SlideShare a Scribd company logo

UNIT-3.docx

Download as DOCX, PDF
C
CSEA18Arun537

Network security refers to measures taken to secure a computer network and data using hardware and software. This aims to secure confidentiality and accessibility of data and the network. The document discusses the basic principles of network security including physical, technical, and administrative security layers. It also describes common network security threats like access control, antivirus software, and cloud security. Email security is discussed as well, including best practices like spam filtering, encryption, antivirus protection, and employee education to protect against phishing and spoofing attacks.

Marketing
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
UNIT-3 Network Security  Difficulty Level : Easy  Last Updated : 16 Jun, 2022 Network Security refers to the measures taken by any enterprise or organization to secure its computer network and data using both hardware and software systems. This aims at securing the confidentiality and accessibility of the data and network. Every company or organization that handles a large amount of data, has a degree of solutions against many cyber threats. The most basic example of Network Security is password protection which the user of the network oneself chooses. In recent times, Network Security has become the central topic of cyber security with many organizations inviting applications from people who have skills in this area. The network security solutions protect various vulnerabilities of the computer systems such as: 1. Users 2. Locations 3. Data 4. Devices 5. Applications Network Security: Working The basic principle of network security is protecting huge stored data and networks in layers that ensure the bedding of rules and regulations that have to be acknowledged before performing any activity on the data. These levels are: 1. Physical 2. Technical 3. Administrative These are explained as following below. 1. Physical Network Security: This is the most basic level that includes protecting the data and network through unauthorized personnel from acquiring control over the confidentiality of the network. These include external peripherals and routers that might be used for cable connections. The same can be achieved by using devices like biometric systems. 2. Technical Network Security: It primarily focuses on protecting the data stored in the network or
data involved in transitions through the network. This type serves two purposes. One is protected from unauthorized users, and the other is protection from malicious activities. 3. Administrative Network Security: This level of network security protects user behavior like how the permission has been granted and how the authorization process takes place. This also ensures the level of sophistication the network might need for protecting it through all the attacks. This level also suggests necessary amendments that have to be done to the infrastructure. Types of Network Security: The few types of network securities are discussed below : 1. Access Control: Not every person should have a complete allowance for the accessibility to the network or its data. One way to examine this is by going through each personnel’s details. This is done through Network Access Control which ensures that only a handful of authorized personnel must be able to work with the allowed amount of resources. 2. Antivirus and Anti-malware Software: This type of network security ensures that any malicious software does not enter the network and jeopardize the security of the data. The malicious software like Viruses, Trojans, and Worms is handled by the same. This ensures that not only the entry of the malware is protected but also that the system is well equipped to fight once it has entered. 3. Cloud Security: Now a day, a lot many organizations are joining hands with cloud technology where a large amount of important data is stored over the internet. This is very vulnerable to the malpractices that few unauthorized dealers might pertain. This data must be protected and it should be ensured that this protection is not jeopardized by anything. Many businesses embrace SaaS applications for providing some of their employees the allowance of accessing the data stored over the cloud. This type of security ensures creating gaps in the visibility of the data. What Is Email Security? Email security includes the techniques and technologies used to protect email accounts and communications. Email, which is an organization’s largest attack
surface, is the primary target of phishing attacks and can be used to spread malware. Email is a critical component of organizational communication because it enables users to communicate quickly, easily, and with a variety of devices. Further, email can be used to send a number of different types of media, and communications can be tracked, stored, and organized according to attributes such as time and date stamps and size. Email security is important because email contains sensitive information, is used by everyone in the organization, and is therefore one of a company’s largest targets for attacks. The shift to cloud-based email like Gmail and others comes with several benefits, but cloud-based email has become a tempting attack surface for cyber criminals. How Secure Is Email? Email is a top threat vector because it is a ubiquitous tool that everyone in an organization uses. It is in an open format that can be read on any device without decryption onceit is intercepted. An email does not go straight to the recipient. Rather, it travels between networks and servers, some vulnerable and unsecured, before landing in an inbox. Even though an individual’s computer may be secure from an attacker, the network or server the email has to travel through may have been compromised. Also, cyber criminals can easily impersonate a sender or manipulate email content in the form of bodycopy, attachments, Uniform ResourceLocators (URLs), or a sender’s email address. This is fairly straightforward for a hacker attacking an unsecured system because each email has fields that contain metadata detailing information about the email, who it came from, where it is headed, etc. A hacker only needs to access this metadata and change it, and it will look like the email came from someone or someplace it did not. Types of Email Attacks Cyber criminals use many different tactics to hack email, and some methods can cause considerable damage to an organization’s data and/or reputation. Malware, which is malicious software used to harm or manipulate a device or its data, can be placed on a computer using each of the following attacks.
