# I. Introduction here are many kinds of attacks in networking. Whereas we can classify into wired and wireless attacks. Here we are going to see about various attacks and attackers and defenders in this paper. A network is basically all of the components (hardware and software) involved in connecting computers across small and large distances [2]. Networks are used to provide easy access to information, thus increasing productivity for users. There are following main types of networks: [1] Personal area network (PAN): It is a network that is used for the communication among the personal system ad its connecting devices like printer, modem, telephone, etc. in close proximity limited to one person only. # Local area network (LAN): It is a network used for connecting two or more than two persons in a small geographical area like campus, office building, etc. Wide area network (WAN): It is a network used for connecting people at large geographical area. Large numbers of LAN are connected with each other creating a WAN so as to connect almost whole world. # Metropolitan area network (MAN): It is a hybrid network ranging between LAN and WAN where the connecting devices lies within the city. It is mainly used by the cooperate companies who want to share data from its one branch to another in the same city. # Global area network (GAN): This network is used for supporting mobile across arbitrary number satellite coverage areas and wireless LANs etc. The key challenge in mobile communications is handing off user communications from one local coverage area to the next. # Virtual private network (VPN): It is a network which is maintained by companies who wants to do the private communication over the public network. The path between the two companies in VPN is encrypted and forming a tunnel for the safe communication. # II. Classification of Attackers Hackers: He is a person who gains unauthorized access to data classified into inside and outside attacks. Cracker: Detects vulnerability and take advantage over it To develop a secure system we consider the following: Phishing: Creates duplicate website with simple modification to the original website , if user access this page their secret data like online bank passwords and security questions and answers will be accessed through the website. This will be used to steal and transfer their money. Pharming (DNS Spoofing): This will create a website duplicating the DNS address itself where whenever the website is tried to access this website will be loaded. # III. Various Algorithms a) Data Encryption Standard (DES) DES was the result of a research project set up by International Business Machines (IBM) Corporation in the late 1960" s which resulted in a cipher known as LUCIFER. DES is based on a cipher known as the Feistel block cipher. It consists of a number of rounds where each round contains bit-shuffling, nonlinear substitutions (S-boxes) and exclusive OR operations. Once a plain-text message is received to be encrypted, it is arranged into 64 bit blocks required for input. If the number of bits in the message is not evenly divisible by 64, then the last block will be padded. DES performs an initial permutation on the entire 64 bit block of data. It is then split into 2, 32 bit sub-blocks, Li and R I which are then passed into 16 rounds. The output of this final permutation is the 64 bits ciphertext. # b) AES (Advanced Encryption Standard) AES is also known as the Rijndael's algorithm, is a symmetric block cipher. It was recognized that DES was not secure because of advancement in computer processing power. It encrypts data blocks of 128 bits using symmetric keys. It has a variable key length of 128, 192 or 256 bits : by default 256 is used. AES encrypts 128 bit data block into 10, 12 and 14 rounds according to the key size. AES can be implemented on various platforms such as small device encryption of AES is fast and flexible. AES has been tested for many security applications. The purpose of NIST was to define a replacement for DES that can be used in non-military information security applications by US government agencies. # c) Blowfish It is one of the most public domain encryption algorithms. Blowfish was designed in 1993 by Bruce Schneider as a fast alternative to existing encryption algorithms. Blowfish is a symmetric key block cipher that uses a 64 bit block size and variable key length from 32 bits to 448 bits. Blowfish has 16 rounds or less. Blowfish is a very secure cipher and to use encryption free of patents and copyrights. No attack is successful against Blowfish, although it suffers from weak key problem. # d) IDEA(International Data Encryption Algorithm) IDEA is a block cipher algorithm and it operates on 64-bit plaintext blocks. The key size is 128 bits long. The design of algorithms is one of mixing operations from different algebraic groups. Three algebraic groups are mixed, and they are easily implemented in both hardware and software: XOR, Addition modulo 216, Multiplication modulo 216 + 1. All these operations operate on 16-bit subblocks. This algorithm is efficient on 16-bit processors. IDEA is symmetric key algorithm based on the concept of Substitution-Permutation Structure, is a block cipher that uses a 64 bit plain text with 8 rounds and a Key Length of 128-bit permuted into 52 subkeys each of 128-bits. It does not contain Sboxes and same algorithm is used in reversed for decryption. # e) RC4 RC4 is a stream cipher symmetric key algorithm. as the data stream is simply XOR with generated key sequence. # h) Twofish Twofish is also a symmetric key algorithm based on the Feistel Structure and was designed by Bruce Schneier along with Doug Whiting, John Kelsey, David Wagner, Niels Ferguson and Chris Hall,. The AES is a block cipher that uses a 128 bit plain text with 16 rounds and a variable Key Length of 128, 192, 256 bit. It makes use of 4 S-boxes (depending on Key) and same algorithm is used in reversed for decryption. The inventors extends the Blowfish team to enhance the earlier block cipher Blowfish to its modified version named Twofish to met the standards of AES for algorithm designing. It was one of the finalists of the AES, but was not selected for standardization. The Twofish is an open to public sphere and not yet patented. [4] i) TEA TEA is also a Feistel Structured symmetric key algorithm. TEA is a block cipher that