UNIT-4

NETWORK SECURITY

Every company or organization that handles a large amount of data, has a

degree of solutions against many cyber threats. This is a broad, all-
encompassing phrase that covers software and hardware solutions, as well
as procedures, guidelines, and setups for network usage, accessibility, and
general threat protection.

The most basic example of Network Security is password protection which

the user of the network chooses. In recent times, Network Security has
become the central topic of cyber security with many organizations inviting
applications from people who have skills in this area. The network security
solutions protect various vulnerabilities of the computer systems such as
users, location, data, devices, and applications.

What is Network Security?

Any action intended to safeguard the integrity and usefulness of your data
and network is known as network security. In other words, Network security
is defined as the activity created to protect the integrity of your network and
data.

Network security is the practice of protecting a computer network from

unauthorized access, misuse, or attacks. It involves using tools, technologies,
and policies to ensure that data traveling over the network is safe and
secure, keeping sensitive information away from hackers and other threats.
How Does Network Security Work?

Network security uses several layers of protection, both at the edge of the
network and within it. Each layer has rules and controls that determine who
can access network resources. People who are allowed access can use the
network safely, but those who try to harm it with attacks or other threats are
stopped from doing so.

The basic principle of network security is protecting huge stored data and
networks in layers that ensure the bedding of rules and regulations that have
to be acknowledged before performing any activity on the data. These levels
are:

 Physical Network Security: This is the most basic level that includes
protecting the data and network through unauthorized personnel from
acquiring control over the confidentiality of the network. The same can
be achieved by using devices like biometric systems.

 Technical Network Security: It primarily focuses on protecting the

data stored in the network or data involved in transitions through the
network. This type serves two purposes. One is protected from
unauthorized users, and the other is protected from malicious
activities.
  Administrative Network Security: This level of network security
protects user behavior like how the permission has been granted and
how the authorization process takes place. This also ensures the level
of sophistication the network might need for protecting it through all
the attacks. This level also suggests necessary amendments that have
to be done to the infrastructure.

Types of Network Security

There are several types of network security through which we can make our
network more secure, Your network and data are shielded from breaches,
invasions, and other dangers by network security. Here below are some
important types of network security:

Email Security

Email Security is defined as the process designed to protect the Email

Account and its contents safe from unauthorized access. For Example, you
generally see, fraud emails are automatically sent to the Spam folder.
because most email service providers have built-in features to protect the
content.

The most common danger vector for a security compromise is email

gateways. Hackers create intricate phishing campaigns using recipients’
personal information and social engineering techniques to trick them and
direct them to malicious websites. To stop critical data from being lost, an
email security programme restricts outgoing messages and stops incoming
threats.

Network Segmentation

Network traffic is divided into several categories by software-defined

segmentation, which also facilitates the enforcement of security regulations.
Ideally, endpoint identity—rather than just IP addresses—is the basis for the
classifications. To ensure that the appropriate amount of access is granted to
the appropriate individuals and that suspicious devices are controlled and
remediated, access permissions can be assigned based on role, location, and
other factors.

Access Control

Your network should not be accessible to every user. You need to identify
every user and every device in order to keep out any attackers. You can then
put your security policies into effect. Noncompliant endpoint devices might
either have their access restricted or blocked. Network access control (NAC)
is this process.

Sandboxing

Sandboxing is a cybersecurity technique in which files are opened or code is

performed on a host computer that simulates end-user operating
environments in a secure, isolated environment. To keep threats off the
network, sandboxing watches the code or files as they are opened and
searches for harmful activity.

Cloud Network Security

This is very vulnerable to the malpractices that few unauthorized dealers

might pertain to. This data must be protected and it should be ensured that
this protection is not jeopardized by anything. Many businesses
embrace SaaS applications for providing some of their employees the
allowance of accessing the data stored in the cloud. This type of security
ensures creating gaps in the visibility of the data.

Workloads and applications are no longer solely housed in a nearby data

centre on-site. More adaptability and creativity are needed to protect the
modern data centre as application workloads move to the cloud.

Web Security

A online security solution will restrict access to harmful websites, stop web-
based risks, and manage staff internet usage. Your web gateway will be
safeguarded both locally and in the cloud. “Web security” also include the
precautions you take to safeguard your personal website.

