polynomial c(x).
 Cont…
AddRoundKey
 In the AddRoundKey step, the subkey is
combined with the state.
 For each round, a subkey is derived from the
main key using Rijndael's key schedule; each
subkey is the same size as the state.
 The subkey is added by combining each byte
of the state with the corresponding byte of
the subkey using bitwise XOR.
FinalRound
• The FinalRound comprise of all the sub
processes of rounds, except the MixColumns
step.
• Rest of the process is entirely similar to that
of Rounds
Cont….
Public Key Cryptography and RSA
 Public Key Cryptography and RSA
Private-Key Cryptography
 Traditional private/secret/single key cryptography uses
one key
 Shared by both sender and receiver
 If this key is disclosed communications are compromised
 also is symmetric, parties are equal.
 hence does not protect sender from receiver forging a
message & claiming is sent by sender
 Public-Key Cryptography….
Public-Key Cryptography
• probably most significant advance in the 3000 year
history of cryptography
• uses two keys – a public & a private key
• asymmetric since parties are not equal
• uses clever application of number theoretic concepts to
function
• complements rather than replaces private key crypto
 Public-Key Cryptography….
 public-key/two-key/asymmetric cryptography involves the use
of two keys:
a public-key, which may be known by anybody, and can be used to
encrypt messages, and verify signatures
a private-key, known only to the recipient, used to decrypt messages,
and sign (create) signatures.
 is asymmetric because
• those who encrypt messages or verify signatures cannot
decrypt messages or create signatures.
Public-Key Cryptography….
 Why Public-Key
Cryptography?
Developed to address two key issues:
key distribution – how to have secure
communications in general without having to trust
a KDC with your key
digital signatures – how to verify a message
comes intact from the claimed sender
Public invention due to Whitfield Diffie & Martin
Hellman at Stanford Uni in 1976
known earlier in classified community
 Public-Key Characteristics
Public-Key algorithms rely on two keys with the characteristics
that it is:
computationally infeasible to find decryption key knowing only
algorithm & encryption key
computationally easy to en/decrypt messages when the
relevant (en/decrypt) key is known
either of the two related keys can be used for encryption, with
the other used for decryption (in some schemes)
Public-Key Cryptosystems
 Public-Key Applications
Can classify uses into 3 categories:
 encryption/decryption (provide secrecy)
 digital signatures (provide authentication)
 key exchange (of session keys)
Some algorithms are suitable for all uses, others are specific
to one
 Security of Public Key
Schemes
• like private key schemes brute force exhaustive search
attack is always theoretically possible.
• but keys used are too large (>512bits)
• security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard
(cryptanalyse) problems.
• more generally the hard problem is known, its just
made too hard to do in practise
• requires the use of very large numbers
• hence is slow compared to private key schemes
 RSA
• by Rivest, Shamir & Adleman of MIT in 1977
• best known & widely used public-key scheme
• based on exponentiation in a finite (Galois) field over integers
modulo a prime
nb. exponentiation takes O((log n)3) operations (easy)
• uses large integers (eg. 1024 bits)
• security due to cost of factoring large numbers
nb. factorization takes O(e log n log log n) operations (hard)
 RSA Key Setup
• each user generates a public/private key pair
by:
• selecting two large primes at random: p,q Totient function (n)
Number of positive integers less than n
• computing their system modulus N=p.q
and relatively prime to n
 Totient function (N)=(p-1)(q-1) Relatively prime means with no factors
in common with n
• selecting at random the encryption key e Example: (10) = 4
 where 1<e<ø(N),gcd(e,ø(N)=1 1, 3, 7, 9 are relatively prime to 10
Example: (21) = 12
• solve following equation to find decryption 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20
key d are relatively prime to 21
e.d=1 mod ø(N) and 0≤d≤N
• publish their public encryption key: KU={e,N}
• keep secret private decryption key:
KR={d,p,q}
 RSA Use
• to encrypt a message M the sender:
obtains public key of recipient KU={e,N}
computes: C=Me mod N, where 0≤M<N
• to decrypt the ciphertext C the owner:
 uses their private key KR={d,p,q}
computes: M=Cd mod N
• note that the message M must be smaller than the modulus
N (block if needed)
 Why RSA Works
because of Euler's Theorem:
aø(n)mod N = 1
→where gcd(a,N)=1
in RSA have:
→N=p.q

