Chapter 8

Network Security
Prepared By : Asst. Prof Sanjivan Satyal

Asst. Prof. Sanjivan Satyal 1

 Network Security
8.1. Information Security Basics: The CIA Model Security Threats
8.2. Principles of Cryptography, Symmetric & Asymmetric Key Encryption
8.3. AES, RSA Security
8.4. Email/Message Integrity: Digital Signature, PGP
8.5. Secure Transport Connection: SSL, TLS
8.6. Firewall, VPN, Packet Filtering

Asst. Prof. Sanjivan Satyal 2

 Network Security Definition

• Network Security refers to the measures taken by any enterprise or

organization to secure its computer network and data using both
hardware and software systems.
• This aims at securing the confidentiality and accessibility of the data
and network.
• Every company or organization that handles a large amount of data,
has a degree of solutions against many cyber threats.
• The most basic example of Network Security is password protection
which the user of the network oneself chooses

Asst. Prof. Sanjivan Satyal 3

• In recent times, Network Security has become the central topic
of cyber security with many organizations inviting applications from
people who have skills in this area. The network security solutions
protect various vulnerabilities of the computer systems such as:
Users, Locations, Data, Devices, Application
• Information Security is not only about securing information from
unauthorized access. Information Security is basically the practice of
preventing unauthorized access, use, disclosure, disruption,
modification, inspection, recording or destruction of information.
• Information can be a physical or electronic one. Information can be
anything like your details or we can say your profile on social media,
your data on mobile phone, your biometrics etc.
• Thus Information Security spans so many research areas like
Cryptography, Mobile Computing, Cyber Forensics, Online Social
Media, etc.

Asst. Prof. Sanjivan Satyal 4

 CIA MODEL

• When talking about network security, the CIA triad is one of the most
important models which is designed to guide policies for information
security within an organization.
CIA stands for:
• Confidentiality
• Integrity
• Availability

Asst. Prof. Sanjivan Satyal 5

1. Confidentiality

Confidentiality means that only authorized individuals/systems can view

sensitive or classified information. The data being sent over the network
should not be accessed by unauthorized individuals.
The attacker may try to capture the data using different tools available on the
Internet and gain access to your information. A primary way to avoid this is to
use encryption techniques to safeguard your data so that even if the attacker
gains access to your data, he/she will not be able to decrypt it.
Encryption standards include AES (Advanced Encryption Standard)
and DES (Data Encryption Standard). Another way to protect your data is
through a VPN tunnel. VPN stands for Virtual Private Network and helps the
data to move securely over the network.

Asst. Prof. Sanjivan Satyal 6

Asst. Prof. Sanjivan Satyal 7
2. Integrity

The next thing to talk about is integrity. Well, the idea here is to make sure that
data has not been modified. Corruption of data is a failure to maintain data
integrity. To check if our data has been modified or not, we make use of a hash
function.
We have two common types: SHA (Secure Hash Algorithm) and MD5 (Message
Direct 5). Now MD5 is a 128-bit hash and SHA is a 160-bit hash if we’re using
SHA-1. There are also other SHA methods that we could use like SHA-0, SHA-2,
and SHA-3.
Let’s assume Host ‘A’ wants to send data to Host ‘B’ to maintain integrity. A hash
function will run over the data and produce an arbitrary hash value H1 which is
then attached to the data. When Host ‘B’ receives the packet, it runs the same hash
function over the data which gives a hash value of H2. Now, if H1 = H2, this
means that the data’s integrity has been maintained and the contents were not
modified.

Asst. Prof. Sanjivan Satyal 8

Asst. Prof. Sanjivan Satyal 9
3. Availability

This means that the network should be readily available to its users.
This applies to systems and to data. To ensure availability, the
network administrator should maintain hardware, make regular
upgrades, have a plan for fail-over, and prevent bottlenecks in a
network.
Attacks such as DoS or DDoS may render a network unavailable as
the resources of the network get exhausted. The impact may be
significant to the companies and users who rely on the network as a
business tool.
Thus, proper measures should be taken to prevent such attacks.

