Search This Blog

Tuesday 1 March 2011

Network security


                   

         A paper presentation on,

 

Abstract:

                     Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired'', an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them. Some history of networking is included, as well as an introduction to TCP/IP and internetworking. We go on to consider risk management, network threats, firewalls, and more special-purpose secure networking devices. It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally, at home, and in the workplace.

Contents: 

·        Introduction to Networking



Introduction:-

Introduction to Networking:-

                     A basic understanding of computer networks is requisite in order to understand the principles of network security. In this section, we'll cover some of the foundations of computer networking, then move on to an overview of some popular networks. Following that, we'll take a more in-depth look at TCP/IP, the network protocol suite that is used to run the Internet and many intranets. Once we've covered this, we'll go back and discuss some of the threats that managers and administrators of computer networks need to confront, and then some tools that can be used to reduce the exposure to the risks of network computing.
Computer security:-
                    Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have doing.
      What is a Network?
                      A network may be defined as interlinking lines resembling a net; a computer network is simply a system of interconnected computers. How they're connected is irrelevant and also sees the number of ways to connect them.
The ISO/OSI Reference Model:-
                    OSI is Open System Interconnection, and ISO is International Standard Organization. The International Standards Organization (ISO) Open Systems Interconnect (OSI) Reference Model defines seven layers of communications types, and the interfaces among them. Each layer depends on the services provided by the layer below it, all the way down to the physical network hardware, such as the computer's network interface card, and the wires that connect the cards together. An easy way to compare this model with our daily consume is the telephone system.
 The ISO/OSI Reference Model
\begin{figure} \begin{center} \setlength {\unitlength}{0.00062500in} \begingr... ...ical}}} \put(301,-1786){\line( 1, 0){1875}}\end{picture}\end{center}\end{figure}

What are some Popular Networks?

                        There are two popular networks, are there, they are UUCP and Internet. Both of which are ``public'' networks. Anyone can connect to either of these networks, or they can use types of networks to connect their own hosts (computers) together, without connecting to the public networks. Each type takes a very different approach to providing network services.

1. UUCP:-

                     UUCP (Unix-to-Unix Copy) was originally developed to connect UNIX hosts together. UUCP has since been ported too much different architecture, including PCs, Macs, Apple II s and etc.

Applications of UUCP:-

Batch Oriented Processing:-

                   UUCP and similar systems are batch-oriented systems, everything that they have to do is added to a queue, and then at some specified time, everything in the queue is processed.
The below figure shows that a sample UUCP network.
                                  
Figure 2: A Sample UUCP Network
\begin{figure} \begin{center} \setlength {\unitlength}{0.00041700in} \begingr... ... \put(376,-1411){ \framebox (1800,1125){}}\end{picture}\end{center}\end{figure}

 

 

 

 

 

 

 

 

Implementation Environment of UUCP:-.

                      UUCP networks are commonly used dial-up (modem) connections. UUCP can be used over any sort of connection between two computers, including an Internet connection. The connection of UUCP network is means of configuring two hosts to recognize each other, and know how to get in touch with each other. For example there are two hosts A and B have a UUCP network between them, and now, C would like to join with the network, then it must be configured to talk to
 A and/or B. This means that a connection must be established with at least one of the hosts on the network. In this network users are identified by in format of host!userid the character “!” indicates separation of hosts and users. It can be pronounced as “bang”. Bang path is defined as the if I am a user on host A and you are host E. I might be known as A! Venkat and you might be known as the “E! You”. Because there is no direct link between your host (E) and mine (A), now we want a communication between two hosts. In our sample network, C has the connectivity we need. So, to send me a file, or piece of email, you would address it to C! A! Venkat.
Popularity: - UUCP isn't very flexible, as it's used for simply copying files, such as net news, email...etc. Interactive protocols such as the World Wide Web applications have become much more difficult, and are preferred in most cases. Usually UUCP connections are typically made hourly, daily, or weekly, there is a fair bit of delay in getting data from one user on a UUCP network to a user on the other end of the network.
Security: - UUCP typically works by having a system-wide UUCP user account and password. Any system that has a UUCP connection with another must know the appropriate password for the uucp or nuucp account. Some strong points for its security is that it is fairly limited in what it can do, and it's therefore more difficult to trick into doing something it shouldn't; it's been around a long time, and most its bugs have been discovered, analyzed, and fixed;
The second popular network is the internet.
2. Internet: -
                   Internet is a network of networks -- not a network of hosts. Movies, books, newspapers, magazines, television programs, and practically every other sort of media imaginable have dealt with the Internet recently. The Internet is made up of a wide variety of hosts, from super computers to personal computers, including every imaginable type of hardware and software. Suppose you want to access the internet, you don't really connect to the Internet; you connect to a network that is eventually connected to the Internet backbone, because an Internet is a network of networks -- not a network of hosts.
A basic network is shown in below:-
  
