Unit- III

Introduction Network Security

 The OSI Model
• The OSI Model was developed in the late 1970s and
officially published in 1984 by the ISO (International
Organization for Standardization).
✓1977–1980 → The concept of the OSI model was developed.
✓1983 → The first draft standard was prepared.
✓1984 → The OSI Reference Model was officially released by
ISO.
• The Open Systems Interconnection (OSI) model is a
seven-layer architecture designed by the
International Organization for Standardization (ISO)
to standardize how networked devices communicate.
• It breaks communication into layers so that each
layer has specific functions and responsibilities.
 Layers of the OSI Model

There are 7 layers in the OSI Model and each

layer has its specific role in handling data. All the
layers are mentioned below:
1. Physical Layer: Bit
2. Data Link Layer (DLL): Frame
3. Network Layer: Packets
4. Transport Layer: Segments (for TCP) or Datagrams (for UDP)
5. Session Layer: Data
6. Presentation Layer: Data
7. Application Layer: Data
The OSI Model
 The OSI Model
The OSI Model is a 7-layer conceptual model:

1. Physical – Transmits raw binary data (0s and 1s) over the physical medium.
Examples: Cables, connectors, switches (at the physical level), network
interface cards.
2. Data Link – Handles node-to-node data transfer and flow control, error
detection/correction in intra network communications. Examples: Ethernet,
MAC addresses, PPP.
3. Network – Responsible for logical addressing and routing. Examples: IP
(IPv4/IPv6), ICMP, routers.
4. Transport – End-to-end communication, Ensures reliable data delivery with
error checking and flow control inter-network communications. Examples:
TCP, UDP.
5. Session – Manages sessions between apps, Establishes, manages, and
terminates communication sessions. Examples: NetBIOS, RPC.
6. Presentation – Translates, encrypts, and compresses data for the
application layer. Examples: SSL/TLS encryption, JPEG, MPEG.
7. Application – User interfacee, Provides network services directly to user
applications. Examples: HTTP, FTP, SMTP, DNS.
 OSI Security
• The OSI Security Architecture provides a framework
for securing communication in networks, mapped to
the OSI model layers.
• OSI Security Architecture focuses on these concepts:
➢Security Attack
➢Security Service
➢Security Mechanism
• It defines security services (what protection is
provided) and security mechanisms (how it’s
implemented).
 OSI Security Attack
A security attack is an attempt by a person or entity to gain unauthorized access to disrupt or
compromise the security of a system, network, or device. They are further classified into 2 sub-
categories:
[Link] attacks – Passive attacks involve the attacker observing or monitoring network traffic or
system activity without actively modifying or disrupting it.
Examples:
• Eavesdropping on network communications, such as listening in on conversations or capturing
data packets.
• Analyzing network traffic patterns to gather information.
• Exploiting weak passwords or other vulnerabilities to gain access to sensitive information.
Impact: Passive attacks primarily threaten the confidentiality of data.
2. Active attacks – Active attacks involve an attacker actively trying to modify, disrupt, or destroy
system resources.
Examples:
• Modifying data in a database.
• Denial-of-service (DoS) attacks, where an attacker floods a system with traffic, making it
unavailable to legitimate users.
• Man-in-the-middle (MitM) attacks, where the attacker intercepts and possibly alters
communication between two parties.
• Malware infections, which can corrupt, delete, or steal data.
Impact: Active attacks can lead to data loss, system damage, financial theft, and reputational damage.
 OSI Security Services
Security services refer to the different services available for maintaining the
security and safety of an organization. They help in preventing any potential
risks to security.
These are the goals of network security as per OSI standards:
• Authentication: Authentication is the process of verifying the identity of a
user or device in order to grant or deny access to a system or device.
• Access Control: Access Control involves the use of policies and procedures
to determine who is allowed to access specific resources within a system.
• Data Confidentiality: Data Confidentiality is responsible for the protection
of information from being accessed or disclosed to unauthorized parties.
• Data Integrity: Data Integrity is a security mechanism that involves the use
of techniques to ensure that data has not been tampered with or altered in
any way during transmission or storage.
• Non-Repudiation: Non-repudiation involves the use of techniques to create
a verifiable record of the origin and transmission of a message which can be
used to prevent the sender from denying that they sent the message.
• Availability: Availability ensures that authorized users can access data,
resources, and services when they need them, without interruption.
 OSI Security Mechanisms
The mechanism that is built to identify any breach of security
or attack on the organization, is called a security mechanism.
Security Mechanisms are also responsible for protecting a
system, network, or device against unauthorized access,
tampering, or other Security Threats.
These are the methods to implement the above services:
▪ Encipherment – Encrypting data to maintain confidentiality.
▪ Digital Signature – Signing messages to ensure authenticity
and integrity.
▪ Access Control Mechanisms – Rules, permissions, and
authentication systems.
▪ Data Integrity Mechanisms – Hashes, CRC checks.
▪ Authentication Exchange – Protocols like Kerberos, EAP.
▪ Traffic Padding – Adding extra data to prevent traffic analysis.
▪ Routing Control – Selecting secure routing paths.
▪ Notarization – Using trusted third parties to verify transactions.
 Benefits of OSI Security Architecture
• Providing Security: OSI Architecture in an organization provides the
needed security and safety preventing potential threats and risks.
• Organizing Task: The OSI architecture makes it easy for managers to build a
