IP & System Security
IP Security (IPsec) & Secure Communication Protocols
What is IP Security (IPsec)?
IPsec (Internet Protocol Security) is a security framework that protects data at the IP (network) layer.
It provides:
- Confidentiality
- Authentication
- Integrity
- Protection against replay attacks
IPsec secures IP packets, not applications.
IPsec Architecture
Main Components of IPsec Architecture
| Component | Description |
|---|---|
| Authentication Header (AH) | Provides authentication & integrity |
| Encapsulating Security Payload (ESP) | Provides encryption |
| Security Association (SA) | Security agreement |
| Key Management | Key exchange & control |
| Modes | Transport & Tunnel |
IPsec Modes
| Mode | Description | Use Case |
|---|---|---|
| Transport Mode | Protects payload only | End-to-end |
| Tunnel Mode | Protects full packet | VPNs |
Real-Life Example
- VPN connections
- Corporate network security
- Government communication
Authentication Header (AH)
What is AH?
Authentication Header (AH) ensures:
- Data integrity
- Data origin authentication
- Anti-replay protection
❌ AH does not provide encryption
AH Header Fields
| Field | Purpose |
|---|---|
| Next Header | Type of next protocol |
| SPI | Security Association ID |
| Sequence Number | Prevent replay |
| Authentication Data | Integrity check |
Real-Life Example
- Verifying sender identity
- Preventing packet tampering
Encapsulating Security Payload (ESP)
What is ESP?
ESP provides:
- Confidentiality (encryption)
- Integrity
- Authentication (optional)
- Anti-replay protection
ESP Packet Structure
| Part | Function |
|---|---|
| ESP Header | SPI, Sequence number |
| Encrypted Payload | Actual data |
| ESP Trailer | Padding |
| Authentication Data | Integrity |
Difference: AH vs ESP
| Feature | AH | ESP |
|---|---|---|
| Encryption | ❌ No | ✅ Yes |
| Authentication | ✅ Yes | ✅ Yes |
| Integrity | ✅ Yes | ✅ Yes |
| Usage | Limited | Widely used |
Combining Security Associations (SA)
What is Security Association (SA)?
A Security Association is a one-way logical connection that defines:
- Encryption algorithm
- Authentication algorithm
- Keys
- Lifetime
SA Characteristics
- Unidirectional
- Identified by SPI
- Exists before communication
SA Bundles (Combination)
| Combination | Purpose |
|---|---|
| AH + ESP | Authentication + Encryption |
| Transport + Tunnel | Layered security |
| Multiple ESP | Multi-level protection |
Real-Life Example
- Corporate VPN + authentication
- Secure government tunnels
Key Management in IPsec
Why Key Management Is Needed
- Secure key generation
- Automatic key exchange
- Key refresh & deletion
Internet Key Exchange (IKE)
| Version | Feature |
|---|---|
| IKEv1 | Basic |
| IKEv2 | Faster & more secure |
IKE Functions
- Authentication
- SA establishment
- Key exchange (Diffie-Hellman)
Secure Socket Layer (SSL)
What is SSL?
SSL (Secure Socket Layer) is a security protocol that secures communication between:
- Web browser
- Web server
SSL operates at transport layer.
Services Provided by SSL
| Service | Description |
|---|---|
| Encryption | Secure data transfer |
| Authentication | Server verification |
| Integrity | Prevent tampering |
SSL Handshake Process
- Client Hello
- Server Certificate
- Key exchange
- Secure session starts
Real-Life Example
- HTTPS websites
- Online banking
- E-commerce portals
Secure Electronic Transaction (SET)
What is SET?
SET (Secure Electronic Transaction) is a protocol designed for secure online credit card payments.
Developed by:
- Visa
- MasterCard
SET Participants
| Entity | Role |
|---|---|
| Cardholder | Customer |
| Merchant | Seller |
| Issuer Bank | Customer bank |
| Acquirer Bank | Merchant bank |
| Payment Gateway | Transaction processor |
SET Features
| Feature | Description |
|---|---|
| Confidentiality | Card details protected |
| Authentication | Buyer & seller verified |
| Integrity | No data modification |
| Non-repudiation | Transaction proof |
Why SET Failed Commercially
- Complex infrastructure
- High cost
- SSL became dominant
Comparison: IPsec vs SSL
| Feature | IPsec | SSL |
|---|---|---|
| Layer | Network | Transport |
| Transparency | Application-independent | App-specific |
| Use | VPNs | Web security |
| Complexity | High | Moderate |
Final Quick Revision Table
| Topic | Key Point |
|---|---|
| IPsec | Network layer security |
| AH | Authentication only |
| ESP | Encryption + security |
| SA | Security agreement |
| Key Management | IKE |
| SSL | Secure web |
| SET | Secure payments |
System Security
What is System Security?
