Unit 1: Introduction to Network Security & Cyber Security Concepts PDF

Summary

This document provides an introduction to network security and cyber security concepts. It covers the need for network security, including confidentiality, integrity, and availability (CIA) concepts. It also introduces various network devices such as repeaters, hubs, and switches.

Full Transcript

Need of Network Security

The network needs security against attackers and hackers. Network
Security includes two basic securities. The first is the security of
data information i.e. to protect the information from unauthorized
access and loss. And the second is computer security i.e. to protect
data and to thwart hackers. Here network security not only means
security in a single network rather in any network or network of
networks.\
Now our need of network security has broken into two needs. One is the
need of information security and other is the need of computer
security.\
On internet or any network of an organization, thousands of important
information is exchanged daily. This information can be misused by
attackers. The information security is needed for the following given
reasons.

1. To protect the secret information users on the net only. No other
person should see or access it.

2. To protect the information from unwanted editing, accidently or
intentionally by unauthorized users.

3. To protect the information from loss and make it to be delivered to
its destination properly.

4. To manage for acknowledgement of message received by any node in
order to protect from denial by sender in specific situations. For
example let a customer orders to purchase a few shares XYZ to the
broader and denies for the order after two days as the rates go
down.

5. To restrict a user to send some message to another user with name of
a third one. For example a user X for his own interest makes a
message containing some favourable instructions and sends it to user
Y in such a manner that Y accepts the message as coming from Z, the
manager of the organization.

6. To protect the message from unwanted delay in the transmission
lines/route in order to deliver it to required destination in time,
in case of urgency.

7. To protect the data from wandering the data packets or information
packets in the network for infinitely long time and thus increasing
congestion in the line in case destination machine fails to capture
it because of some internal faults.

**CIA (Confidentiality, Integrity, Authentication)**

**Confidentiality:** The term confidentiality means that the data which
is confidential should remain confidential. In other words,
confidentiality means secret should stay secret.

**Integrity**: The term integrity means that the data being worked with
is the correct data, which is not tampered or altered.

Availability: The term availability means that the data you need should
always be available to you.

**Authentication** provides a way of identifying a user, typically
requiring a Userid/Password combo before granting a session. 
Authentication process controls access by requiring valid user
credentials.  After the Authentication process is completed
successfully, a user must be given authorization (permission) for
carrying out tasks within the server.

**AAA (Authentication, Authorization, Accounting)**

AAA stands for Authentication, Authorization and Accounting. AAA are a
set of primary concepts that aid in understanding computer and network
security as well as access control. These concepts are used daily to
protect property, data, and systems from intentional or even
unintentional damage. AAA is used to support the Confidentiality,
Integrity, and Availability (CIA) security concept.

**Authentication** provides a way of identifying a user, typically
requiring a Userid/Password combo before granting a session. 
Authentication process controls access by requiring valid user
credentials.  After the Authentication process is completed
successfully, a user must be given authorization (permission) for
carrying out tasks within the server.

**Authorization** is the process that determines whether the user has
the authority to carry out a specific task. Authorization controls
access to the resources after the user has been authenticated.

**Accounting** keeps track of the activities the user has performed in
the server.

**Network Devices (Hub, Repeater, Bridge, Switch, Router, Gateways and
Brouter)**

**1. Repeater** -- A repeater operates at the physical layer. Its job is
to regenerate the signal over the same network before the signal becomes
too weak or corrupted so as to extend the length to which the signal can
be transmitted over the same network. An important point to be noted
about repeaters is that they do not amplify the signal. When the signal
becomes weak, they copy the signal bit by bit and regenerate it at the
original strength. It is a 2 port device. 

**2. Hub** --  A hub is basically a multiport repeater. A hub connects
multiple wires coming from different branches, for example, the
connector in star topology which connects different stations. Hubs
cannot filter data, so data packets are sent to all connected devices. 
In other words, the [[collision
domain]](https://en.wikipedia.org/wiki/Collision_domain) of
all hosts connected through Hub remains one.  Also, they do not have the
intelligence to find out the best path for data packets which leads to
inefficiencies and wastage. 

**Types of Hub** 

- - -

**3. Bridge** -- A bridge operates at the data link layer. A bridge is a
repeater, with add on the functionality of filtering content by reading
the MAC addresses of source and destination. It is also used for
interconnecting two LANs working on the same protocol. It has a single
input and single output port, thus making it a 2 port device.

