Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT

If you find these notes helpful, please
follow me on LinkedIn
Sarthak Sobti
Click on the link below:
www.linkedin.com/in/sarthak-sobti-
65bab51b4

Network Security and
Cyber Law
Unit 1
1. Introduction to Network Security
Network security is defined as the activity created to protect the
integrity of your network and data. Every company or organization
that handles a large amount of data, has a degree of solutions
against many cyber threats.
Any action intended to safeguard the integrity and usefulness of
your data and network is known as network security. The most
basic example of Network Security is password protection which
the user of the network chooses. The network security solutions
protect various vulnerabilities of the computer systems such as:
1. Users
2. Locations
3. Data
4. Devices
5. Applications
_____________________________________________________________

2. Goals/Objectives of Network Security
1. Confidentiality
It simply means that data and resources on a network can only be
accessible by authorized users. In return, it assists in protecting
sensitive information from unauthorized users.
2. Integrity
This simply ensures that the data, as well as resources on a
network, are not altered or corrupted by unauthorized parties. With
the help of integrity, one can maintain the accuracy as well as
consistency of information and processes.

3. Availability
This assists in ensuring that the resources and data on a network
are accessible and usable by authorized parties. Further,
availability helps to support the continuity and performance of
business operations and services.
_____________________________________________________________
3. Attacks
A security attack is an attempt to gain unauthorized access to,
disrupt, or compromise the security of a system, network, or
device. These are actions that threaten an organization’s safety
and are classified into two main categories:
A. Passive Attacks
Passive attacks involve an intruder monitoring or eavesdropping on
transmissions without altering the data. These attacks aim to
gather information without causing direct harm, and neither the
sender nor the receiver is aware of the intrusion.
• Eavesdropping: Intercepting and listening to
communications without consent. Example: Packet sniffing.
• Traffic Analysis: Analysing network traffic patterns to gather
information without accessing the content. Example:
Network flow analysis.
Prevention: Encryption of transmitted data can prevent intruders
from using intercepted information.

B. Active Attacks
Active attacks involve the attacker altering or disrupting
communications, causing damage or disruption. Both the sender
and receiver are unaware that their communication has been
tampered with.
• Masquerade: Pretending to be an authorized user to gain
access. Example: Using stolen credentials.
• Replay: Intercepting and retransmitting a message to
deceive the receiver. Example: Delaying a financial
transaction message.
• Modification of Message: Altering the message content.
Example: Changing the data in a transmitted message.
• Denial of Service (DoS): Overloading a system with traffic to
make it unavailable to legitimate users. Example: Flooding a
website with requests.
_____________________________________________________________
4. Network Security Services
Security services refer to the different services available for
maintaining the security and safety of an organization. They help in
preventing any potential risks to security. Security services are
divided into 5 types:
• Authentication is the process of verifying the identity of a
user or device in order to grant or deny access to a system or
device.

• Access control involves the use of policies and procedures
to determine who is allowed to access specific resources
within a system.
• Data Confidentiality is responsible for the protection of
information from being accessed or disclosed to
unauthorized parties.
• Data integrity is a security mechanism that involves the use
of techniques to ensure that data has not been tampered with
or altered in any way during transmission or storage.
• Non-repudiation involves the use of techniques to create a
verifiable record of the origin and transmission of a message,
which can be used to prevent the sender from denying that
they sent the message.
________________________________________________________
5. Network Security Mechanisms
The mechanism that is built to identify any breach of security or
attack on the organization, is called a security mechanism.
Security Mechanisms are also responsible for protecting a system,
network, or device against unauthorized access, tampering, or
other security threats.
Examples of Security Mechanisms
• Encipherment (Encryption): Transforms data into a coded
form that can only be read with a decryption key. Used for
protecting data during transmission or storage.

• Digital Signature: Uses cryptographic techniques to create a
unique, verifiable identifier for a document or message,
ensuring its authenticity and integrity.
• Traffic Padding: Adds extra data to network traffic to obscure
its true content and make analysis more difficult.
• Routing Control: Selects secure routes for data transmission
and allows changes in routing if a security breach is
suspected.
_____________________________________________________________
6. Authentication Applications
1. Kerberos
• Purpose: A network authentication protocol designed to
provide secure authentication for users and services in a
network.
• How it Works:
o Key Distribution Center (KDC): Central authority that
includes an Authentication Server (AS) and a Ticket
Granting Server (TGS).
o Process:
1. User Authentication: User logs in and sends a
request to the AS.

