Conventional Encryption

Conventional encryption is a cryptographic system that uses the same key used by the sender to encrypt the
message and by the receiver to decrypt the message. It was the only type of encryption in use prior to the
development of public-key encryption.
It is still much preferred of the two types of encryption systems due to its simplicity. It is a relatively fast
process since it uses a single key for both encryption and decryption In this encryption model, the sender
encrypts plaintext using the receiver’s secret key, which can be later used by the receiver to decrypt the
ciphertext.
Conventional Encryption principles
A Symmetric encryption scheme has five ingredients
1.Plain Text: This is the original message or data which is fed into the algorithm as input.
2.Encryption Algorithm: This encryption algorithm performs various substitutions andtransformations on the
plain text.
3.Secret Key: The key is another input to the algorithm. The substitutions and transformations performed by
algorithm depend on the key.
4.Cipher Text: This is the scrambled (unreadable) message which is output of the encryption algorithm. This
cipher text is dependent on plaintext and secret key. For a given plaintext, two different keys produce two
different cipher texts.
5.Decryption Algorithm: This is the reverse of encryption algorithm. It takes the cipher text and secret key
as inputs and outputs the plain text.
Requirements for secure use of conventional encryption :
1. We need a strong encryption algorithm.
2. The sender and Receiver must have obtained copies of the secret key in a secure fashion and must keep the
key secure.
Advantages of Conventional Encryption :
Simple –
1. This type of encryption is easy to carry out.
2. Uses fewer computer resources – Conventional encryption does not require a lot of computer resources when
compared to public-key encryption.
Fast –
1.Conventional encryption is much faster than asymmetric key encryption.
Disadvantages of Conventional Encryption Model:
1. Origin and authenticity of the message cannot be guaranteed, since both sender and receiver use the same
key, messages cannot be verified to have come from a particular user.
2. It isn’t much secured when compared to public-key encryption.
3. If the receiver lost the key, he/she cant decrypt the message and thus making the whole process useless.
4. This scheme does not scale well to a large number of users because both the sender and the receiver have to
agree on a secret key before transmission.
Cryptography
A cipher is a secret method of writing, as by code. Cryptography, in a very broad sense, is the study of
techniques related to aspects of information security. Hence cryptography is concerned with the writing
(ciphering or encoding) and deciphering (decoding) of messages in secret code. Cryptographic systems are
classified along three independent dimensions:
conventional encryption algorithms
1. Advanced Encryption Standard (AES): AES is a widely used symmetric-key encryption algorithm. It supports
key lengths of 128, 192, or 256 bits and operates on fixed-size blocks of data (128 bits). AES has been adopted by
governments worldwide and is considered secure when implemented correctly.
2. Data Encryption Standard (DES): DES was one of the earliest encryption standards. It operates on 64-bit
blocks of data using a 56-bit key. Due to its relatively short key length, DES is no longer considered secure against
modern
3.cryptographic attacks. Triple DES (3DES) is a variant of DES that applies the DES algorithm three times with
different keys, providing increased security.
4.Rivest Cipher (RC): The RC series of encryption algorithms, developed by Ron Rivest, includes several versions
such as RC2, RC4, RC5, and RC6. Among these, RC4 gained significant popularity due to its simplicity and
speed. However, RC4 is now considered insecure for many applications due to vulnerabilities in its key scheduling
algorithm.
5.Blowfish: Blowfish is a symmetric-key block cipher designed by Bruce Schneier. It operates on 64-bit blocks of
data and supports key lengths from 32 bits to 448 bits. Blowfish is known for its simplicity and speed, but it is no
longer recommended for new applications due to the emergence of more advanced algorithms like AES.
6. Twofish: Twofish is a symmetric-key block cipher designed as a candidate for the AES competition. It operates
on 128-bit blocks of data and supports key lengths of 128, 192, or 256 bits. While Twofish was not selected as the
AES standard, it remains a strong and secure encryption algorithm.
7.IDEA (International Data Encryption Algorithm): IDEA is a symmetric-key block cipher that operates on 64-
bit blocks of data. It uses a 128-bit key and is known for its simplicity and speed. IDEA is widely used in
applications requiring strong encryption, although it is less common compared to AES.
Location of Encryption Devices
1. With link encryption- each vulnerable communications link is equipped on both ends with an encryption
device. Thus, all traffic over all communications links is secured. Although this requires a lot of encryption
devices in a larger network, the value of this approach is clear. One disadvantage of the approach is that the
message must be decrypted each time it enters a packet switch; description is necessary because the switch must
read the address in the packet header to route the packet. Thus, the message is vulnerable at each switch. If it is a
public packet-switching network, the user has no control over the security of the nodes.
2. With end to end encryption-the encryption process is carried out at the two end systems. The source host or
terminal encrypts the data. The data is encrypted form are then transmitted unaltered across the network to the
destination terminal, or host. The destination shares a key with the source and so is able to decrypt the data. This
approach would seem to secure the transmission against attacks on the network links or switches.
A connects to a packet switching network to transfer end-end encrypted message to the host at the other end, and
sets up a virtual circuit to the host. Data is transmitted through the network in the form of packets that consist of
a header and some user data. If the host at the other end tries to decrypt the entire packet, it is not possible as
only the host can perform the decryption.
Symmetric Key Encryption Asymmetric Key Encryption
It only requires a single key for both encryption and It requires two keys, a public key and a private key,
decryption. one to encrypt and the other one to decrypt.

The size of cipher text is the same or smaller than the The size of cipher text is the same or larger than the
original plain text. original plain text.

The encryption process is very fast. The encryption process is slow.

It is used when a large amount of data is required to

It is used to transfer small amounts of data.
transfer.

It provides confidentiality, authenticity, and non-

It only provides confidentiality.
repudiation.

The length of key used is 128 or 256 bits The length of key used is 2048 or higher

In symmetric key encryption, resource utilization is low In asymmetric key encryption, resource utilization is
as compared to asymmetric key encryption. high.

It is efficient as it is used for handling large amount of It is comparatively less efficient as it can handle a
data. small amount of data.
key distribution
Key distribution in cryptography refers to the process of securely delivering cryptographic keys from one party to
another. It is a critical aspect of cryptographic systems, as the security of encrypted communication relies on
keeping the encryption keys confidential and ensuring that only authorized parties have access to them. Several
methods and protocols are used for key distribution, including:
Symmetric Key Distribution: In symmetric-key cryptography, the same key is used for both encryption and
decryption. Key distribution in symmetric-key systems typically involves securely sharing the key between
communicating parties using methods such as:
1. Pre-shared Key (PSK): Keys are agreed upon and distributed among the communicating parties through
secure channels before communication begins.
2. Key Transport: The key is encrypted using another key, known as a key encryption key (KEK), and securely
transmitted to the recipient, who decrypts it using their private key.
3. Key Agreement: Parties exchange information and compute a shared secret key using cryptographic protocols
like Diffie-Hellman key exchange.
Public Key Distribution: Public key cryptography involves a pair of keys: a public key and a private key. The
public key is freely distributed, while the private key is kept secret. Key distribution in public key systems
typically involves:
1. Public Key Infrastructure (PKI): A framework that facilitates the distribution and management of digital
certificates, which bind public keys to their respective owners. PKI includes certificate authorities (CAs) that issue
and verify certificates.
2. Web of Trust: A decentralized approach where users validate each other's public keys through direct trust
relationships or endorsements.
3. Key Exchange Protocols: Secure protocols such as Transport Layer Security (TLS) and Secure Shell (SSH) use
public key cryptography for key exchange during the establishment of secure communication channels.
Quantum Key Distribution (QKD): QKD uses principles of quantum mechanics to securely distribute
cryptographic keys. It relies on the properties of quantum states to detect eavesdropping attempts. QKD
protocols, such as BB84 and E91, enable two parties to generate a shared random key while detecting any
unauthorized interception of the key transmission.
SHA-1 Hash
SHA-1 or Secure Hash Algorithm 1 is a cryptographic algorithm which takes an input and produces a 160-bit
(20-byte) hash value. This hash value is known as a message digest. This message digest is usually then rendered
as a hexadecimal number which is 40 digits long. It is a U.S. Federal Information Processing Standard and was
designed by the United States National Security Agency. SHA-1 is now considered insecure since 2005. Major
tech giants browsers like Microsoft, Google, Apple and Mozilla have stopped accepting SHA-1 SSL certificates
by 2017. To calculate cryptographic hashing value in Java, MessageDigest Class is used, under the
package java.security.
Applications of sha 1 hash
1. Cryptography: The main application of SHA1 is to protect communications from being intercepted by
outside parties. From a given data input, SHA1 generates a fixed-size, singular, and irreversible hash value. The
integrity of the data can then be confirmed by comparing this hash value to the original hash value.
2. Data Integrity: In many industries, such as finance, healthcare, and government, data integrity is a major
concern. Data integrity in a system is checked using the SHA1 algorithm. A fingerprint of the original data is
created using a hash value produced by the SHA1 algorithm.
3. Digital Signatures: Digital signatures are used to confirm the legitimacy of digital documents and messages.
The digital document or communication is hashed using the SHA1 technique, and its hash value is subsequently
encrypted with the sender’s private key..
4. Digital Forensics: In digital forensics, a hash of a file containing digital evidence can be produced using the
SHA1 algorithm. To ensure that the evidence hasn’t been altered with during the investigation, utilize this hash
value as proof.
5. Password Storage: SHA1 can be used to save passwords. A hash of the password is generated using SHA1
when a user creates a password. The password itself is then substituted in a database for the hash value.
6. Software Updates: The integrity of software updates can be guaranteed using SHA1. The SHA1 hash of the
update file can be made public on the software vendor’s website when an update is made available.
Message Authentication Code (MAC)
MAC algorithm is a symmetric key cryptographic technique to provide message authentication. For establishing
MAC process, the sender and receiver share a symmetric key K.
Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a
message to ensure message authentication.
Process of using MAC for authentication
1. The sender uses some publicly known MAC algorithm, inputs the message and the secret key K and produces a
MAC value.
2. Similar to hash, MAC function also compresses an arbitrary long input into a fixed length output. The major
difference between hash and MAC is that MAC uses secret key during the compression.
3. The sender forwards the message along with the MAC. Here, we assume that the message is sent in the clear,
as we are concerned of providing message origin authentication, not confidentiality. If confidentiality is required
then the message needs encryption.
4. On receipt of the message and the MAC, the receiver feeds the received message and the shared secret key K
into the MAC algorithm and re-computes the MAC value.
Message Authentication Requirements
1.The receiver now checks equality of freshly computed MAC with the MAC received from the sender. If they
match, then the receiver accepts the message and assures himself that the message has been sent by the intended
sender.
2. If the computed MAC does not match the MAC sent by the sender, the receiver cannot determine whether it is
the message that has been altered or it is the origin that has been falsified. As a bottom-line, a receiver safely
assumes that the message is not the genuine.
Limitations of MAC
1.Establishment of Shared Secret
(i) It can provide message authentication among pre-decided legitimate users who have shared key.
(ii) This requires establishment of shared secret prior to use of MAC.
2.Inability to Provide Non-Repudiation
(i) Non-repudiation is the assurance that a message originator cannot deny any previously sent
messages and commitments or actions.
(ii) MAC technique does not provide a non-repudiation service. If the sender and receiver get
involved in a dispute over message origination, MACs cannot provide a proof that a message was
indeed sent by the sender.
(iii) Though no third party can compute the MAC, still sender could deny having sent the message
and claim that the receiver forged it, as it is impossible to determine which of the two parties
computed the MAC.
MAC Requirement.
1. Revelation: It means releasing the content of the message to someone who does not have an appropriate
cryptographic key.
2. Analysis of Traffic: Determination of the pattern of traffic through the duration of connection and frequency
of connections between different parties.
3. Deception: Adding out of context messages from a fraudulent source into a communication network. This will
lead to mistrust between the parties communicating and may also cause loss of critical data.
4. Modification in the Content: Changing the content of a message. This includes inserting new information or
deleting/changing the existing one.
5. Modification in the sequence: Changing the order of messages between parties. This includes insertion,
deletion, and reordering of messages.
6. Modification in the Timings: This includes replay and delay of messages sent between different parties. This
way session tracking is also disrupted.
7. Source Refusal: When the source denies being the originator of a message.
Message Authentication Functions:
1.Lower level: At this level, there is a need for a function that produces an authenticator, which is the value that
will further help in the authentication of a message.
2.Higher-level: The lower level function is used here in order to help receivers verify the authenticity of
messages.
MD5 Algorithm
MD5 is a cryptographic hash function algorithm that takes the message as input of any length and changes it
into a fixed-length message of 16 bytes. MD5 algorithm stands for the message-digest algorithm. MD5 was
developed as an improvement of MD4, with advanced security purposes. The output of MD5 (Digest size) is
always 128 bits. MD5 was developed in 1991 by Ronald Rivest.
Use Of MD5 Algorithm:
1. It is used for file authentication.
2. In a web application, it is used for security purposes. e.g. Secure password of users etc.
3. Using this algorithm, We can store our password in 128 bits format.

