How is a network security
Network Security Tutorial | Introduction to Network Security | Network Security Tools | Edureka
[Music]
hi guys my name is Aria and I welcome
you all to another interesting session
on cybersecurity today's video is gonna
target network security and throughout
the course of this video we're gonna see
the need for network security
what exactly is network security and the
security that is variously applied in
the application layer transport layer
and network layer and the network
security for businesses ok so let's get
into today's session without wasting
much time so in this modern era
organizations greatly rely on computer
networks to share information throughout
the organization in an efficient and
productive manner organizational
computer networks are now becoming a
large and new victus assuming that each
staff member has a dedicated workstation
a large scale company would have a few
thousand workstations and many servers
on the network it is likely that these
workstations may not be centrally
managed nor would they have parameter
protection now they have a variety of
operating systems hardware software and
protocols with different level of cyber
awareness among users now imagine these
thousands of workstations on company
networks are directly connected to the
Internet this sort of unsecured Network
becomes a target for an attack which
holds valuable information and displays
vulnerabilities now network security
consists of policies and practices
adopted to prevent and monitor
unauthorized access misuse modification
or denial of a computer network and
network accessible resources only
network security can protect you from a
Trojan horse viruses network security
involves the authorization of access to
data in a network which is controlled by
the network administrator users choose
or are assigned an ID and password or
other authenticating information that
allows them to access to information and
programs within their authority network
security coverage transactions and
communications among businesses
government agencies and individuals two
networks can be private such as within
the company and others which might be
open to public access and network
security is involved in organizations
and prizes and other types of
institutions it does as as title
explains it secures the network as well
as protecting and overseeing operations
being done and the most common and
simple way of
a network resource is by assigning it a
unique name and a corresponding password
okay so now let's see why the need for
network security arose so the tcp/ip
protocol suit which is the major
protocol sued used for communication was
created in 1980s as an internet working
solution with very little concern for
security aspects it was developed for a
communication in the limited trusted
Network however or a period
this protocol became the de facto
standard for the unsecured internet
communication now some of the common
security vulnerabilities of tcp/ip
protocol suits are as follows firstly
HTTP is an application layer protocol in
tcp/ip sood used for transfer files that
make up the web pages for the web
servers these transfers are done in
plain network security for text and an
intruder can easily read the data
packets exchanged between server and a
client another HTTP vulnerability is a
weak authentication between the client
and the web server during the
initialization of the session the
vulnerability can lead to a session
hijacking attack where the attacker
steals an HTTP session of the legitimate
user thirdly TCP protocol vulnerability
is the three-way handshake for
connection establishment an attacker can
launch a denial of service attack called
syn flooding to exploit this
vulnerability he establishes a lot of
half-open sessions by not completing the
handshake and this leads to server
overloading and eventually a crash the
fourth vulnerability is that the IP
layer is susceptible to many
vulnerabilities in itself through an IP
protocol header modification an attacker
can launch an IP spoofing attack that
can be a serious conundrum to your
business now apart from the full
vulnerabilities mentioned many other
security vulnerabilities exist in TCP IP
protocol family in design as well in its
implementation
incidentally in TCP IP based network
communication if one layer is hacked the
other layers do not become aware of the
HA and the entire communication gets
compromised hence there is need to
employ a security controls at each layer
to ensure foolproof security now as
discussed earlier there exists large
number of vulnerabilities in the network
thus during transmission Teta is highly
vulnerable to attacks an attacker can
target the communication channel obtain
the data and read the same or reinsert a
false message to achieve his net
for his aims now network security is not
only concerned about the security of the
computer at each end of the
communication gene however it aims to
ensure that the entire network is secure
network security EMM deals protecting
the usability reliability integrity and
safety of network and data effectively
now network security defeats a variety
of threats from entering or spreading on
a network the primary goal of network
security are confidentiality integrity
and availability these three pillars of
network security are often represented
