Unit 4

Information Security
UNIT IV
Subject Instructor: Mr Vijay Kumar
Department of Computer Science & Engineering , BVCOE New Delhi

1 Subject: INFORMATION SECURITY, Instructor: MrVijay Kumar
Network Cryptography
What is Cryptography?
In simple layman’s term Cryptography is an art of secret writing. It is necessary
when communication in over untrusted network
Major functions of cryptography can be classified in following
Privacy & confidentiality: To ensure that no one can read or access the message
except for the intended receiver
Authentication: The process of proving one’s identity.
Integrity: To ensure that the receiver that his received message are not being
altered from the original message
Non-repudiation: A mechanism to cross-check that the sender really sent this
message.
Key exchange: The process by which crypto keys are shared between sender and
receiver.
In cryptography “plaintext” is called as unencrypted data. This plaintext is
then encrypted into cipher text, which in turn can be decrypted back into
plaintext. The encryption and decryption is done depending on the type of
cryptography scheme and some form of key.
The usual formula for implementing cryptography is
C = Ek(P)
P = Dk(C)
Here P denotes plaintext, C = cipher text, E = the encryption method, D =
the decryption method, and k = the key.

TYPES OF CRYPTOGRAPHIC ALGORITHMS
Commonly used algorithms are:
Secret Key Cryptography (SKC): This algorithm uses a single key for both
encryption and decryption; also called symmetric encryption. Primarily it’s
been used for privacy and confidentiality of data. As shown in Figure 1A,
the sender uses the key to encrypt the plaintext and sends the cipher text to
the receiver. The receiver then applies the same key for message decryption
and recovers the plaintext. In this form of cryptography, it is obvious that the
key must be known to both the sender and the receiver; that, in fact, is the
secret. The Main challenge with this approach is the distribution of the key
(more on that later in the discussion of public key cryptography).

Public Key Cryptography (PKC): This algorithm uses one key for encryption and
another for decryption; also called asymmetric encryption. Primarily it’s been used
for authentication, non-repudiation, and key exchange. Public key cryptography is
known as the most significant new development in cryptography. The Generic
PKC employs two keys that are mathematically related although knowledge of one
key does not allow someone to easily determine the other key. Here the one key is
used to encrypt the plaintext and another key is used to decrypt the cipher text. The
important thing to keep in mind is that it does not matter which key is applied first,
but both the keys are required for the process to work (Figure 1B). Usually in PKC,
one of the keys is designated as the public key and may be advertised as widely as
the owner wants. Another key is designated as the private key and is never revealed
to another party.
Hash Functions: This algorithm uses a mathematical transformation to
irreversibly “encrypt” information, providing a digital fingerprint. Primarily
used for message integrity. Hash functions, also called message
digests and one-way encryption, and are algorithms that, in essence, use no
key (Figure 1C). Usually, a fixed-length hash value is computed based upon
the plaintext that makes it impossible for either the contents or length of the
plaintext to be recovered. Hash algorithms are mainly used to provide
a digital fingerprint of a file’s contents which ensures that the file has not
been altered by an intruder or virus. Hash functions are widely & commonly
used for password encryption by many operating systems. Hash functions,
thus provide a mechanism to ensure the integrity of a file.
TYPES OF CRYPTOGRAPHIC
ALGORITHMS

Issues in Document Security
Threats to document security can include:
 security breaches
 unstructured data
 unsecured files
 human failure
 unauthorizes access to storage

The most common document security threats are
internal
1. Prevent employees from becoming phishing victims
Phishing emails, now account to 90-95 % of all successful cyberattacks
worldwide, pose the biggest internal threat. This is where hackers act as
trustworthy entities, such as suppliers, colleagues or even clients, and ask for
sensitive information. But, by knowing how to spot them you should be safe
and sound! Make sure that you check the sender’s actual email address, not
just the name. Spelling mistakes, incorrect or slightly tweaked logos are also
a red flag. If you aren’t sure, verify the email with your IT team so you don’t
compromise any sensitive documents.

