UNIT III: Network –

Introduction to Network Security, Email Security, IP Security, Web Security, Kerberos,

X.509 techniques.

Introduction to Network Security:

Network security is critical for protecting data and systems against unauthorized access,
cyber threats, and ensuring the overall safety of communication infrastructures.

What is Network Security?

Network security encompasses the various strategies and measures employed to safeguard the
integrity, confidentiality, and availability of computer networks and the data they transmit. It
ensures that unauthorized individuals cannot access sensitive information or disrupt network
operations. As technology advances, the significance of network security has increased,
especially with the rising number of cyber threats and vulnerabilities that organizations face
today

What is Network Security?

Network security refers to all activities, technologies, policies, and procedures designed to
protect the integrity, confidentiality, and availability of computer networks and data. It
prevents unauthorized access, misuse, or attacks on the network, ensuring safe data
transmission.
Example:
Password protection is a basic form of network security.

How Does Network Security Work?

Network security operates through multiple layers of protection across the network:
• Physical Security: Prevents unauthorized physical access to network infrastructure
(e.g., using biometric systems).
• Technical Security: Protects data within the network and during transmission from
unauthorized access and malware.
 • Administrative Security: Defines user permissions, access controls, and security
policies.

Types of Network Security:

• Email Security: Safeguards email accounts from phishing and unauthorized access.

• Network Segmentation: Divides network traffic to enforce security policies and

control access.

• Access Control: Ensures only authorized users and devices can access the network
(Network Access Control - NAC).

• Sandboxing: Tests files in a safe environment to detect malicious behavior.

• Cloud Network Security: Protects cloud-stored data from breaches and unauthorized
access.
• Web Security: Controls internet usage, blocks threats from malicious websites, and
protects organizational websites.

• Intrusion Prevention System (IPS): Detects and blocks malicious network activity.
• Antivirus & Anti-malware: Prevents viruses, worms, and trojans from infiltrating
the network.
• Firewall Security: Monitors and filters incoming and outgoing network traffic based
on security rules.
• Application Security: Protects applications by securing code and data from
vulnerabilities.

• Wireless Security: Secures wireless networks against unauthorized access.

• Mobile Device Security: Controls and secures mobile device access to the network.
• Industrial Network Security: Protects industrial systems (ICS, OT) from cyber
threats.
• VPN Security: Encrypts internet connections to ensure private communication over
public networks.

Benefits of Network Security:

• Protects sensitive data and client information.

• Prevents financial losses caused by cyber incidents.

• Maintains organizational reputation by safeguarding confidential data.

Email Security:
Introduction to Email Security
Email (short for electronic mail) is a digital method of exchanging messages over the internet
or other computer networks. It allows users to send and receive text-based messages, often
with attachments like documents, images, or videos. In this article, we’ll explore email
security, methods to protect emails, security policies, best practices, and features to defend
against unauthorized access.

What is Email Security?

Email security refers to the measures taken to protect email messages and the information
they contain from unauthorized access and damage. It ensures:

• Confidentiality (keeping messages private)

• Integrity (preventing tampering)

• Availability (ensuring messages are accessible when needed)

It defends against phishing, spam, viruses, and malware.
Email security includes:
• Technical measures like encryption, digital signatures, and email filtering.

• Non-technical measures like employee training, setting usage policies, and regular
security audits.

Why is Email Security Important?

• Protection Against Cyberattacks: 94% of malware is delivered via email.

• Reducing Risk: Prevents financial losses, disruptions, and reputation damage.

• Compliance: Meets regulations like GDPR and HIPAA, avoiding legal penalties.
 • Productivity Enhancement: Reduces disruptions from phishing and spam attacks.

Benefits of Email Security

• Shielding Against Phishing and Spoofing: Detects and blocks deceitful emails.

• Locking Down Data: Encrypts sensitive information like financial data.

• Confidential Communication: Ensures only the intended recipient reads the email.

• Spam and Malware Detection: Filters out malicious or spammy emails.

• Protecting Intellectual Property: Guards company secrets from hackers.

• Real-Time Threat Response: Detects and stops threats immediately.

