PAPER DSE 603(B) :CYBER SECURITY
UNIT-I: INTRODUCTION TO CYBER SECURITY, CYBER SECURITY VULNERABILITIES AND CYBER SECURITY SAFEGUARDS: INTRODUCTION TO CYBER SECURITY: OVERVIEW OF CYBERSECURITY, INTERNET GOVERNANCE – CHALLENGES AND CONSTRAINTS, CYBERTHREATS:- CYBER WARFARE-CYBER CRIME-CYBER TERRORISM-CYBER ESPIONAGE, NEED FORA COMPREHENSIVE CYBER SECURITY POLICY, NEED FOR A NODAL AUTHORITY, NEEDFOR AN INTERNATIONAL CONVENTION ON CYBERSPACE. CYBER SECURITYVULNERABILITIES: OVERVIEW, VULNERABILITIES IN SOFTWARE, SYSTEM ADMINISTRATION,COMPLEX NETWORK ARCHITECTURES, OPEN ACCESS TO ORGANIZATIONAL DATA, WEAKAUTHENTICATION, UNPROTECTED BROADBAND COMMUNICATIONS, POOR CYBER SECURITYAWARENESS. CYBER SECURITY SAFEGUARDS: OVERVIEW, ACCESS CONTROL, AUDIT,AUTHENTICATION, BIOMETRICS, CRYPTOGRAPHY, DECEPTION, DENIAL OF SERVICEFILTERS, ETHICAL HACKING, FIREWALLS, INTRUSION DETECTION SYSTEMS,RESPONSE, SCANNING, SECURITY POLICY, THREAT MANAGEMENT.
UNIT-II: SECURING WEB APPLICATION, SERVICES AND SERVERS: INTRODUCTION, BASICSECURITY FOR HTTP APPLICATIONS AND SERVICES, BASIC SECURITY FOR SOAPSERVICES, IDENTITY MANAGEMENT AND WEB SERVICES, AUTHORIZATION PATTERNS,SECURITY CONSIDERATIONS, CHALLENGES.
UNIT-III: INTRUSION DETECTION AND PREVENTION: INTRUSION, PHYSICAL THEFT, ABUSE OF PRIVILEGES, UNAUTHORIZEDACCESS BY OUTSIDER, MALWARE INFECTION, INTRUSION DETECTION AND PREVENTIONTECHNIQUES, ANTI-MALWARE SOFTWARE, NETWORK BASED INTRUSION DETECTIONSYSTEMS, NETWORK BASED INTRUSION PREVENTION SYSTEMS, HOST BASED INTRUSIONPREVENTION SYSTEMS, SECURITY INFORMATION MANAGEMENT, NETWORK SESSIONANALYSIS, SYSTEM INTEGRITY VALIDATION.
UNIT-IV
CRYPTOGRAPHY AND NETWORK SECURITY
Introduction to Cryptography
Cryptography is the
practice and study of techniques for secure communication in the presence of
third parties or adversaries. It involves the use of mathematical algorithms to
encrypt and decrypt information, ensuring that unauthorized parties cannot access
or tamper with sensitive data. Cryptography plays a crucial role in various
aspects of information security, including confidentiality, integrity,
authentication, and non-repudiation. Cryptography is an important aspect when
we deal with network security.
‘Crypto’ means
secret or hidden. Cryptography is the science of secret writing
with the intention of keeping the data secret. Cryptanalysis,
on the other hand, is the science or sometimes the art of breaking cryptosystems.
These both
terms are a subset of what is called as
Cryptology .
Cryptography
is classified into
·
Symmetric
cryptography,
·
Asymmetric
cryptography
·
Hashing.
Common
cryptographic techniques include encryption algorithms (such as AES, DES, and
RSA), hashing functions (like SHA-256), and digital signatures. These methods
are essential for securing data during transmission, protecting user privacy,
and ensuring the authenticity and integrity of digital information.
Cryptography is widely applied in various domains, including secure
communication over the internet, e-commerce transactions, electronic banking,
and data protection in computer systems
Symmetric cryptography
1.Explain
Symmetric cryptography with example?
Ans:
Symmetric
cryptography, also known as secret-key or private-key cryptography,
is a cryptographic method where the same key is used for both the encryption
and decryption of data. In this approach, the communicating parties share a
secret key that is kept confidential between them.
The symmetric key is applied to transform the
plaintext (original data) into ciphertext (encrypted data) during encryption,
and the same key is used to reverse the process during decryption.
Symmetric
cryptography is generally faster and computationally more efficient than its
asymmetric (public-key) counterpart.