Asst. Prof. Sanjivan Satyal 10

Asst. Prof. Sanjivan Satyal 11
What are the five 5 components of information security?
1. Confidentiality
This is the assurance that information is not disclosed to unauthorized individuals, groups, processes, or devices. Highly
confidential data must be encrypted so third parties cannot easily decrypt it. Only those who are authorized to view the
information are allowed access.
2. Integrity
The accuracy and completeness of vital information must be safeguarded. Data should not be altered or destroyed during
transmission and storage. This involves making sure that an information system is not tampered by any unauthorized entities.
Policies should be in place so that users know how to properly utilize their system.
3. Availability
This means that authorized users have timely and easy access to information services. IT resources and infrastructure should
remain robust and fully-functional at all times even during adverse conditions, such as database conundrum or fall-overs. It
involves protecting against malicious codes, hackers, and other threats that could block access to the information system.
4. Authenticity
This security measure is designed to establish the validity of a transmission, message, or originator, or a means of verifying an
individual’s authorization to receive specific information. Authentication prevents impersonation and requires users to
confirm their identities before being allowed access to systems and resources. This includes user names, passwords, emails,
biometrics, and others.
5. Non-Repudiation
This attribute assures the sender of data is provided with proof of delivery and the recipient is provided with proof of the
sender’s identity, so neither party can deny sending, receiving, or accessing
Asst. Prof. Sanjivan Satyal the data. Security principles should be used to 12
prove identities and to validate the communication process.
 Security Threats
• Threat can be anything that can take advantage of a vulnerability to
breach security and negatively alter, erase, harm object or objects of
interest.
• Software attacks means attack by Viruses, Worms, Trojan Horses etc.
Many users believe that malware, virus, worms, bots are all same
things. But they are not same, only similarity is that they all are
malicious software that behaves differently.
• Malware is a combination of 2 terms- Malicious and Software. So
Malware basically means malicious software that can be an intrusive
program code or anything that is designed to perform malicious
operations on system. Malware can be divided in 2 categories:
• Infection Methods
• Malware Actions

Asst. Prof. Sanjivan Satyal 13

Malware on the basis of Infection Method are following:
Virus – They have the ability to replicate themselves by hooking them to the program on the
host computer like songs, videos etc and then they travel all over the Internet. The Creeper
Virus was first detected on ARPANET. Examples include File Virus, Macro Virus, Boot Sector
Virus, Stealth Virus etc.

Worms – Worms are also self-replicating in nature but they don’t hook themselves to the
program on host computer. Biggest difference between virus and worms is that worms are
network-aware. They can easily travel from one computer to another if network is available
and on the target machine they will not do much harm, they will, for example, consume hard
disk space thus slowing down the computer.

Trojan – The Concept of Trojan is completely different from the viruses and worms. The
name Trojan is derived from the ‘Trojan Horse’ tale in Greek mythology, which explains how
the Greeks were able to enter the fortified city of Troy by hiding their soldiers in a big wooden
horse given to the Trojans as a gift. The Trojans were very fond of horses and trusted the gift
blindly. In the night, the soldiers emerged and attacked the city from the inside.

Bots –: can be seen as advanced form of worms. They are automated processes that are
designed to interact over the internet without the need for human interaction. They can be
good or bad. Malicious bot can infect one host and after infecting will create connection to the
central server which will provide commands to all infected hosts attached to that network14
Asst. Prof. Sanjivan Satyal
called Botnet.
Malware on the basis of Actions:
• Adware – Adware is not exactly malicious but they do breach privacy of the users. They display
ads on a computer’s desktop or inside individual programs. They come attached with free-to-use
software, thus main source of revenue for such developers. They monitor your interests and
display relevant ads. An attacker can embed malicious code inside the software and adware can
monitor your system activities and can even compromise your machine.
• Spyware – It is a program or we can say software that monitors your activities on computer and
reveal collected information to an interested party. Spyware are generally dropped by Trojans,
viruses or worms. Once dropped they install themselves and sits silently to avoid detection.
• Ransom-ware – It is type of malware that will either encrypt your files or will lock your computer
making it inaccessible either partially or wholly. Then a screen will be displayed asking for money
i.e. ransom in exchange.
• Scare-ware – It masquerades as a tool to help fix your system but when the software is executed
it will infect your system or completely destroy it. The software will display a message to frighten
you and force to take some action like pay them to fix your system.
• Rootkits – are designed to gain root access or we can say administrative privileges in the user
system. Once gained the root access, the exploiter can do anything from stealing private files to
private data.
• Zombies – They work similar to Spyware. Infection mechanism is same but they don’t spy and
steal information rather they wait for theAsst.
command from hackers.
Prof. Sanjivan Satyal 15
8.2 Principles of Cryptography
• Cryptography is a method of using advanced mathematical principles in storing and transmitting
data in a particular form so that only those whom it is intended can read and process it.