 A Simple Local Area Network
\begin{figure} \begin{center} \setlength {\unitlength}{0.00041700in} \begingr... ...ult}B}}} \put(376,-661){\line( 1, 0){9000}}\end{picture}\end{center}\end{figure}
We have a number of networks, which are all connected together on a backbone, which is a network of our networks. Our backbone is then connected to other networks, one of which is to an Internet Service Provider (ISP) whose backbone is connected to other networks, one of which is the Internet backbone.
This below figure shows how the hosts on that network are provided connectivity to other hosts on the same LAN, with in the same location. \begin{figure} \begin{center} \setlength {\unitlength}{0.00041700in} \begingr... ...one}}} \put(7651,-7036){\line( 1, 0){4304}}\end{picture}\end{center}\end{figure}

 

 TCP/IP: The Language of the Internet:-

 The extension of TCP is Transmission Control Protocol and IP is the Internet Protocol. TCP/IP is the special language of the Internet. A host that has this TCP/IP functionality means can easily support Netscape Navigator application i.e. networking applications. One of the most important features of TCP/IP is if the Protocol is an “open” protocol, and anyone who implements it may do so freely. By using this feature, the people access any information from any where in the world.
IP: -            It is simply “Network Layer” protocol. This is the layer that allows the hosts to actually ``talk'' to each other. Such things as carrying datagram, mapping the Internet address to a physical network address. IP is an extremely robust and flexible protocol.
Attacks against IP:-
                       IP does not perform a robust mechanism for authentication, which is proving that a packet came from where it claims it did. A packet simply claims to originate from a given address, and there isn't a way to be sure that the host that sent the packet is telling the truth. This isn't necessarily a weakness, per se, but it is an important point, because it means that the facility of host authentication has to be provided at a higher layer on the ISO/OSI Reference Model. Today, applications that require strong host authentication (such as cryptographic applications) do this at the application layer.



IP Session Hijacking:-
                         IP Session Hijacking is an attack where by a user's session is taken over, being in the control of the attacker. If the user was in the middle of email, the attacker is looking at the email, and then can execute any commands he wishes as the attacked user. The attacked user simply sees his session dropped, and may simply login again, perhaps not even noticing that the attacker is still logged in and doing things.
           In this attack, a user on host A is carrying on a session with host G. Perhaps this is a telnet session, where the user is reading his email, or using a UNIX shell account from home. Somewhere in the network between A and B sits host H which is run by a naughty person. The naughty person on host H watches the traffic between A and G, and runs a tool which starts to impersonate A to G, and at the same time tells A to shut up, perhaps trying to convince it that G is no longer on the net (which might happen in the event of a crash, or major network outage). After a few seconds of this, if the attack is successful, naughty person has ``hijacked'' the session of our user. Anything that the user can do legitimately can now be done by the attacker, illegitimately. As far as G knows, nothing has happened.

UDP:-

                     UDP (User Datagram Protocol) is a simple transport-layer protocol. It does not provide the same features as TCP, and it is considered as ``unreliable.'' Again, although this is unsuitable for some applications, it does have much more applicability in other applications than the more reliable and robust TCP.