**Types of Bridges** 

- -

**4. Switch** -- A switch is a multiport bridge with a buffer and a
design that can boost its efficiency(a large number of ports imply less
traffic) and performance. A switch is a data link layer device. The
switch can perform error checking before forwarding data, which makes it
very efficient as it does not forward packets that have errors and
forward good packets selectively to the correct port only.  In other
words, the switch divides the collision domain of hosts, but [broadcast
[ ]
domain](https://en.wikipedia.org/wiki/Broadcast_domain) remains the
same.   \
**5. [Routers](https://www.geeksforgeeks.org/network-devices-hub-repeater-bridge-switch-router-gateways/#Routers)** --
A router is a device like a switch that routes data packets based on
their IP addresses. The router is mainly a Network Layer device. Routers
normally connect LANs and WANs together and have a dynamically updating
routing table based on which they make decisions on routing the data
packets. Router divide broadcast domains of hosts connected through it.

https://media.geeksforgeeks.org/wp-content/cdn-uploads/Network\_devices.jpg

  \

**6. Gateway** -- A gateway, as the name suggests, is a passage to
connect two networks together that may work upon different networking
models. They basically work as the messenger agents that take data from
one system, interpret it, and transfer it to another system. Gateways
are also called protocol converters and can operate at any network
layer. Gateways are generally more complex than switches or routers.
Gateway is also called a protocol converter. 

**7. Brouter** -- It is also known as the bridging router is a device
that combines features of both bridge and router. It can work either at
the data link layer or a network layer. Working as a router, it is
capable of routing packets across networks, and working as the bridge,
it is capable of filtering local area network traffic. 

**8. NIC **-- NIC or network interface card is a network adapter that is
used to connect the computer to the network. It is installed in the
computer to establish a LAN.  It has a unique id that is written on the
chip, and it has a connector to connect the cable to it. The cable acts
as an interface between the computer and router or modem. NIC card is a
layer 2 device which means that it works on both physical and data link
layer of the network model. 

**DNS (Domain Name System)**

Domain name, often referred to as "web address", is the address that
people type into a browser address bar to find your website. A
registered domain name is unique to you and can't be used by anyone
else, as it functions on the Internet in a similar way like a street
address in the physical world.

DNS (Domain Name System) is an internet service that translates domain
names into IP\
addresses.\
Because domain names are alphabetic, they\'re easier to remember for a
human being but The\
Internet is really based on IP addresses.

Every time you use a domain name, therefore, a DNS service must
translate the domain name into the corresponding IP address. For
example, the domain name www.google.com might translate to
198.105.232.4.\
The DNS system is, in fact, its own network. If one DNS server
doesn\'t know how to translate a particular domain name, it asks another
one, and so on, until the correct IP address is returned.\
**Distributed database design is more preferred over a centralized
design to\
implement DNS in the Internet**

\
Fig. Portion of the hierarchy of DNS servers\
suppose a DNS client wants to determine the IP address for the
hostname www.amazon.com:\
1. The client first contacts one of the root servers, which returns IP
addresses for TLD (Top level DNS Server) servers for the top-level
domain com.\
2. The client then contacts one of these TLD servers, which returns the
IP address of an\
authoritative server for amazon.com.\
3. Finally, the client contacts one of the authoritative servers for
amazon.com, which returns the IP address for the hostname
[www.amazon.com](http://www.amazon.com).

Dynamic Host Configuration Protocol (DHCP)
==========================================

- -

Dynamic Host Configuration Protocol

Dynamic Host Configuration Protocol (DHCP) is a network management
protocol used to dynamically assign an IP address to nay device, or
node, on a network so they can communicate using IP (Internet Protocol).

DHCP automates and centrally manages these configurations. There is no
need to manually assign IP addresses to new devices. Therefore, there is
no requirement for any user configuration to connect to a DHCP based
network.

DHCP can be implemented on local networks as well as large enterprise
networks. DHCP is the default protocol used by the most routers and
networking equipment. DHCP is also called RFC (Request for comments)
2131.

- DHCP manages the provision of all the nodes or devices added or
dropped from the network.

- DHCP maintains the unique IP address of the host using a DHCP
server.

- It sends a request to the DHCP server whenever a client/node/device,
which is configured to work with DHCP, connects to a network. The
server acknowledges by providing an IP address to the
client/node/device.

DHCP is also used to configure the proper subnet mask, default gateway
and DNS server information on the node or device.

There are many versions of DCHP are available for use in IPV4 (Internet
Protocol Version 4) and IPV6 (Internet Protocol Version 6).

