1. What is network security and why is it important?
Ans:In simple terms, network security is securing the network. Network security protects your network and data from breaches, intrusions and other threats. It is the process of taking preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction or improper disclosure. Implementing these measures allows computers, users and programs to perform their permitted critical functions within a secure environment.
Unless it’s properly secured, any network is vulnerable to malicious use and accidental damage. Hackers, disgruntled employees, or poor security practices within the organization can leave private data exposed, including trade secrets and customers’ private details.
The majority of common attacks against networks are designed to gain access to information, by spying on the communications and data of users, rather than to damage the network itself. But attackers can do more than steal data. They may be able to damage users’ devices or manipulate systems to gain physical access to facilities. This leaves the organization’s property and members at risk of harm.
Competent network security procedures keep data secure and block vulnerable systems from outside interference. This allows the network’s users to remain safe and focus on achieving the organization’s goals. More than that, it means that clients and partners can also interact with the organization confidently.
2. What is a network security tool?
Ans: Network security tools are designed to protect the network perimeter from viruses, worms, DDoS attacks and other threats. (A network perimeter is the secured boundary between the private and locally managed side of a network, often a company’s intranet, and the public facing side of a network, often the Internet).
Network security tools can be either software or hardware based and help security teams protect their organization’s networks, critical infrastructure, and sensitive data from attacks. There are a variety of tools that can be used depending on the specific function security teams are looking to accomplish. These include tools such as firewalls, intrusion detection systems and network-based antivirus programs.
More sophisticated tools like packet analyzers and network mappers are usually used to uncover vulnerabilities hackers look to exploit in attacks like DDoS and Spear Phishing campaigns.
3. What is the importance of network security?
Ans: The use of the Internet has increased drastically, as we are moving even our day-to-day activities towards complete digitalization. Due to the increase in the use of the Internet, hackers and attackers also become more active and our networking system tends to have a higher number of virus attacks.
Basically, the need for network security is to perform two tasks mainly, the first is to secure the information from any unauthorized access and the second is to provide the security to the data stored on PC or laptops not only for an individual network but also on the shared or public domain networks.
Network security is one of the most important aspects to consider when working over the internet. A stable and efficient network security system is essential to protecting client data. A good network security system helps business reduce the risk of falling victim of data theft and sabotage. Network security helps protect your workstations from harmful spyware. It also ensures that shared data is kept secure.
Network security ultimately protects the recognition of your organization. With hackers increasing and becoming smarter day by day, the need to utilize network security tools becomes more and more important.
4. What are the essential components of network security?
Ans: Network security is essential in protecting networks against data breaches given that virtually all data and applications are connected to a network. Having your network hacked can ruin your organization’s reputation and put you out of business. A good network security system helps businesses mitigate the risk of falling victim of data theft and sabotage.
Firewalls, IPS, network access control (NAC), and security information and event management (SIEM) are the four most essential components of network security. Others include data loss prevention (DLP); antivirus and anti-malware software; application, web and email security; and more.
5. What is network security with example?
Ans: Network security is protection of the access to files and directories in a computer network against hacking, misuse and unauthorized changes to the system. An example of network security is an anti virus system.
6. What are the basic concepts of network security?
Ans: Network security is a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of computer networks and data using both software and hardware technologies.
Network security entails protecting the usability, reliability, integrity, and safety of network and data. Effective network security defeats a variety of threats from entering or spreading on a network. The primary goals of network security are Confidentiality, Integrity, and Availability (CIA).
7. What is a network security plan?
Ans: A network security plan is a strategy that defines the approach and techniques used to protect the network from unauthorized users and guards against events that can jeopardize or compromise a system’s security.
The approach and techniques used by an organization may consist of creating security policies and procedures which describe how an organization intends to meet the security requirements for its systems. The governance and maintenance of the network security plan varies from one organization to the next.
8. Why network security plan is is important?
Ans: Due to the growing threat of hackers continuously probing the Internet for networks to exploit, a Network Security Plan is important to protect the infrastructure from unauthorized access, misuse, destruction, or loss of corporate reputation.
9. What are the three main principles of network security?
Ans: Security on a network is defined by the C-I-A principles (confidentiality, integrity, and availability). It is possible that one of these principles is more important than the other, depending on the application and context.
