Notes

Network Security
Network security consists of the policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator.

Importance of Network Security:
To safeguard the assets of the company: Protecting the assets of the company is one of the primary reasons of securing a network.
Network security is a viable option for large enterprises, and homes and small businesses, as well.
Network security is a viable option for both public and private networks.

Security threat involves three goals:-
1)Confidentiality
2)Integrity
3)Availability
->Confidentiality
This goal defines how we keep our data private from eavesdropping. Packet capturing and replaying are the example of threats for this goal. Data encryption is used to achieve this goal.
->Integrity
This goal defines how we avoid our data from being altered. MiTM (Man in the middle attacks) is the example threat for this goal. Data hashing is used to take the fingerprint of data. Through hashing we can match data from its original source.
->Availability
This goal defines how we keep available data to our genuine users. DoS (Denial of service attacks) is the example threat for this goal. User rate limit and firewall are used to mitigate the threat for this goal.
An adversary (a person/hacker/cracker who is interested in attacking your network) can use any kind of attack to threat the network infrastructures. A network may face several other attacks from adversary while achieving above goals. In following section, I will include some most common attacks.

*Types of network security attacks
1)Reconnaissance Attack
In this kind of attack, an adversary collects as much information about your network as he needed for other attacks. This information includes IP address range, server location, running OS, software version, types of devices etc. Packet capturing software, Ping command, traceroot command, whois lookup are some example tools which can be used to collect this information. Adversary will use this information in mapping your infrastructure for next possible attack.

2)Passive attack
In this attack an adversary deploys a sniffer tool and waits for sensitive information to be captured. This information can be used for other types of attacks. It includes packet sniffer tools, traffic analysis software, filtering clear text passwords from unencrypted traffic and seeking authentication information from unprotected communication. Once an adversary found any sensitive or authentication information, he will use that without the knowledge of the user.

3)Active Attack
In this attack an adversary does not wait for any sensitive or authentication information. He actively tries to break or bypass the secured systems. It includes viruses, worms, trojan horses, stealing login information, inserting malicious code and penetrating network backbone. Active attacks are the most dangerous in natures. It results in disclosing sensitive information, modification of data or complete data lost.

4)Distributed Attack
In this attack an adversary hides malicious code in trusted software. Later this software is distributed to many other users through the internet without their knowledge. Once end user installs infected software, it starts sending sensitive information to the adversary silently. Pirated software is heavily used for this purpose.

5)Insider Attack
According to a survey more than 70% attacks are insider. Insider attacks are divided in two categories; intentionally and accidentally. In intentionally attack, an attacker intentionally damage network infrastructure or data. Usually intentionally attacks are done by disgruntled or frustrated employees for money or revenge. In accidentally attack, damages are done by the carelessness or lack of knowledge.

6)Phishing Attack
Phishing attack is gaining popularity from last couple of years. In this attack an adversary creates fake email address or website which looks like a reputed mail address or popular site. Later attacker sends email using their name. These emails contain convincing message, some time with a link that leads to a fake site. This fake site looks exactly same as original site. Without knowing the truth user tries to log on with their account information, hacker records this authentication information and uses it on real site.

7)Hijack attack
This attack usually takes place between running sessions. Hacker joins a running session and silent disconnects other party. Then he starts communicating with active parties by using the identity of disconnected party. Active party thinks that he is talking with original party and may send sensitive information to the adversary.

11)Password attack
In this attack an adversary tries to login with guessed password. Two popular methods for this attack are dictionary attack and brute force attack. In brute force method, an adversary tires with all possible combinations. In dictionary method, an adversary tires with a word list of potential passwords.

12)Packet capturing attack
This attack is part of passive attack. In this attack an attacker uses a packet capturing software which captures all packets from wire. Later he extracts information from these packets. This information can be used to deploy several kinds of other attacks.

DoS attack
DoS attack is a series of attacks. In this attack an adversary tires to misuse the legitimate services. Several networking tools are available for troubleshooting. An attacker uses these tools for evil purpose. For example ping command is used to test the connectivity between two hosts. An adversary can use this command to continuously ping a host with oversized packets. In such a situation target host will be too busy in replying (of ping) that it will not be able run other services.

To protect network from above attacks, administrators use different approaches. No matter what approach you choose, there are some basic rules which you should always follow:-
+Use secure protocol for remote login such as use SSH instead of Telnet.
+Configure access lists or firewall to permit only necessary traffic.
+Use genuine software and keep it up to date.
+Avoid pirated software as they may contain virus and worms.
+Use difficult password.
+Disable unwanted or unnecessary services.

For Symmetric Key : n*(n-1)/2 keys are required.
For Public Key : 2*n key are required ( each node will have private and public key).