 |
DR. AJAY KUMAR PATHAK
ASSISTANT PROFESSOR
READ ALL THE NOTES CHAPTER WISE
SUBJECT NAME:- MJ–15 (Th):- INFORMATION SECURITY
FOR B. Sc. IT.
SEM 6 F.Y.U.G.P.
Copyright © by Dr. Ajay kumar pathak
B. Sc. IT. SEMESTER 6 NOTES BASED ON NEP
SUBJECT : MJ–15 (Th): INFORMATION SECURITY
(To be selected by the students from)
UNIT 3 (UNIT NAME):- NETWORK SECURITY PROTOCOLS
Objective:
The objective of the course is to enable
students to
·
The objective of
this course is to provide students with a comprehensive understanding of
network security concepts and techniques. The course aims to develop students'
skills in identifying network vulnerabilities, implementing security measures,
and ensuring the confidentiality, integrity, and availability of networked
systems.
Learning Outcome:- After
completion of this course, a student will be able to–
·
Understand the
principles and concepts of network security.
·
Identify
potential security threats and vulnerabilities in networked systems.
·
Implement
security measures to protect network infrastructure.
·
Apply encryption
and authentication techniques to secure network communication.
·
Analyze and
respond to security incidents in networked environments
Semester Examination and Distribution of Marks
INTERNAL MARKS :- 25
(NO PRACTICAL IN THE MJ 15(INFORMATION SECURITY ))
End Semester Examination (ESE) : 75 Marks
-: NOTES READ FROM HERE :-
UNIT- 3 :- NETWORK SECURITY PROTOCOLS
INTRODUCTION TO NETWORK SECURITY PROTOCOLS:-
Network security protocols are network
protocols that ensure the integrity and security of data transmitted across
network connections. The specific network security protocol used depends on the
type of protected data and network connection. Each protocol defines the
techniques and procedures required to protect the network data from
unauthorized or malicious attempts to read or exfiltrate information.
Network security protocols
consist of rules and frameworks designed to protect data as it moves through a network.
They also structure how data gets from point A to point B, how it's received by
different components and ways of keeping attackers from reading it if they
intercept your communications.
Early network security
protocols were designed to prevent hackers from stealing or changing
information to damage communications. They were effective initially, but
protocols had to change as hacking techniques evolved.
Types of network
security protocols:-
A security protocol is a set of
formal rules, algorithms, and procedures that ensure secure communication and
data transfer between devices, systems, or networks. It defines how data is
encrypted, authenticated, transmitted, and verified to maintain
confidentiality, integrity, and availability. They also structure how data gets
from point A to point B, how it's received by different components and ways of
keeping attackers from reading it if they intercept your communications.
In simple terms, a security
protocol acts as a digital handshake between systems, confirming that both
parties are who they claim to be and that the data exchanged cannot be
intercepted or altered.
Different types of
network security protocols :-
i.
HTTP (HyperText
Transfer Protocol) – Handles website communication between browsers and
servers.
ii. HTTPS (HyperText Transfer Protocol Secure) – Adds a
security layer through encryption.
iii. FTP (File Transfer Protocol) – Used for moving large
files between systems.
iv. SMTP (Simple Mail Transfer Protocol) – Manages the
sending of emails.
v. TCP (Transmission Control Protocol) – Ensures reliable
delivery of data.
vi.
UDP (User
Datagram Protocol) – Focuses on speed for streaming and gaming.
vii.
IPsec (Internet
Protocol Security) – Handles addressing and routing of packets. Example:- Suppose
you are working from home and connecting to your office network using a VPN.
IPsec encrypts all your data between your computer and the office server so no
one can spy on your communication.
viii.DNS (Domain Name System) – Converts website names into
IP addresses.
NETWORK SECURITY
PROTOCOLS EXAMPLES:-
(1) Secure Sockets Layer (SSL)
(2) Transport Layer Security (TLS)
(3) Secure Shell (SSH)
(4) Virtual Private Network (VPN)
(5) Internet Protocol Security (IPsec)
(6) Simple Network Management Protocol (SNMPv3)
(7) Secure File Transfer Protocol (SFTP)
(1) SECURE SOCKETS LAYER (SSL):- SSL is
standard technology for securing an internet connection by encrypting data sent
between a website and a browser (or between two servers). It prevents hackers
from seeing or stealing any information transferred, including personal or
financial data.