10. Explain the basic working of network security?
Ans: A network security measures and procedures, hardware and software solutions, and set of rules and standards for network access and security. The phrase describes all the approaches to safeguarding a network and its data from intrusions and other dangers.
Network security involves blocking access to computer programs and networks, identifying and eliminating viruses, protecting data through encryption, and monitoring traffic.
An effective network security plan safeguards client data, keeps shared information secure, and ensures reliable network access and performance. It reduces overhead expenses and safeguards organizations from costly data breaches or other security incidents. Companies must protect themselves from cyber threats by ensuring legitimate access to systems, applications, and data.
11. What is Intrusion Prevention System in network security?
Ans: An Intrusion Prevention System (IPS) is a network security tool (which can be a hardware device or software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur.
It is more advanced than an intrusion detection system (IDS), which simply detects malicious activity but cannot take action against it beyond alerting an administrator. Intrusion prevention systems are sometimes included as part of a next-generation firewall (NGFW) or unified threat management (UTM) solution. Like many network security technologies, they must be powerful enough to scan a high volume of traffic without slowing down network performance.
12. What is network encryption?
Ans: Network encryption is the process of encrypting or encoding data and messages transmitted or communicated over a computer network.
It is a broad process that includes various tools, techniques and standards to ensure that the messages are unreadable when in transit between two or more network nodes
Network encryption implements one or more encryption algorithms, processes and standards to encrypt the data/message/packet sent over the network. The encryption services are generally provided by encryption software or through an integrated encryption algorithm on network devices and/or in software.
13. What is Firewall in computer network?
Ans: A firewall is a network security device, either hardware or software-based, that can help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your computer.
Not only does a firewall block unwanted traffic, it can also help block malicious software from infecting your computer. A firewall acts as a gatekeeper.Firewalls can provide different levels of protection. A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the Internet.
Firewall monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.
Accept: allow the traffic
Reject: block the traffic but reply with an “unreachable error”
Drop: block the traffic with no reply
14. What are the benefits of a firewall?
Ans:
Firewall Benefits: One of the most obvious benefits of a firewall is the ability to control the entry point of the system and prevent virus attacks. Firewalls serve as a first line of defense to external threats, malware, and hackers trying to gain access to your data and systems.
Firewalls provide protection against outside cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. Firewalls can be configured to block data from certain locations (i.e., computer network addresses), applications, or ports while allowing relevant and necessary data through.
1. Monitors Network Traffic
A firewall monitors all of the traffic entering your computer network. Data coming in and out of your systems creates opportunities for threats to compromise your operations. By monitoring and analyzing network traffic, firewalls leverage pre established rules and filters to keep your systems protected. With a well-trained IT team, you can manage your levels of protection based on what you see coming in and out through your firewall.
2. Stops Virus Attacks
Nothing can shut your digital operations down faster and harder than a virus attack. With hundreds of thousands of new threats developed every single day, it is vital that you put the defenses in place to keep your systems healthy. One of the most visible benefits of firewalls is the ability to control your system’s entry points and stop virus attacks. The cost of damage from a virus attack on your systems could be immeasurably high, depending on the type of virus.
3. Prevents Hacking
Having a firewall keeps hackers out of your network. With the rise of data theft and criminals holding systems hostage, firewalls have become even more important, as they prevent hackers from gaining unauthorized access to your data, emails, systems, and more. A firewall can stop a hacker completely or deter them to choose an easier target.
4. Stops Spyware
In a data-driven world, a much-needed benefit is stopping spyware from gaining access and getting into your systems. As systems become more complex and robust, the entry points criminals can use to gain access to your systems also increase. One of the most common ways unwanted people gain access is by employing spyware and malware—programs designed to infiltrate your systems, control your computers, and steal your data. Firewalls serve as an important blockade against these malicious programs.
5. Promotes Privacy
An overarching benefit is the promotion of privacy. By proactively working to keep your data and your customers’ data safe, you build an environment of privacy that your clients can trust. No one likes their data stolen, especially when it is clear that steps could have been taken to prevent the intrusion.
Additionally, upgraded data-protection systems can be a competitive advantage and a selling point to customers and clients. The benefit increases the more sensitive the data your company deals with.
