Network Security
Concept of information security
Cyber security
The protection of internet-connected systems, including hardware, software, and data from cyber attacks, is known as cyber security.
Cybersecurity can be done by:
1. Confidentiality of data.
2. Integrity of data.
3. Availability of data.
Network security
Network security is a preventative measure to protect the underlying network from unauthorized access, misuse, malfunction, or destruction. It creates secure platforms to carry out a critical function in a safe environment.
Security Threat
Security threat is a possible danger that may or may not happen in the future. It can affect an individual’s computer and business computers at risk. A threat can be intentional or accidental.
Some types of security threats are:
1. Interception
It refers to stealing the information or unauthorized access to data.
2. Interruption
Interruption means making the services unavailable to other users.
3. Modification
Modification involves changing data or tampering with the services so that it no longer has its original specifications.
4. Fabrication
It refers to the activity of adding data to alter the meaning of data.
Security Attack
An attack is an attempt to destroy, misuse, steal or gain access to unauthorized information. There are mainly two types of attack: Passive attack and active attack.
-
Passive attack
An attack that tries to steal information from the system but does not affect system resources is called a passive attack. Traffic analysis, capturing authentication info, decrypting traffic are examples of passive attacks. -
Active attack
An active attack is an attempt to destroy or change the information or affect their operations. Viruses, worms, or trojan horses are examples of active attacks.
Security Services
Security service is the service provided by the layer of communicating open systems, ensuring adequate security of the system or data transfers. It can be categorized into five categories:
1. Authentication
It is the act of verifying the user before giving access to the system.
2. Authorization
It is the process of defining what a user can do in the system.
3. Data confidentiality
It is the property that ensures the data will not be disclosed to unauthorized users. For this, cryptography is used.
4. Data integrity
It is the property to ensure data will not be changed in an unauthorized way.
5. Non-repudiation
It implies that one party of a transaction cannot deny having received a transaction nor can deny having sent a transaction.
Data security
A major threat to data security is packet sniffing. It is used to steal user IDs, passwords, and credit card details. Since many bank transactions are done online, data security has become the main concern for every business organization.
Message Security
Various communication companies like Facebook & Whatsapp uses cryptography to secure message. It must fulfill three categories: confidentiality, integrity, and authentication.
Cryptography
Cryptography is the process of providing security to the information shared between two individuals. Encryption and decryption are the two processes of providing security to information. Encryption is carried out by converting plain text to cipher text using various techniques. It is converted to ciphertext using keys so that attacker wouldn’t be able to understand the message. When the receiver receives the message, the ciphertext is decrypted back to plain text, which is called decryption.
Difference between public key and private key cryptography
The differences between public key and private key cryptography are:
Public key cryptography | Private key cryptography |
---|---|
1. The cryptographic process where the key is public to all the users is called public key cryptography. | 1. The process where the key is only known to the sender and receiver is called private key cryptography. |
2. Two different keys are used for encryption and decryption. | 2. Same private key is used for encryption and decryption. |
3. It is useful for digital signatures and authenticated systems. | 3. It is useful to achieve confidentiality. |