Paper presentation: NETWORK SECURITY

With the rapid growth of application of Internet in various walks of life, the study of Network Security has become inevitable. So it is very important for all the users to get familiar with various aspects of Network Security. In the article basics of Network Security are discussed. With the millions of Internet users able to pass information from the network, the security of business networks is a major concern. The very nature of the Internet makes it vulnerable to attack. The hackers and virus writers try to attack the Internet and computers connected to the Internet. With the growth in business use of the Internet, network security is rapidly becoming crucial to the development of the Internet. Many business set up firewalls to control access to their networks by persons using the Internet. Firewalls acts as barriers to unauthorized entry into a network that is connected to the Internet allowing outsiders to access public areas but preventing them from exploring proprietary areas of network. Also First generation firewalls (packet filtering), second generation firewalls (proxy services), third generation firewalls are discussed. Many groups of people have used and contributed to the art of cryptography. One of the main constraints on cryptography has been the ability of the code clerks to perform the necessary transformations, on a battlefield. A fundamental rule of cryptography is that one must assume that cryptanalyst knows the general method of encryption used.

In the last decade, the number of computers in use has exploded. The growth of this industry has been driven by two separate forces which until recently have had different goals and end products. The first factor has been research interests and laboratories, these groups have always needed to share files, email and other information across wide areas. The research labs developed several protocols and methods for this data transfer, most notably TCP/IP. Business interests are the second factor in network growth. For quite sometime, businesses were primarily interested in sharing data within an office or campus environment, this led to the development of various protocols suited specifically to this task.

This is a very rosy picture: businesses, governments and individuals communicating with each other across the world. While reality is rapidly approaching this utopian picture, several relatively minor issues have changed status from low priority to extreme importance. Security is probably the most well known of these problems. When businesses and private communications obviously desire secure communications. Finally, connecting a system to a network can open the system itself up to attacks. If a system is compromised, the risk of data loss is high.

The object of security is to protect valuable or sensitive organizational information while making it readily available. Attackers trying to harm a system or disrupt normal business operations exploit vulnerabilities by using various techniques, methods, and tools. System administrators need to understand the various aspects of security to develop measures and policies to protect assets and limit their vulnerabilities. A common attitude among users is that when no secret work is being performed, why bother implementing security. No firewall or proxy protection between the organizations private local area network (LAN) and the public Internet makes the company a target for cyber crime. The way in which a system can be attacked are classified into four groups. These are Interruption, Interception, Modification and Fabrication.

There are two basic types of network security-Transit security and Traffic regulation, which when combined can help guarantee that the right information is securely delivered to the right place. It should be apparent that there is also a need for ensuring that the hosts that receive the information will properly process it, this raises the entire specter of host security: a wide area which varies tremendously for each type of system. With the growth in business use of Internet, network security is rapidly becoming crucial to the development of the Internet.

Transit security: Currently, there are no systems in wide use that will keep data secure as it transits a public network. Two important methods available to encrypt traffic between a few coordinated sites:

Ø Virtual Private Networks: This is the concept of creating a private network by using TCP/IP to provide lower levels of a second TCP/IP stack.

Ø Packet Level Encryption: This is an approach to encrypt traffic at a higher layer in the TCP/IP stack. Both of these methods can have performance impacts on the hosts that implement the protocols, and on the networks, which connect those hosts. The relatively simple act of encapsulating or converting a packet into a new form requires CPU time and uses additional network capacity. Encryption can be a very CPU-intensive process and encrypted packets may need to be padded to uniform length to guarantee the robustness of some algorithms. Further, both methods have impacts on other areas (security related and otherwise- such as address allocation, fault tolerance and load balancing).

Traffic Regulation: the most common form of network security on the Internet today is to closely regulate which types of packets can move between networks. If a packet, which may do something malicious to a remote host never, gets there, the remote host will be unaffected. Traffic regulation provides this screen between hosts and remote sites. This typically happens at three basic areas of the network: routers, firewalls and hosts. Each provides similar service at different points in the network. In fact the line between them is somewhat ill defined and arbitrary. In this article, I will use the following definitions:

Ø Router traffic regulation: Any traffic regulation that occurs on a router or terminal server (hosts whose primary purpose is to forward the packets of other hosts) and is based on packet characteristics. This does not include application gateways but does include address translation.

Ø Firewall traffic regulation: Traffic regulation or filtering that is performed via application gateways or proxies.

Ø Host traffic regulation: Traffic regulation that is performed at the destination of a packet. Hosts are playing a smaller and smaller role in traffic regulation with the advent of filtering routers and firewalls.

INTRODUCTION TO FIREWALLS

Firewalls make it possible to filter incoming and outgoing traffic that flows through your system. A firewall can use one or more sets of “rules'' to inspect the network packets as they come in or go out of your network connections and either allows the traffic through or blocks it. The rules of a firewall can inspect one or more characteristics of the packets, including but not limited to the protocol type, the source or destination host address, and the source or destination port. Firewalls can greatly enhance the security of a host or a network. They can be used to do one or more of the following things:

Ø To protect and insulate the applications, services and machines of your internal network from unwanted traffic coming in from the public Internet.

Ø To limit or disable access from hosts of the internal network to services of the public Internet.

Ø To support network address translation (NAT), which allows your internal network to use private IP addresses and share a single connection to the public Internet (either with a single IP address or by a shared pool of automatically assigned public addresses).

I N S I D E OUTSIDE

Fig. (i). Diagrammatic representation of a Firewall.

There are three basic types of firewalls, and we'll consider each of them.

