Professional Documents
Culture Documents
PR1 - Introduction To Cryptography and Network Security - OK
PR1 - Introduction To Cryptography and Network Security - OK
PR1 - Introduction To Cryptography and Network Security - OK
Security services:
A security service is a processing or communicating service that can prevent or detect the various
attacks. Various security services are:
Authentication: the recipient should be able to identify the sender, and verify that the sender,
who claims to be the sender, actually did send the message.
Data Confidentiality: An attacker should not be able to read the transmitted data or extract
data in case of encrypted data. In short, confidentiality is the protection of transmitted data
from passive attacks.
Data Integrity: Make sure that the message received was exactly the message the sender sent.
No repudiation: The sender should not be able to deny sending the should not be able to deny
receiving the message..The receiver should no be able to deny receiving the message.
Types of Attack:
1. Passive Attack: In a passive attack, the attacker monitors or eavesdrops on the transmission
between sender and receiver, the attacker trying to retrieve the information from transmitted
massage. In a passive attack, neither the sender nor the receiver is aware of the attack as the
attacker only retrieves the message, he doesn’t perform any alteration to the captured message.
E &TC/SEM-VII/C&NS/PR01 Page 1
Sipna College of Engineering & Technology, Amravati.
Department of Electronics and Telecommunication Engineering
2. Active Attack: We have seen that in the passive attack, the attacker does not alter the message,
but in the active attack the attacker alters, and modifies the transmitted message by creating a
false data stream.
Active Devices
These security devices block the surplus traffic. Firewalls, antivirus scanning devices, and content
filtering devices are the examples of such devices.
E &TC/SEM-VII/C&NS/PR01 Page 2
Sipna College of Engineering & Technology, Amravati.
Department of Electronics and Telecommunication Engineering
Passive Devices
These devices identify and report on unwanted traffic, for example, intrusion detection appliances.
Preventative Devices
These devices scan the networks and identify potential security problems. For
examples, penetration testing devices and vulnerability assessment appliances.
Antivirus
An antivirus is a tool that is used to detect and remove malicious software. It was originally designed
to detect and remove viruses from computers.
Modern antivirus software provide protection not only from virus, but also from worms, Trojan-
horses, adwares, spywares, keyloggers, etc. Some products also provide protection from malicious
URLs, spam, phishing attacks, botnets, DDoS attacks, etc.
Content Filtering
Content filtering devices screen unpleasant and offensive emails or webpages. These are used as a
part of firewalls in corporations as well as in personal computers. These devices generate the
message "Access Denied" when someone tries to access any unauthorized web page or email.
Content is usually screened for pornographic content and also for violence- or hate-oriented content.
Organizations also exclude shopping and job related contents.
Content filtering can be divided into the following categories −
Web filtering
Screening of Web sites or pages
E-mail filtering
Screening of e-mail for spam
Other objectionable content
E &TC/SEM-VII/C&NS/PR01 Page 3
Sipna College of Engineering & Technology, Amravati.
Department of Electronics and Telecommunication Engineering
Intrusion Detection Systems
Intrusion Detection Systems, also known as Intrusion Detection and Prevention Systems, are the
appliances that monitor malicious activities in a network, log information about such activities, take
steps to stop them, and finally report them.
Intrusion detection systems help in sending an alarm against any malicious activity in the network,
drop the packets, and reset the connection to save the IP address from any blockage. Intrusion
detection systems can also perform the following actions −
3. Phishing
Phishing is among the oldest and most common types of security attacks. What’s more, these attacks
have increased by 65 percent in the last year, and account for 90 percent of data breaches. This form
of social engineering deceives users into clicking on a link or disclosing sensitive information. It’s
often accomplished by posing as a trusted source via email. Another approach is ‘spear phishing,’
which is a targeted attack on an individual.
E &TC/SEM-VII/C&NS/PR01 Page 4
Sipna College of Engineering & Technology, Amravati.
