Network Security Tutorial | Introduction to Network Security | Network Security Tools | Edureka


hi guys my name is Aria and I welcome

you all to another interesting session

on cybersecurity today's video is gonna

target network security and throughout

the course of this video we're gonna see

the need for network security

what exactly is network security and the

security that is variously applied in

the application layer transport layer

and network layer and the network

security for businesses ok so let's get

into today's session without wasting

much time so in this modern era

organizations greatly rely on computer

networks to share information throughout

the organization in an efficient and

productive manner organizational

computer networks are now becoming a

large and new victus assuming that each

staff member has a dedicated workstation

a large scale company would have a few

thousand workstations and many servers

on the network it is likely that these

workstations may not be centrally

managed nor would they have parameter

protection now they have a variety of

operating systems hardware software and

protocols with different level of cyber

awareness among users now imagine these

thousands of workstations on company

networks are directly connected to the

Internet this sort of unsecured Network

becomes a target for an attack which

holds valuable information and displays

vulnerabilities now network security

consists of policies and practices

adopted to prevent and monitor

unauthorized access misuse modification

or denial of a computer network and

network accessible resources only

network security can protect you from a

Trojan horse viruses network security

involves the authorization of access to

data in a network which is controlled by

the network administrator users choose

or are assigned an ID and password or

other authenticating information that

allows them to access to information and

programs within their authority network

security coverage transactions and

communications among businesses

government agencies and individuals two

networks can be private such as within

the company and others which might be

open to public access and network

security is involved in organizations

and prizes and other types of

institutions it does as as title

explains it secures the network as well

as protecting and overseeing operations

being done and the most common and

simple way of

a network resource is by assigning it a

unique name and a corresponding password

okay so now let's see why the need for

network security arose so the tcp/ip

protocol suit which is the major

protocol sued used for communication was

created in 1980s as an internet working

solution with very little concern for

security aspects it was developed for a

communication in the limited trusted

Network however or a period

this protocol became the de facto

standard for the unsecured internet

communication now some of the common

security vulnerabilities of tcp/ip

protocol suits are as follows firstly

HTTP is an application layer protocol in

tcp/ip sood used for transfer files that

make up the web pages for the web

servers these transfers are done in

plain network security for text and an

intruder can easily read the data

packets exchanged between server and a

client another HTTP vulnerability is a

weak authentication between the client

and the web server during the

initialization of the session the

vulnerability can lead to a session

hijacking attack where the attacker

steals an HTTP session of the legitimate

user thirdly TCP protocol vulnerability

is the three-way handshake for

connection establishment an attacker can

launch a denial of service attack called

syn flooding to exploit this

vulnerability he establishes a lot of

half-open sessions by not completing the

handshake and this leads to server

overloading and eventually a crash the

fourth vulnerability is that the IP

layer is susceptible to many

vulnerabilities in itself through an IP

protocol header modification an attacker

can launch an IP spoofing attack that

can be a serious conundrum to your

business now apart from the full

vulnerabilities mentioned many other

security vulnerabilities exist in TCP IP

protocol family in design as well in its


incidentally in TCP IP based network

communication if one layer is hacked the

other layers do not become aware of the

HA and the entire communication gets

compromised hence there is need to

employ a security controls at each layer

to ensure foolproof security now as

discussed earlier there exists large

number of vulnerabilities in the network

thus during transmission Teta is highly

vulnerable to attacks an attacker can

target the communication channel obtain

the data and read the same or reinsert a

false message to achieve his net

for his aims now network security is not

only concerned about the security of the

computer at each end of the

communication gene however it aims to

ensure that the entire network is secure

network security EMM deals protecting

the usability reliability integrity and

safety of network and data effectively

now network security defeats a variety

of threats from entering or spreading on

a network the primary goal of network

security are confidentiality integrity

and availability these three pillars of

network security are often represented

