NETWORK SECURITY

1.1 Introduction
Computer networks for the first few decades of their existence were primarily used by
universities researchers for sending E-mails, and by corporate employees for sharing printers.
Under this condition, security did not get a lot of attention. But now, as millions of ordinary
citizens are using networks for banking, shopping and many other daily life applications,
network security is looming on horizon as a potentially massive problem. In following text, we
will study network security from several angles, point out pitfalls and discuss many aspects for
making networks more secure.
Need For Network Security:
Network security involves the protection of an agency or internal network from threats
posed by authorized or unauthorized connections. Hackers, viruses, vindictive employees and
even human error all represent clear and present dangers to networks. And all computer users,
from the most casual Internet surfers to large enterprises, could be affected by network security
breaches.
1.2 Sources of Threat :
Hackers:
This term applies to computer enthusiasts who take pleasure in gaining access to other
people’s computers or networks. Many hackers are content with simply breaking in and leaving
their footprints,” Other hackers, referred to as “crackers,” crash entire computer systems, steal or
damage confidential data, defacing Web pages, and ultimately disrupting business.

Disgruntled Staff:
Angry employees, often those who have been reprimanded, fired, or laid off, might
vindictively infect their corporate networks with viruses or intentionally delete crucial files. This
group is especially dangerous because it is usually far more aware of the network, the value of
the information within it, where high-priority information is located, and the safeguards
protecting it.
Snoops:
 Employees known as “snoops” partake in corporate espionage, gaining unauthorized
access to confidential data in order to provide competitors with otherwise inaccessible
Information.
2. Security Threats to the System:
Viruses:
Viruses are the most widely known security threats. Viruses are computer programs that
are written by devious programmers and are designed to replicate themselves and infect
computers when triggered by a specific event. For example, viruses called macro viruses attach
themselves to files that contain macro instructions and are then activated every time the macro
runs. A network can be infected by a virus only if the virus enters the network through an
outside source—most often through an infected floppy disk or a file downloaded from the
Internet. When one computer on the network becomes infected, the other computers on the
network are highly susceptible to contracting the virus.
Trojan horse Programs:
Trojan horse programs, or Trojans, are delivery vehicles for destructive code. Trojans
appear to be harmless or useful software programs, such as computer games, but they are
actually enemies in disguise. Trojans can delete data, mail copies of themselves to e-mail address
lists, and open up computers to additional attacks. Only copying the Trojan horse program to a
system, via a disk, downloading from the Internet, or opening an e-mail attachment, can contract
Trojans.

Vandals:
A vandal is a software application or applet that causes destruction of varying degrees. A
vandal can destroy just a single file or a major portion of a computer system.
Attacks:
Innumerable types of network attacks have been documented, and they are commonly
classified in three general categories: reconnaissance attacks, access attacks, and denial of
service (DoS) attacks.
• Reconnaissance attacks are essentially information gathering activities by which hackers collect
data that is used to later compromise networks. Usually, software Tools, such as sniffers and
scanners, are used to map out network resources and exploit potential weaknesses in the targeted
networks, hosts, and applications. For example, software exists that is specifically designed to
crack passwords. Such software was created for network administrators to assist employees who
have forgotten their passwords or to determine the passwords of employees who have left the
company without telling anyone what their passwords were.

• Access attacks are conducted to exploit vulnerabilities in such network areas as authentication
services and File Transfer Protocol (FTP) functionality in order to gain Entry to e-mail accounts,
databases, and other confidential information.
• DoS attacks prevent access to part or all of a computer system. They are usually achieved by
sending large amounts of jumbled or otherwise unmanageable data to a machine that is
connected to a corporate network or the Internet, blocking legitimate traffic from getting through.
Even more malicious is a Distributed Denial of Service attack (DDoS) in which the attacker
compromises multiple machines or hosts.