15. What is a Proxy firewall?
Ans: A proxy firewall is the most secure form of firewall. It is a network security system that protects network resources by filtering packets at the application layer, rather than the network or transport layers. A proxy firewall, also known as an application firewall or a gateway firewall, limits the applications that a network can support, which increases security levels but can affect functionality and speed.
A proxy firewall acts as a gateway between internal users and the internet. It can be installed on an organization’s network or on a remote server that is accessible by the internal network. It provides security to the internal network by monitoring and blocking traffic that is transmitted to and from the internet.
In contrast, a traditional firewall acts as a gateway between two networks. By blocking unwanted external traffic, a traditional firewall protects the computers and networks behind it from unauthorized access and attacks.
16. What is a UTM?
Ans: UTM refers to a single security solution, and usually a single security appliance, that provides multiple security functions at a single point on the network.
Originally called Unified Threat Management (UTM), these capabilities better known as a Next-Generation Firewall (NGFW) today, provide multiple security features and services in a single device or service on the network. Using UTM, your network users are protected with a variety of security functions, including antivirus, content filtering, email and web blocking, and anti-spam, and more.
Bringing together all of an organization’s IT security services into one device may simplify the protection of the network. It is possible to monitor all dangers and security-related activity with a single pane of glass through your business. You get comprehensive, simplified access to all aspects of your security or wireless framework with this approach.
17. Explain Stateful Inspection?
Ans: The stateful inspection is also referred to as dynamic packet filtering. It is a firewall technology that monitors the state of active connections and uses the information to determine which network packets to allow through the firewall.
Stateful inspection is a network firewall technology used to filter data packets based on state and context. Check Point Software Technologies developed the technique in the early 1990s to address the limitations of stateless inspection. Stateful inspection has since emerged as an industry standard and is now one of the most common firewall technologies in use today.
18. What is a DDoS attack?
Ans: DDoS Attack means “Distributed Denial-of-Service (DDoS) Attack”. It is a cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites.
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.The DDoS attack will send multiple requests to the attacked web resource – with the aim of exceeding the website’s capacity to handle multiple requests… and prevent the website from functioning correctly.
19. What is Malware?
Ans: Malware is malicious software, including any software that acts against the interest of the user. Malware can affect not only the infected computer or device but potentially any other device the infected device can communicate with.
Malware is any type of software created to harm or exploit another piece of software or hardware. Short for “malicious software,” malware is a collective term used to describe viruses, ransomware, spyware, Trojans, and any other type of code or software built with malicious intent.
20. What is Ransomware?
Ans: Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. In many cases, the ransom demand comes with a deadline. If the victim doesn’t pay in time, the data is gone forever or the ransom increases.Users are shown instructions for how to pay a fee to get the decryption key.
Ransom malware, or ransomware prevents users from accessing their system or personal files and demands ransom payment in order to regain access. While some people might think “a virus locked my computer,” ransomware would typically be classified as a different form of malware than a virus. The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card, and attackers target individuals, businesses, and organizations of all kinds. Some ransomware authors sell the service to other cybercriminals, which is known as Ransomware-as-a-Service or RaaS.
21. What is Spyware?
Ans: Spyware is a type of malicious software that is installed on your computer or mobile device without your knowledge or permission. Spyware is actually one of the most common threats on the internet today. It can easily infiltrate your device and, because of its covert nature, it can be hard to detect.
Spyware is a type of malware that tries to keep itself hidden while it secretly records information and tracks your online activities on your computers or mobile devices. It can monitor and copy everything you enter, upload, download, and store. Some strains of spyware are also capable of activating cameras and microphones to watch and listen to you undetected.
By definition, spyware is designed to be invisible, which can be one of its most harmful attributes — the longer it goes undetected, the more damage it can cause. It’s like a virtual stalker that follows you through your device usage, collecting your personal data along the way.
Strictly speaking, there are some valid applications of spyware. For example, your employer might have a security policy that allows them to use software to monitor usage of employee computers and mobile devices. The aim of company spyware is generally either to protect proprietary information or to monitor employee productivity. Parental controls that limit device usage and block adult content are also a form of spyware.
22. What does spyware do?
Ans: Generally, spyware:
1. Infiltrates your device: This could happen when you visit a malicious website, unwittingly install a malicious app, or even open a file attachment.
2. Captures your data: Once the spyware is on your device, it begins to collect data, which could be anything from your web activity to screen captures or even your keystrokes.
