Network Security

NTC 360 - Network and Telecommunications Concepts

July 31, 2005

Network Security

In today's world, with so many ways to gain unauthorized access to someone's computer system, network security is very important. Almost every company has been a victim of a virus attack, hackers, or some other form of unauthorized access to their network. In this paper, I will discuss various methods that those who want this access use and ways they can be prevented.

Many people feel that because they use passwords their files are secure and can't be hacked. They unknowingly leave their networks open to attack without protection thinking everything is fine. Hackers can easily get into password protected files once they have access to a computer system. One way to prevent this is to use a firewall. A firewall prevents unauthorized users from gaining access to a system by restricting access to the entire system, not just the files on the system. Firewalls prevent access to data by using symmetric or asymmetric encryption.

Symmetric encryption uses the same password to decrypt the data that it does to encrypt the data. This method allows users to be able to share the same password to gain access to the data and make any needed changes. Asymmetric encryption is different in that there are different passwords used to encrypt the data and decrypt the data. Asymmetric is considered a little more secure as passwords don't have to be shared in order to allow someone access to the data. Each individual has his or her own password to access it. Asymmetric encryption uses public/private keys to encrypt/decrypt data.

Public keys use the same encryption data to access the data that the data was encrypted with. Private, or secret, keys allow the originator of the data to encrypt it and not have to share his password with anyone. They can use their own private key to unlock the data.

Digital certificates are certificates that are guaranteed to be authentic by a Certificate Authority. The certificate authority digitally 'signs' the data stating that it is authentic. An alternative to this is Public Key Infrastructure, or PKI. PKI uses private keys to certify the data is correct and authentic. PKI is a fast growing, although time consuming, method of securely transmitting data.

Network security became necessary when hackers and other neer-do-wells discovered flaws, or holes, in the various layers of the OSI model that would allow them access to someone else's machine or network of machines. These people exploited these holes and used them to their advantage. Once these holes were discovered, securing the network became a priority. Each of the seven layers in the OSI model has it's own weaknesses and this must have it's own method of security.

In an article in Certification magazine regarding network security, Kevin Song stated "There are a variety of ways to classify security vulnerabilities and attacks. It is worthwhile to briefly examine them by OSI layers. The vast majority of vulnerabilities exhibit themselves as application-layer vulnerabilities, which are the closest to the user application. Telnet and FTP are such examples. These applications send user passwords in such a way that anyone who can sniff the network traffic will get the user's login and password to gain unauthorized access. On the presentation layer, there are various attacks against data encryption. On the session layer, Remote Procedure Call (RPC) is one of the top computer system vulnerabilities according to SANS. On the transport layer, there are exploitations using SYN flooding and TCP hijacking. Port scanning is common technique used by hackers to identify vulnerable systems. IP spoofing is a very common network-layer attack. Frequent traffic sniffing and wiretapping are common Layer 1 and Layer 2 attacks. Wireless networking has opened new possibilities to hackers. "

As the vulnerabilities were exposed to light, a need for a security counter measure, or fix was required. In most cases, the fix was found rather quickly, but not always employed by the end user. This results in major problems, the worst of which is complete loss of data, whether encrypted or not. Some of these vulnerabilities are shown on the following table, found on CACI's website (www.caci.com).

Malicious Threats

Category Threat OSI Layer Definition Typical Behaviors Vulnerabilities Prevention Detection Counter measures

Malicious Software Virus Application Malicious software that attaches itself to other software. For example, a patched software application in which the patch's algorithm is designed to implement the same patch on other applications, thereby replicating. Replicates within computer system, potentially attaching itself to every software application

Behavior categories:

* Innocuous

* Humorous

* Data altering

* Catastrophic All computers

Common categories:

* Boot sector

* Terminate and Stay Resident (TSR)

* Application software

* Stealth (or Chameleon)

* Mutation engine

* Network

* Mainframe Limit connectivity. Limit downloads

Use only authorized media for loading data and software

Enforce mandatory access controls. Viruses generally cannot run unless host application is running Changes in file sizes or date/time stamps

Computer is slow starting or slow running

Unexpected or frequent system failures

Change of system date/time

Low computer memory or increased bad blocks on disks Contain, identify and recover

Anti-virus scanners: look for known viruses

Anti-virus monitors - look for virus-related application behaviors

Attempt to determine source of infection