Network Security
Essay by 24 • October 1, 2010 • 2,626 Words (11 Pages) • 1,757 Views
NTC 360 - Network and Telecommunications Concepts
July 31, 2005
Network Security
In today's world, with so many ways to gain unauthorized access to someone's computer system, network security is very important. Almost every company has been a victim of a virus attack, hackers, or some other form of unauthorized access to their network. In this paper, I will discuss various methods that those who want this access use and ways they can be prevented.
Many people feel that because they use passwords their files are secure and can't be hacked. They unknowingly leave their networks open to attack without protection thinking everything is fine. Hackers can easily get into password protected files once they have access to a computer system. One way to prevent this is to use a firewall. A firewall prevents unauthorized users from gaining access to a system by restricting access to the entire system, not just the files on the system. Firewalls prevent access to data by using symmetric or asymmetric encryption.
Symmetric encryption uses the same password to decrypt the data that it does to encrypt the data. This method allows users to be able to share the same password to gain access to the data and make any needed changes. Asymmetric encryption is different in that there are different passwords used to encrypt the data and decrypt the data. Asymmetric is considered a little more secure as passwords don't have to be shared in order to allow someone access to the data. Each individual has his or her own password to access it. Asymmetric encryption uses public/private keys to encrypt/decrypt data.
Public keys use the same encryption data to access the data that the data was encrypted with. Private, or secret, keys allow the originator of the data to encrypt it and not have to share his password with anyone. They can use their own private key to unlock the data.
Digital certificates are certificates that are guaranteed to be authentic by a Certificate Authority. The certificate authority digitally 'signs' the data stating that it is authentic. An alternative to this is Public Key Infrastructure, or PKI. PKI uses private keys to certify the data is correct and authentic. PKI is a fast growing, although time consuming, method of securely transmitting data.
Network security became necessary when hackers and other neer-do-wells discovered flaws, or holes, in the various layers of the OSI model that would allow them access to someone else's machine or network of machines. These people exploited these holes and used them to their advantage. Once these holes were discovered, securing the network became a priority. Each of the seven layers in the OSI model has it's own weaknesses and this must have it's own method of security.
In an article in Certification magazine regarding network security, Kevin Song stated "There are a variety of ways to classify security vulnerabilities and attacks. It is worthwhile to briefly examine them by OSI layers. The vast majority of vulnerabilities exhibit themselves as application-layer vulnerabilities, which are the closest to the user application. Telnet and FTP are such examples. These applications send user passwords in such a way that anyone who can sniff the network traffic will get the user's login and password to gain unauthorized access. On the presentation layer, there are various attacks against data encryption. On the session layer, Remote Procedure Call (RPC) is one of the top computer system vulnerabilities according to SANS. On the transport layer, there are exploitations using SYN flooding and TCP hijacking. Port scanning is common technique used by hackers to identify vulnerable systems. IP spoofing is a very common network-layer attack. Frequent traffic sniffing and wiretapping are common Layer 1 and Layer 2 attacks. Wireless networking has opened new possibilities to hackers. "
As the vulnerabilities were exposed to light, a need for a security counter measure, or fix was required. In most cases, the fix was found rather quickly, but not always employed by the end user. This results in major problems, the worst of which is complete loss of data, whether encrypted or not. Some of these vulnerabilities are shown on the following table, found on CACI's website (www.caci.com).
Malicious Threats
Category Threat OSI Layer Definition Typical Behaviors Vulnerabilities Prevention Detection Counter measures
Malicious Software Virus Application Malicious software that attaches itself to other software. For example, a patched software application in which the patch's algorithm is designed to implement the same patch on other applications, thereby replicating. Replicates within computer system, potentially attaching itself to every software application
Behavior categories:
* Innocuous
* Humorous
* Data altering
* Catastrophic All computers
Common categories:
* Boot sector
* Terminate and Stay Resident (TSR)
* Application software
* Stealth (or Chameleon)
* Mutation engine
* Network
* Mainframe Limit connectivity. Limit downloads
Use only authorized media for loading data and software
Enforce mandatory access controls. Viruses generally cannot run unless host application is running Changes in file sizes or date/time stamps
Computer is slow starting or slow running
Unexpected or frequent system failures
Change of system date/time
Low computer memory or increased bad blocks on disks Contain, identify and recover
Anti-virus scanners: look for known viruses
Anti-virus monitors - look for virus-related application behaviors
Attempt to determine source of infection
...
...