Data Interception Data transmitted via any type of network can be subject to interception
by unauthorized parties. Perpetrators can use various methods to intercept the data. IP spoofing,
for example, entails posing as an authorized party in the data transmission by using the Internet
Protocol (IP) address of one of the data recipients.
Social Engineering:
Social engineering is the increasingly prevalent act of obtaining confidential network
security information through non-technical means. For example, a social engineer might pose as
a technical support representative and make calls to employees to gather password information.
Spam:
Spam is the commonly used term for unsolicited electronic mail or the action of
broadcasting unsolicited advertising messages via e-mail.
3.0 Solutions:
After the potential sources of threats and the types of damage that can occur have been
identified, putting the proper security policies and safeguards in place is important.
Organizations have an extensive choice of technologies, ranging from anti-virus software
packages to dedicated network security hardware, such as firewalls and intrusion detection
systems, to provide protection for all areas of the network.
3.1 Anti-virus Packages:
Virus protection software is packaged with most computers and can counter most virus
threats if the software is regularly updated and correctly maintained. The anti-virus industry
relies on a vast network of users to provide early warnings of new viruses, so that antidotes can
be developed and distributed quickly. The virus database is the record held by the anti-virus
package that helps it to identify known viruses when they attempt to strike. Network security
policy should stipulate that all computers on the network are kept up to date and, ideally, are all
protected by the same anti-virus package—if only to keep maintenance and update costs to a
minimum. Virus authors often make getting past the anti-virus packages their first priority.

3.2 Security Policies:

When setting up a network, whether it is a local area network (LAN), virtual LAN
(VLAN), or wide area network (WAN), it is important to initially set the fundamental security
policies. Security policies are rules that are electronically programmed and stored within security
equipment to control such areas as access privileges. In addition, companies must decide who is
responsible for enforcing and managing these policies and determine how employees are
informed of the rules and watch guards.
3.3 Access Control:
Before a user gains access to the network with his password, the network must evaluate if the
password is valid. Access control servers validate the user’s identity and determine which areas
or information the user can access based on stored user profiles.
3.4 Firewalls:
A firewall is a hardware or software solution implemented within the network infrastructure to
enforce an organization’s security policies by restricting access to specific network resources.
Firewall technology is even available in versions suitable for home use. The firewall creates a
protective layer between the network and the outside world. In effect, the firewall replicates the
network at the point of entry so that it can receive and transmit authorized data without
significant delay. However, it has built-in filters that can disallow unauthorized or potentially
dangerous material from entering the real system. It also logs an attempted intrusion and reports
to the network administrators. The purpose of a firewall is to provide controlled and audited
access to services between two or more networks. It does this by permitting, denying, or
redirecting the flow of data across the firewall. A firewall may also support anonymity for
internal network hosts, through a function known as 'address translation'. The address translator
substitutes the address of the firewall in IP packets delivered to the external network so that the
internal network topology is hidden from the external network, thereby reducing the risk of an
attack on the internal network.

4.Introduction to System Security

There is no universal standard notion of what secure behavior is. "Security" is a concept
that is unique to each situation. Security requires not only an adequate protection system, but
also consideration of external environment within which the system operates.
Security is extraneous to the function of a computer application, rather than ancillary to it, thus
security necessarily imposes restrictions on the application's behavior. Security mechanisms
detect and prevent attacks and recover from those that succeed. Human beings are the weakest
link in the security mechanisms of any system.
System security rests on:
 Confidentiality is the concealment of information or resources,
 Integrity refers to the trustworthiness of data or resources,
 Availability refers to the ability to use the information or resource desired.

It is important to distinguish the techniques used to increase a system's security from the
issue of that system's security status. In particular, systems which contain fundamental flaws in
their security designs cannot be made secure without compromising their usability. A
secure system is a system that starts in an authorized state and cannot enter an unauthorized
state.The definition of 'secure' varies by application, and is typically defined implicitly or
explicitly by a security policy that addresses confidentiality, integrity and availability of
electronic information that is processed by or stored on computer systems.

In addition to restricting actions to a secure subset, a secure system should still permit
authorized users to carry out legitimate and useful tasks. It might be possible to secure a system
against misuse using extreme measures. There are myriad strategies and techniques used to
design security systems.
5.Goals of Security
 Prevention means that an attack will fail. Prevention involves implementation of
mechanisms that users cannot override and that are trusted to be implemented in a
correct, unalterable way, so that the attacker cannot defeat the mechanism by changing it.
(e.g., passwords, which aim to prevent unauthorized users from accessing the system)

 Detection is most useful when an attack cannot be prevented, but it can also indicate the
effectiveness of preventive measures. Detection mechanisms accept that an attack will
occur; the goal is to determine that an attack is under way, or has occured, and report it.
The attack may be monitored, however, to provide data about its nature, severity, and
results. The resource protected by the detection mechanism is continuously or
periodically monitored for security problems.