Working of the MD5 Algorithm:

MD5 algorithm follows the following steps
1. Append Padding Bits: In the first step, we add padding bits in the original message in such a way that the
total length of the message is 64 bits less than the exact multiple of 512.
2. Append Length Bits: In this step, we add the length bit in the output of the first step in such a way that the
total number of the bits is the perfect multiple of 512. Simply, here we add the 64-bit as a length bit in the
output of the first step.
3. Initialize MD buffer: Here, we use the 4 buffers i.e. J, K, L, and M. The size of each buffer is 32 bits.
- J = 0x67425301
- K = 0xEDFCBA45
- L = 0x98CBADFE
- M = 0x13DCE476
4. Process Each 512-bit Block: This is the most important step of the MD5 algorithm. Here, a total of 64
operations are performed in 4 rounds. In the 1st round, 16 operations will be performed, 2nd round 16
operations will be performed, 3rd round 16 operations will be performed, and in the 4th round, 16 operations
will be performed. We apply a different function on each round i.e. for the 1st round we apply the F function,
for the 2nd G function, 3rd for the H function, and 4th for the I function.
We perform OR, AND, XOR, and NOT (basically these are logic gates) for calculating functions.
Application Of MD5 Algorithm:
1. We use message digest to verify the integrity of files/ authenticates files.
2. MD5 was used for data security and encryption.
3. It is used to Digest the message of any size and also used for Password verification.
4. For Game Boards and Graphics.
Advantages of MD5 Algorithm:
1. MD5 is faster and simple to understand.
2. MD5 algorithm generates a strong password in 16 bytes format. All developers like web developers etc use
the MD5 algorithm to secure the password of users.
3. To integrate the MD5 algorithm, relatively low memory is necessary.
4. It is very easy and faster to generate a digest message of the original message.
Disadvantages of MD5 Algorithm:
1. MD5 generates the same hash function for different inputs.
2. MD5 provides poor security over SHA1.
3. MD5 has been considered an insecure algorithm. So now we are using SHA256 instead of MD5
4. MD5 is neither a symmetric nor asymmetric algorithm.
Public key cryptography principles
1. Key Pairs: Public key cryptography operates on the basis of key pairs. Each user has a pair of keys: a public
key and a private key. These keys are mathematically related such that data encrypted with one key can only be
decrypted with the other key in the pair.
2.Encryption and Decryption: Encryption is the process of transforming plaintext into ciphertext using a public
key. Decryption is the process of transforming ciphertext back into plaintext using the corresponding private key.
3.Asymmetric Algorithm: Public key cryptography relies on asymmetric encryption algorithms, which use
different keys for encryption and decryption. Common asymmetric encryption algorithms include RSA (Rivest-
Shamir-Adleman) and elliptic curve cryptography (ECC).
4.Public Key Distribution: Public keys are freely distributed and widely available, often through public key
directories or servers. Users can share their public keys with others, enabling secure communication and data
exchange.
5.Private Key Protection: Private keys must be kept secret and securely managed by their respective owners.
Compromising a private key can lead to unauthorized access to sensitive information and undermine the security
of the cryptographic system.
6. Digital Signatures: Public key cryptography also enables the creation and verification of digital signatures. A
digital signature is created by encrypting a hash of the message with the sender's private key.
7. Key Exchange: Public key cryptography facilitates secure key exchange protocols, such as Diffie-Hellman key
exchange, which allow two parties to establish a shared secret key over an insecure communication channel
without prior arrangement.
RSA Algorithm
RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it works on two
different keys i.e. Public Key and Private Key. As the name describes that the Public Key is given to everyone
and the Private key is kept private.
An example of asymmetric cryptography:
1. A client (for example browser) sends its public key to the server and requests some data.
2. The server encrypts the data using the client’s public key and sends the encrypted data.
3. The client receives this data and decrypts it.
Advantages of RSA
1. Security: RSA algorithm is considered to be very secure and is widely used for secure data transmission.
2. Public-key cryptography: RSA algorithm is a public-key cryptography algorithm, which means that it uses
two different keys for encryption and decryption. The public key is used to encrypt the data, while the private
key is used to decrypt the data.
3. Key exchange: RSA algorithm can be used for secure key exchange, which means that two parties can
exchange a secret key without actually sending the key over the network.
4. Digital signatures: RSA algorithm can be used for digital signatures, which means that a sender can sign a
message using their private key, and the receiver can verify the signature using the sender’s public key.
5. Speed: The RSA technique is suited for usage in real-time applications since it is quite quick and effective.
6. Widely used: Online banking, e-commerce, and secure communications are just a few fields and applications
where the RSA algorithm is extensively developed.
Disadvantages of RSA
1.Slow processing speed: RSA algorithm is slower than other encryption algorithms, especially when dealing
with large amounts of data.
2. Large key size: RSA algorithm requires large key sizes to be secure, which means that it requires more
computational resources and storage space.
3. Vulnerability to side-channel attacks: RSA algorithm is vulnerable to side-channel attacks, which means an
attacker can use information leaked through side channels such as power consumption, electromagnetic
radiation, and timing analysis to extract the private key.
4. Limited use in some applications: RSA algorithm is not suitable for some applications, such as those that
require constant encryption and decryption of large amounts of data, due to its slow processing speed.
5. Complexity: The RSA algorithm is a sophisticated mathematical technique that some individuals may find
challenging to comprehend and use.
6. Key Management: The secure administration of the private key is necessary for the RSA algorithm, although
in some cases this can be difficult.
7. Vulnerability to Quantum Computing: Quantum computers have the ability to attack the RSA algorithm,
potentially decrypting the data.
Digital signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital
document, message or software. It's the digital equivalent of a handwritten signature or stamped seal, but it offers
far more inherent security. A digital signature is intended to solve the problem of tampering and impersonation in
digital communications.
Digital signatures can provide evidence of origin, identity and status of electronic documents, transactions or
digital messages. Signers can also use them to acknowledge informed consent. In many countries, including the
U.S., digital signatures are considered legally binding in the same way as traditional handwritten document
signatures
Digital signatures work
Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public
key algorithm -- such as Rivest-Shamir-Adleman, or RSA -- two keys are generated, creating a mathematically
linked pair of keys: one private and one public.
Digital signatures work through public key cryptography's two mutually authenticating cryptographic keys. For
encryption and decryption, the person who creates the digital signature uses a private key to encrypt signature-
related data. The only way to decrypt that data is with the signer's public key.
If the recipient can't open the document with the signer's public key, that indicates there's a problem with the
document or the signature. This is how digital signatures are authenticated.
Benefits of digital signatures
1.Security:Security capabilities are embedded in digital signatures to ensure a legal document isn't altered and
signatures are legitimate. Security features include asymmetric cryptography, personal identification
numbers (PINs), checksums and cyclic redundancy checks (CRCs), as well as CA and trust service provider (TSP)
validation.
2.Timestamping:This provides the date and time of a digital signature and is useful when timing is critical, such
as for stock trades, lottery ticket issuance and legal proceedings.
3.Globally accepted and legally compliant:The public key infrastructure (PKI) standard ensures vendor-
generated keys are made and stored securely. With digital signatures becoming an international standard, more
countries are accepting them as legally binding.
4.Time savings: Digital signatures simplify the time-consuming processes of physical document signing, storage
and exchange, enabling businesses to quickly access and sign documents.
5.Cost savings:Organizations can go paperless and save money previously spent on the physical resources, time,
personnel and office space used to manage and transport documents.
6.Positive environmental effects:Reducing paper use also cuts down on the physical waste generated by paper and
the negative environmental impact of transporting paper documents.
7.Traceability. Digital signatures create an audit trail that makes internal record-keeping easier for businesses.
With everything recorded and stored digitally, there are fewer opportunities for a manual signee or record-keeper
to make a mistake or misplace something.
Classes and types of digital signatures
(i). Class 1. This type of DSC can't be used for legal business documents, as they're validated based only on an
email ID and username. Class 1 signatures provide a basic level of security and are used in environments with a
low risk of data compromise.
(ii). Class 2. These DSCs are often used for electronic filing (e-filing) of tax documents, including income tax
returns and goods and services tax returns. Class 2 digital signatures authenticate a signer's identity against a
pre-verified database. Class 2 digital signatures are used in environments where the risks and consequences of
data compromise are moderate.
(iii). Class 3. The highest level of digital signatures, Class 3 signatures require people or organizations to present
in front of a CA to prove their identity before signing. Class 3 digital signatures are used for e-auctions, e-
tendering, e-ticketing and court filings, as well as in other environments where threats to data or the consequences
of a security failure are high.
Uses for digital signatures
1. Government. The U.S. Government Publishing Office publishes electronic versions of budgets, public and
private laws, and congressional bills with digital signatures. Governments worldwide use digital signatures for
processing tax returns, verifying business-to-government transactions, ratifying laws and managing contracts.
Most government entities must adhere to strict laws, regulations and standards when using digital signatures..
2. Healthcare. Digital signatures are used in the healthcare industry to improve the efficiency of treatment and
administrative processes, strengthen data security, e-prescribe and process hospital admissions. The use of digital
signatures in healthcare must comply with the Health Insurance Portability and Accountability Act of 1996.
3. Manufacturing. Manufacturing companies use digital signatures to speed up processes, including product
design, quality assurance, manufacturing enhancements, marketing and sales. The use of digital signatures in