The terminology used in cryptography is given below:

1. Plaintext: The original message or data that is fed into the algorithm as input is called plaintext.
2. Encryption algorithm :The encryption algorithm is the algorithm that performs various
substitutions and transformations on the plaintext. Encryption is the process of changing plaintext
into cipher text.
3. Ciphertext: Ciphertext is the encrypted form the message. It is the scrambled message produced
as output. It depends upon the plaintext and the key.
4. Decryption algorithm: The process of changing Ciphertext into plain text is known as decryption.
Decryption algorithm is essentially the encryption algorithm run in reverse. It takes the Ciphertext
and the key and produces the original plaintext.
5. Key: It also acts as input to the encryption algorithm. The exact substitutions and
transformations performed by the algorithm depend on the key. Thus a key is a number or a set of
number that the algorithm uses to perform encryption and decryption.

Asst. Prof. Sanjivan Satyal 16

Types of cryptography
There are two types of cryptography which are as follows −
a. Symmetric Key Cryptography
In symmetric-key cryptography, the same key is used by both parties. The sender uses
this key and an encryption algorithm to encrypt data; the receiver uses the same key and
the corresponding decryption algorithm to decrypt the data.

b. Asymmetric-Key Cryptography
In asymmetric or public-key cryptography, there are two keys: a private key and a public
key. The private key is kept by the receiver. The public key is announced to the public.
In public-key encryption/decryption, the public key that is used for encryption is different
from the private key that is used for decryption. The public key is available to the public,
and the private key is available only to an individual.

Asst. Prof. Sanjivan Satyal 17

 Symmetric Key

 This is the simplest kind of encryption that involves only one secret key to cipher and
decipher information.
 Symmetrical encryption is an old and best-known technique.
 It uses a secret key that can either be a number, a word or a string of random letters.
 It is a blended with the plain text of a message to change the content in a particular way.
 The sender and the recipient should know the secret key that is used to encrypt and
decrypt all the messages. AES, DES, RC5, and RC6 are examples of symmetric
encryption.
 The most widely used symmetric algorithm is AES-128, AES-192, and AES-256.
Asst. Prof. Sanjivan Satyal 18
 Asymmetric Key

 Asymmetrical encryption is also known as public key cryptography, which is a relatively new
method, compared to symmetric encryption.
 Asymmetric encryption uses two keys to encrypt a plain text.
 Secret keys are exchanged over the Internet or a large network.
 It ensures that malicious persons do not misuse the keys.

Asst. Prof. Sanjivan Satyal 19

 It is important to note that anyone with a secret key can decrypt the message and
this is why asymmetrical encryption uses two related keys to boosting security.
 A public key is made freely available to anyone who might want to send you a
message. The second private key is kept a secret so that you can only know.
 A message that is encrypted using a public key can only be decrypted using a
private key, while also, a message encrypted using a private key can be decrypted
using a public key
 Security of the public key is not required because it is publicly available and can be
passed over the internet. Asymmetric key has a far better power in ensuring the
security of information transmitted during communication.

Asymmetric encryption is mostly used in day-to-day communication channels, especially

over the Internet. Popular asymmetric key encryption algorithm includes RSA, DSA
etc.

Asst. Prof. Sanjivan Satyal 20

Asst. Prof. Sanjivan Satyal 21
Advanced Encryption Standard (AES) and RSA Algorithm

AES Algorithm
• The more popular and widely adopted symmetric encryption algorithm likely to be
encountered nowadays is the Advanced Encryption Standard (AES). It is found at least six
time faster than triple DES(Data Encryption Standard).
• A replacement for DES was needed as its key size was too small. With increasing
computing power, it was considered vulnerable against exhaustive key search attack.
Triple DES was designed to overcome this drawback but it was found slow
• Symmetric key symmetric block cipher
• 128-bit data, 128/192/256-bit keys
• Stronger and faster than Triple-DES
• Provide full specification and design details
• Software implementable in C and Java

Asst. Prof. Sanjivan Satyal 22

Operation of AES

• AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It

comprises of a series of linked operations, some of which involve replacing inputs by specific
outputs (substitutions) and others involve shuffling bits around (permutations).
• Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the
128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four
rows for processing as a matrix −
• Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES
uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of
these rounds uses a different 128-bit round key, which is calculated from the original AES key.

