Technology / Network Security

Network Security

This essay Network Security is available for you on Essays24.com! Search Term Papers, College Essay Examples and Free Essays on Essays24.com - full papers database.

Autor:  anton  01 October 2010
Tags:  Network,  Security
Words: 2626   |   Pages: 11
Views: 253

NTC 360 - Network and Telecommunications Concepts

July 31, 2005

Network Security

In today’s world, with so many ways to gain unauthorized access to someone’s computer system, network security is very important. Almost every company has been a victim of a virus attack, hackers, or some other form of unauthorized access to their network. In this paper, I will discuss various methods that those who want this access use and ways they can be prevented.

Many people feel that because they use passwords their files are secure and can’t be hacked. They unknowingly leave their networks open to attack without protection thinking everything is fine. Hackers can easily get into password protected files once they have access to a computer system. One way to prevent this is to use a firewall. A firewall prevents unauthorized users from gaining access to a system by restricting access to the entire system, not just the files on the system. Firewalls prevent access to data by using symmetric or asymmetric encryption.

Symmetric encryption uses the same password to decrypt the data that it does to encrypt the data. This method allows users to be able to share the same password to gain access to the data and make any needed changes. Asymmetric encryption is different in that there are different passwords used to encrypt the data and decrypt the data. Asymmetric is considered a little more secure as passwords don’t have to be shared in order to allow someone access to the data. Each individual has his or her own password to access it. Asymmetric encryption uses public/private keys to encrypt/decrypt data.

Public keys use the same encryption data to access the data that the data was encrypted with. Private, or secret, keys allow the originator of the data to encrypt it and not have to share his password with anyone. They can use their own private key to unlock the data.

Digital certificates are certificates that are guaranteed to be authentic by a Certificate Authority. The certificate authority digitally ‘signs’ the data stating that it is authentic. An alternative to this is Public Key Infrastructure, or PKI. PKI uses private keys to certify the data is correct and authentic. PKI is a fast growing, although time consuming, method of securely transmitting data.

Network security became necessary when hackers and other neer-do-wells discovered flaws, or holes, in the various layers of the OSI model that would allow them access to someone else’s machine or network of machines. These people exploited these holes and used them to their advantage. Once these holes were discovered, securing the network became a priority. Each of the seven layers in the OSI model has it’s own weaknesses and this must have it’s own method of security.

In an article in Certification magazine regarding network security, Kevin Song stated “There are a variety of ways to classify security vulnerabilities and attacks. It is worthwhile to briefly examine them by OSI layers. The vast majority of vulnerabilities exhibit themselves as application-layer vulnerabilities, which are the closest to the user application. Telnet and FTP are such examples. These applications send user passwords in such a way that anyone who can sniff the network traffic will get the user’s login and password to gain unauthorized access. On the presentation layer, there are various attacks against data encryption. On the session layer, Remote Procedure Call (RPC) is one of the top computer system vulnerabilities according to SANS. On the transport layer, there are exploitations using SYN flooding and TCP hijacking. Port scanning is common technique used by hackers to identify vulnerable systems. IP spoofing is a very common network-layer attack. Frequent traffic sniffing and wiretapping are common Layer 1 and Layer 2 attacks. Wireless networking has opened new possibilities to hackers. “

As the vulnerabilities were exposed to light, a need for a security counter measure, or fix was required. In most cases, the fix was found rather quickly, but not always employed by the end user. This results in major problems, the worst of which is complete loss of data, whether encrypted or not. Some of these vulnerabilities are shown on the following table, found on CACI’s website (www.caci.com).

