Computer Network Security

UNIT-I: Introduction & Cryptography

Introduction: Attack, Services and Mechanism, Model for Internetwork Security.
Cryptography: Notion of Plain Text, Encryption, Key, Cipher Text, Decryption and Cryptanalysis; Public Key Encryption, Digital Signatures, and Authentication.

UNIT-II: Network Security & Authentication

Authentication Applications: Kerberos, X.509, Directory Authentication Service, Pretty Good Privacy (PGP), S/MIME.

UNIT-III: IP Security Architecture

Overview, Authentication Header, Encapsulating Security Payload, Combining Security Associations, Key Management.

UNIT-IV: Web Security

Requirements, Secure Socket Layer (SSL), Transport Layer Security (TLS), Secure Electronic Transactions (SET).

UNIT-V: Network Management Security

Overview of SNMP Architecture, SNMPv1 Communication Facility, SNMPv3.

UNIT-VI: System Security

Intruders, Viruses, and Related Threats, Firewall Design Principles, Configuration Management.

UNIT-I: Introduction to Computer Network Security

1. Introduction

Attacks

An attack is an attempt to bypass security mechanisms to access or damage data.

Passive Attack: Eavesdropping or monitoring of transmissions.
Active Attack: Attempts to alter system resources or affect operations.

Services

Security services provide protection for data and communication:

Authentication
Confidentiality
Integrity
Non-repudiation
Access Control

Mechanisms

Security mechanisms enforce security services, such as encryption, digital signatures, and hashing.

2. Model for Internetwork Security

This model identifies how to secure communication over networks. It includes:

Sender and receiver using security protocols.
Use of security transformations (like encryption).
Secret information (keys) shared securely.

Sender → [Encrypt using Key] → Secure Channel → [Decrypt using Key] → Receiver

3. Cryptography

Cryptography is the science of securing communication using codes.

Key Terms

Plain Text: Original readable message.
Encryption: Transforming plain text into unreadable cipher text.
Key: A piece of information used in encryption/decryption.
Cipher Text: Encrypted message.
Decryption: Converting cipher text back to plain text.
Cryptanalysis: Breaking encryption without knowing the key.

Plain Text: Hello
Key: +3 Shift (Caesar Cipher)
Encryption → Cipher Text: Khoor
Decryption → Plain Text: Hello

4. Public Key Encryption

Uses a pair of keys: one public and one private. Public key is shared with everyone, private key is kept secret.

Encrypt with recipient's public key → Only they can decrypt with private key.
Provides confidentiality and secure key exchange.

User A → [Encrypt using B’s Public Key] → Message → B decrypts using Private Key

5. Digital Signatures

Used to verify the authenticity and integrity of a message.

Sender signs message with their private key.
Receiver verifies using sender’s public key.

Sender: [Sign using Private Key] → Message + Signature
Receiver: [Verify using Public Key]

6. Authentication

Process of confirming the identity of a user or system.

Password-based: User enters secret password.
Token-based: OTP, smart cards.
Biometric-based: Fingerprint, retina scan.

User → [Enters Credentials] → System → [Verify] → Access Granted/Denied

UNIT-II: Network Security - Authentication Applications

1. Kerberos

Kerberos is a secure authentication protocol for client-server applications using secret-key cryptography.

It uses a trusted third party called Key Distribution Center (KDC).

Working:

Client requests authentication from Authentication Server (AS).
AS issues a Ticket Granting Ticket (TGT).
Client uses TGT to request service ticket from Ticket Granting Server (TGS).
Client uses service ticket to access the server.

Client → AS: Request login
AS → Client: TGT
Client → TGS: Request service ticket
TGS → Client: Service Ticket
Client → Server: Access service using ticket

2. X.509 Authentication Service

X.509 is a standard defining the format of public key certificates. It provides digital identity using Certificate Authorities (CA).

Main Components:

Certificate Authority (CA): Issues and verifies certificates.
Public Key Infrastructure (PKI): Framework for key management.

Certificate = {User Info, Public Key, Expiry Date, CA Signature}
Verification = Use CA's public key to validate certificate.