as a CIA triangle now the function of

confidentiality is to protect precious

Christmas data from unauthorized person

confidentiality part of network security

makes sure that data is available only

to the intended and authorized people

next the goal of integrity is the

maintenance and assurance of accuracy

and consistency of data the functions of

integrity is to make sure that data is

reliable and is not changed by

unauthorized people and last but not

least the function of availability and

network security is to make sure that

data network and this resources are

continuously available to the legitimate

user when they require it now ensuring

network security may appear to be very


the goal is to be achieved seemed to be

straightforward but in reality the

mechanism used to achieve these goals

are highly complex and understanding

them involves sound reasoning

International Telecommunication Union or

the ITU in its recommendation on

security architecture of X point 800 has

defined certain mechanisms to bring the

standardization in methods to achieve

network security some of these

mechanisms are as in cipher mint so this

mechanism provides data confidentiality

services by transforming data into not

readable form for the unauthorized

people this mechanism uses encryption

and decryption algorithm with the use of

secret keys next is digital signatures

now this mechanism is the electronic

equivalent of ordinary signatures in

electronic data it provides authenticity

of the data third is access control this

mechanism is used to provide access

control services these mechanisms may

use identification and authentication of

an entity to determine and enforce the

access rights of the entity before he

touches anything on the network

now having developed and identified

various security mechanisms for


with security it is essential to decide

where to apply them both physically at

what location and logically at what

layer of an architecture such as tcp/ip

okay so it's time we discuss the

application layer security and this is

the first layer that we're going to

discuss in today's tutorial now various

business services are now offered online

through client-server applications the

most popular form are web applications

and email in both applications the

client communicates to the designated

server and obtain services while using a

service from any server application the

client and server exchange lot of

information on the underlying internet

and Internet

we are aware of the fact that these

information transactions are vulnerable

to various attacks now network security

until securing data against attacks

while it is in transit on a network to

achieve this goal

many real-time security protocols have

been designed such protocols need to

provide at least the following primary

objectives firstly the parties can

negotiate interactively to authenticate

each other secondly establish a secret

session key before exchanging

information on a network and last but

not the least the exchange information

must be in encrypted form interestingly

these protocols work at different layers

of networking model for example the s

mime protocol works at an application

layer and the SSL protocol is developed

to work at the transport layer and the

IPSec protocol works at the network

layer so we're going to discuss how

email security works because it's very

important to the application layer

security as many of the application

layer information is mostly through

emails or web server architectures we're

going to choose email for this one now

the simplest way of sending an email

would be sending a message directly from

the sender's machine to the recipients

machine in this case it is essential for

both machines to be running on the

network simultaneously however this

setup is impractical as users may

occasionally connect to their machines

to the network hence the concept of

setting up email servers arrived in the

set of the mail is sent to the email

server which is permanently available on

the network when the recipients machine

connects to their network it reads the

mail from the mail server and in general

the email infrastructure consists of a

mesh of mail servers also termed as a

message transfer agent or an MTA and the

clients machines running an email

programming comprising

of a user Asian and in local empty a now

the growing use of email communication

for important and crucial transactions

demands provision of certain fundamental

security services such as the following

firstly is confidentiality now email

messages should not be read by anyone

but the intended recipient second is

authentication that is email recipient

can be sure of the identity of the user

third is integrity and that is assurance

to the recipient that the email message

has not been altered since it was

transmitted by the sender next is proof

of delivery that is the sender gets a

confirmation that the recipient will

receive the message

second last is non repudiation which is

email recipient is able to prove to a

third party that the sender really did

send the message lastly we have proof of

submission which is that the email

sender gets confirmation that the

message is handed over to the mail

delivery system now security services

such as privacy authentication message

integrity and non-repudiation are

