Professional Documents
Culture Documents
Society’s
POOJYA DODDAPPA APPA COLLEGE OF ENGINEERING
Kalaburagi -585 102
(An Autonomous Institution, Affiliated to VTU Belagavi, and Approved by AICTE)
A
SEMINAR REPORT
ON
“NETWORK SECURITY”
Submitted to the
H.K.E. Society’s
POOJYA DODDAPPA APPA COLLEGE OF ENGINEERING, KALABURAGI
(An Autonomous Institution, Affiliated to VTU Belagavi, and Approved by AICTE)
In partial fulfillment of the requirement for the award of the Degree of
BACHELOR OF ENGINEERING
IN
INFORMATION SCIENCE AND ENGINEERING
Submitted by
SNEHAJYOTI (3PD20IS048)
Certificate
This is to certify that Seminar work entitled “NETWORK SECURITY” carried out by
SNEHAJYOTI (USN: 3PD20IS048), is Bonafide student of INFORMATION SCIENCE AND
ENGINEERING in partial fulfillment for the award of bachelor of engineering in POOJYA
DODDAPPA APPA COLLEGE OF ENGINEERING, KALABURAGI an autonomous
Institution, affiliated to Visvesvaraya Technological University, Belagavi during the year2023-2024. It is
certified that all corrections/ suggestions indicated have been incorporated. The Seminar report has been
approved as it satisfies the academic requirements in respect of Seminar report prescribed for the said
degree.
Name & Signature of the Name & Signature of the Name & Signature of the
Guide Head of the Department Principal
Prof. ASHWINI HATTI Dr. VISHWANATH BURKPALLI Dr. S.R. MISE
1.
2.
Acknowledgement
I express my deep sense of gratitude and indebtedness to our esteemed institute
“PDA COLLEGE OF ENGINEERING”, KALABURAGI which has provided me
an opportunity to fulfill the most cherished desire to reach my goal.
I express my foremost gratitude to our principal, Dr. S.R. MISE for his constant
support and valuable guidance.
SNEHAJYOTI (3PD20IS048)
CONTENTS
SL NO. PARTICULARS PAGE NO.
1. INTRODUCTION 01-03
2. OBJECTIVES 04
3. ARCHITECTURE 05-09
4. METHODOLOGY 10
5. APPLICATIONS 11-12
6. MERITS 13
7. DEMERITS 14
8. CONCLUSION 15
REFERENCE 16
NETWORK SECURITY
``
1. INTRODUCTION
Network security is any activity designed to protect the usability and integrity of your network and
data. It includes both hardware and software technologies. It targets a variety of threats. It stops
them from entering or spreading on your network. Effective network security manages access to
the network. It is a crucial component in the realm of information technology, focused on
safeguarding the integrity, confidentiality, and availability of data transmitted across computer
networks. With the increasing reliance on digital communication and the interconnected nature of
modern systems, the importance of network security cannot be overstated. This discipline
encompasses a range of strategies and technologies designed to detect, prevent, and respond to
unauthorized access, cyberattacks, and data breaches. As organizations and individuals navigate
an evolving landscape of cyber threats, implementing robust network security measures becomes
paramount to ensure the protection of sensitive information and maintain the trust of users. It is a
set of rules and configurations designed to protect the integrity, confidentiality and accessibility of
computer networks and data using both software and hardware technologies.
(a) (b)
Fig.2(a) & 2(b) Representation of the relation between cybersecurity and network security
Definition:
Cyber security is a subset of information security which refers to a set of techniques and
methodologies used to protect integrity of networks, devices, programs, and data from damage,
attack, or unauthorized access. In simple terms, cyber security is the practice of protecting
internet-connected systems and networks from digital attacks. Network security, on the other
hand, is the act of protecting files and directories in a network of computers against misuse,
hacking, and unauthorized access to the system. Network security is a subset of cyber security
which protects the integrity of your network and network-accessible resources from unauthorized
access.
Security:
While both the terms are synonymous with each other, they are very different in terms of security.
If you think of an organization as a fortified castle, network security is concerned about
maintaining peace within the walls of the castle and protecting the sovereignty of the organization
from network related threats. Cyber security, on the other hand, protects the organization from
outside threats such as from the cyber realm. It protects the systems, networks, and programs of an
organization from all kinds of digital attacks like phishing, baiting, baiting, etc. Network security
is all about protecting the organization’s IT infrastructure from all kinds of online threats such as
viruses.
Data:
Cyber security is a broad term like information security, whereas network security is one aspect of
cyber security. While in both the cases, the most critical component is the integrity of data and
programs, cyber security takes monitoring and detection of threats to a greater degree.
The primary concern of network security is to safeguard organizations’ IT infrastructure from
within, whereas cyber security deals with safeguarding organizations’ information and security
technologies (ICT) from potential cyber threats that exploit vulnerabilities in the system.
Firewalls, ID and passwords, backup, encryption, come under network security.
Security professional:
Cyber security professionals or analysts are the individuals who take full responsibility of
protecting network infrastructure and interconnected systems through their expertise and
knowledge of databases, firewalls, internet security, and encryption. A cyber security professional
serves as an expert on cyber security protection, detection, and recovery. The main job of a
security professional is to monitor all incoming and outgoing traffic, and work in collaboration
with different departments in the organization to coordinate risk management tools and
technologies. The job of a network security professional revolves around protecting IT
infrastructure of the organization which includes securing information assets, financial
information and other confidential information.
1. Confidentiality: Confidentiality part of Network Security makes sure that the data is
available only to intended and authorized persons. Access to data should be only for
those individuals who are permitted to use that data.
2. Integrity: The function of Integrity is to make sure that the data is accurate and is not
changed by unauthorized persons or hackers. The data received by the recipient must be
exactly same as the data sent from the sender, without change in even single bit of data.
3. ARCHITECTURE
How it works:
A firewall is a network security device or software that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. The primary purpose of a firewall
is to establish a barrier between a trusted internal network and untrusted external networks, such
as the internet. Firewalls play a crucial role in enhancing the overall security of a network by
enforcing access policies and preventing unauthorized access or malicious activities.
A system called an intrusion detection system (IDS) observes network traffic for malicious
transactions and sends immediate alerts when it is observed. It is software that checks a network
or system for malicious activities or policy violations. Each illegal activity or violation is often
recorded either centrally using a SIEM system or notified to an administration. IDS monitors a
network or system for malicious activity and protects a computer network from unauthorized
access from users, including perhaps insiders. The intrusion detector learning task is to build a
predictive model (i.e. a classifier) capable of distinguishing between ‘bad connections’
(intrusion/attacks) and ‘good (normal) connections’.
NETWORK SEGEMENTATION:
Segmentation works by controlling how traffic flows among the parts. You could choose to stop
all traffic in one part from reaching another, or you can limit the flow by traffic type, source,
destination, and many other options. How you decide to segment your network is called a
segmentation policy.
Imagine a large bank with several branch offices. The bank's security policy restricts branch
employees from accessing its financial reporting system. Network segmentation can enforce the
security policy by preventing all branch traffic from reaching the financial system. And by
reducing overall network traffic, the financial system will work better for the financial analysts
who use it.
Some traditional technologies for segmentation included internal firewalls, and Access Control
List (ACL) and Virtual Local Area Network (VLAN) configurations on networking equipment.
However, these approaches are costly and difficult. Today, software-defined access technology
simplifies segmentation by grouping and tagging network traffic. It then uses traffic tags to
enforce segmentation policy directly on the network equipment, yet without the complexity of
traditional approaches.
ENDPOINT SECURITY:
Endpoint security is the practice of safeguarding the data and workflows associated with the
individual devices that connect to your network. Endpoint protection platforms (EPP) work by
examining files as they enter the network. Modern EPPs harness the power of the cloud to hold an
ever-growing database of threat information, freeing endpoints of the bloat associated with storing
all this information locally and the maintenance required to keep these databases up to date.
