Network Security Fundamentals

Network security refers to the practices and measures designed to protect the
integrity, confidentiality, and availability of computer networks and the data they
carry.
It involves implementing tools, technologies, policies, and procedures to safeguard
systems from unauthorized access, misuse, and cyber-attacks.
The goal is to ensure that data transmitted across the network remains safe and
secure, protecting sensitive information from hackers and other threats.
The basic principle of network security is protecting huge stored data and networks
in layers that ensure the enforcement of rules and regulations that have to be
acknowledged before performing any activity on the data.

 Physical Network Security: Focused on preventing unauthorized

individuals from gaining physical access to networking equipment and
compromising the confidentiality of the network.
Example: Biometric systems, access cards,
 Technical Network Security: Focuses on protecting the data stored in the
network or data involved in transitions through the network. This type serves
two purposes. One is protected from unauthorized users, and the other is
protected from malicious activities.
 Administrative Network Security: This level of network security protects
user behavior like how the permission has been granted and how the
authorization process takes place. This also ensures the level of
sophistication the network might need for protecting it through all the attacks.
Vulnerability:

A weakness in a system that can be exploited to cause harm.

 Can be software bugs, misconfigurations, unpatched systems, or even

human errors.
 Exists before an attack happens.

Ex: An unlocked door in our house.

Common network vulnerabilities

Vulnerability Type Example

Unpatched Software Outdated OS, routers, or firewalls with known bugs

Misconfiguration Open ports, weak firewall rules

Weak Passwords Easy-to-guess or reused passwords

Lack of Encryption Sending data in plain text (e.g., HTTP instead of HTTPS
Open Wi-Fi Networks Allows eavesdropping or unauthorized access

Threat:

A potential danger that can exploit a vulnerability to cause damage.

 Could be a person, tool, malware, or natural event (e.g., flood, fire).

 A threat takes advantage of a vulnerability.

Ex: a thief who sees your unlocked door and decides to enter.

Common network Threats

Threat Description
Type

Malware Software like viruses, worms, trojans, ransomware

Phishing Tricking users into giving up sensitive info (often via email or fake
websites)
Unauthorized Hackers breaking into the network
Access
 Man-in-the- Intercepting and altering communication between two parties
Middle (MITM)

Exploits Attacks that target specific software vulnerabilities

Insider Employees or insiders misusing access intentionally or
Threats accidentally

Threat + Vulnerability = Risk of Attack

An attack happens when a threat actor uses a vulnerability to gain unauthorized access
or cause harm.

How to Reduce Vulnerabilities and Defend Against Threats?

Use strong, unique passwords and multi-factor

1. Strong Authentication
authentication
2. Firewalls and IDS/IPS Block unauthorized traffic and detect intrusion attempts
3. Encrypt data- Use HTTPS , VPNs and secure protocols

Basic Security mechanisms:

Enryption:
Encryption is the process of converting readable data (plaintext) into an
unreadable format (ciphertext) to protect it from unauthorized access.

Only someone with the correct key can decrypt it and read the original data.

How Encryption Works?

1. Sender encrypts the message using a key.

2. The encrypted message is sent over the network.
3. The receiver decrypts it using a corresponding key.

Example:

Plaintext: Hello

Encrypted (Ciphertext): @#f90!kd

(depending on algorithm and key)

Receiver uses the key to convert it back to: Hello

Why is Encryption Important in Network Security?

 Protects data in transit (e.g., emails, website traffic)

 Prevents eavesdropping (man-in-the-middle attacks)
 Maintains confidentiality and integrity of communication

Types of Encryption in Networking

1. Symmetric Encryption

 Same key is used for both encryption and decryption.

 Fast and efficient.
 But key must be shared securely.

Used in:

 VPNs (e.g., IPsec)

 File encryption
 Wireless encryption (WPA2)

Examples: AES, DES

2. Asymmetric Encryption (Public Key Encryption)

 Uses two keys:

o Public key (used to encrypt)
o Private key (used to decrypt)
 More secure but slower.

Used in:

 HTTPS (SSL/TLS)
 Digital signatures
 Secure email (PGP)

Examples: RSA, ECC (Elliptic Curve Cryptography)

Benefits of Encryption in Networks

Benefit Explanation

Confidentiality Only authorized parties can read the data

Integrity Prevents tampering (if used with hashing/signatures)

Authentication Confirms the identity of sender/receiver

 Benefit Explanation

Non-repudiation Sender can’t deny sending the message (with digital signatures)

Encryption in Common Network Protocols

Protocol What It Secures Encryption Used

HTTPS Web browsing TLS (with RSA/ECC + AES)

VPN (IPSec, SSL VPN) All network traffic AES, 3DES

SSH Remote logins RSA + AES

Wi-Fi (WPA2/WPA3) Wireless traffic AES

Email (PGP, S/MIME) Email content RSA or ECC

Limitations

 Performance overhead (especially asymmetric encryption)

 Key management complexity
 Does not stop all attacks (e.g., ransomware, phishing)
 Encrypted malware traffic can hide from firewalls

Real-World Example: HTTPS

 When you visit [Link] your browser:

1. Retrieves the site's digital certificate
2. Uses asymmetric encryption to exchange a session key
3. Then uses symmetric encryption for the rest of the session (faster)

All data exchanged is encrypted end-to-end.

