Search This Blog

Tuesday 1 March 2011

NETWORK SECURITY



A Paper presentation at



NETWORK SECURITY








                                    




  CONTENTS

1.  Abstract

2.  Introduction

3.  History

4.  Security Threats

i)       Passive Attacks

ii)      Active Attacks

     5.Importance of Security

i)       Firewalls

ii)      Encryption & Decryption

iii)     Secure Socket Layer

 6. Conclusion

 7. References




   






ABSTRACT:

The question,” How to build a secure system?” baffled the minds of all those currently enjoying the services provided by recent trends and the technological developments achieved in the field of computers especially the “Internet”. It’s very simple for one to gain access to the Internet using gateways, dial-up connections and ISP. Beneath this lies the problem of security as information may be lost or corrupted. If the question, “Why should one hack my PC?” is haunting your mind, then there is a definite scope to challenge the “Bad guys” who want to break down the layers of security defenses.
           
Security through obscurity was once a sound philosophy. Many years ago, when the average computer user had little knowledge of the OS/2,the security -through-obscurity approach tended to work out. Things were more or less managed on a need-to-know basis. The problem with security through obscurity, however, becomes more obvious on a closer examination. It comes down to matters of trust.

In old days, when security through was practiced religiously, it required that certain users had information about the system as: the location of the passwords in the system and the special characters to be typed at the prompt. It was common for a machine on connection to issue a cryptic prompt.

              More security doesn’t make you more secure - better management does.

A security policy can check hundreds of vunerablities in just a few hours. Most network-based computer security crimes are unreported and can be prevented to some extent. The secret to a secure enterprise lies in not just monitoring the parts, but also managing it as a whole. Security tools that are described with mechanism by implementing are available to the planner. Firewalls an authorized communication technique with its two types (Packet-Filtering Routers and Proxy Servers) serves the purpose of the security. Encryption & Decryption, the most effective way of securing the contents of the electronic data and Secure Socket Layer is a protocol for secure data communication on the Internet. It is the de-facto standard for the authenticated and encrypted data communication between a browser and a client. In addition to these tools, Privacy mechanism, the confidentiality that turns the assurance of privacy, often achieved on the Internet through the use of encryption. Access Control to ensure that only the authorized users have access to a particular system and/or specific resources.

INTRODUCTION:

Cyber Terrorism:

Cyber-terrorism refers to the convergence of terrorism with the cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computer, networks and information stored therein, when done to intimidate or coerce a government or its people, or in a larger perspective, the international community, in furtherance of political, or religious, or social objectives.

Cyber-terrorism, being a digital weapon preserves life of the terrorist and thrives on the development of new technologies. The attack is undetectable and the victim may not even know that he is being attacked. The famous quote of a writer in the millennium is “to conquer an enemy without fighting”. Is this still a terrorists dream? No. In the age of information revolution, terrorist organizations, which generally have no access to television or audio communications, conveniently broadcast their messages to the entire world via the Internet, the backbone of web technology. In fact, many of the terrorist group maintains their own websites. The traditional tools of terrorism-explosives, bullets and more recently nuclear, chemical and biological weapons -are dangerous not only to the target but also to the terrorist himself.

“If somebody hacks, we need to know that, ”Are they just kids or more nefarious?” Is it Saddam or Laden who is planning another World Trade Center bombing?”

HISTORY:

Earlier security us to be about insurance but now it has become a lifestyle - customers must incorporate security into everything that they do. The past decade has seen a debate on the topic that whether security must be a responsibility of the host or that of the network. Saying that security is a responsibility of the Internet is wrong. Both the host and the network must be secure:  the responsibility must be shared equally have not be slanted towards the hosts.

Security in an Internet environment is important as the information has significant value: information can be bought and sold directly or be used to create new products and services that yield high profits. Gone are days when the enterprises could secure their IT infrastructure by merely installing desktop anti-viruses and firewalls. Ever-increasing threats from viruses, worms, Trojans, mass-mailers, distributed denial of service and hackers has led the enterprises to wake up to the need for protection, though the awareness levels are discouragingly low. In addition to this, new security threats are faster and smarter than predecessors, spreading across the globe in a matter of minutes. For instance, SQL Slammer- a worm that was propagated in January 2003- caused loss of about 20% of data in transit via the Internet in the U.S while at its peak, 10 times faster than the average loss of other viruses. Another virus Code Red that was debuted in 2002 caused an estimated business loss of $2.6 billion on a global scale.

With the worldwide connections, someone can get into your system in the middle of the night when your building is locked up. The Internet provides the electronic equivalent of intruders who looks for open windows and doors. Now a person can look for hundreds of vunerablities in just a matter of a few hours. Most of the network-based computer security crimes are unreported, yet the statistics are alarming:

According to the Computer Security Institute (CSI), a member research organization that provides public service information, most of the breeches of the Internet and data security are kept quiet. Yet the monthly rate of incidents of proprietary business information rose 260% from 1985 to 1993.Of the 8,392 attacks in 1993, 7,860 were successful and only 19 of them were reported.