System security refers to protecting:
- Computers
- Networks
- Data
- Applications
from unauthorized access, misuse, damage, or attacks.
Goal: Confidentiality, Integrity, Availability (CIA Triad)
Introductory Idea of Intrusion
What is an Intrusion?
An intrusion is any unauthorized attempt to:
- Access a system
- Modify data
- Disrupt services
Simple Meaning
Intrusion is like someone entering your house without permission.
Types of Intrusion
| Type | Description | Example |
|---|---|---|
| External Intrusion | Attack from outside | Hacker breaking into server |
| Internal Intrusion | Insider misuse | Employee stealing data |
| Physical Intrusion | Hardware access | USB attack |
| Logical Intrusion | Software-based | Password cracking |
Real-Life Examples
- Unauthorized login
- Website defacement
- Data theft
- Ransomware attack
Intrusion Detection System (IDS)
What is Intrusion Detection?
Intrusion Detection is the process of monitoring system activity to detect suspicious behavior.
IDS detects attacks but does not block them.
Types of IDS
| IDS Type | Description |
|---|---|
| Host-Based IDS (HIDS) | Monitors individual system |
| Network-Based IDS (NIDS) | Monitors network traffic |
| Signature-Based IDS | Matches known attack patterns |
| Anomaly-Based IDS | Detects unusual behavior |
IDS Working (Simple)
- Collect system/network data
- Analyze traffic or logs
- Detect abnormal behavior
- Generate alert
Real-Life Example
- Alert when someone tries multiple wrong passwords
- Detection of malware activity
IDS vs IPS
| Feature | IDS | IPS |
|---|---|---|
| Action | Detect | Detect + Prevent |
| Response | Alert only | Blocks attack |
| Placement | Monitoring | Inline |
Viruses and Related Threats
What is a Computer Virus?
A computer virus is a malicious program that:
- Attaches itself to files
- Replicates
- Damages system or data
Types of Viruses & Threats
| Threat | Description | Example |
|---|---|---|
| Virus | Attaches to program | File infection |
| Worm | Self-replicates | Network spread |
| Trojan Horse | Disguised as software | Fake antivirus |
| Ransomware | Encrypts data | WannaCry |
| Spyware | Steals information | Keylogger |
| Adware | Displays ads | Pop-up malware |
Virus Life Cycle
- Dormant
- Propagation
- Triggering
- Execution
Real-Life Impact
- Data loss
- System crash
- Financial loss
- Privacy breach
Protection Against Viruses
| Method | Purpose |
|---|---|
| Antivirus software | Detect & remove |
| Regular updates | Patch vulnerabilities |
| Avoid unknown links | Prevent infection |
| Backup data | Recovery |
Firewalls
What is a Firewall?
A firewall is a security device or software that:
- Monitors network traffic
- Allows or blocks data based on rules
Firewall acts like a security gate.
Types of Firewalls
| Firewall Type | Description |
|---|---|
| Packet Filtering Firewall | Checks packets |
| Stateful Firewall | Tracks connections |
| Application Firewall | Filters application data |
| Proxy Firewall | Acts as middleman |
| Next-Gen Firewall | Advanced security |
Firewall Working (Simple)
- Incoming packet arrives
- Firewall checks rules
- Packet allowed or blocked
Real-Life Example
- Office network protection
- Home Wi-Fi router firewall
- Data center security
Advantages & Limitations
| Advantages | Limitations |
|---|---|
| Prevents unauthorized access | Cannot stop internal attacks |
| Easy to configure | Cannot stop all malware |
| Improves security | Needs regular updates |
Final Comparison Table
| Security Aspect | Role |
|---|---|
| Intrusion | Unauthorized access |
| IDS | Detects intrusion |
| Virus | Malicious software |
| Firewall | Network protection |
Final Quick Revision Table
| Topic | Key Point |
|---|---|
| System Security | Protect systems |
| Intrusion | Unauthorized access |
| IDS | Attack detection |
| Malware | System damage |
| Firewall | Traffic control |
MCA Exam Writing Tips
- Start with definition
- Write types in table form
- Add real-life examples
- Draw simple diagrams