security model for the organization based on strong security principles.
• Meets International Standards: Security services are defined and
recognized internationally meeting international standards.
• Interoperability: The OSI model divides network functions into multiple
levels makes it easier for different hardware and software components to
work together.
• Scalability: The layered method makes networks scalable. New
technologies and protocols can be seamlessly added without interrupting
the overall system.
• Flexibility: Each layer can evolve separately and provide flexibility for
technology and application changes.
 Server Security
Server Security means applying
practices, tools, and policies to
protect servers from
unauthorized access, misuse,
or cyberattacks while ensuring
they remain available for
legitimate users.
Servers are high-value targets
because they store:
▪ User credentials
▪ Databases (customer data,
financial info) Key Server Security Measures
▪ Applications and services
 Important Elements Of Server Security
• Server security keeps servers safe from unauthorized access and
data leaks.
• Servers store important information for businesses and
individuals.
• Protecting servers ensures data privacy, accuracy, and
availability.
• Key aspects of server security also include physical security,
network security, and OS security.
• Encryption keeps sensitive data secure.
• Regular updates can patch vulnerabilities.
• Intrusion detection and prevention can monitor and stop
threats.
• Log monitoring identifies and rectifies unusual activities.
• Employee training teaches security best practices.
 Impact Of Server Breaches
The following are the impact of server breaches:
• Data loss and exposure of sensitive information.
• Financial losses from legal, compensation, and
recovery expenses.
• Damage to reputation and loss of customer and
trust.
• Disruption of services and operational downtime.
• Increased vulnerability to future cyber-attacks.
• Potential impact on stock prices and investor
confidence.
• Increased costs for security remediation and
prevention measures.
 Network Servers
• A network server is a computer
system that provides services,
resources, or data to other
computers (clients) over a
network.
• It is always “on” and ready to
respond to client requests.
• The server listens for client
requests and responds
accordingly
Example:
• The server (computer) provides
food (data/services).
• The clients (users) request dishes
(files, applications).
 Why Use Servers?
• Share files, printers, and applications
• Store important data in one secure place
• Manage who can access resources
• Keep services available for many users at the same time
 Working of Network Server
Network servers function as the central hub in a computer network,
managing communication and data exchange between different
devices. Here’s a breakdown of how they operate:
1. Client Request: A client (computer, smartphone, etc.) sends a
request to the server for a specific service or resource.
2. Server Processing: The server receives the request, processes it
based on its configuration and role, and then determines the
appropriate response.
3. Response Delivery: The server sends the requested data, performs
the requested action, or provides the requested service back to the
client.
4. Continuous Operation: Servers continuously listen for client
requests and respond to them, ensuring the smooth operation of the
network.
 Types of Network Servers
Network servers can be categorized based on the specific services they provide. Each type of
server plays a unique role in a network infrastructure, catering to different needs and
functionalities. Here are some common types of network servers:
• Web Server: Hosts and serves web pages to clients via the internet or an intranet,
delivering requested web pages when a user accesses a website.
• File Server: Dedicated to storing and managing files, allowing users to save, retrieve, and
share files over a network, essential for data accessibility and collaboration.
• Database Server: Hosts databases and manages data queries from clients, crucial for
managing large volumes of data efficiently and securely, often used in business
environments.
• Mail Server: Manages and facilitates email communication, storing emails, processing
incoming and outgoing messages, and ensuring secure and efficient email delivery.
• Application Server: Hosts and executes specific applications, providing a platform for
running software, services, or applications accessible to network users.
• Print Server: Manages one or more printers and handles printing requests from clients,
queuing print jobs, and managing print resources within a network.
• Domain Name System (DNS) Server: Translates domain names into IP addresses, enabling
users to access websites using familiar domain names instead of numerical IP addresses.
• Virtual Server: Uses virtualization technology to run multiple server instances on a single
physical server, maximizing hardware utilization and providing flexibility in server
management.
• Proxy Server: Acts as an intermediary between a client and another server, used for data
caching, internet security, and to bypass restrictions.
 Benefits of Network Servers
1. Centralized Storage
▪ All files and data are stored in one place.
▪ Easy to back up and protect.
2. Resource Sharing
▪ Share printers, files, applications, and internet connections.
▪ Saves money by avoiding duplicate equipment.
3. Improved Security
▪ Access can be controlled using usernames and passwords.
▪ Data can be encrypted and monitored.
4. Better Performance
▪ Servers are powerful and can handle many requests at once.
▪ Dedicated hardware reduces load on individual computers.
5. Scalability
▪ Easy to add more users, devices, or storage without major changes.
6. Centralized Management
▪ Updates, backups, and settings can be managed from one place.
▪ Less time needed for maintenance.
7. Data Backup and Recovery
▪ Regular backups protect against data loss.
▪ Lost files can be restored quickly.
