Computer Network Security
Computer Network Security
Hindi Definition: Network security mein "Attack" ka matlab hai koi bhi aisi koshish jo kisi computer ya network ke data ko churaane, dekhne ya usme badlav karne ke liye ki jaye. Ye attacks hamare system ki CIA (Confidentiality, Integrity, Availability) ko nuksan pahunchate hain.
English Definition: A security attack is any action that compromises the security of information owned by an organization or an individual. It is designed to exploit vulnerabilities in a system to steal or modify data.
CIA (Confidentiality, Integrity, Availability)
Hindi Definition: CIA Triad ek model hai jo kisi bhi system ki security ko define karta hai. Agar kisi system mein ye teen cheezein (Confidentiality, Integrity, Availability) hain, toh wo system "Secure" mana jata hai.
Hindi Definition: Iska matlab hai ki data ya information sirf unhi logo ko dikhni chahiye jinke paas uska access hai. Anjaan ya unauthorized logo se data ko chhupa kar rakhna hi Confidentiality hai.
English Definition: Confidentiality ensures that sensitive information is accessed only by authorized users and is protected from unauthorized disclosure or leaking.
Subject-Related Example: Maan lijiye aapka BCA 6th Sem ka Result aane wala hai. Aapka result sirf aap dekh sakte hain ya university dekh sakti hai. Agar koi dusra student aapka result bina apki marzi ke dekh le, toh iska matlab "Confidentiality" breach (toot) gayi.
Hindi Definition: Iska matlab hai ki data jaisa sender ne bheja hai, receiver ke paas bilkul waisa hi pahunchna chahiye. Beech raste mein koi bhi usme ek dot ya comma bhi change na kar sake.
English Definition: Integrity ensures that data remains accurate, complete, and unchanged during transmission or storage, unless modified by an authorized person.
Subject-Related Example: Maan lijiye aapne Online Exam diya aur "Submit" button dabaya. Agar raste mein koi hacker ya technical glitch aapke "A" grade ko badal kar "F" grade kar de, toh iska matlab data ki "Integrity" khatam ho gayi. Security ka kaam hai data ko sahi salamat pahunchana.
Hindi Definition: Iska matlab hai ki jab bhi kisi authorized user (asli user) ko system ya data ki zarurat ho, wo system hamesha "Ready" aur "Chalu" milna chahiye.
English Definition: Availability ensures that systems, networks, and data are available and functional for users whenever they need them without any delay.
Subject-Related Example: Maan lijiye kal aapka BCA ka Paper hai aur aap University ki website se "Admit Card" download karna chahte hain. Lekin website par itna traffic aa gaya ya kisi ne attack kar diya ki website khul hi nahi rahi. Iska matlab "Availability" fail ho gayi.
Summary for Exam (Point to Remember):
Confidentiality = Data Chori na ho (Privacy).
Integrity = Data Badla na jaye (Accuracy).
Availability = System hamesha chalu rahe (Access).
1. Passive Attack
Hindi Definition: Is attack mein hacker sirf aapke data ya messages ko chupchap padhta ya monitor karta hai. Wo aapke system ko koi nuksan nahi pahunchata aur na hi message ko badalta hai. Ise pakadna bahut mushkil hota hai kyunki system pe koi asar nahi dikhta.
English Definition: A passive attack attempts to learn or make use of information from the system but does not affect system resources. The goal is to obtain data that is being transmitted.
Real-life Example: Maan lijiye aapne apne kisi dost ko ek letter likha. Postman ne raste mein letter khola, use pura padha, wapas band kiya aur dost ko de diya. Aapko aur aapke dost ko pata hi nahi chala ki kisi ne letter padha hai. Ye Passive Attack hai.
2. Active Attack
Hindi Definition: Isme hacker message ko badal deta hai, ya aapki identity chura leta hai, ya system ko hi band kar deta hai. Isme system ke resources par asar padta hai aur ise detect karna aasaan hota hai.
English Definition: An active attack involves some modification of the data stream or the creation of a false stream. It affects the system's integrity and availability.
Real-life Example: Maan lijiye aapne bank ko ₹500 ka check diya. Kisi ne beech mein 500 ko kaat kar ₹5000 kar diya. Yahan data "Change" hua hai, isliye ye Active Attack hai.
Passive attack mein hacker data ko badalta nahi, sirf chori-chupe dekhta hai. Iske do main types hain:
A. Release of Message Contents
Hindi Definition: Jab koi hacker do logo ke beech ho rahi private baaton (messages, emails, files) ko bina permission ke padh leta hai.
English Definition: It involves the unauthorized interception of a message, where the attacker reads the sensitive information being transmitted.
Subject-Related Example: Maan lijiye ek Professor ne Principal ko "Exam Paper" email kiya. Agar koi student raste mein us email ko intercept (pakad) karke paper padh le, toh use "Release of Message Contents" kahenge.
B. Traffic Analysis
Hindi Definition: Agar message encrypted hai (yaani hacker use padh nahi pa raha), toh wo ye dekhta hai ki message kisne bheja, kisko bheja, aur kitni baar bheja. Wo pattern pakadne ki koshish karta hai.
English Definition: In this attack, the attacker observes the pattern of messages, their frequency, and length to guess the nature of communication, even if the data is encrypted.
Subject-Related Example: Ek student roz raat ko 12 baje University server par login karta hai. Hacker ne ye "pattern" pakad liya. Bhale hi use password na pata ho, par use pata hai ki 12 baje kuch important activity hoti hai.
Active attack mein hacker system ke saath ched-chad karta hai. Iske char (4) main types hain:
A. Masquerade (Dhokhadhadi)
Hindi Definition: Jab ek banda kisi dusre authorized user ki pehchaan (ID/Password) chura kar system mein enter kar jata hai aur aisa dikhata hai ki wahi asli user hai.
English Definition: A masquerade attack takes place when one entity pretends to be a different entity to gain unauthorized access.
Subject-Related Example: Aapke dost ne aapka login-ID aur password chura liya aur aapki jagah Online Exam de diya. System ko laga ki aap hi ho, par asliyat mein wo Masquerade attack tha.