Malicious Threats

Category Threat OSI Layer Definition Typical Behaviors Vulnerabilities Prevention Detection Counter measures

Malicious Software Virus Application Malicious software that attaches itself to other software. For example, a patched software application in which the patch’s algorithm is designed to implement the same patch on other applications, thereby replicating. Replicates within computer system, potentially attaching itself to every software application

Behavior categories:

• Innocuous

• Humorous

• Data altering

• Catastrophic All computers

Common categories:

• Boot sector

• Terminate and Stay Resident (TSR)

• Application software

• Stealth (or Chameleon)

• Mutation engine

• Network

• Mainframe Limit connectivity. Limit downloads

Use only authorized media for loading data and software

Enforce mandatory access controls. Viruses generally cannot run unless host application is running Changes in file sizes or date/time stamps

Computer is slow starting or slow running

Unexpected or frequent system failures

Change of system date/time

Low computer memory or increased bad blocks on disks Contain, identify and recover

Anti-virus scanners: look for known viruses

Anti-virus monitors - look for virus-related application behaviors

Attempt to determine source of infection and issue alert

Worm Application

Network Malicious software which is a stand-alone application Often designed to propagate through a network, rather than just a single computer Multitasking computers, especially those employing open network standards Limit connectivity, employ Firewalls

Worms can run even without a host application Computer is slow starting or slow running

Unexpected or frequent system failures Contain, identify and recover

Attempt to determine source of infection and issue alert

Trojan Horse Application A Worm which pretends to be a useful program or a Virus which is purposely attached to a useful program prior to distribution Same as Virus or Worm, but also sometimes used to send information back to or make information available to perpetrator Unlike Worms, which self-propagate, Trojan Horses require user cooperation

Untrained users are vulnerable User cooperation allows Trojan Horses to bypass automated controls

User training is best prevention Same as Virus and Worm

Same as Virus and Worm

Alert must be issued, not only to other system admins, but to all network users

Time Bomb Application A Virus or Worm designed to activate at a certain date/time Same as Virus or Worm, but widespread throughout organization upon trigger date Same as Virus and Worm

Time Bombs are usually found before the trigger date Run associated anti-viral software immediately as available Correlate user problem reports to find patterns indicating possible Time Bomb Contain, identify and recover

Attempt to determine source of infection and issue alert

Logic Bomb Application A Virus or Worm designed to activate under certain conditions Same as Virus or Worm Same as Virus and Worm Same as Virus and Worm Correlate user problem reports indicating possible Logic Bomb Contain, identify and recover

Determine source and issue alert

Rabbit Application

Network A Worm designed to replicate to the point of exhausting computer resources Rabbit consumes all CPU cycles, disk space or network resources, etc. Multitasking computers, especially those on a network Limit connectivity, employ Firewalls Computer is slow starting or running

Frequent system failures Contain, identify and recover

Determine source and issue alert

Bacterium Application A Virus designed to attach itself to the OS in particular (rather than any application in general) and exhaust computer resources, especially CPU cycles Operating System consumes more and more CPU cycles, resulting eventually in noticeable delay in user transactions Older versions of operating systems are more vulnerable than newer versions since hackers have had more time to write Bacterium Limit write privileges and opportunities to OS files

System administrators should work from non-admin accounts whenever possible Changes in OS file sizes, date/time stamps

Computer is slow in running

Unexpected or frequent system failures Anti-virus scanners: look for known viruses

Anti-virus monitors: look for virus-related system behaviors.

Spoofing Spoofing Network Data Link Getting one computer on a network to pretend to have the identity of another computer, usually one with special access privileges, so as to obtain access to the other computers on the network Spoofing computer often doesn’t have access to user-level commands so attempts to use automation-level services, such as email or message handlers, are employed Automation services designed for network interoperability are especially vulnerable, especially those adhering to open standards Limit system privileges of automation services to minimum necessary

Upgrade via security patches as they become available Monitor transaction logs of automation services, scanning for unusual behaviors

If automating this process do so off-line to avoid “tunneling” attacks Disconnect automation services until patched or monitor automation access points, such as network sockets, scanning for next spoof, in attempt to trace back to perpetrator

Masquerade Network Accessing a computer by pretending to have an authorized user identity Masquerading user often employs network or administrator command functions to access even more of the system, e.g., by attempting to download password, routing tables Placing false or modified login prompts on a computer is a common way to obtain user IDs, as are Snooping, Scanning and Scavenging

Limit user access to network or administrator command functions

Implement multiple levels of administrators, with different privileges for each Correlate user identification with shift times or increased frequency of access

Correlate user command logs with administrator command functions Change user password or use standard administrator functions to determine access point, then trace back to perpetrator

Scanning Sequential Scanning Transport

Network Sequentially testing passwords/authentication codes until one is successful Multiple users attempting network or administrator command functions, indicating multiple Masquerades

Since most login prompts have a time-delay built in to foil automated scanning, accessing the encoded password table and testing it off-line is a common technique Enforce organizational password policies.