manufacturing is governed by the International Organization for Standardization and the National Institute of
Standards and Technology Digital Manufacturing Certificate.
4. Cryptocurrencies. Bitcoin and other cryptocurrencies use digital signatures to authenticate the blockchain.
They're also used to manage transaction data associated with cryptocurrency and as a way for users to show
ownership of currency or their participation in a transaction.
5. Non-fungible tokens (NFTs). Digital signatures are used with digital assets -- such as artwork, music and videos
-- to secure and trace these types of NFTs anywhere on the blockchain.
Digital signature security
1.PINs, passwords and codes. These are used to authenticate and verify a signer's identity and approve their
signature. Email, username and password are the most common methods used.
2.Asymmetric cryptography. This employs a public key algorithm that includes private and public key encryption
and authentication.
3.Checksum. This long string of letters and numbers is used to determine the authenticity of transmitted data. A
checksum is the result of running a cryptographic hash function on a piece of data..
4.CRC. A type of checksum, this error-detecting code and verification feature is used in digital networks and
storage devices to detect changes to raw data.
5.CA validation. CAs issue digital signatures and act as trusted third parties by accepting, authenticating, issuing
and maintaining digital certificates. The use of CAs helps avoid the creation of fake digital certificates.
6.TSP validation. This person or legal entity validates a digital signature on a company's behalf and offers
signature validation reports.
Digital signature attacks
1.Chosen-message attack. The attacker either obtains the victim's public key or tricks the victim into digitally
signing a document they don't intend to sign.
2.Known-message attack. The attacker obtains messages the victim sent and a key that enables the attacker to
forge the victim's signature on documents.
3.Key-only attack. The attacker only has access to the victim's public key and can re-create the victim's signature
to digitally sign documents or messages that the victim doesn't intend to sign.
Digital signature tools and vendors
1.Adobe Acrobat Sign is a cloud-based service that's designed to provide secure, legal e-signatures across all
device types. Adobe Acrobat Sign integrates with existing applications, including Microsoft Office and Dropbox.
2.DocuSign standards-based services ensure e-signatures are compliant with existing regulations. Services include
Express Signature for basic global transactions and EU Qualified Signature, which complies with EU standards.
3.Dropbox Sign helps users prepare, send, sign and track documents. Features of the tool include embedded
signing, custom branding and embedded templates. Dropbox Sign also integrates with applications such as
Microsoft Word, Slack and Box.
4.GlobalSign provides a host of management, integration and automation tools to implement PKI across
enterprise environments.
5.PandaDoc provides e-signature software that helps users upload, send and collect payments for documents.
Users can also track document status and receive notifications when someone opens, views, comments on or signs
a document.
6.ReadySign from Onit provides users with customizable templates and forms for e-signatures. Software features
include bulk sending, notifications, reminders, custom signatures and document management with role-based
permissions.
7.Signeasy offers an e-signing service of the same name to businesses and individuals, as well as application
programming interfaces for developers.
Key management
In cryptography, it is a very tedious task to distribute the public and private keys between sender and receiver. If
the key is known to the third party (forger/eavesdropper) then the whole security mechanism becomes worthless.
So, there comes the need to secure the exchange of keys.
There are two aspects for Key Management:
1.Distribution of public keys.
2.Use of public-key encryption to distribute secrets.
Distribution of Public Key:
1. Public Announcement: Here the public key is broadcasted to everyone. The major weakness of this method is a
forgery. Anyone can create a key claiming to be someone else and broadcast it. Until forgery is discovered can
masquerade as claimed user.
2. Publicly Available Directory: In this type, the public key is stored in a public directory. Directories are trusted
here, with properties like Participant Registration, access and allow to modify values at any time, contains entries
like {name, public-key}. Directories can be accessed electronically still vulnerable to forgery or tampering.
3. Public Key Authority: It is similar to the directory but, improves security by tightening control over the
distribution of keys from the directory. t requires users to know the public key for the directory. Whenever the
keys are needed, real-time access to the directory is made by the user to obtain any desired public key securely.
4. Public Certification: This time authority provides a certificate (which binds an identity to the public key) to
allow key exchange without real-time access to the public authority each time. The certificate is accompanied by
some other info such as period of validity, rights of use, etc. All of this content is signed by the private key of the
certificate authority and it can be verified by anyone possessing the authority’s public key.
First sender and receiver both request CA for a certificate which contains a public key and other information and
then they can exchange these certificates and can
Kerberos
Kerberos provides a centralized authentication server whose function is to authenticate users to servers and
servers to users. In Kerberos Authentication server and database is used for client authentication. Kerberos
runs as a third-party trusted server known as the Key Distribution Center (KDC). Each user and service on the
network is a principal.
Components of Kerberos
1.Authentication Server (AS): The Authentication Server performs the initial authentication and ticket for
Ticket Granting Service.
2.Database: The Authentication Server verifies the access rights of users in the database.
3.Ticket Granting Server (TGS): The Ticket Granting Server issues the ticket for the Server
Kerberos Limitations
1.Each network service must be modified individually for use with Kerberos
2.It doesn’t work well in a timeshare environment
3.Secured Kerberos Server
4.Requires an always-on Kerberos server
5.Stores all passwords are encrypted with a single key
6.Assumes workstations are secure
7.May result in cascading loss of trust. 8.Scalability
Applications of Kerberos
1.User Authentication: User Authentication is one of the main applications of Kerberos. Users only have to
input their username and password once with Kerberos to gain access to the network. The Kerberos server
subsequently receives the encrypted authentication data and issues a ticket granting ticket (TGT).
2.Single Sign-On (SSO): Kerberos offers a Single Sign-On (SSO) solution that enables users to log in once to
access a variety of network resources. A user can access any network resource they have been authorized to use
after being authenticated by the Kerberos server without having to provide their credentials again.
3.Mutual Authentication: Before any data is transferred, Kerberos uses a mutual authentication technique to
make sure that both the client and server are authenticated. Using a shared secret key that is securely kept on
both the client and server, this is accomplished. A client asks the Kerberos server for a service ticket whenever it
tries to access a network resource.
4.Authorization: Kerberos also offers a system for authorization in addition to authentication. After being
authenticated, a user can submit service tickets for certain network resources. Users can access just the
resources they have been given permission to use thanks to information about their privileges and permissions
contained in the service tickets.
5.Network Security: Kerberos offers a central authentication server that can regulate user credentials and
access restrictions, which helps to ensure network security. In order to prevent unwanted access to sensitive
data and resources, this server may authenticate users before granting them access to network resources.
Kerberos Version 4 :
Kerberos version 4 is an update of the Kerberos software that is a computer-network authentication system.
Kerberos version 4 is a web-based authentication software which is used for authentication of users information
while logging into the system by DES technique for encryption. It was launched in late 1980s.
Features of Kerberos V4:
1.Authentication: Kerberos V4 provides authentication and encryption services to network clients and servers.
2.Encryption: Kerberos V4 uses a simple encryption algorithm that is less secure than the encryption used in
Kerberos V5.
3.Ticket-granting service (TGS): Kerberos V4 uses a single TGS for all network services, which means that the
TGS has to handle a large number of requests.
4.No support for timestamps: Kerberos V4 does not support timestamps, which makes it vulnerable to replay
attacks.
PGP
1.PGP stands for Pretty Good Privacy (PGP) which is invented by Phil Zimmermann.
2.PGP was designed to provide all four aspects of security, i.e., privacy, integrity, authentication, and non-
repudiation in the sending of email.
3.PGP uses a digital signature (a combination of hashing and public key encryption) to provide integrity,
authentication, and non-repudiation. PGP uses a combination of secret key encryption and public key encryption
to provide privacy
4.PGP is an open source and freely available software package for email security.
5.PGP provides authentication through the use of Digital Signature.
6.It provides confidentiality through the use of symmetric block encryption.
7.It provides compression by using the ZIP algorithm, and EMAIL compatibility using the radix-64 encoding
scheme.
Steps taken by PGP to create secure e-mail at the sender site:
1.The e-mail message is hashed by using a hashing function to create a digest.
2.The digest is then encrypted to form a signed digest by using the sender's private key, and then signed digest is
added to the original email message.
3.The original message and signed digest are encrypted by using a one-time secret key created by the sender.
4.The secret key is encrypted by using a receiver's public key.
5.Both the encrypted secret key and the encrypted combination of message and digest are sent together.
Disadvantages of PGP Encryption
1.The Administration is difficult: The different versions of PGP complicate the administration.
2.Compatibility issues: Both the sender and the receiver must have compatible versions of PGP. For example, if
you encrypt an email by using PGP with one of the encryption technique, the receiver has a different version of
PGP which cannot read the data.
3.Complexity: PGP is a complex technique. Other security schemes use symmetric encryption that uses one key or
asymmetric encryption that uses two different keys. PGP uses a hybrid approach that implements symmetric
encryption with two keys. PGP is more complex, and it is less familiar than the traditional symmetric or
asymmetric methods.
4.No Recovery: Computer administrators face the problems of losing their passwords. In such situations, an
administrator should use a special program to retrieve passwords. For example, a technician has physical access
to a PC which can be used to retrieve a password. However, PGP does not offer such a special program for
recovery; encryption methods are very strong so, it does not retrieve the forgotten passwords results in lost
messages or lost files.