Intrusion Prevention System(IPS)

An intrusion Prevention System is also known as Intrusion Detection and

Prevention System. It is a network security application that monitors network
or system activities for malicious activity. The major functions of intrusion
prevention systems are to identify malicious activity, collect information
about this activity, report it, and attempt to block or stop it.

Antivirus and Anti-malware Software

This type of network security ensures that any malicious software does not
enter the network and jeopardize the security of the data. Malicious software
like Viruses, Trojans, and Worms is handled by the same. This ensures that
not only the entry of the malware is protected but also that the system is
well-equipped to fight once it has entered.

Firewalls Security

A firewall is a network security device, either hardware or software-based,

which monitors all incoming and outgoing traffic and based on a defined set
of security rules accepts, rejects, or drops that specific traffic. Before
Firewalls, network security was performed by Access Control Lists (ACLs)
residing on routers.

Application Security

Application security denotes the security precautionary measures utilized at

the application level to prevent the stealing or capturing of data or code
inside the application. It also includes the security measurements made
during the advancement and design of applications, as well as techniques
and methods for protecting the applications whenever.

Wireless Security

Wireless networks are less secure than wired ones. If not properly secured,
setting up a wireless LAN can be like having Ethernet ports available
everywhere, even in places like parking lots. To prevent attacks and keep
your wireless network safe, you need dedicated products designed to protect
it from exploits and unauthorized access.

Web Security

A web security solution manages how your staff uses the internet, blocks
threats from websites, and stops access to harmful sites. It safeguards your
web gateway either onsite or in the cloud. Additionally, “web security”
involves measures taken to protect your own website from potential attacks
and vulnerabilities.

Mobile Device Security

Cybercriminals are focusing more on mobile devices and apps. In the next
three years, about 90 percent of IT organizations might allow corporate
applications on personal mobile devices. It’s crucial to control which devices
can connect to your network and set up their connections securely to protect
network traffic from unauthorized access.

Industrial Network Security

As industries digitize their operations, the closer integration of IT, cloud

services, and industrial networks exposes Industrial Control Systems (ICS) to
cyber threats. To safeguard against these risks, it’s crucial to have complete
visibility into your Operational Technology (OT) security status. This involves
segmenting the industrial network and providing detailed information about
OT devices and their behaviors to IT security tools. This approach helps in
effectively monitoring and protecting critical industrial systems from
potential cyber attacks.

VPN Security

A virtual private network (VPN) encrypts the connection between a device

and a network, usually over the internet. A remote-access VPN commonly
uses IPsec or Secure Sockets Layer (SSL) to verify and secure the
communication between the device and the network. This encryption
ensures that data transmitted between the device and the network remains
private and secure from unauthorized access.

Benefits of Network Security

Network Security has several benefits, some of which are mentioned below:
  Network Security helps in protecting clients’ information and data
which ensures reliable access and helps in protecting the data from
cyber threats.

 Network Security protects the organization from heavy losses that may
have occurred from data loss or any security incident.

 It overall protects the reputation of the organization as it protects the

data and confidential items.

Advantages of Network Security

 Protection from Unauthorized Access: Network security measures

such as firewalls and authentication systems prevent unauthorized
users from accessing sensitive information or disrupting network
operations.

 Data Confidentiality: Encryption technologies ensure that data

transmitted over the network remains confidential and cannot be
intercepted by unauthorized parties.

 Prevention of Malware and Viruses: Network security solutions like

antivirus software and intrusion detection systems (IDS) detect and
block malware, viruses, and other malicious threats before they can
infect systems.

 Secure Remote Access: Virtual private networks (VPNs) and other

secure remote access methods enable employees to work remotely
without compromising the security of the organization’s network and
data.

Disadvantages of Network Security

 Complexity and Management Overhead: Implementing and

managing network security measures such as firewalls, encryption,
and intrusion detection systems (IDS) can be complex and require
specialized knowledge and resources.

 Cost: Effective network security often requires investment in

hardware, software, and skilled personnel, which can be expensive for
organizations, especially smaller ones.

 Privacy Concerns: Some network security measures, such as deep

packet inspection and monitoring, may raise privacy concerns among
 users and stakeholders, requiring careful balancing of security needs
with individual privacy rights.