A Secure Sockets Layer (SSL) is
a cryptographic protocol developed by Netscape in the mid-1990s to secure
internet communications. It was designed to provide privacy, authentication,
and data integrity between web browsers and servers. SSL quickly became the
standard for securing online transactions, such as e-commerce and online
banking, due to its ability to encrypt data and ensure secure connections.
Despite its initial success,
SSL had inherent weaknesses that made it susceptible to various attacks. In
September 2014, Google discovered a serious SSL 3.0 vulnerability called
Padding Oracle on Downgraded Legacy Encryption (POODLE), which hackers
exploited to decrypt and steal confidential information. These vulnerabilities
led to the development of TLS as a more secure successor to SSL.
Working of SSL:- SSL ensures secure communication through three main
mechanisms:-
Step 1: Encryption:- Your data
gets turned into a jumbled mess of characters that is impractical to decode.
The data can be decoded only with a session key that is exchanged between the
server and the client.
Step 2: Authentication:- SSL
initiates a handshake between devices to make sure they're not impostors. It's
like a password exchange to confirm: "You are who you say you are,
right?"
Step 3: Data integrity:- SSL
digitally seals your data to make sure no one tampers (alters) with it. This
ensures what you sent is exactly what you received, like a digital "Do not
open until delivery" label.
SSL protocols:-
(i) SSL Record protocol:- The SSL Record protocol is like the secret agent of
the SSL connection. The two components of the protocol are:-
(a) Confidentiality:- Making
sure your online activity is nobody else's business
(b) Message integrity:-
Ensuring your data doesn't get tampered with on its way
(ii) Handshake protocol:- The client and server Ping-Pong (something
going repeatedly from one side to another.)
messages back and forth to establish a secure session, like a digital version
of the secret handshake, but with certificates and key exchanges instead.
Round 1: The client and the
server exchange secret codes and protocols.
Round 2: The server presents its
SSL certificate and provides the client with the key to encrypt its data then
dramatically exits the stage with a "server-hello-end" message.
Round 3: The client eagerly (Very
ready and happy to do something) responds by alternating
its certificate and executing some impressive client-exchange-key moves.
Round 4: The change cipher
suite marks the end of this exciting handshake protocol. This stage confirms
that the data transferred has been sent securely.
(iii) Change-Cipher protocol:- This is where the SSL record output changes from the
pending state to the current state, like flipping a switch from maybe secure to
definitely secure.
(iv) Alert protocol:- It is responsible for conveying SSL-related alerts you
if a certificate is sketchy.
(2) TRANSPORT LAYER SECURITY (TLS):- Transport layer security protocol is one of the
security protocols which are designed to facilitate privacy and data security
for communications over the Internet. The main use of TLS is to encrypt the
communication between web applications and servers, like web browsers loading a
website.
TLS is used to encrypt other
communications like email, messaging, and voice over IP (VoIP). TLS was
proposed by the Internet Engineering Task Force (IETF), which is an
international standards organization.
It provides three main security
services:-
(a) Confidentiality (Encryption):- Nobody can read the data except sender and
receiver.
(b) Authentication:- Verifies
the identity of the server (and sometimes client).
(c ) Integrity:- Ensures
data is not modified during transmission.
It is the improved and more
secure version of Secure Sockets Layer (SSL).
Today, whenever you see HTTPS
in a browser, it means TLS is protecting the communication.
Example:- Login to a Bank
Website, Suppose you open your bank website in a browser like Google Chrome.
With TLS:-
·
Browser and bank
server perform a TLS handshake
·
They create a
secret encryption key
·
Your password is
converted into encrypted form
·
Hacker sees only
unreadable random characters.
How TLS Works in Detail
(Step-by-Step):-
TLS works in two main phases:-
Phase 1:- TLS Handshake (Connection Setup), This is the most important part.