VPN

A VPN (Virtual Private Network) is a technology that creates a secure, encrypted

tunnel between your device and another network over the internet.

It allows:

 Safe access to a private network (like a company’s internal system) from

anywhere.
 Protection of data in transit against snooping, tracking, and interception.

Purpose of a VPN in Network Security

Purpose Explanation

Encrypts traffic Prevents hackers from reading data (e.g., on public Wi-Fi)

Hides IP address Masks your real IP to protect identity and location

Secure remote access Lets employees connect to company networks safely

Bypass restrictions Access region-locked content or blocked websites

Protects integrity Ensures that transmitted data isn’t tampered with

How VPN Works?

1. You connect to a VPN client (software on your device).

2. The client encrypts all your data and sends it to a VPN server.
3. The VPN server decrypts it and forwards it to the destination (e.g., a website).
4. Responses follow the same secure path back to your device.

All traffic is tunneled and encrypted between you and the VPN server.

Example:
Without VPN With VPN

Your ISP sees all your online Your ISP sees only that you're connected to a
activity VPN

Data is exposed on public Wi-Fi Data is encrypted, even on public networks

Website sees your real IP/location Website sees VPN server's IP/location
Types of VPNs

1. Remote Access VPN

 Used by individuals to securely access a private network over the internet.

 Common in corporate remote work setups.

2. Site-to-Site VPN

 Connects two or more networks (e.g., branch offices) securely over the
internet.
 Used by businesses for secure inter-office communication.

Benefits of VPN in Network Security

Benefit Description

Confidentiality Keeps data safe from sniffers and hackers

Integrity Protects data from being altered during transmission

Authentication Ensures only authorized users can access the network

Privacy Hides online activity and IP address

Remote Access Enables secure work-from-home or remote admin access

Limitations of VPNs

Limitation Explanation
Performance impact Encryption can slow down network speed
VPN provider may log activity if not privacy-
Not 100% anonymous
focused
Can be blocked Some networks block VPN traffic
Misconfigured VPN Poor setup can lead to leaks (e.g., DNS, IP)

Real-World Use Cases

 Employees working remotely securely access internal tools.

 Users on public Wi-Fi protect their credentials and data.
 Organizations connect remote offices without renting expensive private
lines.
 Privacy-conscious users hide browsing activity from ISPs and trackers.
Firewall
 A firewall is a security device or software that monitors and controls
incoming and outgoing network traffic based on predefined rules.
 It allow safe traffic, block harmful traffic.

OR

A firewall is a network security system, available as hardware or software that

monitors and controls incoming and outgoing traffic based on predefined rules.
It acts like a security guard, filtering data packets to either:
 Accept: Allow the traffic.
 Reject: Block with an error response.
 Drop: Block silently without response.

Importance of Firewalls
A firewall acts as a security barrier between internal systems and external networks.

It forces all traffic through a single checkpoint, where data packets are monitored,
filtered, and either allowed or blocked based on predefined rules.

Firewalls are essential because they:

 Prevent unauthorized access to or from a private network

 Protect systems from malware, hackers, and intrusions
 Filter suspicious or dangerous data
 Enforce security policies in networks

Example: A security guard at a building entrance — checking who can enter and
who should be blocked.

Types of Firewalls

1. Packet-Filtering Firewall

 Examines each packet’s header

 Filters based on IP address, port, protocol
 Fast, but can’t inspect content deeply

Example Rule:

Allow traffic from IP [Link] to port 80

2. Stateful Inspection Firewall

 Keeps track of active connections

 Makes decisions based on context (e.g., connection state)
 More secure than packet filtering

3. Application-Level Firewall (Proxy Firewall)

 Acts as an intermediary between users and services

 Can inspect application data (e.g., HTTP, FTP)
 Very secure, but slower

4. Next-Generation Firewall (NGFW)

 Combines traditional firewall with:

o Deep packet inspection
o Intrusion prevention
o Malware detection
o Application awareness

5. Host-Based Firewall

 Installed on individual devices

 Controls traffic to/from that device only

Example: Windows Defender Firewall

6. Network-Based Firewall

 Deployed at network boundaries

 Protects entire networks or subnets

Example: A hardware firewall in a company’s data center

Working of Firewall:

1. Traffic arrives at the firewall.

2. Firewall checks it against rules (IP, port, protocol, content).
3. Decision:
o ✅ Allow (forward)
o ❌ Block (drop or reject)
4. Logs the event for monitoring/auditing.
 Filter Type Description

IP Addresses Block or allow certain IPs

Ports Allow only specific ports (e.g., 80 for HTTP, 443 for HTTPS)

Protocols TCP, UDP, ICMP, etc.

Packets Analyze and filter packet content (deep inspection)

Applications Control apps like Skype, BitTorrent, etc. (NGFW only)

Benefits of a Firewall

Benefit Explanation

Threat protection Blocks hackers, worms, and other attacks

Access control Enforces security policies (e.g., block external SSH)

Segmentation Protects different network zones (e.g., DMZ)

Monitoring & Logging Keeps track of network activity

Remote access control Filters VPN or remote user connections

Limitations of Firewall

Limitation Description

Can't detect all malware Especially if encrypted or disguised

Misconfiguration risk Bad rules can allow attacks or block legit traffic

No protection from insider

Firewalls can’t stop trusted users from misusing access
threats

Not a substitute for other

Should be combined with antivirus, IDS/IPS, encryption, etc.
defenses