3. Directory Authentication Service

This service authenticates users based on directory data (LDAP or similar directory services).

Integrates with centralized systems.
Supports scalable user authentication.

User → Login with credentials
Server → Validate against Directory (LDAP)
Response → Access Granted/Denied

4. Pretty Good Privacy (PGP)

PGP is a data encryption and decryption program for securing emails and files.

Features:

Combines public key and symmetric encryption.
Supports digital signatures.

Sender:
- Encrypt message with session key (symmetric)
- Encrypt session key with recipient's public key
- Sign with sender's private key

Receiver:
- Decrypt session key with private key
- Verify signature with sender's public key
- Decrypt message

5. S/MIME (Secure/Multipurpose Internet Mail Extensions)

S/MIME is a standard for public key encryption and signing of MIME data in email.

Key Functions:

Authentication using digital signatures
Confidentiality via encryption
Integrity and non-repudiation

Sender:
- Encrypt Email + Sign with private key

Receiver:
- Verify Signature with sender's public key
- Decrypt using private key

UNIT-III: IP Security Architecture

1. Overview of IP Security (IPSec)

IPSec is a suite of protocols used to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet in a communication session.

Key Features:

Confidentiality
Data Integrity
Authentication
Anti-replay protection

Use Case:
Secure communication between two systems over an unsecured IP network (e.g., VPN).

2. Authentication Header (AH)

AH provides connectionless integrity and data origin authentication for IP packets. It also protects against replay attacks.

Key Properties:

No encryption of data
Ensures data has not been tampered

Packet Structure with AH:
[IP Header][AH][Payload]

Fields in AH:
- Next Header
- Payload Length
- Security Parameters Index (SPI)
- Sequence Number
- Authentication Data

3. Encapsulating Security Payload (ESP)

ESP provides confidentiality, data origin authentication, and integrity. It encrypts the IP packet data.

Key Properties:

Supports encryption and authentication
Can be used with or without AH

Packet Structure with ESP:
[IP Header][ESP Header][Encrypted Payload][ESP Trailer][ESP Auth]

Fields in ESP:
- SPI
- Sequence Number
- Payload Data (encrypted)
- Authentication Data (optional)

4. Combining Security Associations (SAs)

A Security Association (SA) defines the parameters for secure communication. IPSec can use multiple SAs together in a specific order called a "bundle."

Modes of Combination:

Transport Mode: Only payload is encrypted/authenticated.
Tunnel Mode: Entire original packet is encrypted and encapsulated.
SA Bundling: Use of AH + ESP together.

Example SA Bundle:
[Original IP Packet]
↓
Apply AH → Add AH Header
↓
Apply ESP → Encrypt Payload + Add ESP Header/Trailer
↓
Send Encrypted Packet

5. Key Management

Key Management is essential for creating and distributing cryptographic keys securely between entities using IPSec.

Methods:

Manual Keying: Keys are manually configured by the administrator.
Automated Keying: Uses protocols like IKE (Internet Key Exchange) to dynamically generate and manage keys.

IKE Steps:
1. Negotiate security policy
2. Exchange keys securely (e.g., using Diffie-Hellman)
3. Establish Security Association

UNIT-IV: Web Security

1. Web Security Requirements

Web security is essential to protect sensitive data and ensure secure communication over the internet.

Basic Requirements:

Confidentiality: Protect data from unauthorized access.
Integrity: Ensure data is not altered in transit.
Authentication: Verify identity of users and servers.
Non-repudiation: Prevent denial of sending/receiving messages.

Example:
When logging into a bank website, your credentials and session data must be encrypted and authenticated.

2. Secure Socket Layer (SSL)

SSL is a protocol for establishing authenticated and encrypted links between networked computers.

Key Features:

Encryption of data in transit
Server authentication using digital certificates
Optional client authentication

SSL Handshake Steps:
1. Client sends "Hello" to server.
2. Server sends certificate.
3. Client verifies certificate.
4. Session key is generated and exchanged securely.
5. Encrypted communication starts.

3. Transport Layer Security (TLS)

TLS is the successor to SSL and is more secure and efficient. It provides privacy and data integrity between applications over a network.