as a CIA triangle now the function of
confidentiality is to protect precious
Christmas data from unauthorized person
confidentiality part of network security
makes sure that data is available only
to the intended and authorized people
next the goal of integrity is the
maintenance and assurance of accuracy
and consistency of data the functions of
integrity is to make sure that data is
reliable and is not changed by
unauthorized people and last but not
least the function of availability and
network security is to make sure that
data network and this resources are
continuously available to the legitimate
user when they require it now ensuring
network security may appear to be very
simple
the goal is to be achieved seemed to be
straightforward but in reality the
mechanism used to achieve these goals
are highly complex and understanding
them involves sound reasoning
International Telecommunication Union or
the ITU in its recommendation on
security architecture of X point 800 has
defined certain mechanisms to bring the
standardization in methods to achieve
network security some of these
mechanisms are as in cipher mint so this
mechanism provides data confidentiality
services by transforming data into not
readable form for the unauthorized
people this mechanism uses encryption
and decryption algorithm with the use of
secret keys next is digital signatures
now this mechanism is the electronic
equivalent of ordinary signatures in
electronic data it provides authenticity
of the data third is access control this
mechanism is used to provide access
control services these mechanisms may
use identification and authentication of
an entity to determine and enforce the
access rights of the entity before he
touches anything on the network
now having developed and identified
various security mechanisms for
achieving
with security it is essential to decide
where to apply them both physically at
what location and logically at what
layer of an architecture such as tcp/ip
okay so it's time we discuss the
application layer security and this is
the first layer that we're going to
discuss in today's tutorial now various
business services are now offered online
through client-server applications the
most popular form are web applications
and email in both applications the
client communicates to the designated
server and obtain services while using a
service from any server application the
client and server exchange lot of
information on the underlying internet
and Internet
we are aware of the fact that these
information transactions are vulnerable
to various attacks now network security
until securing data against attacks
while it is in transit on a network to
achieve this goal
many real-time security protocols have
been designed such protocols need to
provide at least the following primary
objectives firstly the parties can
negotiate interactively to authenticate
each other secondly establish a secret
session key before exchanging
information on a network and last but
not the least the exchange information
must be in encrypted form interestingly
these protocols work at different layers
of networking model for example the s
mime protocol works at an application
layer and the SSL protocol is developed
to work at the transport layer and the
IPSec protocol works at the network
layer so we're going to discuss how
email security works because it's very
important to the application layer
security as many of the application
layer information is mostly through
emails or web server architectures we're
going to choose email for this one now
the simplest way of sending an email
would be sending a message directly from
the sender's machine to the recipients
machine in this case it is essential for
both machines to be running on the
network simultaneously however this
setup is impractical as users may
occasionally connect to their machines
to the network hence the concept of
setting up email servers arrived in the
set of the mail is sent to the email
server which is permanently available on
the network when the recipients machine
connects to their network it reads the
mail from the mail server and in general
the email infrastructure consists of a
mesh of mail servers also termed as a
message transfer agent or an MTA and the
clients machines running an email
programming comprising
of a user Asian and in local empty a now
the growing use of email communication
for important and crucial transactions
demands provision of certain fundamental
security services such as the following
firstly is confidentiality now email
messages should not be read by anyone
but the intended recipient second is
authentication that is email recipient
can be sure of the identity of the user
third is integrity and that is assurance
to the recipient that the email message
has not been altered since it was
transmitted by the sender next is proof
of delivery that is the sender gets a
confirmation that the recipient will
receive the message
second last is non repudiation which is
email recipient is able to prove to a
third party that the sender really did
send the message lastly we have proof of
submission which is that the email
sender gets confirmation that the
message is handed over to the mail
delivery system now security services
such as privacy authentication message
integrity and non-repudiation are