Make even system administrator access to password files cumbersome Correlate user identification with shift times

Correlate user problem reports relevant to possible Masquerades

Change entire password file or use baiting tactics to trace back to perpetrator

Dictionary Scanning Application Scanning through a dictionary of commonly used passwords/authentication codes until one is successful Multiple users attempting network or administrator command functions, indicating multiple Masquerades

Use of common words and names as passwords or authentication codes (so-called “Joe Accounts”) Enforce organizational password policies Correlate user identification with shift times

Correlate user problem reports relevant to possible Masquerades

Change entire password file or use baiting tactics to trace back to perpetrator

Snooping (Eavesdropping) Digital Snooping Network Electronic monitoring of digital networks to uncover passwords or other data Users or even system administrators found on-line at unusual or off-shift hours

Changes in behavior of network transport layer Example of how COMSEC affects COMPUSEC

Links can be more vulnerable to snooping than nodes Employ data encryption

Limit physical access to network nodes and links Correlate user identification with shift times

Correlate user problem reports. Monitor network performance Change encryption schemes or employ network monitoring tools to attempt trace back to perpetrator

Shoulder Surfing Physical Direct visual observation of monitor displays to obtain access Authorized user found on-line at unusual or off-shift hours, indicating a possible Masquerade

Authorized user attempting administrator command functions “Sticky” notes used to record account and password information

Password entry screens that do not mask typed text

“Loitering” opportunities Limit physical access to computer areas

Require frequent password changes by users Correlate user identification with shift times or increased frequency of access

Correlate user command logs with administrator command functions Change user password or use standard administrator functions to determine access point, then trace back to perpetrator

Scavenging Dumpster Diving All Accessing discarded trash to obtain passwords and other data Multiple users attempting network or administrator command functions, indicating multiple Masquerades

“Sticky” notes used to record account and password information

System administrator printouts of user logs Destroy discarded hardcopy Correlate user identification with shift times

Correlate user problem reports relevant to possible Masquerades

Change entire password file or use baiting tactics to trace back to perpetrator

Browsing Application

Network Usually automated scanning of large quantities of unprotected data (discarded media or on-line “finger”-type commands) to obtain clues as to how to achieve access Authorized user found on-line at unusual or off-shift hours, indicating a possible Masquerade

Authorized user attempting administrator command functions “Finger”-type services provide information to any and all users.

The information is usually assumed safe but can give clues to passwords (e.g., spouse’s name) Destroy discarded media

When on open source networks especially, disable “finger”-type services Correlate user identification with shift times or increased frequency of access

Correlate user command logs with administrator command functions Change user password or use standard administrator functions to determine access point, then trace back to perpetrator

Spamming Spamming Application

Network Overloading a system with incoming message or other traffic to cause system crashes Repeated system crashes, eventually traced to overfull buffer or swap space Open source networks especially vulnerable Require authentication fields in message traffic Monitor disk partitions, network sockets, etc. for overfull conditions Analyze message headers to attempt trace back to perpetrator

Tunneling Tunneling Network Any digital attack that attempts to get “under” a security system by accessing very low-level system functions (e.g., device drivers, OS kernels) Bizarre system behaviors such as unexpected disk accesses, unexplained device failures, halted security software, etc. Tunneling attacks often occur by creating system emergencies to cause system re-loading or initialization Design security and audit capabilities into even the lowest level software, such as device drivers, shared libraries, etc. Changes in date/time stamps for low-level system files or changes in sector/block counts for device drivers Patch or replace compromised drivers to prevent access

Monitor suspected access points to attempt trace back to perpetrator

Unintentional Threats

Category Threat OSI Layer Definition Typical Behaviors Vulnerabilities Prevention Detection Countermeasures