Cryptography

Cryptography is a technique of securing information and communications

through the use of codes so that only those persons for whom the
information is intended can understand and process it. Thus, preventing
unauthorized access to information. The prefix “crypt” means “hidden” and
the suffix “graphy” means “writing”. In Cryptography, the techniques that
are used to protect information are obtained from mathematical concepts
and a set of rule-based calculations known as algorithms to convert
messages in ways that make it hard to decode them. These algorithms are
used for cryptographic key generation, digital signing, and verification to
protect data privacy, web browsing on the internet and to protect
confidential transactions such as credit card and debit card transactions.
Features Of Cryptography

 Confidentiality: Information can only be accessed by the person for

whom it is intended and no other person except him can access it.

 Integrity: Information cannot be modified in storage or transition

between sender and intended receiver without any addition to
information being detected.

 Non-repudiation: The creator/sender of information cannot deny his

intention to send information at a later stage.

 Authentication: The identities of the sender and receiver are

confirmed. As well destination/origin of the information is confirmed.

 Interoperability: Cryptography allows for secure communication

between different systems and platforms.

 Adaptability: Cryptography continuously evolves to stay ahead of

security threats and technological advancements.

Types Of Cryptography
1. Symmetric Key Cryptography

It is an encryption system where the sender and receiver of a message use a

single common key to encrypt and decrypt messages. Symmetric Key
cryptography is faster and simpler but the problem is that the sender and
receiver have to somehow exchange keys securely. The most popular
symmetric key cryptography systems are Data Encryption Systems
(DES) and Advanced Encryption Systems (AES) .

Symmetric Key Cryptography

2. Hash Functions

There is no usage of any key in this algorithm. A hash value with a fixed
length is calculated as per the plain text which makes it impossible for the
contents of plain text to be recovered. Many operating systems use hash
functions to encrypt passwords.

3. Asymmetric Key Cryptography

In Asymmetric Key Cryptography, a pair of keys is used to encrypt and

decrypt information. A sender’s public key is used for encryption and a
receiver’s private key is used for decryption. Public keys and Private keys are
different. Even if the public key is known by everyone the intended receiver
can only decode it because he alone knows his private key. The most popular
asymmetric key cryptography algorithm is the RSA algorithm.
Applications of Cryptography

 Computer passwords: Cryptography is widely utilized in computer

security, particularly when creating and maintaining passwords. When
a user logs in, their password is hashed and compared to the hash that
was previously stored. Passwords are hashed and encrypted before
being stored. In this technique, the passwords are encrypted so that
even if a hacker gains access to the password database, they cannot
read the passwords.

 Digital Currencies: To protect transactions and prevent fraud, digital

currencies like Bitcoin also use cryptography. Complex algorithms and
cryptographic keys are used to safeguard transactions, making it
nearly hard to tamper with or forge the transactions.

 Secure web browsing: Online browsing security is provided by the

use of cryptography, which shields users from eavesdropping and man-
in-the-middle assaults. Public key cryptography is used by the Secure
Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to
encrypt data sent between the web server and the client, establishing
a secure channel for communication.

 Electronic Signatures: Electronic signatures serve as the digital

equivalent of a handwritten signature and are used to sign documents.
Digital signatures are created using cryptography and can be validated
 using public key cryptography. In many nations, electronic signatures
are enforceable by law, and their use is expanding quickly.

 Authentication: Cryptography is used for authentication in many

different situations, such as when accessing a bank account, logging
into a computer, or using a secure network. Cryptographic methods are
employed by authentication protocols to confirm the user’s identity
and confirm that they have the required access rights to the resource.

 Cryptocurrencies: Cryptography is heavily used by cryptocurrencies

like Bitcoin and Ethereum to protect transactions, thwart fraud, and
maintain the network’s integrity. Complex algorithms and
cryptographic keys are used to safeguard transactions, making it
nearly hard to tamper with or forge the transactions.

 End-to-end Internet Encryption: End-to-end encryption is used to

protect two-way communications like video conversations, instant
messages, and email. Even if the message is encrypted, it assures that
only the intended receivers can read the message. End-to-end
encryption is widely used in communication apps like WhatsApp and
Signal, and it provides a high level of security and privacy for users.

