NETWORK SECURITY

(18EC821)
Course Code : 18EC821
CIE Marks :40
Lecture Hours/Week : 3
SEE Marks : 60
Total Number of Lecture
Hours (08 Hrs / Module)
Exam Hours :03
CREDITS — 03
Module-1
Attacks on Computers and Computer Security: Need for Security, Security
Approaches, Principles of Security Types of Attacks. (Chapterl-Teth) L1, L2
Module-2
Transport Level Security: Web Security Considerations, Secure Sockets
Layer, Transport Layer Security, HTTPS, Secure Shell (SSH) (ChapterlS-
Textl) L1,L2

Module-3
IP Security: Overview of IP Security (IPSec),IP
SecurityArchitecture, Modes of Operation, Security
Associations (SA), Authentication Header (AH), Encapsulating
Security Payload (ESP), Internet Key Exchange. (Chapter19-
Text1) L1,L2
Module-4
Intruders, Intrusion Detection.(Chapter2 0-Text1) MALICIOUS
SOFTWARE: Viruses and Related Threats, Virus Counter
measures, (Chapter21-Text1) L1,L2
Module-5
Firewalls: The Need for firewalls, Firewall Characteristics,
Types of Firewalls, Firewall Biasing, Firewall location and
configuration (ChapterZZ-Text 1) L1, L2
• Text Books:
• Cryptography and Network Security Principles and Practice!,
Pearson Education Inc., William Stallings, 5th Edition, 2014,
ISBN: 978-81-317- 6166-3.
• Cryptography and Network Security, Atul Kahate, TMH, 2003.
 Explain network security services and mechanisms and
C410.1
security concepts

C410.2 Apply Transport Level Security concepts for web, SSL,HTTP

& Secure Socket Layer.

C410.3 Interpret Security concerns in Internet Protocol security

C410.4 Outline Intruders, Malicious Software & firewalls.

C410.5 Engage in self study as a team member/individual to

demonstrate the applications of Network security for a
given assignment.
 Module 1

Attacks on Computers and Computer

Security
 Need for security
Attacks on
Computers Security approaches
and
Computer Principles of security
Security Types of attacks
• Cyber security?
Computer security?
 Need for security
• Examples:

1. Provide user ID and password

to user – authenticate
2. Encode information stored in
the databases – not visible to
the users - do not have the
right permissions
 Need for Security
Example of information travelling from a client to a
server over the internet
 Security approaches

No security – decision to implement no security

at all

Security through obscurity – Nobody knows

about existence and contents

Host security – Security for each host is

enforced

Network security – Control the network access

to various hosts and their services
 Security management practices

A GOOD SECURITY AFFORDABILITY – FUNCTIONALITY – CULTURAL ISSUES

POLICY TAKES HOW MUCH COST MECHANISM OF – EXPECTATIONS,
CARE OF FOUR AND EFFORTS? PROVIDING WORKING STYLE
KEY ASPECTS SECURITY? AND BELIEFS?

LEGALITY – MEETS
THE LEGAL
REQUIREMENTS?
Principles of security

Confidentiality Integrity

Authentication Non- repudiation

Access control Availability

Loss of confidentiality
Absence of authentication
Loss of integrity
 Establishing non-repudiation

• Access control:
• It specifies and
controls who can
access what
Attack on
availability
 Types of attacks

• Classification
• Common person’s
view
• Technologist’s view

Classification of attacks in general terms

 Types of attacks

Criminal attacks: aim : to maximize financial gain by

attacking computer systems

Publicity attacks: occurs because of attackers want to see

their names appear on television news channels and
newspapers

Legal attacks: the attacker tries to make the judge or the

jury doubtful about the security of a computer system
 Types of criminal
attacks

Fraud

Scams

Destructions

Identity theft

Intellectual Property theft

Brand theft
Passive attacks and Active attacks
 Practical side of attacks

• Application level attacks

• Network level attacks

• Programs that attack

• Virus: Phases: Dormant, Propagation, Triggering,
Execution, Parasitic, Memory-resident, Boot sector,
Stealth, Polymorphic, Metamorphic
• Worm: a Worm does not modify a program, instead it
replicates itself again and again

• Trojan Horse: is a hidden piece of code, like a virus.

Purpose- to make some sort of modifications to the
target computer or network, it attempts to reveal
confidential information to an attacker.

• Applets and ActiveX Control Applets and ActiveX

• Cookies
 Cookies

• Cookies – born as a
result of specific
characteristic of the
internet.
• Maintaining the
state information
(i.e., identifying a
client to a server)

Creation of cookies
Usage of Cookies
Java script, VBScript and JScript

• Web page constructed –

HTML
• Tag based language – tag
begin with <> , Ends with
</>
Example
 Java security

• Java was designed – Java programs are considered

as safe as they cannot install, execute or propagate
viruses, and because of the program itself cannot
perform any action that is harmful to the user
computer
• Java security model associated with idea of
Sandbox.
• Job – protect a number of resources, performs task
at number of levels
Java application security
 Specific attacks
Packets – group of data

Packet - actual data + addressing information

Two main forms of attacks

Packet sniffing (Snooping) or IP Sniffing

Packet spoofing or IP Spoofing

 Packet sniffing

• Passive attack in an ongoing conversation

• Attacker need not hijack, instead simply observe
(sniff) the packets
• To prevent –
• Data encoding
• Transmission link encoded
 Packet spoofing

• Attacker sends packets with an incorrect source

address
• The receiver would sends replies back to forged
address (Spoofed address) not to the attacker
• Leads to -
• The attacker can intercept the reply
• The attacker need not see the reply – DOS
• The attacker does not want the reply – wants the host
to get confused