Chapter 7 2 min read
Save

Network Security

Data Communication and Computer Network · BCA · Updated Apr 23, 2026

Table of Contents

Network Security

Network security protects data during transmission against unauthorized access, modification, and denial of service. It encompasses confidentiality, integrity, authentication, non-repudiation, and availability.

Security Goals

Confidentiality ensures only authorised parties can read data. Integrity ensures data is not altered in transit. Authentication verifies the identity of communicating parties. Non-repudiation prevents denial of having sent a message. Availability ensures services remain accessible.

Cryptography Basics

Cryptography transforms plaintext into ciphertext using algorithms and keys. Symmetric-key cryptography uses the same key for encryption and decryption (DES, 3DES, AES). Asymmetric-key cryptography uses a public-private key pair (RSA, ECC). Asymmetric is slower but solves the key distribution problem.

Digital Signatures and Certificates

A digital signature is created by encrypting a message hash with the sender's private key, providing authentication and integrity. Digital certificates bind a public key to an identity and are issued by Certificate Authorities (CAs). The X.509 standard defines certificate format.

Firewalls

A firewall filters traffic between a trusted internal network and an untrusted external network. Packet-filtering firewalls inspect headers (IP, port). Stateful firewalls track connection state. Application-level gateways (proxies) inspect application data. A DMZ (demilitarised zone) hosts public-facing servers between two firewalls.

VPN

A Virtual Private Network (VPN) creates an encrypted tunnel over a public network. Protocols include IPSec (network layer, tunnel and transport modes), SSL/TLS VPN (application layer), and PPTP/L2TP. VPNs provide confidentiality, integrity, and remote access.

Network Attacks

Common attacks include DoS/DDoS (overwhelming a server), man-in-the-middle (intercepting communication), IP spoofing (forging source address), sniffing (capturing packets), phishing (social engineering), and malware (viruses, worms, trojans, ransomware).

Intrusion Detection

An IDS (Intrusion Detection System) monitors network traffic for suspicious activity. Signature-based IDS matches known attack patterns. Anomaly-based IDS detects deviations from normal behaviour. An IPS (Intrusion Prevention System) can actively block detected threats.

Summary

Network security is a multi-layered discipline combining cryptography, firewalls, VPNs, intrusion detection, and security policies. A defence-in-depth approach is essential for protecting modern networks.

Related Notes

1

Introduction to Data Communication

Data Communication and Computer Network · 3 min read
2

Transmission Media

Data Communication and Computer Network · 2 min read
3

Data Link Layer

Data Communication and Computer Network · 2 min read
6

Functional Dependencies and Normalization

Database Management System · 3 min read
1

Introduction to Computer

Fundamental of Computer · 18 min read
3

Research Design

Research Methodology · 2 min read

Discussion

0 comments

Join the discussion

Log in to share your thoughts and help fellow students.

Log in to comment

No comments yet. Be the first to share your thoughts!