Here’s an example of an email automatically blocked as its attachment contained a malware
(courtesy of our Head of IT):
Virus and ransomware can corrupt all the documents stored on your servers. Be cautious
when dealing with spams and phishing emails policies.
2. Manage your documents
Document security works best when access rights to documents are granted
on a need-to-have basis. Having documents locked by passwords and
restricting access is an effective way to ensure a secure document
environment. Electronic document management systems can be extremely
useful. These systems will have audit trails that monitor documents and
record any modifications and general activity. It is vital that these trails must
be actively checked for suspicious activity which could pose a threat to
document security standards.

3. Be aware of shared devices
Shared devices like printers and scanners are another point of weakness for
document security. To limit the danger, only authorized users should be
allowed access to network applications and resources from these systems.
Protect printers with a password or smart card-based authentication, using
your existing security infrastructure which reduces the need for extra
passwords. Print management software can be used to hold documents in a
print queue, and maintain a complete audit trail of document activity.
It’s also a common thing to restrict access to physical ports (USB, flash
drive) to prevent anyone from stealing your confidential documents or
infecting your company’s network.
External document security threats can also be
reduced
Documents can be hacked despite having security measures in place. We recommend
following these 3 good practices to limit security breaches.
1. Protect your data
The lack of an effective encryption method can prove to be fatal for a business. It goes
without saying that your company should have up to date anti-virus and spyware software.
As working from home is now more common, we rely on Microsoft Defender
ATP (Advanced Threat Protection) to secure our remote workforce.
Moreover, filtering Internet access across the company reduces the chance that
employees can be the victim of external phishing sites or download malware that can
spread throughout the organization. We also advise using a company VPN when public wi-
fi is the only solution.
Hardware encryption is also a must-have: what happens if a laptop gets stolen? Our
Head of IT naturally chose Microsoft BitLocker to lock the data stored in our laptops hard
drives.
2. Change document format
Sending documents as PDFs removes document format-dependent bottlenecks and turns digital
documents into password protected files with secure encryption and permission controls to manage
edits. This means that they cannot be edited by anyone but the document creator, reducing the risk of
counterfeiting. PDFs also prevent hackers from retrieving the metadata of the document creator when
using Word/PowerPoint formats.
What’s more, electronic signatures can not only help senders get a quick signature on outgoing
documents, but also enable recipients to ensure that the documents they receive do indeed come from
who they claim to be from, and that no alterations have occurred since it was authenticated.

3. Use passwords wisely
And let’s not forget passwords too! Our system administrators at UpSlide
recommend having a strong password policy coupled with MFA (Multi Factor
Authentication) to avoid changing passwords every 3 months. It’s also good to
remind your fellow colleagues of some basic rules about passwords:
Never ever write passwords on sticky notes and then “hide” them behind your
keyboards
Do not repeat your password across multiple accounts and platforms

Difference Between Symmetric and
Asymmetric Key Encryption
Symmetric Key Encryption Asymmetric Key Encryption

It only requires a single key for both encryption and It requires two key one to encrypt and the other one to
decryption. decrypt.
The size of cipher text is same or smaller than the original The size of cipher text is same or larger than the original
plain text. plain text.
The encryption process is very fast. The encryption process is slow.
It is used when a large amount of data is required to transfer. It is used to transfer small amount of data.
It only provides confidentiality and privacy. It provides confidentiality, authenticity and non-repudiation.
Examples: 3DES, AES, DES and RC4 Examples: Diffie-Hellman, ECC, El Gamal, DSA and RSA
In symmetric key encryption, resource utilization is low as In asymmetric key encryption, resource utilization is high.
compared to asymmetric key encryption.

Keys
Key length and algorithms
 The length of a key must align with the algorithm that will use it, although
most algorithms support a range of different key sizes. In general, the longer a
key is, the better security it provides (assuming it is truly random).
 With symmetric keys, the security they provide theoretically increases
exponentially with their length (for any given algorithm) – adding one more bit
doubles their resistance against brute-force attacks. This is not true of
asymmetric keys, which generally need to be somewhat longer.
 However, for any key (symmetric or asymmetric), its absolute strength also
depends on the algorithm that the key is being used with – some algorithms are
inherently stronger than others for any given key length.