Step 1:- Client Hello
Browser sends:-
·
TLS version
supported
·
Supported
encryption algorithms
·
Random number
Step 2:- Server Hello
Server replies:-
·
Chooses TLS
version
·
Chooses
encryption algorithm
·
Sends its Digital
Certificate
·
Certificate is
issued by a trusted Certificate Authority (CA).
Step 3:- Certificate Verification
Browser checks:-
·
Is certificate
valid?
·
Is it issued by
trusted authority?
·
Is domain name
correct?
·
If everything is
correct → connection continues.
Step 4:- Key Exchange
·
Client and server
generate a shared secret key.
·
This key is used
for encryption.
·
Now handshake is
complete.
Phase 2:- Secure Data Transfer:-
After handshake:
·
Data is encrypted using symmetric encryption.
·
Faster communication.
·
Integrity check is applied.
Where TLS is Used:-
i.
HTTPS
websites
ii.
Email
security (SMTPS, IMAPS)
iii. VPN
iv. Cloud computing
v.
Online
banking
vi. E-commerce
(3) SECURE SHELL (SSH):- also known as
simply Secure Shell. The
Secure Shell (SSH) network protocol uses encryption to allow two connected
devices—usually a server and a client—to communicate securely with one another.
It enables users to safely command and control distant machines. Conventional
methods that transfer data in plain text, such as Telnet, FTP, and login, can
be safely replaced with SSH. File transfers, network service tunneling, and
remote administration are among its common uses.
SSH
is widely used to enable the following functions:-
i.
Secure
access to remote systems
ii.
Secure
execution of commands on remote systems
iii. Secure remote delivery of software
updates
iv. Secure interactive and automated
file transfers
v.
Auto-login
to servers
vi. Secure management of critical
network infrastructure systems such as routers, firewalls, servers, virtual
machines, operating systems and more.
How does SSH work?:-
SSH works on
a client / server model, where the ‘SSH client’ is a piece of software on the
user’s system that can communicate with the remote host, and the ‘SSH server’
is the remote host that provides access via secure SSH connection.
The
general process is detailed below, and takes place over two phases:-
Phase
1: Shared Secret Generation:-
(a) A TCP handshake is initiated by the
client, during which it verifies its identity to the server and both parties
agree on the encryption protocols to be followed.
(b) The server presents its public key to
prove its identity to the client.
(c ) A ‘session key’ is mutually created by
both parties using the Diffie-Hellman algorithm, which will be used to encrypt
the entire sesion. Here, public and private data from the both server and
client are combined to create this session key or ‘shared secret’, which is a
symmetric key (i.e the same key can be used to encrypt and decrypt information)
(d) Symmetric encryption is established by
means of the session key, which secures the transaction against external
interception.
Phase
2: Authentication of Client:-
(a) The server authenticates the client,
either by means of receiving an encrypted password, or via SSH keys. Since
passwords are less secure than SSH keys due to their vulnerability to brute (base)
force attacks, the use of the latter is recommended.
(b) The SSH key-based authentication begins
with the client informing the server of the credentials of the key pair it
would like to authenticate itself with. In this case, both the server and the
client have corresponding public keys.
(c ) The server verifies the existence of this
key pair in its database, and then uses its public key to encrypt a message,
and sends it to the client.
(d) The client decrypts the message with its
corresponding private key, and then combines the underlying value with the
session key to create a hash value.
(e) It sends the hash value back to the
server.
(f) The server receives this hash value, and
then creates its own hash value (using the original unencrypted message and the
shared session key). If both hash values match, the server takes it as proof
that the client is the owner of the private key, and grants it authentication.
(g) Once authentication is established, both
parties open up an encrypted channel to communicate with each other.
(4) VIRTUAL PRIVATE NETWORK (VPN):- A Virtual Private Network (VPN) is
a security technology that creates an encrypted tunnel between your device and
a VPN server over the internet, so your traffic travels privately and your real
IP address is hidden.
