SUBJECT CODE : CCS354 Strictly as per Revised Syllabus of ANNA UNIVERSITY Choice Based Credit System (CBCS) Vertical - 4 (Cyber Security and Data Privacy) (CSE/IT/Al2DS) NETWORK SECURITY Vilas S. Bagad PUBLICATIONS swice 1692 ‘An Up-Thrust for KnowledgeSYLLABUS Network Security - [ccs354] UNIT INTRODUCTION Basics of cryptography, conventional and public-key cryptography, hash functions, authentication, and digital signatures. (Chapter - 1) UNIT IT KEY MANAGEMENT AND AUTHENTICATION Key Management and Distribution : Symmetric Key Distribution, Distribution of Public Keys, X.509 Certificates, Public-Key Infrastructure, User Authentication : Remote User- Authentication Principles, Remote User-Authentication Using Symmetric Encryption, Kerberos Systems, Remote User Authentication Using Asymmetric Encryption. (Chapter - 2) UNITIII. ACCESS CONTROL AND SECURITY Network Access Control : Network Access Control, Extensible Authentication Protocol, IEEE 802.1X Port-Based Network Access Control - IP Security - Internet Key Exchange (IKE). Transport-Level Security : Web Security Considerations, Secure Sockets Layer, Transport Layer Security, HTTPS standard, Secure Shell (SSH) application. (Chapter - 3) UNITIV APPLICATION LAYER SECURITY Electronic Mail Security : Pretty Good Privacy, S/MIME, Domain Keys Identified Mail. Wireless Network Security : Mobile Device Security. (Chapter - 4) UNIT V SECURITY PRACTICES Firewalls and Intrusion Detection Systems : Intrusion Detection Password Management, Firewall Characteristics Types of Firewalls, Firewall Basing, Firewall Location and Configurations. Blockchains, Cloud Security and IoT security. (Chapter - 5) (iv)Chapters 1 Introduction 1.1 Basles of Cryptography 1-2 LLL Basic Terminologies tt Security acs : sarogaoossrreeee Li 2 VL2 CaLOROHOS oss i ansencsnrnscninsasntanes 1-3 ALA Techniques. 1-4 1.1.4 Elements of Information Security. LAS Threats and Vulnerability LAG Cryptography... 1.2 A Model for Network Security,. 1.3 Conventional Cryptography 1.3.1 Advantages of Symmetric Ciphers. 1.3.2. Disadvantages of Symmetric Ciphers 1.4 Public-key Cryptography .. 1.4.1 Advantages and Disadvantages. 1.4.2. Comparison between Public Key and Private Key Algorithm... 1.5 Security Attacks. 1.5.1 Passive Attack . 1.5.2. Active Attack [Link] Difference between Passive and Active Attack... 1.5.3. Man-in-the-Middle Attack 1.6 Hash Function. 1.6.1 Requirements of Hash Functions, 1.6.2 Applications of Hash Function .. 1.6.3 Birthday Attack ... 1.6.4 Attack on Collision Resistance... 1.6.5 Secure of Hash Function and HMA\ w)1.6.6 HMAC.. 1.6.7 CMAC.. 1-28 1-31 1.6.8 Secure Hash Algorithm....... 1.6.9. Secure Hash Algorithm (SHA-512) 1.7. Authentication... 1.7.1 Authentication Requirements... 1-49 1.7.2 Authentication Function... 1-4] 1.7.3 MAC. 1246 1.8 Digital Signatures 1.8.1 Arbitrated Digital Signatures ... 1.8.2. Direct Digital Signature... 1-51 1.8.3. Digital Signature Standard... 1-52 1.8.4 Digital Signature Algorithm. 1-53 1.9 Two Marks Questions with Answers 1-56 Chapter-2 Key Management and Authentication (2 - 1) to (2 - 40) 2.1 Key Management and Distribution... 2.1.1. Distribution of Public Keys.. 2.1.2. Distribution of Secret Keys using Public Key Cryptography. 2.1.3. Key Distribution and Certification .. 2.1.4 Key Distribution... 2.2 X.S09 Certificates. 2.2.1. X.509 Format of Certificate ... 2.2.2. Obtaining User’s Certificate 2.2.3. Revocation of Certificate: 2.2.4 Authentication Procedures 2.3 Public-Key Infrastructure... 2.4 User Authentication ... 2.5 Remote User Authentication Principles .. wi2.5.1 Mutual Authentication ... 2.5.2 One Way Authentication... [Link] Password based Authentication... 2.6 Remote User-Authentication using Symmetric Encryption ...... 2.7 Remote User-Authentication Using Asymmetric Encryption... 2.8 Kerberos Systems sess. 2.8.1. Kerberos Terminology micas scenic 2230 2.8.2 Kerberos Version 4 wees 7 a 2-30 [Link] Simple Authentication Dialogue . . P 2-30 [Link] Secure Authentication Dialogue Bains 2-31 [Link] Kerberos Realms .ssnnainneee a ithe = 32 2.8.3. Kerberos Version 5... 7 2-33 [Link] Version 5 Authentication Dialogue..... “ 2-33 2.8.4 Comparison between Kerberos Versions 4 and 5... 2-34 2.8.5. Strengths of Kerberos... 2-35 2.8.6 Weakness of Kerberos 2.8.7. Difference between Kerberos and SSL... 2.9 Two Marks Questions with Answers Chapter - 3 Access Control and Security (3 - 1) to (3 - 34) 3.1 Network Access Control....... 3-2 3.1.1. Extensible Authentication Protocol. 3-3 3.1.2 Advantages Network Access Control... 3-4 3.2 IEEE 802.1X Port - based Network Access Control... 13-4 3.3. IP Security... 3.3.1 IP Security Architecture... 3.3.2 IPSec Document... 3.3.3 IPSec Services... 3.3.4 Security Association.3.4 3.5 3.6 3.7 3.8 3.9 3.10 HTTPS Standard 3.11 Secure Shell (SSH) Application. 3.12 Two Marks Questions with Answers 3.3.5 SA Parameters .. 3.3.6 Transport Mode... “3-11 3.3.7 Tunnel Mode. 3.3.8 Application of IPSec... “3-12 “2 3-13 3.3.9 Benefits of IPSec .. Authentication Header 3.4.1. AH Transport Mode... 3-14 3.4.2 AH Tunnel Mode... ESP 3.5.1 ESP Format.. 3.5.2. Encryption and Authentication Algorithms .. 3.5.3 Padding 3.5.4 Comparison between AH and ESP... Internet Key Exchange (IKE) .. Web Security Considerations 3.7.1 Web Security Issue. 3.7.2. Transport Layer Security... Secure Sockets Layer. 3.8.1 SSL Architecture. 3.8.2 SSL Record Protocol 3.8.3. Handshake Protocol.. 3.8.4 Comparison between IPSec and SSL. 3.8.5 Comparison of SSL and TLS Transport Layer Security (vii)UNIT Chapter -4 Application Layer Security (4 - 1) to (4 - 38) 4.1. Electronic Mail Security WA? 4.1.1 Pretty Good Privacy 4-2 [Link] PGP Operation oT bie i vee 3 [Link]. Cryptographic Keys and Key Rings wissen ieDase 4-8 [Link] Message Format 4-10 [Link] PGP Message Generation 4-12 [Link] PGP Message Reception wise a Basses chess 4-13 [Link] Concept of Trust .... 4-14 [Link] Trust Processing Operation... 4-14 4.2 S/MIME... 4.2.1 Multipurpose Internet Mail Extensions... 4.2.2 Message Headers.. 4.2.3. S/MIME Functionality .. 4.2.4 Cryptographic Algorithms in S/MIME... 4.2.5 S/MIME Messages... 4.2.6 S/MIME Certificate Processing 4.3 PEM. 4.4 Domain Keys Identified Mail . 4.5 Wireless Network Security .. 4.5.1 Background 4.5.2 Authentication .. 4.5.3 Authentication in WEP.. 4.5.4 Authentication and Key Argument in 802.111 4.6 Mobile Device Security. 4.7. Two Marks Questions with Answers ... (ix)6-1) to 6-40) Chapter-5 Security Practices 5.1 Intrusion Detection. 5.1.1 Types of Intrusion Detection System cco <3) [Link] Anomaly Detection -. i 15-3 [Link]. Signature-based Detection ... 5-4 [Link] Comparison between Signature-based and Anomaly Detection vornmm.5-5 [Link] Network Based System 5-5 [Link]. Host-based IDSs (HIDS) . 5-6 5-7 [Link] Differences between HIDS and NIDS.... 5.1.2 Intrusion Detection Techniques « 5.1.3. Tools for Intrusion Detection... 5.1.4 Distributed IDS.. 5.1.5 Strengths of IDS..... 5.1.6 Limitations of IDS.. 5.1.7. Differences between IDS and IPS...... 5.1.8 Intrusion Prevention System (IPS) .. 5.2 Password Management. 5.2.1 Password Protection.. 5.2.2 Password Selection Strategies... 5.3. Firewalls .. 5.3.1 Types of Firewall... [Link] Packet Filtering Router... [Link]. Application Level Gateways... [Link] Circuit Level Gateways [Link] Comparison between Packet Filter and Proxies....... 5-24 5.3.2. Firewall Locations 5-24 5-26 5.3.3. Firewall Configuration 5.4 Blockchain .. 5.4.1. Blockchain Technology Layers...5.4.2. Types of Blockchain Platforms... 5.4.3. The Challenges for Adoption of Blockchain. 5.4.4 Advantages and Disadvantages of Blockchain..... 5.5 Cloud Security. 5.5.1 Cloud Security Challenges and Risks.. 5.5.2 General Issues Securing the Cloud ... 5.6 loT Security 5.6.1. oT Security Challenges. 5.7 Two Marks Questions with Answers .. (xi)