3. Provides data to a third party: The captured data is then supplied to the spyware creator, where it is either used directly or sold to third parties.
The data collected through spyware may include things like:
- Web browsing history
- Keyboard strokes
- Email address
- Login credentials (usernames and passwords)
- Credit card details and account PINs
23. What is Adware?
Ans: Adware, a term derived from “advertising-supported software”is software that displays advertising on a computer screen or mobile device, redirects search results to advertising websites, and collects user data for marketing purposes.
Adware is a type of malware that displays unwanted advertisements on your computer or mobile device. Adware is commonly installed on computers and mobile devices without the user’s knowledge. When users try to install legitimate applications, adware is often activated. Some pop-up windows display advertisements without collecting data or infecting your computer, but some pop-up windows are designed to target you with customized adverts. It is possible for adware to direct you to malicious websites and infected pages via advert links, putting you at risk of computer viruses.
24. How Adware Works?
Ans: Adware, which works well with most web browsers, can track which internet sites a user visits and then present advertisements based on the types of webpages viewed. Adware, while sometimes intrusive and annoying, is usually not a threat to a computer system. It is hardly ever noticed by computer users, rarely making its presence known.
Generally speaking, adware generates revenue in two ways: the display of advertising to a user, and a pay-per-click payment made if a user clicks on the ad.
25. What is Phishing?
Ans: Phishing is a cyber crime that leverages deceptive emails, websites, and text messages to steal confidential personal and corporate information. It is a type of online fraud that involves tricking people into providing sensitive information, such as passwords or credit card numbers, by masquerading as a trustworthy source. Phishing can be done through email, social media or malicious websites.
Victims are tricked into giving up personal information such as their credit card data, phone number, mailing address, company information, etc. This information is then used by criminals to steal the victim’s identity and commit further crimes using this stolen identity.
Criminals who use phishing tactics are successful because they carefully hide behind emails and websites familiar to the intended victim. For example, the email address might be administrator@paypal.org.com instead of administrator@paypal.com and urge the recipient to update their account credentials to protect them from fraud.
26. How does phishing work?
Ans: Phishing works by sending messages that look like they are from a legitimate company or website. The message will usually contain a link that takes the user to a fake website that looks like the real thing. The user is then asked to enter personal information, such as their credit card number. This information is then used to steal the person’s identity or to make fraudulent charges on their credit card.
27. What is a VPN?
Ans: A VPN (virtual private network) is a service that creates a safe, encrypted online connection. Internet users may use a VPN to give themselves more privacy and anonymity online or circumvent geographic-based blocking and censorship. VPNs essentially extend a private network across a public network, which should allow a user to securely send and receive data across the internet.
Typically, a VPN is used over a less secure network, such as the public internet. Internet service providers (ISPs) normally have a rather large amount of insight into a customer’s activities. In addition, some unsecured Wi-Fi access points (APs) may be a convenient avenue for attackers to gain access to a user’s personal data. An internet user could use a VPN to avoid these encroachments on privacy.
VPNs can be used to hide a user’s browser history, Internet Protocol (IP) address and geographical location, web activity or devices being used. Anyone on the same network will not be able to see what a VPN user is doing. This makes VPNs a go-to tool for online privacy.
28. What is the use of a VPN? Or What are VPNs used for?
Ans: VPNs are used for virtual privacy by both normal internet users and organizations. Organizations can use VPNs to make sure outside users that access their data center are authorized and using encrypted channels. VPNs can also be used to connect to a database from the same organization located in a different area.
A VPN service can increase your online security, anonymity, and freedom, all without having to sacrifice any of them. It’s a straightforward and quick method of doing so. When using the internet, your device constantly sends data to other sites in order to exchange information. A VPN creates a secure tunnel between your device (e.g. mobile or laptop) and the web. Using a VPN, you may send data across a secure, encrypted connection to an external server: the VPN server. From there, your information will be delivered to its destination on the web. Securing your data and hiding your online identity are just a few of the advantages of rerouting your internet traffic through a VPN server.
29. What is traceroute?
Ans: Traceroute, also called tracepath or tracert, is a network tool used to determine the path packets take from one IP address to another.