usually provided by using public key
cryptography now pretty good privacy or
PGP is an email encryption scheme it has
become the de facto standard for
providing security services for email
communication now as discussed it uses
public key cryptography symmetric key
cryptography hash functions and digital
signatures it provides privacy send the
authentication message integrity and
non-repudiation now along with these
security services and also provides data
compression and key management support
PGP uses existing cryptographic
algorithms such as RSA IDE a md5 etc
rather than inventing the new ones so
how does PGP exactly work well firstly
we have a message for example hi Varun
has your cache so now this message is
hashed using the md5 algorithm and a
hash is actually made now the resultant
128-bit hash is signed using the private
key of the sender using the RSA
algorithm next the digital signature is
concatenated to the message and the
result is compressed
now 128-bit symmetric key KS is
generated and used to encrypt the
compressed message with the
International data encryption algorithm
or ID EA now the symmetric key KS is
encrypted using public key of the
recipient using RSA algorithm and the
results is appended to the encrypted
message
now PGP key certificate is normally
established through a chain of trust for
example is public key is signed by P
using his public key and beasts public
key is signed by C using his public key
as this process goes on it establishes a
web of trust in a PGP environment any
user can act as a certifying authority
and any PGP user can certify another PGP
uses public key however such a
certificate is only valid to another
user if the user recognizes the
certified as a trusted introducer
several issues exist with such a
certification method and it may be
difficult to find a chain leading from a
known and trusted public key to desired
key also there might be multiple chains
which can lead to different keys for
desired users okay so that was all about
application layer security it's time we
moved to the transport layer now suppose
you're visiting a shopping site like
jabong comm and you want to buy a
sweatshirt now you enter the type of
good and the quantity desired and then
the address and payment card details now
you click on submit and wait for the
delivery of goods with debit price of
amount from the account now all this
sounds good but in the absence of
network security you could face a few
surprises for example if the transaction
did not use confidentiality an attacker
could obtain your payment card
information and then the attacker can
then make purchases at your expense if
no data integrity was used in the
communication an attacker could modify
Bob's order in terms of type or quantity
of goods lastly if no server
authentication was used a server could
display the website and his famous logo
but the site could be malicious site
maintained by an attacker who is
masquerading as jabong comm and after
receiving your order he would take your
money and flee or he could carry out an
identity theft by collecting all your
name and your credit card details now
transport layer security schemes can
address these problems by enhancing TCP
IP based network communications with
confidentiality data integrity server
authentication and client authentication
the security at this layer is mostly
used to secure HTTP based web
transactions on a network and this is
mostly doesn't through a protocol called
SSL okay so in the year 1995 Netscape
developed SSL version 2 and this used in
Netscape Navigator 1.1 the SSL version 1
was never published and used
Microsoft improved upon SSS version two
and introduced another similar protocol
named private communication technology
or PCT Netscape substantially improved
SSL version 2 on various security issues
and then deployed as a solution 3 in
1999 the internet Engineering Task Force
subsequently introduced a similar TLS
protocol as an open standard TLS
protocol is non interoperable with SSL
version 3 now TLS modified the
cryptographic algorithms for key
expansion and authentication also TLS
suggested use of open cryptography
Hellman and digital signature standards
in place of pattern that I'll say that
is used in SSL but due to the expiry of
RSA Peyton in 2000 there existed no
strong reason for users to shift away
from the widely deployed TLS to SSL
version 3 so this is why SSL version 3
is mainly used over TLS in various sites
and applications so the salient features
of SSL protocol are as follows this will
provide network connection security
through confidentiality that is
information is exchanged in an encrypted
form then it provides authentication
which is communication entities identify
each other through the use of digital
certificates web server authentication
is mandatory whereas client
authentication is kept optimal and third
is reliability which maintains message
integrity in check moving on SSL is
always available for TCP applications
and it is supported by almost all the
web browsers it provides ease and doing
business with new online entities and is
developed primarily for web ecommerce
services so how does SSL exactly work
well it does it in two ways firstly is
by providing encryption and second
identification so suppose you were
transferring a bank account number