VPN establishes
a digital connection between your computer and a remote server owned by a VPN
provider, creating a point-to-point tunnel that encrypts your personal data,
masks your IP address, and lets you avoid website blocks and firewalls on the
internet.
Therefor the
work done by:-
(a) Privacy protection:- Hides your IP and encrypts traffic, so
ISPs, advertisers, and third parties can’t easily monitor your browsing.
(b) Security on public Wi-Fi:- Encryption
protects logins and personal data on unsafe networks (airports, cafes).
(c ) Bypass
geo-restrictions:- Changes your apparent (true but may not be) location
by routing through another region’s server, unlocking region-limited sites or
services.
(d) Reduce ISP throttling (Regulating) :- Since
traffic is encrypted, ISPs can’t easily identify specific activities
(streaming/gaming) to selectively slow them.
(e) Secure remote access:- Let
employees connect to internal company resources securely from outside the
organization.
Types
of VPN:-
(1) Remote Access VPN:- These are designed for individual
users or devices to connect securely to a corporate network over the internet.
Remote workers can access company resources such as files, email, and
applications while maintaining data security. SSL (Secure Sockets Layer ) / TLS
(Transport Layer Security ) and IPsec (Internet Protocol Security) are common
protocols used for remote access VPNs.
(2) Site-to-Site VPN:- Site-to-site VPNs are
used to securely connect entire networks or multiple locations (e.g., branch
offices) over the internet. They create a secure tunnel between two or more
physical locations, allowing them to share resources and data. IPsec, GRE (Generic
Routing Encapsulation ), and MPLS (Multiprotocol Label Switching) are commonly
used protocols for site-to-site VPNs.
(3) SSL VPN:- Secure Socket Layer (SSL) VPNs
use SSL/TLS protocols to provide secure remote access to web-based applications
and services. These are often used for secure remote access to corporate
intranets, webmail, and other web applications without client software
installation.
(4) IPsec VPN:- Internet Protocol Security
(IPsec) is a protocol for securing internet communication. It can be used in
both remote access and site-to-site VPN configurations. IPsec provides strong
encryption and authentication.
(5) PPTP, L2TP, and L2TP/IPsec:- These older
VPN protocols offer varying levels of security and performance. PPTP
(Point-to-Point Tunneling Protocol) is less secure and less commonly used
today. L2TP (Layer 2 Tunneling Protocol) and L2TP/IPsec combine L2TP with IPsec
for improved security.
(6) WireGuard:- WireGuard is a relatively
new and lightweight VPN protocol known for its simplicity and performance. It
aims to be faster and more secure than older protocols like OpenVPN and IPsec.
(7) OpenVPN:- OpenVPN is an open-source VPN
protocol that is highly configurable and widely used for its security and
flexibility. It is often the preferred choice for setting up custom VPN
solutions.
(8) Mobile VPN:- These VPNs are designed
specifically for mobile devices, such as smartphones and tablets. They provide
secure connectivity for users on the go, ensuring data privacy and security
when using public Wi-Fi networks.
(9) Dedicated VPN Services:- Numerous
commercial VPN service providers offer VPN services for individuals and
organizations. These services provide user-friendly apps, global server
locations, and security features.
(10) Peer-to-Peer (P2P) VPN:- P2P VPNs allow
users to create a decentralized network where each user acts as a node,
contributing bandwidth and resources. These are often used for privacy and
censorship circumvention.
(11) Mesh VPN:- Mesh VPNs connect multiple devices or nodes in
a peer-to-peer manner, creating a decentralized and resilient network. They are
used in scenarios where traditional infrastructure-based networks may not be
available or practical.
Advantages of VPN
(1) Data Traffic Security:- VPNs use
encryption protocols to secure data traffic, ensuring that your online
activities, such as web browsing, file transfers, or online messaging, remain
confidential and protected from unauthorized access.
(2) IP Address Privacy:- VPNs can mask your
IP address and location by routing your internet traffic through servers in
different regions or countries. This helps protect your online privacy and
anonymity by making it harder for malicious websites and online services to
track your real-world location.
