Professional Documents
Culture Documents
com
Network security
Content
ABSTRACT....................................................................................................................................3
INTRODUCTION...........................................................................................................................4
Authentication..............................................................................................................................7
Integrity........................................................................................................................................7
Confidentiality.............................................................................................................................7
Non-repudiation...........................................................................................................................7
Availability...................................................................................................................................7
Authorization...............................................................................................................................7
Vulnerability................................................................................................................................8
DoS (Denial-of-Service).........................................................................................................10
Unauthorized Access..............................................................................................................11
Confidentiality Violation........................................................................................................12
Destructive criticism...............................................................................................................12
Page | 1
IP spoofing.............................................................................................................................13
Use backups...............................................................................................................................13
Logging......................................................................................................................................17
Firewalls.....................................................................................................................................17
Limiting Access......................................................................................................................18
Gateway Security.......................................................................................................................20
Content filtering.........................................................................................................................21
Conclusions/ Recommendations....................................................................................................22
Bibliography..................................................................................................................................23
Page | 2
ABSTRACT
“Network Security is the most important aspect in any organization”. This is the sentence which
we hear for many mouths. But, those people who know its importance do not know the issues
that should to be considered and implemented to maintain the network securely. In this
Document I want to explain about the minimum basic issues that need to be covered in the
architecture of the network, the policies that need to be implemented in any of the network of an
organisation. I want to explain briefly the security issues caused due to the mis configurations of
the technologies, the threats and the attacks caused in the network, discuss network security
architecture and defense in depth, i.e. what is required such as policies, training of users, and of
course network security architecture including logging, firewalls, IDS, IPS, locking
down/hardening servers/desktops, maintaining Confidentiality, Integrity, Availability, etc
Page | 3
INTRODUCTION
The basic understanding of network security is requisite; in order to understand this we should
know what is Network. The brief introduction about the Network is that it is the “set of inter
linking of lines which is similar to a net, an interconnected systems, network of infrastructure
and alliance”. The network is simply an interconnection of computers, no mater how they are
connected. [ CITATION Lex \l 1033 ]
Network security has globally become a critical issue, this has created an treat for the many
organizations especially in small and medium business; this is because they often lack in
securing their networks and is not sufficient to protect and defend from the sophisticated internet
threats. As we all know that global economy is more reliant on IT assets and Internet
communications, so the network security has become a serious issues in designing, planning and
implementing an assortment of security tools and their communication. The Information Age
technologies have increasingly become significant factors in network security. [ CITATION
Mat97 \l 1033 ]
The security in Information Age is striking with the remarkable profits, however has some
unparalleled risks. This is not only a continual and unremitted concern of security, yet downtime
of network is objectionable. Well, this document is intended to the advance users of computer
network in an organization, here i have explained the concepts of network security, why is it
necessary, its hype in the market place, also this will aid organizations to install, configure,
understanding the risks and how to overcome the attack of threats and maintain the secured
servers and operating systems. [ CITATION Mat97 \l 1033 ]
Page | 4
To uphold company assets
The most important function of the computer and network security is to safeguard the company
assets. Here company assets means “Information & Data” housed in a company, rather not the
hardware or software comprised in companies computer and network. Data and information is
the imperative asset of the organization. Information perhaps defined as organized data which
can access in logical and in consequential way. Network security is more concerned about the
fortification, veracity, accessibility of the information.
Page | 5
To secure one’s position
To keep up your job in an organization and to have prospects in their career, it is very significant
to carry the measures which protect the company assets. Maintaining secured systems and
networks in an organization should be administrators’ job. If once failed to protect might lead to
termination.[ CITATION Joh01 \l 1033 ]
Authentication
This is the process in which user’s identity verification is done.
Integrity
This is the process of sending the same data which is arrived, it is nothing but maintaining the
reliability of data. This can even be said as maintaining accuracy of data; this in turn refers as
capability of securing the information or transmissions form the unauthorized networks or
fortuitous modifications. The term Integrity is generally used in reference to network functioning
their system and application
Confidentiality
This is the process of maintaining the insightful data’s and information available in an
organization to eavesdropper, so to avoid this data’s should be encrypted.
Non-repudiation
Assertion in any business that has taken place is consequently proved. This is nothing but
accepting the disclaimer, means non-renunciation or non-debunking.
Availability
This is the process of making the system network, hardware, software reliable by recovering
promptly and fully while interlude of service. Preferably, these essentials should not prone to
Denial-of- Service attacks.
Page | 6
Authorization
It is the process of giving an official instruction or command or right to give access to the users.
The act of conferring legality or authorize or official warrant.