Phishing A phishing attack targets users by sending them a text, direct message, or email. The attacker pretends to be a trusted individual or institution and then uses their relationship with the target to steal sensitive data like account numbers, credit card details, or login information. Phishing comes in several forms, such as spear phishing, regular phishing, and whaling. Spear phishing targets a particular person, while a whaler targets someone high up in the organization by pretending to be someone they trust. Spam A phishing attack targets users by sending them a text, direct message, or email. The attacker pretends to be a trusted individual or institution and then uses their relationship with the target to steal sensitive data like account numbers, credit card details, or login information. Phishing comes in several forms, such as spear phishing, regular phishing, and whaling. Spear phishing targets a particular person, while a whaler targets someone high up in the organization by pretending to be someone they trust. Spoofing Spoofing is a dangerous email threat because it involves fooling the recipient into thinking the email is coming from someone other than the apparent sender. This makes spoofing an effective business email compromise(BEC) tool. The email platform cannot tell a faked email from a real one because it merely reads the metadata—the same data the attacker has changed. This makes the impersonation of a person the victim either knows or respects relatively easy for an attacker. Email Security BestPractices Email is a primary weapon for spreading ransomware, an advanced threat that can affect multiple endpoints as well as steal sensitive data. Therefore, an email protection plan needs to include the following bestpractices to protect email traffic in real time. 1. Spam filter: A spam filter can detect spam and keep it from either hitting your inbox or file it as junk mail.
2. Email encryption: Email encryptioncan disguisecorporateemail by changing communications into a garbled arrangementof letters, numbers, and symbols that someonewho intercepts it cannot read. 3. Antivirus protection: Antivirus protection screens emails and attachments for viruses, providing theuser with warnings if anything suspicious is detected. 4. Secure email gateway (SEG): An SEG filters out potentially dangerous emails according to the settings of an ITadministrator. 5. Multi-factor authentication(MFA): MFA is a key data loss protection and anti-hacking tool becauseit requires a user to providemore than one authentication factor to provethey should be granted access to a system. 6. Employee education: Employees can be educated to recognize social engineering, phishing, and other types of attacks that are typically executed using email. IP security (IPSec)  Difficulty Level : Easy  Last Updated : 03 Jun, 2021 The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets. The protocols needed for secure key exchange and key management are defined in it. Uses of IP Security – IPsec can be used to do the following things:  To encrypt application layer data.  To provide security for routers sending routing data across the public internet.  To provide authentication without encryption, like to authenticate that the data originates from a known sender.  To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection. Components of IP Security – It has the following components:
1. Encapsulating Security Payload (ESP) – It provides data integrity, encryption, authentication and anti replay. It also provides authentication for payload. 2. Authentication Header (AH) – It also provides data integrity, authentication and anti replay and it does not provide encryption. The anti replay protection, protects against unauthorized transmission of packets. It does not protect data’s confidentiality. 3. Internet Key Exchange (IKE) – It is a network security protocol designed to dynamically exchange encryption keys and find a way over Security Association (SA) between 2 devices. The Security Association (SA) establishes shared security attributes between 2 network entities to support secure communication. The Key Management Protocol (ISAKMP) and Internet Security Association which provides a framework for authentication and key exchange. ISAKMP tells how the set up of the Security Associations (SAs) and how direct connections between two hosts that are using IPsec. Internet Key Exchange (IKE) provides message content protection and also an open frame for implementing standard algorithms such as SHA and MD5. The algorithm’s IP sec users produces a unique identifier for each packet. This identifier then allows a device to determine whether a packet has been correct or not. Packets which are not authorized are discarded and not given to receiver.
Working of IP Security – 1. The host checks if the packet should be transmitted using IPsec or not. These packet traffic triggers the security policy for themselves. This is done when the system sending the packet apply an appropriate encryption. The incoming packets are also checked by the host that they are encrypted properly or not. 2. Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate themselves to each other to start a secure channel. It has 2 modes. The Main mode which provides the greater security and the Aggressive mode which enables the host to establish an IPsec circuit more quickly. 3. The channel created in the last step is then used to securely negotiate the way the IP circuit will encrypt data across the IP circuit. 4. Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts negotiate the type of cryptographic algorithms to use on the session and agreeing on secret keying material to be used with those algorithms. 5. Then the data is exchanged across the newly created IPsec encrypted tunnel. These packets are encrypted and decrypted by the hosts using IPsec SAs. 6. When the communication between the hosts is completed or the session times out then the IPsec tunnel is terminated by discarding the keys by both the hosts. CNS-unit 4 pdf  web security ( SS,SSL handshake ) better to revise entire pdf CNS -unit 5 pdf S/MIME,IP Security