B. Replay Attack
Hindi Definition: Isme hacker ek valid message ko beech mein copy kar leta hai aur use baad mein dubara bhejta hai taaki system ko dhoka de sake.
English Definition: A replay attack occurs when an attacker captures a valid data transmission and later retransmits it to produce an unauthorized effect.
Subject-Related Example: Maan lijiye aapne library mein book issue karane ke liye ek digital request bheji. Hacker ne wahi request 10 baar dubara bhej di, jisse aapke naam par 10 books dikhne lagin.
C. Modification of Messages
Hindi Definition: Jab hacker asli message ko beech raste mein hi badal deta hai taaki galat information pahunche.
English Definition: Modification means that some portion of a legitimate message is altered, or messages are delayed or reordered to produce an unauthorized effect.
Subject-Related Example: Ek teacher ne server par marks charhaye "35". Hacker ne beech mein use modify karke "85" kar diya. Ye message modification hai.
D. Denial of Service (DoS)
Hindi Definition: System ya network par itna faltu traffic bhej dena ki asli users use use hi na kar payein. Ye server ko crash kar deta hai.
English Definition: A DoS attack prevents or inhibits the normal use of communication facilities by flooding the system with useless traffic.
Subject-Related Example: Exam result aane ke time, agar koi hacker University ki website par lakhon fake requests bhej de, toh website slow ho jayegi ya band ho jayegi. Aap apna result nahi dekh paoge. Ye DoS attack hai.
Hindi Definition: Ye wo facilities ya features hain jo ek network provide karta hai taaki data transfer ke waqt security bani rahe. Ye batata hai ki humein kis cheez se suraksha chahiye.
English Definition: Security services are the services provided by a system to ensure adequate security of data or systems. They define the security goals that an organization wants to achieve.
Types of Security Services (X.800 Standard):
Authentication: Ye confirm karna ki user asli hai ya koi fraud.
Access Control: Ye limit karna ki kaunsa user kaunsa data dekh sakta hai.
Data Confidentiality: Data ko chori hone ya leak hone se bachana.
Data Integrity: Ye ensure karna ki data raste mein badla na gaya ho.
Non-repudiation: Iska matlab hai ki sender message bhej kar baad mein mukar (deny) na sake ki "Maine nahi bheja".
Subject-Related Example: Maan lijiye aap BCA ki Online Fee bhar rahe hain.
Authentication: Bank pehle aapka OTP check karta hai (Pehchaan).
Data Integrity: Jitni fees aapne bhari, utni hi bank mein jama honi chahiye.
Hindi Definition: Ye wo technical tareeke, software codes, ya mathematical formulas (algorithms) hain jinhe hum use karte hain Security Services ko poora karne ke liye.
English Definition: Security mechanisms are the technical methods or processes that are used to implement security services. They are the actual tools that provide protection.
Types of Security Mechanisms:
Encipherment (Encryption): Data ko mathematical formula (0&1) se aise code mein badalna jo koi samajh na sake.
Digital Signature: Ek electronic code jo message ke saath attach hota hai sender ki pehchaan pakki karne ke liye.
Traffic Padding: Message ke saath faltu data (bits) jodh dena taaki hacker traffic ka pattern na samajh sake.
Routing Control: Data ko hamesha ek safe raste se bhejna.
Subject-Related Example:
Agar humein Confidentiality (Service) chahiye, toh hum Encryption (Mechanism) ka use karenge.
Jaise aapke WhatsApp messages "Encrypted" hote hain taaki koi aur na padh sake.
Model for Internetwork Security
Hindi Definition: Ye model hamein ye batata hai ki ek sender aur ek receiver ke beech data transfer karte waqt security ke kaun-kaun se components kaam karte hain. Jab data kisi "Unsecure Channel" (jaise Internet) se guzarta hai, toh use kaise safe banaya jata hai.
English Definition: The model for internetwork security illustrates how a message is transformed to protect it from attackers while it travels through an insecure communication channel. It involves a security-related transformation and a secret key.
1. Message to be Sent (Plaintext)
Hindi: Wo asli data jise hum bhejna chahte hain.
English: The original message or data that needs to be transmitted securely.
2. Security-Related Transformation (Encryption Algorithm)
Hindi: Wo mathematical formula jo message ko "Ciphertext" (unreadable code) mein badal deta hai.
English: An algorithm used to scramble the message so that an attacker cannot understand it.
3. Secret Information (Key)
Hindi: Ek secret chabi ya password jo sirf sender aur receiver ko pata hota hai. Bina is key ke, message ko unlock nahi kiya ja sakta.
English: A secret key shared between the sender and receiver used by the algorithm to encrypt and decrypt the message.
4. Trusted Third Party (Optional)
Hindi: Ek aisa bharosemand sansthan (Jaise Certificate Authority) jo dono parties ki pehchaan (identity) confirm karta hai.
English: An entity responsible for distributing secret keys or verifying the identity of the parties involved.
Subject-Related Example: Maan lijiye aap University Portal par apna password change kar rahe hain:
Aapne naya password likha (Plaintext).
Browser ne use ek code mein badla (Transformation/Encryption).
Browser aur Server ke beech ek secret code share hua (Secret Key).
Data internet ke raste gaya (Information Channel).
University ka "Security Certificate" ye pakka karta hai ki aap sahi website par hain (Trusted Third Party).
Hindi Definition: Cryptography ek aisi technique hai jisme hum message ko ek "Secret Code" mein badal dete hain taaki koi unauthorized person use padh na sake. Iska main maqsad data ko "Confidential" rakhna hota hai.
English Definition: Cryptography is the practice and study of techniques for secure communication in the presence of third parties. It involves transforming readable data into an unreadable format and vice versa.
1. Plain Text
Hindi: Wo asli aur readable message jo koi bhi padh sakta hai.
English: Plaintext is the original, unencrypted message or data that is input into an encryption algorithm.
Subject-Related Example: Agar aapne message likha "HELLO", toh ye Plaintext hai.
2. Encryption
Hindi: Plaintext ko ek mathematical formula (algorithm) ka use karke "Secret Code" mein badalne ki process.