Application Gateways

The first firewalls were application gateways, and are sometimes known as proxy gateways. These are made up of bastion hosts that run special software to act as a proxy server. This software runs at the Application Layer of our old friend the ISO/OSI Reference Model, hence the name. Clients behind the firewall must be proxitized (that is, must know how to use the proxy, and be configured to do so) in order to use Internet services. Traditionally, these have been the most secure, because they don't allow anything to pass by default, but need to have the programs written and turned on in order to begin passing traffic.

Packet Filtering

Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on. By default, a router will pass all traffic sent it, and will do so without any sort of restrictions. Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa. There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO/OSI layer (typically, the transport or session layer). Due to the lower overhead and the fact that packet filtering is done with routers, which are specialized computers optimized for tasks related to networking, a packet filtering gateway is often much faster than its application layer cousins. Figure 6 shows a packet-filtering gateway. Because we're working at a lower level, supporting new applications either comes automatically, or is a simple matter of allowing a specific packet type to pass through the gateway. (Not that the possibility of something automatically makes it a good idea; opening things up this way might very well compromise your level of security below what your policy allows.) There are problems with this method, though. Remember, TCP/IP has absolutely no means of guaranteeing that the source address is really what it claims to be. As a result, we have to use layers of packet filters in order to localize the traffic. We can't get all the way down to the actual host, but with two layers of packet filters, we can differentiate between a packet that came from the Internet and one that came from our internal network. We can identify which network the packet came from with certainty, but we can't get more specific than that.

Log/Alert

Y E S

Flowchart: Decision: Forward the packet?

N O

Next Rule

Send the

acknowledgement &

drop packet

N O

Y E S

Fig.(ii). Flowchart representation of packet filtering.

Hybrid Systems

In an attempt to marry the security of the application layer gateways with the flexibility and speed of packet filtering, some vendors have created systems that use the principles of both. In some of these systems, new connections must be authenticated and approved at the application layer. Once this has been done, the remainder of the connection is passed down to the session layer, where packet filters watch the connection to ensure that only packets that are part of an ongoing (already authenticated and approved) conversation are being passed. Other possibilities include using both packet filtering and application layer proxies. The benefits here include providing a measure of protection against your machines that provide services to the Internet (such as a public web server), as well as provide the security of an application layer gateway to the internal network. Additionally, using this method, an attacker, in order to get to services on the internal network, will have to break through the access router, the bastion host, and the choke router.

What is cryptography?

The word cryptography comes from the Greek words, which means hidden or secret and writing. So cryptography is the art of secret writing. More generally it is the art of mangling information into apparent unintelligibility in a manner allowing a secret method of unmangling. The basic service is provided by cryptography is the ability to send information between particulars in a way that it prevents others from reading the data.

Cryptography provides services such as: -

ü Integrity checking- reassuming the recipient of a message that the message has not been altered since it was generated by a legitimate source.

ü Authentication-verifying someone’s identity.

In cryptography, when the message in its original form is known as plain text or clear text and the mangled information is known as cipher text. The process of producing cipher text from plaintext is known as encryption. The reverse of encryption is known as decryption.

Encryption decryption

Plaintext Cipher text Plaintext

Cryptographic systems tend to involve both algorithm and a secret value. The secret value is known as the key. The reason for having a key in addition to an algorithm is that it is difficult to keep devising new algorithms that will allow reversible scrambling of information, and it is difficult to quickly explain a newly devised algorithm to a person with whom you’d like to start communicating securely. The concept of a key is analogous to the combination for a combination lock. Although the concept of a combination lock is well known as we cannot open a combinational lock easily without knowing the combination.

TYPES OF CRYPTOGRAPHIC FUNCTIONS:

Ø Decryption is the reverse of encryption, and Hash functions-it involves the use of zero keys.

Ø Secret key functions-it involves the use of one key.

Ø Public key functions-it involves the use of two keys.

SECRET KEY CRYPTOGRAPHY

Secret key cryptography involves the use of single key. For example, given a message (called plaintext) and the key, encryption produces unintelligible data (called cipher text), which is about the same length as the plain text.

Secure communication channel

KEY

Key

Plain text Cipher text Cipher text Plaintext

Encryption Decryption

Algorithm algorithm

Fig. (iii). Secret key cryptography.

PUBLIC KEY CRYPTOGRAPHY: -

Public key cryptography is sometimes also referred to as asymmetric cryptography. Public key cryptography is a relatively new field, invented in 1975. In public key, each individual has tow keys: a private key that need not be revealed to anyone, and a public key that is preferable known to the entire world.

Ciphertext Ciphertext

E (P) E (P)

User A User B

Hash algorithms are also known as message digits or one-way transformations.

A cryptographic hash function is a mathematics transformation that takes a message of arbitrary length (transformed into strings of bits) and computes from it a fixed length (short) number.

Cryptographic has functions which can be used to generate a MAC to protect the integrity of messages transmitted over insecure media in much the same way a secret key cryptography.

If we merely sent the message and used the hash of the message as a MAC, this would not be secure, since the hash function is well known. The bad guy can modify the message and compute a new hash for the new message, and transmit that.

All the three techniques discussed in this presentation i.e. network security; cryptography and firewalls are most widely used and implemented networks security tools. Each of them had its own significance in its own mode. For example, a single organization or establishment to maintain privacy of information within itself can use cryptography. These methods are being used to provide confidentiality required by the network. There is a lot of scope for the development in this field. Digital signatures are one of the latest developments in the field of cryptography. With the increase in number of computers, and the usage of computers worldwide the demand for network security is increasing exponentially. This has led to the development of major companies like Symantec Corporation, MacAfee etc. So this field is putting up a big employment potential for the young generation of today. And not to forget, there is no end to the complexity of this subject, which means that any amount of research will not go futile for the world of computers.