uses a 64 bit plain text with 64 rounds and a Key Length of 128-bit with variable rounds having 32 cycles. It does not contain Sboxes and same algorithm is used in reversed for decryption. TEA is designed to maximize speed and minimize memory footprint. Cryptographers have discovered three related-key attacks on TEA. Each TEA key can be found to have three equal keys, thus it can be used as a hash function. David Wheeler and Roger Needham have proposed extensions of TEA that counter the above attacks. [4] # j) CAST CAST is symmetric key algorithm based on the backbone concept of Feistel Structure. It is designed by Stafford Taveres and Carlisle Adams, is considered to be a solid algorithm. The CAST is a block cipher that uses a 64 bit plain text with 12 or 16 rounds and a variable Key Length of 40 to128-bit. It also contains 4 Sboxes and same algorithm is used in reversed for decryption. Bruce Schneier, John Kelsey, and David Wagner have discovered a related-key attack on the 64 bit of CAST that requires 217 chosen plaintexts, one related query, and 248offline computations. CAST is patented, which was generously released it for free use. [4] IV. Security Protocols # d) Internet Protocol Security (IPSec) Although it was designed to run in the new version of the Internet Protocol, IP Version 6 (IPv6), it has also successfully run in the older IPv4 as well. IPSec sets out to offer protection by providing the following services at the network layer: Access Control: To prevent an unauthorized access to the resource. Connectionless Integrity: To give an assurance that the traffic received has not been modified in any way. Confidentiality: To ensure that Internet traffic is not examined by non-authorized parties. This requires all IP datagrams to have their data field, TCP, UDP, ICMP or any other datagram data field segment, encrypted. Authentication: Particularly source authentication so that when a destination host receives an IP datagram, with a particular IP source address, it is possible to be sure that the IP datagram was indeed generated by the host with the source IP address. This prevents spoofed IP addresses. Replay protection: To guarantee that each packet exchanged between two parties is different. IPSec protocol achieves these objectives by dividing the protocol suite into two main protocols: 1. Authentication Header (AH) protocol 2. Encapsulation Security Payload (ESP) protocol. The AH protocol provides source authentication and data integrity but no confidentiality. The ESP protocol provides authentication, data integrity, and confidentiality. [5] IPSec operates in two modes: transport and tunnel: i. Transport Mode The Transport mode provides host-to-host protection to higher layer protocols in the communication between two hosts in both IPv4 and IPv6. ii. Tunnel Mode Tunnel mode offers protection to the entire IP datagram both in AH and ESP between two IPSec gateways. This is possible because of the added new IP header in both IPv4 and IPv6. Between the two gateways, the datagram is secure and the original IP address is also secure. The bank checks for tampering. It also make ssure that the transaction identifier in the authorization request matches the one in Bob's PI package. 9. Alice's bank then sends a request for payment authorization to Bob's payment-card bank through traditional bank-card channels --just as Alice's bank would request authorization for any normal payment-card transaction. # Fig. 5 One of the key features of SET is the nonexposure of the credit number to the merchant. This feature is provided in Step 5, in which the customer encrypts the credit card number with the bank's key. Encrypting the number with the bank's key prevents the merchant from seeing the credit card. Note that the SET protocol closely parallels the steps taken in a standard payment-card transaction. To handle all the SET tasks, the customer will have a so-called digital wallet that runs the client-side of the SET protocol and stores customer payment-card information (card number, expiration date, etc.) # V. Conclusion This papers dealt with various attacks on networks and the defencing mechanisms present. Many algorithms have been developed as an measure to secure the system. All the algorithms are useful based on the requirement as and when needed. Various security mechanisms and security protocols are available. ![b) Transport Layer uses HMAC SSL have 3 sub protocol Handshake protocol-Connection Establishment. Record protocol -Actual message protocol. Alert Protocol -If client/ server detects error other party discloses the connection and the secret key is deleted.](image-2.png "") 1![Fig.1](image-3.png "Fig. 1") 2![Fig. 2: Handshake protocol action c) SHTTP-Secure HTTP Combination of HTTP and SSL to implement secure communication between a Web browser and a Web server SSL don't differentiate different messages. SHTTP is similar to SSL but work on individual messages.](image-4.png "Fig. 2 :") ![e) SET -Secure Electronic Transactions SET[6] is a protocol specifically designed to secure payment-card transactions over the Internet. It was originally developed by Visa International and MasterCard International in February 1996 with participation from leading technology companies around the world.](image-5.png "") ![Bob indicates to Alice that he is interested in making a credit card purchase. 2. Alice sends the customer an invoice and a unique transaction identifier. 3. Alice sends Bob the merchant's certificate which includes the merchant's public key. Alice also sends the certificate for her bank, which includes the Computer Science and Technology Volume XVII Issue V Version I A Survey on Network Security](image-6.png "1.") Year 201730Volume XVII Issue V Version I( ) EGlobal Journal of Computer Science and Technology © 2017 Global Journals Inc. (US) 1 © 2017 Global Journals Inc. (US) ( ) A Survey on Network Security Fig. 4 5. Kizza Guide to Network Security. 6. * A Survey on Different aspects of Network Security in Wired and Wireless Networks in International Journal of Latest Trends in Engineering and Technology IJLTET of Information Technology) Chandigarh Group of Colleges * Cryptography and Network Security Behrouz A. Forouzon * A Survey On Various Encryption And Decryption Algorithms M ChandaMona International Journal of Security (IJS) Singaporean Journal of Scientific Research(SJSR) 6 6 2014