IP and System Security

            
Cybersecurity: IP and System Security
├── 1. IP Security (IPSec)
│   ├── Authentication Header (AH)
│   └── Encapsulating Security Payload (ESP)
│
└── 2. System Security
    ├── Intruders
    ├── Intrusion Detection System (IDS)
    ├── Viruses
    ├── Firewall Design Principles
    ├── Trusted Systems
    ├── OS Security
    └── Program Security

When we think of cybersecurity, protecting systems and data goes beyond just passwords — it’s about securing both the communication channels and the systems themselves. In this unit, we focus on two key areas: IP Security and System Security.
We’ll start with IP Security (IPSec), which is all about protecting data as it travels over networks. You’ll learn about two core components — the Authentication Header (AH), which ensures the data hasn't been tampered with, and the Encapsulating Security Payload (ESP), which keeps the contents confidential and secure.
After that, we move on to the broader topic of System Security, where we look at threats like intruders and viruses, and how we can detect or block them using tools like Intrusion Detection Systems (IDS) and firewalls. We also explore what makes a system "trusted", how the operating system plays a major role in security, and how vulnerabilities in programs themselves can be exploited if not properly secured.

Authentication Header (AH) – Verifying the Sender and Integrity

Think of AH as a digital signature on your message. It doesn't hide the content, but it makes sure:

The data really came from the sender.
It wasn't changed during transmission.

AH is like sealing the envelope with a signature wax stamp. Anyone can read the letter (because it's not encrypted), but if the seal is broken or the stamp doesn't match, you know something's wrong.
What AH Protects:
- Source authenticity: Confirms who sent the data.
- Integrity: Ensures the data wasn't modified.
- Anti-replay: Blocks old or duplicated packets from being reused in attacks.
- But remember—AH doesn't provide confidentiality. The data inside is still visible to anyone. That's where ESP comes in.

Encapsulating Security Payload (ESP) – Keeping Data Confidential

Now, imagine you want to send a secret message—one that nobody else should read. You'd use a locked box. That's what ESP does.
ESP encrypts the data, which means even if someone intercepts it, they'll only see gibberish. And just like AH, ESP can also verify authenticity and integrity (if configured to do so).

What ESP Offers:

Confidentiality: Encrypts the data so it can't be read by others.
Integrity and authenticity: Optional features to ensure the data is genuine and unchanged.
Replay protection: Prevents attackers from resending captured packets.
So, ESP = encryption + optional integrity + anti-replay
Whereas AH = only integrity + authenticity + anti-replay

AH vs. ESP — Which One Do You Use?

It depends on the situation.

Feature	AH	ESP
Encrypts data?	No	Yes
Verifies sender?	Yes	Optional
Checks for tampering?	Yes	Yes
Protects header?	Some parts	More parts
Used for privacy?	No	Yes

So, if you're sending something sensitive like a password or personal message, you'd use ESP.
If you just need to make sure the data hasn't been tampered with, AH might be enough.
In most real-world scenarios today, ESP is more commonly used, because encryption is usually essential.

Where is IP Security (IPSec) Used?

IPSec is widely used in:

VPNs (Virtual Private Networks): To create secure "tunnels" between your device and a remote server.
Secure communication between offices or servers.
Protecting data in sensitive systems, like banking, defense, or healthcare.

Let's say you're working remotely and connecting to your company network using a VPN. That secure connection? Most likely built using IPSec!

Wrapping Up — Why Does IPSec Matter?

Because it ensures:

Your private emails, passwords, and sensitive info stay safe while traveling across the internet.
Hackers can't snoop, tamper, or pretend to be someone else.
Big networks like corporate or government systems can trust their communication pipelines.

So next time you hear about a secure connection or see the term "IPSec tunnel," you'll know it's not magic—just some clever use of AH and ESP working behind the scenes

What is System Security?

Imagine your computer or network is a kingdom. System Security is the entire army, walls, moats, and laws that protect it from invaders (hackers), disasters (viruses), and internal spies (insiders). It’s not just one tool—it’s a combination of strategies, tools, and practices to keep everything safe.
System Security refers to the collection of security mechanisms, policies, and procedures used to protect computer systems and networks from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure.

Why does it matter?

Protects your data (photos, bank details, secrets).
Keeps services running (no ransomware shutting down hospitals!).
Builds trust (would you shop on a website that gets hacked every week?).
Real-Life Example: When the Colonial Pipeline got hacked in 2021, it disrupted fuel supply across the U.S. for days. System Security failures can have real-world chaos!

