📘 Introduction to Network Security — Exam Notes
🔐 1. Definition of Network Security
Network Security refers to the policies, practices, and technologies used to protect computer networks, devices, and data from unauthorized access, misuse, modification, or attacks.
👉 In simple terms:
It ensures that only authorized users can access network resources, and data remains safe and reliable.
🎯 2. Objectives of Network Security (CIA Triad)
The foundation of network security is the CIA Triad:
1. Confidentiality
- Ensures that data is only accessible to authorized users.
- 🔑 Example: Password-protected files, encryption.
2. Integrity
- Ensures that data is not altered or tampered with.
- 🔑 Example: Hash functions, checksums.
3. Availability
- Ensures that network resources are accessible when needed.
- 🔑 Example: Preventing server crashes or DDoS attacks.
🧠 3. Key Concepts in Network Security
🔹 Authentication
- Verifying the identity of a user or device.
- Example: Username & password, biometric login.
🔹 Authorization
- Determines what resources a user can access.
- Example: Admin vs normal user permissions.
🔹 Accounting (Auditing)
- Tracking user activities in the system.
- Example: Login logs, usage records.
👉 These three together are called AAA (Authentication, Authorization, Accounting).
⚠️ 4. Types of Network Threats
1. Passive Attacks
- Monitor data without altering it.
- Example: Eavesdropping, traffic analysis.
2. Active Attacks
-
Modify or disrupt data.
-
Example:
- Man-in-the-Middle (MITM)
- Denial of Service (DoS)
🦠 5. Common Network Attacks
🔸 Malware
🔸 Phishing
- Fake emails/websites to steal user data.
🔸 DoS / DDoS Attacks
- Overload a system to make it unavailable.
🔸 Spoofing
- Pretending to be a trusted entity.
🛡️ 6. Security Mechanisms
🔹 Encryption
- Converts plain text → cipher text.
- Protects confidentiality.
🔹 Firewalls
- Filters incoming and outgoing traffic.
- Acts as a barrier between trusted and untrusted networks.
🔹 Intrusion Detection System (IDS)
- Monitors suspicious activities.
🔹 Antivirus Software
- Detects and removes malware.
🔑 7. Types of Encryption
1. Symmetric Key Encryption
- Same key for encryption & decryption.
- Fast but less secure for sharing keys.
2. Asymmetric Key Encryption
-
Uses two keys:
-
More secure but slower.
📊 8. Important Formulas / Rules
🔸 Encryption Concept
Ciphertext = Encryption(Plaintext, Key)
Plaintext = Decryption(Ciphertext, Key)
🔸 Strong Password Rule
-
At least 8–12 characters
-
Include:
- Uppercase + lowercase letters
- Numbers
- Special symbols
🖼️ 9. Diagram Descriptions (For Exams)
📌 1. CIA Triad Diagram
-
Draw a triangle with:
- Top: Confidentiality
- Bottom left: Integrity
- Bottom right: Availability
📌 2. Firewall Diagram
📌 3. Encryption Process
- Plaintext → Encryption Algorithm → Ciphertext
- Ciphertext → Decryption → Plaintext
🧾 10. Real-Life Examples
- 🔐 HTTPS websites use encryption for secure communication.
- 🏦 Banks use multi-factor authentication.
- 📧 Spam filters protect against phishing emails.
📝 Likely Exam Questions
- Define network security and explain its importance.
- Explain the CIA triad with examples.
- Differentiate between authentication and authorization.
- What are active and passive attacks? Give examples.
- Explain symmetric vs asymmetric encryption.
- What is a firewall and how does it work?
- Describe common network security threats.
- What is AAA (Authentication, Authorization, Accounting)?
- Explain DoS attack with an example.
- Write short notes on:
📌 Quick Summary / Conclusion
- Network security protects data, devices, and systems from attacks.
- The CIA triad (Confidentiality, Integrity, Availability) is the core principle.
- Security involves authentication, authorization, and monitoring.
- Threats include malware, phishing, and DoS attacks.
- Protection tools include encryption, firewalls, and IDS.
👉 In short:
Network security ensures safe, reliable, and authorized communication over networks.