Improvements over SSL:

Stronger encryption algorithms
More secure key generation and exchange
Protection against known vulnerabilities in SSL

TLS = SSL 3.0 + Improvements
TLS 1.2 and TLS 1.3 are widely used today.

4. Secure Electronic Transactions (SET)

SET is a protocol developed by Visa and MasterCard for secure credit card transactions over the internet.

Key Concepts:

Ensures confidentiality and integrity of payment information
Uses digital certificates for authentication
Prevents merchants from seeing cardholder information

SET Flow:
1. Customer gets digital certificate.
2. Customer places an order.
3. Merchant and payment gateway verify details.
4. Payment is processed securely without revealing card info to the merchant.

UNIT-V: Network Management Security

1. Overview of SNMP Architecture

SNMP (Simple Network Management Protocol) is a framework used for managing devices on IP networks. It enables monitoring, configuration, and control of network devices like routers, switches, and servers.

Key Components of SNMP:

Manager: Sends requests and receives data from agents.
Agent: Software on network devices that collects and stores management information.
MIB (Management Information Base): A database used to manage the entities in the network.

Example:
Manager (central software) <--> Agent (on router)
Manager sends GET request → Agent responds with CPU load.

2. SNMPv1 Communication Facility

SNMPv1 is the original version and operates over UDP using port 161 for agent listening and 162 for traps.

Basic Operations:

GET: Request information from an agent.
SET: Modify a variable on the agent.
GETNEXT: Retrieve the next value in a table.
TRAP: Asynchronous notification from agent to manager.

SNMPv1 Example:
Manager sends GET to agent → Agent responds with data.
Agent sends TRAP if CPU usage is too high.

Limitation: No authentication or encryption; vulnerable to spoofing.

3. SNMPv3 - Enhanced Security

SNMPv3 introduces security features to overcome SNMPv1 and SNMPv2 vulnerabilities. It adds authentication, privacy (encryption), and access control.

Security Features:

Authentication: Ensures data is from a verified source (via MD5/SHA).
Privacy: Encrypts messages using DES or AES.
Access Control: Determines who can access what information.

SNMPv3 Example:
- Manager authenticates with the agent.
- Sends encrypted GET request.
- Agent verifies identity and responds with encrypted data.

Note: SNMPv3 is the preferred version for secure network management.

UNIT-VI: System Security

1. Intruders

Intruders are unauthorized users who attempt to access, steal, or damage information systems.

Types of Intruders:

Masquerader: An outsider pretending to be an authorized user.
Misfeasor: A legitimate user misusing privileges.
Clandestine User: Gains control to evade auditing and monitoring.

Example:
A user guesses an admin password and installs keylogger software.

2. Viruses and Related Threats

Malware refers to malicious software intended to harm or exploit systems. Types include:

Virus: Attaches to files or programs and replicates.
Worm: Self-replicating and spreads across networks.
Trojan Horse: Disguised as legitimate software.
Ransomware: Encrypts user files and demands ransom.

Example:
A USB drive with a worm infects the system and spreads over LAN.

3. Firewall Design Principles

Firewalls monitor and control incoming and outgoing network traffic based on security rules.

Types of Firewalls:

Packet Filtering: Filters traffic at network layer.
Stateful Inspection: Keeps track of active connections.
Application Gateway: Controls traffic for specific applications.

Example Rule:
Block all incoming traffic on port 21 (FTP).
Allow HTTPS traffic on port 443.

4. Comprehensive Examples using Software Platforms/Tools

Several tools and platforms are used to demonstrate and implement system security:

Wireshark: Network packet analyzer.
Snort: Intrusion detection/prevention system.
Kali Linux: OS with penetration testing tools.
Splunk: Security information and event management (SIEM).

Example:
Use Snort to monitor packets for unauthorized port scanning.
Configure rules to alert on suspicious activity.

5. Configuration Management

Configuration Management involves maintaining the integrity and consistency of a system's performance and functionality.

Key Elements:

Track system configurations and changes.
Ensure security patches are up-to-date.
Use version control tools (e.g., Git).

Example:
Use Git to manage firewall configuration scripts and track updates.
Use Ansible for automated configuration deployment.