Hence key length should be chosen based on a number factors such as:
• The algorithm being used
• The strength of security required
• The amount of data being processed with the key
• The crypto-period of the key

The importance of key management
Where cryptographic keys are used for protecting high-value data, they need to be
well managed. Sophisticated key management systems are commonly used to
ensure that keys are:
▪ generated to the required length using a high-quality random data source
▪ well protected (generally using an HSM)
▪ managed only by authorized personnel in accordance with defined policies
▪ used only for the functions they were intended for
▪ updated according to their crypto-period
▪ deleted when no longer required
▪ fully auditable to provide evidence of correct (or incorrect) usage

Common functions for cryptographic keys
Cryptographic keys are used for a number of different functions, such as those listed below. The
properties of the associated key (e.g. type, length, crypto-period) will depend on its intended
function.
❑ Data Encryption Key

As previously discussed, data may be encrypted to protect its confidentiality using either a
symmetric key or an asymmetric key. Typical symmetric algorithms include 3DES and AES with
key lengths varying between 128 and 256 bits, and a typical asymmetric algorithm is RSA with a
key length between 1,024 and 4,096 bits. Symmetric encryption keys may be ephemeral, or
they may be static with a crypto-period commonly in the range of a day to a year, whereas
asymmetric key-pairs typically have a longer lifetime of 1 to 5 years. Keys may have to be
retained beyond their crypto-period, or even indefinitely, if the data is to be stored in encrypted
form and subsequent access (i.e. decryption) is required at a later date.

❑ Authentication Key
Without getting into semantics, authentication is used to provide assurance about the integrity and/or originator of the
associated data, and is often used alongside symmetric encryption. This is typically achieved with a fast and efficient
keyed-hash message authentication code (HMAC) mechanism, which uses a symmetric key. Using the SHA-2 algorithm,
the typical key length is between 224 and 512 bits, and may be ephemeral or static, but usually has a relatively short
lifetime. Some encryption algorithms support modes (e.g. AES-GCM) that provide authentication without the need for a
separate authentication key.
❑ Digital Signature Key
As with authentication, digital signatures provide assurance about the integrity and originator of the associated data, but
go one step further and also include the concept of non-repudiation, whereby the signatory cannot reasonably claim the
signature was falsified. This requires an asymmetric algorithm such as RSA (key length 1,024 – 4,096 bits) or ECDSA (key
length 224 – 521 bits). The private key lifetime is usually measured in years, but the corresponding public key has an
indefinite lifetime, as it may be necessary to verify the signature at any arbitrary point in the future.
❑ Key Encryption Key (aka Key Wrapping Key or Key Transport Key)
When a secret key has to be transported securely, it must be “wrapped” using an authenticated encryption mechanism
to ensure its confidentiality, integrity and authenticity. Either symmetric or asymmetric encryption may be used,
depending on the application. The key used for this encryption is a static, long-term key (it’s purpose being to support
frequent updates to the key that is being transported), with its length depending on the algorithm being used.

❑ Master Key
A master key is a symmetric key that is used to encrypt multiple subordinate keys. Its length will
typically be 128 – 256 bits, depending on the algorithm used, and it will have a very long life,
possibly even indefinite. It must therefore be well protected, e.g. by using a hardware security
module (HSM).
❑ Root Key
A root key is the topmost key in a Public Key Infrastructure (PKI) hierarchy, which is used to
authenticate and sign digital certificates. It is actually an asymmetric key-pair with a length
typically between 256 and 4,096 bits depending on the digital signature algorithm used. Such a
key usually has a lifetime of several years, and the private key will often be protected using an
HSM.

PUBLIC KEY CRYPTOGRAPHY
.
The most important properties of public key encryption scheme are −

• Different keys are used for encryption and decryption. This is a property which set this scheme
different than symmetric encryption scheme.
• Each receiver possesses a unique decryption key, generally referred to as his private key.
• Receiver needs to publish an encryption key, referred to as his public key

There are three types of Public Key Encryption schemes. We discuss them in
following sections −
RSA Cryptosystem
This cryptosystem is one the initial system. It remains most employed cryptosystem
even today. The system was invented by three scholars Ron Rivest, Adi Shamir, and
Len Adleman and hence, it is termed as RSA cryptosystem.
We will see two aspects of the RSA cryptosystem, firstly generation of key pair and
secondly encryption-decryption algorithms.