Kerberos  Difficulty Level : Easy  Last Updated : 22 Mar, 2022 Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. In Kerberos Authentication server and database is used for client authentication. Kerberos runs as a third- party trusted server known as the Key Distribution Center (KDC). Each user and service on the network is a principal. The main components of Kerberos are:  AuthenticationServer(AS): The Authentication Server performs the initial authentication and ticket for Ticket Granting Service.  Database: The Authentication Server verifies the access rights of users in the database.  TicketGranting Server(TGS): The Ticket Granting Server issues the ticket for the Server Kerberos Overview:  Step-1: User login and request services on the host. Thus user requests for
ticket-granting service.  Step-2: Authentication Server verifies user’s access right using database and then gives ticket-granting-ticket and session key. Results are encrypted using the Password of the user.  Step-3: The decryption of the message is done using the password then send the ticket to Ticket Granting Server. The Ticket contains authenticators like user names and network addresses.  Step-4: Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the request then creates the ticket for requesting services from the Server.  Step-5: The user sends the Ticket and Authenticator to the Server.  Step-6: The server verifies the Ticket and authenticators then generate access to the service. After this User can access the services. Kerberos Limitations  Each network service must be modified individually for use with Kerberos  It doesn’t work well in a timeshare environment  Secured Kerberos Server  Requires an always-on Kerberos server  Stores all passwords are encrypted with a single key  Assumes workstations are secure  May result in cascading loss of trust.  Scalability Is Kerberos Infallible? No security measure is 100% impregnable, and Kerberos is no exception. Because it’s been around for so long, hackers have had the ability over the years to find ways around it, typically through forging tickets, repeated attempts at password guessing (brute force/credential stuffing), and the use of malware, to downgrade the encryption.
Despite this, Kerberos remains the best access security protocol available today. The protocol is flexible enough to employ stronger encryption algorithms to combat new threats, and if users employ good password-choice guidelines, you shouldn’t have a problem! What is Kerberos Used For? Although Kerberos can be found everywhere in the digital world, it is commonly used in secure systems that rely on robust authentication and auditing capabilities. Kerberos is used for Posix, Active Directory, NFS, and Samba authentication. It is also an alternative authentication system to SSH, POP, and SMTP. X.509 Authentication Service  Last Updated : 07 Mar, 2022 X.509 is a digital certificate that is built on top of a widely trusted standard known as ITU or International Telecommunication Union X.509 standard, in which the format of PKI certificates is defined. X.509 digital certificate is a certificate-based authentication security framework that can be used for providing secure transaction processing and private information. These are primarily used for handling the security and identity in computer networking and internet-based communications. Working of X.509 Authentication Service Certificate: The core of the X.509 authentication service is the public key certificate connected to each user. These user certificates are assumed to be produced by some trusted certification authority and positioned in the directory by the user or the certified authority. These directory servers are only used for providing an effortless reachable location for allusers so that they canacquire certificates. X.509 standard is built on an IDL known as ASN.1. With the help of Abstract Syntax Notation, the X.509 certificate format uses an associated public and private key pair for encrypting and decrypting a message. Once an X.509 certificate is provided to a user by the certified authority, that certificate is attached to it like an identity card. The chances of someone stealing it or losing it are less, unlike other unsecured passwords. With the help of this analogy, it is easier to imagine how this authentication works: the certificate is basically presented like an identity at the resource that requires authentication.
Format of X.509 Authentication Service Certificate: Generally, the certificate includes the elements given below:  Version number: It defines the X.509 version that concerns the certificate.  Serial number: It is the unique number that the certified authority issues.
 Signature Algorithm Identifier: This is the algorithm that is used for signing the certificate.  Issuer name: Tells about the X.500 name of the certified authority which signed and created the certificate.  Period ofValidity: It defines the period for which the certificate is valid.  Subject Name: Tells about the name of the user to whom this certificate has been issued.  Subject’s public key information: It defines the subject’s public key along with an identifier of the algorithm for which this key is supposed to be used.  Extension block: This field contains additional standard information.  Signature: This field contains the hash code of all other fields which is encrypted by the certified authority private key. Applications of X.509 Authentication Service Certificate: Many protocols depend on X.509 and it has many applications, some of them are given below:  Document signing and Digital signature  Web server security with the help of Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificates  Email certificates  Code signing  Secure Shell Protocol (SSH) keys  Digital Identities

