Networking Security Overview

Threat: An event that has potential to violate security policies.
Vulnerability: A weakness in a system that makes a threat possible.
Attack: The realization of a threat that exploits vulnerabilities in the system.

Protocol Stack:
- Each layer adds a different header to the packet:
- Application Layer: Adds application-specific header for control information.
- Transport Layer: Ensures reliable data transmission and identifies application processes.
- Link Layer: Adds ethernet packet header and calculates CRC.

A network typically consists of a local area network (LAN) connecting to the internet through a gateway (often managed by an ISP) which provides firewall protection.

SYN Flood: Floods the protocol stack with SYN packets to produce half-open connections.
Source Routing Attack: Redirects traffic to an impersonating host using specific IP header options.
IP Spoofing: Forges the sender’s IP address, often requiring correct sequence number guessing.
Cache Poisoning: Misleads DNS resolvers into accepting bogus data.
Denial of Service (DoS): Overloads servers like root servers to inhibit their response capability.

Identifying threats involves understanding how attacks can exploit vulnerabilities:
- Assess the potential of a threat to violate system policies.

Packet Filtering: Discards unwanted packets based on:
- MAC Address (source/destination)
- IP Address (source/destination)
- Application Protocol (based on port numbers)
- Content Patterns
Typically, inbound connections are filtered unless specifically configured.

Utilizes cryptography to ensure data remains confidential:
- Symmetric Encryption: Same key for both encryption and decryption.
- Asymmetric Encryption: Public key to encrypt, private key to decrypt.
- Digital Signatures: Hashing data for verification purposes.

Proper management of cryptographic keys is crucial:
- Distribution: Ensure the right keys reach the right individuals.
- Revocation: Update or change keys when necessary (e.g., employee access changes).
- Default Key Risks: Beware of vendor-installed keys that may be known to attackers.

Hardware Security Module (HSM) and Trusted Platform Module (TPM) are utilized for storing and securing keys:
- HSM: standalone, tamper-proof device meant solely for key storage.
- TPM: chip integrated into a device ensuring key security on desktops and laptops.

Single Cryptonet: Shared secret key among all users.
Group Cryptonets: Shared key for certain groups.
Pairwise Key Sharing: Unique key for each pair of endpoints.
Key Distribution Center: Central server that distributes keys.
Public Key Distribution: Techniques to distribute keys using public key cryptography.

1. IPsec:

2. SSL/TLS:

Provides encryption and secure data exchange between client (e.g., a web browser) and server:
- Handshake Protocol: Initiates a secure connection and performs key exchanges.
- Record Protocol: Handles data transmission securely.

VPNs (Virtual Private Networks): Enables secure access to a network over the internet, providing confidentiality and integrity for data transfers.

Case 1: Preventing impersonation of legitimate nodes; use IPSec.
Case 2: Remote access to internal resources; use VPN for secure connection.
Case 3: Secure file transfers; use SSL for encryption of data at transit.

Understanding network security requires familiarity with different types of threats, countermeasures, protocols, and key management principles. Effective implementation ensures confidentiality, integrity, and availability of network resources.