Network Security deals with all aspects related to the protection of the sensitive information assets existing on the network. DNSSEC is another protocol at this layer used for secure exchange of DNS query messages.Incidentally, a security mechanism designed to operate at a higher layer cannot provide protection for data at lower layers, because the lower layers perform functions of which the higher layers are not aware. They include mechanisms for making connections, as well as formatting rules for data packaging for messages sent and received.Several computer network protocols have been developed each designed for specific purposes. This allows them to keep track of connections state and determine which hosts have open, authorized connections at any given point in time.They reference the rule base only when a new connection is requested. All other services are blocked.An application-level proxy gateway, examines and filters individual packets, rather than simply copying them and blindly forwarding them across the gateway. Computer Network Tutorial. In case of reporting of anomaly by IDS, the corrective actions are initiated by the network administrator or other device on the network.Intrusion Prevention System are like firewall and they sit in-line between two networks and control the traffic going through them.

This vulnerability can lead to a session hijacking attack where the attacker steals an HTTP session of the legitimate user.TCP protocol vulnerability is three-way handshake for connection establishment. An attacker can target the communication channel, obtain the data, and read the same or re-insert a false message to achieve his nefarious aims.Network security is not only concerned about the security of the computers at each end of the communication chain; however, it aims to ensure that the entire network is secure.Network security entails protecting the usability, reliability, integrity, and safety of network and data. It can timeout inactive connections at firewall after which it no longer admit packets for that connection.An application-level gateway acts as a relay node for the application-level traffic. In this regard, wireless network are considered less secure than wired network, because wireless network can be easily accessed without any physical connection.After accessing, an attacker can exploit this vulnerability to launch attacks such as −Sniffing the packet data to steal valuable information.Denial of service to legitimate users on a network by flooding the network medium with spurious packets.Spoofing physical identities (MAC) of legitimate hosts and then stealing data or further launching a ‘man-in-the-middle’ attack.Network Protocol is a set of rules that govern communications between devices connected on a network. However, over a period, this protocol became the de-facto standard for the unsecured Internet communication.Some of the common security vulnerabilities of TCP/IP protocol suits are −HTTP is an application layer protocol in TCP/IP suite used for transfer files that make up the web pages from the web servers. In this modern era, organizations greatly rely on computer networks to share information throughout the organization in an efficient and productive manner. For example, only a Telnet proxy can copy, forward, and filter Telnet traffic.If a network relies only on an application-level gateway, incoming and outgoing packets cannot access services that have no proxies configured. ICMP sweep involves discovering all host IP addresses which are alive in the entire target’s network.Trace route is a popular ICMP utility that is used to map target networking by describing the path in real-time from the client to the remote host.An attacker can launch a denial of service attack using the ICMP vulnerability. The process of taking preventive actions to prevent unauthorized access, misuse, malfunction, modification of the network infrastructure to protect the network infrastructure is called network security.

ACL is a table of packet filter rules.As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each incoming packet, finds matching criteria and either permits or denies the individual packets.Stateful firewall monitors the connection setup and teardown process to keep a check on connections at the TCP/IP level. Application-specific proxies check each packet that passes through the gateway, verifying the contents of the packet up through the application layer. It can be a hardware, software, or combined system that prevents unauthorized access to or from internal network.All data packets entering or leaving the internal network pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.Deploying firewall at network boundary is like aggregating the security at a single point. This bootable ISO live DVD/USB Flash Drive (NST Live) is based on Fedora.

They can filter packets at the application layer of the OSI model.An application-specific proxy accepts packets generated by only specified application for which they are designed to copy, forward, and filter. Overview • Network Security Fundamentals • Security on Different Layers and Attack Mitigation • Cryptography and PKI • Resource Registration (Whois Database) • Virtual Private Networks and IPsec . But in reality, the mechanisms used to achieve these goals are highly complex, and understanding them involves sound reasoning.Having developed and identified various security mechanisms for achieving network security, it is essential to decide where to apply them; both physically (at what location) and logically (at what layer of an architecture such as TCP/IP).Several security mechanisms have been developed in such a way that they can be developed at a specific layer of the OSI network layer model.It is considered that designing a cryptographically sound application protocol is very difficult and implementing it properly is even more challenging. A flow record is created for existing connections. These transfers are done in plain text and an intruder can easily read the data packets exchanged between the server and a client.Another HTTP vulnerability is a weak authentication between the client and the web server during the initializing of the session.