English: Encryption is the process of converting plaintext into ciphertext to hide its original meaning.
Subject-Related Example: "HELLO" ko algorithm se badal kar "KHOOR" bana dena.
3. Cipher Text
Hindi: Encryption ke baad jo "unreadable" ya "gibberish" data milta hai, use Ciphertext kehte hain. Ise bina key ke samjha nahi ja sakta.
English: Ciphertext is the scrambled or encrypted message produced as the output of an encryption algorithm.
Subject-Related Example: "KHOOR" jo ki kisi ko samajh nahi aa raha, wo Ciphertext hai.
4. Key
Hindi: Ek secret password ya value jo algorithm ke saath milkar message ko lock ya unlock karti hai.
English: A key is a secret piece of information (numeric or alphanumeric) used to control the operation of a cryptographic algorithm.
Subject-Related Example: Maan lijiye hamara rule hai "har letter ko 3 step aage badhao", toh yahan "3" hamari Key hai.
5. Decryption
Hindi: Ciphertext ko wapas uske asli roop (Plaintext) mein badalne ki process taaki receiver use padh sake.
English: Decryption is the reverse process of encryption, converting ciphertext back into readable plaintext using a key.
Subject-Related Example: "KHOOR" ko wapas "HELLO" bana dena.
6. Cryptanalysis
Hindi: Bina key ke, kisi ciphertext ko todne (crack karne) ki art ya science. Ise "Code Breaking" bhi kehte hain.
English: Cryptanalysis is the study of ciphertext, ciphers, and cryptosystems with the aim of finding vulnerabilities to break them without knowing the key.
Subject-Related Example: Ek hacker jo bina password ke aapki encrypted file ko decode karne ki koshish kar raha hai.
Plaintext -->> {Encryption + Key} -->> Ciphertext -->> {Decryption + Key}} -->> Plaintext
Hindi Definition: Isme message ko lock karne (Encrypt) aur unlock karne (Decrypt) ke liye do alag-alag chabiyon (Keys) ka use hota hai. Ek hoti hai Public Key (jo sabko pata hoti hai) aur ek hoti hai Private Key (jo sirf owner ke paas hoti hai).
English Definition: Public Key Encryption, also known as asymmetric encryption, uses a pair of keys: a public key for encryption and a private key for decryption. Data encrypted with the public key can only be decrypted by its corresponding private key.
Subject-Related Example: Maan lijiye aapke college ka ek "Digital Dropbox" hai. Uska lock aisa hai ki koi bhi student usme assignment daal sakta hai (Public Key), lekin us box ko kholkar assignment sirf professor nikal sakta hai (Private Key).
Hindi Definition: Jaise hum paper par pen se sign karte hain apni pehchaan batane ke liye, waise hi digital documents par Digital Signature lagaya jata hai. Ye pakka karta hai ki message asli sender ne hi bheja hai aur raste mein kisi ne use badla nahi hai.
English Definition: A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document or message. It ensures that the sender cannot deny sending the message (non-repudiation).
Subject-Related Example: Jab aap University se apni Digital Marksheet download karte hain, toh uspar niche ek digital sign hota hai. Ye is baat ka saboot hai ki ye marksheet University ne hi di hai aur marks ke saath koi ched-chad nahi hui hai.
Hindi Definition: Authentication wo process hai jisse ye pakka kiya jata hai ki jo banda system access karne ki koshish kar raha hai, wo wahi hai jo wo claim kar raha hai. Seedhe shabdon mein—"Pehchaan ki pushti karna."
English Definition: Authentication is the process of verifying the identity of a user, device, or system. It ensures that the person accessing the resources is authorized to do so.
Subject-Related Example: Jab aap BCA Student Portal par login karte hain, toh aap apna Enrollment Number aur Password daalte hain. System check karta hai ki kya ye password sahi hai. Is process ko hi "Authentication" kehte hain.
Authentication application ka matlab hota hai wo software-based techniques aur protocols jo network me ye confirm karte hain ki:
user real hai ya fake
system ya server se connect hone wala entity authorized hai ya nahi
Network me authentication bahut important hoti hai kyunki:
internet open network hai
data public channel se travel karta hai
koi bhi attacker kisi aur ki identity ka misuse kar sakta hai
Isliye authentication applications ka use karke identity ko verify kiya jata hai.
Subject Example:
Jab aap college ERP portal me login karte ho, system pehle verify karta hai ki username-password correct hai ya nahi.
Authentication applications are software-based mechanisms used in networks to verify the identity of users, systems, or services.
They are necessary because:
the internet is an open network
data travels over public channels
attackers may impersonate legitimate users
Hindi Definition: Kerberos ek "Network Authentication Protocol" hai jise MIT ne banaya tha. Iska kaam ye pakka karna hai ki ek insecure network par jab koi user kisi server ko access kare, toh dono ek dusre ki pehchaan (identity) ko bina kisi shak ke confirm kar sakein. Ye "Tickets" ke concept par kaam karta hai.
English Definition: Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. It uses a trusted third party, known as the Key Distribution Center (KDC), to issue "tickets" that prove a user's identity.
Iske 3 Main Components hote hain (Exam mein zaroor likhna):
AS (Authentication Server): Ye user ko login ke waqt verify karta hai.
TGS (Ticket Granting Server): Ye user ko kisi specific service (jaise file access) ke liye ticket deta hai.
Database: Jahan sabke passwords aur keys store hoti hain.
Subject-Related Example: Maan lijiye aap college ki Central Library mein entry chahte hain.
Pehle aap gate par ID card dikhate hain (AS).
Wo aapko ek "Pass" deta hai.
Us pass ko lekar aap Library Counter par jaate hain (TGS).
Counter wala aapko ek specific "Book Section" ki chabi (Ticket) deta hai. Isse aapko baar-baar ID card nahi dikhana padta.
Hindi Definition: X.509 ek standard format hai "Digital Certificates" ke liye. Ye batata hai ki ek digital certificate mein kya-kya jankari honi chahiye (jaise user ka naam, uski public key, aur kisne ye certificate issue kiya hai).