How DHCP works
--------------

DHCP runs at the application layer of the TCP/IP protocol stack to
dynamically assign IP addresses to DHCP clients/nodes and to allocate
TCP/IP configuration information to the DHCP clients. Information
includes subnet mask information, default gateway, IP addresses and
domain name system addresses.

DHCP is based on client-server protocol in which servers manage a pool
of unique IP addresses, as well as information about client
configuration parameters, and assign addresses out of those address
pools.

### The DHCP lease process works as follows:

- First of all, a client (network device) must be connected to the
internet.

- DHCP clients request an IP address. Typically, client broadcasts a
query for this information.

- DHCP server responds to the client request by providing IP server
address and other configuration information. This configuration
information also includes time period, called a lease, for which the
allocation is valid.

- When refreshing an assignment, a DHCP clients request the same
parameters, but the DHCP server may assign a new IP address. This is
based on the policies set by the administrator.

Components of DHCP
------------------

When working with DHCP, it is important to understand all of the
components. Following are the list of components:

- **DHCP Server:** DHCP server is a networked device running the DCHP
service that holds IP addresses and related configuration
information. This is typically a server or a router but could be
anything that acts as a host, such as an SD-WAN appliance.

- **DHCP client:** DHCP client is the endpoint that receives
configuration information from a DHCP server. This can be any device
like computer, laptop, IoT endpoint or anything else that requires
connectivity to the network. Most of the devices are configured to
receive DHCP information by default.

- **IP address pool:** IP address pool is the range of addresses that
are available to DHCP clients. IP addresses are typically handed out
sequentially from lowest to the highest.

- **Subnet:** Subnet is the partitioned segments of the IP networks.
Subnet is used to keep networks manageable.

- **Lease:** Lease is the length of time for which a DHCP client holds
the IP address information. When a lease expires, the client has to
renew it.

- **DHCP relay:** A host or router that listens for client messages
being broadcast on that network and then forwards them to a
configured server. The server then sends responses back to the relay
agent that passes them along to the client. DHCP relay can be used
to centralize DHCP servers instead of having a server on each
subnet.

What is an Intrusion Detection System (IDS)?
--------------------------------------------

An intrusion detection system (IDS) is a device or software application
that monitors a network for malicious activity or policy violations. Any
malicious activity or violation is typically reported or collected
centrally using a security information and event management system. Some
IDS's are capable of responding to detected intrusion upon discovery.
These are classified as intrusion prevention systems (IPS).

### IDS Detection Types

There is a wide array of IDS, ranging from antivirus software to tiered
monitoring systems that follow the traffic of an entire network. The
most common classifications are:

- **Network intrusion detection systems (NIDS):** A system that
analyzes incoming network traffic.

- **Host-based intrusion detection systems (HIDS):** A system that
monitors important operating system files.

### IDS Usage in Networks

When placed at a strategic point or points within a network to monitor
traffic to and from all devices on the network, an IDS will perform an
analysis of passing traffic, and match the traffic that is passed on the
subnets to the library of known attacks. Once an attack is identified,
or abnormal behaviour is sensed, the alert can be sent to the
administrator.

Why Intrusion Detection Systems are Important
---------------------------------------------

Modern networked business environments require a high level of security
to ensure safe and trusted communication of information between various
organizations. An intrusion detection system acts as an adaptable
safeguard technology for system security after traditional technologies
fail. Cyber attacks will only become more sophisticated, so it is
important that protection technologies adapt along with their threats.

What is an Intrusion Prevention System?
---------------------------------------

An intrusion prevention system (IPS) is an automated network security
device used to monitor and respond to potential threats. Like an
intrusion detection system (IDS), an IPS determines possible threats by
examining network traffic. Because an exploit may be carried out very
quickly after an attacker gains access, intrusion prevention systems
administer an automated response to a threat, based on rules established
by the network administrator.

The main functions of an IPS are to identify suspicious activity, log
relevant information, attempt to block the activity, and finally to
report it.

IPS's include firewalls, anti-virus software, and anti-spoofing
software. In addition, organizations will use an IPS for other purposes,
such as identifying problems with security policies, documenting
existing threats and deterring individuals from violating security
policies. IPS have become an important component of all major security
infrastructures in modern organizations.

### How an IPS Works

An intrusion prevention system works by actively scanning forwarded
network traffic for malicious activities and known attack patterns.

The IPS engine analyzes network traffic and continuously compares the
bit stream with its internal signature database for known attack
patterns.