Vulnerability
Vulnerability is considered as an inherent flaw in the plan, design, or execution of the system
network which delivers it and is more susceptible to the threats and attacks. The more chances of
getting vulnerable are due to the three factors they are:
1. Weak design
2. Poor performance
3. Poor management resources [ CITATION Joh01 \l 1033 ]
1. Server-vulnerabilities
Web based applications
Data base software’s
2. Client-vulnerabilities
Media players
Web browser
Email client
4. Mal-treat of application
Peer to peer program
Quick messaging
5. Zero-day attacks
Page | 7
Zero day attacks [ CITATION AlR09 \l 1033 ]
Page | 8
Figure 1 Common attack types and threat level [ CITATION AlR09 \l 1033 ]
DoS (Denial-of-Service)
DoS (Denial-of-Service) attack is the most complicated and hard to address, it is found as most
horrible attack. This is so called horrible attack because it is very easy to commence but very
difficult and sometimes not possible to trace, and it is also difficult to decline the attacker’s
request without rejecting lawful request for the services. The hypothesis for network connection
in an organization by DoS attack is very easy and simple; they just need to send many requests to
the system more than its capacity. This is associated with tool kits which is present in
underground society, which makes the matter simple by executing the program and commanding
it to which host should blast with requests. The assaulter’s program just makes a link with the
service port, which might copy the header packet data and information which shows where the
packet arrived, and later drops the link. If suppose the assault is sending 60 requests per second
and the host are capable to answer 30 requests per second which is much less than the any lawful
requests, apparently the host fails to service all the requests from assaulter’s which effects on
websites executing there.
Page | 9
These extreme assaults were very common between the years 1996-1997 but now this case is
very rare. Certain measures can be taken to minimize the risk of being hacked off by the DoS
attack which includes:
• Updating the security linked patches for your host operating systems
• No organizations are visible to the global servers at the level very close to competence.
• Use of Packet Filter to avoid copied packets entering in to the address apace of your
network. Apparently, the copied packets would claim form coming from your own host,
so reserve private network address by defining as RFC 1918 [4], and the loop-back
network as [127.0.0.0]. [ CITATION YRe18 \l 1033 ]
Unauthorized Access
This term is referred in superior levels to numerous sorts of assaults. The main agenda in
unauthorized access is to access the resources that the system should not provide the assaulter.
For instance, the host is the web server it has to provide access to everyone who requests the web
pages. Yet, the host should not access the request without being sure that the user giving such
commands, this should get to the local administrator.
Page | 10
Confidentiality Violation
Firstly, we need to prepare a threat model which tells about like what’s that you are trying to
secure your self against? Also there are some data’s which could be destruct if it goes to the
hands of rivals, or opponent or public. So in these situations it is quite possible that conciliating
the common user’s account on the system is just enough to destroy it, by PR form or tracking the
information which can be used to un-favor the company. Whilst there are many culprits of these
sorts who breaking and entering are just doing to seek thrill and they are interested in nothing
more just to access your computer on theirs. Some people are not interested in nothing but for
thrill, but these culprits are taken advantage by the devious rival companies to track your system
information. [ CITATION Mat88 \l 1033 ]
Destructive criticism
In the disparaging sorts of chimes in and attacks, there are two chief classes:
1. Data Diddling
The data diddling is probably the worst kind of break in, which may not attack immediately.
Conceivably, the attacker toy with a spread sheets or may even modify some changes in your
project plans. Perhaps, he may change your account number for automatic deposition of certain
pay-cheques. The accounting system will turn up with variance in the books after three to four
months from the occurred incident. Tracking the trouble and shooting it would obviously an
complicated one, and once the setback is known it is very uneasy to trust the numbers from that
time of period. Even the question may arise saying that what back up do you have to safe guard
your data? [ CITATION Mat88 \l 1033 ]
2. Data Destruction
Certain negative connotation assaults are only just twisted flicks where things can be deleted. In
such cases the burden of your company and computer will cause nothing less, if flames or any
other adversities might destroy your computer system and business.
Page | 11
IP spoofing
This is the process where one can generate unprocessed IP packets openly from the
application by adding some value in to source IP address field by this process receiver
cannot identify the source is been faked. This is to avoid from being caught and
circumvent the security tools.
Measures to be taken: The routers should offset the departing packets with void source
address, as an example data-gram generator address is not in router’s net. [ CITATION
AlR09 \l 1033 ]
Use backups
From the security standpoint this is not considered as a good proposal. The backup policies have
to be stated by operational supplies, and this has to be closely matched with the disaster
resurgence policy. Is suppose, a flit crashes in your building at one moment and you’re able to
shift your business to different location. Likewise these are also used in recovering companies’
Page | 12
data even though an electronic disaster, failure of hardware, modifying the changes or may even
damage the company data’s.
Page | 13
Figure 2 network security framework[ CITATION AlR09 \l 1033 ]
Page | 14
Run down UDP/ TCP services, delete the needless services. The unnecessary services
might be the break in for the assaulters to gain power on your system.