2. Ticket Granting Ticket (TGT): AS authenticates the
user and issues a TGT.
3. Service Request: User sends the TGT to the TGS to
request access to a specific service.
4. Service Ticket: TGS issues a service ticket, which
the user presents to the desired service for access.
• Advantages: Secure, mutual authentication, prevents
eavesdropping and replay attacks.
2. X.509 Directory Authentication Service
• Purpose: A standard for public key infrastructure (PKI) used
for managing digital certificates and public-key encryption.
• How it Works:
o Certificates: X.509 certificates contain a public key and
the identity of the owner.
o Certification Authority (CA): Trusted entity that issues
and verifies certificates.
o Process:
1. Certificate Request: User generates a key pair
and sends a certificate signing request (CSR) to the
CA.
2. Certificate Issuance: CA verifies the request and
issues an X.509 certificate.

3. Authentication: When a user or service needs to
authenticate, they present their certificate.
4. Verification: The recipient verifies the certificate's
authenticity and validity using the CA's public key.
• Advantages: Provides strong authentication, integrity, and
non-repudiation through the use of digital certificates.
_____________________________________________________________

Unit 2
1. Application Layer Security
1. Secure Electronic Transaction (SET)
• Secure Electronic Transaction or SET is a system that
ensures the security and integrity of electronic transactions
done using credit cards in a scenario.
• SET protocol restricts the revealing of credit card details to
merchants thus keeping hackers and thieves at bay.
• TheSET protocol includes Certification Authorities for making
use of standard Digital Certificates like X.509 Certificate.
2. Email Security
• Email security refers to the steps where we protect the email
messages and the information that they contain from
unauthorized access, and damage.
• It involves ensuring the confidentiality, integrity, and
availability of email messages, as well as safeguarding
against phishing attacks, spam, viruses, and another form of
malware.

• It can be achieved through a combination of technical and
non-technical measures.
• Some standard technical measures include the encryption of
email messages to protect their contents, the use of digital
signatures to verify the authenticity of the sender, and email
filtering systems to block unwanted emails and malware.
• The non-technical measures may include training employees
on how to recognize and respond to phishing attacks and
other email security threats, establishing policies and
procedures for email use and management, and conducting
regular security audits to identify and address vulnerabilities.
3. Pretty Good Privacy (PGP)
• Pretty Good Privacy (PGP) is an encryption software program
designed to ensure the confidentiality, integrity, and
authenticity of virtual communications and information.
• At its core, PGP employs a hybrid cryptographic method,
combining symmetric-key and public-key cryptography
techniques.
• Symmetric-key cryptography entails the use of a single
mystery key to each encrypt and decrypt statistics.

• Conversely, public-key cryptography utilizes a pair of
mathematically associated keys: a public key, that is freely
shared and used for encryption, and a personal key, that is
stored in mystery and used for decryption.
4. S/MIME
• S/MIME stands for Secure/Multipurpose Internet Mail
Extensions. Through encryption, S/MIME offers protection for
business emails.
• S/MIME comes under the concept of Cryptography. S/MIME is
a protocol used for encrypting or decrypting digitally signed
E-mails. This means that users can digitally sign their emails
as the owner (sender) of the e-mail.
• S/MIME enables non-ASCII data to be sent using Secure Mail
Transfer Protocol (SMPT) via email. Moreover, many data files
are sent, including music, video, and image files.
• This data is securely sent using the encryption method. The
data which is encrypted using a public key is then decrypted
using a private key which is only present with the receiver of
the E-mail.
• The receiver then decrypts the message and then the
message is used. In this way, data is shared using e-mails

providing an end-to-end security service using the
cryptography method.
_____________________________________________________________
2. Security Threats and Countermeasures
1. Phishing Attacks
• Threat: Phishing involves tricking users into providing
sensitive information (like usernames, passwords, or credit
card details) by posing as a trustworthy entity in electronic
communications.
• Countermeasures:
o User Education: Teach users to recognize phishing
attempts and avoid clicking on suspicious links.
o Email Filtering: Use spam filters to detect and block
phishing emails.
o Two-Factor Authentication (2FA): Add an extra layer of
security to verify user identity.
2. Malware
• Threat: Malware includes viruses, worms, trojans,
ransomware, and spyware that can damage systems, steal
data, or disrupt operations.