Breaking Down System Security

Under the "System Security" umbrella, we tackle threats from all angles. Let’s explore each sub-topic in order, like layers of defense:

1. Intruders: Who’s Trying to Break In?

Think of intruders as uninvited guests at a party. They want to crash your system, steal data, or cause chaos.
An intruder is any unauthorized entity (user, script, or program) attempting to gain access to system resources or data without proper authorization.
Types of Intruders:
- Script Kiddies: Amateurs using pre-made tools (like a thief with a crowbar from YouTube).
- Hacktivists: Motivated by politics or ideology (e.g., hacking a government site to protest).
- Insiders: Employees leaking data—like a cashier sneaking money from the register.
- Advanced Persistent Threats (APTs): Sophisticated, long-term attackers (think “spy movie” hackers).
How They Get In:
- Phishing emails (“Click this fake UPS link!”).
- Exploiting weak passwords (“password123”).
- Unpatched software vulnerabilities (like leaving a window unlocked).
Real-Life Example: The 2013 Target breach started with hackers stealing an HVAC vendor’s credentials!
Why Care? → Intruders are the reason we need tools like IDS to catch them before they cause harm.

2. Intrusion Detection Systems (IDS): The Digital Watchdog

An IDS isn’t just a guard—it’s a guard with a magnifying glass, analyzing everything.
An IDS (Intrusion Detection System) is a device or software application that monitors network or system activities for malicious activities or policy violations.
How It Works:
- Signature-Based Detection:
  - Matches patterns to a database of known attacks (like recognizing a wanted criminal’s face).
  - Example: Blocking traffic that matches a known ransomware signature.
- Anomaly-Based Detection:
  - Learns “normal” behavior and flags deviations (e.g., your quiet office printer suddenly sending gigabytes of data).
  - Example: Your smart fridge trying to connect to a Russian server at 2 AM.
- Hybrid Systems: Combine both for better accuracy (like a detective using fingerprints and witness accounts).
Limitations:
- False alarms (your cat stepping on the keyboard might look like a hacker!).
- Can’t stop attacks—only alert you. That’s why we pair it with… firewalls!

3. Viruses & Malware: The Sneaky Saboteurs

Viruses are just one type of malware. Let’s meet the whole “malicious family”:
Malware (malicious software) is any software intentionally designed to cause damage to a computer, server, client, or network.
Types of Malware:
- Viruses: Attach to files (e.g., a corrupted Word doc).
- Worms: Spread without user action.
- Trojans: Disguised as harmless software.
- Ransomware: Locks your files until you pay.
How They Spread:
- Email attachments, infected ads (malvertising), USB drives, pirated software.
Real-Life Example: The ILOVEYOU virus (2000) caused $15 billion in damage by tricking users to open a “love letter” email.
Fighting Back: Use antivirus software, but also build a strong gatekeeper—your firewall.

4. Firewalls: The Ultimate Gatekeeper

A firewall isn’t just a wall—it’s a smart filter deciding what traffic enters/leaves your network.
A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on predetermined security rules.
Types of Firewalls:
- Packet-Filtering: Checks basic headers (IP address, port).
- Stateful Inspection: Tracks active connections.
- Next-Gen Firewalls (NGFW): Adds deep packet inspection.
- Proxy Firewalls: Acts as a middleman, hiding your network.
Home Example: Your Wi-Fi router’s firewall blocks strangers from accessing your smart TV.
Corporate Example: A company firewall blocks employees from accessing risky sites like illegal torrents.
But Even Firewalls Can’t Stop Everything → For critical systems, we need Trusted Systems.

Firewall Design Principles

Firewalls are a critical line of defense for any network, but to be truly effective, they need to be thoughtfully designed. Below are the key principles to guide you when building or managing a firewall system.

1. Developing a Security Policy

Before setting up a firewall, you need a well-defined security policy — this acts as the blueprint for what your firewall should allow or block. A clear policy ensures your firewall protects the right things without overcomplicating the setup.

Identify what services the organization needs:
- Web browsing (HTTP/HTTPS)
- Email (SMTP/IMAP/POP3)
- Remote access (VPN, SSH)
Decide who should access what:
- Admins: full access
- Employees: limited access
Define acceptable use policies and risk levels you're willing to tolerate.

Having a policy helps you avoid vague rules like “block bad traffic” and instead focus on meaningful, targeted protection.