8. Reliability and Availability
▪ Designed to run continuously without interruption.
▪ Redundant systems keep services running during failures.
 Access Control
• Controls who (subject) can perform what action
(operation) on which resource (object) under what
conditions (context).
• Access control is a security technique that regulates
who or what can view or use resources in a computing
environment. It is a fundamental concept in security
that minimizes risk to the business or organization.
• There are two main types of access control:
1. Physical Access Control: Physical access control restricts
entry to campuses, buildings, rooms and physical IT assets.
2. Logical Access Control: Logical access control limits
connections to computer networks, system files and data.
 The AAA Building Blocks
• Identification – The process of claiming an
identity (e.g., entering a username or ID).
• Authentication – Verifying the identity (e.g.,
password, PIN, biometric scan).
• Authorization – Determining what actions or
resources the authenticated user is allowed to
access.
• Accounting/Auditing – Logging and
monitoring user activities for auditing.
 Components of Access Control
1. Authentication: Authentication is the process of verifying the
identity of a user. User authentication is the process of verifying the
identity of a user when that user logs in to a computer system.
2. Authorization: Authorization determines the extent of access to the
network and what type of services and resources are accessible by
the authenticated user. Authorization is the method of enforcing
policies.
3. Access: After the successful authentication and authorization, their
identity becomes verified, This allows them to access the resource
to which they are attempting to log in.
4. Manage: Organizations can manage their access control system by
adding and removing authentication and authorization for users and
systems. Managing these systems can be difficult in modern IT
setups that combine cloud services and physical systems.
5. Audit: The access control audit method enables organizations to
follow the principle. This allows them to collect data about user
activities and analyze it to identify possible access violations.
 Types of Access Control
1. Attribute-based Access Control (ABAC): In this model, access is granted or declined by evaluating a
set of rules, policies, and relationships using the attributes of users, systems and environmental
conditions.
2. Discretionary Access Control (DAC): In DAC, the owner of data determines who can access specific
resources.
3. History-Based Access Control (HBAC): Access is granted or declined by evaluating the history of
activities of the inquiring party that includes behavior, the time between requests and content of
requests.
4. Identity-Based Access Control (IBAC): By using this model network administrators can more
effectively manage activity and access based on individual requirements.
5. Mandatory Access Control (MAC): A control model in which access rights are regulated by a
central authority based on multiple levels of security. Security Enhanced Linux is implemented
using MAC on the Linux operating system.
6. Organization-Based Access control (OrBAC): This model allows the policy designer to define a
security policy independently of the implementation.
7. Role-Based Access Control (RBAC): RBAC allows access based on the job title. RBAC eliminates
discretion on a large scale when providing access to objects. For example, there should not be
permissions for human resources specialist to create network accounts.
8. Rule-Based Access Control (RAC): RAC method is largely context based. Example of this would be
only allowing students to use the labs during a certain time of day.
 Types of Authentication Mechanism
1. Password-Based Authentication: The most common method; users enter a secret password to prove identity.
Examples: Website login pages, Windows/Linux login.
2. Two-Factor Authentication (2FA): Uses two different categories of authentication factors to verify a user’s identity.
1. Something you know — password, PIN.
2. Something you have — token, phone, smart card.
Example: Logging into email with a password and an OTP sent to your phon
3. Multi-Factor Authentication (MFA): Requires two or more different authentication factors:
1. Something you know (password, PIN)
2. Something you have (smart card, token, phone)
3. Something you are (biometric)
Examples: Banking apps requiring OTP + password.
4. Biometric Authentication: Uses unique biological traits for identity verification. Examples: Fingerprint scanners, facial
recognition, iris scans.
5. Token-Based Authentication: A physical or digital token generates one-time or session-based codes. Examples: RSA
SecurID, Google Authenticator.
6. Certificate-Based Authentication: Uses digital certificates issued by a trusted Certificate Authority (CA) to verify
identity. Examples: SSL/TLS client certificates, smart cards.
7. Single Sign-On (SSO): Allows users to log in once and gain access to multiple related systems. Examples: Google
Workspace login, Microsoft Azure AD.
8. One-Time Password (OTP): Password valid for only one session or transaction. Examples: Online banking OTP, 2FA
codes.
9. Knowledge-Based Authentication (KBA): Security questions based on user’s personal history. Examples: “What was
your first pet’s name?”
 Server Software Security
• Server software security focuses on protecting
the operating system, applications, and
services running on a server from
unauthorized access, exploitation, and
compromise.
• It’s a core part of network and information
security because servers store and process
critical organizational data.
 Importance of Server Software Security
• Servers are often primary targets for attackers because
they hold valuable data (databases, credentials, business
logic).
• A compromise can lead to:
✓Data theft
✓Service disruption
✓Financial losses
✓Regulatory penalties (e.g., GDPR, HIPAA fines)
• Servers often operate 24/7, so vulnerabilities are
constantly exposed to threats.
 Best Practices for
Server Software Security

