Network SecurityEssay Preview: Network SecurityReport this essayNTC 360 – Network and Telecommunications ConceptsJuly 31, 2005Network SecurityIn todays world, with so many ways to gain unauthorized access to someones computer system, network security is very important. Almost every company has been a victim of a virus attack, hackers, or some other form of unauthorized access to their network. In this paper, I will discuss various methods that those who want this access use and ways they can be prevented.
Many people feel that because they use passwords their files are secure and cant be hacked. They unknowingly leave their networks open to attack without protection thinking everything is fine. Hackers can easily get into password protected files once they have access to a computer system. One way to prevent this is to use a firewall. A firewall prevents unauthorized users from gaining access to a system by restricting access to the entire system, not just the files on the system. Firewalls prevent access to data by using symmetric or asymmetric encryption.
Symmetric encryption uses the same password to decrypt the data that it does to encrypt the data. This method allows users to be able to share the same password to gain access to the data and make any needed changes. Asymmetric encryption is different in that there are different passwords used to encrypt the data and decrypt the data. Asymmetric is considered a little more secure as passwords dont have to be shared in order to allow someone access to the data. Each individual has his or her own password to access it. Asymmetric encryption uses public/private keys to encrypt/decrypt data.
Public keys use the same encryption data to access the data that the data was encrypted with. Private, or secret, keys allow the originator of the data to encrypt it and not have to share his password with anyone. They can use their own private key to unlock the data.
Digital certificates are certificates that are guaranteed to be authentic by a Certificate Authority. The certificate authority digitally signs the data stating that it is authentic. An alternative to this is Public Key Infrastructure, or PKI. PKI uses private keys to certify the data is correct and authentic. PKI is a fast growing, although time consuming, method of securely transmitting data.
Network security became necessary when hackers and other neer-do-wells discovered flaws, or holes, in the various layers of the OSI model that would allow them access to someone elses machine or network of machines. These people exploited these holes and used them to their advantage. Once these holes were discovered, securing the network became a priority. Each of the seven layers in the OSI model has its own weaknesses and this must have its own method of security.
In an article in Certification magazine regarding network security, Kevin Song stated “There are a variety of ways to classify security vulnerabilities and attacks. It is worthwhile to briefly examine them by OSI layers. The vast majority of vulnerabilities exhibit themselves as application-layer vulnerabilities, which are the closest to the user application. Telnet and FTP are such examples. These applications send user passwords in such a way that anyone who can sniff the network traffic will get the users login and password to gain unauthorized access. On the presentation layer, there are various attacks against data encryption. On the session layer, Remote Procedure Call (RPC) is one of the top computer system vulnerabilities according to SANS. On the transport layer, there are exploitations using SYN flooding and TCP hijacking. Port scanning is common technique used by hackers to identify vulnerable systems. IP spoofing is a very common network-layer attack. Frequent traffic sniffing and wiretapping are common Layer 1 and Layer 2 attacks. Wireless networking has opened new possibilities to hackers. ”
As the vulnerabilities were exposed to light, a need for a security counter measure, or fix was required. In most cases, the fix was found rather quickly, but not always employed by the end user. This results in major problems, the worst of which is complete loss of data, whether encrypted or not. Some of these vulnerabilities are shown on the following table, found on CACIs website (www.caci.com).
Malicious ThreatsCategoryThreatOSI LayerDefinitionTypical BehaviorsVulnerabilitiesPreventionDetectionCounter measuresMalicious SoftwareVirusApplicationMalicious software that attaches itself to other software. For example, a patched software application in which the patchs algorithm is designed to implement the same patch on other applications, thereby replicating.
Replicates within computer system, potentially attaching itself to every software applicationBehavior categories:InnocuousHumorousData alteringCatastrophicAll computersCommon categories:Boot sectorTerminate and Stay Resident (TSR)Application softwareStealth (or Chameleon)Mutation engineNetworkMainframeLimit connectivity. Limit downloadsUse only authorized media for loading data and softwareEnforce mandatory access controls. Viruses generally cannot run unless host application is runningChanges in file sizes or date/time stampsComputer is slow starting or slow runningUnexpected or frequent system failuresChange of system date/timeLow computer memory or increased bad blocks on disksContain, identify and recoverAnti-virus scanners: look for known virusesAnti-virus monitors – look for virus-related application behaviorsAttempt to determine source of infection
Bits in disk in system memory are generally less than 1% of the file space’s full size, as opposed to some file systems (<5% is safe for files to scan)
Replicates within computer system, potentially attaching itself to every software applicationBehavior categories:InnocuousHumorousData changingCatastrophicAll computersCommon categories:Boot sectorTerminate and Stay Resident (TSR)Application softwareStealth (or Chameleon)Mutation engineNetworkMainframeLimit connectivity. Limit downloads Use only authorized media for loading data and softwareEnforce mandatory access controls. Viruses generally cannot run unless host application is runningChanges in file sizes or date/time stampsComputer is slow starting or slow runningUnexpected and frequent system failuresChange of system date/timeLow computer memory or increased bad blocks on disksContain, identify and recoverAnti-virus scanners: look for known virusesAnti-virus monitors — look for virus-related application behaviorsAttempt to determine source of infection
Bits in disk in system memory are generally less than 1% of the file space’s full size, as opposed to some file systems (<5% is safe for files to scan)
Replicates within computer system, potentially attaching herself to every software applicationBehavior categories:InnocuousHumorousData changingCatastrophicAll computersCommon categories:Boot sectorTerminate and Stay Resident (TSR)Application softwareStealth (or Chameleon)Mutation engineNetworkMainframeLimit connectivity. Limit downloads Use only authorized media for loading data and softwareEnforce mandatory access controls. Viruses generally cannot run unless host application is runningChanges in file sizes or date/time stampsComputer is slow starting or slow runningUnexpected and frequent system failuresChange of system date/timeLow computer memory or increased bad blocks on disksContain, identify and recoverAnti-virus scanners: look for known virusesAnti-virus monitors ― look for virus-related application behaviorsAttempt to determine source of infection
Bits in disk in system memory are generally less than 1% of the file space’s full size, as opposed to some file systems (<5% is safe for files to scan)
Replicates within computer system, potentially attaching herself to every software applicationBehavior categories:InnocuousHumorousData changingCatastrophicAll computersCommon categories:Boot sectorTerminate and Stay Resident (TSR)Application softwareStealth (or Chameleon)Mutation engineNetworkMainframeLimit connectivity. Limit downloads Use only authorized media for loading data and softwareEnforce mandatory access controls. Viruses generally cannot run unless host application is runningChanges in file sizes or date/time stampsComputer is slow starting or slow runningUnexpected and frequent system failuresChange of system date/timeLow computer memory or increased bad blocks on disksContain, identify and recoverAnti-virus scanners: look for known virusesAnti-virus monitors ‖ look for virus-related application behaviorsAttempt to determine source of infection
Bits in disk in system memory are generally less than 1% of the file space’s full size, as opposed to some file systems (<5% is safe for files to scan)
Replicates within computer system, potentially attaching herself to every software applicationBehavior categories:InnocuousHumorousData changingCatastrophicAll computersCommon categories:Boot sectorTerminate and Stay Resident (