1. Attacks, Services, and Security Mechanisms

Computer networks are vulnerable to a variety of attacks. Understanding them helps in building secure systems.

• Attack: Any action that compromises the security of information.
• Security Services: Functions that enhance security, such as confidentiality, integrity, authentication, and non-repudiation.
• Security Mechanisms: Tools or techniques that implement services (e.g., encryption, firewalls, digital signatures).

Example:
A hacker intercepts login data (attack), so SSL encryption (mechanism) is used to ensure data confidentiality (service).
        

2. Model for Internetwork Security

A general security model includes the following components:

• Sender and Receiver: Endpoints that need to communicate securely.
• Transmission Medium: The insecure network used for data transfer.
• Security Transformations: Processes like encryption applied to secure the message.
• Secret Information: Keys used in encryption/decryption.
• Trusted Third Party: Like a Certificate Authority (CA) that manages public keys.

Example:
Sender encrypts the message → Transmits over the Internet → Receiver decrypts using the shared key.
        

3. Cryptography Basics

Cryptography is the practice of securing information by transforming it into an unreadable format.

• Plain Text: The original readable message.
• Encryption: Process of converting plain text to cipher text using a key.
• Key: A value used in the encryption/decryption process.
• Cipher Text: Encrypted, unreadable message.
• Decryption: Converting cipher text back to plain text using the key.
• Cryptanalysis: The study of breaking cryptographic systems without access to the key.

Example:
Plain Text: "HELLO"
Key: 3 (Caesar Cipher)
Cipher Text: "KHOOR"
        

4. Public Key Encryption

Also known as Asymmetric Encryption, it uses two keys:

• Public Key: Shared with everyone for encryption.
• Private Key: Kept secret for decryption.

It ensures secure communication without sharing a private key.

Example:
Sender encrypts message using Receiver's Public Key → Only Receiver can decrypt using their Private Key.
        

5. Digital Signatures and Authentication

Digital signatures ensure message integrity and authenticity. They use the sender's private key to sign the data.

• Authentication: Confirms the identity of the sender.
• Digital Signature: Encrypted hash of the message using sender’s private key.

Example:
Sender hashes the message → Encrypts hash with their Private Key → Receiver decrypts with Public Key and verifies hash.
        

1. Kerberos

Kerberos is a network authentication protocol designed to provide strong authentication using secret-key cryptography. It allows nodes to prove their identity over non-secure networks.

• Uses a Key Distribution Center (KDC) for ticket granting.
• Authenticates once, then uses tickets to access multiple services.

Example:
1. User logs in → sends request to KDC.
2. KDC sends a Ticket Granting Ticket (TGT).
3. User presents TGT to access services without re-entering password.
        

2. X.509 Authentication Service

X.509 is a standard defining the format of public key certificates. It is used in protocols like SSL/TLS for secure communications.

• Provides a certificate that binds a public key with an identity.
• Issued by a trusted Certificate Authority (CA).

Example:
User A receives a digital certificate from a CA.
The certificate includes: User A’s public key + digital signature of CA.
Other users verify A’s identity by validating the certificate.
        

3. Directory Authentication Service

This service is often implemented using LDAP (Lightweight Directory Access Protocol), which allows users and systems to look up authentication credentials in a centralized directory.

• Stores usernames, passwords, digital certificates.
• Supports authentication and access control.

Example:
A user logs in → system queries LDAP directory → credentials verified → access granted.
        

4. Pretty Good Privacy (PGP)

PGP is a data encryption and decryption program used for secure communication and email encryption.

• Combines symmetric encryption, public-key cryptography, and hashing.
• Used for signing, encrypting, and decrypting messages and files.

Example:
1. Sender encrypts message using recipient’s public key.
2. Signs message using sender’s private key.
3. Receiver decrypts using private key and verifies signature with sender’s public key.
        

5. S/MIME (Secure/Multipurpose Internet Mail Extensions)

S/MIME is a standard for public key encryption and signing of MIME data, widely used in securing email communication.

• Provides confidentiality, message integrity, authentication, and non-repudiation.
• Uses X.509 certificates for key management.