Risk Management: The Game of Security

                     It is very important to understand the concept of security. There are two extremes: absolute security and absolute access.
Absolute security: we can get to an absolutely secure machine is one unplugged from the network, power supply, locked in a safe, and thrown at the bottom of the ocean. Unfortunately, it isn't terribly useful in this state.
Absolute access: A machine with absolute access is extremely convenient to use: it's simply there, and will do whatever you tell it, without questions, authorization, passwords, or any other mechanism. Unfortunately, this isn't terribly practical, either: the Internet is a bad neighborhood now, and it isn't long before some bonehead will tell the computer to do something like self-destruct, after which, it isn't terribly useful to you.
                        In general situations we constantly make decisions about what risks we're willing to accept. For example, when we get in a car and drive to work, there's a certain risk that we're taking. It's possible that something completely out of control will cause us to become part of an accident on the highway. If I happen to be upstairs at home, and want to leave for work, I'm not going to jump out the window. Yes, it would be more convenient, but the risk of injury outweighs the advantage of convenience.

Types And Sources Of Network Threats

In this session, we discussing about the background information on networking that we can actually get into the security aspects of all of this.

Types of threats, those are against networked computers.
            Denial of service
            Unauthorized access.
Denial-of-Service:-
                       DoS (Denial-of-Service) these are the nastiest, because they're very easy to launch, difficult to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for service. Sends more requests to the machine than it can handle. There are toolkits available in the underground community that make this a simple matter of running a program and telling it which host to blast with requests. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests.
For reducing the risk of a denial service attack we are doing some things that includes:
  • Not running your visible-to-the-world servers at a level too close to capacity
  • Using packet filtering to prevent obviously forged packets from entering into your network address space.
  • Keeping up-to-date on security-related patches for your hosts' operating systems.

Unauthorized Access:-

                     ``Unauthorized access'' can refer to a number of different sorts of attacks. The goal of these attacks is to access some resource that your machine should not provide the attacker. For example, a host might be a web server, and should provide anyone with requested web pages. However, that host should not provide command shell access without being sure that the person making such a request is someone who should get it, such as a local administrator.
In Unauthorized Access we will be discussing following topics:

Executing Commands Illicitly:-

This is not support for an unknown and unrestricted person to be able to execute commands on your server machines. There are two main classifications of the severity of this problem: normal user access, and administrator access.
                           A normal user can do a number of things on a system, which an attacker should not be able to do. Now an attacker might wish to make configuration changes to a host. In this case, the attacker will need to gain administrator privileges on the host.

 

Confidentiality Breaches:- 

There is certain information that could be quite damaging if it fell into the hands of a competitor, an enemy, or the public. In these cases, it's possible that compromise of a normal user's account on the machine can be enough to cause damage.

 

Firewalls:-

                  A firewall is simply a group of components that collectively form a barrier between two networks. The term ``firewall'' refers to a number of components that collectively provide the security of the system. Any time there is only one component paying attention to what's going on between the internal and external networks. In order to provide some level of separation between an organization's intranet and the Internet, firewalls have been employed. .

A number of terms specific to firewalls and networking are going to be discussed below:-
Bastion host:-
              A normal computer used to control access between the intranet and the Internet. These are hosts running a flavor of the UNIX operating system that has been customized in order to reduce its functionality to only what is necessary in order to support its functions.
Router:-
              Routers are handles certain functions, such as routing, or managing the traffic on the networks they connect.
Access Control List (ACL):-
             This includes things like origination address, destination address, destination service port, and so on. These can be employed to limit the sorts of packets that are allowed to come in and go out of a given network.
Demilitarized Zone (DMZ):-
             The DMZ is a critical part of a firewall: it is a network that is neither part of the untrusted network, nor part of the trusted network. But, this is a network that connects the untrusted to the trusted. The importance of a DMZ is tremendous:
Proxy:-  
            This is the process of having one host act in behalf of another. A host that has the ability to fetch documents from the Internet might be configured as a proxy server, and host on the intranet might be configured to be proxy clients.