English Definition: X.509 is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). It specifies the standard format for public key certificates.
X.509 Certificate mein kya hota hai?
Version number
Serial Number
Signature Algorithm
Issuer Name (Kisne banaya)
Validity Period (Kab tak chalega)
Subject’s Public Key (Sabse important)
Subject-Related Example: Jab aap kisi website (jaise https://google.com) par jaate hain aur lock icon par click karte hain, toh wahan jo certificate dikhta hai, wo X.509 standard par bana hota hai. Ye is baat ka saboot hai ki aap asli website par hain.
Hindi Definition: Ye ek aisi service hai jo ek bade network (jaise poori University ka network) mein sabhi users aur resources ki jankari ek jagah (Directory) mein rakhti hai aur unhe authenticate karti hai.
English Definition: Directory Authentication Service provides a centralized way to manage and authenticate users and resources across a distributed network environment.
Subject-Related Example: Maan lijiye aapki University ke 10 alag-alag departments hain (BCA, BBA, B.Tech). Directory Service ki wajah se aap ek hi ID-Password se Lab, Library, aur Examination Portal sab kuch login kar paate hain.
ab hum Email Security ke do sabse popular protocols par aate hain. Inka kaam ye hai ki jab aap kisi ko email bhejein, toh raste mein koi use padh na sake aur na hi badal sake.
Hindi Definition: PGP ek aisa software ya protocol hai jo emails ko secure karne ke liye use hota hai. Ye "Hybrid" approach use karta hai, yaani ye Public Key Cryptography (Confidentiality ke liye) aur Digital Signatures (Authentication ke liye) dono ko milakar ek majboot suraksha deta hai. Ise Phil Zimmermann ne banaya tha.
English Definition: Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. It is used for signing, encrypting, and decrypting texts, emails, and files to increase the security of email communications.
Exam mein ye 4 points zaroor likhna:
Authentication: Sender apna digital signature lagata hai taaki receiver ko pata chale ki email asli hai.
Confidentiality: Message ko encrypt kiya jata hai taaki koi aur na padh sake.
Compression: PGP message ko bhejne se pehle "compress" (chota) kar deta hai taaki data kam kharch ho aur speed badhe.
E-mail Compatibility: Ye bade encrypted data ko aise format (Radix-64) mein badalta hai jo sabhi email servers support karte hain.
Maan lijiye aapke HOD (Head of Department) ko sabhi teachers ko ek "Secret Meeting" ka agenda bhejna hai:
PGP Use: HOD ne email likha aur PGP tool ka use kiya.
Process: PGP ne us email ko pehle chota kiya (Compression), phir uspar HOD ke sign lagaye (Authentication), aur phir use ek code mein badal diya (Encryption).
Result: Ab agar wo email kisi student ke hath lag bhi jaye, toh wo use padh nahi payega. Sirf teachers (jinke paas key hai) hi use khol payenge
Hindi Definition: S/MIME ek aisa security protocol hai jo emails ko secure banane ke liye use hota hai. Jahan PGP ek alag software ki tarah kaam karta hai, S/MIME zyadaatar email clients (jaise MS Outlook) ke andar pehle se hi fit hota hai. Ye emails mein sirf text hi nahi, balki photos, videos aur attachments ko bhi encrypt aur sign karne ki suvidha deta hai.
English Definition: S/MIME is a widely accepted method (standard) for sending digitally signed and encrypted messages. It allows you to encrypt emails and digitally sign them to ensure that the content is not tampered with and the sender's identity is verified.
Digital Signatures: Ye pakka karta hai ki email asli sender ne hi bheja hai (Authentication).
Encryption: Ye poore email aur uske attachments ko ek secret code mein badal deta hai (Confidentiality).
Standard Format: Ye X.509 certificates ka use karta hai (jo humne pehle padha tha), isliye ye badi companies aur government organizations mein zyada use hota hai.
Compatibility: Ye har tarah ke data (Images, PDF, Audio) ko secure kar sakta hai.
Maan lijiye University ka Registrar sabhi colleges ko "Final Exam Question Papers" ki PDF bhej raha hai:
S/MIME Use: Registrar ne email ke saath PDF attach ki aur S/MIME "Sign and Encrypt" option select kiya.
Process: Registrar ke X.509 certificate se email sign ho gaya. Ab ye PDF raste mein koi hacker na toh khol sakta hai aur na hi badal sakta hai.
Result: Jab ye email College Principal ko milega, unka email software dikha dega ki "This email is Verified by University," aur wo use apni private key se khol lenge.
Hindi Definition: IPsec (Internet Protocol Security) protocols ka ek group hai jo internet par bheje jane wale data packets ko secure karta hai. Ye OSI model ki Layer 3 (Network Layer) par kaam karta hai. Iska kaam ye hai ki do computers ke beech jitna bhi data exchange ho raha hai, wo encrypted ho aur raste mein koi use badal na sake.
English Definition: IP Security (IPsec) is a framework of open standards for ensuring private, secure communications over Internet Protocol (IP) networks through the use of cryptographic security services. It operates at the Network Layer (Layer 3) to protect and authenticate IP packets.
Subject-Related Example: Maan lijiye aap apne ghar se College ka Internal Server (VPN ke through) access kar rahe hain. IPsec raste mein ek "Suraksha Kavach" (Secure Tunnel) bana deta hai. Is tunnel ke andar aapka data (Chahe wo PDF ho ya Login ID) ekdum safe rehta hai, chahe aapka internet provider (Jio/Airtel) use dekhne ki koshish hi kyun na kare.
OR
Hindi Definition: Jab hum internet par koi data bhejte hain, toh wo chhote-chhote tukdon mein jata hai jise "IP Packets" kehte hain. IPsec ka kaam un packets ke upar ek Suraksha Kavach (Security Layer) chadhana hai. Ye "Network Layer" (Layer 3) par kaam karta hai, jiska matlab hai ki ye sirf ek app ko nahi, balki aapke computer se nikalne wale saare data ko ek saath secure kar deta hai.