On a Windows machine, tracert is the command; on Linux and Mac, it is traceroute. Traceroute and tracert both function similarly; they trace the route data takes from one location in a network to a specific IP server. Traceroute records the name and IP address of each intermediate device that a data packet must traverse in order to reach its destination. It then provides the round-trip time (RTT) and the device name. You can use traceroute to determine where a problem is occurring, but it alone can’t tell you if there is one. To help you determine if there is a problem, ping can be used. Imagine that you’re trying to visit a website and pages take a long time to load. If you use traceroute to determine where the longest delays are occurring, you can determine where the problem is.
A traceroute procedure allows you to find out precisely how a data transmission (like a Google search) traveled from your computer to another. Essentially, the traceroute compiles a list of the computers on the network that are involved with specific Internet activity.
The traceroute identifies each computer/server on that list and the amount of time it took the data to get from one computer to the next. If there was a hiccup or interruption in the transfer of data, the traceroute will show where along the chain the problem occurred. Performing a traceroute also has a very practical use: If someone is having difficulty accessing a particular website or computer, performing a traceroute can help find out where the problem is occurring along the network.
30. What is Port Scanning?
Ans: A port scan is a method for discovering which ports are open on a machine or network. To test whether someone is at home before knocking on the door, you could port scan the system or network. It reveals which ports are open and accepting information, as well as shows if firewalls are installed between the source and target. Fingerprinting is the term used to describe this technique. As a result, it can also be an ideal reconnaissance tool for attackers seeking to discover a network’s weakest point of entry. It is also used to test network security and the firewall’s strength. Port scanning is a standard technique employed by hackers to discover open doors or weak spots in a network. A port scan attack may help cyber criminals discover available ports and determine whether they are sending or receiving data. It may also reveal whether security systems like firewalls are being used by a company. When hackers contact a port, the response they receive determines whether the port is being used and whether potential vulnerabilities exist. A business may also scan ports using this technique and analyze the response for potential vulnerabilities. They may then employ tools like IP scanner, network scanner (Nmap), and Netcat to ensure the security of their network and systems.
31. What is port blocking within LAN?
Ans: An Internet Service Provider (ISP) blocks Internet traffic by using the port number and transfer protocol. Blocking certain types of ports within a local area network is known as port blocking. Blocking ports on plug-and-play devices such as USB flash drives, removable devices, CD/DVD/CD-ROM, floppy, and mobile devices like smartphones is among the reasons for port blocking.
Suppose your network has DHCP service enabled. When a user connects their laptop to your device, they can obtain your IP address from the DHCP and gain access to your network resources. This is why you should turn on port security if you can to prevent ports from conflicting with MAC addresses and allowing anonymous users to obtain an IP address.
32. What is a Botnet?
Ans: A botnet is a group of computers that has been taken over by a bot, or a robot-controlled computer network. Multi-layered computer schemes are often used to infiltrate and assemble a botnet. Massive data theft, server crashes, and malware distribution are just a few of the automated tasks that bots are capable of completing.
A botnet is a group of infected devices used to scam other users or cause disruptions without the victims’ consent. The “what is a botnet attack and how does it work?” query is appropriate here. To assist you in understanding how botnets are created and employed, we’ll demonstrate how they’re made.
33. What is secure remote access?
Ans: A secure remote access process or solution may include security procedures such as VPN, multifactor authentication, and endpoint protection, among others. It is designed to keep crooks away from an organisation’s digital assets and safeguard sensitive information. Remote access may be protected via VPN, multifactor authentication, or endpoint protection.
Today’s IT environment, which is facing a rapidly changing threat landscape and the growing number of remote workers as a result of the Covid pandemic, demands secure remote access. In order to succeed, users must be educated, strong cybersecurity policies must be implemented, and best security hygiene practices must be developed.
34. What Is a Network Attack?
Ans: A network attack is an attempt to gain unauthorized access to an organization’s network, with the objective of stealing data or perform other malicious activity. There are two main types of network attacks:
· Passive: Attackers gain access to a network and can monitor or steal sensitive information, but without making any change to the data, leaving it intact.
· Active: Attackers not only gain unauthorized access but also modify data, either deleting, encrypting or otherwise harming it.
35. How Does Network Security Work?
Ans: Network security integrates multiple layers of defenses in the network and at the network. Each network security layer implements policies and controls. Access to networks is gained by authorized users, whereas malicious actors are indeed blocked from executing threats and exploits.