• Preventing Identity Theft: Protects personal credentials from being stolen.

Email Security Best Practices

• Strong Foundation: Use effective security tools, threat detection, and regular
updates.
• Data Protection Policies: Prevent users from sending sensitive information
carelessly.
• Training Employees: Educate on phishing, spoofing, and safe practices.

• Message Encryption: Encrypt emails to protect confidential communication.

• Layered Defenses: Use multiple security layers like authentication and encryption.

• Regular Updates: Patch systems and apps frequently to prevent vulnerabilities.

Types of Email Threats

• Phishing: Fraudulent emails tricking users into giving up information.

• Social Engineering: Manipulating people into revealing confidential data.

• Spear Phishing: Targeted phishing attacks on specific individuals or organizations.

• Ransomware: Encrypts data and demands ransom for its release.

• Malware: Harmful software secretly infecting systems.

• Spoofing: Forging email headers to appear legitimate.

• Man-in-the-Middle Attack: Intercepting and altering communications.

• Data Exfiltration: Stealing sensitive information from systems.

• Denial of Service (DoS): Overwhelming email servers with traffic.

• Account Takeover: Hijacking email accounts for malicious activities.

• Identity Theft: Stealing personal information for fraud.

Steps to Secure Email

• Strong Passwords: At least 12 characters, mixing cases, numbers, and symbols.

• Two-Factor Authentication (2FA): Adds an extra layer of security.

• Use Encryption: Encrypt emails using tools like PGP or S/MIME.

• Software Updates: Keep operating systems and email clients updated.

• Be Wary of Phishing: Watch for suspicious emails asking for private info.

• Trusted Email Providers: Choose providers with strong security measures.

• Use a VPN: Encrypt your internet connection and hide your IP address.

• Regular App Updates: Prevent exploitation of outdated email apps.

Email Security Policies

An email security policy sets the rules for safe email use within an organization. It should
include:

• Appropriate Use: Define who can use email and for what purposes.

• Password and Authentication: Require strong passwords and 2FA.

• Encryption: Mandate encryption for sensitive communications.

• Virus Protection: Ensure regular scanning and protection from malware.

• Retention and Deletion: Define how long emails are stored and when they should be
deleted.

• Training: Require staff to undergo training on recognizing and avoiding threats.

• Incident Reporting: Define how to report and investigate security incidents.

• Monitoring: Monitor email communication to ensure compliance.

• Compliance: Adhere to legal standards like GDPR and HIPAA.

• Enforcement: Outline consequences for policy violations.

IP Security:
What is IPSec?
• IPSec is a collection of protocols that secure Internet Protocol (IP) communications
through encryption and authentication.

• It encrypts data at the source and decrypts it at the destination.

• It verifies the source to ensure data authenticity.
Importance of IPSec

• Data Encryption: Keeps the transmitted data confidential.

• Data Integrity: Ensures that data is not altered during transmission.

• Secure VPNs: Widely used to create secure Virtual Private Networks.

• Protection from Cyber Attacks: Safeguards against threats and intrusions.

Features of IPSec

• Authentication: Verifies that packets are from a trusted source.

• Confidentiality: Encrypts the data to prevent unauthorized access.

• Integrity: Ensures that packets have not been tampered with.

• Key Management: Handles secure key exchange and revocation.

• Tunneling Support: Supports encapsulation with protocols like GRE, L2TP.

• Flexibility: Works across different types of network setups (point-to-point, site-to-site,
remote access).

• Interoperability: Open standard; supported across different vendor devices.

How Does IPSec Work?

IPSec (Internet Protocol Security) is used to secure data when it travels over the Internet.
IPSec works by creating secure connections between devices, making sure that the
information exchanged is kept safe from unauthorized access. IPSec majorly operates in two
ways i.e. Transport Mode and Tunnel Mode.
To provide security, IPSec uses two main protocols: AH (Authentication Header) and ESP
(Encapsulating Security Payload). Both protocols are very useful as Authentication
Header verifies the data that whether it comes from a trusted source and hasn’t been changed,
and ESP has the work of performing authentication and also encrypts the data so that it
becomes difficult to read.
For Encryption, IPSec uses cryptographic keys. It can be created and shared using a process
called IKE (Internet Key Exchange), that ensures that both devices have the correct keys to
establish a secure connection.

