What is Network Security:- Any action intended to safeguard the integrity and

usefulness of your data and network is known as network security. In other words,
Network security is defined as the activity created to protect the integrity of your
network and data.Network security is the practice of protecting a computer network
from unauthorized access, misuse, or attacks. It involves using tools, technologies, and
policies to ensure that data traveling over the network is safe and secure, keeping
sensitive information away from hackers and other threats.
Security Mechanism:- A security mechanism is a method or technology that protects
data and systems from unauthorized access, attacks, and other threats. Security
measures provide data integrity, confidentiality, and availability, thereby protecting
sensitive information and maintaining trust in digital transactions.
Types of Security Mechanism:- Encipherment : This security mechanism deals with
hiding and covering of data which helps data to become confidential. It is achieved by
applying mathematical calculations or algorithms which reconstruct information into not
readable form. It is achieved by two famous techniques named Cryptography and
Encipherment. Level of data encryption is dependent on the algorithm used for
encipherment.
Access Control : This mechanism is used to stop unattended access to data which you
are sending. It can be achieved by various techniques such as applying passwords, using
firewall, or just by adding PIN to data.
Notarization : This security mechanism involves use of trusted third party in
communication. It acts as mediator between sender and receiver so that if any chance of
conflict is reduced. This mediator keeps record of requests made by sender to receiver
for later denied.
Data Integrity : This security mechanism is used by appending value to data to which is
created by data itself. It is similar to sending packet of information known to both
sending and receiving parties and checked before and after data is received. When this
packet or data which is appended is checked and is the same while sending and
receiving data integrity is maintained.
Authentication Exchange : This security mechanism deals with identity to be known in
communication. This is achieved at the TCP/IP layer where two-way handshaking
mechanism is used to ensure data is sent or not
Bit Stuffing : This security mechanism is used to add some extra bits into data which is
being transmitted. It helps data to be checked at the receiving end and is achieved by
Even parity or Odd Parity.
Digital Signature : This security mechanism is achieved by adding digital data that is not
visible to eyes. It is form of electronic signature which is added by sender which is
checked by receiver electronically. This mechanism is used to preserve data which is not
more confidential but sender’s identity is to be notified.

What is Cyber Attack?

A cyber attack occurs when hackers try to penetrate computer systems or networks with
a personal agenda or some purpose to damage or steal information by gaining
unauthorized access to computer systems.
Active and Passive attacks in Information Security:- There are basically two forms of
threats: active and passive attacks. An active attack is an attack in which attackers
directly harm your computer systems. They can create several problems, such as
crashing files, stealing data, etc. On the other hand, a Passive attack refers to an attack in
which the attackers quietly watch and collect the information without your knowledge.
They do not modify or destroy the data but collect the data secretly.

Active Attacks :-Active attacks are unauthorized actions that alter the system or data. In
an active attack, the attacker will directly interfere with the target to damage or gain
unauthorized access to computer systems and networks. This is done by injecting hostile
code into communications, masquerading as another user, or altering data to get
unauthorized access. This may include the injection of hostile code into
communications, alteration of data, and masquerading as another person to get
unauthorized access.Types of active attacks are as follows: Masquerade
Attack,Modification of Messages,Repudiation,Replay Attack,Denial of Service (DoS)
Attack

1. Masquerade Attack:- Masquerade attacks are considered one type of cyber attack in
which the attacker disguises himself to pose as some other person and accesses systems
or data. It could either be impersonating a legal user or system and demanding other
users or systems to provide information with sensitive content or access areas that are
not supposed to be accessed normally. This may even include behaving like an actual
user or even some component of the system with the intention of manipulating people
to give out their private information or allowing them into secured locations.

There are several types of masquerading attacks, including:

Username and Password Masquerade: In this masquerade attack, a person uses either
stolen or even forged credentials to authenticate themselves as a valid user while
gaining access to the system or application.

IP address masquerade: This is an attack where the IP address of a malicious user is

spoofed or forged such that the source from which the system or the application is
accessed appears to be trusted.

Website masquerade: A hacker creates a fake website that resembles as a legitimate

one in order to gain user information or even download malware.