o Antivirus and Anti-Malware Software: Regularly
update and run antivirus programs to detect and remove
malware.
o Regular Updates and Patching: Keep all software,
including the operating system, up to date to close
vulnerabilities.
o Firewalls: Use firewalls to block unauthorized access.
3. Man-in-the-Middle (MITM) Attacks
• Threat: In MITM attacks, the attacker secretly intercepts and
possibly alters the communication between two parties.
o Encryption: Use strong encryption protocols (like
SSL/TLS) to protect data in transit.
o Secure Communication Channels: Ensure that all
communication channels are secure and
authenticated.
o Public Key Infrastructure (PKI): Utilize PKI to verify the
identities of the parties involved in communication.
4. Denial of Service (DoS) and Distributed Denial of
Service (DDoS) Attacks
• Threat: DoS/DDoS attacks overwhelm a system with traffic,
making it unavailable to legitimate users.

o Traffic Filtering: Implement traffic filtering to identify
and block malicious traffic.
o Load Balancing: Use load balancers to distribute traffic
and mitigate the impact of attacks.
o Redundancy and Failover Systems: Design systems
with redundancy and failover capabilities to maintain
service availability.
5. Password Attacks
• Threat: Password attacks, including brute force, dictionary,
and credential stuffing attacks, aim to gain unauthorized
access by cracking passwords.
o Strong Password Policies: Enforce strong password
policies requiring complex and unique passwords.
o Account Lockout Mechanisms: Implement account
lockout mechanisms after several failed login attempts.
o Password Managers: Encourage the use of password
managers to generate and store strong passwords
securely.
_____________________________________________________________

3. Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol
designed to provide secure communication over a computer
network. It is widelyused for securing web traffic, emails,and other
internet-based communications.
Key Features of TLS:
1. Encryption: Ensures that data exchanged between the client
and server is encrypted, preventing eavesdropping.
2. Integrity: Ensures data is not tampered with during transit.
3. Authentication: Confirms the identity of the communicating
parties, typically using certificates.

TLS Handshake Process:
1. Client Hello: The client initiates the handshake by sending a
"hello" message to the server, which includes the client's
supported TLS versions, cipher suites, and a random byte
string.
2. Server Hello: The server responds with its own "hello"
message, choosing the TLS version and cipher suite from the
options provided by the client, and also sends its certificate
and a random byte string.
3. Key Exchange: Both parties use the random strings and
public key information to generate a shared secret key for
encryption.
4. Cipher Spec Change: The client and server notify each other
that future messages will be encrypted.
5. Finished: Both parties send a message indicating the
handshake is complete and encryption begins.
_____________________________________________________________
4. Secure Socket Layer
Secure Socket Layer (SSL) provides security to the data that is
transferred between web browser and server. SSL encrypts the link
between a web server and a browser which ensures that all data
passed between them remain private and free from attack.

Secure Socket Layer Protocols:
• SSL record protocol
• Handshake protocol
• Change-cipher spec protocol
• Alert protocol
SSL (Secure Sockets Layer) certificate is a digital certificate used
to secure and verify the identity of a website or an online service.
The certificate is issued by a trusted third-party called a Certificate
Authority (CA), who verifies the identity of the website or service
before issuing the certificate.
The SSL certificate has several important characteristics that
make it a reliable solution for securing online transactions:
2. Encryption: The SSL certificate uses encryption algorithms
to secure the communication between the website or service
and its users.
3. Authentication: The SSL certificate verifies the identity of the
website or service, ensuring that users are communicating
with the intended party and not with an impostor.
4. Integrity: The SSL certificate uses message authentication
codes (MACs) to detect any tampering with the data during
transmission.
4. Non-repudiation: SSL certificates provide non-repudiation
of data, meaning that the recipient of the data cannot deny
having received it. This is important in situations where the

authenticity of the information needs to be established, such
as in e-commerce transactions.
5. Certificates issued by trusted CAs SSL certificates are
issued by trusted CAs, who are responsible for verifying the
identity of the website or service before issuing the
certificate.
_____________________________________________________________
5. Wireless Transport Layer Security (WTLS)
• WTLS is a security protocol used to protect data sent over
wireless networks.
• It's part of the Wireless Application Protocol (WAP), which
allows mobile devices to access the internet.
• WTLS is similar to Transport Layer Security (TLS) but modified
for mobile devices that have less power and memory.
• When you connect to a secure service (like a bank) using your
phone, WTLS starts by creating a secure connection.
• It uses cryptographic algorithms to encrypt and decrypt data,
ensuring that even if the data is intercepted, it can't be read
by others.
_____________________________________________________________