The EPP provides system administrators a centralized console, which is installed on a network
gateway or server and allows cybersecurity professionals to control security for each device
remotely. The client software is then assigned to each endpoint—it can either be delivered as a SaaS
and managed remotely, or it can be installed directly on the device. Once the endpoint has been set
up, the client software can push updates to the endpoints when necessary, authenticate log-in
attempts from each device, and administer corporate policies from one location. EPPs secure
endpoints through application control—which blocks the use of applications that are unsafe or
unauthorized—and through encryption, which helps prevent data loss.
When the EPP is set up, it can quickly detect malware and other threats. Some solutions also include
an Endpoint Detection and Response (EDR) component. EDR capabilities allow for the detection of
more advanced threats, such as polymorphic attacks, fileless malware, and zero-day attacks. By
employing continuous monitoring, the EDR solution can offer better visibility and a variety of
response options.
4. METHODOLOGY
Network security requires a comprehensive methodology to safeguard digital assets and sensitive
information. A fundamental step involves conducting a thorough risk assessment to identify
potential threats and vulnerabilities. Access control measures, employing the principle of least
privilege, are crucial to limit unauthorized entry. Firewalls and Intrusion Detection/Prevention
Systems (IDS/IPS) play a pivotal role in monitoring and responding to suspicious activities.
Encryption, both in transit and at rest, ensures the confidentiality of data. Regular updates and
patch management are essential to address known vulnerabilities. Establishing and enforcing
security policies, coupled with ongoing employee training, create a security-aware culture.
Network segmentation helps contain breaches, while a well-defined incident response plan
enables swift and effective action during security incidents. Continuous monitoring, detailed
logging, and periodic audits contribute to proactive threat detection and mitigation. Physical
security measures, backup protocols, and secure configurations further fortify the network against
potential risks. Endpoint security, vendor management, and adherence to regulatory compliance
standards complete the holistic approach, recognizing that network security is an ongoing,
adaptive process.
5. APPLICATIONS
2. Access Control: Implementing access controls limits the permissions and privileges of
users and devices within a network. This helps prevent unauthorized access and restricts
users to only the resources they need.
4. Encryption: Encrypting data both in transit and at rest ensures that even if unauthorized
parties gain access to the data, they cannot understand or use it without the appropriate
decryption keys.
6. MERITS
6. Threat Detection and Response: Enables the detection of potential threats in real-time,
allowing for prompt response and mitigation to minimize the impact of security
incidents.
7. Protection Against Malware: Guards against malware, viruses, and other malicious
software that can compromise the security and functionality of a network.
8. User Authentication and Authorization: Ensures that only authorized users have
access to specific resources through robust authentication and authorization
mechanisms.
7. DEMERITS
4. Performance Impact: Intensive security protocols, such as encryption and deep packet
inspection, can impact network performance, leading to slower data transfer speeds.
6. Resistance to Change: Implementing new security measures might face resistance from
users or employees accustomed to less secure but more convenient practices.
7. Human Error: Security measures are only as effective as their implementation, and
human error, such as misconfigurations or lapses in judgment, can compromise the
security of a network.
8. Balancing Act: Striking the right balance between a secure network and user
convenience can be challenging, as overly restrictive measures may hinder productivity.
8. CONCLUSION
In conclusion, the network security seminar provided valuable insights into the ever-evolving
landscape of cyber threats and the imperative measures to safeguard digital infrastructures.
Delving into topics such as encryption protocols, intrusion detection systems, and the emerging
challenges posed by sophisticated attacks, the seminar underscored the critical importance of a
proactive and multi-layered approach to network security. As technology advances, so do the
intricacies of potential vulnerabilities, necessitating a continual commitment to stay abreast of
emerging threats. The session served as a reminder that fostering a culture of cybersecurity
awareness and implementing robust defense mechanisms are pivotal in fortifying networks against
the relentless tide of cyber threats in our interconnected world.
REFERENCES
3. Computer Network Security and Technology Research Published by : IEEE, Authors: Fan
Yan, Yang Jian Wen, Cheng Lin.(2017)