Department of Electronics and Telecommunication Engineering
4. Brute-force attacks
In brute-force security attacks, hackers often use dictionary software to repeatedly and systematically
attempt password combinations until they find one that works. Once the cyber criminal has access,
they can wreak all sorts of havoc on your site. Users should always choose strong passwords that
include a combination of letters, symbols, and numbers. You might consider using a password
generator tool such as LastPass: This tool enables you to quickly generate a secure combination of
characters. It’s also useful for safely storing passwords across devices so you don’t have to worry
about forgetting them. You could also help prevent brute-force attacks by limiting login attempts and
implementing Two-Factor Authentication (2FA). If a cybercriminal does gain access to your site, you
can block them from retrieving confidential information by further password protecting sensitive files.
5. SQL Injections
Structured Query Language (SQL) injections are when an attacker injects malicious code into a server
to manipulate back end databases. The goal is to reveal private data such as user lists, customer
details, and credit card numbers. SQL injection attacks can cause severe damage to businesses.
Attackers can delete tables and gain administrative rights, although the most devastating aspect is the
loss of your customers’ trust and loyalty. To prevent malicious code from infiltrating your database,
you can use a Web Application Firewall (WAF), which acts as an additional protective barrier.
6. Man-In-The-Middle (MITM) attacks
With MITM attacks, the criminal positions themselves between your device and the server. They
eavesdrop on, intercept, and manipulate communication between two parties – this often happens on
unsecured wireless networks such as public WiFi. Detection of these attacks is difficult, but
prevention is possible. Always use secure WiFi connections, and consider investing in a Virtual
Private Network (VPN). It’s also wise to install a Secure Sockets Layer (SSL) certificate on your site.
This ensures communication between your website and a visitor’s browser is encrypted and
inaccessible to MITM attackers.
7. Denial-of-Service (DoS) attacks
In a nutshell, a DoS attack sees an attacker flood a website with an overwhelming amount of traffic,
often using ‘bots.’ As a result, the system crashes and denies access to real users. These attacks are
growing increasingly popular. Hackers can take advantage of vulnerabilities in connected devices and
use them to launch Distributed Denial-of-Service (DDoS) attacks. To minimize your site’s risk of
DoS attacks, it’s important to constantly monitor your site’s traffic, and have dependable tools to
mitigate the negatives. For example, routers and WAFs can block suspicious visitors, while your
server needs to be strong and stable. What’s more, it’s smart to update these tools regularly.
Cross-Site Scripting (XSS) attacks occur when an attacker exploits vulnerabilities in a web
application by injecting malicious code – usually JavaScript – into the user’s browser. This lets them
gain control of (and access to) the user’s browser, as well as account credentials and sensitive data.
E &TC/SEM-VII/C&NS/PR01 Page 5
Sipna College of Engineering & Technology, Amravati.
Department of Electronics and Telecommunication Engineering
There are there are other important methods of XSS prevention you could implement. For example,
you could enforce passwords for sensitive pages, and implement validation through classification or
input sanitization.
Introduction to Cryptography:
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables
you to store sensitive information or transmit it across insecure networks (like the Internet) so that it
cannot be read by anyone except the intended recipient.
While cryptography is the science of securing data, cryptanalysis is the science of analyzing and
breaking secure communication. Classical cryptanalysis involves an interesting combination of
analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and
luck. Cryptanalysts are also called attackers. Cryptology embraces both cryptography and
cryptanalysis.
A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and
decryption process. A cryptographic algorithm works in combination with a key—a word, number, or
phrase—to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different
keys. The security of encrypted data is entirely dependent on two things: the strength of the
cryptographic algorithm and the secrecy of the key. A cryptographic algorithm, plus all possible keys
and all the protocols that make it work, comprise a cryptosystem. PGP is a cryptosystem.
Cryptography Terminologies:
E &TC/SEM-VII/C&NS/PR01 Page 6
Sipna College of Engineering & Technology, Amravati.
Department of Electronics and Telecommunication Engineering
In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used
both for encryption and decryption. The Data Encryption Standard (DES) is an example of a
conventional cryptosystem. Conventional encryption has benefits. It is very fast. It is especially useful
for encrypting data that is not going anywhere. However, conventional encryption alone as a means
for transmitting secure data can be quite expensive simply due to the difficulty of secure key
distribution.
Conclusion: We are aware about different attack and use of Cryptography to prevent the attack.
E &TC/SEM-VII/C&NS/PR01 Page 7