Asst. Prof. Sanjivan Satyal 23

Asst. Prof. Sanjivan Satyal 24
Encryption Process

Here, we restrict to description of a typical round of AES encryption. Each round comprise of four
sub-processes. The first round process is depicted below −

Asst. Prof. Sanjivan Satyal 25

Byte Substitution (SubBytes)

• The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a matrix of four rows
and four columns.

Shiftrows

• Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted on the right side of row.
Shift is carried out as follows −
• First row is not shifted.
• Second row is shifted one (byte) position to the left.
• Third row is shifted two positions to the left.
• Fourth row is shifted three positions to the left.
• The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other.
MixColumns

• Each column of four bytes is now transformed using a special mathematical function. This function takes as input the four
bytes of one column and outputs four completely new bytes, which replace the original column. The result is another new
matrix consisting of 16 new bytes. It should be noted that this step is not performed in the last round.

Asst. Prof. Sanjivan Satyal 26

Add round key
• The 16 bytes of the matrix are now considered as 128 bits and are XOR ed to the 128 bits of the round key. If
this is the last round then the output is the cipher text. Otherwise, the resulting 128 bits are interpreted as
16 bytes and we begin another similar round.
Decryption Process
• The process of decryption of an AES cipher text is similar to the encryption process in the reverse order. Each
round consists of the four processes conducted in the reverse order −
• Add round key
• Mix columns
• Shift rows
• Byte substitution
• Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the encryption and
decryption algorithms needs to be separately implemented, although they are very closely related.
AES Analysis
• In present day cryptography, AES is widely adopted and supported in both hardware and software. Till date,
no practical cryptanalytic attacks against AES has been discovered. Additionally, AES has built-in flexibility of
key length, which allows a degree of ‘future-proofing’ against progress in the ability to perform exhaustive
key searches.
• However, just as for DES, the AES security is assured only if it is correctly implemented and good key
management is employed. Asst. Prof. Sanjivan Satyal 27
 Public Key Algorithm (RSA)

• RSA algorithm is a public key encryption technique and is considered

as the most secure way of encryption. It was invented by Rivest,
Shamir and Adleman in year 1978 and hence name RSA algorithm.

Algorithm

The RSA algorithm holds the following features –

• RSA algorithm is a popular exponentiation in a finite field over integers

including prime numbers.

• The integers used by this method are sufficiently large making it difficult to
solve.

• There are two sets of keys in this algorithm: private key and public key.

Asst. Prof. Sanjivan Satyal 28

RSA Algorithm

Asst. Prof. Sanjivan Satyal 29

Asst. Prof. Sanjivan Satyal 30
Asst. Prof. Sanjivan Satyal 31
Asst. Prof. Sanjivan Satyal 32
 Email/Message Integrity: Digital Signature, PGP
Digital Signature Algorithm(DSA)

Digital signatures are the public-key primitives of message authentication.

In the physical world, it is common to use handwritten signatures on
handwritten or typed messages. They are used to bind signatory to the
message.

Similarly, a digital signature is a technique that binds a person/entity to the

digital data. This binding can be independently verified by receiver as well
as any third party.

Digital signature is a cryptographic value that is calculated from the data and
a secret key known only by the signer

Asst. Prof. Sanjivan Satyal 33

• Each person adopting this scheme has a public-private key pair.
• Generally, the key pairs used for encryption/decryption and signing/verifying are different. The private
key used for signing is referred to as the signature key and the public key as the verification key.
• Signer feeds data to the hash function and generates hash of data.
• Hash value and signature key are then fed to the signature algorithm which produces the digital
signature on given hash. Signature is appended to the data and then both are sent to the verifier.

Asst. Prof. Sanjivan Satyal 34

• Verifier feeds the digital signature and the verification key into the verification
algorithm. The verification algorithm gives some value as output.

• Verifier also runs same hash function on received data to generate hash value.

• For verification, this hash value and output of verification algorithm are
compared. Based on the comparison result, verifier decides whether the digital
signature is valid.

• Since digital signature is created by ‘private’ key of signer and no one else can
have this key; the signer cannot repudiate signing the data in future.