Steps taken to show how PGP uses hashing and a combination of three keys to generate the
original message:

o The receiver receives the combination of encrypted secret key and message digest is received.
o The encrypted secret key is decrypted by using the receiver's private key to get the one-time secret key.
o The secret key is then used to decrypt the combination of message and digest.
o The digest is decrypted by using the sender's public key, and the original message is hashed by using a
hash function to create a digest.
o Both the digests are compared if both of them are equal means that all the aspects of security are
preserved.
PGP operational description
o Key Generation:
o PGP uses a key pair: a public key and a private key.
o When a user first sets up PGP, they generate their key pair using a key generation tool within the
PGP software..
o Encryption:
o To send an encrypted message using PGP, the sender obtains the recipient's public key.
o The sender's PGP software encrypts the message using a symmetric encryption algorithm like AES
(Advanced Encryption Standard)..
o Decryption:
o When the recipient receives the encrypted message, their PGP software uses their private key to
decrypt the symmetric encryption key.
o The decrypted symmetric encryption key is then used to decrypt the message itself.
o Digital Signatures:
o PGP also provides a mechanism for digital signatures to verify the authenticity and integrity of
messages.
o To sign a message, the sender's PGP software generates a hash (a fixed-size string of bytes) of the
message content.
o Signature Verification:
o Upon receiving a signed message, the recipient's PGP software decrypts the digital signature using
the sender's public key, obtaining the hash.
o The recipient's PGP software then calculates a new hash of the received message content.
o Web of Trust:
o PGP also supports a "web of trust" model for key verification and authentication.
o Users can digitally sign each other's public keys to attest to their authenticity.
IP security
IP Sec (Internet Protocol Security) is an Internet Engineering Task Force (IETF) standard suite of protocols
between two communication points across the IP network that provide data authentication, integrity, and
confidentiality. It also defines the encrypted, decrypted, and authenticated packets. The protocols needed for
secure key exchange and key management are defined in it.
Uses of IP Security
o To encrypt application layer data.
o To provide security for routers sending routing data across the public internet.
o To provide authentication without encryption, like to authenticate that the data originates from a known
sender.
o To protect network data by setting up circuits using IPsec tunneling in which all data being sent between
the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
Components of IP Security
1. Encapsulating Security Payload (ESP): It provides data integrity, encryption, authentication, and anti-
replay. It also provides authentication for payload.
2. Authentication Header (AH): It also provides data integrity, authentication, and anti-replay and it does not
provide encryption. The anti-replay protection protects against the unauthorized transmission of packets. It
does not protect data confidentiality.
3. Internet Key Exchange (IKE): It is a network security protocol designed to dynamically exchange encryption
keys and find a way over Security Association (SA) between 2 devices. The Security Association (SA) establishes
shared security attributes between 2 network entities to support secure communication. The Key Management
Protocol (ISAKMP) and Internet Security Association provides a framework for authentication and key
exchange.
Working on IP Security
1.The host checks if the packet should be transmitted using IPsec or not. This packet traffic triggers the security
policy for itself. This is done when the system sending the packet applies appropriate encryption. The incoming
packets are also checked by the host that they are encrypted properly or not.
2.Then IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate themselves to each other to start a
secure channel. It has 2 modes. The Main mode provides greater security and the Aggressive mode which
enables the host to establish an IPsec circuit more quickly.
3.The channel created in the last step is then used to securely negotiate the way the IP circuit will encrypt data
across the IP circuit.
4.Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts negotiate the type of
cryptographic algorithms to use on the session and agree on secret keying material to be used with those
algorithms.
5.Then the data is exchanged across the newly created IPsec encrypted tunnel. These packets are encrypted and
decrypted by the hosts using IPsec SAs.
6.When the communication between the hosts is completed or the session times out then the IPsec tunnel is
terminated by discarding the keys by both hosts.
Features of IPSec
1.Authentication: IPSec provides authentication of IP packets using digital signatures or shared secrets. This
helps ensure that the packets are not tampered with or forged.
2.Confidentiality: IPSec provides confidentiality by encrypting IP packets, preventing eavesdropping on the
network traffic.
3.Integrity: IPSec provides integrity by ensuring that IP packets have not been modified or corrupted during
transmission.
4.Key management: IPSec provides key management services, including key exchange and key revocation, to
ensure that cryptographic keys are securely managed.
5.Tunneling: IPSec supports tunneling, allowing IP packets to be encapsulated within another protocol, such as
GRE (Generic Routing Encapsulation) or L2TP (Layer 2 Tunneling Protocol).
6.Flexibility: IPSec can be configured to provide security for a wide range of network topologies, including
point-to-point, site-to-site, and remote access connections.
7.Interoperability: IPSec is an open standard protocol, which means that it is supported by a wide range of
vendors and can be used in heterogeneous environments.
Advantages of IPSec
1. Strong security: IPSec provides strong cryptographic security services that help protect sensitive data and
ensure network privacy and integrity.
2. Wide compatibility: IPSec is an open standard protocol that is widely supported by vendors and can be used
in heterogeneous environments.
3. Flexibility: IPSec can be configured to provide security for a wide range of network topologies, including
point-to-point, site-to-site, and remote access connections.
4. Scalability: IPSec can be used to secure large-scale networks and can be scaled up or down as needed.
5. Improved network performance: IPSec can help improve network performance by reducing network
congestion and improving network efficiency.
Disadvantages of IPSec
1. Configuration complexity: IPSec can be complex to configure and requires specialized knowledge and skills.
2. Compatibility issues: IPSec can have compatibility issues with some network devices and applications, which
can lead to interoperability problems.
3. Performance impact: IPSec can impact network performance due to the overhead of encryption and
decryption of IP packets.
4. Key management: IPSec requires effective key management to ensure the security of the cryptographic keys
used for encryption and authentication.
5. Limited protection: IPSec only provides protection for IP traffic, and other protocols such as ICMP, DNS,
and routing protocols may still be vulnerable to attacks.
IPSecurity Architecture
1.IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These protocols are ESP
(Encapsulation Security Payload) and AH (Authentication Header). IPSec Architecture includes protocols,
algorithms, DOI, and Key Management.
IP Security Architecture steps
1. Architecture: Architecture or IP Security Architecture covers the general concepts, definitions, protocols,
algorithms, and security requirements of IP Security technology.
2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality service.
3. Encryption algorithm: The encryption algorithm is the document that describes various encryption
algorithms used for Encapsulation Security Payload.
4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication and Integrity service.
Authentication Header is implemented in one way only: Authentication along with Integrity.
5. Authentication Algorithm: The authentication Algorithm contains the set of documents that describe the
authentication algorithm used for AH and for the authentication option of ESP.
6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH and ESP protocols. It contains
values needed for documentation related to each other.
7. Key Management: Key Management contains the document that describes how the keys are exchanged
between sender and receiver.