Unit 3
1. Internet Protocol Security
IP Security (IPsec) is a framework of open standards for ensuring
private, secure communications over Internet Protocol (IP)
networks through the use of cryptographic security services. It
helps protect data during transmission by providing confidentiality,
data integrity, and authentication.
Characteristics Associated with IPSec:
1. The standardized algorithms present in IP Sec are SHA and
MD5.
2. IPSec uniquely identifies every packet, and then
authentication is carried out based on verifying the same
uniqueness of the packet.
3. IP network or IPSec has an ESP present in it for security
purposes.
_____________________________________________________________

2. Components of IP Security
It has the following components:
1. Encapsulating Security Payload (ESP)
2. Authentication Header (AH)
3. Internet Key Exchange (IKE)
1. Encapsulating Security Payload (ESP)
Encapsulating Security Payload (ESP) is a method used to protect
data sent over IP networks.
a. Encapsulation and Encryption:
• When data (also called the payload) is sent over the network,
ESP first encapsulates or wraps it.
• This wrapped data is then encrypted, turning it into a form
that cannot be easily understood by anyone except the
intended receiver.
b. Security Checks and Authentication:
• After encryption, ESP performs a security check. This is
called authentication, which verifies that the data is coming
from a legitimate source.
• Authentication ensures that the data has not been tampered
with during transmission.

c. Ensuring Safety:
• The combination of encryption (which hides the content) and
authentication (which verifies the sender) makes the data
very secure.
• This protects the data from being stolen or altered by any
unauthorized third party.
d. Process of Encryption and Decryption:
• The encryption process is done by an authenticated (verified)
user who sends the data.
• When the data reaches the receiver, it can only be decrypted
(turned back into its original form) if the receiver is also
authenticated.
• This means only the intended receiver, who has been verified,
can access the original data.
e. Smooth and Secure Communication:
• Because only verified users can encrypt and decrypt the data,
the entire process of sending and receiving data is both
smooth and secure.
• This ensures that the data remains private and protected
throughout its journey across the network.

Key Features:
1. Encryption: ESP encrypts the payload of the IP packet to
ensure that the data remains confidential. This protects the
data from being read by unauthorized entities.
2. Integrity: ESP ensures that the data has not been altered
during transmission. This is done through integrity checks.
3. Authentication: ESP verifies the origin of the data, ensuring
that it comes from a legitimate source.
4. Anti-replay: ESP includes sequence numbers in the packets
to protect against replay attacks.
2. Authentication Header (AH)
AH is designed to provide connectionless integrity and data origin
authentication for IP packets. It also provides protection against
replay attacks.
Key Features of Authentication Header (AH):
1. Data Integrity:
o Ensures that the data has not been altered during
transit.

o Uses a hash function to create a message digest, which
is then included in the AH.
2. Data Origin Authentication:
o Verifies that the data is from a legitimate source.
o Ensures that the packet was sent by the authenticated
sender.
3. Anti-Replay Protection:
o Protects against replay attacks by using sequence
numbers.
o Ensures that each packet is unique and not a duplicate
of a previous packet.
_____________________________________________________________
2. Intruders
The most common threat to security is an attack by an Intruder.
Intruders are often referred to as hackers and are the most harmful
factors contributing to the vulnerability of security. They have
immense knowledge and an in-depth understanding of technology
and security. Intruders breach the privacy of users and aim to steal
the confidential information of the users. The stolen information is
then sold to third parties, which aim at misusing the information
for their own personal or professional gains.

Intruders are people who try to access computer systems and data
without proper authorization. They can be classified into three
main categories:
1. Masquerader
2. Misfeasor
3. Clandestine User
1. Masquerader
• Masqueraders are individuals who are not authorized to use
the system. They are outsiders who do not have direct
access.
• They exploit the system's vulnerabilities to gain control and
access private or confidential information.
• Their main goal is to steal data or information by unethical
means.
2. Misfeasor
• Misfeasors are individuals who are authorized to use the
system. They are insiders with legitimate access.
• They misuse their access privileges to perform unauthorized
activities, such as stealing or altering data.

3. Clandestine User
• Clandestine Users have supervisory or administrative control
over the system. They can be insiders (such as system
administrators) or outsiders who gain control.
• They misuse their authoritative power to perform malicious
activities, often for financial gain or other personal benefits.
3. Intrusion Detection System (IDS)
• A system called an intrusion detection system (IDS) observes
network traffic for malicious transactions and sends
immediate alerts when it is observed.
• It is software that checks a network or system for malicious
activities or policy violations.
• Each illegal activity or violation is often recorded either
centrally using an SIEM system or notified to an
administration.
• IDS monitors a network or system for malicious activity and
protects a computer network from unauthorized access from
users, including perhaps insiders.