National Center for Computer Crime in Santa Cruz, California states that the annual loss from computer network crimes is $550 million annually in the U.S alone. The Yankee Group, an industry consulting firm, estimates that by taking into account associated productivity, confidence, and competitive advantage losses, the financial loss for such security breeches is nearly $5 billion annually.

SECURITY THREATS:

Security threats can be inflicted in the form of passive attack and active attack.

1) Passive Attack: A passive attack is one in which the attacker eavesdrops and listens to the message exchanges but does not modify the message contents in any way. Even if the messages are encrypted, the attacker is able to do traffic analysis on the stream of data exchanged.
Some of the threats under this category are:

i) Unauthenticated access
ii) Unauthorized access
iii) Spoofing (fabrication or   impersonation)
iv) Attack (making resources unavailable)
v) Malicious software

2) Active Attack: An active attack is one in which the attacker modifies the messages exchanged, delete selected messages, replay old messages, introduce new messages into the stream of message exchanges or impersonate one end of the conversation.
Some threats under this category are:

 i) Interception or sniffing
 ii) Modification
 iii) Denial of action (repudiation)




PASSIVE ATTACKS:

Passive threats involve monitoring the transmission data of an organization. The goal of the attacker is to obtain the information being transmitted. Passive threats are difficult to detect, as they don’t involve alteration of data.

1.Unauthenticated Access: The threat of release of message contents is of great concern. A telephone conversation, an e-mail message, or a transferred file may contain sensitive or confidential information. One needs to prevent the attacker from learning the contents of these transmissions.

2.Unauthorised Access: The threat of traffic analysis is subtler and is more often applicable to military solutions. Even though one may have a way to masking the contents of messages, the attacker may still determine the location and identity of the communicating hosts. And can also observe the frequency and length of the messages being exchanged. The emphasis in dealing with passive threats is prevention rather than detection. Although these threats can be directed at communication resources (routers and lines), they are generally perpetrated at the host level.

3.Source IP Address Spoofing Attacks: For this type of attack, the intruder transmits packets from the outside that pretend to originate from an internal host: the packets falsely contain the source IP address of an inside system. The attacker hopes that the use of a spoofed source IP address will allow penetration of systems that employ simple source address security where packets from specific trusted internal hosts are accepted and packets from other hosts are discarded. Soure spoofing attacks can be defeated by discarding each packet with an inside source IP address if the packet arrives on one of the routers outside interfaces.

4.Source Routing Attacks: In a source routing attack, the source station specifies the route that a packet should take as it crosses the Internet. This type of attack is designed to bypass security measures and cause the packet to follow an unexpected path to its destination. Simply discarding all the packets that contain the source route option can defeat a source routing attack.

5.Tiny Fragment Attacks: For this type of attacks, the intruder uses the IP fragmentation feature to create extremely small fragments and force the TCP header information into a separate packet fragment. Tiny fragment attacks are designed to circumvent the user-defined filtering rules; the hacker hopes that a filtering router will examine only the first fragment and allows all other fragments to pass. Discarding all packets where the protocol type is TCP and the Fragment Offset is equal to 1 can defeat a ting fragment attack.

ACTIVE ATTACKS:

Active threats involve the modification of the data stream or the creation of a false stream.

1.Interception or Sniffing: Message stream modification is done which means that some portion of the legitimate message is altered or that messages are delayed, replayed, or recorded to produce an unauthorized effect. For e.g.: a message “Allow Amelie to read confidential file accounts” is modified to “Allow Gabrielle to read confidential file accounts”.
2. Masquerade: Masquerade takes place when an attacker pretends to be someone else. The attack usually includes one of the other two forms of attack. Such an attack can take place, for e.g. by capturing and replaying an authentication sequence.

3.Denial of Service: It prevents or inhibits the normal use of management of communication facilities. This attack may have a specific target; for e.g. an attacker may suppress all messages directed to a particular destination. Another form of service denial is the disruption of the entire network, either by disabling the network or by overloading it with messages so as to degrade the performance.

IMPORTANCE OF SECURITY:

The situation today is radically different from the one 10 years ago. Over that period of time, the crackers and hackers, groups of people have faced off and crystallized into opposing teams. The network is now at war and these are the soldiers. Everyone has a different idea of what “security” is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization.

1.Firewalls:

A firewall is a point at which your private company network and a public network, such as the Internet, connect. A firewall system is a hardware/software configuration, which sits at this perimeter, controlling access incoming and outgoing of your company’s network

Basic Firewall Operation:
  
Posted by at

1 comment:

Unknown said...

Your blog is an excellent resource to learn all about network security. I read the other posts too and they all are of great help. Thanks and keep sharing.
electronic signature FAQ

15 April 2014 at 02:24

Post a Comment

Subscribe to: Post Comments (Atom)