Create a strong password policy, weak passwords leads to settle by concession of the
account.
Do not completely trust the code from unauthorized sources.
Block un-necessary e-mail attachments such as .bas, .bat, .exe and .vbs.
Do not offer extra privileges to the system resources than needed, try to employ the
concept of "minimum privileges".
Achieve your individual network security.
Idyllically, most of the systems were done the network architecture and designed before their
existence. But, realistically the professionals are most interesting to attempt and make complete
security for the existing networks. Networks tend to develop in an untreated mode. Once the
Page | 15
individual system and polices are done, than the actual work begins on designing and planning
on the infrastructure of network security. If possible design the network security architecture
during the network designing.
Logging
There are many numerous, volumes and diversity in computer network security logs which is
being increasing enormously thus creating the enthusiast for the management of computer
security log. The log management is the method of rendering (bringing forth), carrying, putting
in, examining and finally preparing the computer and network security log data’s. It is a vital
necessitates ensuring that all the computer security records are stored in proper details by the log
management for the suitable time period. Regular log examining would be an advantage for
discovering the security disruptions, policy encroachments, operational tribulations and
fallacious process. Logs are also essential in inspecting, forensic analyses, backing up internal
probes, developing the baselines, knowing the operational trends and enduring tribulations. The
main drawback in Log management in an organization is that less quantity of balancing the
resources with constant supply of log data. Yielding a log and storing it is a difficult task by
many factors, some of them includes large number of log sources, discrepant log details, data
format, timestamp event, growingly high volumes of data log. Log management necessitates in
securing the confidential data’s, reliability, and accessibility of logs. Also log management has a
problem with security issues; often network admin performs an efficient data log analysis.
Firewalls
These are the basic components of all perimeters defense. This is known as the popular defense
system, which is not just a single system but actually a set of components. The firewall is
generally located between the two networks which behave as a gateway. The main requirements
for the successful firewall include:
1. It should behave as gateway through which all incoming and outgoing traffic must pass.
2. It should permit only authoritative traffic to pass.
3. It should be resistant to dissemination or concession.
Page | 16
The logical separation is a very significant aspect of user’s population in grounding the safe
network. Splitting up the user’s population permits employers to be logically sorted by operated,
role, purpose, branch or responsibility of job. Segmenting user population furnishes the co-
workers to work jointly and thus forbids from the other organization assaulters. It is very
important to understand the need to access contained by the segmented network department.
Minimum concession is imposed by using network device like Access Control List (ACL) of
router, among network segments.
The ACL could be defined as clubbed data’s which communicates with computer OS to seek
rights to access, user or set of them should have particular system objects. As per the
organizations network policy security, introducing network servers on individual logic network
division permits control devices to impose access thus helps to create security layer inside the
network organization. If certain server is settled by concession then it can be used as induction
point for more assaults or invasions. Though the network is divided, access to other servers or
user population is restricted by Firewall or by ACL. If user population or server is inserted on
various segmented divisions diffuses the creation of inspection trails from the gate-way devices.
Many devices are available to network segments and are able to register access and transfer
which can be further inspected and verified the network security policy which are imposed.
[ CITATION Bel761 \l 1033 ]
Limiting Access
Limiting access is located on Gateway device which connects segmented network. A limit is
sited on one’s personal system too for network access. These limitations help in increasing the
security for the networks. This is possible by forbidding non licensed access to logical divisions
of network systems. In many computer OS the user name and password is needed fro access. But
in some OS prevents user access from narrow soothe thus allows only access to files and their
applications of network. Security admin should have local soothe access for server computers.
With the use of the individual user name and passwords the user must verify one self. It is unable
to restrict snooping, exploitation of data and involuntary modification or data thrash to access
workstations, if operated by only one user than no other users apart from security admin should
have access. However, the system is for communal use then file partition is imposed as with
NTFS files in Windows NT/2000; data privacy, reliability is done by restricting the users from
Page | 17
screening in to others files unless the user is interested to share his files.[ CITATION Bel761 \l
1033 ]
Broom recess (where any housing member would be knowing the key)
Machine quarters (in the ability that uses vapor and frozen water for typical weather
influence)
Below the desk of IT manager foyers, shattered areas, and meeting halls adjacent to
EMP-letting out machines on an industrial unit level on the HVAC units in storage house.
In few situations, network traffic is prevented from one user division to another. This is mainly
done by consummating ACLs on separate router or gateway device. Network traffic can be
cleaned by IP source address, or even by prompting verification before permitting the traffic to
pass through.