Working of Intrusion Detection System (IDS)
• An IDS (Intrusion Detection System) monitors the traffic on a
computer network to detect any suspicious activity.
• It analyzes the data flowing through the network to look for
patterns and signs of abnormal behavior.
• The IDS compares the network activity to a set of predefined
rules and patterns to identify any activity that might indicate
an attack or intrusion.
• If the IDS detects something that matches one of these rules
or patterns, it sends an alert to the system administrator.
• The system administrator can then investigate the alert and
take action to prevent any damage or further intrusion.
_____________________________________________________________
4. Viruses
• Viruses are small pieces of software that attach themselves
to real programs.
• The term “virus” is also commonly but erroneously used to
refer to other types of malware, adware, and spyware
programs that do not have the reproductive ability.
• A true virus can spread from one computer to another (in
some form of executable code).

• Viruses can increase their chances of spreading on to other
computers by infecting files on a network file system or a file
system that is accessed by another computer.
• Viruses always mostly corrupt or modify system files on the
targeted computer.
Types of Viruses:
• Boot sector Virus: It infects the boot sector of the system,
executing every time system is booted and before the
operating system is loaded. It infects other bootable media
like floppy disks. These are also known as memory
viruses as they do not infect the file systems.
• Macro Virus: Unlike most viruses which are written in a low-
level language(like Cor assembly language),these arewritten
in a high-level language like Visual Basic. These viruses are
triggered when a program capable of executing a macro is
run. For example, the macro viruses can be contained in
spreadsheet files.
• Source code Virus: It looks for source code and modifies it
to include virus and to help spread it.

• Polymorphic Virus: A virus signature is a pattern that can
identify a virus(a series of bytes that make up virus code). So
in order to avoid detection by antivirus a polymorphic virus
changes each time it is installed. The functionality of the virus
remains the same but its signature is changed.
• Encrypted Virus: In order to avoid detection by antivirus, this
type of virus exists in encrypted form. It carries a decryption
algorithm along with it. So the virus first decrypts and then
executes.
_____________________________________________________________
5. Firewall Design Principles
A Firewall is a hardware or software to prevent a private computer
or a network of computers from unauthorized access, it acts as a
filter to avoid unauthorized users from accessing private
computers and networks. It filters network packets and stops
malware from entering the user’s computer or network by blocking
access and preventing the user from being infected.
Designing an effective firewall involves several important steps to
ensure that the network remains secure from various threats.

1. Developing Security Policy
• The policy is tailored to the specific needs of the company or
client.
• Without a proper security policy, it is impossible to effectively
control network access.
• A well-developed policy reduces risk by ensuring proper
security measures are in place.
2. Simple Solution Design
• A simpler design makes it easier to update and adapt to new
threats.
• Complex designs can lead to mistakes that open up security
gaps.
• Efficiency and ease of use are critical for ongoing security
management.
3. Choosing the Right Device
• Determine the specific security needs before selecting a
device.
• Ensure the chosen device is up-to-date and suitable for the
task.
• Incorrect or outdated devices weaken network security.
4. Layered Defense
• A multi-layered approach enhances overall security.

• Each layer can be tailored to defend against specific threats.
• This approach makes it harder for attackers to penetrate the
entire network.
5. Consider Internal Threats
• Design internal security measures to prevent unauthorized
actions by insiders.
• Use filtering to monitor traffic moving between different
security levels.
• Implement different levels of security to control internal
access.
_____________________________________________________________

Unit 4
1. Cyber Crime
Cybercrime or a computer-oriented crime is a crime that includes
a computer and a network. The computer may have been used in
the execution of a crime or it may be the target. Cybercrime is the
use of a computer as a weapon for committing crimes such as
committing fraud, identity theft, or breaching privacy. Cybercrime,
especially through the Internet, has grown in importance as the
computer has become central to every field like commerce,
entertainment, and government.
Prevention of Cyber Crime:
Below are some points by means of which we can prevent cyber
crime:
1. Use strong password – Maintain different password and
username combinations for each account and resist the
temptation to write them down. Weak passwords can be
easily cracked using certain attacking methods like Brute
force attack, Rainbow table attack etc. So make them
complex. That means combination of letters, numbers and
special characters.
2. Use trusted antivirus in devices – Always use trustworthy
and highly advanced antivirus software in mobile and