o
Authentication Header : The question may arise, that how IP header will know that adjacent Extension
header is Authentication Header. Well, there is protocol field in IP Header which tells type of header that is
present in packet. So, protocol field in IP Header should have value of “51” in order to detect Authentication
Header.
Steps of authentication header
1.Next Header – Next Header is 8-bit field that identifies type of header present after Authentication Header. In
case of TCP, UDP or destination header or some other extension header it will store correspondence IP protocol
number .
2.Payload Length – Payload length is length of Authentication header and here we use scaling factor of 4.
Whatever be size of header, divide it by 4 and then subtract by 2
3.Reserved – This is 16-bit field which is set to “zero” by sender as this field is reserved for future use.
4.Security Parameter Index (SPI) – It is arbitrary 32-bit field. It is very important field which identifies all
packets which belongs to present connection. If we’re sending data from Source A to Destination B. Both A and
B will already know algorithm and key they are going to use.
5.Sequence Number – This unsigned 32-bit field contains counter value that increases by one for each packet
sent. Every packet will need sequence number. It will start from 0 and will go till – 1 and there will be no
wrap around..
6.Authentication Data (Integrity Check Value) – Authentication data is variable length field that contains
Integrity Check Value (ICV) for packet. Using hashing algorithm and secret key, sender will create message
digest which will be sent to receiver
Modes of operations in Authentication Header:
1. Authentication Header Transport Mode: In the authentication header transport mode, it is lies between
the original IP Header and IP Packets original TCP header.
2. Authentication Header Tunnel Mode: In this authentication header tunnel mode, the original IP packet is
authenticated entire and the authentication header is inserted between the original IP header and new outer
IP header. Here, the inner IP header contains the ultimate source IP address and destination IP
address. whereas the outer IP header contains different IP address that is IP address of the firewalls or other
security gateways.
Authentication header deals with Replay attack
1.In a replay attack, the attacker a copy of an authenticated packet and then send to the intended destination.
As the same packet received twice, the destination user can face some problems. To reduce this problem, the
authentication header use a sequence number field.
2.At this initial stage, the value of this field is set to 0. whenever the sender sends the packets to the same
receiver over the same SA, it increments the fields value by 1. If the number of packets over the same increase
this number, then communication with the receiver sender must establishing a new SA with the receiver.
3.At the receiver side, the receiver maintains a sliding window size to W. The default value of W is 64. This
window right edge represents the highest sequence number N received so far for a valid packet.
When the receiver gets a packet from the sender, it perform some action. The appropriate action depends on
the sequence number of the packet. advantages of Authentication Header
4.Message Integrity – It means, message is not modified while coming from the source.
5.Source Authentication – It means, the source is exactly the source from whom we were expecting data.
Web Security Threats:
A Threat is nothing but a possible event that can damage and harm an information system. Security Threat is
defined as a risk that which, can potentially harm Computer systems & organizations. Whenever an Individual
or an Organization creates a website, they are vulnerable to security attacks.
Security attacks are mainly aimed at stealing altering or destroying a piece of personal and confidential
information, stealing the hard drive space, and illegally accessing passwords. So whenever the website you
created is vulnerable to security attacks then the attacks are going to steal your data alter your data destroy
your personal information see your confidential information and also it accessing your password.
Top Web Security Threats :
1.Cross-site scripting (XSS) 2.SQL Injection 3.Phishing
4.Ransomware 5.Code Injection 6.Viruses and worms
7.Spyware 8.Denial of Service
Security Consideration:
1.Updated Software: You need to always update your software. Hackers may be aware of vulnerabilities in
certain software, which are sometimes caused by bugs and can be used to damage your computer system and
steal personal data.
2.Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or your database by inserting
a rough code into your query. For e.g. somebody can send a query to your website and this query can be a rough
code while it gets executed it can be used to manipulate your database such as change tables, modify or delete
data or it can retrieve important information also so, one should be aware of the SQL injection attack.
3.Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script into web pages. E.g.
Submission of forms. It is a term used to describe a class of attacks that allow an attacker to inject client-side
scripts into other users’ browsers through a website..
4.Error Messages: You need to be very careful about error messages which are generated to give the
information to the users while users access the website and some error messages are generated due to one or
another reason and you should be very careful while providing the information to the users. For e.g. login
attempt – If the user fails to login the error message should not let the user know which field is incorrect:
Username or Password.
5.Data Validation: Data validation is the proper testing of any input supplied by the user or application. It
prevents improperly created data from entering the information system.
6.Password: Password provides the first line of defense against unauthorized access to your device and personal
information. It is necessary to use a strong password.
Web traffic security approaches
1.HTTPS (SSL/TLS Encryption):
(i) Hypertext Transfer Protocol Secure (HTTPS) encrypts data in transit between a web browser and a web
server using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
(ii)SSL/TLS encryption ensures that data exchanged between the client and server is encrypted, preventing
eavesdropping and tampering by malicious actors.
2.Web Application Firewalls (WAF):
(i)WAFs monitor, filter, and block HTTP traffic to and from a web application to protect against various attacks
such as SQL injection, cross-site scripting (XSS), and other common web application vulnerabilities.
(ii)WAFs can be implemented as hardware appliances, software applications, or cloud-based services.
3.Content Security Policy (CSP):
(i)CSP is a security standard that helps prevent cross-site scripting (XSS) and data injection attacks by allowing
web developers to specify which domains can be trusted to load resources such as JavaScript, CSS, and images.
(ii)CSP defines a whitelist of approved sources for content, limiting the risk of executing malicious scripts injected
into web pages.
4.Web Security Scanning and Vulnerability Assessment:
(i)Regular security scanning and vulnerability assessment tools help identify and remediate security weaknesses in
web applications and infrastructure.
(ii)Automated scanners can detect common security flaws such as outdated software, misconfigurations, and
known vulnerabilities in web servers, databases, and web applications.
5.Content Filtering and URL Filtering:
(i)Content filtering solutions inspect web traffic and filter out malicious or inappropriate content based on
predefined policies.
(ii)URL filtering restricts access to certain websites or categories of websites based on blacklists or whitelists of
URLs.
6.Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA):
(i)2FA and MFA add an extra layer of security by requiring users to provide additional authentication factors
beyond passwords, such as a one-time code sent to their mobile device or biometric authentication.
(ii)Implementing 2FA or MFA for web applications enhances user authentication and helps prevent unauthorized
access even if passwords are compromised.
7.Secure Development Practices:
(i)Following secure development practices, such as the OWASP Top Ten and secure coding guidelines, helps
developers build web applications with security in mind from the outset.
(ii)Secure development practices include input validation, output encoding, proper error handling, and security-
aware coding practices to prevent common web vulnerabilities.
Secure Socket Layer
Secure Socket Layer (SSL) provides security to the data that is transferred between web browser and server.
SSL encrypts the link between a web server and a browser which ensures that all data passed between them
remain private and free from attack.
Secure Socket Layer Protocols:
1.SSL Protocol Stack: In the SSL Record Protocol application data is divided into fragments. The fragment is
compressed and then encrypted MAC (Message Authentication Code) generated by algorithms like SHA
(Secure Hash Protocol) and MD5 (Message Digest) is appended. After that encryption of the data is done and in
last SSL header is appended to the data.
2.Handshake Protocol: Handshake Protocol is used to establish sessions. This protocol allows the client and
server to authenticate each other by sending a series of messages to each other. Handshake protocol uses four
phases to complete its cycle.
3.Change-cipher Protocol: This protocol uses the SSL record protocol. Unless Handshake Protocol is completed,
the SSL record Output will be in a pending state. After the handshake protocol, the Pending state is converted
into the current state. Change-cipher protocol consists of a single message which is 1 byte in length and can
have only one value. This protocol’s purpose is to cause the pending state to be copied into the current state.
4.Alert Protocol: This protocol is used to convey SSL-related alerts to the peer entity. Each message in this
protocol contains 2 bytes
Salient Features of Secure Socket Layer:
1.The advantage of this approach is that the service can be tailored to the specific needs of the given application.
2.Secure Socket Layer was originated by Netscape.
3.SSL is designed to make use of TCP to provide reliable end-to-end secure service.
4.This is a two-layered protocol.
Characteristics of secure socket layer
1.Encryption: The SSL certificate uses encryption algorithms to secure the communication between the website
or service and its users. This ensures that the sensitive information, such as login credentials and credit card
information, is protected from being intercepted and read by unauthorized parties.
2.Authentication: The SSL certificate verifies the identity of the website or service, ensuring that users are
communicating with the intended party and not with an impostor. This provides assurance to users that their
information is being transmitted to a trusted entity.
3.Integrity: The SSL certificate uses message authentication codes (MACs) to detect any tampering with the
data during transmission. This ensures that the data being transmitted is not modified in any way, preserving
its integrity.
4.Non-repudiation: SSL certificates provide non-repudiation of data, meaning that the recipient of the data
cannot deny having received it. This is important in situations where the authenticity of the information needs
to be established, such as in e-commerce transactions.
5.Public-key cryptography: SSL certificates use public-key cryptography for secure key exchange between the
client and server. This allows the client and server to securely exchange encryption keys, ensuring that the
encrypted information can only be decrypted by the intended recipient.
6.Session management: SSL certificates allow for the management of secure sessions, allowing for the
resumption of secure sessions after interruption. This helps to reduce the overhead of establishing a new secure
connection each time a user accesses a website or service.
7.Certificates issued by trusted CAs: SSL certificates are issued by trusted CAs, who are responsible for
verifying the identity of the website or service before issuing the certificate. This provides a high level of trust
and assurance to users that the website or service they are communicating with is authentic and trustworthy.
Transport Layer Security (TLS)
Transport Layer Securities (TLS) are designed to provide security at the transport layer. TLS was derived from
a security protocol called Secure Socket Layer (SSL). TLS ensures that no third party may eavesdrop or
tampers with any message.
Benefits of TLS:
1.Encryption:TLS/SSL can help to secure transmitted data using encryption.
2.Interoperability:TLS/SSL works with most web browsers, including Microsoft Internet Explorer and on most
operating systems and web servers.
3.Algorithm flexibility:TLS/SSL provides operations for authentication mechanism, encryption algorithms and
hashing algorithm that are used during the secure session.
4.Ease of Deployment:Many applications TLS/SSL temporarily on a windows server 2003 operating systems.
5.Ease of Use:Because we implement TLS/SSL beneath the application layer, most of its operations are
completely invisible to client.
Working of TLS:
The client connect to server (using TCP), the client will be something. The client sends number of specification:
1.Version of SSL/TLS.
2.which cipher suites, compression method it wants to use.
The server checks what the highest SSL/TLS version is that is supported by them both, picks a cipher suite
from one of the clients option (if it supports one) and optionally picks a compression method. After this the
basic setup is done, the server provides its certificate. This certificate must be trusted either by the client itself
or a party that the client trusts. Having verified the certificate and being certain this server really is who he
claims to be (and not a man in the middle), a key is exchanged. This can be a public key, “PreMasterSecret” or
simply nothing depending upon cipher suite.
Both the server and client can now compute the key for symmetric encryption. The handshake is finished and
the two hosts can communicate securely. To close a connection by finishing. TCP connection both sides will
know the connection was improperly terminated. The connection cannot be compromised by this through,
merely interrupted.
Secure Electronic Transaction (SET) Protocol
Secure Electronic Transaction or SET is a system that ensures the security and integrity of electronic
transactions done using credit cards in a scenario. SET is not some system that enables payment but it is a
security protocol applied to those payments. It uses different encryption and hashing techniques to secure
payments over the internet done through credit cards. The SET protocol was supported in development by
major organizations like Visa, Mastercard, and Microsoft which provided its Secure Transaction Technology
(STT), and Netscape which provided the technology of Secure Socket Layer (SSL).
Requirements in SET
1.It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the
customer is an intended user or not, and merchant authentication.
2.It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate
encryptions.
3.It has to be resistive against message modifications i.e., no changes should be allowed in the content being
transmitted.
4.SET also needs to provide interoperability and make use of the best security mechanisms.
Participants in SET
1.Cardholder – customer
2.Issuer – customer financial institution
3.Merchant
4.Acquirer – Merchant financial
5.Certificate authority – Authority that follows certain standards and issues certificates(like X.509V3) to all
other participants.
SET functionalities:
1.Provide Authentication
(i) Merchant Authentication – To prevent theft, SET allows customers to check previous relationships between
merchants and financial institutions. Standard X.509V3 certificates are used for this verification.
(ii) Customer / Cardholder Authentication – SET checks if the use of a credit card is done by an authorized user
or not using X.509V3 certificates.
2.Provide Message Confidentiality: Confidentiality refers to preventing unintended people from reading the