• Some assurance of the authenticity of a public key is needed in this scheme to avoid
spoofing by adversary as the receiver. Generally, this type of cryptosystem involves trusted
third party which certifies that a particular public key belongs to a specific person or
entity only.
• Encryption algorithm is complex enough to prohibit attacker from deducing the plaintext
from the ciphertext and the encryption (public) key.
• Though private and public keys are related mathematically, it is not be feasible to calculate
the private key from the public key. In fact, intelligent part of any public-key cryptosystem
is in designing a relationship between two keys.

Generation of RSA Key Pair
Each person or a party who desires to participate in communication using encryption needs to
generate a pair of keys, namely public key and private key. The process followed in the generation of
keys is described below −
Generate the RSA modulus (n)
Select two large primes, p and q.
Calculate n=p*q. For strong unbreakable encryption, let n be a large number, typically a minimum of 512 bits.
Find Derived Number (e)
Number e must be greater than 1 and less than (p − 1)(q − 1).
There must be no common factor for e and (p − 1)(q − 1) except for 1. In other words two numbers e and (p
– 1)(q – 1) are coprime.
Form the public key
The pair of numbers (n, e) form the RSA public key and is made public.
Interestingly, though n is part of the public key, difficulty in factorizing a large prime number ensures that
attacker cannot find in finite time the two primes (p & q) used to obtain n.This is strength of RSA.

Generate the private key
• Private Key d is calculated from p, q, and e. For given n and e, there is unique number
d.
• Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the number
less than (p - 1)(q - 1) such that when multiplied by e, it is equal to 1 modulo (p -
1)(q - 1).
• This relationship is written mathematically as follows −
ed = 1 mod (p − 1)(q − 1)

Example
An example of generating RSA Key pair is given below. (For ease of understanding, the primes p & q taken here are small
values. Practically, these values are very high).
Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 = 91.
Select e = 5, which is a valid choice since there is no number that is common factor of 5 and (p − 1)(q − 1) = 6 × 12 = 72,
except for 1.
The pair of numbers (n, e) = (91, 5) forms the public key and can be made available to anyone whom we wish to be able to
send us encrypted messages.
Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The output will be d = 29.
Check that the d calculated is correct by computing −

de = 29 × 5 = 145 = 1 mod 72
Hence, public key is (91, 5) and private keys is (91, 29).

Encryption and Decryption
Once the key pair has been generated, the process of encryption and decryption are
relatively straightforward and computationally easy.
Interestingly, RSA does not directly operate on strings of bits as in case of symmetric
key encryption. It operates on numbers modulo n. Hence, it is necessary to represent
the plaintext as a series of numbers less than n.
RSA Encryption
• Suppose the sender wish to send some text message to someone whose public key
is (n, e).
• The sender then represents the plaintext as a series of numbers less than n.
• To encrypt the first plaintext P, which is a number modulo n. The encryption
process is simple mathematical step as − C = P^e mod n
In other words, the ciphertext C is equal to the plaintext P multiplied by itself e times and then reduced
modulo n. This means that C is also a number less than n.
Returning to our Key Generation example with plaintext P = 10, we get ciphertext C = 10^5 mod 91
RSA Decryption
The decryption process for RSA is also very straightforward. Suppose that the receiver of public-key pair (n, e)
has received a ciphertext C.
Receiver raises C to the power of his private key d. The result modulo n will be the plaintext P.
Plaintext = C^d mod n

Returning again to our numerical example, the ciphertext C = 82 would get decrypted to number 10 using
private key 29 −
Plaintext = 82^29 mod 91 = 10

Digital Signature and Requirement
DIGITAL SIGNATURE
▪ Digital signatures are the public-key primitives of message authentication. A digital signature is a technique
that binds a person/entity to the digital data. This binding can be independently verified by receiver as well
as any third party.
▪ Digital signature is a cryptographic value that is calculated from the data and a secret key known only by
the signer.
▪ A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or
documents. A valid digital signature gives a recipient reason to believe that the message was created by a
known sender (authentication), that the sender cannot deny having sent the message (non-repudiation),
and that the message was not altered in transit (integrity).
▪ Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used
for software distribution, financial transactions, contract management software, and in other cases where it
is important to detect forgery or tampering.
Message Authentication:-
 Digital signatures can be used to authenticate the source of messages. When the verifier validates the digital
signature using public key of a sender, he is assured that signature has been created only by sender who possess
the corresponding secret private key and no one else.
Data Integrity:-
 In case an attacker has access to the data and modifies it, the digital signature verification at receiver end
fails. The hash of modified data and the output provided by the verification algorithm will not match. Hence,
receiver can safely deny the message assuming that data integrity has been breached.

Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and
integrity of a message, software or digital document. It's the digital equivalent of a
handwritten signature or stamped seal, but it offers far more inherent security. A
digital signature is intended to solve the problem of tampering and impersonation in
digital communications.
Digital signatures can provide evidence of origin, identity and status of electronic
documents, transactions or digital messages. Signers can also use them to
acknowledge informed consent.

How do digital signatures work?
▪ Digital signatures are based on public key cryptography, also known as asymmetric cryptography.
Using a public key algorithm, such as RSA (Rivest-Shamir-Adleman), two keys are generated,
creating a mathematically linked pair of keys, one private and one public.
▪ Digital signatures work through public key cryptography's two mutually authenticating
cryptographic keys. The individual who creates the digital signature uses a private key to encrypt
signature-related data, while the only way to decrypt that data is with the signer's public key.
▪ If the recipient can't open the document with the signer's public key, that's a sign there's a problem
with the document or the signature. This is how digital signatures are authenticated.
▪ Digital signature technology requires all parties trust that the individual creating the signature has
kept the private key secret. If someone else has access to the private signing key, that party could
create fraudulent digital signatures in the name of the private key holder.

What are the benefits of digital signatures?
Security is the main benefit of digital signatures. Security capabilities embedded in digital
signatures ensure a document is not altered and signatures are legitimate. Security features
and methods used in digital signatures include the following:
Personal identification numbers (PINs), passwords and codes. Used to

authenticate and verify a signer's identity and approve their signature. Email, username and
password are the most common methods used.
Asymmetric cryptography. Employs a public key algorithm that includes private and
public key encryption and authentication.
Checksum. A long string of letters and numbers that represents the sum of the correct
digits in a piece of digital data, against which comparisons can be made to detect errors or
changes. A checksum acts as a data fingerprint.
Cyclic redundancy check (CRC). An error-detecting code and verification
feature used in digital networks and storage devices to detect changes to raw
data.
Certificate authority (CA) validation. CAs issue digital signatures and act
as trusted third parties by accepting, authenticating, issuing and
maintaining digital certificates. The use of CAs helps avoid the creation of fake
digital certificates.
Trust service provider (TSP) validation. A TSP is a person or legal entity
that performs validation of a digital signature on a company's behalf and offers
signature validation reports.
How do you create a digital signature?
To create a digital signature, signing software, such as an email program, is used to provide a one-way hash of the electronic data to
be signed.
A hash is a fixed-length string of letters and numbers generated by an algorithm. The digital signature creator's private key is then
used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital
signature.
The reason for encrypting the hash instead of the entire message or document is a hash function can convert an arbitrary input into
a fixed-length value, which is usually much shorter. This saves time as hashing is much faster than signing.
The value of a hash is unique to the hashed data. Any change in the data, even a change in a single character, will result in a
different value. This attribute enables others to use the signer's public key to decrypt the hash to validate the integrity of the data.
If the decrypted hash matches a second computed hash of the same data, it proves that the data hasn't changed since it was signed.
If the two hashes don't match, the data has either been tampered with in some way and is compromised or the signature was
created with a private key that doesn't correspond to the public key presented by the signer -- an issue with authentication.

Requirement of digital signature
1) When you digitally sign a PDF, or when you digitally sign a Word doc, your
recipient’s software will use the public key to decrypt the document. But the
software also will try to calculate a new hash. If this new hash doesn’t match the
original hash from the document, it means that someone has altered the document.
Thus digital signature details enable your recipient to verify your

identity and have confidence that no tampering has occurred.
2) Digital signatures provide and enhance security using encryption technology. The
sensitive information such as the signature is encrypted. After verification, the
sensitive information is decrypted and made available.