English Definition: IPsec is a set of protocols used to protect data as it travels across a network. It provides security at the IP layer by authenticating the sender and encrypting the data. It ensures that the entire communication between two devices is private and secure.
Maan lijiye aapne apne College ki website kholi aur apna Roll Number aur Password dala.
Bina IPsec ke: Aapka data internet par khule mein ja raha hai. Koi bhi hacker beech mein baithkar use dekh sakta hai.
IPsec ke saath: Jaise hi data aapke computer se nikla, IPsec ne use ek "Safe Tunnel" (Ek band rasta) ke andar daal diya. Ab raste mein koi bhi ho, wo tunnel ke andar kya ja raha hai, ye nahi dekh payega.
IPsec ke paas do tareeke hain security dene ke:
AH (Authentication Header): Ye sirf (Stamp) lagata hai ki data asli hai aur raste mein kisi ne badla nahi hai. (Lekin data dikhta rehta hai). OR ye sirf ye check karta hai ki data "Asli" hai aur "Badla nahi gaya" (Integrity & Authentication). Ye data ko encrypt (chhupata) nahi hai.
ESP (Encapsulating Security Payload): Ye data ko "Lock" (Encrypt) kar deta hai taaki koi use padh na sake. OR Ye data ko chhupata bhi hai (Encryption) aur verify bhi karta hai (Authentication). Ye Authentication Header se zyada powerful hai.
Hindi Definition: AH ka main kaam sirf ye check karna hai ki data "Asli" hai aur raste mein kisi ne usme koi badlav (change) nahi kiya hai. Ye packet par ek "Digital (Stamp)'' laga deta hai. Isse Receiver ko do cheezein pakki ho jati hain:
Data sahi sender ne bheja hai (Authentication).
Raste mein kisi ne data ke saath ched-chad nahi ki hai (Integrity). Lekin Yaad Rakhna: AH data ko "Encrypt" (Lock) nahi karta. Yaani data raste mein sabko dikhta rehta hai, bas koi use badal nahi sakta.
English Definition: The Authentication Header (AH) is a protocol within the IPsec suite that provides data integrity and origin authentication for IP packets. It ensures that the data has not been modified in transit, but it does not provide confidentiality (encryption).
Subject-Related Example: Maan lijiye aapne University ko ek "Examination Form" online submit kiya.
Agar aap AH use kar rahe hain, toh raste mein koi bhi hacker ye dekh sakta hai ki aapka naam kya hai aur aapne kaunse subjects bhare hain.
Lekin, wo aapka Roll Number ya Subject badal nahi sakta. Kyunki agar usne ek word bhi change kiya, toh AH ka "Digital Thappa" fail ho jayega aur University ko pata chal jayega ki data ke saath ched-chad hui hai.
Integrity: Data badalna namumkin hai.
Authentication: Sender ki pehchaan pakki hai.
No Confidentiality: Data chhupa hua nahi hai (Visible to all).
Hindi Definition: ESP ka kaam data ko puri tarah se "Chhupana" (Encryption) hai. Ye data packet ko ek secret code mein badal deta hai taaki agar koi hacker use pakad bhi le, toh use kuch samajh na aaye. Ye AH wale dono kaam (Authentication aur Integrity) toh karta hi hai, saath mein Confidentiality (data ko secret rakhna) bhi deta hai.
English Definition: Encapsulating Security Payload (ESP) is a protocol in the IPsec suite that provides confidentiality, in addition to origin authentication and integrity. It encrypts the IP payload so that the actual data remains hidden from unauthorized users during transmission.
Subject-Related Example: Maan lijiye aap University ke Online Portal par apni "Examination Fee" pay kar rahe hain aur apne Debit Card ki details daal rahe hain.
Yahan ESP ka hona bahut zaruri hai.
ESP aapke card number aur CVV ko "Encrypt" (Lock) kar dega.
Raste mein baitha hacker sirf "Gibberish" (kachra code) dekhega, use aapka asli card number kabhi nahi dikhega. Ye AH nahi kar sakta tha, lekin ESP ye kar leta hai.
AH: Sirf check karta hai ki data asli hai (No Privacy).
ESP: Check bhi karta hai aur data ko lock bhi kar deta hai (Full Privacy).
Hindi Definition: Security Association (SA) ek tarah ka "Agreement" (samjhauta) hai do computers ke beech mein. Data bhejne se pehle dono side ye tay karti hain ki "Hum kaunsa algorithm use karenge?" aur "Kaunsi secret key use karenge?".
Combining SAs ka matlab hai jab hum ek hi data packet par ek se zyada security layers lagate hain (jaise pehle ESP se lock kiya, fir AH se thappa lagaya). Ise "SA Bundle" bhi kehte hain.
English Definition: A Security Association (SA) is a one-way logical connection that defines a set of security parameters (keys, algorithms) shared between two devices. Combining SAs (or SA Bundling) is the process of applying multiple security protocols (like AH and ESP together) to the same traffic to provide multiple layers of security.
Maan lijiye aapko apna Final Project online submit karna hai:
Ek SA (Sirf ESP): Aapne project file ko password se lock kar diya. (Confidentiality mil gayi).
Combine SAs (ESP + AH): Aapne file ko lock kiya (ESP), aur phir uske upar apne digital sign ka "Thappa" bhi laga diya (AH).
Ab agar koi hacker ise dekhta hai:
Pehle use aapka "Thappa" (Signature) dikhega jo ye batayega ki file asli hai.
Phir use password (Encryption) todna padega file dekhne ke liye. Ise hi kehte hain SAs ko combine karna taaki security double ho jaye.
Ek SA ko pehchane ke liye 3 cheezein chahiye hoti hain:
SPI (Security Parameter Index): Ek unique number jo batata hai kaunsa SA use ho raha hai.
IP Destination Address: Data kahan ja raha hai.
Security Protocol Identifier: Ye batata hai ki AH use ho raha hai ya ESP.
Abhi tak humne padha ki data ko lock (Encrypt) kaise karte hain, par wo "Chabi" (Key) aakhir aati kahan se hai aur dono computers ke paas safe kaise pahunchti hai? Wahi hai Key Management.