message being transferred. SET implements confidentiality by using encryption techniques. Traditionally DES
is used for encryption purposes.
3.Provide Message Integrity: SET doesn’t allow message modification with the help of signatures. Messages are
protected against unauthorized modification using RSA digital signatures with SHA-1 and some using HMAC
with SHA-1,
The disadvantages of Secure Electronic Exchange At the point when SET was first presented in 1996 by
the SET consortium (Visa, Mastercard, Microsoft, Verisign, and so forth), being generally taken on inside the
following couple of years was normal. Industry specialists additionally anticipated that it would immediately
turn into the key empowering influence of worldwide internet business. Notwithstanding, this didn’t exactly
occur because of a few serious weaknesses in the convention.
The security properties of SET are better than SSL and the more current TLS, especially in their capacity to
forestall web based business extortion. Be that as it may, the greatest downside of SET is its intricacy. SET
requires the two clients and traders to introduce extraordinary programming – – card perusers and advanced
wallets – – implying that exchange members needed to finish more jobs to carry out SET. This intricacy likewise
dialed back the speed of web based business exchanges. SSL and TLS don’t have such issues. :
Intruders
Cyber Security is the branch of technology that deals with the security of using the internet. Technology is an
essential part of today’s generation, it is hard to imagine our lives without technology. Thus, it is essential that
the technology we use in our daily lives is extremely secure and safe. Cyber technology is the branch of
technology, that takes care of this need.
Types of Intruders
1.Masquerader: The category of individuals that are not authorized to use the system but still exploit users’
privacy and confidential information by possessing techniques that give them control over the system, such
category of intruders is referred to as Masquerader. Masqueraders are outsiders and hence they don’t have
direct access to the system, their aim is to attack unethically to steal data/ information.
2.Misfeasor: The category of individuals that are authorized to use the system, but misuse the granted access
and privilege. These are individuals that take undue advantage of the permissions and access given to them,
such category of intruders is referred to as Misfeasor. Misfeasors are insiders and they have direct access to the
system, which they aim to attack unethically for stealing data/ information.
3.Clandestine User: The category of individuals who have supervision/administrative control over the system
and misuse the authoritative power given to them. The misconduct of power is often done by superlative
authorities for financial gains, such a category of intruders is referred to as Clandestine Users. A Clandestine
User can be any of the two, insiders or outsiders, and accordingly, they can have direct/ indirect access to the
system, which they aim to attack unethically by stealing data/ information.
 Different Ways Adopted by Intruders
 Regressively try all short passwords that may open the system for them.
 Try unlocking the system with default passwords, which will open the system if the user has not made any
change to the default password.
 Try unlocking the system by personal information of the user such as their name, family member names,
address, and phone number in different combinations.
 Making use of a Trojan horse for getting access to the system of the user.
 Attacking the connection of the host and remote user and getting entry through their connection gateway.
 Trying all the applicable information, relevant to the user such as plate numbers, room numbers, and locality
info.
Protect From Intruders
 By being aware of all the security measures that help us to protect ourselves from Intruders.
 By increasing the security and strengthening the security of the system.
 In case of any attack, first, reach out to cyber security experts for a solution to this type of attack.
 Try to avoid becoming a survivor of cybercrime.
Intrusion techniques
Intrusion techniques in cryptography refer to various methods used by attackers to compromise the security of
cryptographic systems, protocols, or implementations. These techniques aim to exploit vulnerabilities in
cryptographic algorithms, key management processes, or system configurations to gain unauthorized access to
encrypted data or to weaken the overall security of the system.
Common intrusion techniques :
1.Cryptanalysis:
(i)Cryptanalysis is the process of analyzing cryptographic systems to break the encryption and uncover the
plaintext without knowledge of the cryptographic key.
(ii)Attackers use various cryptanalytic techniques such as brute force attacks, frequency analysis, differential
cryptanalysis, and linear cryptanalysis to exploit weaknesses in cryptographic algorithms and recover plaintext or
encryption keys.
2.Side-Channel Attacks:
(i)Side-channel attacks exploit information leaked through physical implementation aspects of cryptographic
systems, such as power consumption, electromagnetic radiation, timing information, or sound emissions.
(ii)Examples include timing attacks, power analysis attacks, electromagnetic analysis (EMA), and acoustic
cryptanalysis, which can be used to extract sensitive information like cryptographic keys.
3.Fault Injection Attacks:
(i)Fault injection attacks involve intentionally inducing faults or errors in cryptographic devices or systems to
bypass security mechanisms.
(ii)Common techniques include voltage glitching, clock glitching, laser fault injection, and electromagnetic fault
injection (EMFI), which can disrupt cryptographic operations and lead to information leakage or key extraction.
4.Padding Oracle Attacks:
(i)Padding oracle attacks exploit vulnerabilities in cryptographic implementations that leak information about
the validity of padding in encrypted messages.
(ii)Attackers can use padding oracle vulnerabilities to recover plaintext or encryption keys by observing
differences in error messages or response times from the system.
5.Key Management Attacks:
(i)Key management attacks target weaknesses in key generation, storage, distribution, or usage processes within
cryptographic systems.
(ii)Examples include weak key generation algorithms, insufficient key length, poor key storage practices, or
compromised key exchange protocols, which can lead to unauthorized access to encrypted data or compromise the
confidentiality and integrity of communications.
6.Implementation Vulnerabilities:
(i)Implementation vulnerabilities arise from bugs, coding errors, or design flaws in cryptographic libraries,
protocols, or applications.
(ii)Attackers exploit implementation vulnerabilities to bypass security controls, inject malicious code, or
manipulate cryptographic operations to their advantage.
 Password Management
Since passwords are meant to keep the files and data secret and safe so it is prevented the unauthorized access,
password management refers to the practices and set of rules or principles or standards that out must follow or
at least try to seek help from in order to be a good/strong password and along with its storage and management
for the future requirements.
Issues Related to Managing Passwords:
The main problem with password management is that it is not safe to use the same password for multiple sites,
therefore having different passwords for different sites and on top of that remembering them is quite difficult.
As per the statistics, more than 65% of people reuse passwords across accounts and the majority do not change
them, even after a known breach. Meanwhile, 25% reset their passwords once a month or more because they
forgot them.
To escape from this situation people often tend to use password managers (A password manager is a computer
program that allows users to store, generate, and manage their passwords for local applications and online
services.). Password managers to a certain extent reduce the problem by having to remember only one “master
password” instead of having to remember multiple passwords. The only problem with having a master
password is that once it is out or known to an attacker, the rest of all the passwords become available.
Methods to Manage Password:
 Strong and long passwords: A minimum length of 8 to 12 characters long, also it should contain at least three
different character sets (e.g., uppercase characters, lowercase characters, numbers, or symbols)
 Password Encryption: Using irreversible end-to-end encryption is recommended. In this way, the password
remains safe even if it ends up in the hands of cybercriminals.
 Multi-factor Authentication (MFA): Adding some security questions and a phone number that would be used
to confirm that it is indeed you who is trying to log in will enhance the security of your password.
 Make the password pass the test: Yes, put your password through some testing tools that you might find
online in order to ensure that it falls under the strong and safe password category.
 Avoid updating passwords frequently: Though it is advised or even made mandatory to update or change
your password as frequently as in 60 or 90 days.
Password selection strategies
1.Length: Longer passwords are generally more secure than shorter ones. Aim for a minimum length of at least
12-16 characters. The longer the password, the harder it is for attackers to crack using brute force or dictionary
attacks.
2.Complexity: Use a combination of uppercase letters, lowercase letters, numbers, and special characters
(!@#$%^&*, etc.). Mixing different character types increases the complexity of the password, making it harder to
guess or crack.
3.Avoid Common Words and Phrases: Avoid using easily guessable words, phrases, or patterns such as
"password," "123456," "qwerty," or sequential keyboard patterns. Also, refrain from using personal information
like your name, birthdate, or commonly known facts about you.
4.Randomness: Generate passwords that are random and not based on easily guessable patterns or sequences.
Consider using password managers or online random password generators to create strong, randomized
passwords.
5.Passphrases: Instead of traditional passwords, consider using passphrases composed of multiple words, spaces,
and special characters. Passphrases are generally easier to remember and can be more secure than traditional
passwords.
6.Avoid Reusing Passwords: Use unique passwords for each online account or service. Reusing passwords across
multiple accounts increases the risk of credential stuffing attacks, where attackers use compromised credentials
from one site to gain unauthorized access to other accounts.
7.Regular Updates: Regularly update your passwords, especially for sensitive accounts or in the event of a
security breach. Set reminders to change passwords periodically, such as every 3-6 months.
Intrusion Detection System (IDS)
A system called an intrusion detection system (IDS) observes network traffic for malicious transactions and
sends immediate alerts when it is observed. It is software that checks a network or system for malicious
activities or policy violations. Each illegal activity or violation is often recorded either centrally using a SIEM
system or notified to an administration. IDS monitors a network or system for malicious activity and protects a
computer network from unauthorized access from users, including perhaps insiders. The intrusion detector
learning task is to build a predictive model (i.e. a classifier) capable of distinguishing between ‘bad connections’
(intrusion/attacks) and ‘good (normal) connections’.
 IDS work
1.An IDS (Intrusion Detection System) monitors the traffic on a computer network to detect any suspicious
activity.
2.It analyzes the data flowing through the network to look for patterns and signs of abnormal behavior.
3.The IDS compares the network activity to a set of predefined rules and patterns to identify any activity that
might indicate an attack or intrusion.
4.If the IDS detects something that matches one of these rules or patterns, it sends an alert to the system
administrator.
5.The system administrator can then investigate the alert and take action to prevent any damage or further
intrusion.
Classification of Intrusion Detection System
1.Network Intrusion Detection System (NIDS): Network intrusion detection systems (NIDS) are set up at a
planned point within the network to examine traffic from all devices on the network. It performs an observation
of passing traffic on the entire subnet and matches the traffic that is passed on the subnets to the collection of
known attacks..
2.Host Intrusion Detection System (HIDS): Host intrusion detection systems (HIDS) run on independent hosts
or devices on the network. A HIDS monitors the incoming and outgoing packets from the device only and will
alert the administrator if suspicious or malicious activity is detected. It takes a snapshot of existing system files
and compares it with theProtocol-based Intrusion Detection System (PIDS
3.Application Protocol-based Intrusion Detection System (APIDS): An application Protocol-based Intrusion
Detection System (APIDS) is a system or agent that generally resides within a group of servers. It identifies the
intrusions by monitoring and interpreting the communication on application-specific protocols. For example,
this would monitor the SQL protocol explicitly to the middleware as it transacts with the database in the web
server.
4.Hybrid Intrusion Detection System: Hybrid intrusion detection system is made by the combination of two or
more approaches to the intrusion detection system. In the hybrid intrusion detection system, the host agent or
system data is combined with network information to develop a complete view of the network system. The
hybrid intrusion detection system is more effective in comparison to the other intrusion detection system.
Prelude is an example of Hybrid IDS.
5. previous snapshot:If the analytical system files were edited or deleted, an alert is sent to the administrator to
investigate. An example of HIDS usage can be seen on mission-critical machines, which are not expected to
change their layout.
Benefits of IDS
 Detects malicious activity: IDS can detect any suspicious activities and alert the system administrator before
any significant damage is done.
 Improves network performance: IDS can identify any performance issues on the network, which can be
addressed to improve network performance.
 Compliance requirements: IDS can help in meeting compliance requirements by monitoring network activity
and generating reports.
 Provides insights: IDS generates valuable insights into network traffic, which can be used to identify any
weaknesses and improve network security.
Detection Method of IDS
1. Signature-based Method: Signature-based IDS detects the attacks on the basis of the specific patterns such as
the number of bytes or a number of 1s or the number of 0s in the network traffic. It also detects on the basis
of the already known malicious instruction sequence that is used by the malware. The detected patterns in
the IDS are known as signatures. Signature-based IDS can easily detect the attacks whose pattern (signature)
already exists in the system but it is quite difficult to detect new malware attacks as their pattern (signature)
is not known.
2. Anomaly-based Method: Anomaly-based IDS was introduced to detect unknown malware attacks as new
malware is developed rapidly. In anomaly-based IDS there is the use of machine learning to create a trustful
activity model and anything coming is compared with that model and it is declared suspicious if it is not
found in the model. The machine learning-based method has a better-generalized property in comparison to
signature-based IDS as these models can be trained according to the applications and hardware
configurations.
Placement of IDS
The most optimal and common position for an IDS to be placed is behind the firewall. Although this position
varies considering the network. The ‘behind-the-firewall’ placement allows the IDS with high visibility of
incoming network traffic and will not receive traffic between users and network. The edge of the network point
provides the network the possibility of connecting to the extranet.