Types of Cryptography Algorithm

 Advanced Encryption Standard (AES): AES (Advanced Encryption

Standard) is a popular encryption algorithm which uses the same key
for encryption and decryption It is a symmetric block cipher algorithm
with block size of 128 bits, 192 bits or 256 bits. AES algorithm is widely
regarded as the replacement of DES (Data encryption standard)
algorithm.

 Data Encryption Standard (DES): DES (Data encryption standard) is

an older encryption algorithm that is used to convert 64-bit plaintext
data into 48-bit encrypted ciphertext. It uses symmetric keys (which
means same key for encryption and decryption). It is kind of old by
today’s standard but can be used as a basic building block for learning
newer encryption algorithms.

 RSA: RSA is an basic asymmetric cryptographic algorithm which uses

two different keys for encryption. The RSA algorithm works on a block
cipher concept that converts plain text into cipher text and vice versa.

 Secure Hash Algorithm (SHA): SHA is used to generate unique

fixed-length digital fingerprints of input data known as hashes. SHA
 variations such as SHA-2 and SHA-3 are commonly used to ensure
data integrity and authenticity. The tiniest change in input data
drastically modifies the hash output, indicating a loss of integrity.
Hashing is the process of storing key value pairs with the help of a
hash function into a hash table.

Advantages of Cryptography

 Cryptography can be used for access control to ensure that only

parties with the proper permissions have access to a resource.

 For secure online communication, it offers secure mechanisms for

transmitting private information like passwords, bank account
numbers, and other sensitive data over the Internet.

 It helps in the defense against various types of assaults including

replay and man-in-the-middle attacks.

 Cryptography can help firms in meeting a variety of legal requirements

including data protection and privacy legislation.

Firewall

A firewall is a network security device either hardware or software-based

which monitors all incoming and outgoing traffic and based on a defined set
of security rules it accepts, rejects, or drops that specific traffic. It acts like a
security guard that helps keep your digital world safe from unwanted visitors
and potential threats.

 Accept: allow the traffic

 Reject: block the traffic but reply with an “unreachable error”

 Drop: block the traffic with no reply

A firewall is a type of network security device that filters incoming and

outgoing network traffic with security policies that have previously been set
up inside an organization. A firewall is essentially the wall that separates a
private internal network from the open Internet at its very basic level.
Working of Firewall

 Firewall match the network traffic against the rule set defined in its
table. Once the rule is matched, associate action is applied to the
network traffic. For example, Rules are defined as any employee from
Human Resources department cannot access the data from code
server and at the same time another rule is defined like system
administrator can access the data from both Human Resource and
technical department.

 Rules can be defined on the firewall based on the necessity and

security policies of the organization.

 From the perspective of a server, network traffic can be either outgoing

or incoming. Firewall maintains a distinct set of rules for both the
cases. Mostly the outgoing traffic, originated from the server itself,
allowed to pass. Still, setting a rule on outgoing traffic is always better
in order to achieve more security and prevent unwanted
communication. Incoming traffic is treated differently.

 Most traffic which reaches on the firewall is one of these three major
Transport Layer protocols- TCP, UDP or ICMP. All these types have a
source address and destination address. Also, TCP and UDP have port
numbers. ICMP uses type code instead of port number which identifies
purpose of that packet.
Default policy: It is very difficult to explicitly cover every possible rule on
the firewall. For this reason, the firewall must always have a default policy.
Default policy only consists of action (accept, reject or drop). Suppose no rule
is defined about SSH connection to the server on the firewall. So, it will follow
the default policy. If default policy on the firewall is set to accept, then any
computer outside of your office can establish an SSH connection to the
server. Therefore, setting default policy as drop (or reject) is always a good
practice.

Types of Firewall

Firewalls can be categorized based on their generation.

1. Packet Filtering Firewall

Packet filtering firewall is used to control network access by monitoring

outgoing and incoming packets and allowing them to pass or stop based on
source and destination IP address, protocols, and ports. It analyses traffic at
the transport protocol layer (but mainly uses first 3 layers). Packet firewalls
treat each packet in isolation. They have no ability to tell whether a packet is
part of an existing stream of traffic. Only It can allow or deny the packets
based on unique packet headers. Packet filtering firewall maintains a filtering
table that decides whether the packet will be forwarded or discarded. From
the given filtering table, the packets will be filtered according to the following
rules:

 Incoming packets from network 192.168.21.0 are blocked.