Email masquerade: This is an e-mail masquerade attack through which an attacker

sends an apparently trusted source email so that the recipient can mistakely share
sensitive information or download malware.

2. Modification of Messages:- This is when someone changes parts of a message

without permission, or mixes up the order of messages, to cause trouble. Imagine
someone secretly changing a letter you sent, making it say something different. This kind
of attack breaks the trust in the information being sent. For example, a message
meaning “Allow JOHN to read confidential file X” is modified as “Allow Smith to read
confidential file X”.
3. Repudiation:- Repudiation attacks are a type of cyber attack wherein some person
does something damaging online, such as a financial transaction or sends a message one
does not want to send, then denies having done it. Such attacks can seriously hinder the
ability to trace down the origin of the attack or to identify who is responsible for a given
action, making it tricky to hold responsible the right person.There are several types of
repudiation attacks, including:

Message repudiation attacks: In this attack, a message has been sent by an attacker, but
the attacker later denies the sending of the message. This can be achieved either
through spoofed or modified headers or even by exploiting vulnerabilities in the
messaging system.

Transaction repudiation attacks: Here, in this type of attack, a transaction-for example,

monetary transaction-is made, and at after some time when the evidence regarding the
same is being asked to be give then the attacker denies ever performing that particular
transaction. This can be executed either by taking advantage of the vulnerability in the
transaction processing system or by the use of stolen and forged credentials.

Data repudiation attacks: In a data repudiation attack, data is changed or deleted. Then
an attacker will later pretend he has never done this. This can be done by exploiting
vulnerabilities in the data storage system or by using stolen or falsified credentials.

4. Replay :- It is a passive capturing of a message with an objective to transmit it for the

production of an authorized effect. Thus, in this type of attack, the main objective of an
attacker is saving a copy of the data that was originally present on that particular
network and later on uses it for personal uses. Once the data gets corrupted or leaked it
becomes an insecure and unsafe tool for its users.

5. Denial of Service (DoS) Attack:- Denial of Service (DoS) is a form of cybersecurity

attack that involves denying the intended users of the system or network access by
flooding traffic or requests. In this DoS attack, the attacker floods a target system or
network with traffic or requests in order to consume the available resources such as
bandwidth, CPU cycles, or memory and prevent legitimate users from accessing them.

There are several types of DoS attacks, including:

Flood attacks: Here, an attacker sends such a large number of packets or requests to a
system or network that it cannot handle them all and the system gets crashed.

Amplification attacks: In this category, the attacker increases the power of an attack by
utilizing another system or network to increase traffic then directs it all into the target to
boost the strength of the attack.

Passive Attacks:- A Passive attack attempts to learn or make use of information from the
system but does not affect system resources. Passive Attacks are in the nature of
eavesdropping on or monitoring transmission. The goal of the opponent is to obtain
information that is being transmitted. Passive attacks involve an attacker passively
monitoring or collecting data without altering or destroying it. Examples of passive
attacks include eavesdropping, where an attacker listens in on network traffic to collect
sensitive information, and sniffing, where an attacker captures and analyzes data
packets to steal sensitive information.Types of Passive attacks are as follows:

1. The Release of Message Content:- Telephonic conversation, an electronic mail

message, or a transferred file may contain sensitive or confidential information. We
would like to prevent an opponent from learning the contents of these transmissions.

2. Traffic Analysis :- Suppose that we had a way of masking (encryption) information, so

that the attacker even if captured the message could not extract any information from
the message.

The opponent could determine the location and identity of communicating host and
could observe the frequency and length of messages being exchanged. This information
might be useful in guessing the nature of the communication that was taking place.

The most useful protection against traffic analysis is encryption of SIP traffic. To do this,
an attacker would have to access the SIP proxy (or its call log) to determine who made
the call.

The X.800 series is a recommendation from the ITU-T (International

Telecommunication Union - Telecommunication Standardization Sector) that focuses
on security architecture for open systems interconnection (OSI). It classifies security
attacks into passive and active categories.