An IPS might drop a packet determined to be malicious, and follow up
this action by blocking all future traffic from the attacker's IP
address or port.

Intrusion prevention systems can also perform more complicated
observation and analysis, such as watching and reacting to suspicious
traffic patterns or packets. Detection mechanisms can include:

- Address matching

- HTTP string and substring matching

- Generic pattern matching

- TCP connection analysis

- Packet anomaly detection

- Traffic anomaly detection

- TCP/UDP port matching

An IPS will typically record information related to observed events,
notify security administrators, and produce reports. To help secure a
network, an IPS can automatically receive prevention and security
updates in order to continuously monitor and block emerging Internet
threats.

### Intrusion Countermeasures

Many IPS can also respond to a detected threat by actively preventing it
from succeeding. They use several response techniques, which involve:

- Changing the security environment -- for example, by configuring a
firewall to increase protections against previously unknown
vulnerabilities.

- Changing the attack\'s content -- for example, by replacing
otherwise malicious parts of an email, like false links, with
warnings about the deleted content.

- Sending automated alarms to system administrators, notifying them of
possible security breaches.

- Dropping detected malicious packets.

- Resetting a connection.

- Blocking traffic from the offending IP address.

Why Intrusion Prevention Systems are Important
----------------------------------------------

Modern networked business environments require a high level of security
to ensure safe and trusted communication of information between various
organizations. An intrusion prevention system acts as an adaptable
safeguard technology for system security after traditional technologies.
The ability to prevent intrusions through an automated action, without
requiring IT intervention means lower costs and greater performance
flexibility. Cyber attacks will only become more sophisticated, so it is
important that protection technologies adapt along with their threats.

What is a Firewall?
-------------------

A firewall can be defined as a special type of network security device
or a software program that monitors and filters incoming and outgoing
network traffic based on a defined set of security rules. It acts as a
barrier between internal private networks and external sources (such as
the public Internet).

The primary purpose of a firewall is to allow non-threatening traffic
and prevent malicious or unwanted data traffic for protecting the
computer from viruses and attacks. A firewall is a cyber security tool
that filters network traffic and helps users block malicious software
from accessing the [Internet](https://www.javatpoint.com/internet) in
infected computers.

Firewall

Why Firewall
------------

Firewalls are primarily used to prevent malware and network-based
attacks. Additionally, they can help in blocking application-layer
attacks. These firewalls act as a gatekeeper or a barrier. They monitor
every attempt between our computer and another network. They do not
allow data packets to be transferred through them unless the data is
coming or going from a user-specified trusted source.

Firewalls are designed in such a way that they can react quickly to
detect and counter-attacks throughout the network. They can work with
rules configured to protect the network and perform quick assessments to
find any suspicious activity. In short, we can point to the firewall as
a traffic controller.

Types of Firewall
=================

There are mainly three types of firewalls, such as **software firewalls,
hardware firewalls, or both**, depending on their structure. Each type
of firewall has different functionality but the same purpose. However,
it is best practice to have both to achieve maximum possible protection.

A hardware firewall is a physical device that attaches between a
computer network and a gateway. For example- a broadband router. A
hardware firewall is sometimes referred to as an **Appliance Firewall**.
On the other hand, a software firewall is a simple program installed on
a computer that works through port numbers and other installed software.
This type of firewall is also called a **Host Firewall**.

The following are types of firewall techniques that can be implemented
as software or hardware:

- Packet-filtering Firewalls

- Circuit-level Gateways

- Application-level Gateways (Proxy Firewalls)

- Stateful Multi-layer Inspection (SMLI) Firewalls

- Next-generation Firewalls (NGFW)

- Threat-focused NGFW

- Network Address Translation (NAT) Firewalls

- Cloud Firewalls

- Unified Threat Management (UTM) Firewalls

### Packet-filtering Firewalls

A packet filtering firewall is the most basic type of firewall. It acts
like a management program that monitors network traffic and filters
incoming packets based on configured security rules. These firewalls are
designed to block network traffic [IP](https://www.javatpoint.com/ip)
protocols, an IP address, and a port number if a data packet does not
match the established rule-set.

While packet-filtering firewalls can be considered a fast solution
without many resource requirements, they also have some limitations.
Because these types of firewalls do not prevent web-based attacks, they
are not the safest.