usually provided by using public key

cryptography now pretty good privacy or

PGP is an email encryption scheme it has

become the de facto standard for

providing security services for email

communication now as discussed it uses

public key cryptography symmetric key

cryptography hash functions and digital

signatures it provides privacy send the

authentication message integrity and

non-repudiation now along with these

security services and also provides data

compression and key management support

PGP uses existing cryptographic

algorithms such as RSA IDE a md5 etc

rather than inventing the new ones so

how does PGP exactly work well firstly

we have a message for example hi Varun

has your cache so now this message is

hashed using the md5 algorithm and a

hash is actually made now the resultant

128-bit hash is signed using the private

key of the sender using the RSA

algorithm next the digital signature is

concatenated to the message and the

result is compressed

now 128-bit symmetric key KS is

generated and used to encrypt the

compressed message with the

International data encryption algorithm

or ID EA now the symmetric key KS is

encrypted using public key of the

recipient using RSA algorithm and the

results is appended to the encrypted


now PGP key certificate is normally

established through a chain of trust for

example is public key is signed by P

using his public key and beasts public

key is signed by C using his public key

as this process goes on it establishes a

web of trust in a PGP environment any

user can act as a certifying authority

and any PGP user can certify another PGP

uses public key however such a

certificate is only valid to another

user if the user recognizes the

certified as a trusted introducer

several issues exist with such a

certification method and it may be

difficult to find a chain leading from a

known and trusted public key to desired

key also there might be multiple chains

which can lead to different keys for

desired users okay so that was all about

application layer security it's time we

moved to the transport layer now suppose

you're visiting a shopping site like

jabong comm and you want to buy a

sweatshirt now you enter the type of

good and the quantity desired and then

the address and payment card details now

you click on submit and wait for the

delivery of goods with debit price of

amount from the account now all this

sounds good but in the absence of

network security you could face a few

surprises for example if the transaction

did not use confidentiality an attacker

could obtain your payment card

information and then the attacker can

then make purchases at your expense if

no data integrity was used in the

communication an attacker could modify

Bob's order in terms of type or quantity

of goods lastly if no server

authentication was used a server could

display the website and his famous logo

but the site could be malicious site

maintained by an attacker who is

masquerading as jabong comm and after

receiving your order he would take your

money and flee or he could carry out an

identity theft by collecting all your

name and your credit card details now

transport layer security schemes can

address these problems by enhancing TCP

IP based network communications with

confidentiality data integrity server

authentication and client authentication

the security at this layer is mostly

used to secure HTTP based web

transactions on a network and this is

mostly doesn't through a protocol called

SSL okay so in the year 1995 Netscape

developed SSL version 2 and this used in

Netscape Navigator 1.1 the SSL version 1

was never published and used

Microsoft improved upon SSS version two

and introduced another similar protocol

named private communication technology

or PCT Netscape substantially improved

SSL version 2 on various security issues

and then deployed as a solution 3 in

1999 the internet Engineering Task Force

subsequently introduced a similar TLS

protocol as an open standard TLS

protocol is non interoperable with SSL

version 3 now TLS modified the

cryptographic algorithms for key

expansion and authentication also TLS

suggested use of open cryptography

Hellman and digital signature standards

in place of pattern that I'll say that

is used in SSL but due to the expiry of

RSA Peyton in 2000 there existed no

strong reason for users to shift away

from the widely deployed TLS to SSL

version 3 so this is why SSL version 3

is mainly used over TLS in various sites

and applications so the salient features

of SSL protocol are as follows this will

provide network connection security

through confidentiality that is

information is exchanged in an encrypted

form then it provides authentication

which is communication entities identify

each other through the use of digital

certificates web server authentication

is mandatory whereas client

authentication is kept optimal and third

is reliability which maintains message

integrity in check moving on SSL is

always available for TCP applications

and it is supported by almost all the

web browsers it provides ease and doing

business with new online entities and is

developed primarily for web ecommerce

services so how does SSL exactly work

well it does it in two ways firstly is

by providing encryption and second

identification so suppose you were

transferring a bank account number