Example:
User sends an encrypted email using recipient’s public key.
Recipient decrypts with their private key.
Sender’s digital signature ensures message is authentic.
        

1. Overview of IP Security (IPSec)

IPSec is a suite of protocols that provide security for IP communications by authenticating and encrypting each IP packet. It operates at the network layer and ensures:

• Confidentiality: Encrypts data to keep it private.
• Integrity: Ensures data is not altered during transit.
• Authentication: Verifies the sender of the data.

Example:
Without IPSec: Data travels over the internet in plain text.
With IPSec: Data is encrypted and authenticated, making it unreadable and tamper-proof.
        

2. Authentication Header (AH)

Authentication Header is an IPSec protocol that provides data integrity and authentication of IP packets. It does not provide encryption.

• Ensures the packet is not modified in transit.
• Verifies the identity of the sender.
• Works by adding an additional header to the packet.

Example:
Sender → creates AH header with hash of the packet using a shared secret key.
Receiver → recalculates hash and compares → if matched, data is authentic.
        

3. Encapsulating Security Payload (ESP)

ESP provides both encryption (confidentiality) and optional authentication. It can work in two modes:

• Transport Mode: Only the payload is encrypted.
• Tunnel Mode: Entire IP packet is encrypted and encapsulated in a new IP packet.

Example:
Using ESP in Tunnel Mode:
Original IP packet → Encrypted and encapsulated → New IP header added → Transmitted securely.
        

4. Combining Security Associations

Security Association (SA) is a relationship between two entities that defines how they communicate securely using IPSec.

• Each SA is unidirectional and uses a unique SPI (Security Parameter Index).
• To achieve full-duplex communication, two SAs are required (one in each direction).
• Multiple SAs can be combined for layered protection (e.g., AH + ESP).

Example:
To secure data with both integrity and encryption:
1. Use ESP for encryption.
2. Use AH for authentication.
Combined SA: ESP + AH.
        

5. Key Management

Key Management in IPSec involves creating, distributing, and maintaining cryptographic keys used in secure communication. It can be:

• Manual Keying: Keys are configured manually on both ends (not scalable).
• Automatic Keying: Uses protocols like IKE (Internet Key Exchange) to establish keys dynamically.

Example:
IKE Phase 1: Establish secure channel between peers.
IKE Phase 2: Negotiate IPSec SAs and generate keys for encryption/authentication.
        

1. Web Security Requirements

To ensure secure communication over the web, certain fundamental requirements must be met:

• Confidentiality: Only the intended recipient should access the data.
• Integrity: Ensure that the data is not altered during transmission.
• Authentication: Both parties must verify each other's identity.
• Non-repudiation: The sender cannot deny sending the message.

Example:
A user logs into a bank site → credentials are encrypted (confidentiality)
→ server checks authenticity (authentication)
→ a digital signature confirms user’s transaction (non-repudiation).
        

2. Secure Socket Layer (SSL)

SSL is a standard security technology for establishing an encrypted link between a web server and a browser. It ensures that all data passed remains private.

• Uses both symmetric and asymmetric encryption.
• Employs digital certificates to verify server authenticity.
• Data is encrypted using session keys after handshake.

Example:
1. Browser connects to a secure site (https).
2. Server sends SSL certificate.
3. Browser verifies certificate and creates a session key.
4. All communication is encrypted using the session key.
        

3. Transport Layer Security (TLS)

TLS is the successor to SSL and provides improved security features. It is the most widely used protocol for securing internet communication today.

• Backwards-compatible with SSL but more secure.
• Provides encryption, authentication, and integrity checks.
• Used in web browsers, email, messaging, and VoIP.

Example:
When you visit https://example.com, TLS ensures:
- The server is authentic.
- Data you submit is encrypted.
- No third party can modify your messages.
        

4. Secure Electronic Transactions (SET)

SET is a protocol developed by Visa and MasterCard to secure credit card transactions over the internet. It focuses on confidentiality, integrity, and cardholder authentication.

• Encrypts payment information.
• Separates payment and order information for privacy.
• Uses digital certificates for both cardholder and merchant.

Example:
1. Customer places order and encrypts payment info using merchant's and bank’s public keys.
2. Merchant processes order but can't see card details.
3. Bank decrypts payment info and completes transaction securely.
        