3) Today’s business contracts and other documents often include sensitive information
and have significant legal implications. For this reason, being able to digitally sign a
PDF online brings enormous protection to everyone involved.
This protection often translates to improved trust, which can mean

benefits such as longer partnerships, increased sales, and faster
payments. Combining these advantages with the general benefits of working
electronically – for example, reduced overhead, more space, and the ability to
conduct business anywhere, anytime – can give a business a serious edge in the
increasingly sophisticated and competitive marketplace

FINGERPRINTS
▪ A fingerprint is a group of information that can be used to detect the software,
network protocols, operating systems, or hardware devices. Fingerprinting (also
known as Footprinting) is the art of using that information to correlate data sets to
identify network services, operating system number and version, software
applications, databases, configurations and more.
▪ Fingerprinting (or Footprinting) a target’s web presence is often an attacker’s first

step in planning an attack. The purpose is to accumulate as much information as
possible, including the target’s platform, application software technology, backend
database version, configurations, and possibly even the network’s architecture/
topology.

FINGERPRINTS
▪ The automated identification or verification of individuals based on their unique
physiological or behavioral characteristics such as fingerprints, gait, iris etc. is
referred to as biometric authentication. The concept of fingerprint biometrics has
been in existence for thousands of years. Potters from East Asia used to place their
fingerprints on clay as it cured. Fingerprints were also used in the 19th century by
criminologists for identification of habitual criminals. However, biometrics first
appeared in the 1970s as an automated technology.
▪ Commercial applications started using biometrics for controlling physical access
to buildings. With the advancements in technology, this trend continues to grow.
The increasing need to reduce instances of fraud as well as to provide secured
access to physical and logical assets have made fingerprint biometrics a very
popular and widely used technology.
Firewalls
Firewalls:
A firewall is a network security system, either hardware- or software-based, that uses rules to
control incoming and outgoing network traffic.
A firewall acts as a barrier between a trusted network and and an untrusted network. A firewall
controls access to the resources of a network through a positive control model. This means that the
only traffic allowed onto the network is defined in the firewall policy; all other traffic is denied.
A firewall is a security tool that monitors incoming and/or outgoing network traffic to detect and
block malicious data packets based on predefined rules, allowing only legitimate traffic to enter your
private network. Implemented as hardware, software or both, firewalls are typically your first line of
defense against malware, viruses and attackers trying to make it to your organization’s internal
network and systems.