When two devices communicate using IPSec, the devices first initiate the connection by
sending a request to each other. After that, they mutually decide on protection of data
using passwords or digital certificates. Now, they establish the secure tunnel for
communication. Once the tunnel is set up, data can be transmitted safely, as IPSec is
encrypting the data and also checking the integrity of the data to ensure that data has not been
altered. After the communication is finished, the devices can close the secure connection. In
this way, the IPSec works.

IPSec Connection Establishment Process

• PSec is a protocol suite used in securing communication using the Internet Protocol
such that each packet communicated in the course of a particular session is
authenticated and encrypted. The process of establishing an IPSec connection
involves two main phases:

Phase 1: Establishing the IKE (Internet Key Exchange) Tunnel

• In phase 1, the main aim is to establish the secure channel the IKE tunnel, which is
used to further negotiations. Phase 1 can operate in one of two modes:

• Main Mode: Main Mode is a six-message exchange procedure that is more secure
than Basic Mode, although at the cost of a longer session, since identity information is
transmitted during negotiations.

• Aggressive Mode: Aggressive Mode takes lesser time with the exchange of three
messages and is less secure since more information like identity is disclosed during
the course of negotiation.

Phase 2: Establishing the IPSec Tunnel

• Phase 2 is called Quick Mode and its aim is to negotiate the IPSec Security
Associations after the construction of a secure IKE tunnel has been made. There are
two modes in Phase 2.
• Tunnel Mode: This mode encapsulates the whole of the original IP packet including
the header and data. It is mostly deployed in the site to site VPNs.
• Transport Mode: By this mode, only the actual data to be transmitted is encrypted
and the header part of the IP packets remain unaltered. It is mainly employed in end to
end communication between hosts.
 Protocols Used in IPSec
It has the following components:
• Encapsulating Security Payload (ESP)
• Authentication Header (AH)
• Internet Key Exchange (IKE)
1. Encapsulating Security Payload (ESP): It provides data integrity,
encryption, authentication, and anti-replay. It also provides authentication
for payload.
2. Authentication Header (AH): It also provides data integrity,
authentication, and anti-replay and it does not provide encryption. The
anti-replay protection protects against the unauthorized transmission of
packets. It does not protect data confidentiality.

IP Header
3. Internet Key Exchange (IKE): It is a network security protocol
designed to dynamically exchange encryption keys and find a way over
Security Association (SA) between 2 devices. The Security Association
(SA) establishes shared security attributes between 2 network entities to
support secure communication. The Key Management Protocol
(ISAKMP) and Internet Security Association provides a framework for
authentication and key exchange. ISAKMP tells how the setup of the
Security Associations (SAs) and how direct connections between two
hosts are using IPsec. Internet Key Exchange (IKE) provides message
content protection and also an open frame for implementing standard
algorithms such as SHA and MD5. The algorithm’s IP sec users produce a
unique identifier for each packet. This identifier then allows a device to
determine whether a packet has been correct or not. Packets that are not
authorized are discarded and not given to the receiver.
 Packets in Internet Protocol
IP Security Architecture
IPSec (IP Security) architecture uses two protocols to secure the traffic or
data flow. These protocols are
• ESP (Encapsulation Security Payload)
• AH (Authentication Header)
IPSec Architecture includes protocols, algorithms, DOI, and Key
Management. All these components are very important in order to
provide the three main services such as Confidentiality, Authenticity and
Integrity.

IP Security Architecture
WebSecurity:
Web security is a set of practices and technologies designed to protect websites
and web applications from cyber threats, ensuring data integrity and user
confidentiality.
Definition of Web Security

Web security refers to the measures, protocols, and technologies employed to protect
websites, web applications, and services from unauthorized access and malicious
 attacks. It encompasses a range of practices aimed at ensuring the confidentiality,
integrity, and availability of data managed online. In today's interconnected
environment, effective web security has become increasingly critical as more
organizations and individuals conduct activities online

Importance of Web Security

The importance of web security lies in its ability to safeguard sensitive data, maintain
privacy, and protect the reputation of online businesses. Key reasons include:

• Protection of Sensitive Information: Helps prevent unauthorized access to personal

and financial data.

• Maintaining User Trust: Secure websites encourage user engagement and

confidence, which is crucial for e-commerce platforms.
• Compliance with Regulations: Assists businesses in meeting legal obligations
regarding data protection, such as GDPR and HIPAA.
• Prevention of Downtime: Reduces the risk of cyber incidents that can lead to service
interruptions or crashes

Common Web Security Threats

Web security is essential in combating various cyber threats, which include:

• Malware: Software designed to disrupt or damage systems (e.g., viruses,

ransomware).
• Phishing: Fraudulent attempts to obtain sensitive information by impersonating
trustworthy entities.
• SQL Injection: Attackers manipulate database queries to gain unauthorized access to
sensitive data.

• Cross-Site Scripting (XSS): Enables attackers to inject malicious scripts into trusted
websites seen by users.

• DDoS Attacks: Disrupt services by overwhelming a server with traffic

Key Technologies and Practices in Web Security

Effective web security employs a variety of technologies and practices to protect

against cyber threats. Some of the core components include:

• Firewalls: These monitor and control incoming and outgoing network traffic based on
predetermined security rules.
• Web Application Firewalls (WAFs): Specifically designed to filter and monitor
HTTP traffic to and from web applications, preventing attacks targeting system
vulnerabilities.
• Data Encryption: Protects data in transit and at rest, ensuring that even if data is
intercepted, it remains unreadable without encryption keys.
• Intrusion Detection Systems: Monitor networks for suspicious activity and potential
threats in real-time.
• Secure Sockets Layer (SSL)/Transport Layer Security (TLS): Protocols that
ensure secure communication between users and servers, particularly vital for
transactions involving sensitive data

Kerberos:

Kerberos provides a centralized authentication server whose function is to

authenticate users to servers and servers to users. In Kerberos Authentication server
and database is used for client authentication. Kerberos runs as a third-party trusted
server known as the Key Distribution Center (KDC). Each user and service on the
network is a principal.

The main components of Kerberos are:

• Authentication Server (AS): The Authentication Server performs the initial
authentication and ticket for Ticket Granting Service.
• Database: The Authentication Server verifies the access rights of users in the
database.
• Ticket Granting Server (TGS): The Ticket Granting Server issues the ticket for the
Server

Working of Kerberos
Step-1: User login and request services on the host. Thus user requests for ticket-
granting service.
Step-2: Authentication Server verifies user’s access right using database and then
gives ticket-granting-ticket and session key. Results are encrypted using the Password
of the user.
Step-3: The decryption of the message is done using the password then send the ticket
to Ticket Granting Server. The Ticket contains authenticators like user names and
network addresses.
Step-4: Ticket Granting Server decrypts the ticket sent by User and authenticator
verifies the request then creates the ticket for requesting services from the Server.
 Step-5: The user sends the Ticket and Authenticator to the Server.
Step-6: The server verifies the Ticket and authenticators then generate access to the
service. After this User can access the services.

Limitations of Kerberos
• Each network service must be modified individually for use with Kerberos

• It doesn’t work well in a timeshare environment

• Secured Kerberos Server

• Requires an always-on Kerberos server

• Stores all passwords are encrypted with a single key

• Assumes workstations are secure

• May result in cascading loss of trust.

• Scalability

Is Kerberos Infallible?

No security measure is 100% impregnable, and Kerberos is no exception. Because it’s

been around for so long, hackers have had the ability over the years to find ways
around it, typically through forging tickets, repeated attempts at password guessing
(brute force/credential stuffing), and the use of malware, to downgrade the
encryption.

Despite this, Kerberos remains the best access security protocol available today. The
protocol is flexible enough to employ stronger encryption algorithms to combat new
threats, and if users employ good password-choice guidelines, you shouldn’t have a
problem.