Key
features and aspects of symmetric cryptography include:
Key
Management: Symmetric
cryptography requires a secure method for key exchange between communicating
parties. The challenge lies in securely sharing and updating the secret key to
maintain confidentiality.
Speed
and Efficiency: Symmetric-key
algorithms are generally faster and computationally more efficient than their
public-key counterparts. This makes symmetric cryptography suitable for tasks
requiring high-speed data processing, such as bulk data encryption.
Use
Cases: Symmetric
cryptography is commonly used for encrypting large volumes of data, securing
network communication, and ensuring the confidentiality of stored data. It is
often employed in scenarios where the communicating parties have a
pre-established trust relationship.
Examples
of Symmetric Algorithms: Common symmetric encryption algorithms include Advanced
Encryption Standard (AES), Data Encryption Standard (DES), and Triple DES
(3DES).
Challenges: The primary challenge in symmetric cryptography is the secure distribution and management of secret keys. If an unauthorized party gains access to the key, they can decrypt the encrypted data.
Suitability
for Secure Channels:
Symmetric
cryptography is well-suited for scenarios where secure channels for key
exchange can be established and maintained. For example, it is often used in
Virtual Private Networks (VPNs) and secure communication within closed systems.
While symmetric cryptography is efficient for certain applications, its key management requirements and the need for secure key exchange limit its use in some scenarios. Many secure communication systems combine both symmetric and asymmetric cryptography to leverage the strengths of each approach.
Example for symmetric cryptography: Vidya and Bose Secure Communication
1.
Key Generation:
- Vidya and Bose agree on a secret key that they will use for encrypting and decrypting their messages. This key is known only to them.
2.
Encryption (Sending a Message):
- Vidya wants to send a confidential message to Bose. She takes the secret key they both share and uses it to encrypt her message. The result is ciphertext, which appears as a random sequence of characters.
Original Message: "Hello Bose,
meet me at 2 PM."
Secret Key: "K1"
Encrypted Message (Ciphertext): "5fGh#92Lp..."
3.
Transmission:
- Vidya sends the encrypted message (ciphertext) to Bose over an insecure communication channel. Even if an eavesdropper intercepts the message, they should not be able to understand its content without the secret key.
4.
Decryption (Receiving and Decrypting the
Message):
- Bose receives the ciphertext and uses the shared secret key to decrypt it, transforming it back into the original message.
Received Ciphertext:
"5fGh#92Lp..."
Secret Key: "K1"
Decrypted Message: "Hello Bose,
meet me at 2 PM."
In
this example:
-
The same secret key ("K1") is used by both Vidya and Bose for both
encryption and decryption.
-
The security of the communication relies on keeping the secret key
confidential.
- Symmetric cryptography ensures the confidentiality of the message during transmission.
ASYMMETRIC
CRYPTOGRAPHY
2.Explain
Asymmetric cryptography with example?
Ans:
Asymmetric
cryptography, also known as public-key cryptography, is a cryptographic
approach that uses a pair of mathematically related keys for secure
communication. This pair consists of a public key, which can be freely
distributed, and a private key, which must be kept secret. The uniqueness of
this system lies in the fact that data encrypted with one key can only be
decrypted with the other key in the pair.
1. Key Pairs: - Asymmetric cryptography uses a pair of keys: a public key for encryption and a private key for decryption. The keys are mathematically related, but it is computationally infeasible to derive one key from the other.
2. Public Key Distribution: - Public keys can be freely distributed to anyone, and they are often published in directories or attached to digital certificates. They serve as the means for others to encrypt messages or verify digital signatures.
3. Private Key Secrecy: - The private key must be kept secret and known only to its owner. It is used for decrypting messages or generating digital signatures. If the private key is compromised, the security of the entire system is at risk.
4. Confidentiality and Authentication: - Asymmetric cryptography provides confidentiality by allowing users to encrypt data with the recipient's public key, which can only be decrypted using the corresponding private key. It also facilitates authentication through digital signatures, where the sender signs a message with their private key, and the recipient verifies the signature using the sender's public key.
5. Key Exchange: - Asymmetric cryptography eliminates the need for a secure channel for key exchange. Two parties can securely communicate without having to exchange a secret key beforehand.
6.
Examples of Asymmetric Algorithms: -
Common asymmetric encryption algorithms include RSA (Rivest-Shamir-Adleman),
ECC (Elliptic Curve Cryptography), and DSA (Digital Signature Algorithm).
Asymmetric
cryptography is widely used for securing communications over the internet,
including secure email communication, online transactions (e.g., SSL/TLS for
secure web browsing), and digital signatures for document verification. Its
unique key pair structure addresses some of the challenges associated with
symmetric key distribution and key management.
This approach provides several security advantages, such as secure communication and digital signatures.