through some SSL and enabled website

then your bank account would be first

encrypted and then the message would be

transferred secondly identification is

done using SSL with the help of SSL

Certificates SSL certificates are small

data files that are digitally bind a

cryptography key to an organization's

detail when installed on a web server it

activates the padlock and the HTTPS

protocol and allow secure connection

from a web server to a browser typically

SSL is used to secure credit card

transactions data transfers and logins

and more recently is becoming the norm

when securing browsing of

sites now the SSL Certificates binds

together a domain name a server or a

host name and an organization's identity

is known by the certificate when he is

on the web so when us website is using

HTTPS you know it's using HTTP with the

secure part provided by SSL that is

provided by the SSL security

certificates okay so it's time we move

to the most important layer that is the

network layer security now in the early

90s internet was used by a few

institutions mostly for academy purposes

but in later decades the growth of

internet became exponential due to

expansion of network and several

organizations using it for communication

and other purposes with a massive growth

of Internet

combined with the inherent security

weakness of the tcp/ip protocol the need

was felt for a technology that can

provide network security on the Internet

a report entitled security in the

Internet architecture was issued by the

internet architecture board in 1994 it

identified the key areas for security

mechanisms and the IAB included

authentication and encryption as an

essential feature in the ipv6 which is

the next generation IP fortunately these

security capabilities were defined such

as they can be implemented with both the

current ipv4 and futuristic ipv6

security frameworks include IPSec and

has been defined in several requests for

comments and some RFC's specifies some

portions of the protocol while others

address the solution as a whole so the

basic goals of IPSec which is the

protocol used for network security is to

protect IP packets provide data signing

and provide defense against network

attacks okay so let me give you guys an

overview of IPSec before we continue

so the IPSec has two parts first is

IPSec communication and the second is

internet key exchange now

IPSec communication is typically

associated with standard IPSec

functionality it involves encapsulation

encryption and hashing the IP datagrams

and handling all IP packet processes

secondly it is responsible for managing

the communication according to the

available security associations

established between communicating

parties next it uses security protocols

such as authentication header and

encapsulated SP it is also important to

note that the IPSec communication is not

involved in the creation of keys or

management and IPSec communication

operations itself is formally referred

to as IPSec the second part of the IPSec

protocol is the internet key exchange

internet key exchanges automatic key

management protocol used for IPSec

technically a key management is not

essential for IPSec communication and

the keys can be manually managed however

manual key management is not desirable

for large networks thirdly internet key

exchange is responsible for creation of

keys for IPSec and providing

authentication during key establishment

process though IPSec can be used for any

other key management protocols i ke is

used by default also yke defines two

protocols called oakley and sk eme to be

used with already defined key management

frameworks an internet security

association key management protocol okay

so let's just see how IPSec works so

firstly when two computers realize that

they need to share data amongst

themselves they ask themselves one

question which is will IPSec be used by

the sending and receiving computers now

if the answer to the question is yes a

security negotiation is actually

established in this security negotiation

an encryption algorithm and decryption

algorithm is discussed between the two

computers that can be used for the

exchange of data now during the security

negotiation a session key is also

generated now after the security

negotiation takes place these session

keys are actually made known to the two

computers that are trying to communicate

with each other and they used these

session keys for encryption and

decryption purposes for the data that is

being sent over the network now so this

is how IPSec works now IPSec also

consists of various policies that make

it the de-facto for network security

protocols now the first policy on the

list is server request security policy

contrary to the name this policy can be

used on both lines and server pcs this

PC will use IPSec security for all

outbound security and this policy will

accept unsecure inbound communications

now if a client requests a secure

session the policy will allow the client

to establish one which basically means

that all computers and servers will

always request for security for all IP

based traffic the second policy we have

is client respond only policy now this

policy is designed to be run on client

machines that don't normally need to


about security the policy is designed in

such a way that the client will never