More Related Content

PDF
Introduction to information security
Harish Jangid
 
PDF
Customer information security awareness training
AbdalrhmanTHassan
 
PPTX
Computer Security Essentials.pptx
Guna Dhondwad
 
PPTX
Network security and firewalls
Murali Mohan
 
PPTX
Cyber Security awareness of cyber security
BabaBoss5
 
PPTX
Security Threats
Yasmeen Shaikh
 
PPTX
Cyber Security and prevention Presentation.pptx
kumardev57663
 
PPT
3 Most Common Threats Of Information Security
Ana Meskovska
 
Introduction to information security
Harish Jangid
 
Customer information security awareness training
AbdalrhmanTHassan
 
Computer Security Essentials.pptx
Guna Dhondwad
 
Network security and firewalls
Murali Mohan
 
Cyber Security awareness of cyber security
BabaBoss5
 
Security Threats
Yasmeen Shaikh
 
Cyber Security and prevention Presentation.pptx
kumardev57663
 
3 Most Common Threats Of Information Security
Ana Meskovska
 

Similar to UNIT-3.docx (20)

PDF
Network security chapter 1,2
Education
 
PPTX
ppt on securities.pptx
muskaangoel15
 
PPTX
Introduction to intelligence cybersecurity_2
arazaque2675
 
PPTX
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
PPT
Rothke Sia 2006
Ben Rothke
 
PPTX
Information security ist lecture
Zara Nawaz
 
PPTX
information security (network security methods)
Zara Nawaz
 
PPTX
CyberSecurityPPT_V3_1.pptx training module
surnil7785
 
PPT
Aspects of Network Security
SHUBHA CHATURVEDI
 
PPTX
TOPIC7.pptx
tahaniali27
 
PPTX
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
NilKhunt
 
PDF
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Tương Hoàng
 
PDF
E Commerce security
Mayank Kashyap
 
PPTX
The Emotional Lure of Social Engineering
The TNS Group
 
PPTX
Cyber security
Rishav Sadhu
 
PDF
Edu 03 assingment
Aswani34
 
PPT
Computer Systems Security
drkelleher
 
PPT
Chapter1 intro network_security_sunorganised
Bule Hora University
 
PPT
Computersystemssecurity 090529105555-phpapp01
Miigaa Mine
 
PPTX
network security ppt.pptx
MijanurSepai1
 
Network security chapter 1,2
Education
 
ppt on securities.pptx
muskaangoel15
 
Introduction to intelligence cybersecurity_2
arazaque2675
 
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
Rothke Sia 2006
Ben Rothke
 
Information security ist lecture
Zara Nawaz
 
information security (network security methods)
Zara Nawaz
 
CyberSecurityPPT_V3_1.pptx training module
surnil7785
 
Aspects of Network Security
SHUBHA CHATURVEDI
 
TOPIC7.pptx
tahaniali27
 
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
NilKhunt
 
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Tương Hoàng
 
E Commerce security
Mayank Kashyap
 
The Emotional Lure of Social Engineering
The TNS Group
 
Cyber security
Rishav Sadhu
 
Edu 03 assingment
Aswani34
 
Computer Systems Security
drkelleher
 
Chapter1 intro network_security_sunorganised
Bule Hora University
 
Computersystemssecurity 090529105555-phpapp01
Miigaa Mine
 
network security ppt.pptx
MijanurSepai1
 

Recently uploaded (20)