Example
for Asymmetric cryptography: Secure
Communication Between Vidya and Bose
1.
Key Pair Generation:
- Both Vidya and Bose generate a pair of keys – a public key and a private key. The public key is shared openly, while the private key is kept secret.
Vidya's Key Pair:
Public Key (A_pub): ABC123
Private Key (A_priv): 123XYZ
Bose's Key Pair:
Public Key (B_pub): DEF456
Private Key (B_priv): 456UVW
2.
Encryption (Sending a Message):
- If Vidya wants to send a confidential
message to Bose, she uses Bose's public key to encrypt the message. The
encrypted message, or ciphertext, can only be decrypted using Bose's
corresponding private key.
Original Message: "We need
Independence."
Encrypted Message (Ciphertext): [Encrypted with Bose's Public Key]
3.
Transmission:
- Vidya sends the encrypted message to Bose. Even if an eavesdropper intercepts the message and has access to Bose's public key, they cannot decrypt the message without Bose's private key.
4.
Decryption (Receiving and Decrypting the
Message):
- Bose receives the encrypted message and uses his private key to decrypt it, revealing the original message.
Received Ciphertext: [Encrypted with Bose's
Public Key]
Decrypted Message: " We need
Independence."
In
this example:
-
Bose's public key is used for encryption, and only Bose's private key can
decrypt messages encrypted with his public key.
- The security relies on the mathematical relationship between the public and private keys, making it computationally infeasible to derive the private key from the public key.
Asymmetric cryptography is commonly used for secure communication, digital signatures, and key exchange in various secure protocols, such as SSL/TLS for securing web communication. It addresses some of the key distribution challenges present in symmetric cryptography, where both parties need to share a secret key securely.
Message Authentication:
Message
authentication involves verifying the integrity and authenticity of a message
to ensure it has not been altered and to confirm the identity of the sender. This
helps prevent unauthorized modifications, forgeries, or tampering with
sensitive information.
Here are some common approaches:
1.Message
Encryption:
Message
encryption focuses on ensuring the confidentiality of the message. It protects
the content from unauthorized access or eavesdropping during transmission.
Techniques:
Symmetric
Encryption:
The same secret key is used for both encryption and decryption. The sender and
recipient must securely share this key. Common symmetric encryption algorithms
include AES (Advanced Encryption Standard) and DES (Data Encryption Standard).
Asymmetric Encryption: A pair of public and private keys is used. The sender encrypts the message with the recipient's public key, and only the recipient, with their private key, can decrypt the message. Common asymmetric encryption algorithms include RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography)
2.Message
Authentication Codes:
MAC
algorithm is a symmetric key cryptographic technique to provide message
authentication. For establishing MAC process, the sender and receiver share a
symmetric key K.
The process of using MAC for authentication is depicted in the following illustration –
Let
us now try to understand the entire process in detail –
·
The
sender uses some publicly known MAC algorithm, inputs the message and the
secret key K and produces a MAC value.
·
MAC
function compresses an arbitrary long input into a fixed length output. MAC
uses secret key during the compression.
·
The
sender forwards the message along with the MAC. Here, we assume that the
message is sent in the clear, as we are concerned of providing message origin
authentication, not confidentiality. If confidentiality is required then the message
needs encryption.
·
On
receipt of the message and the MAC, the receiver feeds the received message and
the shared secret key K into the MAC algorithm and re-computes the MAC value.
·
The
receiver now checks equality of freshly computed MAC with the MAC received from
the sender. If they match, then the receiver accepts the message and assures
himself that the message has been sent by the intended sender.
· If the computed MAC does not match the MAC sent by the sender, the receiver cannot determine whether it is the message that has been altered or it is the origin that has been falsified. As a bottom- line, a receiver safely assumes that the message is not the genuine.
3.
Hash functions
Message authentication using hash functions involves the use of cryptographic hash functions to verify the integrity and authenticity of a message. Here's how hash functions are applied to achieve message authentication:
Message Authentication Using Hash Functions:
1.
Hash Function Selection:
Description: Choose a secure
cryptographic hash function with desirable properties, such as collision
resistance
Example: SHA-256 (Secure Hash Algorithm 256-bit) is a commonly used cryptographic hash function.
2.
Hashing the Message:
Description: The sender applies
the selected hash function to the entire content of the message to produce a
fixed-size hash value or digest.
Example:
Original Message: "Hello, this
is a secure message."
Hash Value(SHA-256):
3d9a0b5fe08e64b235146574745033f5a7b1a1ee3b4d7c4bd2e3a8a2d26e1f4
3.
Transmission of Hash Value:
Description: The sender sends
both the original message and the computed hash value to the recipient.