Types of Firewalls:-

There are three basic types of firewalls. They are:
1. Application gateways.
2. Packet filtering.
3. Hybrid systems.

 Application Gateways:-
                      These are also known as proxy gateways. These are made up of bastion hosts that run on special software to act as a proxy server. This software runs at the Application Layer. Clients behind the firewall must be proxitized in order to use Internet services. These are most secure. These are also typically the slowest, because more processes need to be started in order to have a request serviced.



A sample application gateway
\begin{figure} \begin{center} \setlength {\unitlength}{0.00041700in} \begingr... ...{375}} \put(2926,-961){\vector( 0, 1){675}}\end{picture}\end{center}\end{figure}

 

Packet Filtering:-

                    Packet filtering is a technique whereby routers have ACL’S (Access Control Lists). Employing ACL’s is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa. There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO/OSI layer. Due to the less overhead packet filtering is done with routers, which are specialized computers optimized for tasks related to networking. The below figure shows a packet filtering gateway.

Figure 6: A sample packet filtering gateway
\begin{figure} \begin{center} \setlength {\unitlength}{0.00041700in} \begingr... ...{525}} \put(2926,-961){\vector( 0, 1){675}}\end{picture}\end{center}\end{figure}


Drawback: - TCP/IP has absolutely no means of guaranteeing that the source address is really what it claims to be. As a result, we have to use layers of packet filters in order to localize the traffic.

Hybrid Systems:-

                   Security of the application layer gateways with the flexibility and speed of packet filtering, some vendors have created systems that use the principles of both. These systems are called Hybrid Systems. In these systems, new connections must be authenticated and approved at the application layer. Once this has been done, the remainder of the connection is passed down to the session layer. The benefits of using these systems include providing a measure of protection against your machines that provide services to the Internet, as well as provide the security of an application layer gateway to the internal network. Additionally, using this method, an attacker, in order to get to services on the internal network, will have to break through the access router, the bastion host, and the choke router.

Secure Network Devices

The device which is having more security is secure network devices.
            Some of the examples of these devices are discussed below:-
Secure Modems; Dial-Back Systems:-
                           The modem is a device which is used to convert the analog signals into digital signals, and vice- versa. The terminal server or network device that provides dial-up access to your network. Its password need to be strong -- not ones that can be guessed. Accounts that aren't actively used should be disabled. In short, it's the easiest way to get into your network from remote: guard it carefully. There are some remote access systems that have the feature of a two-part procedure to establish a connection. The first part is the remote user dialing into the system, and providing the correct userid and password. The system will then drop the connection, and call the authenticated user back at a known telephone number. Once the remote user's system answers that call, the connection is established, and the user is on the network. This is mostly used when you are working in home.

Crypto-Capable Routers:-

                   A feature that is being built into some routers is the ability to session encryption between specified routers. Because traffic traveling across the Internet can be seen by people in the middle who have the resources to snoop around, these are advantageous for providing connectivity between two sites, such that there can be secure routes.

Virtual Private Networks:-

                        VPNS provide the ability for two offices to communicate with each other in such a way that it looks like they're directly connected over a private leased line. The session between them, although going over the Internet, is private and the link is convenient, because each can see each others' internal resources without showing them off to the entire world.

Conclusion:-

                          Security is a very difficult topic. Everyone has a different idea of what “security” is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization. Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with your security policies and practices.
                          Many people pay great amounts of lip service to security, but don’t bother when it gets in their way. It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand that what can be improved, and it's important to let them know, and what has been done to minimize the organization's exposure to them.
                       Security is everybody's business and only with everyone's cooperation and intelligent policy, it will be achieved.



















  


Posted by at

1 comment:

Unknown said...

Nice guide. With this post one can easily get to know the basics of network security. The article helps in gaining the basic understanding of meaning and usage of securing networks.
electronic signature software

15 April 2014 at 01:55

Post a Comment

Subscribe to: Post Comments (Atom)