- Definition, Uses And Benefits
- Overview Of Network Topologies
- Overview Of Network Types
- Protocols And Standards
- Osi Reference Model
- Tcp/Ip Model
- Comparison Of Osi And Tcp/Ip
- Connectionless And Connection Oriented Network Services
- Internet, Isp, Backbone Overview
- Client Server And Peer To Peer Network
- Assignemnt -Chapter 1
- Chapter 1 Slides-Bca
- Chapter 1 Slides-Bsccsit
- Definition And Function
- Overview Of Llc And Mac
- Framing
- Flow Control
- Channel Allocation Techniques
- Ethernet Standards
- Dll Protocol
- Hamming Code-(Error Detection And Correction)
- Asynchronous Transfer Mode(Atm)
- Ieee 802.11
- Error Detection And Correction
- Parity Check - Error Detection
- Checksum -Error Detection
- Crc- Cyclic Redundancy Code
- Data Link Layer - Slides
- Introduction And Function
- Ipv4 Addressing And Subnetting
- Classful Address And Classless Addressing
- Ipv6 Addressing And Features
- Ipv4 And Ipv6 Header Format
- Comparision Of Ipv4 And Ipv6
- Example Address: Unicast, Multicast And Broadcast
- Example Address: Unicast, Multicast And Broadcast
- Routing And Routing Table
- Types Of Routing (Static Vs Dynamic, Unicast Vs Multicast,Link State Vs Distance Vector, Interior Vs Exterior)
- Routing Algorithm
- Routing Protocols
- Ipv4 To Ipv6 Transition Mechanism
- Icmp And Icmpv6
- Nat
- Network Traffic Analysis
- Firewall
- Access Control List
- Path Computation Algorithm
- Subnetting Numerical
- Lab 5:Basic Router Configuration
- Static Routing
- Dynamic Routing
- Creation Of Vlan And Trunking
- Creating A Lan And Connectivity Test In Lan
- Lab 3: Basic Network Command
- Implement Firewall Using Packet Tracer
- Basic Firewall Implementation
- Dns And Web Server Configuration
- Ftp
- Acl(Access Control List)
- Ethernet Cabling- Straight And Crossover
- Lab 1: Prepare A Hardware And Software Specification For Basic Computer System
- Lab 3: Determine Appropriate Placement Of Networking Device On A Network
IPSEC
The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols between two communication points across the IP network that provide data authentication, integrity, and confidentiality.
It also defines the encrypted, decrypted and authenticated packets. The protocols needed for secure key exchange and key management are defined in it.
Uses of IP Security –
IPsec can be used to do the following things:
- To encrypt application layer data.
- To provide security for routers sending routing data across the public internet.
- To authenticate that the data originates from a known sender.
- To protect network data.
- Security Parameter Index(SPI):
This parameter is used by the Security Association. It is used to give a unique number to the connection build between Client and Server. - Sequence Number:
Unique Sequence numbers are allotted to every packet so that at the receiver side packets can be arranged properly. - Payload Data:
Payload data means the actual data or the actual message. The Payload data is in encrypted format to achieve confidentiality. - Padding:
Extra bits or space added to the original message in order to ensure confidentiality. Padding length is the size of the added bits or space in the original message. - Next Header:
Next header means the next payload or next actual data. - Authentication Data
This field is optional.
Virtual Private Network (VPN) | An Introduction
VPN stands for virtual private network. A virtual private network (VPN) is a technology that creates a safe and encrypted connection over a less secure network, such as the internet.
The name only suggests that it is a Virtual “private network” i.e. a user can be the part of a local network sitting at a remote location. It makes use of tunneling protocols to establish a secure connection.
Lets understand VPN by an example:
Think of a situation where the corporate office of a bank is situated in Washington, USA. This office has a local network consisting of say 100 computers. Suppose other branches of the bank are in Kathmandu and Tokyo. We need to establish a secure connection between the head office and branch office. VPN lets us overcome this issue in an effective manner.