Example: Transmit both the
message and the SHA-256 hash value.
4.
Message Authentication at the Recipient's End:
Description: The recipient
independently applies the same hash function to the received message to compute
a hash value.
Example:
Received Message: "Hello, this
is a secure message."
Hash Value(SHA-256):
3d9a0b5fe08e64b235146574745033f5a7b1a1ee3b4d7c4bd2e3a8a2d26e1f4
5.
Verification and Decision:
Description: The recipient
compares the computed hash value with the hash value received from the sender.
Example: If the hash values match, the
recipient can be confident that the message is authentic and unaltered. A
mismatch indicates potential tampering.
Advantages
of Using Hash Functions
-
Integrity Verification
-
Efficiency
-
Fixed-Size Output.
- Unpredictability
Digital Signatures
3.Explain
about Digital Signatures?
Ans:
A
digital signature is a cryptographic technique that involves the use of a
private key to sign a message or document, and a corresponding public key to
verify the signature. This process ensures that the sender is who they claim to
be and that the message or document has not been altered during transmission.
Digital signature is a cryptographic value that is calculated from the data and
a secret key known only by the signer.
In real world, the receiver of message needs assurance that the message belongs
to the sender and he should not be able to repudiate the origination of that
message. This requirement is very crucial in business applications, since
likelihood of a dispute over exchanged data is very high.
Components
of Digital Signatures:
1. Private Key: Only known to the owner, the private key is used to create the digital signature. It must be kept secure to maintain the integrity of the digital signature.
2. Public Key: This key is shared openly and is used by others to verify the digital signature. It is associated with the entity that owns the corresponding private key.
3. Hash Function: Digital signatures are often created by first hashing the message using a cryptographic hash function. This produces a fixed-size string of characters, which is then signed with the private key.
Model
of Digital Signature
As
mentioned earlier, the digital signature scheme is based on public key
cryptography. The model of digital signature scheme is depicted in the
following illustration −
The
following points explain the entire process in detail −
·
Each
person adopting this scheme has a public-private key pair.
· Generally,
the key pairs used for encryption/decryption and signing/verifying are
different. The private key used for signing is referred to as the signature
key and the public key as the verification key.
·
·
Hash
value and signature key are then fed to the signature algorithm which produces
the digital signature on given hash. Signature is appended to the data and then
both are sent to the verifier.
·
Verifier
feeds the digital signature and the verification key into the verification
algorithm. The verification algorithm gives some value as output.
·
Verifier
also runs same hash function on received data to generate hash value.
·
For
verification, this hash value and output of verification algorithm are
compared. Based on the comparison result, verifier decides whether the digital
signature is valid.
·
Since
digital signature is created by ‘private’ key of signer and no one else can
have this key; the signer cannot repudiate signing the data in future.
--O--
Importance
in Cybersecurity:
·
Authentication: Digital signatures verify the identity of
the sender. If the digital signature can be successfully verified using the
sender's public key, it indicates that the message was indeed signed by the owner
of the private key.
·
Data Integrity: Digital signatures ensure that the content
of the message or document has not been tampered with during transmission. Any
modification to the original content would result in an invalid signature.
·
Non-repudiation: Once a message is digitally signed, the
sender cannot later deny their involvement. The digital signature provides a
non-repudiable proof that the sender approved the message.
·
Secure Communication: Digital signatures enhance the
security of communications, especially in scenarios like online transactions,
legal documents, and secure email communication.
APPLICATIONS
OF CRYPTOGRAPHY:
Cryptography, the practice and study of techniques for securing communication and data, has a wide range of applications across various domains. Here are some key applications of cryptography:
1.Secure
Communication:
SSL/TLS
Protocols:
Used to secure communication over the internet, ensuring the confidentiality
and integrity of data exchanged between web browsers and servers.
VPN
(Virtual Private Network): Employed to establish secure communication channels
over public networks, allowing users to access private networks securely.
2.Data
Integrity:
Digital
Signatures:
Ensure the integrity and authenticity of digital messages, documents, or
software by providing a verifiable proof of the sender's identity and the
data's unchanged state.
Hash
Functions:
Used to generate fixed-size hash values that represent the integrity of data.
Changes in data result in different hash values.
Access
Control:
3.Access
Control:
Authentication:
Verifies
the identity of users or systems before granting access. Passwords, biometrics,
and cryptographic tokens are common authentication methods.
Authorization:
Determines
the level of access rights granted to authenticated users, preventing
unauthorized access to sensitive information.
4.Cryptographic
Hash Functions:
Password
Hashing: Safely
store user passwords by hashing them, making it computationally infeasible for
attackers to retrieve the original passwords from the stored hashes.