personal computers. This leads to the prevention of different
virus attack on devices.
3. Keep social media private – Always keep your social media
accounts data privacy only to your friends. Also make sure
only to make friends who are known to you.
4. Keep your device software updated – Whenever you get the
updates of the system software update it at the same time
because sometimes the previous version can be easily
attacked.
5. Use secure network – Public Wi-Fi are vulnerable. Avoid
conducting financial or corporate transactions on these
networks.
6. Never open attachments in spam emails – A computer get
infected by malware attacks and other forms of cybercrime is
via email attachments in spam emails. Never open an
attachment from a sender you do not know.
7. Software should be updated – Operating system should be
updated regularly when it comes to internet security. This can
become a potential threat when cybercriminals exploit flaws
in the system.
_____________________________________________________________

2. Electronic Governance : IT Act, 2000
• Electronic Governance, also known as e-governance,
involves using computers, the Internet, and digital platforms
to improve government services.
• Instead of relying on paper-based methods, e-governance
makes processes more efficient and accessible through
technology.
• It allows citizens to interact with government services online,
making it easier to access information, complete
transactions, and participate in decision-making.
Provisions of Electronic Governance under IT Act, 2000:
1. Attribution, Acknowledgement, and Dispatch of Electronic
Records
• Attribution: This involves identifying who created or sent an
electronic record, helping to confirm its authenticity and
responsibility.
• Acknowledgement: This is the confirmation that an
electronic record has been received, assuring the sender that
their message was delivered.
• Dispatch: This refers to securely sending electronic records
to the intended recipient.

2. Validity of Contracts Formed Through Electronic Means
• Legal Recognition: Agreements made via emails, websites,
or electronic signatures are legally valid.
• Criteria for Validity: Electronic contracts must meet certain
criteria, such as the consent of parties, accurate recording of
terms, and secure communication.
3. Attribution of Electronic Records
Attribution of electronic records is about identifying the originator
or sender of a digital document or message.
• Establishing Identity: It helps verify the authenticity of
electronic records by confirming who created or transmitted
them.
• Methods Used: Digital signatures, email headers, and
embedded metadata are common methods to attribute
electronic records.
4. Acknowledgement of Receipt
Acknowledgement of receipt confirms that an electronic message
or document has been received.
• Explicit and Implicit Confirmation: This can be a reply to an
email or automated delivery notifications.
• Ensuring Delivery: It assures the sender that their message
reached the intended recipient, establishing accountability
and reducing disputes over delivery.

5. Time and Place of Dispatch and Receipt of Electronic Record
Determining the time and place of dispatch and receipt of
electronic records is essential for validating electronic
transactions and communications.
6. Secure Electronic Records and Secure Electronic Signatures
• Secure Electronic Records: These are protected from
unauthorized access, alteration, or deletion using measures
like encryption and access controls.
• Secure Electronic Signatures: These authenticate the
identity of the signer and ensure the document's integrity,
using cryptographic techniques to prevent tampering.
_____________________________________________________________
3. Basics of Network Security
IP Addresses
• IP Address: A unique string of numbers separated by periods
that identifies each computer using the Internet Protocol to
communicate over a network.
• Function: Acts like a home address for computers on a
network, allowing devices to find and communicate with
each other.

• Types:
o IPv4: Consists of four sets of numbers (e.g.,
192.168.1.1).
o IPv6: A newer version with a longer address format to
accommodate more devices (e.g.,
2001:0db8:85a3:0000:0000:8a2e:0370:7334).
Port Numbers and Sockets
• Port Numbers: Numerical labels in the range 0-65535 used
to identify specific processes or services on a device.
o Common Ports:
▪ HTTP: Port 80
▪ HTTPS: Port 443
▪ FTP: Port 21
• Sockets: Combination of an IP address and a port number,
forming a communication endpoint.
o Example: IP address 192.168.1.1 with port 80 forms a
socket for web traffic.
• Function: Sockets allow for multiple network services on a
single device by using different port numbers.