  Incoming packets destined for the internal TELNET server (port 23) are
blocked.

 Incoming packets destined for host 192.168.21.3 are blocked.

 All well-known services to the network 192.168.21.0 are allowed.

2. Stateful Inspection Firewall

Stateful firewalls (performs Stateful Packet Inspection) are able to determine

the connection state of packet, unlike Packet filtering firewall, which makes it
more efficient. It keeps track of the state of networks connection travelling
across it, such as TCP streams. So the filtering decisions would not only be
based on defined rules, but also on packet’s history in the state table.

3. Application Layer Firewall

Application layer firewall can inspect and filter the packets on any OSI layer,
up to the application layer. It has the ability to block specific content, also
recognize when certain application and protocols (like HTTP, FTP) are being
misused. In other words, Application layer firewalls are hosts that run proxy
servers. A proxy firewall prevents the direct connection between either side
of the firewall, each packet has to pass through the proxy.

4. Next Generation Firewalls (NGFW)

NGFW consists of Deep Packet Inspection, Application

Inspection, SSL/SSH inspection and many functionalities to protect the
network from these modern threats.

5. Circuit Level Gateway Firewall

This works as the Sessions layer of the OSI Model’s . This allows for the
simultaneous setup of two Transmission Control Protocol (TCP) connections. It
can effortlessly allow data packets to flow without using quite a lot of
computing power. These firewalls are ineffective because they do not inspect
data packets; if malware is found in a data packet, they will permit it to pass
provided that TCP connections are established properly.

6. Software Firewall

A software firewall is any firewall that is set up locally or on a cloud server.

When it comes to controlling the inflow and outflow of data packets and
limiting the number of networks that can be linked to a single device, they
may be the most advantageous. But the problem with software firewall is
they are time-consuming.

7. Hardware Firewall

They also go by the name “firewalls based on physical appliances.” It

guarantees that the malicious data is halted before it reaches the network
endpoint that is in danger.

8. Cloud Firewall

These are software-based, cloud-deployed network devices. This cloud-based

firewall protects a private network from any unwanted access. Unlike
traditional firewalls, a cloud firewall filters data at the cloud level.

What Can Firewalls Protect Against?

 Infiltration by Malicious Actors: Firewalls can block suspicious

connections, preventing eavesdropping and advanced persistent
threats (APTs).

 Parental Controls: Parents can use firewalls to block their children

from accessing explicit web content.

 Workplace Web Browsing Restrictions: Employers can restrict

employees from using the company network to access certain services
and websites, like social media.

 Nationally Controlled Intranet: Governments can block access to

certain web content and services that conflict with national policies or
values.

By allowing network owners to set specific rules, firewalls offer customizable

protection for various scenarios, enhancing overall network security.

Advantages of Using Firewall

 Protection From Unauthorized Access: Firewalls can be set up to

restrict incoming traffic from particular IP addresses or networks,
 preventing hackers or other malicious actors from easily accessing a
network or system. Protection from unwanted access.

 Prevention of Malware and Other Threats: Malware and other

threat prevention: Firewalls can be set up to block traffic linked to
known malware or other security concerns, assisting in the defense
against these kinds of attacks.

 Control of Network Access: By limiting access to specified

individuals or groups for particular servers or applications, firewalls can
be used to restrict access to particular network resources or services.

 Monitoring of Network Activity: Firewalls can be set up to record

and keep track of all network activity.

 Regulation Compliance: Many industries are bound by rules that

demand the usage of firewalls or other security measures.

 Network Segmentation: By using firewalls to split up a bigger

network into smaller subnets, the attack surface is reduced and the
security level is raised.

Disadvantages of Using Firewall

 Complexity: Setting up and keeping up a firewall can be time-

consuming and difficult, especially for bigger networks or companies
with a wide variety of users and devices.

 Limited Visibility: Firewalls may not be able to identify or stop

security risks that operate at other levels, such as the application or
endpoint level, because they can only observe and manage traffic at
the network level.