1. Overview of SNMP Architecture

Simple Network Management Protocol (SNMP) is a protocol used for managing devices on IP networks such as routers, switches, servers, printers, and more.

• Manager: The system used to control and monitor the activities of network devices.
• Agent: Software running on a managed device that reports information to the manager.
• Managed Devices: Devices like routers or switches that are monitored via SNMP.
• MIB (Management Information Base): A database used by SNMP to manage network objects.

Example:
Network Admin (Manager) → sends SNMP request to Router (Agent) 
→ Router responds with system data using information from MIB.
        

2. SNMPv1 Communication Facility

SNMPv1 is the original version of SNMP and provides basic network monitoring features. It operates over UDP and uses a simple request-response communication model.

• Uses community strings (like passwords) for access control.
• Messages are sent in plain text – no encryption.
• Supported operations: GET, SET, GETNEXT, TRAP.

Example:
GET request: Manager asks Agent for a value (e.g., CPU usage).
SET request: Manager tells Agent to change a setting (e.g., restart service).
TRAP: Agent sends an alert to Manager when a fault occurs.
        

3. SNMPv3 – Enhanced Security

SNMPv3 is the most secure version of SNMP. It adds strong authentication and data encryption features to SNMP communications.

• Authentication: Ensures messages are from valid sources using protocols like HMAC-MD5 or SHA.
• Privacy (Encryption): Encrypts messages using DES or AES to prevent eavesdropping.
• Access Control: Defines what operations users can perform using user-based security model (USM).

Example:
1. SNMP Manager sends encrypted and authenticated GET request.
2. Agent verifies message and responds securely.
3. No sensitive data is exposed over the network.
        

1. Intruders

Intruders are individuals or automated programs that gain unauthorized access to systems to steal, modify, or destroy data.

• Masquerader: An outsider who pretends to be an authorized user.
• Misfeasor: A legitimate user who misuses their access.
• Clandestine User: Gains control and hides their presence in the system.

Example:
A hacker uses stolen credentials to access a company server and exfiltrate financial records.
        

2. Viruses and Related Threats

Viruses and malicious software disrupt normal system operations and pose serious security threats.

• Virus: Attaches itself to programs and spreads when executed.
• Worm: Self-replicates and spreads across networks.
• Trojan Horse: Disguises itself as legitimate software.
• Spyware: Secretly monitors user activity.
• Ransomware: Locks or encrypts data and demands ransom.

Example:
A user downloads a free software (Trojan) → Trojan installs spyware → Spyware sends user data to attacker.
        

3. Firewall Design Principles

A firewall is a hardware or software device that filters incoming and outgoing traffic based on a set of security rules.

• Packet Filtering Firewall: Filters based on IP addresses, ports, and protocols.
• Stateful Inspection Firewall: Tracks active connections and decides based on state and context.
• Proxy Firewall: Acts as a middleman between user and the internet.
• Next-Generation Firewall (NGFW): Includes intrusion prevention, deep packet inspection, and application awareness.

Example:
Firewall Rule: Allow port 80 (HTTP) traffic → Deny all other incoming traffic.
This blocks attacks but allows web browsing.
        

4. Comprehensive Examples Using Software Tools

Several software tools can be used to simulate or detect system threats:

• Wireshark: Packet analyzer for monitoring network traffic.
• Snort: Open-source intrusion detection and prevention system.
• ClamAV: Antivirus engine for detecting viruses and malware.
• Burp Suite: Security testing tool for web applications.

Example:
Using Wireshark:
1. Start capture on network interface.
2. Monitor incoming/outgoing packets.
3. Detect suspicious IPs or packet payloads.
        

5. Configuration Management

Configuration Management (CM) is the process of systematically handling changes to a system to maintain integrity and traceability.

• Version Control: Keeps track of code changes (e.g., Git).
• Change Management: Approves and documents system updates.
• Asset Management: Maintains an inventory of hardware/software.

Example:
Using Git:
1. Developers push code to remote repository.
2. Git tracks changes, merges branches, and logs authorship.
3. CM ensures rollback if new update causes failure.