Hiding IP Addresses:
• VPN (Virtual Private Network): Encrypts your internet
connection and hides your real IP address by using an IP from
the VPN server.
• Proxy Servers: Acts as intermediaries, masking your IP
address with that of the proxy.
• TOR (The Onion Router): Routes your connection through
multiple servers, hiding your IP address through multiple
layers of encryption.
Tracing IP Addresses:
• Purpose: Used for security and investigative purposes to find
the origin of a network communication.
• Methods:
o Traceroute: A network diagnostic tool that shows the
path taken by packets to reach their destination.
o WHOIS Lookup: Provides information about the
registered owner of an IP address.
o IP Logging: Keeping records of IP addresses that
connect to a server or service.
_____________________________________________________________

4. Scanning Techniques
1. Traceroute
• Traceroute is also called as a tracert. It traces the route from
source to the destination.
• It is achieved by using ICMP to send a request.
• It revels all routers between source and destination by
displaying their IP Address to detect where the packet loss or
latency occurs.
2. Ping Sweeping
• A ping sweep (also known as an ICMP sweep) is a basic
network scanning technique used to determine which of a
range of IP addresses map to live hosts (computers).
• Whereas a single ping will tell whether one specified host
computer exists on the network, a ping sweep consists of
ICMP (Internet Control Message Protocol) echo requests
sent to multiple hosts. To do this, the ping requires an address
to send the echo request to, which can be an IP address or a
web server domain name.
• If a given address is live, it will return an ICMP echo reply. To
disable ping sweeps on a network, administrators can block
ICMP echo requests from outside sources

3. Port Scanning
• Port scanning is used to find out which ports are open and
listening for connections.
• This information helps in understanding what services or
applications are running on a device.
• It involves sending connection requests to a range of port
numbers on a target device.
• The responses indicate whether the ports are open
(accepting connections), closed (not open for connections),
or filtered (protected by a firewall).
4. ICMP Scanning
The main goal of ICMP scanning is to identify which devices are up
and running on a network. It helps network administrators manage
and troubleshoot the network.
• Ping Request: The scanner sends a ping (ICMP echo request)
to a range of IP addresses.
• Ping Reply: Devices that are active respond with a ping reply
(ICMP echo reply).
• Analysis: By analyzing the responses, the scanner can
determine which devices are alive and their basic network
status.

5. Fingerprinting
Fingerprinting in network security is a technique used to collect
information about systems and networks to identify potential
threats, weaknesses, and the presence of malicious activities.
They are of two types:
1. Active Fingerprinting: This involves probing and interacting
with the target system. It sends specially crafted packets to a
system and analyzes the responses. In other words, you’re
actively trying to get information from a computer system by
sending it messages and seeing how it responds.
2. Passive Fingerprinting: In contrast, passive fingerprinting
does not initiate communication with the target. Instead, it
monitors network traffic and sniffs out patterns that can
reveal information about the systems involved. In other
words, you’re just observing the data that a computer system
naturally sends out to figure out information about it.
Active and passive fingerprinting can also be applied to email
systems to enhance security and identify potential threats.
• Active Fingerprinting in Email: This would involve sending
test emails or requests to the email server and analyzing the
responses. For example, by sending an email with specific
commands or formats, one could see how the server
processes it.

• Passive Fingerprinting in Email: This method would be
about observing the emails that are being sent from a server
without interacting with it directly.
_____________________________________________________________

Unit 5
1. Buffer Overflow Attacks
Buffer overflow attacks are methods that exploit vulnerabilities in
a program's handling of memory. Here are the main types:
1. Stack Overflows
• Occurs when more data is written to a stack buffer than
it can hold, overwriting adjacent memory.
• The stack is a special region of computer memory that
stores temporary variables created by each function.
2. String Overflows
• A specific type of buffer overflow that occurs when
manipulating strings (arrays of characters).
• Functions like strcpy() or strcat() that do not
check the length of the source string can cause
overflows if the string is too long.
3. Heap Overflows
• Occurs when more data is written to a heap buffer than
it can hold, overwriting adjacent memory.
• The heap is a region of a computer's memory used for
dynamic memory allocation.

4. Integer Overflows
Occurs when an arithmetic operation attempts to
create a numeric value that is outside the range that can
be represented with a given number of bits.
_____________________________________________________________
2. Internal Attacks
1. Emails
• Email Attacks involves unauthorized access or misuse of
email accounts within an organization.
• Employees might click on malicious links or attachments,
leading to malware infections or data breaches.
• It can result in sensitive information being leaked or stolen.
2. Mobile Phones
• It involves exploiting vulnerabilities in employees' mobile
devices.
• Using malware, phishing, or exploiting weak security settings
on personal or company-provided phones.
3. Instant Messengers
• These are attacks using instant messaging platforms like
WhatsApp or Slack.