Applications of Kerberos
• User Authentication: User Authentication is one of the main applications of
Kerberos. Users only have to input their username and password once with Kerberos
 to gain access to the network. The Kerberos server subsequently receives the
encrypted authentication data and issues a ticket granting ticket (TGT).
• Single Sign-On (SSO): Kerberos offers a Single Sign-On (SSO) solution that enables
users to log in once to access a variety of network resources. A user can access any
network resource they have been authorized to use after being authenticated by the
Kerberos server without having to provide their credentials again.

• Mutual Authentication: Before any data is transferred, Kerberos uses a mutual

authentication technique to make sure that both the client and server are authenticated.
Using a shared secret key that is securely kept on both the client and server, this is
accomplished. A client asks the Kerberos server for a service ticket whenever it tries
to access a network resource. The client must use its shared secret key to decrypt the
challenge that the Kerberos server sends via encryption. If the decryption is
successful, the client responds to the server with evidence of its identity.

• Authorization: Kerberos also offers a system for authorization in addition to

authentication. After being authenticated, a user can submit service tickets for certain
network resources. Users can access just the resources they have been given
permission to use thanks to information about their privileges and permissions
contained in the service tickets.
• Network Security: Kerberos offers a central authentication server that can regulate
user credentials and access restrictions, which helps to ensure network security. In
order to prevent unwanted access to sensitive data and resources, this server may
authenticate users before granting them access to network resources.

Kerberos Version 4
Kerberos version 4 is an update of the Kerberos software which is a computer-network
authentication system. Kerberos version 4 is a web-based authentication software that is used
for the authentication of users’ information while logging into the system by the DES
technique for encryption. It was launched in the late 1980s.

Features of Kerberos V4
• Authentication: Kerberos V4 provides authentication and encryption services to
network clients and servers.
• Encryption: Kerberos V4 uses a simple encryption algorithm that is less secure than
the encryption used in Kerberos V5.

• Ticket-Granting Service (TGS): Kerberos V4 uses a single TGS for all network
services, which means that the TGS has to handle a large number of requests.

• No Support for Timestamps: Kerberos V4 does not support timestamps, which

makes it vulnerable to replay attacks.
Advantages of Kerberos Version 4

• Simple and effective for time it was created.

• Provided a strong, centralized authentication mechanism for networked environments.

• Suitable for small to medium-sized networks with limited security needs.

Disadvantages of Kerberos Version 4

• Relied on DES, which is now considered insecure.

• Limited flexibility in terms of ticketing and encryption.

• Basic support for inter-realm authentication, making it difficult to scale.

• Lack of extensibility made it difficult to adapt new requirements.

Kerberos Version 5
Kerberos version 5 is a later version of the Kerberos software came after Kerberos version 4,
developed for enhancing security in the authentication. Kerberos version 5 provides a single
authentication service in a network which is distributed over an enterprise. It was launched in
the year 1993.

Features of Kerberos V5

• Authentication: Kerberos V5 provides authentication, encryption, and authorization

services to network clients and servers.
• Encryption: Kerberos V5 uses a more secure encryption algorithm than Kerberos V4,
which makes it less vulnerable to attacks.
• Ticket-Granting Service (TGS): Kerberos V5 uses multiple TGS servers to handle
requests for different network services. This improves scalability and reduces the load
on individual TGS servers.
• Support for Timestamps: Kerberos V5 supports timestamps, which makes it less
vulnerable to replay attacks.
• Support for Renewable Tickets: Kerberos V5 supports renewable tickets, which
allows users to extend their authentication without having to re-enter their passwords.

Advantages of Kerberos Version 5

• Supports multiple encryption algorithms.

• Flexible and extensible, allowing for new feature and future-proofing.

• Improved support for cross-realm authentication, enabling better scalability.

• Supports both IPv4 and IPv6 and various network protocols.

Disadvantages of Kerberos Version 5

 • Migration from Version 4 to Version 5 can be challenging in large, legacy systems.
• Requires updated clients and servers, which might not be available in all
environments.

• More complex to configure and manage due to increased number of features and
options.