→ø(N)=(p-1)(q-1)

→carefully chosen e & d to be inverses mod ø(N)

→hence e.d=1+k.ø(N) for some k

hence :
Cd=(Me)d = M1+k.ø(N)=M1.(Mø(N))q = M1.(1)q = M1=M mod N
 RSA Example
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value is
d=23 since 23×7=161.
6. Publish public key KU={7,187}
7. Keep secret private key KR={23,17,11}
 RSA Example cont
 sample RSA encryption/decryption is:
 given message M=88 (nb. 88<187)
 encryption:
C=887 mod 187=11
decryption:
M=1123 mod 187=88
 RSA Key Generation

users of RSA must:

determine two primes at random - p, q

select either e or d and compute the other

primes p,q must not be easily derived from modulus N=p.q

means must be sufficiently large

typically guess and use probabilistic test

exponents e, d are inverses, so use Inverse algorithm to compute

the other
 Questions
1. Finding the decryption key using Euclidean and extended Euclidean Algorithm.
2. Calculating d using the following equations de=1mod(n)
Thank you !!!
 Chapter four
Network Security

Network security basics

In network security,
three common terms
are used as:
1.Vulnerabilities
2.Threats
3.attacks
 Vulnerabilities, Threats, attacks

 A threat is any potential occurrence, malicious or otherwise, that

could harm an asset. In other words, a threat is any bad thing that
can happen to your assets.
 A vulnerability is a weakness that makes a threat possible.
 This may be because of poor design, configuration mistakes, or
inappropriate and insecure coding techniques.
 An attack is an action that exploits a vulnerability or enacts a
threat.
 Examples of attacks include sending malicious input to an
application or flooding a network in an attempt to deny service.
 What are the differences between attack and Threat?

• Threat can be either intentional or unintentional where as an attack is

intentional.
 Threat is a circumstance that has potential to cause loss or damage
whereas attack is attempted to cause damage.
 Threat to the information system doesn’t mean information was altered
or damaged but attack on the information system means there might be
chance to alter, damage, or obtain information when attack was
successful.
 A security threat is the expressed potential for the occurrence of an
attack.
 A security attack is an action taken against a target with the intention of
doing harm.
 Vulnerability
 Intentional attacks on computing resources and networks persist
for a number of reasons
 The vulnerabilities could be weaknesses in the technology,
configuration, or security policy.
 Any discovered vulnerability must be addressed to mitigate any
threat that could take advantage of the vulnerability.
 It is difficult to thoroughly test an application for all possible
intrusions
 Vulnerability…..
 In summary, vulnerability—A weakness that is inherent in
every network and device.
 This includes: • routers, switches, desktops, servers, and even
security devices themselves.
 Networks are typically plagued by one or all of three primary
vulnerabilities or weaknesses:
 Technology weaknesses
 Configuration weaknesses
 Security policy weaknesses
 Vulnerability…..
Technology weaknesses
Technology weaknesses
….
Configuration weakness…..
Security Policy Weakness
Security Policy Weakness …..
Threats
 Threats…….
There are four primary class of threats to network security

1. Unstructured threats
2. Structured threats
3. External threats
4. Internal threats
Threat…
Threat…
Threat…
 Threat…
Internal threats
Attack
Attacks
 Network security protocols
• In today’s world, we transfer the data in bulk, and
the security of this data is very important, so Internet
security provides that feature i.e., protection of data.
• There are different types of protocol exist like
routing, mail transfer, and remote communication
protocol. But the Internet security protocol helps in
the security and integrity of data over the internet.
• There are many protocols that exist that help in the
security of data over the internet such as
Internet Protocol Security (IPsec) Protocol
Secure Socket Layer (SSL):
Transport Layer Security (TLS).
 Internet Protocol Security (IPsec)
Protocol
• IPsec is a protocol and algorithm suite that secures data transferred
over public networks like the Internet. The Internet Engineering Task
Force (IETF) released the IPsec protocols in the 1990s. They encrypt
and authenticate network packets to provide IP layer security.
• IPsec originally contained the ESP and AH protocols. Encapsulating
Security Payload (ESP) encrypts data and provides authentication,
while Authentication Header (AH) offers anti-replay capabilities and
protects data integrity. The suite has since expanded to include the
Internet Key Exchange (IKE) protocol, which provides shared keys
establishing security associations (SAs). These enable encryption
and decryption via a firewall or router.
• IPsec can protect sensitive data and VPNs, providing tunneling to
encrypt data transfers. It can encrypt data at the application layer
and enables authentication without encryption.
 Internet Security Protocols……