Types of Firewalls
1. Packet filtering firewalls
Packet filtering firewalls are the oldest, most basic type of firewalls. Operating at the network layer,
they simply check a data packet for its source IP and destination IP, the protocol, source port and
destination port against predefined rules to determine whether to pass or discard the packet. Packet
filtering firewalls are essentially stateless, monitoring each packet independently without any track of
the established connection or the packets that have passed through that connection previously. This
makes these firewalls very limited in their capacity to protect against advanced threats and attacks.
Packet filtering firewalls are fast, cheap and effective. But the security they provide is very basic.
Since these firewalls cannot examine the content of the data packets, they are incapable of protecting
against malicious data packets coming from trusted source IPs. Being stateless, they are also
vulnerable to source routing attacks and tiny fragment attacks. But despite their minimal
functionality, packet filtering firewalls paved the way for modern firewalls that offer stronger and
deeper security.
2. Circuit-level gateways
Working at the session layer, circuit-level gateways verify established Transmission Control Protocol
(TCP) connections and keep track of the active sessions. They are quite similar to packet filtering
firewalls in that they perform a single check and utilize minimal resources. However, they function at
a higher layer of the Open Systems Interconnection (OSI) model. Primarily, they determine the
security of an established connection. When an internal device initiates a connection with a remote
host, circuit-level gateways establish a virtual connection on behalf of the internal device to keep the
identity and IP address of the internal user hidden.
Circuit-level gateways are cost-efficient, simplistic and have barely any impact on a network’s
performance. However, their inability to inspect the content of data packets makes them an
incomplete security solution on their own. A data packet containing malware can bypass a circuit-
level gateway easily if it has a legitimate TCP handshake. That is why another type of firewall is often
configured on top of circuit-level gateways for added protection.
3. Stateful inspection firewalls
A step ahead of circuit-level gateways, stateful inspection firewalls, in addition to verifying
and keeping track of established connections, also perform packet inspection to provide
better, more comprehensive security. They work by creating a state table with source IP,
destination IP, source port and destination port once a connection is established. They create
their own rules dynamically to allow expected incoming network traffic instead of relying on
a hardcoded set of rules based on this information. They conveniently drop data packets that
do not belong to a verified active connection.
Stateful inspection firewalls check for legitimate connections as well as source and
destination IPs to determine which data packets can pass through. Although these extra
checks provide advanced security, they consume a lot of system resources and can slow
down traffic considerably. Hence, they are prone to DDoS (distributed denial-of-service
attacks).
4. Application-level gateways (proxy firewalls)
Application-level gateways, also known as proxy firewalls, are implemented at the application layer via a proxy
device. Instead of an outsider accessing your internal network directly, the connection is established through
the proxy firewall. The external client sends a request to the proxy firewall. After verifying the authenticity of
the request, the proxy firewall forwards it to one of the internal devices or servers on the client’s behalf.
Alternatively, an internal device may request access to a webpage, and the proxy device will forward the
request while hiding the identity and location of the internal devices and network.
Unlike packet filtering firewalls, proxy firewalls perform stateful and deep packet inspection to analyze the
context and content of data packets against a set of user-defined rules. Based on the outcome, they either
permit or discard a packet. They protect the identity and location of your sensitive resources by preventing a
direct connection between internal systems and external networks. However, configuring them to achieve
optimal network protection can be a bit hard.You must also keep in mind the tradeoff—a proxy firewall is
essentially an extra barrier between the host and the client, causing considerable slowdowns.

Intrusion Detection System
An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious
activity and issues alerts when such activity is discovered. It is a software application that
scans a network or a system for harmful activity or policy breaching. Any malicious venture
or violation is normally reported either to an administrator or collected centrally using a
security information and event management (SIEM) system. A SIEM system integrates
outputs from multiple sources and uses alarm filtering techniques to differentiate malicious
activity from false alarms.
Although intrusion detection systems monitor networks for potentially malicious activity,
they are also disposed to false alarms. Hence, organizations need to fine-tune their IDS
products when they first install them. It means properly setting up the intrusion detection
systems to recognize what normal traffic on the network looks like as compared to malicious
activity.
Virtual Private Network
A virtual private network, or VPN, is an encrypted connection over the Internet from a
device to a network. The encrypted connection helps ensure that sensitive data is safely
transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows
the user to conduct work remotely. VPN technology is widely used in corporate
environments.
How does a virtual private network (VPN) work?

A VPN extends a corporate network through encrypted connections made over the Internet.
Because the traffic is encrypted between the device and the network, traffic remains private
as it travels. An employee can work outside the office and still securely connect to the
corporate network. Even smartphones and tablets can connect through a VPN.

VPN tunnelling
Tunneling
Virtual private network technology is based on the idea of tunneling. VPN tunneling involves establishing and maintaining a
logical network connection . On this connection, packets constructed in a specific VPN protocol format are encapsulated
within some other base or carrier protocol, then transmitted between VPN client and server, and finally de-encapsulated on
the receiving side.What makesVPN end-to-end communications different from simple LAN environment isTunneling
Types of VPNTunneling
VPN supports two types of tunneling - voluntary and compulsory. Both types of tunneling are commonly used. In voluntary
tunneling, the VPN client manages connection setup. The client first makes a connection to the carrier network provider (an
ISP in the case of Internet VPNs). Then, the VPN client application creates the tunnel to a VPN server over this live
connection. In compulsory tunneling, the carrier network provider manages VPN connection setup. When the client first
makes an ordinary connection to the carrier, the carrier in turn immediately brokers a VPN connection between that client
and a VPN server. From the client point of view, VPN connections are set up in just one step compared to the two-step
procedure required for voluntary tunnels. Compulsory VPN tunneling authenticates clients and associates them with
specific VPN servers using logic built into the broker device. This network device is sometimes called the VPN Front End
Processor (FEP), Network Access Server (NAS) or Point of Presence Server (POS).
Types of VPNs
1. Remote Access VPN:
Remote Access VPN permits a user to connect to a private network and access all its
services and resources remotely. The connection between the user and the private
network occurs through the Internet and the connection is secure and private.
Remote Access VPN is useful for home users and business users both.
An employee of a company, while he/she is out of station, uses a VPN to connect to
his/her company’s private network and remotely access files and resources on the
private network. Private users or home users of VPN, primarily use VPN services to
bypass regional restrictions on the Internet and access blocked websites. Users aware
of Internet security also use VPN services to enhance their Internet security and
privacy.