The situation is described below:
- All 100 hundred computers of the corporate office at Washington are connected to the VPN server(which is a well configured server containing a public IP address and a switch to connect all computers present in the local network i.e. in the US head office).
- The person sitting in the Kathmandu office connects to The VPN server using a dial up window and VPN server returns an IP address which belongs to the series of IP addresses belonging to the local network of the corporate office.
- Thus a person from Kathmandu branch becomes local to the head office and information can be shared securely over the public internet.
- So this is the intuitive way of extending local networks even across the geographical borders of the country.
FIREWALL
A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.
Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.
How does a firewall work?
Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming from unsecured or suspicious sources to prevent attacks.
Firewalls guard traffic at a computer’s entry point, called ports, which is where information is exchanged with external devices.
Think of IP addresses as houses, and port numbers as rooms within the house.
Only trusted people (source addresses) are allowed to enter the house (destination address) at all—then it’s further filtered so that people within the house are only allowed to access certain rooms (destination ports), depending on if they're the owner, a child, or a guest.
The owner is allowed into any room (any port), while children and guests are allowed into a certain set of rooms (specific ports).
Types of firewalls
Firewalls are generally of two types: Host-based and Network-based.
1. Host- based Firewalls : Host-based firewall is installed on each network node which controls each incoming and outgoing packet. It is a software application or suite of applications, which comes as a part of the operating system.
2. Network-based Firewalls : Network firewall function on network level. In other words, these firewalls filter all incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic using rules defined on the firewall. M
Generation of Firewall
Firewalls can be categorized based on its generation.
First Generation- Packet Filtering Firewall : Packet filtering firewall is used to control network access by monitoring outgoing and incoming packets and allowing them to pass or stop based on source and destination IP address, protocols and ports. It analyzes traffic at the transport protocol layer (but mainly uses first 3 layers).
Second Generation- Stateful Inspection Firewall : A stateful firewall is a firewall that monitors the full state of active network connections. This means that stateful firewalls are constantly analyzing the complete context of traffic and data packets.
Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when certain applications and protocols (like HTTP, FTP) are being misused.
Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed these days to stop modern security breaches like advanced malware attacks and application-layer attacks.
Wireless-Security
Wireless network security primarily protects a wireless network from unauthorized and malicious access attempts.
Typically, wireless network security is delivered through wireless devices (usually a wireless router/switch) that encrypts and secures all wireless communication by default.
Even if the wireless network security is compromised, the hacker is not able to view the content of the traffic/packet in transit.
Some of the common algorithms and standards to ensure wireless network security are Wired Equivalent Policy (WEP) and Wireless Protected Access (WPA).
How Does Wireless Security Work?
Wireless Security Protocols such as Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) are the authentication security protocols created by the Wireless Alliance used to ensure wireless security. There are four wireless security protocols currently available.
- Wired Equivalent Privacy (WEP)
Wired Equivalent Privacy (WEP) is the oldest security algorithm of 1999. The first versions of the WEP algorithm were not predominantly strong enough, even when it got released. But the reason for this weak release was because of U.S. limits on exporting different cryptographic technologies, which led the manufacturing companies to restrict their devices to 64-bit encryption only. Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access (WPA) was the next Wi-Fi Alliance's project that replaced the WEP standard's increasingly noticeable vulnerabilities. WPA was officially adopted in the year 2003, one year before the retirement of WEP. WPA's most common configuration is with WPA-PSK, which is abbreviated as Pre-Shared Key. WPA uses 256-bit, which was a considerable enhancement above the 64-bit as well as 128-bit keys.
- Wi-Fi Protected Access 2 (WPA 2)
Wi-Fi Protected Access II (WPA2) became official in the year 2006 after WPA got outdated. It uses the AES algorithms as a necessary encryption component.
- Wi-Fi Protected Access 3 (WPA 3)
Wi-Fi Protected Access 3 (WPA3) is the latest and the third iteration of this family developed under Wi-Fi Alliance. It has personal and enterprise security-support features and uses 384-bit Hashed Message Authentication Mode.