Malfunction Equipment Malfunction All Hardware operates in abnormal, unintended mode Immediate loss of data due to abnormal shutdown

Continuing loss of capability until equipment is repaired Vital peripheral equipment is often more vulnerable than the computers themselves Replication of entire system including all data and recent transactions Hardware diagnostic systems On-site replication of hardware components for quick recovery

Software Malfunction Application Software behavior is in conflict with intended behavior Immediate loss of data due to abnormal end

Repeated system failure when re-fed “faulty” data Software developed using ad hoc rather than defined formal processes Comprehensive testing procedures and software designed for graceful degradation Software diagnostic tools Backup software and robust operating systems facilitate quick recovery

Human Error Trap Door

(Back door) Application System access for developers inadvertently left available after software delivery Unauthorized system access enables viewing, alteration or destruction of data or software Software developed outside defined organizational policies and formal methods Enforce defined development policies

Limit network and physical access Audit trails of system usage, especially user identification logs Close Trap Door or monitor ongoing access to trace back to perpetrator

User / Operator Error All Inadvertent alteration, manipulation or destruction of programs, data files or hardware Incorrect data entered into system or incorrect behavior of system Poor user documentation or training Enforcement of training policies and separation of programmer/operator duties Audit trails of system transactions Backup copies of software and data

On-site replication of hardware

Physical Threats

Category Threat OSI Layer Definition Typical Behaviors Vulnerabilities Prevention Detection Countermeasures

Physical Environment Fire Damage N/A Physical destruction of equipment due to fire or smoke damage Physical destruction of systems and supporting equipment Systems located near potential fire hazards, e.g., fuel storage tanks Off-site system replication, while costly, provides backup capability On-site smoke alarms Halon gas or FM200 fire extinguishers mitigate electrical and water damage

Water Damage N/A Physical destruction of equipment due to water (including sprinkler) damage Physical destruction of systems and supporting equipment Systems located below ground or near sprinkler systems Off-site system replication Water detection devices Computer rooms equipped with emergency drainage capabilities

Power Loss N/A Computers or vital supporting equipment fail due to lack of power Immediate loss of data due to abnormal shutdown, even after power returns

Continuing loss of capability until power returns Sites fed by above-ground power lines are particularly vulnerable

Power loss to computer room air conditioners can also be an issue Dual or separate feeder lines for computers and supporting equipment Power level alert monitors Uninterruptible Power Supplies (UPS)

Full-scale standby power facilities where economically feasible

Civil Disorder/Vandalism N/A Physical destruction during operations other than war Physical destruction of systems and supporting equipment Sites located in some overseas environments, especially urban environments Low profile facilities (no overt disclosure of high-value nature of site) Physical intrusion detection devices Physical access restrictions and riot contingency policies

Battle Damage N/A Physical destruction during military action Physical destruction of systems and supporting equipment Site located in-theater Off-site system replication

OPSEC and low profile to prevent hostile targeting Network monitoring systems Hardened sites

Based on just the information contained in the CACI table, it’s obvious that Network Security is mandatory requirement for all networks. As information accessibility grows, so will the need to protect it. By protecting your network from the onset, you can help prevent the problems caused by those who want unauthorized access to your network.

References

http://www.certmag.com/articles/templates/cmag_feature.asp?articleid=580&zoneid=9

http://www.caci.com/business/ia/threats.html

http://www.medword.com/MedwordStore/CSoft/encryption_white_paper.html

http://www.iam.unibe.ch/~mseeberg/key/theory.html

http://www.windowsitpro.com/Article/ArticleID/46871/46871.html?Ad=1

http://www.windowsitpro.com/Article/ArticleID/46871/46871.html?Ad=1

http://www.windowsitpro.com/Article/ArticleID/8843/8843.html

http://www.windowsecurity.com/pages/article_p.asp?id=1142

http://www.windowsitpro.com/Article/ArticleID/15314/15314.html



Get Better Grades Today

Join Essays24.com and get instant access to over 60,000+ Papers and Essays

closeLogin
Please enter your username and password
Username:
Password:
Forgot your password?