### Circuit-level Gateways

Circuit-level gateways are another simplified type of firewall that can
be easily configured to allow or block traffic without consuming
significant computing resources. These types of firewalls typically
operate at the session-level of the OSI model by verifying [**[TCP
(Transmission Control
Protocol)]**](https://www.javatpoint.com/tcp) connections
and sessions. Circuit-level gateways are designed to ensure that the
established sessions are protected.

Typically, circuit-level firewalls are implemented as security software
or pre-existing firewalls. Like packet-filtering firewalls, these
firewalls do not check for actual data, although they inspect
information about transactions. Therefore, if a data contains malware,
but follows the correct
[TCP](https://www.javatpoint.com/tcp-ip-full-form) connection, it will
pass through the gateway. That is why circuit-level gateways are not
considered safe enough to protect our systems.

### Application-level Gateways (Proxy Firewalls)

Proxy firewalls operate at the application layer as an intermediate
device to filter incoming traffic between two end systems (e.g., network
and traffic systems). That is why these firewalls are called
**\'Application-level Gateways\'**.

Unlike basic firewalls, these firewalls transfer requests from clients
pretending to be original clients on the web-server. This protects the
client\'s identity and other suspicious information, keeping the network
safe from potential attacks. Once the connection is established, the
proxy firewall inspects data packets coming from the source. If the
contents of the incoming data packet are protected, the proxy firewall
transfers it to the client. This approach creates an additional layer of
security between the client and many different sources on the network.

### Stateful Multi-layer Inspection (SMLI) Firewalls

Stateful multi-layer inspection firewalls include both packet inspection
technology and [TCP](https://www.javatpoint.com/tcp-port) handshake
verification, making SMLI firewalls superior to packet-filtering
firewalls or circuit-level gateways. Additionally, these types of
firewalls keep track of the status of established connections.

In simple words, when a user establishes a connection and requests data,
the SMLI firewall creates a database (state table). The database is used
to store session information such as source IP address, port number,
destination IP address, destination port number, etc. Connection
information is stored for each session in the state table. Using
stateful inspection technology, these firewalls create security rules to
allow anticipated traffic.

### Next-generation Firewalls (NGFW)

Many of the latest released firewalls are usually defined as
**\'next-generation firewalls\'**. However, there is no specific
definition for next-generation firewalls. This type of firewall is
usually defined as a security device combining the features and
functionalities of other firewalls. These firewalls include
**deep-packet inspection (DPI),** surface-level packet inspection, and
TCP handshake testing, etc.

NGFW includes higher levels of security than packet-filtering and
stateful inspection firewalls. Unlike traditional firewalls, NGFW
monitors the entire transaction of data, including packet headers,
packet contents, and sources. NGFWs are designed in such a way that they
can prevent more sophisticated and evolving security threats such as
malware attacks, external threats, and advance intrusion.

### Threat-focused NGFW

Threat-focused NGFW includes all the features of a traditional NGFW.
Additionally, they also provide advanced threat detection and
remediation. These types of firewalls are capable of reacting against
attacks quickly. With intelligent security automation, threat-focused
NGFW set security rules and policies, further increasing the security of
the overall defence system.

In addition, these firewalls use retrospective security systems to
monitor suspicious activities continuously. They keep analysing the
behaviour of every activity even after the initial inspection. Due to
this functionality, threat-focus NGFW dramatically reduces the overall
time taken from threat detection to cleanup.

### Network Address Translation (NAT) Firewalls

Network address translation or NAT firewalls are primarily designed to
access Internet traffic and block all unwanted connections. These types
of firewalls usually hide the IP addresses of our devices, making it
safe from attackers.

When multiple devices are used to connect to the Internet, NAT firewalls
create a unique IP address and hide individual devices\' IP addresses.
As a result, a single IP address is used for all devices. By doing this,
NAT firewalls secure independent network addresses from attackers
scanning a network for accessing IP addresses. This results in enhanced
protection against suspicious activities and attacks.

In general, NAT firewalls works similarly to proxy firewalls. Like proxy
firewalls, NAT firewalls also work as an intermediate device between a
group of computers and external traffic.

### Cloud Firewalls

Whenever a firewall is designed using a cloud solution, it is known as a
cloud firewall or **FaaS (firewall-as-service)**. Cloud firewalls are
typically maintained and run on the Internet by third-party vendors.
This type of firewall is considered similar to a proxy firewall. The
reason for this is the use of cloud firewalls as proxy servers. However,
they are configured based on requirements.