• It happens through phishing links, malicious file sharing, or
weak passwords.
4. FTP Uploads
• It involves misuse of File Transfer Protocol (FTP) for
unauthorized data transfer.
• This is caused when employees upload sensitive files to
unsecured or unauthorized FTP servers.
• Sensitive data can be intercepted, stolen, or exposed to
unauthorized parties.
5. Dumpster Diving
• It involves searching through physical trash to find sensitive
information.
• It happens when attackers retrieve discarded documents,
like printouts, memos, or sticky notes, containing
confidential information.
6. Shoulder Surfing
• It involves observing someone’s private information by
looking over their shoulder.
• Attackers can watch employees type passwords, read
sensitive documents, or enter private data in public or semi-
public areas.
_____________________________________________________________

3. DoS Attacks
DoS attacks are attempts to interrupt a website or network’s
operations by overwhelming it with traffic. The attacker achieves
this by sending an enormous amount of requests to the target
server, which causes it to slow down or even crash, making it
inaccessible to legitimate users.
Here are various types of DOS attacks:
1. Ping of Death: The "Ping of Death" is a type of cyberattack where
someone sends a very large message to a computer, bigger than
what the computer can handle. This oversized message can cause
the computer to crash, freeze, or restart. It's like overloading a
machine with too much work at once, causing it to break down.
2. Teardrop Attack: A "Teardrop Attack" is a type of cyberattack
where someone sends pieces of a message to a computer that
don't fit together properly. When the computer tries to reassemble
these pieces, it gets confused and crashes or freezes.
3. SYN Flooding: A "SYN Flood" attack is a type of cyberattack
where someone sends a lot of connection requests to a computer
but doesn't complete them. The computer gets overwhelmed
trying to handle all these half-open connections, which can make
it slow down or crash.

4. Land Attack: A "Land Attack" is a type of cyberattack where the
attacker sends a crafted TCP SYN packet (a message) to a server
with the source address and source port the same as the
destination address and destination port, causing the server to get
confused and crash.
5. Smurf Attack: A "Smurf Attack" is a type of cyberattack where
someone sends a fake request to many computers, pretending it's
from the target computer. These computers then all send
responses back to the target computer, overwhelming it with traffic
and causing it to slow down or crash.
6. UDP Flooding: A "UDP Flood" attack is a type of cyberattack
where someone sends a huge amount of UDP (User Datagram
Protocol) packets to a computer very quickly. This overwhelms the
computer's ability to process the packets, causing it to slow down
or crash.
7. Hybrid DoS Attack: A "Hybrid DoS Attack" is a type of
cyberattack that combines multiple methods to overwhelm a
computer or network, making it unavailable to users. For example,
an attacker might use a combination of SYN Flood, UDP Flood, and
other techniques simultaneously to increase the chances of
disrupting the target. This makes it harder for the target to defend
against because they have to deal with several types of attacks at
the same time.

8. Application-specific Attacks: These attacks involve targeting
specific weaknesses in certain software programs instead of trying
to break into an entire computer network. For instance, someone
might exploit a flaw in a website's code to steal data or make the
site do something it shouldn't, like redirecting users to malicious
websites.
_____________________________________________________________
4. DoS vs. DDoS
DDoS Attack stands for Distributed Denial of Service Attack. In this
attack DoS Attacks are done from many different locations using
many systems. Each source sends traffic that may appear
legitimate, making it harder to filter out malicious requests.
DoS DDoS
In DoS attack, single system
targets the victim’s system.
In DDoS, multiple systems
attack the victim’s system.
Victim PC is loaded from the
packets of data sent from a
single location.
Victim PC is loaded from the
packets of data sent from
multiple location.

DoS DDoS
DoS attack is slower as
compared to DDoS.
DDoS attack is faster than DoS
attack.
Can be blocked easily as only
one system is used.
It is difficult to block this attack
as multiple devices are sending
packets and attacking from
multiple locations.
DoS attacks are easy to trace.
DDoS attacks are difficult to
trace.
Volume of traffic in the DoS
attack is less as compared to
DDoS.
DDoS attacks allow the
attacker to send massive
volumes of traffic to the victim
network.
Types of DoS Attacks are:
1. Buffer overflow attacks
2. Ping of Death or ICMP flood
3. Teardrop Attack
4. Flooding Attack
Types of DDoS Attacks are:
1. Volumetric Attacks
2. Fragmentation Attacks
3. Application Layer Attacks
4. Protocol Attack.

Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT

Recommended

Recommended

More Related Content

Similar to Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT

Similar to Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT (20)

Recently uploaded

Recently uploaded (20)

Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT