a) Define Security Threat

A security threat is any potential danger or risk that can harm a computer system,
network, or data by exploiting vulnerabilities.
In network security, a threat refers to any action or event that can lead to unauthorized
access, destruction, modification, or theft of information or disrupt the normal
functioning of network services.
Types of Security Threats in Network Security
5️⃣ Malware Threats
Malware refers to malicious software designed to harm or exploit systems.
 Types of malware:
o Viruses
o Worms
6️⃣ Denial of Service (DoS) / Distributed DoS (DDoS) Attacks
These attacks flood the network or system with unnecessary traffic to overload
resources and make services unavailable to legitimate users.
7️⃣ Phishing and Social Engineering
Phishing involves tricking users into revealing sensitive information (like passwords) by
posing as a trusted entity.
Social engineering manipulates people to breach security.
8️⃣ Man-in-the-Middle (MitM) Attack
The attacker intercepts communication between two parties and can read, modify, or
inject messages without detection.
Sure! Let’s break this down clearly for you.

💻 What is an Attack?
An attack in network security refers to any attempt by an unauthorized person or
system to access, disrupt, damage, or steal data or resources in a computer system or
network.
➡️The goal of an attack is usually to compromise confidentiality, integrity, or
availability of information.

💻 Security Services in Network Security

👉 Security services are mechanisms or functions designed to protect data and resources
in a network by ensuring confidentiality, integrity, availability, authentication, and non-
repudiation..The main purpose is to guard against security threats and attacks.These
services are defined in the ISO/OSI security architecture.
🚀 Types of Security Services
1️⃣ Confidentiality
Ensures that data is accessible only to authorized users and not to any unauthorized
entity.
Prevent eavesdropping and information disclosure. Encryption (e.g., AES, RSA),Secure
protocols (e.g., SSL/TLS)
2️⃣ Integrity
Ensures that data is not altered or tampered with during transmission or storage,
intentionally or accidentally.
Detect and prevent unauthorized modification.,Message authentication codes
(MAC),Digital signatures
3️⃣ Authentication
Ensures that the identity of a user, device, or system is verified before allowing access.
Prevent impersonation or masquerade attacks.,Passwords, biometrics,Digital
certificates (PKI)
4️⃣ Non-repudiation
Ensures that a sender cannot deny having sent a message, and the recipient cannot deny
having received it.
Prevent either party from denying their actions.,Digital signatures,Transaction logs
5️⃣ Access Control
Controls who can access what resources in the network, and what actions they can
perform.
Prevent unauthorized access to resources.,Access Control Lists (ACLs),Role-based
access control (RBAC)
6️⃣ Availability
Ensures that network resources and services are available to authorized users when
needed.
Prevent denial-of-service (DoS) attacks and ensure reliability,Redundancy and backups
 Firewalls, intrusion prevention systems
 Load balancing

🔒 What is Cryptography?
👉 Cryptography is the science and art of securing information by converting it into a
form that is unreadable to unauthorized users.
It protects data confidentiality, integrity, and authenticity during storage and
transmission.
✅ Main goal of cryptography:
➡ Ensure that only authorized parties can access and understand the information.
1️⃣ Confidentiality – Prevent unauthorized access to data.
2️⃣Integrity – Ensure that data has not been altered.
3️⃣Authentication – Verify the identity of communicating parties.
4️⃣Non-repudiation – Ensure that a sender cannot deny having sent the message.
🚀 Types of Cryptography
Cryptography can be categorized based on the type of key used:
1️⃣ Symmetric Key Cryptography (Secret Key Cryptography)
✅ Concept:
The same key is used for both encryption and decryption.
✅ Characteristics:
 Both sender and receiver must have the secret key.
 Fast and efficient for large amounts of data.
 Key management (sharing the key securely) is a challenge.
✅ Examples of symmetric algorithms:
 DES (Data Encryption Standard)
  AES (Advanced Encryption Standard)
✅ Applications:
 File encryption
 Secure data storage
 Encrypted communication over a secure channel
2️⃣ Asymmetric Key Cryptography (Public Key Cryptography)
✅ Concept:
Uses a pair of keys:
🔥 What is a Firewall?
A firewall is a network security device or software that monitors, filters, and controls
incoming and outgoing network traffic based on predefined security rules.
👉 It acts as a barrier between a trusted internal network and an untrusted external
network (like the internet).
✅ Purpose of a firewall:
➡ Block unauthorized access.
➡ Allow legitimate communication.
➡ Protect against external threats.
⚙ Functions of a Firewall
The main functions of a firewall include:
1️⃣ Packet Filtering
 Examines packets of data based on IP address, port number, or protocol.
 Allows or blocks packets based on security rules.
2️⃣ Stateful Inspection
 Tracks the state of active connections.
 Allows only packets that are part of a valid, established connection.
3️⃣ Proxy Service / Application Gateway
 Acts as an intermediary between users and the internet.
 Hides internal network details and inspects content at the application layer.
4️⃣ Network Address Translation (NAT)
 Hides internal IP addresses by translating them to a single public IP.
 Helps protect internal network structure.
5️⃣ Logging and Auditing
 Keeps records of traffic patterns and security events.
 Useful for identifying suspicious activities.

🆚 Difference Between Firewall and IDS (Intrusion

Detection System)
Feature Firewall IDS (Intrusion Detection System)
Controls and filters traffic Monitors and analyzes traffic to detect
Main function
based on rules suspicious activity
Blocks or allows traffic Only detects and alerts (no blocking
Action
actively action by itself)
 Feature Firewall IDS (Intrusion Detection System)
Can be placed inside network to
Position Placed at network boundary
monitor traffic internally
Goal Prevent unauthorized access Detect attacks or policy violations
Response to Stops/block threats in real- Generates alerts; no direct prevention
threat time (in passive IDS)
Types of
Preventive Detective
control
Hardware firewall, software
Examples Snort, OSSEC, Suricata
firewall

✍️What is a Digital Signature?

👉 A digital signature is a cryptographic technique that is used to verify the authenticity,
integrity, and origin of a digital message or document.
✅ It serves as an electronic equivalent of a handwritten signature or a stamped seal, but
it is much more secure.
✅ It ensures:
 Authentication: Confirms the identity of the sender.
 Integrity: Confirms that the message has not been altered.
 Non-repudiation: The sender cannot deny having sent the message.

📝 Advantages of Digital Signature

✅ Ensures data integrity — no unauthorized changes.
✅ Provides authentication of the sender.
✅ Enables non-repudiation — sender cannot deny sending the message.
✅ Reduces paperwork in legal, business, and governmental processes.
 Secure email communication (e.g., PGP, S/MIME).
 Software distribution (to verify publisher and integrity).
 Digital certificates in SSL/TLS for secure websites.
 E-governance (e.g., online tax filing, e-tendering)

🌐 What is VPN (Virtual Private Network)?

👉 A VPN (Virtual Private Network) is a technology that creates a secure, encrypted
connection over a public network (like the Internet).
➡ To provide confidentiality, integrity, and secure access for data as it travels between
remote users or offices and the main network.
➡ A VPN forms a “tunnel” through which data is securely transmitted, protecting it
from eavesdropping and tampering.
🚀 Benefits of VPN
 Protects data from hackers and cybercriminals.
 Hides the user’s IP address for anonymity.
 Allows safe access to private networks from remote locations.
 Enables bypassing of geo-restrictions or censorship.
🔑 Types of VPN
There are different types of VPN based on how and where they are used:
1️⃣ Remote Access VPN:
 Allows individual users to securely connect to a private network from a remote
location using the internet.
 Typically used by employees working from home or traveling.
2️⃣ Site-to-Site VPN (Router-to-Router VPN)
 Connects two or more separate networks (offices, branches) securely over the
internet.
 Often used between company headquarters and branch offices.
4️⃣ SSL VPN
 Uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) to provide
secure access through a web browser.
 No need for special VPN software — users just log in via browser.
5️⃣ MPLS VPN (Multiprotocol Label Switching VPN)
 A type of site-to-site VPN that uses private service provider networks instead of
the public internet.
 Managed by telecom companies for businesses that need high reliability.
🚂 What is Rail Fence Cipher?
👉 The Rail Fence Cipher is a type of transposition cipher (not substitution).
👉 In this cipher, letters of the plaintext are written in a zigzag (rail fence) pattern across
multiple "rails" (rows), and then read row by row to create the ciphertext.
✅ It rearranges the letters of the plaintext but does not change them.
🔑 How Rail Fence Cipher Works
📌 Encryption Process
Suppose we use 3 rails (rows).
1️⃣ Write the message in a zigzag pattern across the rails:
 Start at the top rail → move down to the bottom rail → move back up → repeat.
2️⃣ After writing in rails, read each rail row by row to form the ciphertext.
📌 Decryption Process
To decrypt:
1️⃣ Calculate how many letters will be in each rail.
2️⃣Place letters back into zigzag rails.
3️⃣Read down and up the rails to reconstruct the plaintext.
✅ Advantages
 Simple to understand and implement.
❌ Disadvantages
 Easy to break using pattern analysis or brute force if number of rails is small.
⚡ Difference between DoS and DDos
DoS DDoS (Distributed Denial of Service)
Attack originates from a single Attack comes from multiple systems (often a
system. botnet).
Easier to trace and block. Harder to trace due to multiple sources.
Less powerful compared to DDoS. More powerful, can take down large
 DoS DDoS (Distributed Denial of Service)
networks/services.

⚠️What is a DoS Attack?

👉 DoS (Denial of Service) attack is a malicious attempt to make a network service,
system, or website unavailable to its intended users, by overwhelming it with
unnecessary requests or data
 Disrupt normal functioning
 Exhaust system resources (e.g., bandwidth, CPU, memory)
 Prevent legitimate users from accessing services.
Common Methods of DoS Attack
1️⃣ Flooding Attack
➡ The attacker sends a huge volume of traffic that the server cannot handle.
➡ Example: ICMP flood, UDP flood, SYN flood.
2️⃣ Logic/Software Exploit Attack
➡ The attacker exploits a weakness in the system or application to crash it or make it
hang.
➡ Example: Sending malformed packets that cause a buffer overflow.
3️⃣ Resource Exhaustion
➡ The attacker causes the system to consume excessive resources (memory, disk space,
CPU), slowing or stopping normal operations.
📝 Types of DoS Attacks
Type of DoS
Description Example
Attack
Sends many TCP connection requests but does not
SYN Flood complete the handshake, exhausting server TCP SYN flood
resources.
Overloads network by sending excessive ICMP
ICMP Flood Ping flood
Echo Request (ping) packets.
Sends large numbers of UDP packets to random
UDP Flood UDP flood
ports, causing the host to respond repeatedly.
Sends oversized or malformed packets, causing Malformed ping
Ping of Death
crashes or reboots. packets
Teardrop Sends fragmented packets with overlapping parts, Malformed
Attack causing system confusion. fragmented packets

Uses a pair of keys:

 Public key (shared openly)
 Private key (kept secret)
✅ How it works:
 Data encrypted with the public key can only be decrypted with the private key,
and vice versa.
✅ Characteristics:
 No need to share a secret key in advance.
  Slower than symmetric encryption (used mostly for key exchange and digital
signatures).
✅ Examples of asymmetric algorithms:
 RSA
 ECC (Elliptic Curve Cryptography)
 DSA (Digital Signature Algorithm)
✅ Applications:
 Secure key exchange
 Digital signatures
 Secure email (e.g., PGP)
3️⃣ Hash Functions (One-way Cryptography)
A hash function converts data of any size into a fixed-size hash value (digest).
✅ Characteristics:
 No key is used.
 The process is one-way — you cannot reverse a hash to get the original data.
 Used to ensure data integrity.
✅ Examples:
 MD5
 SHA-1, SHA-256
✅ Applications: Data integrity verification (checksums) Digital signatures
 Password storage

🌐 What is IP Spoofing?
👉 IP spoofing is a technique in which an attacker forges (fakes) the source IP address in
the header of IP packets to make it look like the packets are coming from a trusted or
different source.
 To hide the attacker’s identity
 To impersonate another system
 To bypass security controls or launch attacks like DoS, man-in-the-middle
(MITM), or session hijacking
Effects of IP Spoofing
 Disruption of normal network communication
 Difficulty in tracing the real attacker
 Exploitation of trust between systems
 Facilitation of larger attacks (e.g., reflection/amplification DDoS)

✅ Ingress and egress filtering – Routers and firewalls block packets with suspicious
source addresses.
✅ Authentication protocols – Use cryptographic authentication (e.g., IPsec).
✅ Packet inspection – Intrusion detection systems can flag spoofed packets.
✅ Avoid trusting source IP alone – Use additional identity checks.
What is Encryption?
👉 Encryption is the process of converting readable data (plaintext) into an unreadable
form (ciphertext) using a mathematical algorithm and a key.
✅ Purpose: To protect data so that only authorized parties can read it after decryption.
✅ Ensures confidentiality of data during storage or transmission.

Aspect Symmetric Encryption Asymmetric Encryption

Same key for encryption &
Keys Different keys: public & private
decryption
Speed Faster Slower
Key distribution Needs secure key exchange Public key can be shared openly
Usage Bulk data encryption Key exchange, authentication

🌐 What is ARP?
👉 ARP (Address Resolution Protocol) is a network protocol used to map an IP address
(logical address) to its corresponding MAC (Media Access Control) address (physical
address) on a local network.
✅ ARP is essential for communication within a LAN (Local Area Network).
📌 Types of ARP
Type Description
ARP Request Broadcast message asking for the MAC address of an IP.
Response from the device with the requested IP, giving its MAC
ARP Reply
address.
A device sends an ARP request for its own IP (used to detect IP
Gratuitous ARP
conflicts).
A router answers ARP requests on behalf of another device (used in
Proxy ARP
some special network setups).
Reverse ARP Resolves MAC address to IP (used by diskless workstations to find
(RARP) their IP at boot-up).

📝 Example
Suppose:
 Device A: IP 192.168.1.10, MAC 00-AA-BB-CC-DD-EE
 Device B: IP 192.168.1.20, MAC 00-FF-EE-DD-CC-BB
Device A wants to send data to 192.168.1.20 → sends ARP request → Device B replies
with its MAC → communication proceeds.
❗ ARP Attacks
 ARP Spoofing / ARP Poisoning: An attacker sends fake ARP replies to associate
their MAC with another device’s IP (e.g., gateway).
➡ Can be used for Man-in-the-Middle (MITM) attacks or to intercept traffic.
How to protect against ARP attacks
✅ Use static ARP entries where possible.
✅ Use dynamic ARP inspection (DAI) on switches.
✅ Use encryption (e.g., IPsec) to protect data.
🌐 What is TCP?
👉 TCP (Transmission Control Protocol) is one of the core protocols of the Internet’s
transport layer (Layer 4 of the OSI model).✅ It provides reliable, ordered, and error-
checked delivery of data between applications running on devices over a network.TCP
works alongside IP (Internet Protocol) — together they form TCP/IP.
🔑 Key Features of TCP
Feature Description
Connection-
A connection is established before data transfer (handshake).
oriented
Ensures all data reaches the destination without loss, duplication,
Reliable
or error.
Ordered delivery Data packets arrive in the correct sequence.
Flow control Manages data rate so the receiver isn't overwhelmed.
Error checking Uses checksums to detect errors in data.
Congestion control Adjusts data sending rate to prevent network congestion.
⚙ How TCP Works
Three-Way Handshake (Connection Establishment)
👉 Before data transmission, TCP sets up a connection:
 SYN → Client sends SYN (synchronize) to server.
 SYN-ACK → Server responds with SYN-ACK.
 ACK → Client replies with ACK.
Data Transfer
 Data is broken into segments.
 Each segment has a sequence number.
 Receiver acknowledges received segments (ACK).
 Lost or corrupted segments are retransmitted.
Connection Termination
 FIN → One side wants to close the connection.
 ACK → Other side acknowledges.
 FIN → The second side sends FIN.
 ACK → The first side acknowledges.