SSL Protocol: Layer 5

 SSL Protocol stands for Secure Sockets Layer protocol, which is
an encryption-based Internet security protocol that protects
confidentiality and integrity of data.
 used to ensure the privacy and authenticity of data over the
internet.
 is located between the application and transport layers.
 At first, SSL contained security flaws and was quickly replaced by the
first version of TLS that’s why SSL is the predecessor of the modern
TLS encryption.
 TLS/SSL website has “HTTPS” in its URL rather than “HTTP”.
 SSL is divided into three sub-protocols:
 the Handshake Protocol,
 the Record Protocol, and
 the Alert Protocol.
 Internet Security Protocols……

TLS Protocol: OSI Layer 5

• Same as SSL, TLS which stands for Transport Layer
Security is widely used for the privacy and security of
data over the internet.
• uses a pseudo-random algorithm to generate the
master secret which is a key used for the encryption
between the protocol client and protocol server.
• used for encrypting communication between online
servers like a web browser loading a web page in the
online server.
• has three sub-protocols the same as SSL protocol:
Handshake Protocol, Record Protocol, and Alert Protocol
 Internet Security Protocols……

SHTTP(Secure HyperText Transfer Protocol)

 is a collection of security measures like Establishing strong passwords, setting up a
firewall, thinking of antivirus protection, and so on designed to secure internet
communication.
 Includes data entry forms that are used to input data, which has previously been
collected into a database. As well as internet-based transactions.
 SHTTP’s services are quite comparable to those of the SSL protocol.
 works at the application layer (that defines the shared communications protocols
and interface methods used by hosts in a network) and is thus closely linked with
HTTP.
 can authenticate and encrypt HTTP traffic between the client and the server.
 operates on a message-by-message basis. It can encrypt and sign individual
messages.
 Internet Security Protocols……

HTTP and HTTPS—OSI Layer 7

• HTTP is an application protocol that specifies rules for web file
transfers.
• Users indirectly use HTTP when they open their web browser. It runs
on top of the Internet protocol suite.
• HTTPS is the secure version of HTTP, securing the communication
between browsers and websites. It helps prevent DNS spoofing and
man-in-the-middle attacks, which is important for websites that
transmit or receive sensitive information. All websites requiring user
logins or handling financial transactions are attractive data theft
targets and should be using HTTPS.
• HTTPS runs over the SSL or TLS protocol using public keys to enable
shared data encryption. HTTP uses port 80 by default, while HTTPS
uses port 443 for secure transfers. With HTTPS, the server and browser
must establish the communication parameters before initiating data
transfers.
 Internet Security Protocols……

Kerberos Protocol—OSI Layer 7

• Kerberos is a service request authentication protocol for
untrusted networks like the public Internet. It authenticates
requests between trusted hosts, offering built-in Windows, Mac,
and Linux operating system support.
• Windows uses Kerberos as its default authentication protocol
and a key component of services like Active Directory (AD).
Broadband service providers use it to authenticate set-top
boxes and cable modems accessing their networks.
• Systems, services, and users, only need to trust the KDC when
using Kerberos. KDC offers authentication and grants tickets to
enable nodes to authenticate each other. Kerberos uses shared
secret cryptography to authenticate packets and protect them
during transmission.
 Internet Security Protocols……

Kerberos
Kerberos is a network authentication protocol that is designed to
provide strong authentication for client/server applications using
secret-key cryptography. The Kerberos network authentication
protocol assumes that services and workstations communicate
over an insecure network. It allows clients and servers to do
either one way, or two-way (mutual) authentication. It allows for
data encryption and prevents passwords from having to be
retyped to access networked services and also prevents their
transmission in plain text over the network. This feature can help
reduce the need to manage multiple password
 Internet Security Protocols……

Application layer security

Application layer security refers to ways of protecting web
applications at the application layer (layer 7 of the OSI model) from
malicious attacks.
Since the application layer is the closest layer to the end user, it
provides hackers with the largest threat surface.
 Application layer security …….