 False Sense of Security: Some businesses may place an excessive

amount of reliance on their firewall and disregard other crucial security
measures like endpoint security or intrusion detection systems.

 Limited adaptability: Because firewalls are frequently rule-based,

they might not be able to respond to fresh security threats.

 Performance Impact: Network performance can be significantly

impacted by firewalls, particularly if they are set up to analyze or
manage a lot of traffic.
  Limited Scalability: Because firewalls are only able to secure one
network, businesses that have several networks must deploy many
firewalls, which can be expensive.

 Limited VPN support: Some firewalls might not allow

complex VPN features like split tunneling, which could restrict the
experience of a remote worker.

 Cost: Purchasing many devices or add-on features for a firewall

system can be expensive, especially for businesses.

VPN (Virtual Private Network)

A VPN (Virtual Private Network) is a powerful tool that enhances online

privacy, protects sensitive data, and enables secure access to the internet.
In today’s interconnected world, online privacy and data security are
more important than ever. One of the best ways to protect yourself and
enhance your internet experience is by using a VPN (Virtual Private
Network). Whether you’re looking to secure your data, bypass geo-
restrictions, or simply want to maintain your anonymity online, a VPN is
an invaluable tool.

This guide will explain what VPN is, how it works, and the different
types of VPNs available to suit your needs in 2025.

What Is a VPN

A VPN (Virtual Private Network) is a technology that creates a secure,

encrypted connection between your device and the internet. It essentially
acts as a private tunnel for your internet traffic, preventing hackers, ISPs,
and even governments from monitoring your activities. When using a VPN,
your IP address is masked, and your online actions are routed through a
remote server, making it harder to track your online activity.

Key Benefits of Using a VPN:

 1. Privacy Protection: A VPN hides your IP address, ensuring that your
browsing habits and activities remain private.

2. Security on Public Networks: Public Wi-Fi networks are often

insecure, but a VPN encrypts your connection, making it safer to
browse the internet on networks like those in cafes or airports.

3. Bypass Geo-restrictions: A VPN allows you to access content that

may be blocked in certain regions (such as streaming platforms, social
media sites, etc.).

4. Prevent Data Throttling: Some ISPs throttle your connection speed

when you stream or play games. A VPN can bypass this, allowing for
faster internet speeds.

5. Accessing Remote Work Resources: A VPN enables secure access

to private networks, making it ideal for businesses and remote
workers.

How Does a VPN Work

A VPN works by creating an encrypted tunnel between your device and a

remote server. Here’s the process simplified:

1. Connection Establishment: When you activate a VPN on your

device, it connects to a server operated by the VPN provider.

2. Encryption: The VPN encrypts your data (information, files, web

traffic) so that it’s unreadable to anyone trying to intercept it, whether
it’s a hacker on the same Wi-Fi network or an entity trying to monitor
your browsing.

3. Traffic Redirection: Your device’s internet traffic is routed through the

VPN server, which can be located in any country. This makes it appear
as though you’re browsing from the server’s location, masking your
actual IP address.

4. Decryption: Once your data reaches the VPN server, it is decrypted

and sent to the destination (such as a website, app, or service). Any
response from the server is then sent back to you through the
encrypted tunnel.
This end-to-end encryption ensures that your sensitive data stays private
and your location remains anonymous.

Types of VPNs Comparison Table

Securi
VPN Type Description Use Case ty Speed

Allows individuals to Remote

Remote
connect remotely to workers, Modera
Access High
a network from traveling te
VPN
anywhere. professionals

Connects two Businesses with

Site-to- Very
networks securely multiple High
Site VPN High
over the internet. locations

VPN for mobile

devices ensuring Healthcare,
Mobile Modera
uninterrupted access logistics, field High
VPN te
while switching workers
networks.

Large
A secure, efficient,
enterprises with Very Very
MPLS VPN and scalable solution
multiple office High High
for large enterprises.
sites

An older VPN
Legacy
protocol known for Very
PPTP VPN systems, basic Low
speed but lacks High
VPN needs
security.

L2TP/ Combines Layer 2 Corporate High Modera

 Securi
VPN Type Description Use Case ty Speed

Tunneling Protocol
environments,
IPsec VPN with IPsec for better te
reliable security
security.