2. Simple Design

When designing firewall rules, simplicity wins. A clean, minimal rule set is easier to manage, reduces errors, and improves security.

Use only the rules you need — keep them easy to understand
Eliminate redundant or conflicting rules
Start with “deny all,” then allow specific, necessary traffic

A simple setup leads to better visibility, easier troubleshooting, and faster updates.

3. Choosing the Right Device

Firewalls come in different types — each suited for specific needs. Choosing the right one depends on your network's size, complexity, and security demands.

Packet-filtering firewall:
- Fast and simple but has limited filtering capabilities
Stateful inspection firewall:
- Monitors active connections and provides better control
Application-layer firewall (proxy):
- Understands specific protocols like HTTP/FTP
- Offers deeper security but may slow traffic
Next-Gen Firewall (NGFW):
- Includes advanced features like IDS/IPS, app control, deep inspection
- Ideal for modern enterprise environments

Select based on your current needs and future scalability.

4. Layered Defense (Defense in Depth)

Firewalls are strongest when used as part of a layered security approach. Relying on just one security layer is risky — multiple layers create backup protection.

Deploy firewalls both at the network perimeter and internally
Combine with:
- IDS/IPS systems
- Antivirus and endpoint protection tools
- Network segmentation using VLANs
If one defense fails, others are still in place to stop the threat

It’s like having multiple locks on a door — more barriers mean better security.

5. Consider Internal Threats

Firewalls shouldn’t just focus on threats from the outside. Internal users can also pose risks — intentionally or by accident.

Set up internal firewalls between departments or zones
Monitor and log internal traffic patterns for anything unusual
Use role-based access control (RBAC):
- Users only get access to what they need — nothing more
Regularly audit internal access attempts and activities

Employees might fall for phishing emails or unknowingly install malware, so your firewall strategy must account for internal risks too.

5. Trusted Systems: The Digital Fort Knox

These are systems built with security as the #1 priority, often used for top-secret data.
A trusted system is a system that employs security measures to enforce a set of policies and is trusted to handle sensitive or critical operations without compromising integrity, confidentiality, or availability.
Key Features:
- Mandatory Access Control (MAC): Users can’t override permissions.
- Audit Logs: Records every action.
- Formal Verification: Mathematically proven to be secure.
Real-World Uses:
- Military databases, nuclear power plant controls, medical records.
Example: Apple’s T2 Security Chip encrypts data on MacBooks—a “trusted” hardware layer.
But Trusted Systems Still Run on… → Operating Systems, which need their own security!

6. OS Security: Protecting the Foundation

Your OS (Windows, macOS, Linux) is like the foundation of a house. If it’s weak, everything collapses.
Operating System Security involves implementing security measures at the OS level to ensure the confidentiality, integrity, and availability of the system and data.
Key Protections:
- User Account Control (UAC): Asks for permission before installing software.
- File Permissions: Stops guests from deleting system files.
- Kernel Protection: Safeguards the core of the OS.
Common Threats:
- Privilege escalation (a hacker gaining admin access).
- Zero-day exploits (attacks on unpatched vulnerabilities).
Example: Windows Defender (built-in antivirus) vs. ransomware attacks.
But Even a Secure OS Can’t Fix… → Badly coded apps! Enter Program Security.

7. Program Security: Coding Without “Oops” Moments

Program security is about writing software that’s resistant to attacks.
Program Security involves designing, writing, and maintaining software in a way that prevents vulnerabilities that could be exploited by attackers.
Common Vulnerabilities:
- Buffer Overflow: Hackers flood a program with data to hijack it.
- SQL Injection: Sending malicious database queries through a login form (e.g.,
```
' OR 1=1 --
```
  to bypass passwords).
- Cross-Site Scripting (XSS): Injecting malicious code into websites (e.g., stealing cookies).
Secure Coding Practices:
- Input validation (sanitizing user data).
- Using prepared statements for databases.
- Regular code reviews and penetration testing.
Real-Life Fail: The 2017 Equifax breach happened due to unpatched Apache Struts software.

How Everything Connects: The Security Puzzle

Intruders try to sneak in → IDS spots them → Firewalls block suspicious traffic.
Viruses slip through → Antivirus quarantines them → OS Security limits damage.
Trusted Systems protect critical data → Program Security ensures apps don’t have backdoors.
It’s like a castle with walls, guards, traps, and a moat—each layer adds protection!