Need for Security (Key Points)

1. Confidentiality: Protect sensitive data from unauthorized access.

2. Integrity: Ensure data accuracy and prevent unauthorized modifications.
3. Availability: Maintain uninterrupted access to systems and data.
4. Access Control: Prevent unauthorized use of systems and resources.
5. Business Continuity: Minimize downtime and operational disruptions.
6. Legal Compliance: Meet regulatory requirements and avoid penalties.
7. Reputation: Protect trust and prevent reputational damage.
8. Financial Protection: Avoid losses due to theft, fraud, or breaches.
9. Evolving Threats: Address sophisticated and dynamic cyberattacks.
10. Personal Privacy: Safeguard individuals' private information.
11. Critical Infrastructure: Protect essential public services from cyber threats.
12. Digital Transformation: Enable secure adoption of new technologies.
Types of Authentication Protocols
When we develop software, our first and most important priority is user authentication.
To authenticate the user there are several mechanisms by which we can authenticate
the data that are given by the user.
Why is user authentication important?
Requiring users to provide and prove their identity adds a layer of security between
adversaries and sensitive data. With authentication, IT teams can employ the least
privileged access to limit what employees can see. The average employee, for example,
doesn't need access to company financials, and accounts payable doesn't need to touch
developer projects. When selecting an authentication type, companies must consider
UX along with security. Some user authentication types are less secure than others, but
too much friction during authentication can lead to poor employee practices.
1. Kerberos
Kerberos is a type of protocol that is used to authenticate users. It validates the client
and server during networking with the help of a cryptographic key. It is designed to
strongly authenticate the users during the reporting of the application. All the proposals
of Kerberos are available at MIT. The main use of the Kerberos is in the product-based
companies.
Advantages
1. The various operating systems are supported by the Kerberos. 2. In Kerberos,
the authentication key is shared very efficiently in comparison to public sharing.
Disadvantages
1.The client and service can only authenticate themselves with the help of Kerberos.
2.When we use a soft or weak password, it always shows vulnerability.
2. Lightweight Directory Access Protocol(LDAP)
LDAP stands for Lightweight Directory Access Protocol. With the help of this protocol,
we can determine the organization, individual, or any other devices during the
networking over the internet. It is also called a Directory as a service. Lightweight
Directory Access Protocol (LDAP) is the ground for Microsoft Building Activity Directory.
Advantages for Lightweight Directory Access Protocol (LDAP)
1. It is a type of automated protocol that is why it is very easier for the organization.
2. All the existing software is supported by Lightweight Directory Access Protocol .
3.Multiple directories can be allowed in Lightweight Directory Access Protocol(LDAP)
Some disadvantages of LDAP
1. It requires the experience of deployment.
2. The directory servers are required to be LDAP-obedient for deployment.
3. OAuth2
OAuth2 is a type of authentication protocol for the framework. It provides permission to
the users which are coming through the HTTP servers. When the user makes a request
to access the resources, suddenly, an API call is created, and after that, the
authentication token is generated.
Advantages of OAuth2
1. It is a very simple type of authentication protocol, and it is very easy to use.
2. It provides the code for server-side authentication.
Disadvantages for OAuth2
1. It is a little bit difficult to manage the different sets of codes.
2. When we connect it to an affected system, it also shows some serious effects.
4. SAML
SAML stands for Security Assertion Markup Language. It is based on an XML-based
authentication protocol. It provides authorization between the service provider and the
identity provider. It is also a product of the OASIS Security Service Technical Committee.
Advantages of SAML
1. The administrative cost is reduced for the end user with the help of SAML
(Security Assertion Markup Language).
2. It provides a single window for authentication for all the services.
Disadvantages of SAML
1. It is fully dependent on the identity provider.
2. A single XML format manages all the data.
5. RADIUS
RADIUS stands for Remote Authentication Dial-In User Service. It is a type of network
protocol that provides accounting, centralized authentication, and authorization. When
the user makes a request to access all the resources, the RADIUS server creates a