through some SSL and enabled website
then your bank account would be first
encrypted and then the message would be
transferred secondly identification is
done using SSL with the help of SSL
Certificates SSL certificates are small
data files that are digitally bind a
cryptography key to an organization's
detail when installed on a web server it
activates the padlock and the HTTPS
protocol and allow secure connection
from a web server to a browser typically
SSL is used to secure credit card
transactions data transfers and logins
and more recently is becoming the norm
when securing browsing of
sites now the SSL Certificates binds
together a domain name a server or a
host name and an organization's identity
is known by the certificate when he is
on the web so when us website is using
HTTPS you know it's using HTTP with the
secure part provided by SSL that is
provided by the SSL security
certificates okay so it's time we move
to the most important layer that is the
network layer security now in the early
90s internet was used by a few
institutions mostly for academy purposes
but in later decades the growth of
internet became exponential due to
expansion of network and several
organizations using it for communication
and other purposes with a massive growth
of Internet
combined with the inherent security
weakness of the tcp/ip protocol the need
was felt for a technology that can
provide network security on the Internet
a report entitled security in the
Internet architecture was issued by the
internet architecture board in 1994 it
identified the key areas for security
mechanisms and the IAB included
authentication and encryption as an
essential feature in the ipv6 which is
the next generation IP fortunately these
security capabilities were defined such
as they can be implemented with both the
current ipv4 and futuristic ipv6
security frameworks include IPSec and
has been defined in several requests for
comments and some RFC's specifies some
portions of the protocol while others
address the solution as a whole so the
basic goals of IPSec which is the
protocol used for network security is to
protect IP packets provide data signing
and provide defense against network
attacks okay so let me give you guys an
overview of IPSec before we continue
so the IPSec has two parts first is
IPSec communication and the second is
internet key exchange now
IPSec communication is typically
associated with standard IPSec
functionality it involves encapsulation
encryption and hashing the IP datagrams
and handling all IP packet processes
secondly it is responsible for managing
the communication according to the
available security associations
established between communicating
parties next it uses security protocols
such as authentication header and
encapsulated SP it is also important to
note that the IPSec communication is not
involved in the creation of keys or
management and IPSec communication
operations itself is formally referred
to as IPSec the second part of the IPSec
protocol is the internet key exchange
internet key exchanges automatic key
management protocol used for IPSec
technically a key management is not
essential for IPSec communication and
the keys can be manually managed however
manual key management is not desirable
for large networks thirdly internet key
exchange is responsible for creation of
keys for IPSec and providing
authentication during key establishment
process though IPSec can be used for any
other key management protocols i ke is
used by default also yke defines two
protocols called oakley and sk eme to be
used with already defined key management
frameworks an internet security
association key management protocol okay
so let's just see how IPSec works so
firstly when two computers realize that
they need to share data amongst
themselves they ask themselves one
question which is will IPSec be used by
the sending and receiving computers now
if the answer to the question is yes a
security negotiation is actually
established in this security negotiation
an encryption algorithm and decryption
algorithm is discussed between the two
computers that can be used for the
exchange of data now during the security
negotiation a session key is also
generated now after the security
negotiation takes place these session
keys are actually made known to the two
computers that are trying to communicate
with each other and they used these
session keys for encryption and
decryption purposes for the data that is
being sent over the network now so this
is how IPSec works now IPSec also
consists of various policies that make
it the de-facto for network security
protocols now the first policy on the
list is server request security policy
contrary to the name this policy can be
used on both lines and server pcs this
PC will use IPSec security for all
outbound security and this policy will
accept unsecure inbound communications
now if a client requests a secure
session the policy will allow the client
to establish one which basically means
that all computers and servers will
always request for security for all IP
based traffic the second policy we have
is client respond only policy now this
policy is designed to be run on client
machines that don't normally need to
worry
about security the policy is designed in
such a way that the client will never