(3) Public Wi-Fi Security:- When using a
public Wi-Fi network, which is often less secure, a VPN adds an extra layer of
security. It does this by encrypting your data traffic and making it more
difficult for hackers to intercept your information.
(4) Enhanced Online Anonymity (privacy):-
VPNs can help protect your online identity by preventing websites and online
services from tracking your browsing habits, which can be used for targeted
advertising.
Drawbacks of Using VPN:-
(1) Reduced internet speed:- Encryption and
routing traffic through remote servers can increase latency and lower
connection speeds.
(2) Inconsistent provider quality:- Some VPN
providers may use weak encryption or maintain user logs, which can compromise
privacy.
(3) Blocking and restrictions:- Certain
websites, streaming services, and countries actively detect and block VPN
traffic, limiting access.
(4) Configuration complexity:- Advanced
setups and manual configurations may require technical expertise, particularly
in enterprise environments.
(5) Cost factors:- Free VPNs often impose
limits on bandwidth and features, while reliable premium services require
ongoing subscription fees.
(5) INTERNET PROTOCOL SECURITY (IPSEC):- "IPsec," "IP"
stands for "Internet Protocol" and "sec" for "secure.".
IPsec (Internet Protocol Security) is a framework that helps us to protect IP
traffic on the network layer. Because the IP protocol itself doesn’t have any
security features at all.
Some
IPSec protocols are given below:-
(1) Authentication header (AH):- The
authentication header (AH) protocol adds a header that contains sender
authentication data and protects the packet contents from modification by
unauthorized parties. It alerts the recipient of possible manipulations of the
original data packet. When receiving the data packet, the computer compares the
cryptographic hash calculation from the payload with the header to ensure both
values match. A cryptographic hash is a mathematical function that summarizes
data into a unique value.
(2) Encapsulating security
payload (ESP) :-Depending
on the selected IPSec mode, the encapsulating security payload (ESP) protocol
performs encryption on the entire IP packet or only the payload. ESP adds a
header and trailer to the data packet upon encryption.
(3) Internet key exchange
(IKE):- Internet key
exchange (IKE) is a protocol that establishes a secure connection between two
devices on the internet. Both devices set up security association (SA), which
involves negotiating encryption keys and algorithms to transmit and receive
subsequent data packets.
Advantages
of IPSec:-
i.
Strong security:- IPSec provides strong cryptographic security services that help protect
sensitive data and ensure network privacy and integrity.
ii.
Wide compatibility:- IPSec is an open standard
protocol that is widely supported by vendors and can be used in heterogeneous
environments.
iii. Flexibility:- IPSec can be configured to provide security for a
wide range of network topologies, including point-to-point, site-to-site, and remote access
connections.
iv. Scalability:- IPSec can be used to secure large-scale networks and
can be scaled up or down as needed.
v.
Improved network performance:- IPSec can help improve network performance by reducing
network congestion and improving network efficiency.
Disadvantages
of IPSec:-
i.
Configuration Complexity:- IPSec
can be complex to configure and requires specialized knowledge and skills.
ii.
Compatibility Issues:- IPSec
can have compatibility issues with some network devices and applications, which
can lead to interoperability problems.
iii. Performance
Impact:- IPSec can impact network
performance due to the overhead of encryption and decryption of IP packets.
iv. Key
Management:- IPSec requires effective key
management to ensure the security of the cryptographic keys used for encryption
and authentication.
v.
Limited Protection:- IPSec only provides
protection for IP traffic, and other protocols such as ICMP (Internet Control Message Protocol), DNS (Domain Name System), and routing protocols may
still be vulnerable to attacks.
(6) SIMPLE
NETWORK MANAGEMENT PROTOCOL (SNMPV3):-
Simple
Network Management Protocol Version 3 (SNMPv3) is an advanced version of SNMP.
Primarily used for network management, SNMPv3 ensures secure access to devices
by providing enhanced security features. Unlike its predecessors, SNMPv3
supports strong authentication and encryption, making it a go-to choice for
managing complex network environments securely.