temporary credential to access all the resources. After this, the temporary credential is
saved on the local database and provides access to the user.
Advantages of RADIUS
1. It has a feature to provide multiple accesses to the admin.
2. It also provides a unique id for every session of the user.
The disadvantage of RADIUS
1. The mechanism for initial implementation is very hard on hardware.
2. It has a variety of models that may require a special team which is cost-
consuming
 Web Security Considerations
web Security deals with the security of data over the internet/network or web or while
it is being transferred over the internet. Web security is crucial for protecting web
applications, websites, and the underlying servers from malicious attacks and
unauthorized access. In this article, we will discuss about web security.
What is Web Security?
Web Security is an online security solution that will restrict access to harmful websites,
stop web-based risks, and manage staff internet usage. Web Security is very important
nowadays. Websites are always prone to security threats/risks. For example- when you
are transferring data between client and server and you have to protect that data that
security of data is your web security.
What is a Security Threat?
A threat is nothing but a possible event that can damage and harm an information
system. A security Threat is defined as a risk that, can potentially harm Computer
systems & organizations. Whenever an individual or an organization creates a website,
they are vulnerable to security attacks. Security attacks are mainly aimed at stealing
altering or destroying a piece of personal and confidential information, stealing the hard
drive space, and illegally accessing passwords. So whenever the website you created is
vulnerable to security attacks then the attacks are going to steal your data alter your
data destroy your personal information see your confidential information and also it
accessing your password.
Security Consideration
 Updated Software: You need to always update your software. Hackers may be
aware of vulnerabilities in certain software, which are sometimes caused by bugs and
can be used to damage your computer system and steal personal data. Older versions
of software can become a gateway for hackers to enter your network. Software
makers soon become aware of these vulnerabilities and will fix vulnerable or exposed
areas. That’s why It is mandatory to keep your software updated, It plays an important
role in keeping your personal data secure.
 Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or
your database by inserting a rough code into your query. For e.g. somebody can send
a query to your website and this query can be a rough code while it gets executed it
can be used to manipulate your database such as change tables, modify or delete data
or it can retrieve important information also so, one should be aware of the SQL
injection attack.
 Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script into
web pages. E.g. Submission of forms. It is a term used to describe a class of attacks
that allow an attacker to inject client-side scripts into other users’ browsers through a
website. As the injected code enters the browser from the site, the code is reliable
and can do things like sending the user’s site authorization cookie to the attacker.
 Error Messages: You need to be very careful about error messages which are
generated to give the information to the users while users access the website and
 some error messages are generated due to one or another reason and you should be
very careful while providing the information to the users. For e.g. login attempt – If
the user fails to login the error message should not let the user know which field is
incorrect: Username or Password.
 Data Validation: Data validation is the proper testing of any input supplied by the
user or application. It prevents improperly created data from entering the information
system. Validation of data should be performed on both server-side and client-side. If
we perform data validation on both sides that will give us the authentication. Data
validation should occur when data is received from an outside party, especially if the
data is from untrusted sources.
 Password: Password provides the first line of defense against unauthorized
access to your device and personal information. It is necessary to use a strong
password. Hackers in many cases use complex software that uses brute force to crack
passwords. Passwords must be complex to protect against brute force. It is good to
enforce password requirements such as a minimum of eight characters long must
including uppercase letters, lowercase letters, special characters, and numerals.