initiate secure communication on its own
however if a seller requests that the
client go into secure communication mode
the client will respond appropriately
now this means that computer will only
secure the communication when the
security has been requested by the other
person - now the last policy of IPSec is
the secure server or required security
policy now according to this policy all
IP traffic that happened over a network
will only read transferred over a
secured connection okay so that was all
about security at the network layer now
let's discuss the benefits of network
security in a business nowadays computer
networks are viewed as a resource by
almost all businesses this resource
enables them to gather analyze organize
and this me8 information that is
essential to their profitability most
businesses have installed networks to
remain competitive and the most obvious
role of computer networking is that
organization can store virtually any
kind of information at a central
location and retrieve it at desired
place through the network now benefits
of computer networking enables people to
share information and ideas easily so
they can work more efficiently and
productively networks improve activities
such as purchasing and selling and
customer service networking makes
traditional business processes more
efficient and more manageable and less
expensive now the major benefits that
our business draws from computer
networks are as follows firstly is
resource sharing a business can reduce
the amount of money spent on Hardware by
sharing components and peripherals
connected to the network second is a
streamlined business process which means
computer networks enable businesses to
streamline their internal business
processes third is a collaboration among
departments now when two or more
departments of business connect selected
portions of their network they can
streamline business processes that
normally take inordinate amounts of time
and effort and often posed as
difficulties for achieving high
productivity last but not the least is
improved customer relations network
provide customers with many benefits
such as convenience in doing business
speedy service response and so on there
are many other business specific
benefits that accrue from networking
such benefits are made it essential for
all types of business to adopt computer
networking and network security as a
whole
ok guys so now that we're done with the
theory part of this tutorial is
time we move on to the demonstration
that I haven't stored for you guys today
so for this demo we are going to explore
a tool called nmap now nmap is widely
used in the cybersecurity industry for
intelligence gathering before actually
fixing any vulnerabilities that might be
there in the system so we're going to be
actually seeing how we can use nmap to
get information about a server then
actually aggressively scan any subnet
and a lot of port scanning and how you
can actually write down all these
scanned information into a file so let's
get started so you guys can easily
install nmap on your computers if you're
running Linux by going apt-get install
and mob since it's already installed in
my computer I don't need to do anything
so first of all we're going to start out
by getting information about any server
that we want so for this example I'm
gonna be using EDI rococo as the
examples over so we go nmap space and
you record Co and it'll tell us a lot
about the server let's see what happens
okay so as you guys can see it tells us
all the services that are available on
the silver so we have an SS s so that is
SS ID service that is open and it also
shows the state so the states can be
your four types so one is open one is
close one is restricted and one is
unrestricted so open states mean that
they are a place for a vulnerability to
actually enter into your system so when
actually gathering intelligence we are
always looking for these open States
okay
so for our next command we're going to
see that how we can actually scan an IP
address so for that you can go and map
and then just simply type the IP address
that's 1.6 or 1 so that's my gateway
address so it's going to tell us all
about the gateway
an nmap on our gateway gave us a lot of
information like what domain is open and
so we can see that this BGP is closed
and so moving on we can also scan
multiple IP addresses by actually
spreading out the IP addresses with
spaces 192.168.1.1 space 192.168.1.3 and
you can run this or you could just if
you wanted to go through one through 30
you could simply do this also now I'm
not going to run this command because
this takes a lot of time but it will
always scan through 192.168.1 through 1
through 30 and will give you a result of
all the 30 IP addresses also if you want
to scan all 255 of them you just replace
this with a star and this is normally
used when you are scanning your entire
subnet which is normally what you do as
a network security analyst so this is
what you would do and you would just go
out for a cup of coffee and then you
would just come back to the results it
takes that much amount of time so moving
on we can also read a lot of information
from text files like suppose you have a
few IP addresses saved on a txt file you
can actually read them through nmap and
scan them so let's create a text file