PDF
AI x Marketing - Sarah Fruy, Resonance Marketing
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
PDF
Coleção Nature .
mktjan
 
PPTX
Kimberly Crossland Storytelling Marketing Class 5stars.pptx
Rohi Shetty
 
PPTX
UNIT 3 - 5 INDUSTRIAL PRICING.ppt x
simransahu30
 
PDF
UNIT 1 -3 Factors Influencing RURAL CONSUMER BEHAVIOUR.pdf
simransahu30
 
PDF
Mastering Content Strategy in 2025 ss.pdf
hassansheikhxpro
 
PDF
Is Kanav Kesar Legit or a Scam? Uncovering the Truth Behind the Hype
Kanav Kesar
 
PPTX
Final Project parkville.............pptx
ramadanantar44
 
DOCX
Parkville marketing plan .......MR.docx
ramadanantar44
 
PDF
Digital Marketing Agency in Thrissur with Proven Strategies for Local Growth
siyamkrishna9
 
PPTX
PRINCIPLES OF MANAGEMENT and functions (1).pptx
SKCWBCOMISM
 
PPTX
Sumit Saxena IIM J Project Market segmentation.pptx
sumit15sks
 
PDF
AI & Automation: The Future of Marketing or the End of Creativity - Matthew W...
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
PDF
Proven AI Visibility: From SEO Strategy To GEO Tactics
Search Engine Journal
 
PPTX
Solomon_Chapter 6_The Self: Mind, Gender, and Body.pptx
motasem221
 
PDF
UNIT 1 -4 Profile of Rural Consumers (1).pdf
simransahu30
 
PDF
Digital Marketing in the Age of AI: What CEOs Need to Know - Jennifer Apy, Ch...
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
PPTX
Assignment 2 Task 1 - How Consumers Use Technology and Its Impact on Their Lives
KhushbuSoni46
 
PDF
AI & Automation: The Future of Marketing or the End of Creativity - Eric Ritt...
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
PDF
Building a strong social media presence.
mpjumana7
 
AI x Marketing - Sarah Fruy, Resonance Marketing
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Coleção Nature .
mktjan
 
Kimberly Crossland Storytelling Marketing Class 5stars.pptx
Rohi Shetty
 
UNIT 3 - 5 INDUSTRIAL PRICING.ppt x
simransahu30
 
UNIT 1 -3 Factors Influencing RURAL CONSUMER BEHAVIOUR.pdf
simransahu30
 
Mastering Content Strategy in 2025 ss.pdf
hassansheikhxpro
 
Is Kanav Kesar Legit or a Scam? Uncovering the Truth Behind the Hype
Kanav Kesar
 
Final Project parkville.............pptx
ramadanantar44
 
Parkville marketing plan .......MR.docx
ramadanantar44
 
Digital Marketing Agency in Thrissur with Proven Strategies for Local Growth
siyamkrishna9
 
PRINCIPLES OF MANAGEMENT and functions (1).pptx
SKCWBCOMISM
 
Sumit Saxena IIM J Project Market segmentation.pptx
sumit15sks
 
AI & Automation: The Future of Marketing or the End of Creativity - Matthew W...
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Proven AI Visibility: From SEO Strategy To GEO Tactics
Search Engine Journal
 
Solomon_Chapter 6_The Self: Mind, Gender, and Body.pptx
motasem221
 
UNIT 1 -4 Profile of Rural Consumers (1).pdf
simransahu30
 
Digital Marketing in the Age of AI: What CEOs Need to Know - Jennifer Apy, Ch...
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Assignment 2 Task 1 - How Consumers Use Technology and Its Impact on Their Lives
KhushbuSoni46
 
AI & Automation: The Future of Marketing or the End of Creativity - Eric Ritt...
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Building a strong social media presence.
mpjumana7
 