Poor app layer security can lead to performance and stability

issues, data theft, and in some cases the network being
taken down.
Examples of application layer attacks include distributed
denial-of-service attacks (DDoS) attacks, HTTP floods, SQL
injections, cross-site scripting, parameter tampering, and
Slowloris attacks.
To combat these and more, most organizations have an
arsenal of application layer security protections, such as web
application firewalls (WAFs), secure web gateway services,
and others.
 Internet Security Protocols……

Wireless Security
• Wireless security is the prevention of unauthorized access or damage to
computers or data using wireless networks, which include Wi-Fi networks.
• The term may also refer to the protection of the wireless network itself from
adversaries seeking to damage the confidentiality, integrity, or availability of
the network.
• The most common type is Wi-Fi security, which includes Wired Equivalent
Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11
standard from 1997.
• It is a notoriously weak security standard: the password it uses can often be
cracked in a few minutes with a basic laptop computer and widely available
software tools.
 Wireless Security…..

• WEP was superseded in 2003 by WPA, or Wi-Fi Protected

Access.
• WPA was a quick alternative to improve security over WEP.
• The current standard is WPA2; some hardware cannot support
WPA2 without firmware upgrade or replacement.
• WPA2 uses an encryption device that encrypts the network with
a 256-bit key; the longer key length improves security over WEP.
• Enterprises often enforce security using a certificate-based
system to authenticate the connecting device, following
Thank you !!!
 Chapter Five
Security Mechanisms

• Firewall
• Proxy server
• Intrusion Detection system /Intrusion prevention System
• Virtual Private network
 Security Mechanisms…..

 Tools and techniques that are used to implement security services.

 A mechanism might operate by itself, or with others, to provide a
particular service.
Firewall:
 A firewall is a network security device that monitors incoming and
outgoing network traffic and decides whether to allow or block
specific traffic based on a defined set of security rules.
 firewalls establish a barrier between secured and controlled
internal networks that can be trusted and untrusted outside
networks, such as the Internet.
 A firewall can be hardware, software, or both.
 Firewalls…..
Types of firewalls
 Proxy Firewall
 Stateful inspection firewall
 Unified threat management (UTM) firewall
 Next-generation firewall (NGFW)
 Firewalls…..
Proxy Firewall
• An early type of firewall device, a proxy firewall serves as the
gateway from one network to another for a specific
application.
• Proxy servers can provide additional functionality such as
content caching and security by preventing direct connections
from outside the network. However, this also may impact
throughput capabilities and the applications they can support.
 Firewall….
Stateful inspection firewall
• Now thought of as a “traditional” firewall,
• allows or blocks traffic based on state, port, and protocol.
• It monitors all activity from the opening of a connection until it
is closed.
• Filtering decisions are made based on both administrator-
defined rules as well as context, which refers to using
information from previous connections and packets belonging
to the same connection.
 Firewall……

Unified threat management (UTM) firewall:

• A UTM device typically combines, in a loosely coupled way, the
functions of a stateful inspection firewall with intrusion
prevention and antivirus.
• It may also include additional services and often cloud
management.
• Focus on simplicity and ease of use
 Firewalls……
Next-generation firewall (NGFW)
• Firewalls have evolved beyond simple packet filtering and
stateful inspection.
• Most companies are deploying next-generation firewalls to
block modern threats such as advanced malware and
application-layer attack
 Firewall…
 According to Gartner, Inc.’s definition, a next-generation
firewall must include:
 Standard firewall capabilities like stateful inspection
 Integrated intrusion prevention
 Application awareness and control to see and block risky apps
 Upgrade paths to include future information feeds
 Techniques to address evolving security threats
 While these capabilities are increasingly becoming the
standard for most companies, NGFWs can do more.
 Security Mechanisms….
Proxy server
 A proxy server is any machine that translates traffic between networks or protocols.
 It’s an intermediary server separating end-user clients from the destinations that they browse.
 Proxy servers provide varying levels of functionality, security, and privacy depending on your use case,
needs, or company policy.
 Some people use proxies for personal purposes, such as hiding their location while watching movies
online, for example.
For a company, however, they can be used
to accomplish several key tasks such as:
1. Improve security
2.Secure employees’ internet activity from
people trying to snoop on them
3. Balance internet traffic to prevent crashes
4. Control the websites, employees and staff
access in the office
5. Save bandwidth by caching files or
compressing incoming traffic
 Proxy server…..

