"/home/yossef/notes/Su/security/study_security_l8.md"

path: Su/security/study_security_l8.md

- **fileName**: study_security_l8
- **Created on**: 2025-06-02 21:30:30

Network & Email Security Explained Simply

1. Intrusion Detection vs Prevention (IDS vs IPS)

• IDS (Detects): Like a security camera that alerts you when
  something suspicious happens
  • Example: Snort software analyzes network traffic patterns
• IPS (Prevents): Like a security guard that can stop attacks in real-time
  • Example: Automatically blocks a port scan attempt

Key Difference: IDS just warns, IPS actively blocks

2. Secure Shell (SSH) - Secure Remote Access

How it works:

1. You connect to server (e.g., ssh user@server.com)
2. Server proves its identity with a digital certificate
3. Your computer and server agree on a secret session key
4. All communication gets encrypted

Why use it?

• Safe alternative to insecure protocols like Telnet
• Encrypts passwords and commands

3. Port Scanning - Network Reconnaissance

What it does:

• Checks which "doors" (ports) are open on a computer
• Example command: nmap -sS 192.168.1.1

Why used:

• Good: Admins use it to check security
• Bad: Hackers use it to find weak points

4. IPsec - Secure Internet Communication

Key Benefits:

• Encrypts data between networks (VPNs)
• Verifies sender identity
• Protects against data tampering

Two Modes:

Transport Mode	Tunnel Mode
Encrypts just the message content	Encrypts entire message + headers
Used between computers	Used between networks (gateways)

Services:

• AH (Authentication Header): Like a tamper-proof seal
• ESP (Encapsulating Security Payload): Like a locked safe

5. Email Security (PGP vs S/MIME)

PGP (Pretty Good Privacy):

• Personal email encryption
• Uses your personal keypair
• Example: Encrypting sensitive documents

S/MIME (Enterprise Standard):

• Built into email clients
• Uses certificates from trusted companies
• Example: Company-wide encrypted emails

How encryption works:

1. Alice writes email
2. System encrypts with Bob's public key
3. Only Bob's private key can decrypt it

Assignment Solutions

1. IDS vs IPS

• IDS = Alarm system (detects only)
• IPS = Security guard (detects and stops)

2. SSH Benefits

• Encrypts remote logins
• Prevents password theft
• Example: Safe server administration

3. Port Scanning Uses

• Finding open services (e.g., web servers)
• Security checks before attacks

4. IPsec Explained

• Benefits: Secure VPNs, encrypted traffic
• Services:
  • AH = Verifies sender
  • ESP = Encrypts data

5. Transport vs Tunnel Mode

• Transport: Computer-to-computer (faster)
• Tunnel: Network-to-network (more secure)
• Drawing: [Imagine a highway]
  • Transport = Cars in armored trucks
  • Tunnel = Entire highway in a secure tube

Key Concepts to Remember

1. Defense Layers: Use both IDS and IPS together
2. Encryption Matters: Always use SSH instead of Telnet
3. VPN Security: IPsec creates secure tunnels over the internet
4. Email Protection: PGP for personal, S/MIME for work

continue:./study_security_l9.md
before:./study_security_l7.md