Data
Integrity Checks: Verify
the integrity of data by comparing hash values before and after transmission.
5.Secure
File Transfer:
SFTP
(Secure File Transfer Protocol): Ensures the secure transfer of files over
a network by combining the features of FTP with encryption.
PGP
for File Encryption:
Encrypts files to protect their content during transmission or storage.
Overview of Firewalls- Types of Firewalls
The primary purpose of a firewall is to allow non-threatening traffic and prevent malicious or unwanted data traffic for protecting the computer from viruses and attacks. A firewall is a cyber security tool that filters network traffic and helps users block malicious software from accessing the Internet in infected computers.
Capabilities of
firewalls
·
Access Control:
Determines
which network traffic is allowed or blocked based on specified security rules.
·
Network Address Translation (NAT):
Translates
internal IP addresses to a single external IP address, enhancing privacy and
security.
·
Virtual Private Network (VPN) Support:
Facilitates
secure communication over public networks by encrypting data in transit.
·
Logging and Monitoring:
Keeps
records of network activity for analysis and auditing purposes.
·
Intrusion Prevention System (IPS):
Monitors and analyzes network or system activities for malicious exploits or security policy violations.
Types of Firewalls:
Packet
Filtering Firewall :
Packet filtering firewall is used to control network access by
Packet filtering firewall maintains a filtering table which decides whether the packet will be forwarded or discarded.
Stateful Inspection Firewall : Keeps track of the state of active connections and makes decisions based on the context of the traffic
Application Layer Firewall : Acts as an intermediary at the application layer, providing more granular control over applications and content.
Circuit-Level
Gateways:
Monitors the validity of sessions at the session layer without inspecting packet contents.
Next-Generation
Firewalls (NGFW):
Combines traditional firewall capabilities with additional features like intrusion prevention, application awareness, and advanced threat detection.
Hardware
Firewalls:
Dedicated physical devices designed to protect an entire network, often placed at the network perimeter.
Software
Firewalls:
Installed
as software on individual devices, providing protection at the host level.
User Management
User management is a crucial aspect of information security and system administration. It involves the processes and tools used to create, modify, deactivate, and delete user accounts, as well as manage user access to resources within a computer system or network. Effective user management is essential for maintaining security, compliance, and the overall integrity of an information system.
Here are key components of user management:
Authentication
and Authorization:
Authentication: Verifying the
identity of users through the use of usernames, passwords, biometrics, or
multi-factor authentication (MFA).
Authorization: Assigning appropriate permissions and access levels to users based on their roles and responsibilities.
Auditing
and Logging:
·
Logging
user activities, login attempts, and changes to user accounts.
· Regularly reviewing audit logs for anomalies, security incidents, or policy violations.
User
Education and Awareness:
·
Providing
users with training on secure password practices, phishing awareness, and
general security hygiene.
· Promoting a culture of security consciousness among users.
User
Provisioning and Deprovisioning:
Provisioning: Automated creation
and assignment of user accounts, roles, and access privileges.
Deprovisioning: Automated or manual removal of user accounts and associated access rights when users no longer require them.
Single
Sign-On (SSO):
·
Allowing
users to authenticate once and gain access to multiple systems or applications
without re-entering credentials.
· Enhancing user experience and reducing the risk associated with multiple passwords.
VPN Security :
4.What
is VPN? What are the services provided
by VPN?
·
A
Virtual Private Network is a way to extend a private network using a public
network such as the internet.
·
The
name only suggests that it is a Virtual “private network” i.e. user can be part
of a local network sitting at a remote location. It makes use of tunneling
protocols to establish a secure connection Security Protocols:
VPN
creates a secure and encrypted connection over the internet, allowing users to
access private networks or the internet securely. It is widely used for remote
access, site-to-site connectivity, and maintaining privacy and security during
data transmission.
Features
of VPN :
·
VPN
provides plentiful Server location.
·
It
also provides anonymous DNS servers.
·
VPNs
are generally cost-effective.
·
VPN
supports Router.
·
The
VPN is highly encrypted and secure.
·
Along
with VPN, we get secure VPN protocols.
·
It
provides safety against DNS Leak.
·
The
VPN providers also offer Cross-Platform Compatible Apps.
Applications
of VPN:
·
VPN
can easily bypass geographic restrictions on websites or streaming audio and
video.
·
Using
a VPN, we can protect ourselves from snooping from untrustworthy Wi-Fi
hotspots.
·
One
can gain privacy online by hiding one’s true location.
·
One
can protect themselves from being logged while torrenting.
What
does a VPN hide?
