Professional Documents
Culture Documents
PR1 Introduction To CNS Final
PR1 Introduction To CNS Final
PR1 Introduction To CNS Final
PRACTICAL NO. 1
Theory:
Introduction to Network Security: Network security is the security provided to a network from unauthorized
access and risks. It is the duty of network administrators to adopt preventive measures to protect their
networks from potential security threats.
Computer networks that are involved in regular transactions and communication within the government,
individuals, or business require security. The most common and simple way of protecting a network
resource is by assigning it a unique name and a corresponding password.
Network security consists of the policies, processes and practices adopted to prevent, detect and
monitor unauthorized access, misuse, modification, or denial of a computer network and network-
accessible resources. Network security involves the authorization of access to data in a network, which is
controlled by the network administrator. Users choose or are assigned an ID and password or other
authenticating information that allows them access to information and programs within their authority.
Security services:
A security service is a processing or communicating service that can prevent or detect the various attacks.
Various security services are:
Authentication: the recipient should be able to identify the sender, and verify that the sender, who
claims to be the sender, actually did send the message.
Data Confidentiality: An attacker should not be able to read the transmitted data or extract data in
case of encrypted data. In short, confidentiality is the protection of transmitted data from passive
attacks.
Data Integrity: Make sure that the message received was exactly the message the sender sent.
Non repudiation: The sender should not be able to deny sending they should not be able to deny
receiving the message. The receiver should not be able to deny receiving the message.
Types of Attack:
1. Passive Attack: In a passive attack, the attacker monitors or eavesdrops on the transmission between
sender and receiver, the attacker trying to retrieve the information from transmitted massage. In a
passive attack, neither the sender nor the receiver is aware of the attack as the attacker only retrieves the
message, he doesn’t perform any alteration to the captured message.
E &TC/SEM-VII/C&NS/PR01 Page 1
Sipna College of Engineering & Technology, Amravati.
Department of Electronics and Telecommunication Engineering
2. Active Attack: We have seen that in the passive attack, the attacker does not alter the message, but in
the active attack the attacker alters, and modifies the transmitted message by creating a false data
stream.
E &TC/SEM-VII/C&NS/PR01 Page 2
Sipna College of Engineering & Technology, Amravati.
Department of Electronics and Telecommunication Engineering
Types of Network Security Devices:
Active Devices
These security devices block the surplus traffic. Firewalls, antivirus scanning devices, and content filtering
devices are the examples of such devices.
Passive Devices
These devices identify and report on unwanted traffic, for example, intrusion detection appliances.
Preventative Devices
These devices scan the networks and identify potential security problems. For examples, penetration testing
devices and vulnerability assessment appliances.
Unified Threat Management (UTM)
These devices serve as all-in-one security devices. Examples include firewalls, content filtering, web
caching, etc.
Hardware and Software Firewalls
Hardware firewalls are standalone products. These are also found in broadband routers. Most hardware
firewalls provide a minimum of four network ports to connect other computers. For larger networks − e.g.,
for business purpose − business networking firewall solutions are available.
Software firewalls are installed on your computers. A software firewall protects your computer from
internet threats.
Antivirus
An antivirus is a tool that is used to detect and remove malicious software. It was originally designed to
detect and remove viruses from computers.
Modern antivirus software provide protection not only from virus, but also from worms, Trojan-horses,
adware, spywares, keyloggers, etc. Some products also provide protection from malicious URLs, spam,
phishing attacks, botnets, DDoS attacks, etc.
Content Filtering
Content filtering devices screen unpleasant and offensive emails or webpages. These are used as a part of
firewalls in corporations as well as in personal computers. These devices generate the message "Access
Denied" when someone tries to access any unauthorized web page or email.
Content is usually screened for pornographic content and also for violence- or hate-oriented content.
Organizations also exclude shopping and job-related contents.
Content filtering can be divided into the following categories −
Web filtering
Screening of Web sites or pages
E-mail filtering
Screening of e-mail for spam
Other objectionable content
Intrusion Detection Systems
Intrusion Detection Systems, also known as Intrusion Detection and Prevention Systems, are the appliances
that monitor malicious activities in a network, log information about such activities, take steps to stop them,
and finally report them.
Intrusion detection systems help in sending an alarm against any malicious activity in the network, drop the
packets, and reset the connection to save the IP address from any blockage. Intrusion detection systems can
also perform the following actions −
E &TC/SEM-VII/C&NS/PR01 Page 3
Sipna College of Engineering & Technology, Amravati.
Department of Electronics and Telecommunication Engineering
Correct Cyclic Redundancy Check (CRC) errors
Prevent TCP sequencing issues
Clean up unwanted transport and network layer options
Introduction to Cryptography:
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to
store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read
by anyone except the intended recipient.
While cryptography is the science of securing data, cryptanalysis is the science of analyzing and breaking
secure communication. Classical cryptanalysis involves an interesting combination of analytical reasoning,
application of mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are also
called attackers. Cryptology embraces both cryptography and cryptanalysis.
A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption
process. A cryptographic algorithm works in combination with a key—a word, number, or phrase—to
encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys. The security of
encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the
secrecy of the key. A cryptographic algorithm, plus all possible keys and all the protocols that make it work,
comprise a cryptosystem. PGP is a cryptosystem.
E &TC/SEM-VII/C&NS/PR01 Page 5
Sipna College of Engineering & Technology, Amravati.
Department of Electronics and Telecommunication Engineering
Cryptography Terminologies:
In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for
encryption and decryption. The Data Encryption Standard (DES) is an example of a conventional
cryptosystem. Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data
that is not going anywhere. However, conventional encryption alone as a means for transmitting secure data
can be quite expensive simply due to the difficulty of secure key distribution.
Conclusion: Thus, we have studied about different attack and use of Cryptography to prevent the attack.
E &TC/SEM-VII/C&NS/PR01 Page 6