Hindi Definition: IPsec mein data ko secure karne ke liye "Secret Keys" ki zaroorat hoti hai. Key Management wo process hai jo ye tay karti hai ki ye keys kaise banengi, kaise ek computer se dusre tak jayengi, aur kab unhe badalna (Update) hai. Iska sabse main protocol hai IKE (Internet Key Exchange).
English Definition: Key Management is the process in IPsec that handles the generation, distribution, and management of cryptographic keys. It ensures that the keys are shared securely between communication parties using protocols like IKE (Internet Key Exchange).
Example :- Maan lijiye University ko aapke college ke Principal ko ek "Secret Password" bhejna hai jisse Exam Paper khulega.
Key Management wo system hai jo ye pakka karta hai ki wo password raste mein kisi student (hacker) ke hath na lage aur sirf Principal tak safe pahunche.
Iske liye wo password ko ek special "Secure Courier" (Protocol like IKE) ke zariye bhejte hain, aur ek baar paper khulne ke baad us password ko turant badal (Update) dete hain.
Hindi Definition: Internet ek khuli jagah hai jahan koi bhi kisi ka data chura sakta hai. Isliye, web security humein 4 main cheezein (requirements) deti hai:
Integrity: Koi website ka content na badal sake.
Confidentiality: Aapka data (jaise Password/Credit Card) koi padh na sake.
Authentication: Ye pakka karna ki aap asli website (jaise asli SBI bank) par hain, kisi nakli (fake) par nahi.
Availability: Website hamesha chalti rahe aur koi hacker use crash na kare (DoS attack se bachana).
English Definition: Web security requirements are the essential security goals needed to protect web-based applications and data. This includes ensuring that communication between the browser and server is private, the data remains unchanged, and both parties are who they claim to be.
Subject-Related Example (BCA Result Portal): Maan lijiye aap University ki website par apna result dekh rahe hain:
Confidentiality: Sirf aap apna result dekh sakein, koi aur nahi.
Integrity: Koi hacker aapke 40 marks ko badal kar 80 (ya 0) na kar sake.
Authentication: Aapko yakeen ho ki ye University ki hi website hai, kisi hacker ne result ke liye fake page nahi banaya hai.
Hindi Definition: SSL ek aisi technology hai jo ek Web Browser (jaise Chrome) aur ek Web Server ke beech mein ek "Encrypted Link" banati hai. Iska kaam ye hai ki browser aur server ke beech jitni bhi baatein ho rahi hain, wo ek secret code mein rahein. Jab aap kisi website ke URL mein https:// dekhte ho, toh samajh jao ki wahan SSL kaam kar raha hai.
Note: SSL purana naam hai, ab iska naya version TLS use hota hai, par log aaj bhi ise SSL hi bolte hain.
English Definition: SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser. It ensures that all data passed between them remains private and integral.
SSL akela nahi hai, iske andar 3 chote protocols kaam karte hain:
Handshake Protocol: Ye sabse pehle kaam karta hai. Ye browser aur server ke beech "Hello-Hi" karwata hai aur tay karta hai ki kaunsi key use hogi.
Record Protocol: Ye asli data ko chhupane (encrypt) aur bhejne ka kaam karta hai.
Alert Protocol: Agar beech mein koi galti ho jaye ya security khatre mein ho, toh ye "Warning" bhejta hai.
Maan lijiye aap apne college ka Examination Form bhar rahe hain aur apni Fees pay kar rahe hain:
Bina SSL ke: Aapka card number aur password internet par "khule aam" ghoom raha hai.
SSL ke saath: Jaise hi aapne https wali site kholi, SSL ne ek Safe Pipe bana di. Ab aapka payment data us pipe ke andar lock hokar ja raha hai. Agar koi hacker beech mein baith kar data dekhne ki koshish karega, toh use sirf #@&*!% jaise ajeeb symbols dikhenge.
Confidentiality: Data koi padh nahi sakta.
Integrity: Data koi badal nahi sakta.
Authentication: Ye pakka karta hai ki aap asli bank ya college ki site par hi hain.
Hindi Definition: TLS, SSL ka hi naya aur zyada secure roop hai. Aaj kal hum jitni bhi websites par https dekhte hain, wo asal mein TLS hi use kar rahi hoti hain, bas naam purana (SSL) hi chalta aa raha hai. Ise IETF ne banaya tha taaki SSL ki kamiyon ko door kiya ja sake.
English Definition: Transport Layer Security (TLS) is the successor to SSL. It is a cryptographic protocol designed to provide communications security over a computer network. TLS provides the same services as SSL—confidentiality, integrity, and authentication—but with stronger algorithms and more secure handshake processes.
Maan lijiye aap apne college ki Attendance App ya LMS (Learning Management System) login kar rahe hain:
TLS ka kaam: Jab aap apna ID-Password app mein dalte hain, toh TLS background mein ek "Handshake" karta hai.
Ye pehle verify karta hai ki aapki app sahi server se jud rahi hai.
Phir ye ek aisi encryption key banata hai jo har session ke liye alag hoti hai.
Iska matlab, agar kal koi hacker aapka purana data churane ki koshish karega, toh wo nahi kar payega kyunki nayi login ke liye TLS nayi chabi (key) banata hai.
Hindi Definition: SET ek aisa protocol hai jise MasterCard aur Visa ne milkar banaya tha taaki internet par Credit Card se hone wale len-den (transactions) ekdum safe ho sakein. Iska sabse bada fayda ye hai ki jab aap kisi shopkeeper (merchant) ko card se payment karte ho, toh use aapka Card Number nahi dikhta. Sirf Bank ko hi card details milti hain.
English Definition: Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet. It was developed by Visa and MasterCard. It uses digital certificates and cryptography to protect credit card transactions and ensures that the merchant never sees the customer's actual credit card number.
Cardholder: Aap (Customer) jo shopping kar raha hai.
Merchant: Wo website ya dukan jahan se aap saman kharid rahe ho (Jaise Amazon ya Flipkart).
Issuer/Bank: Wo bank jisne aapko card diya hai aur jo paise transfer karega.