UNIT-3.docx

  • 1. UNIT-3 Network Security  Difficulty Level : Easy  Last Updated : 16 Jun, 2022 Network Security refers to the measures taken by any enterprise or organization to secure its computer network and data using both hardware and software systems. This aims at securing the confidentiality and accessibility of the data and network. Every company or organization that handles a large amount of data, has a degree of solutions against many cyber threats. The most basic example of Network Security is password protection which the user of the network oneself chooses. In recent times, Network Security has become the central topic of cyber security with many organizations inviting applications from people who have skills in this area. The network security solutions protect various vulnerabilities of the computer systems such as: 1. Users 2. Locations 3. Data 4. Devices 5. Applications Network Security: Working The basic principle of network security is protecting huge stored data and networks in layers that ensure the bedding of rules and regulations that have to be acknowledged before performing any activity on the data. These levels are: 1. Physical 2. Technical 3. Administrative These are explained as following below. 1. Physical Network Security: This is the most basic level that includes protecting the data and network through unauthorized personnel from acquiring control over the confidentiality of the network. These include external peripherals and routers that might be used for cable connections. The same can be achieved by using devices like biometric systems. 2. Technical Network Security: It primarily focuses on protecting the data stored in the network or
  • 2. data involved in transitions through the network. This type serves two purposes. One is protected from unauthorized users, and the other is protection from malicious activities. 3. Administrative Network Security: This level of network security protects user behavior like how the permission has been granted and how the authorization process takes place. This also ensures the level of sophistication the network might need for protecting it through all the attacks. This level also suggests necessary amendments that have to be done to the infrastructure. Types of Network Security: The few types of network securities are discussed below : 1. Access Control: Not every person should have a complete allowance for the accessibility to the network or its data. One way to examine this is by going through each personnel’s details. This is done through Network Access Control which ensures that only a handful of authorized personnel must be able to work with the allowed amount of resources. 2. Antivirus and Anti-malware Software: This type of network security ensures that any malicious software does not enter the network and jeopardize the security of the data. The malicious software like Viruses, Trojans, and Worms is handled by the same. This ensures that not only the entry of the malware is protected but also that the system is well equipped to fight once it has entered. 3. Cloud Security: Now a day, a lot many organizations are joining hands with cloud technology where a large amount of important data is stored over the internet. This is very vulnerable to the malpractices that few unauthorized dealers might pertain. This data must be protected and it should be ensured that this protection is not jeopardized by anything. Many businesses embrace SaaS applications for providing some of their employees the allowance of accessing the data stored over the cloud. This type of security ensures creating gaps in the visibility of the data. What Is Email Security? Email security includes the techniques and technologies used to protect email accounts and communications. Email, which is an organization’s largest attack
  • 3. surface, is the primary target of phishing attacks and can be used to spread malware. Email is a critical component of organizational communication because it enables users to communicate quickly, easily, and with a variety of devices. Further, email can be used to send a number of different types of media, and communications can be tracked, stored, and organized according to attributes such as time and date stamps and size. Email security is important because email contains sensitive information, is used by everyone in the organization, and is therefore one of a company’s largest targets for attacks. The shift to cloud-based email like Gmail and others comes with several benefits, but cloud-based email has become a tempting attack surface for cyber criminals. How Secure Is Email? Email is a top threat vector because it is a ubiquitous tool that everyone in an organization uses. It is in an open format that can be read on any device without decryption onceit is intercepted. An email does not go straight to the recipient. Rather, it travels between networks and servers, some vulnerable and unsecured, before landing in an inbox. Even though an individual’s computer may be secure from an attacker, the network or server the email has to travel through may have been compromised. Also, cyber criminals can easily impersonate a sender or manipulate email content in the form of bodycopy, attachments, Uniform ResourceLocators (URLs), or a sender’s email address. This is fairly straightforward for a hacker attacking an unsecured system because each email has fields that contain metadata detailing information about the email, who it came from, where it is headed, etc. A hacker only needs to access this metadata and change it, and it will look like the email came from someone or someplace it did not. Types of Email Attacks Cyber criminals use many different tactics to hack email, and some methods can cause considerable damage to an organization’s data and/or reputation. Malware, which is malicious software used to harm or manipulate a device or its data, can be placed on a computer using each of the following attacks.