QUE:- Security for wireless devices, including mobile devices,

involves implementing multiple layers of measures to ensure the confidentiality,
integrity, and availability of data. The open nature of wireless communication
introduces unique vulnerabilities, which require tailored strategies to secure devices
and networks. Below is a discussion of how security is provided to wireless devices, the
measures required, and specific strategies for mobile device security.
How Security is Provided to Wireless Devices
Security for wireless devices is achieved through a combination of protocols, hardware
features, software solutions, and user practices. These measures address the key
objectives of wireless security:
Confidentiality: Ensuring that transmitted data cannot be intercepted or read by
unauthorized parties.
Integrity: Protecting data from unauthorized alteration.
Authentication: Verifying the identities of users and devices.
Availability: Ensuring that wireless services are available and resistant to denial-of-
service attacks.
Measures Required for Wireless Device Security
1. Strong Authentication Mechanisms
Password Protection: Use strong, unique passwords for accessing wireless networks.
802.1X Authentication: Enterprise-grade authentication using RADIUS servers to verify
users.
Multi-Factor Authentication (MFA): Adds a layer of security by requiring additional
credentials, such as a biometric or OTP.
2. Encryption
WPA3 Protocol: Use WPA3 for secure wireless communication, as it offers advanced
encryption (AES-GCM) and forward secrecy.
VPN (Virtual Private Network): Encrypts all data transmitted over potentially insecure
networks (e.g., public Wi-Fi).
3. Secure Wireless Configurations
Change default SSID names and passwords to reduce the risk of attacks.
Disable unnecessary features like WPS (Wi-Fi Protected Setup) and UPnP (Universal Plug
and Play).
Implement MAC address filtering to restrict access to authorized devices.
4. Firewalls and Intrusion Detection Systems
Use personal firewalls on devices and enable intrusion detection/prevention systems on
wireless routers.
5. Regular Updates and Patches
Keep wireless devices and access point firmware up to date to address known
vulnerabilities.
6. Physical Security
Use tamper-resistant hardware.
Secure access points and devices to prevent unauthorized physical access.
Strategies for Mobile Device Security
Mobile devices face unique challenges due to their portability, connectivity, and role as
personal and professional tools. Below are key strategies to secure mobile devices:
1. Device-Level Security
 Password, PIN, and Biometric Locks:
Ensure all devices have a lock screen enabled.
Use biometric authentication (fingerprint, facial recognition) for added security.
 Device Encryption:
o Use full-disk encryption to protect data at rest.
o Both iOS and Android provide built-in encryption features.
2. Secure Applications
 App Vetting:
Only download apps from trusted sources, such as the Apple App Store or Google Play
Store.
Avoid sideloading apps from unverified sources.
 App Permissions:
Limit app permissions to the minimum necessary for functionality (e.g., location,
microphone).
3. Network Security
 Secure Wi-Fi:
o Avoid connecting to public or untrusted Wi-Fi networks.
o Use a VPN for secure communication over public networks.
 Cellular Data:
o Prefer cellular data over public Wi-Fi for sensitive transactions.
4. Anti-Malware Protection
 Install reputable antivirus/anti-malware software to protect against malicious
applications and files.
5. Data Backup and Recovery
 Regularly back up data to a secure cloud service or local storage.
 Enable remote wipe functionality to erase data if the device is lost or stolen.
6. Mobile Device Management (MDM) for Enterprises
 Enterprises should implement MDM solutions to:
o Enforce security policies (e.g., mandatory encryption, app restrictions).
o Remotely wipe lost or stolen devices.
o Monitor and manage devices connected to the corporate network.
7. User Awareness and Training
 Educate users on recognizing phishing attacks, malicious links, and other social
engineering tactics.
 Encourage strong password practices and secure handling of sensitive data.
8. Endpoint Security and Monitoring
 Use endpoint protection solutions to monitor for suspicious activities.
 Enable audit logs for mobile device usage in enterprise environments.
IEEE 802.11 Wireless Standards
The IEEE 802.11 standards provide guidelines for wireless communication, ensuring
efficient and secure connectivity. Key standards include:
 IEEE 802.11 (1997): Operated at 2.4 GHz with data rates of 1-2 Mbps using DSSS
or FHSS. Its low speed and range limited adoption.
 IEEE 802.11a: Utilized the 5 GHz band, offering speeds up to 54 Mbps with
OFDM, but with a shorter range than 2.4 GHz networks.
 IEEE 802.11b: Worked in the 2.4 GHz band, providing speeds up to 11 Mbps and
better range but prone to interference.
 IEEE 802.11g: Combined the 2.4 GHz range with 54 Mbps speed using OFDM,
maintaining backward compatibility with 802.11b.