The most significant advantage of cloud firewalls is scalability.
Because cloud firewalls have no physical resources, they are easy to
scale according to the organization\'s demand or traffic-load. If demand
increases, additional capacity can be added to the cloud server to
filter out the additional traffic load. Most organizations use cloud
firewalls to secure their internal networks or entire cloud
infrastructure.

### Unified Threat Management (UTM) Firewalls

UTM firewalls are a special type of device that includes features of a
stateful inspection firewall with anti-virus and intrusion prevention
support. Such firewalls are designed to provide simplicity and ease of
use. These firewalls can also add many other services, such as cloud
management, etc.

Which firewall architecture is best?
------------------------------------

When it comes to selecting the best firewall architecture, there is no
need to be explicit. It is always better to use a combination of
different firewalls to add multiple layers of protection. For example,
one can implement a hardware or cloud firewall at the perimeter of the
network, and then further add individual software firewall with every
network asset.

What is a proxy server and how does it work?
============================================

Every computer that is connected to the network has an
[IP](https://www.javatpoint.com/ip) (Internet Protocol) address that
identifies the device uniquely. Similarly, the **proxy server** is a
computer on the network that has its own IP address. But sometimes, we
want to access those websites or servers that are restricted and we do
not want to show our identity (IP address). In such a scenario, the
**proxy server** comes into existence. We can achieve the same by using
the **proxy server**. It provides varying levels of functionality,
security, and privacy that depend on the use case, needs, or policies of
the company. In this section, we will discuss **what is a proxy
server**, its **types, advantages, need**, and **working of proxy
servers**.

Proxy Server
------------

The **proxy server** is a computer on the internet that accepts the
incoming requests from the client and forwards those requests to the
destination server. It works as a gateway between the end-user and the
internet. It has its own IP address. It separates the client system and
web server from the global network.

In other words, we can say that the proxy server allows us to access any
websites with a different [IP
address](https://www.javatpoint.com/ip-address). It plays an
intermediary role between users and targeted websites or servers. It
collects and provides information related to user requests. The most
important point about a [proxy
server](https://www.javatpoint.com/best-proxy-servers) is that it does
not **encrypt traffic**.

There are two main purposes of proxy server:

- To keep the system behind it anonymous.

- To speed up access to a resource through caching.

Mechanism of Proxy Server
-------------------------

The following figure depicts the mechanism of the proxy server.


The proxy server accepts the request from the client and produces a
response based on the following conditions:

1. If the requested data or page already exists in the local cache, the
proxy server itself provides the required retrieval to the client.

2. If the requested data or page does not exist in the local cache, the
proxy server forwards that request to the destination server.

3. The proxy servers transfer the replies to the client and also being
cached to them.

Therefore, it can be said that the proxy server acts as a client as well
as the [server](https://www.javatpoint.com/server).

What is a proxy server and how does it work

**Network Security Protocol**

There are various categories of protocols like routing protocols, mail
transferring protocols, remote communication protocols, and many more.
Network security protocols are one such category that makes sure that
the security and integrity of the data are preserved over a network.
Various methodologies, techniques, and processes are involved in these
protocols to secure the network data from any illegitimate attempt to
review or extract the actual content of data.

1. **IPSec protocol** is classified by the IETF IPSec Work Group, which
offers authentication of data, integrity, as well as privacy between
2 entities. Manual or dynamic association of management in
cryptographic keys is done with the help of an IETF-specific key
managing protocol named Internet Key Exchange (IKE).

2. **SSL, i.e., Secure Sockets Layer,** is a standard security
mechanism used for preserving a secure internet connection by
safeguarding different sensitive data which is being sent and
receives between 2 systems; which also helps in averting
cybercriminals from reading as well as modifying personal data,
packets or details in the network.

3. **Secure Shell (SSH)** was invented in 1995, a cryptographic network
security protocol used to secure data communication over a network.
It permits the command-line to login remotely as well as the
execution of specific tasks remotely. Various functionalities of FTP
are incorporated in SSH. SSH-1 and SSH-2 are the latest of its kind.

4. **Hypertext Transfer Protocol Secure (HTTPS) **is a secured protocol
used to secure data communication among two or more systems. It set
up an encrypted link with the help of Secure Socket Layer (SSL), now
known as Transport Layer Security (TLS). Since data transferred
using HTTPS is in the encrypted format, it stops cybercriminals from
interpretation and alteration of data throughout the transfer from
browser to the webserver. Even when the cybercriminals capture the
data packets, they will not be able to read them because of the
strong encryption associated with the data packets.