How a proxy server works?

• Because a proxy server has its own IP address, it acts as a go-
between for a computer and the internet.
• Your computer knows this address, and when you send a
request on the internet, it is routed the proxy which then gets
the response from the web server and forwards the data from
the page to your computer’s browser, like Chrome, Safari,
Firefox, or Microsoft Edge.
 Proxy Server……

Benefits of a Proxy Server

1. Enhanced security: Can act like a firewall between your systems and the internet.
Without them, hackers have easy access to your IP address, which they can use to
infiltrate your computer or network.
2. Private browsing, watching, listening, and shopping: Use different proxies to help
you avoid getting inundated with unwanted ads or the collection of IP-specific data.
3. Access to location-specific content: You can designate a proxy server with an
address associated with another country. You can, in effect, make it look like you
are in that country and gain full access to all the content computers in that country
are allowed to interact with.
4. Prevent employees from browsing inappropriate or distracting sites: You can use it
to block access to websites that run contrary to your organization’s principles. Also,
you can block sites that typically end up distracting employees from important
tasks. Some organizations block social media sites like Facebook and others to
remove time-wasting temptations.
 proxy server…..
Types of proxy server
• Forward Proxies
• Open Proxy:
• Reverse proxies
 Types of proxy server

1. Forward Proxies
In this the client requests its
internal network server to forward
to the internet.

2. Open Proxy
Open Proxies helps the clients to
conceal their IP address while
browsing the web

3. Reverse proxies
In this the requests are forwarded to
one or more proxy servers and the
response from the proxy server is
retrieved as if it came directly from the
original Server.
 Intrusion Detection system(IDS)

 An intrusion detection system (IDS) is a device or software

application that monitors a network for malicious activity or policy
violations.
 The IDS is also a listen-only device. The IDS monitors traffic and
reports results to an administrator. It cannot automatically take
action to prevent a detected exploit from taking over the system.
 Attackers are capable of exploiting vulnerabilities quickly once they
enter the network. Therefore, the IDS is not adequate for prevention.
 Intrusion detection and intrusion prevention systems are both
essential to security information and event management.
 Intrusion prevention System(IPS)

• You want to stop an attack as soon as it's discovered, even if that

means closing down legitimate traffic for security concerns.
• An intrusion protection system (IPS) could be just right for you.
• The goal of an IPS is to prevent damage. While you're kept in
the loop about the attack, the system is already working to keep
things safe.
• An IPS can protect against exterior intruders. But people within
your organization can also take steps that harm your security.
• An IPS can protect against these actions too, so it can help train
your employees about what is allowed and what is not.
IDS vs IPS
 Security Mechanisms….
Virtual Private network
• A virtual private network, or VPN, is an encrypted
connection over the Internet from a device to a
network.
• The encrypted connection helps to ensure that
sensitive data is safely transmitted.
• It prevents unauthorized people from eavesdropping
on the traffic and allows the user to conduct work
remotely.
• VPN technology is widely used in corporate
environments.
 Virtual private network (VPN)

How does a virtual private network (VPN)

 A VPN extends a corporate network through
encrypted connections made over the Internet.
 Because the traffic is encrypted between the
device and the network, traffic remains private as
it travels.
 An employee can work outside the office and still
securely connect to the corporate network.
 Even smartphones and tablets can connect
through a VPN
 Is VPN traffic encrypted?
• Yes, traffic on the virtual network is sent securely by
establishing an encrypted connection across the Internet
known as a tunnel.
• VPN traffic from a device such as a computer, tablet, or
smartphone is encrypted as it travels through this tunnel.
• Offsite employees can then use the virtual network to access
the corporate
Thank you !!!