Network
Security
Security - Definition
- As per ISO
7498 Security means reduce to the greatest extent the vulnerability
of data and resources.
Assests - Definition
- Assests are
defined as data and other resourses in a computer network
system
- The assests
can be divided into four
|
|
Local
resources
|
The induvidual
computers connected to the network in a company.
- The security
hazards are from user usage - educate user,
- internet downloads
- disable ActiveX, install anti-virus program
|
|
Network
resources
|
The cabling and
the routers.
- Hacker access
to these should be avoided to protect against snooping.
|
|
Server
resources
|
The web, internet,
E-mail servers in the company
- Protect them
in a safe room to avoid access to hackers
|
|
Database
and information resources
|
The
most important assest of a company the hacker's final destination. |
Security Threats
|
Broadly
security threats are two types
|
|
Accidental
|
Caused
by an innocent user accidentall enter in to the system and
cause for correption of data. |
|
Intentional
|
Hackers
enter into the system intentionally. |
|
Hackers
can be classified into two
|
|
Casual
Hackers
|
Most
of the hackers fall in this catogary. The hacks the system
for fun and thrill. Aproper security measure can stop them. |
|
Determined
Hacker
|
One
hacks the system for with a specific reason. |
|
Types
of Attacks
|
|
|
The
Hacker alters the IP packet header to suite that of a legitimate
host. |
|
Man-in-the-middle
|
The
Hacker capture the packets when it is on its way to the destination
|
|
|
The
Hacker will generate a large number of ping packets to over
burden the server and finally results in system crash. Robert
Morris Internet worm incident is an example.In a denial
of service attack, the user sends several authentication requests
to the server. All requests have false return addresses, so
the server can't find the user when it tries to send the authentication
approval. The server waits before closing the connection.
When it does close the connection, the attacker sends a new
batch of requests, and the process begins again--tying up
the service indefinitely. |
|
|
The
most common type is from inside the system. All security measures
are mainly for external threats. |
|
Front
door attack
|
When
the Hacker has complete information he can walk in through
the front door of the system. |
|
Brute-force
|
The
Hacker use a directory program to generate deferent combinations
of the password and try login the system as a legitimate user.
|
|
Trapdoor
attack
|
A
Hacker establishes a command on execution he get the access
to the system |
|
Replay
attack
|
|
|
Torjan
Horse attack
|
The
Hacker place a Torjan program in the commonly used function.
When a user use this function the Torjan program will executed
and sends vital information to the Hacker. |
The Hacker Process
|
Step
1 - Discovery
|
- Gather informations
such as
- Sever
IP address - This can be obtained by doing an InterNIC
WHOIS search or ping of webserver will yield the IP
address.
- Type of
hardware and operating system - This can be obtained
by using Telenet or FTP to attach to the system.
- Types
of internet services the target system having HTTP,
and FTP servers are important to the hacker.
- The TCP
ports the system is using.
- The Network
Topology.
- The protocols
used.
- Location
of a purticular servic.
|
|
Step
2 - Penetration
|
- Once after
gaing the system information the Hacker decides where
to attack. Usually one with least security or the one
he has tools.
- System default
setting, if not chanded by the administrator is an advantage
for the Hacker.
- System bugs
can help the Hacker to intruode into the system. So the
administrator has to keep track of the upgrades available
on the system to kill the bugs.
|
|
Step
3 - Control
|
- Once the Hacker
is penetrated into the system he will try to
- obtain
root access.
- open new
acounts so that next time can enter using this acount
without detection.
- destroy
the evidence of activity by deleting the system log.
|
Key Security Organizations
Auditing phases
To find out the network
security can withstand a hacker attack, regular auditing is to
be conducted. The following are the three phases of audit
- Status quo analysis
- The first step
is to determine the pressent level security.
- Physical security
of servers
- Service discovery
- Attempt to find out the services the same way a hacker
would.
- Risk Analysis
- A risk analysis
determines whether any network system is exposed.
- Threat Analysis
- A threat analysis
determines a probable attack.
Non-Repudiation
Non-repudiation means
the ability to prove the transaction details such as
- The buyer
- The seller
- Cost of item
- Qty
- Tme
Authentication Process
One can authenticate(prove
onself who he is) by the following methods
| What
You know |
Password
authentication |
Login
passwords |
| What
you have |
A
card |
ATM
cards which more suphisticated with a password. |
| Who
you are |
Authentication
with unique physical attributes |
Finger
print scanners,Retinal eye scanners, etc.. |
Tthe three simple and
efficient ways to secure the web are,
- Encryption
- Special protocols
- Firewalls.
| Encryption |
Symmetric-key
encryption |
- Sender encrypt
the info with one key and the receiver should decrypt
the info using the same key.
- If anybody
knows the key can decrypt the info.
- E.g - passwords
used in ATM
|
| Asymmetric-key
encryption |
- Uses two keys
"public-key" and "provate-key".
- Public-key
of a receiver is known to all senders but the private
key is known to only the receiver only.
- Sender encrypts
the info with the receiver's public-key, the receiver
decrypts it with the his private-key.
- Quite slow
process as intensive mathematical calculations are involved.
|
| One-way
key encryption |
- One way encryption
is used where the encrypted info is not to be decrypted.
- Used for comparsion
of information without revealing the info.
- ATM use one-way
encryption the PIN enetred by the user will be compared
with the encrypted code on the card.
|
Firewall
- Firewall
is a secured computer system(a set of related programs installed
in a seperate computer) placed between a trusted and untrusted
sytems.
Functions of firewall
- Filter packets
- Serving as circuit-level
and application-level gateways.
- Detecting intrutions.
- Serving as a proxy
server.
Firewall Topology
| Packet
filter router |
- A packet filtering
router located in between the external and internal n/ws
inspects all packets received for a predefined content
and rejects all non confirmng packets go into the internal
network.
- Cheap but
less secure.
|
|
Single-homed
baston host
(Screened host
firewall)
|
- The router
is configured to redirect all incoming packets to the
bastion host.
- The baston
host filter all incoming packets re-directed by the router
- The baston
host serves both as circuit gateway and application gateway,
controlling access to and from the externally accessible
servers such as web or FTP.
- Costly and
slow compared to packet filtering.
|
|
Dual-homed baston
host
(Screened host
firewall)
|
- As the name
indicates there are two computers that act as network
interfacing.
|
| Sceened
subnet firewall |
- Commonly used
topology.
- It has a "demilitarised
zone" DMZ,
which contains all externally accessed devices.
- Employes two-internal
and external routers to connect the subnet to the interal
and external networks.
- Offers the
highest security.
|
Related Links
|