NOTE: A hash function is a function that takes a set of inputs of any arbitrary size
and fits them into a table or other data structure that contains fixed-size
elements Asst. Prof. Sanjivan Satyal 35
Importance of Digital Signature

Message authentication − When the verifier validates the digital signature using public
key of a sender, he is assured that signature has been created only by sender who
possess the corresponding secret private key and no one else.

Data Integrity − In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data and the output
provided by the verification algorithm will not match. Hence, receiver can safely deny the
message assuming that data integrity has been breached.

Non-repudiation − Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus the receiver can
present data and the digital signature to a third party as evidence if any dispute arises in
the future.

Asst. Prof. Sanjivan Satyal 36

Asst. Prof. Sanjivan Satyal 37
Securing E-mail : Pretty Good Privacy(PGP)
• PGP stands for Pretty Good Privacy (PGP) which is invented by Phil Zimmermann.
• PGP was designed to provide all four aspects of security, i.e., privacy, integrity,
authentication, and non-repudiation in the sending of email.
• PGP uses a digital signature (a combination of hashing and public key encryption) to
provide integrity, authentication, and non-repudiation. PGP uses a combination of secret
key encryption and public key encryption to provide privacy. Therefore, we can say that
the digital signature uses one hash function, one secret key, and two private-public key
pairs.
• PGP is an open source and freely available software package for email security.
• PGP provides authentication through the use of Digital Signature.
• It provides confidentiality through the use of symmetric block encryption.
• It provides compression by using the ZIP algorithm, and EMAIL compatibility using the
radix-64 encoding scheme.

Asst. Prof. Sanjivan Satyal 38

Following are the steps taken by PGP to create secure e-mail at the sender site:

• The e-mail message is hashed by using a hashing function to create a digest.

• The digest is then encrypted to form a signed digest by using the sender's private key,
and then signed digest is added to the original email message.
• The original message and signed digest are encrypted by using a one-time secret key
created by the sender.
• The secret key is encrypted by using a receiver's public key.
• Both the encrypted secret key and the encrypted combination of message and digest are
sent together

Asst. Prof. Sanjivan Satyal 39

Following are the steps taken to show how PGP uses hashing and a combination of three keys to generate the original
message:
• The receiver receives the combination of encrypted secret key and message digest is received.
• The encrypted secret key is decrypted by using the receiver's private key to get the one-time secret key.
• The secret key is then used to decrypt the combination of message and digest.
• The digest is decrypted by using the sender's public key, and the original message is hashed by using a hash
function to create a digest.
• Both the digests are compared if both of them are equal means that all the aspects of security are preserved.
Asst. Prof. Sanjivan Satyal 40
Following are the steps taken to show how PGP uses hashing and a combination of three
keys to generate the original message:

• The receiver receives the combination of encrypted secret key and message digest is
received.
• The encrypted secret key is decrypted by using the receiver's private key to get the one-
time secret key.
• The secret key is then used to decrypt the combination of message and digest.
• The digest is decrypted by using the sender's public key, and the original message is
hashed by using a hash function to create a digest.
• Both the digests are compared if both of them are equal means that all the aspects of
security are preserved.

Asst. Prof. Sanjivan Satyal 41

Asst. Prof. Sanjivan Satyal 42
Disadvantages of PGP Encryption

• The Administration is difficult: The different versions of PGP complicate the administration.

• Compatibility issues: Both the sender and the receiver must have compatible versions of PGP. For
example, if you encrypt an email by using PGP with one of the encryption technique, the receiver
has a different version of PGP which cannot read the data.

• Complexity: PGP is a complex technique. Other security schemes use symmetric encryption that
uses one key or asymmetric encryption that uses two different keys. PGP uses a hybrid approach
that implements symmetric encryption with two keys. PGP is more complex, and it is less familiar
than the traditional symmetric or asymmetric methods.

• No Recovery: Computer administrators face the problems of losing their passwords. In such
situations, an administrator should use a special program to retrieve passwords. For example, a
technician has physical access to a PC which can be used to retrieve a password. However, PGP
does not offer such a special program for recovery; encryption methods are very strong so, it does
not retrieve the forgotten passwords results in lost messages or lost files.