Malicious programs
Malicious programs, also known as malware, refer to software intentionally designed to cause harm, damage, or
disruption to computer systems, networks, or devices. Malware encompasses a wide range of malicious software
types and can be categorized based on their functionalities and behaviors. Here are some common types of
malicious programs:
1.Viruses:
(i)Viruses are self-replicating programs that infect and modify other legitimate files or programs on a computer.
They often spread through infected files, email attachments, or removable media.
(ii)Once executed, viruses can cause various harmful effects, including data corruption, system instability, and
unauthorized access.
2.Worms:
(i)Worms are standalone malicious programs that spread across computer networks, exploiting vulnerabilities in
network protocols or software to infect other computers.
(ii)Unlike viruses, worms do not require a host program to propagate and can spread independently, leading to
rapid infection of multiple systems.
3.Trojans:
(i)Trojans, or Trojan horses, are deceptive programs that masquerade as legitimate software or files to trick users
into installing them.
(ii)Once installed, Trojans can perform various malicious activities, such as stealing sensitive information,
creating backdoors for remote access, or downloading additional malware onto the infected system.
4.Ransomware:
(i)Ransomware is a type of malware that encrypts files or locks down the entire system, rendering it inaccessible
to the user.
(ii)Attackers demand a ransom payment in exchange for decrypting the files or restoring access to the system.
Ransomware often spreads through malicious email attachments, exploit kits, or compromised websites.
5.Spyware:
(i)Spyware is designed to secretly monitor and collect information about a user's activities without their consent.
(ii)Spyware can track keystrokes, capture screenshots, record browsing history, and steal sensitive data such as
login credentials, credit card numbers, or personal information.
6.Adware:
(i)Adware, short for advertising-supported software, displays unwanted advertisements or redirects web browsers
to malicious or unwanted websites.
(ii)Adware may also collect browsing habits and personal information to deliver targeted advertisements or
generate revenue for the attacker.
7.Keyloggers:
(i)Keyloggers are designed to record keystrokes typed by a user on a keyboard, capturing sensitive information
such as usernames, passwords, credit card numbers, or other confidential data.
(ii)Attackers use keyloggers to steal login credentials, financial information, or other sensitive data for fraudulent
purposes
Virus
A virus is a fragment of code embedded in a legitimate program. Viruses are self-replicating and are designed to
infect other programs. They can wreak havoc in a system by modifying or destroying files causing system
crashes and program malfunctions. On reaching the target machine a virus dropper(usually a trojan horse)
inserts the virus into the system.
Types of viruses:
1.File Virus:This type of virus infects the system by appending itself to the end of a file. It changes the start of a
program so that the control jumps to its code. After the execution of its code, the control returns back to the
main program. Its execution is not even noticed. It is also called a Parasitic virus because it leaves no file intact
but also leaves the host functional.
2.Boot sector Virus:It infects the boot sector of the system, executing every time system is booted and before
the operating system is loaded. It infects other bootable media like floppy disks. These are also known
as memory viruses as they do not infect the file systems.
3.Macro Virus: Unlike most viruses which are written in a low-level language(like C or assembly language),
these are written in a high-level language like Visual Basic. These viruses are triggered when a program capable
of executing a macro is run. For example, the macro viruses can be contained in spreadsheet files.
4.Source code Virus: It looks for source code and modifies it to include virus and to help spread it.
5.Polymorphic Virus: A virus signature is a pattern that can identify a virus(a series of bytes that make up
virus code). So in order to avoid detection by antivirus a polymorphic virus changes each time it is installed.
The functionality of the virus remains the same but its signature is changed.
6.Encrypted Virus:In order to avoid detection by antivirus, this type of virus exists in encrypted form. It carries
a decryption algorithm along with it. So the virus first decrypts and then executes.
7.Stealth Virus:It is a very tricky virus as it changes the code that can be used to detect it. Hence, the detection
of viruses becomes very difficult. For example, it can change the read system call such that whenever the user
asks to read a code modified by a virus, the original form of code is shown rather than infected code.
Nature of viruses
1.Self-Replication: Like biological viruses, computer viruses have the ability to replicate themselves. Once a virus
infects a host file or program, it can spread to other files or systems by inserting its code into other executable files
or documents.
2.Infection Mechanism: Viruses typically rely on human interaction or system vulnerabilities to infect computers.
They can spread through infected email attachments, compromised websites, removable storage devices, or
network vulnerabilities.
3.Payload: Viruses often carry a malicious payload or code that is executed when the infected file or program is
run. The payload can perform a variety of harmful actions, such as deleting files, stealing data, displaying
messages, or creating backdoors for remote access.
4.Concealment: To evade detection by antivirus software and security measures, viruses often employ techniques
to conceal their presence and behavior. This may include encryption, polymorphism (changing their appearance
with each infection), or rootkit capabilities to hide their files and processes.
5.Activation Trigger: Viruses may be programmed to activate their malicious payload under certain conditions or
triggers, such as specific dates, user actions, or system events. This allows viruses to remain dormant until
activated, making them harder to detect and control.
6.File Infection: Many viruses infect executable files or programs on the host system, allowing them to spread
when infected files are shared or executed. Some viruses also target specific file types, such as documents or media
files, to propagate through email attachments or shared networks.
7.Propagation: Once a virus infects a host system, it seeks out other vulnerable systems to spread to. This
propagation can occur through various means, including network shares, email attachments, instant messaging,
or compromised websites.
Macro Virus
Macro viruses is a malicious code specifically designed by the hacker or attacker using the macro language (A
language that is used to build applications such as Microsoft Word, Excel, or PowerPoint). Macro viruses attach
themselves to documents and spreadsheets, and when these files are opened or edited, they infect other
documents as well. The dangerous thing about macro viruses is that they can infect any computer, regardless of
the operating system it runs on. This means that whether your computer is running Windows, macOS, or Linux,
it is vulnerable to a macro virus attack.
Macro Virus Affect Computer Systems
Hackers can inject a specific type of computer virus called a macro virus into spreadsheets and documents.
When a user opens or edits these files, the macro virus enters the system and starts infecting the system, as well
as other files stored on the system. The most dangerous thing about macro viruses is their ability to replicate as
fast as possible. When a user views or edits a file infected with a macro virus, the virus starts to replicate and
attach itself to other documents on the same computer. If these infected files are shared with other users, the
virus can spread to their computers as well. Once a macro virus enters a computer system, it starts infecting the
system and causing serious damage in various type of ways, such as deleting files, modifying documents,
stealing data, and many more
Measures to protect from macro virus
1. Preventive Measures of macro virusIt is very important to back up data regularly to reduce the risk of data
loss.
2. Take precautions when opening email attachments from unknown senders.
3. Avoid downloading files from unreliable sources, such as .zip and .rar files, because these files may contain
malicious programs hidden by attackers. Get software and files from reputable, verified sources only.
4. Use an effective and up-to-date security suite and antivirus software to protect your device or computer from
all known and unknown threats.
5. To protect against recently disclosed vulnerabilities, keep your software and operating system up to date, and
enable macro security settings in Microsoft Office applications to prevent macros from running without
permission
 Antivirus Software
Antivirus software (computer protection software) is a program(s) that is created to search, detect, prevent and
remove software viruses from your system that can harm your system. Other harmful software such as worms,
adware, and other threats can also be detected and removed via antivirus. This software is designed to be used
as a proactive approach to cyber security, preventing threats from entering your computer and causing issues.
Most antivirus software operates in the background once installed, providing real-time protection against virus
attacks.
Antivirus Works
 Signature detection is a method by which an antivirus keenly scans files that are brought into a system to
analyze more likely hazardous files.
 Specific detection, which looks for known parts or types of malware or patterns that are linked by a common
codebase
 A genericthe detection is a type of detection that looks for known parts or types of malware or patterns that
are related to a common codebase.
 Heuristic detection is a type of virus detection that looks for unknown infections by spotting suspicious file
structures.
Examples of Antivirus Software
(i) Free: Free anti-virus software provides basic virus protection
(ii) Paid: commercial anti-virus software provides more extensive protection.
Commonly used antivirus software:
1. Bitdefender: Bitdefender Total Security is a comprehensive security suite that protects against viruses and
dangerous malware of all varieties. This user-friendly antivirus software is compatible with all four major
operating systems and smart homes, and it also includes a free VPN with a daily limit of 200MB, parental
controls, camera protection, a password manager, etc. This security suite is reasonably priced and will protect
up to five devices 24 hours a day, seven days a week.
2. AVAST: This is a free antivirus available. All you have to do to obtain top-notch protection on your computer,
emails, downloads, and instant messages in the free version is register (for free) once a year. It includes a
sophisticated heuristics engine that enables it to detect viruses.
3. Panda: It can detect viruses, trojans, spyware, adware, worms, and malware at the same level as other
antiviruses do. It is different from others because using this software, when you scan your computer, it doesn’t
consume any of your computer’s resources instead, it runs in the cloud, allowing your machine to continue to
function normally.
Benefits of Antivirus Software
1.Spam and advertisements are blocked: Viruses exploit pop-up advertising and spam websites as one of the
most common ways to infect your computer and destroy your files. Antivirus acts against harmful virus-infected
adverts and websites by denying them direct access to your computer network.
2.Virus protection and transmission prevention: It identifies any possible infection and then attempts to
eliminate it.
3.Hackers and data thieves are thwarted: Antivirus do regular checks to see if there are any hackers or
hacking-related apps on the network. As a result, antivirus offers complete security against hackers.
4.Protected against devices that can be detached: Antivirus scans all removable devices for potential viruses,
ensuring that no viruses are transferred.
5.To improve security from the toweb, restrict website access: Antivirus restricts your online access in order to
prevent you from accessing unauthorized networks. This is done to ensure that you only visit websites that are
safe and non-harmful to your computer.
6.Password Protection: Using antivirus, you should consider using a password manager for added security.
Disadvantages of Antivirus programs
 Slows down system’s speed: When you use antivirus programs, you’re using a lot of resources like
your RAM and hard drive. As a result, the computer’s overall speed may be significantly slowed.
 Popping up of Advertisements: Apart from commercial antivirus applications, free antivirus must make
money in some way. One approach to attaining these is through advertising. Many times these advertisements
degrade the user experience by popping up every time.
 Security Holes: When security flaws exist in the operating system or networking software, the virus will be
able to defeat antivirus protection. The antivirus software will be ineffective unless the user takes steps to