2. Site to Site VPN:
A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large companies.
Companies or organizations, with branch offices in different locations, use Site-to-site VPN to connect the
network of one office location to the network at another office location.
Intranet based VPN: When several offices of the same company are connected using Site-to-Site VPN type, it is
called as Intranet based VPN.
Extranet based VPN: When companies use Site-to-site VPN type to connect to the office of another company, it
is called as Extranet based VPN.
Basically, Site-to-site VPN create a imaginary bridge between the networks at geographically distant offices and
connect them through the Internet and sustain a secure and private communication between the networks. In
Site-to-site VPN one router acts as a VPN Client and another router as a VPN Server as it is based on Router-
to-Router communication. When the authentication is validated between the two routers only then the
communication starts.

Security concerns in VPN
The VPN setup is only meant to secure the traffic between you and the private workplace network so that
nobody can tamper with your traffic even if you are working from a public wifi or another untrusted network -
and nothing else. It helps against an untrusted communication channel but not against an
untrusted device. There are no mechanisms that would prevent malware on your machine from accessing
the workplace network, extracting VPN authentication information or copying work-related files from your
machine. If you are using the provided laptop instead, the administrators will at least have an overview about
which devices are at use and can issue security updates/audits accordingly.

General Security Risks:
User-credential-related risks:
VPNs provide easy access from the Internet into a corporate network and its internal resources. VPN security is only
as strong as the methods used to authenticate the users (and the devices) at the remote end of the VPN connection.
Simple authentication methods based on static passwords are subject to password “cracking” attacks, eavesdropping,
or even social
engineering attacks. Two-factor authentication, which consists of something you know and something you have, is a
minimum requirement for providing secure remote access to the corporate network. In some cases, three-factor
authentication may be necessary; this form of authentication adds one more requirement—something you are (a
biometric such as fingerprint or iris scan, for example).
Spread of viruses, worms, and Trojans from remote computers to the internal network:
Remote access is a major threat vector to network security. Every remote computer that does
not meet corporate security requirements may potentially forward an “infection” from its local network environment
to an organization’s internal network. Up-to-date antivirus software on the remote computer is required to mitigate
this type of risk.
Split tunneling:
Split tunneling takes place when a computer on the remote end of a VPN tunnel simultaneously exchanges
network traffic with both the shared (public) network and the internal (private) network without first placing
all of the network traffic inside the VPN
tunnel. This provides an opportunity for attackers on the shared network to compromise the remote computer
and use it to gain network access to the internal network.


Unit 4

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit 4

Uploaded by

Copyright:

Available Formats

Information Security

Subject Instructor: Mr Vijay Kumar

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Symmetric Key Encryption Asymmetric Key Encryption

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

❑ Data Encryption Key

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

The most important properties of public key encryption scheme are −

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 = 91.

Check that the d calculated is correct by computing −

Department of Computer Science & Engineering , BVCOE New Delhi

Plaintext = C^d mod n

Plaintext = 82^29 mod 91 = 10

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Personal identification numbers (PINs), passwords and codes. Used to

Department of Computer Science & Engineering , BVCOE New Delhi

Thus digital signature details enable your recipient to verify your

Department of Computer Science & Engineering , BVCOE New Delhi

This protection often translates to improved trust, which can mean

Department of Computer Science & Engineering , BVCOE New Delhi

▪ Fingerprinting (or Footprinting) a target’s web presence is often an attacker’s first

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

How does a virtual private network (VPN) work?

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

Department of Computer Science & Engineering , BVCOE New Delhi

You might also like