Asst. Prof. Sanjivan Satyal 43

 Secure Transport Connection: SSL, TLS
Secure Socket Layer (SSL):
- SSL is a standard security technology for establishing encrypted link between a server and a client.
- It allows sensitive information's like credit card no, social security no, etc to be transmitted securely.
- Generally, the data between browser and web server is sent in plain text, which is vulnerable if the intruder
intercept the data.
- It provides variables of the encryption for both the link and the data being transmitted.
- SSL secured websites begin with https.
- SSL certificates have public and private key, which work together to establish an encrypted connection.
- When a browser attempts to access a SSL secured websites, the browser and the web server establish an SSL
connection using SSL handshake.
- Public key, private key and session key are used to set up SSL connection.
- After secure connection is made, session key is used to encrypt all transmitted data.• The objectives of SSL are:
o Data integrity: Data is protected from tampering.
o Data privacy: Data privacy is ensured through a series of protocols, including the SSL Record Protocol, SSL
Handshake Protocol, SSL Change Cipher Spec Protocol and SSL Alert Protocol.
o Client-server authentication: The SSL protocol uses standard cryptographic techniques to authenticate
the client and server.
Asst. Prof. Sanjivan Satyal 44
Transport Layer Securities (TLS)

• Transport Layer Securities (TLS) are designed to provide security at the transport layer. TLS was derived from
a security protocol called Secure Socket Layer (SSL). TLS ensures that no third party may eavesdrop or
tampers with any message.
• There are several benefits of TLS:

• Encryption:
TLS/SSL can help to secure transmitted data using encryption.
• Interoperability:

TLS/SSL works with most web browsers, including Microsoft Internet Explorer and on most operating
systems and web servers.
• Algorithm flexibility:
TLS/SSL provides operations for authentication mechanism, encryption algorithms and hashing
algorithm that are used during the secure session.
• Ease of Deployment:
Many applications TLS/SSL temporarily on a windows server 2003 operating systems.
• Ease of Use:
Because we implement TLS/SSL beneath the application layer, most of its operations are completely
invisible to client.

Asst. Prof. Sanjivan Satyal 45

SSL VS TLS

• SSL stands for Secure Socket Layer while TLS stands for Transport Layer
Security.
• Both Secure Socket Layer and Transport Layer Security are the protocols used to
provide security between web browsers and web servers.
• The main difference between Secure Socket Layer and Transport Layer Security is
that, in SSL (Secure Socket Layer), the Message digest is used to create a master
secret and It provides the basic security services which
are Authentication and confidentiality.
• while In TLS (Transport Layer Security), a Pseudo-random function is used to create
a master secret.
• TLS is highly reliable and upgraded. It provides less latency than SSL
• TLS (Transport Layer Security) provides high security thank SSL

Asst. Prof. Sanjivan Satyal 46

 8.6. Firewall, VPN, Packet Filtering
VPN (Virtual Private Network)
• VPN stands for Virtual Private Network. It allows you to connect your
computer to a private network, creating an encrypted connection that
masks your IP address to securely share data and surf the web, protecting
your identity online.

• A virtual private network, or VPN, is an encrypted connection over the

Internet from a device to a network. The encrypted connection helps
ensure that sensitive data is safely transmitted. It prevents unauthorized
people from eavesdropping on the traffic and allows the user to conduct
work remotely. VPN technology is widely used in corporate environments.

Asst. Prof. Sanjivan Satyal 47

• In this figure, Routers R1 and R2 use VPN technology to guarantee privacy for the
organization.
• VPN connections are used in two important ways −
• To establish WAN connections using VPN technology between two distant networks that
may be thousands of miles apart, but where each has some way of accessing the internet.
• To establish remote access connections that enable remote users to access a private
network through a public network like the internet.
Asst. Prof. Sanjivan Satyal 48
Types of VPNs
The types of VPNs are as follows −
Router VPN
• The first type uses a router with added VPN capabilities. A VPN router
cannot only handle normal routine duties, but it can also be configured to
form VPNs over the internet to other similar routers located in remote
networks.
Firewall VPN
• The second type of VPN is one built into a firewall device. Firewall VPN can
be used both to support remote users and also to provide VPN links.
Network Operating System
• The third type of VPNs include those offered as part of a network operating
system like Windows NT, Windows 2000, and Netware 5. These VPNs are
commonly used to support remote access, and they are generally the least
expensive to purchase and install.

