Network security

Network security is all about securing the communication from third party tracing, accessing,
modification and likes. This will also done in different ways like cryptography. Encryption,
authentication, firewall, VPN and transport layer protocol.
Cryptography
The field of cryptology is generally divided into the two mutually dependent fields of cryptography
and cryptanalysis. Cryptography concerns the design of (mathematical) schemes related to
information security which resist cryptanalysis, whereas cryptanalysis is the study of (mathematical)
techniques for attacking cryptographic schemes.
Cryptography is the art and science of making a cryptosystem that is capable of providing information
security. Cryptography deals with the actual securing of digital data. It refers to the design of
mechanisms based on mathematical algorithms that provide fundamental information security
services. You can think of cryptography as the establishment of a large toolkit containing different
techniques in security applications.
Cryptanalysis is the sister branch of cryptography and they both co-exist. The cryptographic process
results in the cipher text for transmission or storage. It involves the study of cryptographic mechanism
with the intention to break them. Cryptanalysis is also used during the design of the new
cryptographic techniques to test their security strengths.
A cryptosystem is an implementation of cryptographic techniques and their accompanying
infrastructure to provide information security services. A cryptosystem is also referred to as a cipher
system.
Encryption
The various components of a basic cryptosystem are as follows:
 Plaintext. It is the data to be protected during transmission.

 Encryption Algorithm. It is a mathematical process that produces a cipher text for any given
plaintext and encryption key. It is a cryptographic algorithm that takes plaintext and an
encryption key as input and produces a cipher text.

 Ciphertext. It is the scrambled version of the plaintext produced by the encryption algorithm
using a specific the encryption key. The cipher text is not guarded. It flows on public channel.
It can be intercepted or compromised by anyone who has access to the communication
channel.

 Decryption Algorithm, It is a mathematical process, that produces a unique plaintext for any
given cipher text and decryption key. It is a cryptographic algorithm that takes a cipher text
and a decryption key as input, and outputs a plaintext. The decryption algorithm essentially
reverses the encryption algorithm and is thus closely related to it.

 Encryption Key. It is a value that is known to the sender. The sender inputs the encryption
key into the encryption algorithm along with the plaintext in order to compute the cipher text.

 Decryption Key. It is a value that is known to the receiver. The decryption key is related to
the encryption key, but is not always identical to it. The receiver inputs the decryption key
into the decryption algorithm along with the cipher text in order to compute the plaintext.

Authentication
It is the way of identifying the authorized and unauthorized personal from accessing of the data.
The requirement of Authentication
Disclosure: Release of message contents to any person or process not possessing the appropriate
cryptographic key
Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-oriented
application, the frequency and duration of connections could be determined. In either a connection-
oriented or connectionless environment, the number and length of messages between parties could be
determined.
Masquerade: Insertion of messages into the network from a fraudulent source. This includes the
creation of messages by an opponent that are purported to come from an authorized entity. Also
included are fraudulent acknowledgments of message receipt or non-receipt by someone other than
the message recipient
Content modification: Changes to the contents of a message, including insertion, deletion,
transposition, and modification.

VPN
A VPN is a shared network where private data is segmented from other traffic so that only the
intended recipient has access. The term VPN was originally used to describe a secure connection over
the Internet. Today, however, VPN is also used to describe private networks, such as Frame Relay,
Asynchronous Transfer Mode (ATM), and Multiprotocol Label Switching (MPLS)
A key aspect of data security is that the data flowing across the network is protected by encryption
technologies. Private networks lack data security, which can allow data attackers to tap directly into
the network and read the data. IPSec-based VPNs use encryption IPSec-based VPNs can be created
over any type of IP network, including the Internet, Frame Relay, ATM, and MPLS, but only the
Internet is ubiquitous and inexpensive. VPNs are traditionally used for:
• Intranets: Intranets connect an organization’s locations. These locations range from the
headquarters offices, to branch offices, to a remote employee’s home. Often this connectivity is used
for e-mail and for sharing applications and files. While Frame Relay, ATM, and MPLS accomplish
these tasks, the shortcomings of each limits connectivity. The cost of connecting home users is also
very expensive compared to Internet-access technologies, such as DSL or cable. Because of this,
organizations are moving their networks to the Internet, which is inexpensive, and using IPSec to
create these networks.
• Remote Access: Remote access enables telecommuters and mobile workers to access e-mail and
business applications. A dial-up connection to an organization’s modem pool is one method of access
for remote workers, but it is expensive because the organization must pay the associated long distance
telephone and service costs. Remote access VPNs greatly reduce expenses by enabling mobile
workers to dial a local Internet connection and then set up a secure IPSec-based VPN communications
to their organization.
• Extranets: Extranets are secure connections between two or more organizations. Common uses for
extranets include supply-chain management, development partnerships, and subscription services.
These undertakings can be difficult using legacy network technologies due to connection costs, time
delays, and access availability. IPSec-based VPNs are ideal for extranet connections. IPSec-capable
devices can be quickly and inexpensively installed on existing Internet connections

IPSec Security Features

IPSec is the most secure method commercially available for connecting network sites. IPSec was
designed to provide the following security features when transferring packets across networks:
• Authentication: Verifies that the packet received is actually from the claimed sender.
• Integrity: Ensures that the contents of the packet did not change in transit.
• Confidentiality: Conceals the message content through encryption

IPSec Components
IPSec contains the following elements:
• Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity.
• Authentication Header (AH): Provides authentication and integrity.

Internet Key Exchange (IKE): Provides key management and Security Association (SA)
management.

Transport Layer Security

Transport Layer Security (TLS) is a cryptographic protocol that is designed to provide both security
and data integrity for communications over a reliable transport protocol such as Transport Control
Protocol (TCP). TLS al-lows client-server applications to communicate across a public network while
preventing eavesdropping, tampering, and message forgery by providing end-point authentication and
confidentiality over the Internet. The goals of the TLS protocol, in order of priority, are cryptographic
security, interoperability, extensibility, and relative efficiency. TLS is designed to be application
proto-col independent. TLS protocol consists of two main components: Handshake protocol, to set
session states and shared private keys, and Record protocol, to transmit data securely using the shared
keys.