·
A
VPN can hide a lot of information like –
·
User’s
Browsing History
·
User’s
IP address and location
·
User’s
location for streaming
·
User’s
device
·
User’s
web activity — to preserve internet freedom
How
to choose a VPN?
In
order to choose the perfect VPN, one must ask the given questions from their
VPN providers as follows.
·
How
much privacy the VPN is providing to you?
·
Are
you able to run all security protocols?
·
Do
they set any limits on your data?
·
Where
is the server of your VPN located?
·
Are
all your devices able to access VPN?
·
What
is the cost of a VPN?
Advantages
of VPN :
·
It
Provides you Anonymity.
·
It
Avoid the Geo-restrictions.
·
It
has security Protection from Cyberattacks.
·
It
will Prevent Bandwidth Throttling.
·
It
will help you to Improve Gaming Experience.
·
It
has capability to Bypass Firewall.
Disadvantages
of VPN :
·
It
can Slow down the Internet Speed.
·
It
has Privacy Issues.
·
It
might be Connection droppings while you will be connected over VPN.
·
It
might have Configuration difficulty.
·
It
has Legality Issues.
--O--
Virtual Private Network (VPN) is basically of 2 types:
1. Remote
Access VPN: Remote Access VPN permits a user to connect to a private network and access
all its services and resources remotely. The connection between the user and
the private network occurs through the Internet and the connection is secure
and private. Remote Access VPN is useful for home users and business users
both.
An employee of a
company, while he/she is out of station, uses a VPN to connect to his/her
company’s private network and remotely access files and resources on the
private network.
2. Site to Site
VPN:
A Site-to-Site VPN
is also called as Router-to-Router VPN and is commonly used in the large
companies. Companies or organizations, with branch offices in different
locations, use Site-to-site VPN to connect the network of one office location
to the network at another office location.
à Intranet based VPN: When several offices of the same company are
connected using Site-to- Site VPN type, it is called as Intranet based VPN.
à Extranet based VPN: When companies use Site-to-site VPN type to
connect to the office of another company, it is called as Extranet based VPN.
Types of
Virtual Private Network (VPN) Protocols:
1. Internet
Protocol Security (IPSec):
Internet Protocol
Security, known as IPSec, is used to secure Internet communication across an IP
network. IPSec secures Internet Protocol communication by verifying the session
and encrypts each data packet during the connection.
IPSec runs in 2
modes:
i. Transport mode
ii. Tunneling mode
The work of
transport mode is to encrypt the message in the data packet and the tunneling
mode encrypts the whole data packet. IPSec can also be used with other security
protocols to improve the security system.
2. Layer 2
Tunneling Protocol (L2TP):
Combines the best
features of L2TP and IPsec to provide secure and encrypted communication.
3.
Point–to–Point Tunneling Protocol (PPTP):
An older VPN
protocol that creates a secure tunnel between two points, commonly used for
remote access.
4. SSL and TLS:
SSL (Secure Sockets
Layer) and TLS (Transport Layer Security) generate a VPN connection where the
web browser acts as the client and user access is prohibited to specific
applications instead of entire network.
Online shopping
websites commonly uses SSL and TLS protocol. It is easy to switch to SSL by web
browsers and with almost no action required from the user as web browsers come
integrated with SSL and TLS. SSL connections have “https” in the initial of the
URL instead of “http”.
5. OpenVPN:
OpenVPN is an open
source VPN that is commonly used for creating Point-to-Point and Site-to-Site connections.
It uses a traditional security protocol based on SSL and TLS protocol.
6. Secure Shell
(SSH):
Secure Shell or SSH
generates the VPN tunnel through which the data transfer occurs and also
ensures that the tunnel is encrypted. SSH connections are generated by a SSH
client and data is transferred from a local port on to the remote server
through the encrypted tunnel.
7.Site-to-Site VPN:
Description:
Connects entire networks or multiple sites securely over the internet, creating
a virtual network between geographically dispersed locations.
8.Hybrid VPN:
Description:
Combines elements of different VPN types to create a customized solution that
meets specific requirements.
Security
Protocols:
5.Explain about
PGP?
Ans:
1. Pretty Good
Privacy (PGP) :
PGP is an open source
software package that is designed for the purpose of email security. Phil
Zimmerman developed it. Pretty Good Privacy (PGP) is
indeed a widely-used data encryption and decryption program that provides
cryptographic privacy and authentication for data communication.
In this multiple steps such
are taken to secure the email, these are,
·
Confidentiality
·
Authentication
·
Compression
·
Resemble
·
Segmentation
·
E-mail compatibility
1. Confidentiality:
PGP
primarily focuses on confidentiality. It uses a combination of symmetric-key
cryptography and public-key cryptography to ensure that the content of messages
is secure and can only be read by the intended recipient.
