Introduction to Network Security - Research Paper Example

?RUNNING HEAD: NETWORK SECURITY Network Security Threats and Vulnerabilities of a network Type here 2/28 Contents RUNNING HEAD: NETWORK SECURITY 1 Threats and Vulnerabilities of a network 1 Type your name here 1 2/28/2011 1 Contents 2 Abstract 4 Problem Statement 4 Research and Analysis 5 Introduction to Network Security 5 Why Network Security? 5 Threats and Vulnerabilities to a network 6 Threats to a network 6 Types of Vulnerabilities 9 Network Security Policy 10 Firewall 11 Internet Protocol Security 11 References 13 Abstract Networks from the time of their birth have come a long way. Initially, they were only used in large firms and businesses. However, as technology evolved, the networks also became a part of everyday life. With the accessibility of networks, the security problems have also increased. Networks are increasingly becoming vulnerable to the threats present in the environment. The paper has researched on the threats that are posed on the network as well as the vulnerabilities that increase the security risks for the network. The final part of the paper also discusses the tools that help in implementing security policies as well as the formulation of security policy. Problem Statement Numerous hackers search for and exploit vulnerabilities of a system or a network on a day-to-day basis. Moreover, the tools that help in penetrating and exploiting networks and systems are becoming increasingly accessible and they are so simple to use that they require very little technical knowledge. The threats become even more real when the network connects to other networks, however, threats usually originate from the internal network more often. Research indicates that the 70% of threats usually originate from inside the corporate environment. Hence, any person in charge of networks needs to take a close look at the threats and vulnerabilities of a network. The paper has tried to analyze the threats and vulnerabilities of a network in depth and also analyzed the tools available for implementing the security policies. Research and Analysis Introduction to Network Security We can define Network Security as the combination of regulations and policies that have been formulated by the network administrator. These rules and regulations are in place to monitor and control unauthorized access, misuse, modification, or denial of the network and its resources (Simmonds, Sandilands, & van Ekert, 2004). The first phase of network security begins from user authentication, the most common form of which is a username and password. We can also call this as one factor authentication because we are using just one thing besides the username, which is the password that we already know. Similarly, another form of authentication is two-factor authentication that requires something like a security token, ATM card, etc. The next phase after authentication is a firewall that enforces access policies, for example allowing read/write capabilities to various documents available over the network (A role-based trusted network provides pervasive security and compliance, 2008). Firewalls have the ability of filtering unauthorized access, however, they sometimes fail to check for harmful content that might have entered into the network such as computer worms, Trojans, etc. We have anti-virus software or intrusion prevention systems that help detect and prevent the movement of such malware. Why Network Security? As networks have expanded with time, so have their security issues. The following are the three main reasons why any organization would invest into securing their network: Confidentiality Breach – Every firm would want their confidential information to be held confidential from the eyes of the competitors. Moreover, in an environment where everything has been transformed and saved in the electronic form, a secure network becomes even more important for a firm. Destruction of Data – Data is the most important asset for any organization as well as individuals. Data is processed to be converted into information and the important of data is evident from the investment into creating and maintaining backups. Destruction of data can make an organization non-functional. Treatment of Data – An authorized access to the system and resulting changes are mostly easy to find out as in most cases, the hackers leave something to acknowledge their access. However, manipulation on the data is more difficult to find out. Changing values of the data could lead to drastic outcomes especially when financial information is in question (Sundaram, 2010). Threats and Vulnerabilities to a network Both threats and vulnerabilities of a network are detrimental for the network itself, but they are different from each other. Therefore, we have divided the threats faced by a network from the vulnerabilities. We are discussing both of them separately. Threats to a network Following are the most common and basic types of network threats or attacks: Probes and Scans – A Probe is an extraordinary attempt to gain unauthorized access to a system or finding out information about it. An example of a probe would log into system through an unused account. We can relate probing to the testing of different doorknobs till the trespasser finds an unlocked door and enters easily. A scan is an example of performing multiple probes using some tool. The most common form of scan is a ‘port scan.’ A port scan sends messages to listening ports on a remote computer to form a connection. Account Compromise – An account compromise is also another network threat in which the intruder discovers the username and password to one of the accounts on the system. It give unauthorized access to resources and files that are unavailable to the user. Consequences of account compromise could be loss of valuable data, theft of data or resources. One method of limiting account compromise could be to assign a certain set of rights and privileges to a certain set of users and giving administrative rights to certain users only. The most serious forms of account compromise results from a root compromise well known to UNIX systems. The administrative account of a UNIX system is known as a ‘root’ account and hence, if any intruder gains root level access to a UNIX system, it means he would be able to do just about anything with the system and even be able to hide his own footsteps. Packet Sniffers – Another threat to a network system is through packet sniffing programs that catch the data from the data packets as they travel in the network. These packets of information can include usernames, passwords, and other secret proprietary information important for a firm. One solution to this problem is to have encrypted data packets so that even if they are sniffed and caught, decrypting would not be possible in most case. Denial of Service Attack – A denial of service attack occurs when the attacker prevents authorized users from accessing and using a service. The most common method of implementing a denial of service attack is by flooding the network with messages or service requests resulting a network jam. The main purpose of a denial of service attack is not to gain access, it is to send too much information to the network so that it becomes flooded and is unable to handle any requests at all. Malicious Code – This form of threat comprises of programs that when run could have undesired consequence. Another aspect is that the users have no idea about the functioning of the program until the damages start becoming evident. Malicious code includes Trojans, worms, viruses, etc. The most common method of inflicting systems with Trojan horses and viruses is by bundling them with legitimate programs that the system users normally use. Viruses and worms are similar in nature, meaning they spread into the system very fast. However, viruses require some action by the user for spreading whereas worms, once triggered spread all over the network and to other systems. Malicious code could result in serious data lost, downtimes, and it could also trigger a denial of service attack besides triggering many other problems. Spoofing – Different systems on a network communicate with each other on the basis of trust relationships. An example of such a relationship is before running an operation, a computer would check a certain set of files to see if the other systems on the network have been allowed to use those privileges. (Infopeople Project, 2011). Types of Vulnerabilities Networks become vulnerable to all sorts of attacks if they are not secure from all sides. As the technology expands and grows everyday; we see different vulnerabilities arising. We are highlighting the most common ones below: Installation of Software with Default settings – Installing software with default setting means using the settings built in by the programmers. This leaves the system vulnerable to attacks. In order to remove these vulnerabilities, server administrators should: Disable guest accounts Rename the administrator account Set a password to the administrator account immediately. Improper usage of Authentication – Authenticating an account means a user is required to go through an authentication method to gain access to a system. It could depend on a password that the user knows, a card that the user possesses, or using some biometric information of the person. Authentication scheme using the password is the most common method and it is a secure method if created properly. However, the system becomes vulnerable in spite of password based authentication if the passwords are weak or not thought properly, for example keeping one’s basic personal information as a password would make it extremely vulnerable to theft. Not applying patches – Not applying patches or fixes for security issues known to the network are necessary. With the incrementing complexity of codes it is becoming difficult for network administrators to write patches, however, it is extremely necessary that they do. Open Ports and Execution of services – Ports serve as labels through which we can identify services that are running on a system. Moreover, ports also have identification numbers that are passed in every TCP or UDP packet. Services running on a system are alert to look for packets arriving on the network with matching port numbers. Therefore, open ports could give out a lot of information about the servers. Besides, the more the ports of a server are open, the more chances there are to connect to that server. Analysis of incoming packets – We can define a packet as the smallest unit of information sent over the network. All types of information is broken into packets to be transmitted over the network. Analysis of packets allows filtering out spoofed packets, or packets with the intention of using wrong port for a