Asst. Prof. Sanjivan Satyal 49

 Firewall
• A firewall can be defined as a special type of network security device or a software
program that monitors and filters incoming and outgoing network traffic based on a
defined set of security rules.
• It acts as a barrier between internal private networks and external sources (such as the
public Internet).
• The primary purpose of a firewall is to allow non-threatening traffic and prevent
malicious or unwanted data traffic for protecting the computer from viruses and attacks.
• A firewall is a cyber security tool that filters network traffic and helps users block
malicious software from accessing the Internet in infected computers.
• whether a firewall is a hardware or software. As stated above, a firewall can be a
network security device or a software program on a computer. This means that
the firewall comes at both levels, i.e., hardware and software, though it's best to
have both.

Asst. Prof. Sanjivan Satyal 50

Why Firewall
Firewalls are primarily used to prevent malware and network-based attacks. Additionally, they can help in
blocking application-layer attacks. These firewalls act as a gatekeeper or a barrier. They monitor every
attempt between our computer and another network. They do not allow data packets to be transferred
through them unless the data is coming or going from a user-specified trusted source.

Asst. Prof. Sanjivan Satyal 51

• If a computer is running without a firewall, it is giving open access to other
networks. This means that it is accepting every kind of connection that
comes through someone. In this case, it is not possible to detect threats or
attacks coming through our network. Without a firewall, we make our
devices vulnerable to malicious users and other unwanted sources.
• Without a firewall, we are leaving our devices accessible to everyone. This
means that anyone can access our device and have complete control over
it, including the network. In this case, cybercriminals can easily delete our
data or use our personal information for their benefit.

Asst. Prof. Sanjivan Satyal 52

A firewall system analyzes network traffic based on pre-defined rules. It then filters the traffic and prevents any
such traffic coming from unreliable or suspicious sources. It only allows incoming traffic that is configured to
accept.
Typically, firewalls intercept network traffic at a computer's entry point, known as a port. Firewalls perform this
task by allowing or blocking specific data packets (units of communication transferred over a digital network)
based on pre-defined security rules. Incoming traffic is allowed only through trusted IP addresses, or sources.
Asst. Prof. Sanjivan Satyal 53
Firewalls have become so powerful, and include a variety of functions and capabilities with built-in features:

•Network Threat Prevention

•Application and Identity-Based Control
•Hybrid Cloud Support
•Scalable Performance
•Network Traffic Management and Control
•Access Validation
•Record and Report on Events

firewalls have some limitations:

•Firewalls cannot stop users from accessing malicious websites, making it vulnerable to internal threats or
attacks.
•Firewalls cannot protect against the transfer of virus-infected files or software.
•Firewalls cannot prevent misuse of passwords.
•Firewalls cannot protect if security rules are misconfigured.
•Firewalls cannot protect against non-technical security risks, such as social engineering.
•Firewalls cannot stop or prevent attackers with modems from dialing in to or out of the internal network.
•Firewalls cannot secure the system which is already infected.

Asst. Prof. Sanjivan Satyal 54

Types of Firewall
• Depending on their structure and functionality, there are different
types of firewalls. The following is a list of some common types of
firewalls:
a) Proxy Firewall
b) Packet-filtering firewalls
c) Stateful Multi-layer Inspection (SMLI) Firewall
d) Unified threat management (UTM) firewall
e) Next-generation firewall (NGFW)
f) Network address translation (NAT) firewalls

Asst. Prof. Sanjivan Satyal 55

 Packet Filtering Firewall:
• First Generation- Packet Filtering Firewall: Packet filtering firewall is
used to control network access by monitoring outgoing and incoming packets
and allowing them to pass or stop based on source and destination IP
address, protocols, and ports.

• It analyses traffic at the transport protocol layer (but mainly uses first 3
layers). Packet firewalls treat each packet in isolation.

• They have no ability to tell whether a packet is part of an existing stream of

traffic. Only It can allow or deny the packets based on unique packet
headers.

• Packet filtering firewall maintains a filtering table that decides whether the
packet will be forwarded or discarded. From the given filtering table, the
packets will be filtered according to the following rules:

Asst. Prof. Sanjivan Satyal 56

• Incoming packets from network 192.168.21.0 are blocked.
• Incoming packets destined for the internal TELNET server (port 23) are
blocked.
• Incoming packets destined for host 192.168.21.3 are blocked.
• All well-known services to the network 192.168.21.0 are allowed.

Asst. Prof. Sanjivan Satyal 57

THANK YOU

Asst. Prof. Sanjivan Satyal 58