Types of Network Security

Network scanning is a scanning used to define vulnerabilities in a network. A scan can be used by security experts to shield the security of a network from an external attack. Hackers may use a scan to find vulnerabilities. Different types of scanning are as under,

Three–Way Handshake

TCP is connection-oriented, which indicates connection establishment is principal prior to data transmission between applications. This connection is possible using the process of the three-way handshake. The three-way handshake is applied for establishing the connection between protocols.

The three-way handshake procedure goes as follows:

• To launch a TCP link, the source sends a SYN packet to the destination (10.0.0.3:21).
• The destination, on getting the SYN packet, i.e., sent by the source, responds by referring a SYN/ACK packet back to the source.
• This ACK packet checks the arrival of the first SYN packet to the source.
• The source sends an ACK packet for the ACK/SYN packet sent by the receiver.
• This triggers an "OPEN" connection agreeing communication between the source and the destination, until any of them send a "FIN" packet or a "RST" packet to close the connection.

The TCP protocol keeps stateful connections for all connection-oriented protocols across
the Internet, and works the same as a normal telephone communication, in which one picks up a telephone receiver, hears a dial tone, and dials a number that generates ringing at the receiver end until a person picks up the receiver and tells, "Hello."

Stealth Scan(Half-Open Scan)

Stealth scan sends a single frame to a TCP port without any TCP handshaking or extra packet transfers. This is a scan type that leads a single frame with the expectation of a single response. The half-open scan partly opens a connection, but stops midway. This is also known as a SYN scan because it only directs the SYN packet. This stops the service from ever being reported of the incoming connection. The three-way handshake approach is also implemented by the stealth scan. The variation is that in the last stage, remote ports are recognized by examining the packets entering the interface and dismissing the connection before a new initialization was activated.

The process preludes the following:

• To start initialization, the client forward a single "SYN" packet to the destination server on the matching port.
• The server initiates the stealth scanning process, depending on the response sent.
• If the server forwards a "SYN/ACK" response packet, then the port is in "OPEN" state.
• If the response is advanced with an "RST" packet, then the port is in a "CLOSED" state.

NULL Scan

NULL scans direct TCP packets with all flags turned off. It is expected that closed ports will return a TCP RST. Packets received by open ports are rejected as invalid. It sets all flags of TCP headers, such as SYN, ACK, FIN, RST, URG and PSH, to NULL or unassigned. When any packets reach at the server, BSD networking code notifies the kernel to drop the incoming packet if a port is open, or sends an RST flag if a port is closed. This scan uses flags in the opposite fashion as the Xmas scan, but gives the similar output as FIN and Xmas tree scans. Many network codes of major operating systems can behave inversely in terms of responding to the packet, ex, Microsoft versus UNIX. This method does not helpful for Microsoft operating systems. Command line for null scanning with NMAP is " -sN"
Advantage:
It evades IDS and TCP three-way handshake.
Disadvantage:
It is helpful only for UNIX.

Network scanning scans networks for vulnerabilities in the security of that network. If there is a vulnerability with the safety of the network, it will give a report back to a hacker who may use this information to exploit that network bug to gain entry to the network or for other malicious actions.