Maan lijiye aap apne College Bookstore se online ek laptop kharid rahe hain:
Bina SET ke (Normal SSL): Aapne card details dali, bookstore ke owner ko aapka card number aur CVV dikh sakta hai. Agar bookstore ka server hack hua, toh aapka card hack ho jayega.
SET ke saath: Aap payment karte hain, par bookstore (Merchant) ke paas sirf ek "Confirmation Message" jata hai ki paise mil gaye hain. Aapka card number direct Bank ke paas jata hai ek encrypted "Digital Envelope" mein.
Result: Bookstore wale ko kabhi pata hi nahi chala ki aapka card number kya tha. Ise "Dual Signature" technique kehte hain.
SSL: Sirf raste ko secure karta hai (Browser se Server tak). Isme merchant ko card details dikh sakti hain.
SET: Ye poore "Payment Process" ko secure karta hai aur merchant se card details chhupata hai.
Ye unit Network Management ke baare mein hai. Iska matlab ye hai ki jab ek bahut bada network hota hai (jaise poore college ka network), toh use ek jagah se manage aur monitor kaise kiya jata hai
Iska main hero hai SNMP (Simple Network Management Protocol). Chaliye, iske pehle part ko samajhte hain.
Hindi Definition: SNMP ek aisa protocol hai jiska use network devices (jaise routers, switches, servers, printers) ko manage aur monitor karne ke liye kiya jata hai. Iska architecture do main cheezon par tikka hai:
Manager (NMS): Ek central computer ya software jo sab par nazar rakhta hai.
Agent: Har wo device (Router/Printer) jiske andar ek chota sa software hota hai jo Manager ko report bhejta hai.
English Definition: SNMP (Simple Network Management Protocol) is an application-layer protocol used for managing and monitoring network devices on an IP network. Its architecture consists of a Network Management Station (Manager) and managed devices (Agents) that communicate status information.
Hindi Definition: SNMP v1 pehla version tha. Isme communication 3 main tarikon se hota tha:
Get: Manager Agent se pucha hai—"Bhai, tumhari RAM kitni use ho rahi hai?"
Set: Manager Agent ko command deta hai—"Bhai, apna password badal lo."
Trap: Agent khud Manager ko batata hai—"Bhai, mujhme aag lag gayi hai (Error aa gaya)!" Security ki dikkat: v1 mein security ke naam par sirf ek "Community String" (ek simple password) hota tha jo plain text mein jata tha. Ise koi bhi hack kar sakta tha.
Hindi Definition: Kyunki v1 aur v2 unsafe the, isliye SNMP v3 laya gaya. Ye sabse advanced aur secure version hai. Isme 3 badi cheezein judi:
Authentication: Ye check karta hai ki message sahi jagah se aaya hai.
Privacy (Encryption): Ye messages ko encrypt kar deta hai taaki koi beech mein padh na sake.
Access Control: Ye tay karta hai ki kaunsa admin kaunsi device ko kitna control kar sakta hai.
English Definition: SNMPv3 is the latest version of SNMP that addresses the security deficiencies of previous versions. It provides strong security features, including message integrity, authentication, and encryption (privacy) to protect management traffic.
Maan lijiye aapke college mein 50 Wi-Fi Routers lage hain.
Manager: IT Admin ke cabin mein rakha computer.
Agent: Har ek Wi-Fi Router.
v1 Use: Admin ne pucha ki router 1 chal raha hai? Router ne kaha "Haan". Par raste mein kisi ne password chura liya.
v3 Use: Admin ne router 1 ko command di. Is baar command Lock (Encrypted) hokar gayi. Agar koi student beech mein baith kar router band karne ki koshish karega, toh v3 use rok dega kyunki uske paas sahi "Secret Key" nahi hogi.
Hindi Definition: Intruder ka matlab hota hai wo insaan ya program jo aapke computer ya network mein bina ijazat (permission) ke ghus jata hai. Inka maqsad data churana, system kharab karna ya sirf maze ke liye security todna ho sakta hai. Inhe aam bhasha mein hum "Hackers" bhi kehte hain.
English Definition: An intruder is an individual or a software program that attempts to gain unauthorized access to a system or network to compromise its confidentiality, integrity, or availability. In network security, they are often categorized based on their level of access and intent.
Masquerader (Outsider): Ye wo banda hai jo aapke system ka hissa nahi hai. Ye kisi asli user ka ID-Password chura kar aise behave karta hai jaise wahi asli user ho.
Misfeasor (Insider): Ye sabse khatarnak hota hai kyunki ye aapke college ya company ka hi banda hota hai. Iske paas access toh hota hai, par ye uska galat fayda uthata hai (Jaise koi Lab Assistant kisi student ke marks badal de).
Clandestine User: Ye wo professional hacker hai jo system ka "Root" ya "Admin" control ko access kar leta hai taaki wo jo bhi chori kare, uska koi saboot (logs) na bache.
Masquerader: Kisi outsider ne aapke dost ka password guess kiya aur uski profile se fake assignment submit kar diya.
Misfeasor: College ke hi kisi staff ne, jiske paas database ka access tha, apne kisi rishtedaar ki attendance badha di.
Clandestine User: Ek hacker ne University ke main server ko hack kiya aur Admin bankar poore saal ka backup delete kar diya aur apna koi nishaan nahi chhoda.
Hindi Definition: Ye wo "Cyber-Dushman" hain jo aapke computer ya network ko nuksan pahunchane ke liye banaye jate hain. Inhe hum Malware bhi kehte hain. Inka kaam data churaana, system ko slow karna, ya files ko delete karna hota hai. Har dushman (threat) ke kaam karne aur phailne ka tarika alag hota hai.
English Definition: Viruses and related threats, also known as malware, are malicious software designed to disrupt, damage, or gain unauthorized access to a computer system. They include different types like Viruses, Worms, Trojans, and Logic Bombs, each with unique methods of infection and execution.
Virus: Ye ek aisa code hai jo kisi dusri file (jaise PDF ya Software) ke saath chipak jata hai. Ye tabhi phailta hai jab koi insaan us file ko Open/Execute karta hai.