An open-source VPN
Advanced
protocol known for Very Modera
OpenVPN users, custom
its flexibility and High te
setups
strong encryption.

A fast and secure

Mobile users,
IKEv2/ protocol that excels Very
stable High
IPsec VPN in mobile device High
connections
use.

Advantages of Using a VPN

1. Privacy Protection: VPNs keep your online activities private and

anonymous, preventing third parties from tracking you.

2. Bypass Geo-Restrictions: VPNs enable you to access content that

might be restricted in your country or region, such as streaming
services (Netflix, BBC iPlayer).

3. Enhanced Security: With end-to-end encryption, VPNs protect your

data from hackers, especially on public Wi-Fi networks.

4. Prevents Data Throttling: VPNs help avoid internet speed throttling

imposed by your Internet Service Provider (ISP), particularly when
streaming or gaming.

5. Safer Online Transactions: VPNs help protect sensitive information

like bank details when conducting transactions online.

6. Access Work Resources Remotely: Securely access your work or

school network, even from remote locations.

Disadvantages of Using a VPN

 1. Slower Speeds: Using a VPN may slow down your internet speed due
to the encryption process and server routing.

2. Not All VPNs Are Equal: Some VPN services may log your data or
provide subpar protection, so it’s essential to choose a reliable VPN
provider.

3. Can Be Blocked: Certain websites or countries may block VPN access,

limiting your ability to connect to certain services.

4. Requires Configuration: Setting up a VPN may require a bit of

technical knowledge, especially if you’re doing it manually.

5. Cost: While there are free VPNs available, premium VPNs offer more
reliable services and better security, which can be a recurring expense.

Intrusion Detection System (IDS)

Intrusion is when an attacker gets unauthorized access to a device, network,

or system. Cyber criminals use advanced techniques to sneak into
organizations without being detected.

Intrusion Detection System (IDS) observes network traffic for malicious

transactions and sends immediate alerts when it is observed. It is software
that checks a network or system for malicious activities or policy violations.
Each illegal activity or violation is often recorded either centrally using an
SIEM system or notified to an administration. IDS monitors a network or
system for malicious activity and protects a computer network from
unauthorized access from users, including perhaps insiders. The intrusion
detector learning task is to build a predictive model (i.e. a classifier) capable
of distinguishing between ‘bad connections’ (intrusion/attacks) and ‘good
(normal) connections’.

Common Methods of Intrusion

 Address Spoofing: Hiding the source of an attack by using fake or

unsecured proxy servers making it hard to identify the attacker.

 Fragmentation: Sending data in small pieces to slip past detection

systems.

 Pattern Evasion: Changing attack methods to avoid detection by IDS

systems that look for specific patterns.

 Coordinated Attack: Using multiple attackers or ports to scan a

network, confusing the IDS and making it hard to see what is
happening.

Working of Intrusion Detection System(IDS)

 An IDS (Intrusion Detection System) monitors the traffic on a computer

network to detect any suspicious activity.

 It analyzes the data flowing through the network to look for patterns
and signs of abnormal behavior.

 The IDS compares the network activity to a set of predefined rules and
patterns to identify any activity that might indicate an attack or
intrusion.

 If the IDS detects something that matches one of these rules or

patterns, it sends an alert to the system administrator.

 The system administrator can then investigate the alert and take
action to prevent any damage or further intrusion.
Intrusion Detection System (IDS)

Classification of Intrusion Detection System(IDS)

Intrusion Detection System are classified into 5 types:

 Network Intrusion Detection System (NIDS): Network intrusion

detection systems (NIDS) are set up at a planned point within the
network to examine traffic from all devices on the network. It performs
an observation of passing traffic on the entire subnet and matches the
traffic that is passed on the subnets to the collection of known attacks.
Once an attack is identified or abnormal behavior is observed, the alert
can be sent to the administrator. An example of a NIDS is installing it
 on the subnet where firewalls are located in order to see if someone is
trying to crack the firewall.