initiate secure communication on its own

however if a seller requests that the

client go into secure communication mode

the client will respond appropriately

now this means that computer will only

secure the communication when the

security has been requested by the other

person - now the last policy of IPSec is

the secure server or required security

policy now according to this policy all

IP traffic that happened over a network

will only read transferred over a

secured connection okay so that was all

about security at the network layer now

let's discuss the benefits of network

security in a business nowadays computer

networks are viewed as a resource by

almost all businesses this resource

enables them to gather analyze organize

and this me8 information that is

essential to their profitability most

businesses have installed networks to

remain competitive and the most obvious

role of computer networking is that

organization can store virtually any

kind of information at a central

location and retrieve it at desired

place through the network now benefits

of computer networking enables people to

share information and ideas easily so

they can work more efficiently and

productively networks improve activities

such as purchasing and selling and

customer service networking makes

traditional business processes more

efficient and more manageable and less

expensive now the major benefits that

our business draws from computer

networks are as follows firstly is

resource sharing a business can reduce

the amount of money spent on Hardware by

sharing components and peripherals

connected to the network second is a

streamlined business process which means

computer networks enable businesses to

streamline their internal business

processes third is a collaboration among

departments now when two or more

departments of business connect selected

portions of their network they can

streamline business processes that

normally take inordinate amounts of time

and effort and often posed as

difficulties for achieving high

productivity last but not the least is

improved customer relations network

provide customers with many benefits

such as convenience in doing business

speedy service response and so on there

are many other business specific

benefits that accrue from networking

such benefits are made it essential for

all types of business to adopt computer

networking and network security as a


ok guys so now that we're done with the

theory part of this tutorial is

time we move on to the demonstration

that I haven't stored for you guys today

so for this demo we are going to explore

a tool called nmap now nmap is widely

used in the cybersecurity industry for

intelligence gathering before actually

fixing any vulnerabilities that might be

there in the system so we're going to be

actually seeing how we can use nmap to

get information about a server then

actually aggressively scan any subnet

and a lot of port scanning and how you

can actually write down all these

scanned information into a file so let's

get started so you guys can easily

install nmap on your computers if you're

running Linux by going apt-get install

and mob since it's already installed in

my computer I don't need to do anything

so first of all we're going to start out

by getting information about any server

that we want so for this example I'm

gonna be using EDI rococo as the

examples over so we go nmap space and

you record Co and it'll tell us a lot

about the server let's see what happens

okay so as you guys can see it tells us

all the services that are available on

the silver so we have an SS s so that is

SS ID service that is open and it also

shows the state so the states can be

your four types so one is open one is

close one is restricted and one is

unrestricted so open states mean that

they are a place for a vulnerability to

actually enter into your system so when

actually gathering intelligence we are

always looking for these open States


so for our next command we're going to

see that how we can actually scan an IP

address so for that you can go and map

and then just simply type the IP address

that's 1.6 or 1 so that's my gateway

address so it's going to tell us all

about the gateway

an nmap on our gateway gave us a lot of

information like what domain is open and

so we can see that this BGP is closed

and so moving on we can also scan

multiple IP addresses by actually

spreading out the IP addresses with

spaces space and

you can run this or you could just if

you wanted to go through one through 30

you could simply do this also now I'm

not going to run this command because

this takes a lot of time but it will

always scan through 192.168.1 through 1

through 30 and will give you a result of

all the 30 IP addresses also if you want

to scan all 255 of them you just replace

this with a star and this is normally

used when you are scanning your entire

subnet which is normally what you do as

a network security analyst so this is

what you would do and you would just go

out for a cup of coffee and then you

would just come back to the results it

takes that much amount of time so moving

on we can also read a lot of information

from text files like suppose you have a

few IP addresses saved on a txt file you

can actually read them through nmap and

scan them so let's create a text file

for the starch targets