Logically Segmented Network
Research against Production
Page | 18
Why separation of network is vital is explained below by considering some examples. In a
company the R&D staff and production staff are considered, the company manufactures desktop
computers and developers script code for BIOS microcode. Fortuitously, the production team
started using beta BIOS code which is from R&D server in the production line prior it has to be
experienced and prepared for release in the market. But yet, found some bugs in the code present
in some systems. This makes an adverse effect on the production team, formerly the team begin
testing and fixing the bugs. The network hardware and wiring can be accessed only by the IT
employees. Access by the other persons may lead to theft and attacks, losing data’s reliability
and discretion. [ CITATION Bel761 \l 1033 ]
Gateway Security
The confidentiality and veracity of the data in an organization is done security gateway which
could be an external, internal networks or internet. If web and other services are given to the
customers who are very critical in organization’s Gateway. The customers cannot access the data
if services are not accessible, to do business with organization. The Gateway system is
considered as the most secure system in the network. Even virus filtering can be done in the
gateway and can even access the control to the network by studying the incoming packets and
outgoing packets. Virus can be removed from the files which are downloaded, from active X,
Java or with some other applets. To remove the virus from files it first has to pass through
network traffic to get scanned from the virus later server reviews the payload of the packet to
find out the existing virus, if not the packet continues further. If the virus is detected then the
packet terminates at scanning server, thus preventing from network getting infected.
[ CITATION And721 \l 1033 ]
Page | 19
Figure 3 Intrusion Detection systems [ CITATION AlR09 \l 1033 ]
Content filtering
The unwanted or hasty materials available on the Internet can be reduced in an organization by
exposures. Content filtering helps in filtering HTTP, FTP traffic, emails, or any undesirable
materials against security policy. They use the same principle as the virus scan servers in which
network traffic is monitored and later passed to the destination files. [ CITATION And72 \l 1033
]
Page | 20
• Clear understanding of what does and does not comprise the company owned electronic
media and services.
• Evidently explaining how to access the information and how to spread and by what
means.
• Making a note of controls.
• Mentioning users of monitoring and auditing measures, information confession, and cost
for disobedience.
• Notify those conscientious for security enforcement and how policies and procedures are
imposed.
• Identifying steps to be taken in the activity of disobedience with policy, a safety violate,
or an adversity.
Conclusions/ Recommendations
As the Network Security Issues has become an integral part of every organization. With growing
network connection of the company with the employees, customers, vendors; computers
networks are widely open to the entire world. So it is necessary to safeguard their company
information’s. In this paper we believed that the result of Network Security approach to
assessing and analyzing have more propensity in explaining the Network security Issues their
threats and attacks that surround internet security and how companies are avoiding such issues
due to mis-configurations of the technologies. In this research we have approached in getting
some basic tips for securing network, and focused on designing and planning of the network
security. We would recommend the companies to protect the integrity of the data by using
appropriate and sophisticated security layers and protect against from people related, software
related and hardware related attacks. The usage of the technologies like Firefox, Routers,
Content Filters, Gateway security, Policies, IDS/IPS etc will help more efficiently in securing the
data of the company from the hackers.
Page | 21
Bibliography
Al-Radhi, A. A.-D. (2009). MENOG 4/RIPE NCC. Chicago, Illinois USA: DePaul Univeristy
Chicago, Illinois USA.
Anderson. (1972). Computer Security Technology. US.
Anderson, J. (1972). Computer Security Technology Planning study. ESD-TR-73-51.
Andrew S, T. Computer Networks. Prentice Hall.
Anonymous. (1983). Department of defence trusted computer system evaluation criteria.
Babbin, J. e. (2006). Security Log Management: Identifying Patterns in the chaos. Syngress.
Bauer, M. D. (2002). building secure servers with LINUX, O'Reilly. System Log management
and monitoring .
Bell, D. a. (March 1976). MTR, Revision 1.
Bell, D. E. (March 1976). Secure Computer Systems: Unified Exposition and Multics
Interpretation. MTR-2997.
Canavan, J. E. (2001). Artech House telecommunications library. Fundamentals of Network
Security , 1-2.
curtin, M. (1988). network security.
Edmead, M. (2000). "best practices" guide for securing Microsoft IIS 5.0. US.
Giuseppini, G. (2005). Microsoft Log Parser Toolkit. Syngress.
Haas, L. Z. (1999). Special issue on network Security. Securing Ad Hoc Networks,
IEEENetwork.
J.P. Holbrook, J. R. Site security hand book. RFC 1244. .
Kent, K. (2002). NIST. Guide to the computer and network security .
S.Tanenbaum, A. computer networks. 4th Edition, Prentice hall.
Singer, A. a. (2004). Building a Logging Infrastructre. USENIX Association.
websters, L. The New Lexicon Webster's. New York.
Y. Rekhter, R. M. (1918). Address Allocation for Private Internets. RFC.
Page | 22