2. Authentication:
PGP also
includes mechanisms for user authentication. It uses digital signatures to
verify the identity of the sender and ensure that the message has not been
tampered with during transit.
3. Compression:
PGP
includes compression to reduce the size of the encrypted message, making it
more efficient to transmit.
4. Resemble
(Integrity):
PGP
ensures message integrity by using hash functions. This helps detect any
unauthorized changes to the message during transmission.
5. Segmentation
(Radix-64 Encoding):
PGP uses Radix-64 encoding to ensure that
binary data is properly transmitted through email systems that may not handle
binary data well. It converts binary data into a text format that is safe for
transport.
6. E-mail
Compatibility:
PGP is
designed to be compatible with various email systems and is often used for
securing email communications. It integrates with popular email clients,
allowing users to encrypt, decrypt, sign, and verify messages seamlessly.
Secure/Multipurpose
Internet Mail Extension (S/MIME) :
6.Explain about S/MIME?
Ans:
S/MIME is a security-enhanced version of
Multipurpose Internet Mail Extension (MIME). In this, public key cryptography
is used for digital sign, encrypt or decrypt the email. User acquires a
public-private key pair with a trusted authority and then makes appropriate use
of those keys with email applications.
S/MIME, which stands for Secure/Multipurpose
Internet Mail Extensions, is another standard for securing email
communications, much like PGP. Here are some key points about S/MIME:
1.
Standard for Secure Email:
S/MIME
is a standard that defines the formatting of secure email messages. It is
widely used for securing email communication in both business and personal
contexts.
2.
Cryptographic Features:
Similar
to PGP, S/MIME uses a combination of asymmetric key cryptography (public-key
cryptography) and symmetric key cryptography to provide confidentiality,
authentication, and message integrity.
3.
Digital Signatures:
S/MIME
allows users to apply digital signatures to their messages, providing a way to
verify the sender's identity and ensuring that the content has not been altered
during transit.
4.
Encryption:
S/MIME
supports the encryption of email content, protecting it from unauthorized
access during transmission. This ensures that only the intended recipient can
decrypt and read the message.
5. X.509
Certificates:
S/MIME
relies on X.509 certificates, which are digital certificates that contain a
public key and information about the certificate holder. These certificates are
used for authentication and verifying the integrity of the message.
6.
Interoperability:
S/MIME
is widely supported by many email clients and servers, making it a common
choice for organizations that require secure email communication. It provides a
high level of interoperability across different platforms.
7.
Integration with Email Clients:
S/MIME
is often integrated into popular email clients, allowing users to easily sign
and encrypt their emails. This integration streamlines the process of securing
email communication.
8. Usage
in Corporate Environments:
S/MIME
is commonly used in corporate environments where secure communication is
crucial. It helps protect sensitive information and ensures the authenticity of
messages exchanged within the organization.
While both PGP and S/MIME aim to achieve similar
goals in terms of email security, they differ in their approach and
implementation.
--O--
SECURITY AT
TRANSPORT LAYER- SSL AND TLS
TRANSPORT LAYER
SECURITY (TLS)
7.Explain about
TLS?
Ans: Transport Layer
Securities (TLS) are designed to provide security at the transport layer. TLS
was derived from a security protocol called Secure Socket Layer (SSL). TLS
ensures that no third party may eavesdrop or tampers with any message.
There are
several benefits of TLS:
·
Encryption:
TLS/SSL can help to
secure transmitted data using encryption.
·
Interoperability:
TLS/SSL works with
most web browsers, including Microsoft Internet Explorer and on most operating
systems and web servers.
·
Algorithm flexibility:
TLS/SSL provides
operations for authentication mechanism, encryption algorithms and hashing
algorithm that are used during the secure session.
·
Ease of Deployment:
Many applications
TLS/SSL temporarily on a windows server 2003 operating systems.
·
Ease of Use:
Because we implement
TLS/SSL beneath the application layer, most of its operations are completely
invisible to client.
Working of TLS:
The client connect
to server (using TCP), the client will be something. The client sends number of
specification:
i. Version of
SSL/TLS.
ii. which cipher
suites, compression method it wants to use.
The server checks
what the highest SSL/TLS version is that is supported by them both, picks a
cipher suite from one of the clients option (if it supports one) and optionally
picks a compression method. After this the basic setup is done, the server
provides its certificate. This certificate must be trusted either by the client
itself or a party that the client trusts. Having verified the certificate and
being certain this server really is who he claims to be (and not a man in the
middle), a key is exchanged. This can be a public key, “PreMasterSecret” or
simply nothing depending upon cipher suite.