so let's see if created that we've

created that so let's go can it

so let's give it to addresses 192.168

three like 1.15 and 192.168 charge 3.4

no that's wrong


okay so

let's see if that work probably

so we have our file ready with the IP

addresses so we can simply read this

with the il flag to go - I with capital

L and then you just name your file

as you guys can see it gave us

information about these two IP addresses

now moving on and map can also be used

for aggressively scanning an IP address

so for that you just go and map capital

a and you name your domain so and you

record go

now an aggressive scan normally just

means that it just gives you more

information than a normal scan would

like it gives you the OS version and

gives you the traceroute and it'll give

us a lot more information about

certificates and stuff

yeah so I think eyes can see we've got

the traceroute for the dress so you the

entire way the router has actually

routed the packet to from your client

device to the server device and it also

tells us which ports are open and a lot

of other information is given about the

server out here now sometimes you also

want to know about the OS that the

vulnerability system is running so you

can go nmap oh and Eddie Ricardo and

that'll give you an information about

the operating system being run on that

so so for example Eddie Rocca will have

a Linux o running on the system and that

will be easily shown by n map

so as you guys can see it gives us a lot

of guesses about the OSS that could be

on it

so nmap scan never sure you tell which

OS is running it'll tell your guess so

whichever guess is the most accurate

will be the one so it's like this after

a crew milord 26w environmental monitor

is running

that's a 98% yes annex recove secure

router is also there which is a 93% and

you can get a lot of information about

the OS and like out here that we come to

know that is a linux 2.6 point to 2 OS

that is running on there

so sometimes while gathering

intelligence before penetration testing

y'all might want to know what route a

packet takes from your computer to the

server you are actually communicating

with so for that you go nmap - capital P

n - - trace route and the name of the

domain so furnace eddie record co so

this will tell us how many hops there

are in reaching the eddie record or

CUSOs and the list of IP addresses that

we are going to go through so as you

guys can see it told us entire hop rod

we have 22 hops so these are the dresses

that we went through and this is the

route and the ping at each address so

sometimes also you all might want know

about the service version so suppose

there's an SSH service open and you want

to test it for vulnerabilities so it's

always great to know the service version

so for that you go and map - s and

capital V which stands for service

version and you can run this entire

command on Seoul so like previously it

gave us the state and the name of the

service now it'll also give us a version

number so as you guys can see it tells

us the ssh version is open s is at six

point six point one and told us the SMTP

is postfix SMTP D our HTTP is an Apache

HTTP D server with two point four point

two point seven and yeah that's about it


nmap also allows you to scan port

numbers so you can scan port numbers

with the PFLAG so next you just have to

enter the port numbers you wanna scan so

suppose we want scan through twenty to

twenty five and you can also scan

multiple port numbers by separating them

with commas so you go 80 and which is

basically SCTP and suppose you want to

go through 1 1 1 which is the RPC bind

so you can scan these port numbers

so it told us the information about 2225

like we can see that the FTP is closed

so it should be closed because FTP is

really easy to hack into and the others

are open so that's that's not a problem

for us so we can also scan port numbers

by their name so we want to scan the

HTTP port we can go and map - PS EDP we

can scan for a MySQL port so let's try

it out so as you see a HTTP port is

closed and running on eight zero zero

eight and there's one running on a port

number 80

there's also closed MySQL service

running on port number three three zero

six so that's a lot of port numbers so

sometimes you also might want to save

the results of your scan into your text

file so you can easily do that by going

nmap - f so f will actually do a very

fast scan and then you use the O n flag

smaller and capital n which tells us

that we're gonna write it down into a

normal text file so we're gonna do it

logs dot txt and we're gonna scan

through Eddie record over again so let's

see so our scan is over and as you guys

noticed that was a very very fast scan

and if we go into our directory we see

that we have a log short txt file and if

we cut that file we see it's the same

output so we've actually written down a

file with all the scan results so that

was it for an nmap demo guys I hope you

all learned something valuable today and

that's it for this video on network

security tutorial goodbye I hope you

have enjoyed listening to this video

please be kind enough to like it and you

can comment any of your doubts and

queries and we will reply them at the

earliest do look out for more videos in

our playlist and subscribe to Eddie

rekha channel to learn more happy