Worm: Ye virus se alag hai kyunki ise kisi file ya insaan ki zaroorat nahi hoti. Ye network ka use karke apne aap (Self-replicating) ek computer se dusre mein phailta jata hai.
+1
Trojan Horse: Ye ek "Dhokebaaz" software hai jo dikhne mein toh kaam ka lagta hai, par andar se hacker ke liye aapke system ka pichla darwaza (Backdoor) khol deta hai.
Logic Bomb: Ye ek aisa code hai jo system mein chhupa rehta hai aur tab tak kuch nahi karta jab tak koi khaas condition (jaise koi date ya event) poori na ho jaye.
Aapne apne dost se pen-drive mein "Practical Files" li. Us pen-drive mein ek virus tha jo ek file ke saath chipka hua tha. Aapne pen-drive lagayi, par jab tak aapne us file ko Double-Click karke open nahi kiya, tab tak aapka computer ekdum sahi tha. Jaise hi click kiya, virus "active" ho gaya aur aapki files kharab hone lagi.
Key Point: Isme aapka "Click" karna zaroori tha.
College ki Lab mein ek computer "Worm" se infect ho gaya. Ab ye Worm itna hoshiyaar hai ki ise kisi click ki zaroorat nahi. Ye College ke Wi-Fi Network ka rasta pakad kar khud-ba-khud (apne aap) Lab ke baaki saare 50 computers mein ghus gaya aur poora internet "Jam" kar diya.
Key Point: Ye "Apne Aap" network par phail gaya.
Aapne internet se ek software download kiya jiska naam tha "GTA 6 - Mobile Version". Aapko laga ye toh badhiya game hai, par jaise hi aapne game khela, piche se usne aapke phone ke saare Bank OTP aur Passwords hacker ko bhej diye. Dikhne mein game tha, par kaam chori ka tha.
Key Point: Ye "Dhokebaaz" tha, dikha kuch aur, nikla kuch aur.
Ek student ne college ke server mein ek chota sa code daal diya. Wo code chup-chap baitha raha aur system ko koi nuksan nahi pahunchaya. Par student ne usme ek condition laga di thi ki "Jab 1st April (April Fool's Day) aaye, tab saara data delete kar dena." Theek us tarikh ko system crash ho gaya.
Key Point: Ye ek "Khaas Condition ya Date" par hi fata.
Hindi Definition: Firewall ek "Chaukidaar" (Security Guard) ki tarah hai jo aapke private network (jaise college ka internal network) aur bahar ki duniya (Internet) ke beech khada rehta hai. Iska kaam ye tay karna hai ki kaunsa data andar aayega aur kaunsa bahar jayega. Firewall ko design karte waqt 3 main rules (Principles) ka dhyan rakha jata hai taaki wo majboot rahe.
English Definition: A Firewall is a security system that acts as a barrier between a trusted internal network and an untrusted external network (Internet). The design principles ensure that all traffic is filtered, only authorized data passes through, and the firewall itself remains secure from attacks.
All traffic must pass through the firewall: Matlab, network ke andar aane ya bahar jaane ka sirf ek hi rasta hona chahiye jo firewall se hokar guzre. Koi bhi "chor rasta" nahi hona chahiye.
Only authorized traffic is allowed: Firewall ke paas ek "Security Policy" (list) hoti hai. Wo sirf unhi packets ko andar aane deta hai jinhe permission mili ho, baaki sabko wo block kar deta hai.
The firewall itself is immune to penetration: Iska matlab hai ki firewall itna majboot hona chahiye ki koi hacker firewall ko hi hack karke band na kar sake.
Maan lijiye aapka College Campus ek safe network hai aur Bahar ki Sadak internet hai:
Principle 1 (Single Entry): College ki boundary itni unchi hai ki koi kood kar nahi aa sakta. Sirf ek Main Gate hai jahan Guard (Firewall) baitha hai.
Princibe 2 (Checklist): Guard ke paas ek list hai. Agar aapke paas College ID Card hai (Authorized Traffic), toh hi aap andar ja sakte ho. Bina ID wale ko guard bahar se hi bhaga deta hai.
Principle 3 (Strong Guard): Guard khud itna hoshiyaar aur majboot hai ki koi use rishwat dekar ya darakar gate nahi khulwa sakta.
Hindi Definition: Configuration Management wo process hai jisme network admin ye tay karta hai ki har device (computer, router, firewall) ki security settings kya hongi. Iska kaam ye pakka karna hai ki system mein koi "chor darwaza" (vulnerability) na rahe aur agar koi setting badli jaye, toh uska record rahe.
English Definition: Configuration Management is the process of maintaining a system's security settings and ensuring they remain consistent over time. It involves documenting, controlling, and tracking all changes made to the hardware and software settings to prevent security gaps.
Hindi Definition: Bade networks mein hazaaron computers hote hain, toh admin har ek computer par jaakar settings nahi badal sakta. Isliye wo Case Tools (Software) ka use karta hai. Ye tools ek hi jagah se saare computers ki security update, firewall rules, aur antivirus settings ko manage kar dete hain.
English Definition: Case Tools (in this context) are software platforms used to automate and manage security configurations. They allow administrators to deploy security policies, monitor systems for unauthorized changes, and ensure compliance across the entire network from a single console.
Maan lijiye aapke college mein 200 computers hain aur admin ko ek naya rule lagana hai ki: "Koi bhi student Pen-drive use nahi kar sakta."
Bina Configuration Management ke: Admin ko har ek computer (1 se 200 tak) par jaakar manual settings karni padegi, jisme hafte lag jayenge.
Configuration Management & Case Tools ke saath: Admin apne cabin mein baithega, ek software (Case Tool) kholega, aur ek hi click mein saare 200 computers ke USB Ports block kar dega.
Fayda: Agar koi student kisi computer ki setting chori-chupe badal bhi de, toh ye tool turant admin ko batayega aur setting ko wapas "Block" kar dega.
Automation: Ek saath bahut saari devices manage ho jati hain.
History: Pata chalta hai ki kisne aur kab security settings badli thi.
Speed: Security updates turant apply ho jate hain.