36. Why Network Security?
Ans: Most organizations today greatly rely on computer networks to share information in an efficient and productive manner within the defined network. Organizational computer networks these days are very large, assuming that each staff member has a dedicated workstation. A large-scale company would have thousands of workstations and servers on the network.
It is likely that these workstations may not be centrally managed, or would they have proper protection parameters. Organizations may have a variety of operating systems, hardware, software, and protocols with different levels of cyber awareness among users.
Imagine these thousands of workstations on company networks are directly connected to the Internet. This sort of unsecured Network becomes a target for an attack that holds sensitive information and valuable data. Network Security helps to resolve such issues.
37. What makes network security so important?
Ans: Here’s why both businesses and households should consider the security of their networks seriously:
· To protect the computers in the network
Computers and other devices connected to unsecured networks are highly vulnerable to external threats such as malware, ransomware and spyware attacks. A single attack can bring down the entire computer system of an organization and compromise your personal information. By assuring the security of the network – typically with the assistance of a network security specialist – you can stay away from such expensive threats.
· To prevent identity theft
No matter whether you are an organization or an individual, your identity is valuable. If you log into an unsecured network, your identity can become visible to third-parties. To avoid such a situation, you should secure your network. Such an approach becomes mandatory if you are a business that deals with client information.
· To protect shared data
When it comes to a business, special precautions should be taken to protect shared data. And, network security is one of the best ways to do so. Network security can be applied with different restrictions on different computers depending on the types of files they handle.
· To stabilize the network connection
In an unrestricted, unprotected network, network activity can become too heavy. Intense traffic can lead to an unstable computer network. Eventually, the entire network will become vulnerable to various external attacks.
38. What is the difference between symmetric and asymmetric cryptography?
With asymmetric crypto, two different keys are used for encryption and decryption. Every user in an asymmetric cryptosystem has both a public key and a private key. The private key is kept secret at all times, but the public key may be freely distributed.
Data encrypted with a public key may only be decrypted with the corresponding private key. So, sending a message to John requires encrypting that message with John’s public key. Only John can decrypt the message, as only John has his private key. Any data encrypted with a private key can only be decrypted with the corresponding public key. Similarly, Jane could digitally sign a message with her private key, and anyone with Jane’s public key could decrypt the signed message and verify that it was in fact Jane who sent it.
Symmetric is generally very fast and ideal for encrypting large amounts of data (e.g., an entire disk partition or database). Asymmetric is much slower and can only encrypt pieces of data that are smaller than the key size (typically 2048 bits or smaller). Thus, asymmetric crypto is generally used to encrypt symmetric encryption keys which are then used to encrypt much larger blocks of data. For digital signatures, asymmetric crypto is generally used to encrypt the hashes of messages rather than entire messages.
39. What problems does cryptography solve?
Ans: A secure system should provide several assurances such as confidentiality, integrity, and availability of data as well as authenticity and non-repudiation. When used correctly, crypto helps to provide these assurances. Cryptography can ensure the confidentiality and integrity of both data in transit as well as data at rest. It can also authenticate senders and recipients to one another and protect against repudiation.
Software systems often have multiple endpoints, typically multiple clients, and one or more back-end servers. These client/server communications take place over networks that cannot be trusted. Communication occurs over open, public networks such as the Internet, or private networks which may be compromised by external attackers or malicious insiders.
It can protect communications that traverse untrusted networks. There are two main types of attacks that an adversary may attempt to carry out on a network. Passive attacks involve an attacker simply listening on a network segment and attempting to read sensitive information as it travels. Passive attacks may be online (in which an attacker reads traffic in real-time) or offline (in which an attacker simply captures traffic in real-time and views it later—perhaps after spending some time decrypting it). Active attacks involve an attacker impersonating a client or server, intercepting communications in transit, and viewing and/or modifying the contents before passing them on to their intended destination (or dropping them entirely).
The confidentiality and integrity protections offered by cryptographic protocols such as SSL/TLS can protect communications from malicious eavesdropping and tampering. Authenticity protections provide assurance that users are actually communicating with the systems as intended.
It can also be used to protect data at rest. Data on a removable disk or in a database can be encrypted to prevent disclosure of sensitive data should the physical media be lost or stolen. In addition, it can also provide integrity protection of data at rest to detect malicious tampering.