 Recovery means the resumption of correct operation. Recovery has two forms. The first is
to stop an attack and to assess and repair any damage caused by that attack. In a second
form of recovery, the system continues to function correctly while an attack is under way.
However,the system may disable nonessential functionality. This type of recovery is quite
difficult to implement because of the complexity of computer systems.

6.Techniques for increasing System Security

 Firewalls can either be hardware devices or software programs. They provide excellent
protection from online intrusion. Firewalls are systems which help protect computers and
computer networks from attack and subsequent intrusion by restricting the network traffic
which can pass through them, based on a set of system administrator defined rules.

 Cryptography is the practice and study of hiding information. Cryptography is used to

constrain the potential senders and receivers of a message. Cryptography is used in
applications present in technologically advanced societies; examples include the security
of ATM cards, computer passwords, and e-commerce.

 Encryption is used to protect the message from the eyes of others. It can be done in
several ways by switching the characters around, replacing characters with others, and
 even removing characters from the message. These have to be used in combination to
make the encryption secure enough, that is to say, sufficiently difficult to crack.
Encryption is a means for constraining the possible receivers of a message.

 Intrusion-detection systems can scan a network for people that are on the network but
who should not be there or are doing things that they should not be doing, for example
trying a lot of passwords to gain access to the network. Intrusion-detection, strives to
detect attempted or successful instructions into computer systems and to initiate
appropriate responses to the instructions.

 Authentication techniques can be used to ensure that communication end-points are who
they say they are. Generally, authentication is based on one or more of three items: user
possession (a key or card), user knowledge (a user identifier and password), and/or a user
attribute (fingerprint, retina pattern, or signature).

 Mandatory access control can be used to ensure that privileged access is withdrawn when
privileges are revoked. For example, deleting a user account should also stop any
processes that are running with that user's privileges.

 Anti-virus software consists of computer programs that attempt to identify, thwart and
eliminate computer viruses and other malicious software (malware).

7.The security problem

We say that a system is secure if its resources are used and accessed as intended
under all circumstances. But, total security cannot be achieved. Security violations or
misuse of the system can be categorized as intentional or accidental. It is easier to protect
against accidental misuse than against intentional misuse. Among the forms of malicious
access are the following:

Unauthorized reading of data or theft of information.

Unauthorized modification of data.
Unauthorized destruction of data.
Preventing legitimate use of the system or denial of service.
To protect the system, we must take security measures at four levels:
 1.Physical: The site or sites containing the computer systems must be physically
secured against armed or surreptitious entry by intruders.
 2.Human: Users must be screened carefully to reduce the chance of authorizing a user
who then gives access to an intruder (e.g., in exchange for a bribe).
 3.Network: Much computer data in modern systems travels over private leased lines,
shared lines like the Internet, or dial-up lines. The interception of this data could be just as
harmful as the break-in of a computer. The interruption of these communications could be a
remote denial-of-service attack and diminish user’s use of and trust of the system.
 4.Operating System: The system must protect itself from accidental or purposeful
security breaches. If the operating environment is not based on a secure operating system capable
of protecting application code from malicious subversion, and capable of protecting the system
from subverted code, then high degrees of security are understandably not possible. 'Secure
coding' can provide significant payback in low security operating environments

Conclusion
Simple measures for securing a system:-

 Do not run an application with known security flaws.

 Backups are a way of securing information. Backup tapes sent off site should be in
locked containers.

 Users must be authorized carefully.

 System must be placed at a physically secure site.

 Always have users lock their screen when away from their desk. It is best if they log
off of their terminal/workstation at night.

 There should be no written passwords or password hints on a users desk.

 To protect against computer damage from power outages (and spikes), be certain to
have your computers on a UPS.