  • 4. Phishing A phishing attack targets users by sending them a text, direct message, or email. The attacker pretends to be a trusted individual or institution and then uses their relationship with the target to steal sensitive data like account numbers, credit card details, or login information. Phishing comes in several forms, such as spear phishing, regular phishing, and whaling. Spear phishing targets a particular person, while a whaler targets someone high up in the organization by pretending to be someone they trust. Spam A phishing attack targets users by sending them a text, direct message, or email. The attacker pretends to be a trusted individual or institution and then uses their relationship with the target to steal sensitive data like account numbers, credit card details, or login information. Phishing comes in several forms, such as spear phishing, regular phishing, and whaling. Spear phishing targets a particular person, while a whaler targets someone high up in the organization by pretending to be someone they trust. Spoofing Spoofing is a dangerous email threat because it involves fooling the recipient into thinking the email is coming from someone other than the apparent sender. This makes spoofing an effective business email compromise(BEC) tool. The email platform cannot tell a faked email from a real one because it merely reads the metadata—the same data the attacker has changed. This makes the impersonation of a person the victim either knows or respects relatively easy for an attacker. Email Security BestPractices Email is a primary weapon for spreading ransomware, an advanced threat that can affect multiple endpoints as well as steal sensitive data. Therefore, an email protection plan needs to include the following bestpractices to protect email traffic in real time. 1. Spam filter: A spam filter can detect spam and keep it from either hitting your inbox or file it as junk mail.
  • 5. 2. Email encryption: Email encryptioncan disguisecorporateemail by changing communications into a garbled arrangementof letters, numbers, and symbols that someonewho intercepts it cannot read. 3. Antivirus protection: Antivirus protection screens emails and attachments for viruses, providing theuser with warnings if anything suspicious is detected. 4. Secure email gateway (SEG): An SEG filters out potentially dangerous emails according to the settings of an ITadministrator. 5. Multi-factor authentication(MFA): MFA is a key data loss protection and anti-hacking tool becauseit requires a user to providemore than one authentication factor to provethey should be granted access to a system. 6. Employee education: Employees can be educated to recognize social engineering, phishing, and other types of attacks that are typically executed using email. IP security (IPSec)  Difficulty Level : Easy  Last Updated : 03 Jun, 2021 The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets. The protocols needed for secure key exchange and key management are defined in it. Uses of IP Security – IPsec can be used to do the following things:  To encrypt application layer data.  To provide security for routers sending routing data across the public internet.  To provide authentication without encryption, like to authenticate that the data originates from a known sender.  To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection. Components of IP Security – It has the following components:
  • 6. 1. Encapsulating Security Payload (ESP) – It provides data integrity, encryption, authentication and anti replay. It also provides authentication for payload. 2. Authentication Header (AH) – It also provides data integrity, authentication and anti replay and it does not provide encryption. The anti replay protection, protects against unauthorized transmission of packets. It does not protect data’s confidentiality. 3. Internet Key Exchange (IKE) – It is a network security protocol designed to dynamically exchange encryption keys and find a way over Security Association (SA) between 2 devices. The Security Association (SA) establishes shared security attributes between 2 network entities to support secure communication. The Key Management Protocol (ISAKMP) and Internet Security Association which provides a framework for authentication and key exchange. ISAKMP tells how the set up of the Security Associations (SAs) and how direct connections between two hosts that are using IPsec. Internet Key Exchange (IKE) provides message content protection and also an open frame for implementing standard algorithms such as SHA and MD5. The algorithm’s IP sec users produces a unique identifier for each packet. This identifier then allows a device to determine whether a packet has been correct or not. Packets which are not authorized are discarded and not given to receiver.
  • 7. Working of IP Security – 1. The host checks if the packet should be transmitted using IPsec or not. These packet traffic triggers the security policy for themselves. This is done when the system sending the packet apply an appropriate encryption. The incoming packets are also checked by the host that they are encrypted properly or not. 2. Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate themselves to each other to start a secure channel. It has 2 modes. The Main mode which provides the greater security and the Aggressive mode which enables the host to establish an IPsec circuit more quickly. 3. The channel created in the last step is then used to securely negotiate the way the IP circuit will encrypt data across the IP circuit. 4. Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts negotiate the type of cryptographic algorithms to use on the session and agreeing on secret keying material to be used with those algorithms. 5. Then the data is exchanged across the newly created IPsec encrypted tunnel. These packets are encrypted and decrypted by the hosts using IPsec SAs. 6. When the communication between the hosts is completed or the session times out then the IPsec tunnel is terminated by discarding the keys by both the hosts. CNS-unit 4 pdf  web security ( SS,SSL handshake ) better to revise entire pdf CNS -unit 5 pdf S/MIME,IP Security