 Host Intrusion Detection System (HIDS): Host intrusion detection

systems (HIDS) run on independent hosts or devices on the network. A
HIDS monitors the incoming and outgoing packets from the device only
and will alert the administrator if suspicious or malicious activity is
detected. It takes a snapshot of existing system files and compares it
with the previous snapshot. If the analytical system files were edited or
deleted, an alert is sent to the administrator to investigate. An
example of HIDS usage can be seen on mission-critical machines,
which are not expected to change their layout.

 Hybrid Intrusion Detection System: Hybrid intrusion detection

system is made by the combination of two or more approaches to the
intrusion detection system. In the hybrid intrusion detection system,
the host agent or system data is combined with network information to
develop a complete view of the network system. The hybrid intrusion
detection system is more effective in comparison to the other intrusion
detection system. Prelude is an example of Hybrid IDS.

 Application Protocol-Based Intrusion Detection System

(APIDS): An application Protocol-based Intrusion Detection
System (APIDS) is a system or agent that generally resides within a
group of servers. It identifies the intrusions by monitoring and
interpreting the communication on application-specific protocols. For
example, this would monitor the SQL protocol explicitly to the
middleware as it transacts with the database in the web server.

 Protocol-Based Intrusion Detection System (PIDS): It comprises

a system or agent that would consistently reside at the front end of a
server, controlling and interpreting the protocol between a user/device
and the server. It is trying to secure the web server by regularly
monitoring the HTTPS protocol stream and accepting the related HTTP
protocol. As HTTPS is unencrypted and before instantly entering its
web presentation layer then this system would need to reside in this
interface, between to use the HTTPS.

 Signature-Based Detection: Signature-based detection checks

network packets for known patterns linked to specific threats. A
signature-based IDS compares packets to a database of attack
signatures and raises an alert if a match is found. Regular updates are
 needed to detect new threats, but unknown attacks without signatures
can bypass this system

Intrusion Detection System Evasion Techniques

 Fragmentation: Dividing the packet into smaller packet called

fragment and the process is known as fragmentation. This makes it
impossible to identify an intrusion because there can’t be a malware
signature.

 Packet Encoding: Encoding packets using methods like Base64 or

hexadecimal can hide malicious content from signature-based IDS.

 Traffic Obfuscation: By making message more complicated to

interpret, obfuscation can be utilised to hide an attack and avoid
detection.

 Encryption: Several security features such as data integrity,

confidentiality, and data privacy, are provided by encryption.
Unfortunately, security features are used by malware developers to
hide attacks and avoid detection.

Detection Method of IDS

 Signature-Based Method: Signature-based IDS detects the attacks

on the basis of the specific patterns such as the number of bytes or a
number of 1s or the number of 0s in the network traffic. It also detects
on the basis of the already known malicious instruction sequence that
is used by the malware. The detected patterns in the IDS are known as
signatures. Signature-based IDS can easily detect the attacks whose
pattern (signature) already exists in the system but it is quite difficult
to detect new malware attacks as their pattern (signature) is not
known.

 Anomaly-Based Method: Anomaly-based IDS was introduced to

detect unknown malware attacks as new malware is developed rapidly.
In anomaly-based IDS there is the use of machine learning to create a
trustful activity model and anything coming is compared with that
model and it is declared suspicious if it is not found in the model. The
machine learning-based method has a better-generalized property in
comparison to signature-based IDS as these models can be trained
according to the applications and hardware configurations.
Benefits of IDS

 Detects Malicious Activity: IDS can detect any suspicious activities

and alert the system administrator before any significant damage is
done.

 Improves Network Performance: IDS can identify any performance

issues on the network, which can be addressed to improve network
performance.

 Compliance Requirements: IDS can help in meeting compliance

requirements by monitoring network activity and generating reports.

 Provides Insights: IDS generates valuable insights into network

traffic, which can be used to identify any weaknesses and improve
network security.

Disadvantages of IDS

 False Alarms: IDS can generate false positives, alerting on harmless

activities and causing unnecessary concern.

 Resource Intensive: It can use a lot of system resources, potentially

slowing down network performance.

 Requires Maintenance: Regular updates and tuning are needed to

keep the IDS effective, which can be time-consuming.

 Doesn’t Prevent Attacks: IDS detects and alerts but doesn’t stop
attacks, so additional measures are still needed.

 Complex to Manage: Setting up and managing an IDS can be

complex and may require specialized knowledge.