Similarities Between the Two Versions of Kerberos

• Authentication Process: Both Kerberos V4 and V5 use a similar authentication
process that involves a client, a server, and a trusted third-party authentication server
(TAS) that issues tickets to the client.

• Encryption: Both Kerberos V4 and V5 use encryption to protect sensitive data and
prevent eavesdropping.

• Password-Based Authentication: Both Kerberos V4 and V5 use password-based

authentication, which requires users to enter their passwords to access network
resources.
• Ticket-Based Authentication: Both Kerberos V4 and V5 use ticket-based
authentication, which enables users to authenticate to multiple network resources
without having to enter their passwords multiple times.

• Key Distribution: Both Kerberos V4 and V5 use a key distribution center (KDC) to
distribute secret keys to network clients and servers.
• Network Interoperability: Both Kerberos V4 and V5 are designed to be compatible
with a wide range of network operating systems and protocols, which makes them
suitable for use in heterogeneous network environments.

Difference Between Kerberos Version 4 and Kerberos Version

5
Kerberos Version 4 Kerberos Version 5

Kerberos version 4 was launched Kerberos version 5 was launched in

in late 1980s. 1993.

It provides ticket support with extra

It provides ticket support. facilities for forwarding, renewing and
postdating tickets.
 Kerberos Version 4 Kerberos Version 5

Kerberos version 4 works on the

Kerberos version 5 works on the
Receiver-makes-Right encoding
ASN.1 encoding system.
system.

It does not support transitive It supports transitive cross-realm

cross-realm authentication. authentication.

It uses any encryption techniques as

It uses Data Encryption
the cipher text is tagged with
Standard technique for encryption
an encryption identifier.

In Kerberos version 4, the ticket In Kerberos version 5, the ticket

lifetime has to be specified in units lifetime is specified with the freedom
for a lifetime of 5 minutes. of arbitrary time.

X.509 Technique:
X.509 Authentication Service
X.509 is a digital certificate that is built on top of a widely trusted standard known as
ITU or International Telecommunication Union X.509 standard, in which the format
of PKI certificates is defined. X.509 digital certificate is a certificate-based
authentication security framework that can be used for providing secure transaction
processing and private information. These are primarily used for handling the security
and identity in computer networking and internet-based communications.

Working of X.509 Authentication Service Certificate:

The core of the X.509 authentication service is the public key certificate connected to
each user. These user certificates are assumed to be produced by some trusted
certification authority and positioned in the directory by the user or the certified
authority. These directory servers are only used for providing an effortless reachable
location for all users so that they can acquire certificates. X.509 standard is built on an
IDL known as ASN.1. With the help of Abstract Syntax Notation, the X.509
certificate format uses an associated public and private key pair for encrypting and
decrypting a message.
Once an X.509 certificate is provided to a user by the certified authority, that
certificate is attached to it like an identity card. The chances of someone stealing it or
losing it are less, unlike other unsecured passwords. With the help of this analogy, it is
 easier to imagine how this authentication works: the certificate is basically presented
like an identity at the resource that requires authentication.

Public Key certificate use

Format of X.509 Authentication Service Certificate:

Generally, the certificate includes the elements given below:

• Version number: It defines the X.509 version that concerns the certificate.

• Serial number: It is the unique number that the certified authority issues.

• Signature Algorithm Identifier: This is the algorithm that is used for signing the
certificate.

• Issuer name: Tells about the X.500 name of the certified authority which signed and
created the certificate.
• Period of Validity: It defines the period for which the certificate is valid.
• Subject Name: Tells about the name of the user to whom this certificate has been
issued.

• Subject’s public key information: It defines the subject’s public key along with an
identifier of the algorithm for which this key is supposed to be used.

• Extension block: This field contains additional standard information.

• Signature: This field contains the hash code of all other fields which is encrypted by
the certified authority private key.

Applications of X.509 Authentication Service Certificate:

Many protocols depend on X.509 and it has many applications, some of them are
given below:

• Document signing and Digital signature

• Web server security with the help of Transport Layer Security (TLS)/Secure Sockets
Layer (SSL) certificates

• Email certificates
• Code signing

• Secure Shell Protocol (SSH) keys

• Digital Identities