for the starch targets
dxd
so let's see if created that we've
created that so let's go can it
so let's give it to addresses 192.168
three like 1.15 and 192.168 charge 3.4
no that's wrong
1.11
okay so
let's see if that work probably
so we have our file ready with the IP
addresses so we can simply read this
with the il flag to go - I with capital
L and then you just name your file
as you guys can see it gave us
information about these two IP addresses
now moving on and map can also be used
for aggressively scanning an IP address
so for that you just go and map capital
a and you name your domain so and you
record go
now an aggressive scan normally just
means that it just gives you more
information than a normal scan would
like it gives you the OS version and
gives you the traceroute and it'll give
us a lot more information about
certificates and stuff
yeah so I think eyes can see we've got
the traceroute for the dress so you the
entire way the router has actually
routed the packet to from your client
device to the server device and it also
tells us which ports are open and a lot
of other information is given about the
server out here now sometimes you also
want to know about the OS that the
vulnerability system is running so you
can go nmap oh and Eddie Ricardo and
that'll give you an information about
the operating system being run on that
so so for example Eddie Rocca will have
a Linux o running on the system and that
will be easily shown by n map
so as you guys can see it gives us a lot
of guesses about the OSS that could be
on it
so nmap scan never sure you tell which
OS is running it'll tell your guess so
whichever guess is the most accurate
will be the one so it's like this after
a crew milord 26w environmental monitor
is running
that's a 98% yes annex recove secure
router is also there which is a 93% and
you can get a lot of information about
the OS and like out here that we come to
know that is a linux 2.6 point to 2 OS
that is running on there
so sometimes while gathering
intelligence before penetration testing
y'all might want to know what route a
packet takes from your computer to the
server you are actually communicating
with so for that you go nmap - capital P
n - - trace route and the name of the
domain so furnace eddie record co so
this will tell us how many hops there
are in reaching the eddie record or
CUSOs and the list of IP addresses that
we are going to go through so as you
guys can see it told us entire hop rod
we have 22 hops so these are the dresses
that we went through and this is the
route and the ping at each address so
sometimes also you all might want know
about the service version so suppose
there's an SSH service open and you want
to test it for vulnerabilities so it's
always great to know the service version
so for that you go and map - s and
capital V which stands for service
version and you can run this entire
command on Seoul so like previously it
gave us the state and the name of the
service now it'll also give us a version
number so as you guys can see it tells
us the ssh version is open s is at six
point six point one and told us the SMTP
is postfix SMTP D our HTTP is an Apache
HTTP D server with two point four point
two point seven and yeah that's about it
so
nmap also allows you to scan port
numbers so you can scan port numbers
with the PFLAG so next you just have to
enter the port numbers you wanna scan so
suppose we want scan through twenty to
twenty five and you can also scan
multiple port numbers by separating them
with commas so you go 80 and which is
basically SCTP and suppose you want to
go through 1 1 1 which is the RPC bind
so you can scan these port numbers
so it told us the information about 2225
like we can see that the FTP is closed
so it should be closed because FTP is
really easy to hack into and the others
are open so that's that's not a problem
for us so we can also scan port numbers
by their name so we want to scan the
HTTP port we can go and map - PS EDP we
can scan for a MySQL port so let's try
it out so as you see a HTTP port is
closed and running on eight zero zero
eight and there's one running on a port
number 80
there's also closed MySQL service
running on port number three three zero
six so that's a lot of port numbers so
sometimes you also might want to save
the results of your scan into your text
file so you can easily do that by going
nmap - f so f will actually do a very
fast scan and then you use the O n flag
smaller and capital n which tells us
that we're gonna write it down into a
normal text file so we're gonna do it
logs dot txt and we're gonna scan
through Eddie record over again so let's
see so our scan is over and as you guys
noticed that was a very very fast scan
and if we go into our directory we see
that we have a log short txt file and if
we cut that file we see it's the same
output so we've actually written down a
file with all the scan results so that
was it for an nmap demo guys I hope you
all learned something valuable today and
that's it for this video on network
security tutorial goodbye I hope you
have enjoyed listening to this video
please be kind enough to like it and you
can comment any of your doubts and
queries and we will reply them at the
earliest do look out for more videos in
our playlist and subscribe to Eddie
rekha channel to learn more happy
learning