1. Keep Software Updated

2. Use Strong Authentication
3. Minimize Attack Surface
4. Secure Configurations
5. Monitor and Audit
6. Backup and Recovery
7. Application Security Controls
 Systems Hardening
• Systems hardening is a collection of tools,
techniques, and best practices to reduce
vulnerability in technology applications, systems,
infrastructure, firmware, and other areas.
• The goal of systems hardening is to reduce risk by
eliminating potential attack vectors and
condensing the system’s attack surface. This
process of removing superfluous programs,
accounts functions, applications, ports,
permissions, access, etc. strengthens security.
• It ensures that attackers and malware have fewer
opportunities to gain a foothold within your IT
ecosystem.
Types of Systems Hardening
1. Application Hardening
2. Database Hardening
3. Endpoint Hardening
4. Identity Hardening
5. Network Hardening
6. Operating System Hardening
7. Server Hardening
 NTFS
• A file system is a structure used by an operating system to
organize and manage files on a storage device such as a
hard drive or USB flash drive.
• NTFS stands for New Technology File System is one such
file system.
• It is a proprietary file system developed by Microsoft for
Windows. It was introduced with Windows NT and is now
the default file system for modern Windows versions.

NTFS Full Form

NTFS as default File System in Windows
10 Operating System
 History of NTFS
• NTFS was introduced by Microsoft with the release of Windows NT 3.1 in
1993 as a successor to the FAT file systems (FAT12, FAT16).
• It was designed to be more reliable, secure, and scalable, supporting larger
files and volumes than FAT.
• In 1995 Windows NT 3.51, NTFS version was introduced to Compressed files,
named streams and access control lists.
• In 1996 Windows NT 4.0, NTFS version was introduced to Security
descriptors.
• After that Windows 2000 in 2000, NTFS version was introduced to Disk
quotas, Encrypting File System and many more.
• Windows XP and subsequent Windows versions (Windows Vista, Windows 7,
Windows 8, etc.) continued to use NTFS as the default file system with some
new features such as NTFS compression, symbolic links etc.
• Windows 7 introduced the ability to read and write to NTFS-formatted drives
on Mac OS through third-party tools.
• NTFS remains the default file system for Windows operating systems,
including Windows 10 and Windows 11.
 Types of NTFS Permissions
NTFS permissions are inherited or explicitly set and can be
applied to:
• Files
• Folders (affecting files and subfolders inside)

A) Basic NTFS Permissions (for folders)

• Full Control – Read, write, modify, execute, change permissions, take ownership.
• Modify – Read, write, delete, and modify content.
• Read & Execute – View and run files, but no modifications.
• List Folder Contents – View file and folder names.
• Read – View content without changes.
• Write – Create and modify files.

B) Basic NTFS Permissions (for files)

• Full Control
• Modify
• Read & Execute
• Read
• Write
• Inherited Permissions: Passed from the
parent folder to subfolders/files
automatically.

• Explicit Permissions: Manually set on a file

or folder; override inherited ones.
 Characteristics of NTFS
1. Compatibility : It supports compression of
files and directories to optimize storage space.
2. Scalability : It introduced with improved
performance, scalable in comparison to its
precursor.
3. Efficiency : It utilizes the disk space efficiently
by using smaller size of clusters.
4. Attributes : NTFS's attributes Read-only,
hidden, system, archive, not content indexed,
off-line, temporary, compressed.
Advantages & Disadvantages of NTFS
Advantages of NTFS
• Easily recovers file system and supports long file names.
• Provides users with local security by protecting files and directories.
• NTFS is a journaling file system.
• It supports spanning volumes spread across several physical drives.
• Support larger sized hard drives with increasing general performance of
the drive .

Disadvantages of NTFS
• NTFS performance does not decrease as FAT does.
• Removable devices such as Android smart phones, do not support NTFS.
• Doesn't include a system that guarantee file system performance.