service. Moreover, it can also help in tackling a denial of service attack. However, analysis of packets is not commonly carried out unless the network carries sensitive data. Maintenance of Data backup – One vulnerability of the network is the downtime of the server or other network devices and their impact. The entity using the network need to maintain backups continuously in a timely fashion suitable for the network otherwise it would become impossible for the network to recover from a security breach or other disasters. Backup should be secure, and properly maintained so that it usable in time of need. (Infopeople Project, 2011). Network Security Policy Network Security Policy means the rules and regulations that define the network access. It also determines how the policies are enforced and forms the basic architecture of the network security environment. The network security policy consists of several pages that have been formulated by a committee. The purpose of a security policy is not just to filter potential attacks. The document should define data access policies, web browsing habits, passwords and encryption, sending email attachments, etc. A security policy should keep the attackers out of the range and also monitor and control risky users within the organization. The first steps in the creation of a security policy is determining the information and services available and the potential risk involved and the sort of protection in place to prevent any problems. Firewall The firewall is an important attribute helps in implementing the network security policy. A firewall filters out unauthorized access while it allows authorized communication between devices over the network. Firewall is a tool that can be configured for allowing or denying certain transmissions and communication in the network depending on a defined security policy. A Firewall could be a software or a hardware and it could also be a combination of both. The most common usage of firewall is to prevent unauthorized users from accessing private networks that are connected to the internet and intranets. All messages going in and out of the network have to pass through the firewall that monitors every message. Several types of firewalls exist, such as: packet filter, application gateway, circuit-level gateway, proxy server. All or one of these firewalls are implemented depending on the defined security policy (Cheswick et al., 2003). Internet Protocol Security Internet Protocol Security (IPsec) is also one scheme through which network administrators ensure network security and implement network security policy. It is a protocol suite that secures IP (Internet Protocol) communication by validating and encrypting each data packet that is transferred during a communication session. IPSec also consists of rules that establish mutual authentication between communicating devices at the start of the session through communicating cryptographic keys to ensure that only the desired systems can communicate keeping intruders out of the conversation. IPsec ensures end-to-end security on the internet layer of the IP Suite. We can use it to ensure the safety of data between a pair of host in case of host-to-host communication as well as pair of security gateways in case of network-to-network and between a security gateway and a host. Similar common security schemes that are very common are Secure Socket Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH) that operate on the upper layer of the TCP/IP model. The use of IPsec is again dependent on the level of protection required by the network and the policy that has been laid out (Kent, & Atkinson, 1998). Conclusion Network Security is a very important issue not only with respect to functionality but also strategically. Therefore, it is a good idea to take care of security issues proactively rather than on ad hoc basic. Treating network security as a strategic issue would allow the firm to reduce the vulnerabilities of the network at every level while minimizing the risk of attacks on the network. Implementing security on multiple layers would help ensure data protection, reliability, as well as overall network authenticity. The network security policy determines the layers on which the security schemes should be implemented based on the requirements and use of the network mentioned in the policy. Hence, a firm or any network environment should analyze it usage and needs before formulating a security policy and implementing security tools and schemes on multiple layers to ensure maximum security of the network. References Simmonds, A; Sandilands, P; van Ekert, L (2004). "An Ontology for Network Security Attacks". Lecture Notes in Computer Science 3285: 317–323. A Role-Based Trusted Network Provides Pervasive Security and Compliance - interview with Jayshree Ullal, senior VP of Cisco. Retrieved on February 24, 2011 from Sundaram, Karishma (2010). Why is Network Security Important? Retrieved on February 26, 2011 from Cheswick, William R., Steven M. Bellovin, Aviel D. Rubin (2003). Firewalls and Internet security: repelling the wily hacker. Retrieved on February 28, 2011 from Kent, S., Atkinson, R. (1998). IP Encapsulating Security Payload (ESP). Retrieved on February 28, 2011 from Infopeople Project (2011). Library Computer and Network Security: Library Security Principles - Security Threats and Vulnerabilities. Retrieved on February 28, 2011 from Read More