  • 8. Kerberos  Difficulty Level : Easy  Last Updated : 22 Mar, 2022 Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. In Kerberos Authentication server and database is used for client authentication. Kerberos runs as a third- party trusted server known as the Key Distribution Center (KDC). Each user and service on the network is a principal. The main components of Kerberos are:  AuthenticationServer(AS): The Authentication Server performs the initial authentication and ticket for Ticket Granting Service.  Database: The Authentication Server verifies the access rights of users in the database.  TicketGranting Server(TGS): The Ticket Granting Server issues the ticket for the Server Kerberos Overview:  Step-1: User login and request services on the host. Thus user requests for
  • 9. ticket-granting service.  Step-2: Authentication Server verifies user’s access right using database and then gives ticket-granting-ticket and session key. Results are encrypted using the Password of the user.  Step-3: The decryption of the message is done using the password then send the ticket to Ticket Granting Server. The Ticket contains authenticators like user names and network addresses.  Step-4: Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the request then creates the ticket for requesting services from the Server.  Step-5: The user sends the Ticket and Authenticator to the Server.  Step-6: The server verifies the Ticket and authenticators then generate access to the service. After this User can access the services. Kerberos Limitations  Each network service must be modified individually for use with Kerberos  It doesn’t work well in a timeshare environment  Secured Kerberos Server  Requires an always-on Kerberos server  Stores all passwords are encrypted with a single key  Assumes workstations are secure  May result in cascading loss of trust.  Scalability Is Kerberos Infallible? No security measure is 100% impregnable, and Kerberos is no exception. Because it’s been around for so long, hackers have had the ability over the years to find ways around it, typically through forging tickets, repeated attempts at password guessing (brute force/credential stuffing), and the use of malware, to downgrade the encryption.
  • 10. Despite this, Kerberos remains the best access security protocol available today. The protocol is flexible enough to employ stronger encryption algorithms to combat new threats, and if users employ good password-choice guidelines, you shouldn’t have a problem! What is Kerberos Used For? Although Kerberos can be found everywhere in the digital world, it is commonly used in secure systems that rely on robust authentication and auditing capabilities. Kerberos is used for Posix, Active Directory, NFS, and Samba authentication. It is also an alternative authentication system to SSH, POP, and SMTP. X.509 Authentication Service  Last Updated : 07 Mar, 2022 X.509 is a digital certificate that is built on top of a widely trusted standard known as ITU or International Telecommunication Union X.509 standard, in which the format of PKI certificates is defined. X.509 digital certificate is a certificate-based authentication security framework that can be used for providing secure transaction processing and private information. These are primarily used for handling the security and identity in computer networking and internet-based communications. Working of X.509 Authentication Service Certificate: The core of the X.509 authentication service is the public key certificate connected to each user. These user certificates are assumed to be produced by some trusted certification authority and positioned in the directory by the user or the certified authority. These directory servers are only used for providing an effortless reachable location for allusers so that they canacquire certificates. X.509 standard is built on an IDL known as ASN.1. With the help of Abstract Syntax Notation, the X.509 certificate format uses an associated public and private key pair for encrypting and decrypting a message. Once an X.509 certificate is provided to a user by the certified authority, that certificate is attached to it like an identity card. The chances of someone stealing it or losing it are less, unlike other unsecured passwords. With the help of this analogy, it is easier to imagine how this authentication works: the certificate is basically presented like an identity at the resource that requires authentication.
  • 11. Format of X.509 Authentication Service Certificate: Generally, the certificate includes the elements given below:  Version number: It defines the X.509 version that concerns the certificate.  Serial number: It is the unique number that the certified authority issues.
  • 12.  Signature Algorithm Identifier: This is the algorithm that is used for signing the certificate.  Issuer name: Tells about the X.500 name of the certified authority which signed and created the certificate.  Period ofValidity: It defines the period for which the certificate is valid.  Subject Name: Tells about the name of the user to whom this certificate has been issued.  Subject’s public key information: It defines the subject’s public key along with an identifier of the algorithm for which this key is supposed to be used.  Extension block: This field contains additional standard information.  Signature: This field contains the hash code of all other fields which is encrypted by the certified authority private key. Applications of X.509 Authentication Service Certificate: Many protocols depend on X.509 and it has many applications, some of them are given below:  Document signing and Digital signature  Web server security with the help of Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificates  Email certificates  Code signing  Secure Shell Protocol (SSH) keys  Digital Identities