Both the server and
client can now compute the key for symmetric encryption. The handshake is
finished and the two hosts can communicate securely. To close a connection by
finishing. TCP connection both sides will know the connection was improperly
terminated. The connection cannot be compromised by this through, merely interrupted.
--**--
8.Explain about
SSL?
Ans: Secure Socket Layer
(SSL) provides security to the data that is transferred between web browser and
server. SSL encrypts the link between a web server and a browser which ensures
that all data passed between them remain private and free from attack.
·
SSL record protocol
·
Handshake protocol
·
Change-cipher spec protocol
·
Alert protocol
SSL Protocol Stack:
SSL Record Protocol:
SSL Record provides two services to SSL
connection.
Confidentiality
Message Integrity
In the SSL Record Protocol application data is
divided into fragments. The fragment is compressed and then encrypted MAC
(Message Authentication Code) generated by algorithms like SHA (Secure Hash
Protocol) and MD5 (Message Digest) is appended. After that encryption of the
data is done and in last SSL header is appended to the data.
Handshake Protocol:
Handshake Protocol is used to establish sessions.
This protocol allows the client and server to authenticate each other by
sending a series of messages to each other. Handshake protocol uses four phases
to complete its cycle.
Phase-1: In Phase-1 both Client and Server send
hello-packets to each other. In this IP session, cipher suite and protocol
version are exchanged for security purposes.
Phase-2: Server sends his certificate and
Server-key-exchange. The server end phase-2 by sending the Server-hello-end
packet.
Phase-3: In this phase Client reply to the
server by sending his certificate and Client-exchange-key.
Phase-4: In Phase-4 Change-cipher suite
occurred and after this Handshake Protocol ends.
Silent Features of Secure Socket Layer:
The advantage of this approach is that the
service can be tailored to the specific needs of the given application.
Secure Socket Layer was originated by Netscape.
SSL is designed to make use of TCP to provide
reliable end-to-end secure service.
This is a two-layered protocol.
--O--
There are some differences between SSL and TLS
which are given below:
Security at Network
Layer-IPSec:
IPSec
IPSec stands for
Internet Protocol Security.
It is a suite of
protocols between two communication points across the IP network that provides
data authentication, data integrity, and confidentiality.
It was developed by
Internet Engineering Task Force(IETF) in 1995.
It defines the
architecture for security services for IP network traffic and gives a framework
for providing security at the IP layer, as well as the suite of protocols
designed to provide security through authentication and encryption of IP
network packets.
IPsec includes the
protocols that define the cryptographic algorithms used for encryption,
decryption, and authentication.
Characteristics
of IPSec:
Anti-Replay
Protection: IPSec assigns unique number to each packet when a packet with duplicate sequence
number is detected then it is replayed and dropped.
Data
Authentication-The Hash Message Authentication Code (HMAC) verifies that the packets are
not changed.
Transparency: IPSec works below
the transport layer so it is transparent to users and applications.
Confidentiality:
Data packets are encrypted by the sender before transmission so the
sensitive data will only reach to intended recipient.
Dynamic
Re-Keying: Re-Keying procedure at set intervals replaces manual reconfiguration of
secret keys.
Advantages of
IPSec:
IPSec operates at
layer 3, that is the network layer, as a result it has no impact on higher
network layers.
It provides
transparency to application. The end-user need not to bother about the IPSec or
its configurations.
As it is implemented
at the network layer, IPSec allows monitoring all the traffic that passes over
the network.
During any data
exchange, IPSec uses a public key that helps in the safe transfer of confidential
data, as a result securing the keys ensures safe data transfer.
IPSec only requires
modifications to the operating system, so IPSec based Virtual Private Networks
do not need to worry about the type of application.
Disadvantages
of IPSec:
One of the greatest
disadvantages of IPSec is its wide access range, giving access to a single
device of IPSec based network, can give privileges for other devices too.
IPSec causes some
compatibility issues with software if software developers do not adhere to the standards
of IPSec.
IPSec has high C.P.U
usage when the data packet size is small, the performance of the network
diminishes due to large overhead used by IPSec.
Security of certain
algorithms used in IPSec is a concern, if someone uses broken algorithm, the
server will be at a greater risk of a hack.
Uses of IP
Security –
IPsec can be used to
do the following things:
To encrypt
application layer data.
To provide security
for routers sending routing data across the public internet.
To provide
authentication without encryption, like to authenticate that the data
originates from a known sender.
To protect network
data by setting up circuits using IPsec tunnelling in which all data is being
sent between the two endpoints is encrypted, as with a Virtual Private Network
(VPN) connection.
No comments:
Post a Comment