keep it updated.
 No customer care service: There will be no customer service provided unless you pay for the premium
version. If an issue arises, the only method to solve it is to use forums and knowledge resources.
Firewall
A firewall is a network security device, either hardware or software-based, which monitors all incoming and
outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific
traffic. Accept : allow the traffic Reject : block the traffic but reply with an “unreachable error” Drop : block
the traffic with no reply A firewall establishes a barrier between secured internal networks and outside
untrusted network, such as the Internet.
Firewall work
Firewall match the network traffic against the rule set defined in its table. Once the rule is matched, associate
action is applied to the network traffic. For example, Rules are defined as any employee from HR department
cannot access the data from code server and at the same time another rule is defined like system administrator
can access the data from both HR and technical department. Rules can be defined on the firewall based on the
necessity and security policies of the organization. From the perspective of a server, network traffic can be
either outgoing or incoming. Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing
traffic, originated from the server itself, allowed to pass. Still, setting a rule on outgoing traffic is always better
in order to achieve more security and prevent unwanted communication. Incoming traffic is treated differently.
Most traffic which reaches on the firewall is one of these three major Transport Layer protocols- TCP, UDP or
ICMP. All these types have a source address and destination address. Also, TCP and UDP have port numbers.
ICMP uses type code instead of port number which identifies purpose of that packet.
Generation of Firewall
1.First Generation- Packet Filtering Firewall: Packet filtering firewall is used to control network access by
monitoring outgoing and incoming packets and allowing them to pass or stop based on source and destination
IP address, protocols, and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3
layers). Packet firewalls treat each packet in isolation. They have no ability to tell whether a packet is part of an
existing stream of traffic.
2. Second Generation- Stateful Inspection Firewall: Stateful firewalls (performs Stateful Packet Inspection) are
able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient.
It keeps track of the state of networks connection travelling across it, such as TCP streams. So the filtering
decisions would not only be based on defined rules, but also on packet’s history in the state table.
3. Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets
on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when
certain application and protocols (like HTTP, FTP) are being misused. In other words, Application layer
firewalls are hosts that run proxy servers.
4.Next Generation Firewalls (NGFW): Next Generation Firewalls are being deployed these days to stop modern
security breaches like advance malware attacks and application-layer attacks. NGFW consists of Deep Packet
Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the network from
these modern threats.
Types of Firewall
1.Host- based Firewalls : Host-based firewall is installed on each network node which controls each incoming
and outgoing packet. It is a software application or suite of applications, comes as a part of the operating
system. Host-based firewalls are needed because network firewalls cannot provide protection inside a trusted
network. Host firewall protects each host from attacks and unauthorized access.
2.Network-based Firewalls : Network firewall function on network level. In other words, these firewalls filter all
incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic using
rules defined on the firewall. A Network firewall might have two or more network interface cards (NICs). A
network-based firewall is usually a dedicated system with proprietary software installed.
Advantages of using Firewall
1.Protection from unauthorized access: Firewalls can be set up to restrict incoming traffic from particular IP
addresses or networks, preventing hackers or other malicious actors from easily accessing a network or system.
Protection from unwanted access.
2.Prevention of malware and other threats: Malware and other threat prevention: Firewalls can be set up to
block traffic linked to known malware or other security concerns, assisting in the defense against these kinds of
attacks.
3.Control of network access: By limiting access to specified individuals or groups for particular servers or
applications, firewalls can be used to restrict access to particular network resources or services.
4.Monitoring of network activity: Firewalls can be set up to record and keep track of all network activity. This
information is essential for identifying and looking into security problems and other kinds of shady behavior.
5.Regulation compliance: Many industries are bound by rules that demand the usage of firewalls or other
security measures. Organizations can comply with these rules and prevent any fines or penalties by using a
firewall.
6. Network segmentation: By using firewalls to split up a bigger network into smaller subnets, the attack
surface is reduced and the security level is raised.
Disadvantages of using Firewall
1. Complexity: Setting up and keeping up a firewall can be time-consuming and difficult, especially for bigger
networks or companies with a wide variety of users and devices.
2. Limited Visibility: Firewalls may not be able to identify or stop security risks that operate at other levels,
such as the application or endpoint level, because they can only observe and manage traffic at the network
level.
3. False sense of security: Some businesses may place an excessive amount of reliance on their firewall and
disregard other crucial security measures like endpoint security or intrusion detection systems.
4. Limited adaptability: Because firewalls are frequently rule-based, they might not be able to respond to fresh
security threats.
5. Performance impact: Network performance can be significantly impacted by firewalls, particularly if they
are set up to analyze or manage a lot of traffic.
6. Limited scalability: Because firewalls are only able to secure one network, businesses that have several
networks must deploy many firewalls, which can be expensive.
7. Limited VPN support: Some firewalls might not allow complex VPN features like split tunneling, which could
restrict the experience of a remote worker.
Real-Time Applications of Firewall
1. Corporate networks: Many businesses employ firewalls to guard against unwanted access and other security
risks on their corporate networks. These firewalls can be set up to only permit authorized users to access
particular resources or services and to prevent traffic from particular IP addresses or networks.
2. Government organizations: Government organizations frequently employ firewalls to safeguard sensitive
data and to adhere to rules like HIPAA or PCI-DSS. They might make use of cutting-edge firewalls like Next-
generation firewalls (NGFW), which can detect and stop intrusions as well as manage access to particular
data and apps.
3. Service providers: Firewalls are used by service providers to safeguard their networks and the data of their
clients, including ISPs, cloud service providers, and hosting firms. They might make use of firewalls that
accommodate enormous volumes of traffic and support advanced features such as VPN and load balancing.
4. Small enterprises: Small firms may use firewalls to separate their internal networks, restrict access to specific
resources or applications, and defend their networks from external threats.
5. Networks at home: To guard against unwanted access and other security risks, many home users employ
firewalls. A firewall that many routers have built in can be set up to block incoming traffic and restrict access
to the network.
6. Industrial Control Systems (ICS): Firewalls are used to safeguard industrial control systems against illegal
access and cyberattacks in many vital infrastructures, including power plants, water treatment facilities, and
transportation systems.
Firewall characteristics
1.Packet Filtering: Firewalls examine individual packets of data as they pass through the network and make
decisions based on predetermined rules. These rules determine whether a packet is allowed to pass, based on
factors such as source IP address, destination IP address, port number, and protocol type.
2.Stateful Inspection: Many modern firewalls use stateful inspection, also known as dynamic packet filtering, to
track the state of active connections and make more intelligent decisions based on the context of the traffic. This
allows firewalls to better handle complex protocols and prevent certain types of attacks, such as IP spoofing and
session hijacking.
3.Access Control Lists (ACLs): Firewalls use access control lists (ACLs) to define the rules that govern traffic flow
through the network. These rules specify which types of traffic are allowed or denied based on criteria such as
source and destination IP addresses, port numbers, and protocols.
4.Layer Filtering: Some firewalls offer application layer filtering capabilities, allowing them to inspect and filter
traffic at the application layer of the OSI model. This enables more granular control over specific applications
and protocols, such as HTTP, FTP, and SMTP.
5.Network Address Translation (NAT): Firewalls often include network address translation (NAT) functionality,
which allows them to translate private IP addresses used within an internal network to a single public IP address
visible to the outside world.
6.Proxy Services: Firewalls may provide proxy services for certain protocols, such as HTTP or FTP. When acting
as a proxy, the firewall receives requests from clients on behalf of servers and forwards the requests after
inspecting and filtering the traffic.
7.Logging and Reporting: Firewalls typically include logging and reporting capabilities to record information
about network traffic, rule violations, and security events. Logs can be used for troubleshooting, forensic analysis,
and compliance reporting purposes.
Firewall Configuration
firewall plays a vital role in network security and needs to be properly configured to keep organizations protected
from data leakage and cyberattacks.
This is possible by configuring domain names and Internet Protocol (IP) addresses to keep the firewall secure.
Firewall policy configuration is based on network type, such as public or private, and can be set up with security
rules that block or allow access to prevent potential attacks from hackers or malware.
Proper firewall configuration is essential, as default features may not provide maximum protection against a
cyberattack
Importance of Basic Firewall Configuration
Improper firewall configuration can result in attackers gaining unauthorized access to protected internal
networks and resources. As a result, cyber criminals are constantly on the lookout for networks that have
outdated software or servers and are not protected. Gartner highlighted the size and magnitude of this issue,
predicting that 99% of firewall breaches would be caused by misconfigurations in 2020.
The default settings on most firewalls and protocols like the File Transfer Protocol (FTP) do not provide the
necessary level of protection to keep networks secure from cyberattacks. Organizations must ensure basic firewall
configuration meets the unique needs of their networks.
Configure a Firewall
1. Secure the Firewall:Securing a firewall is the vital first step to ensure only authorized administrators have
access to it.
2. Establish Firewall Zones and an IP Address Structure:It is important to identify network assets and resources
that must be protected. This includes creating a structure that groups corporate assets into zones based on similar
functions and the level of risk.
3. Configure Access Control Lists (ACLs):Access control lists (ACLs) enable organizations to determine which
traffic is allowed to flow in and out of each zone. ACLs act as firewall rules, which organizations can apply to each
firewall interface and subinterface.
4. Configure Other Firewall Services and Logging:Some firewalls can be configured to support other services,
such as a Dynamic Host Configuration Protocol (DHCP) server, intrusion prevention system (IPS), and Network
Time Protocol (NTP) server. It is important to also disable the extra services that will not be used.
5. Test the Firewall Configuration:With the configurations made, it is critical to test them to ensure the correct
traffic is being blocked and that the firewall performs as intended. The configuration can be tested through
techniques like penetration testing and vulnerability scanning. Remember to back up the configuration in a
secure location in case of any failures during the testing process.
6. Manage Firewall Continually:Firewall management and monitoring are critical to ensuring that the firewall
continues to function as intended. This includes monitoring logs, performing vulnerability scans, and regularly
reviewing rules. It is also important to document processes and manage the configuration continually and
diligently to ensure ongoing protection of the network.