SNMPv3 is
crucial in current network management for its ability to provide secure and
reliable data about network devices. Its enhanced security features make it
well-suited for modern, sensitive environments where data integrity and privacy
are paramount.
Architecture
of SNMP:-
There are
mainly three main components in SNMP architecture:-
(1) SNMP Manager
(2) SNMP agent
(3) Management Information
Base
(1) SNMP
Manager:- It is a centralized system used to
monitor the network. It is also known as a Network Management Station (NMS). A router that runs the SNMP server
program is called an agent, while a host that runs the SNMP client program is
called a manager.
(2) SNMP
agent:- It is a software management
software module installed on a managed device. The manager accesses the
values stored in the database, whereas the agent maintains the information in
the database. To ascertain if the router is congested or not, for instance, a manager
can examine the relevant variables that a router stores, such as the quantity
of packets received and transmitted.
(3) Management Information Base:- MIB consists of information on resources that are to be managed. This information is organized hierarchically. It consists of objects instances which are essentially variables. A MIB, or collection of all the objects under management by the manager, is unique to each agent.
Components
of Simple Network Management Protocol (SNMP):-
(1) SNMP manager:- Also referred to as a
network management station (NMS), the SNMP manager watches over the SNMP
network. It communicates with network devices via the SNMP agents and operates
on a network host, which is a computer on a network. It then sends queries to
agents, receives their responses, configures their variables, and records
events that come from them.
(2) Managed devices OR Agent Device:- A
managed device is an SNMP-capable network component the SNMP manager controls.
Typically, these are printers, wireless
devices, routers, or switches.
(3) SNMP agent:- An SNMP agent is a piece of
software that reacts to SNMP requests by providing information about a network
device’s status and metrics. This gives SNMP agents the most significant role
in the SNMP environment. They gather, store, and send monitoring data from SNMP
network devices that are nearby and connected to the agent. When a query is
made, data is sent to the selected SNMP manager—and this is what an
administrator can read and analyze.
(4) Management information database (MIB):- A
structure called an SNMP MIB outlines how information is exchanged in an SNMP
system. Every SNMP agent has a database with information that outlines the
specifications of the devices it controls. An SNMP manager gathers data for
performance management, fault management, and data storage using SNMP. The MIB
stores data acquired from each device on the network and serves as a shared
database for the agent and the SNMP manager.
(5) SNMP OID or SNMP :- OID stands for
“object identifier,” and it provides an address that the system can use to
identify the devices administrators are managing and monitoring.
Advantages of SNMP:-
i.
It
is easy to implement.
ii.
Agents
are widely implemented.
iii. Agent level overhead is minimal.
iv. It is robust and extensible.
v.
Polling
approach is good for LAN based managed object.
vi. It offers the best direct manager
agent interface.
Disadvantages of SNMP:-
i.
It
does not scale well.
ii.
There
is no object orietned data view.
iii. It has no standard control
definition.
iv. It has many implementation specific
(private MIB) extensions.
v.
It
has high communication overhead due to polling
(7) SECURE FILE TRANSFER PROTOCOL (SFTP):- SFTP is alternatively known as SSH
File Transfer Protocol,
SFTP stands
for SSH File Transfer Protocol or Secure File Transfer Protocol. SFTP transfers
files using Secure Shell (SSH), which is an encrypted protocol.
SFTP (Secure
File Transfer Protocol) is the advanced version of FTP(file transfer protocol)
which ensures security while transferring files between the organizations / computer.
It is also known as SSH(Secure Shell). It works on port no. 22 and uses the
client-server model.
Working
of SFTP:-
SFTP ensures
data security by applying SSH Message Authentication Code(MAC) to data packets.
Firstly, a safe and secure connection is established by SFTP then it provides
an advanced level of protection for data transferring. The authentication of
users to the file being shared on SSH data stream, everything is encrypted by
SFTP. If any unauthorized person or third party tries to access the data, it
will be incomprehensible or unreadable due to encryption.
For
example- In WhatsApp, Messages are end
to end encrypted.
No comments:
Post a Comment
PLEASE DO LEAVE YOUR COMMENTS