 IEEE 802.11n: Supported dual-band (2.4 GHz and 5 GHz) operation, achieving
speeds up to 600 Mbps through MIMO and channel bonding.
 IEEE 802.11ac: Operated in the 5 GHz band, delivering speeds up to 3.46 Gbps
using wider channels, MU-MIMO, and beamforming.
 IEEE 802.11ax (Wi-Fi 6): Improved efficiency in 2.4, 5, and 6 GHz bands, offering
speeds up to 9.6 Gbps with technologies like OFDMA, MU-MIMO, and TWT.
 IEEE 802.11ad/ay: Focused on ultra-high-speed communication in the 60 GHz
band, supporting up to 7-40 Gbps for short-range applications.
Operation of IEEE 802.11 Networks
Wireless networks operate in two modes:
 Infrastructure Mode: Devices connect through an Access Point (AP), which
serves as a central hub, linking devices to the wired network.
 Ad Hoc Mode: Devices communicate directly without an AP, suitable for
temporary or small-scale setups.
Phases of IEEE 802.11 Operations
 Scanning: Devices search for networks by either active scanning (sending probe
requests) or passive scanning (listening for beacon frames from APs).
 Authentication: Devices authenticate with the network using methods like Open
System (minimal security) or Shared Key Authentication.
 Association: Devices establish a connection with an AP and receive resources
such as an association ID (AID) to enable communication.
 Data Transfer: Secure data exchange occurs between devices, supported by
mechanisms like acknowledgments, retransmissions, and Quality of Service (QoS)
for traffic management.
 Security Implementation: Protocols like WPA2 and WPA3 encrypt
communication to protect against unauthorized access. Enterprise networks
often use 802.1X authentication integrated with RADIUS servers.
 Roaming: Mobile devices transition seamlessly between APs within an Extended
Service Set (ESS) to maintain continuous connectivity.
What is Advanced Encryption Standard (AES)?
Advanced Encryption Standard (AES) is a highly trusted encryption algorithm used to
secure data by converting it into an unreadable format without the proper key.
Developed by the National Institute of Standards and Technology (NIST), AES encryption
uses various key lengths (128, 192, or 256 bits) to provide strong protection against
unauthorized access. This data security measure is efficient and widely implemented in
securing internet communication, protecting sensitive data, and encrypting files. AES, a
cornerstone of modern cryptography, is recognized globally for its ability to keep
information safe from cyber threats.
Points to Remember
1.AES is a Block Cipher. 2.The key size can be 128/192/256 bits.
3.Encrypts data in blocks of 128 bits each.
That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text. AES
relies on the substitution-permutation network principle, which is performed using a
series of linked operations that involve replacing and shuffling the input data.
Working of The Cipher
AES performs operations on bytes of data rather than in bits. Since the block size is 128
bits, the cipher processes 128 bits (or 16 bytes) of the input data at a time.
The number of rounds depends on the key length as follows :
128-bit key – 10 round -192-bit key – 12 rounds -256-bit key – 14 rounds
Creation of Round Keys
A Key Schedule algorithm calculates all the round keys from the key. So the initial key is
used to create many different round keys which will be used in the corresponding round
of the encryption.
Encryption
AES considers each block as a 16-byte grid in a column-major arrangement.
[ b0 | b4 | b8 | b12 | Each round comprises of 4 steps :
| b1 | b5 | b9 | b13 | ShiftRows
| b2 | b6 | b10| b14 | SubBytes
| b3 | b7 | b11| b15 ] MixColumns
Add Round Key.
Sub Bytes
This step implements the substitution.
In this step, each byte is substituted by another byte. It is performed using a lookup
table also called the S-box. This substitution is done in a way that a byte is never
substituted by itself and also not substituted by another byte which is a compliment of
the current byte. The result of this step is a 16-byte (4 x 4 ) matrix like before.
The next two steps implement the permutation.
Shift Rows
This step is just as it sounds. Each row is shifted a particular number of times.
The first row is not shifted
The second row is shifted once to the left.
The third row is shifted twice to the left.
The fourth row is shifted thrice to the left.
(A left circular shift is performed.)
[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]
Mix Columns
This step is a matrix multiplication. Each column is multiplied with a specific matrix and
thus the position of each byte in the column is changed as a result.
This step is skipped in the last round.
[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = | 1 2 3 1 | | b1 |
| c2 | |1 1 2 3| | b2 |
[ c3 ] [3 1 1 2] [ b3 ]
Add Round Keys
Now the resultant output of the previous stage is XOR-ed with the corresponding round
key. Here, the 16 bytes are not considered as a grid but just as 128 bits of data.
After all these rounds 128 bits of encrypted data are given back as output. This process
is repeated until all the data to be encrypted undergoes this process.