Network Security The Past, Present, and Future - Research Paper Example

Title: Network Security – The Past, Present, and Future. 1. Introduction to Network Security Network can be termed as a number of computers connected together to share information and resources with each other. When the concept of sharing and accessing information from another system comes in, then a challenge arises. This challenge is to keep the information safe from unauthorized access and to limit the boundaries of access on one’s system to whichever level desired for others. The aim of ceasing any undesired intrusion in one’s system is encapsulated by one of the most vital areas of computer sciences- Network Security. Farlex Inc. (2009) explains that it can be defined as the process of authorizing access to information to validated users. There exists different types of networks; similarly there exist different needs of security measures on every network in accordance with the traffic on that network and the degree of protection required for the data. With the emergence of internet, wireless technology and mobile computing etc, millions of people connect with each other every day. Some of these users are harmless while the others pose threat to others because of their data theft and intrusion activities. These intruders are the reason why network security has gained such a prominent name in our modern age. The companies who realize the need of authentic and up-to-date data tend to be more successful. A company might possess different kinds of data including marketing plans, customer information, revenue reports etc. The loss of data causes different problems for the business, for e.g. unauthorized use or loss of customer information will cause the customer to mistrust the company and might discontinue its business with the respective company. Marketing plans and revenue reports can serve to be very useful information for competitors in the market therefore companies are well-aware of the network security now. Nowadays, companies invest an enormous amount of their resources to implement efficient and reliable network security measures to maintain the validity and integrity of their data. Fig.1 : © 1998-2003 by Carnegie Mellon University as stated by Leidigh (2005) The figure above shows the increase in system intrusion activities over the years. 1.1 Network Security- The Past Considering the internet network in its beginning; the security measures deployed were very minimal and low in quality. This is because the incidents of hacking and viruses were unforeseen. After some time, the dark side of the usage of networks became evident and network security started becoming one of the most important areas. Mallard (2009) states that it was the time when malicious users began accessing unauthorized information and modifying it, causing great loss for companies and viruses starting spreading through weak networks. These kinds of malicious users started posing serious threats to companies and caused a hindrance in their smooth work flow. The awareness of network security began to spread and many developments and research began in this field. 1.2 Network Security Risks Just as the researchers have become more competent in deploying security measures, the malicious users have also become more technology savvy and continue developing newer techniques to cause harm to systems on a network. Therefore, the researchers have to deploy extreme security measures to withstand these threats. Network administrators around the world face a daunting job of dealing with network security risks everyday. 1.2.1 Easvesdropping Stanford University School of Earth Sciences (2004) states that a very common security risk that prevails in the modern age is of eavesdropping. Eavesdropping has emerged due to the weakness found in networks, which is usually observed for small scale networking at someone’s house or a small organization. The weakness of the network leads the information to such a path that it is broadcasted to everyone. In a normal network this would not happen, as the computer who was meant to process the data would only receive it. Hackers- people involved in unauthorized access in someone’s computer or computer data theft activities and go against the measures deployed for network security; tend to run programs that are commonly known as ‘sniffers’. These sniffers absorb all the information which is broadcasted on the network. This data can be used by the hackers for many unlawful acts like reproduce people’s log-in information and do whatever they desire with their email accounts, bank accounts etc. Sniffers are difficult to detect and can be deployed anywhere on the internet making the network unsecure. 1.2.2 Sequence Numbers Attack Morris (1985) described a security risk, which is that the hackers gain access to an unauthorized area on the network. It involves guessing the sequence numbers on the basis of which TCP will initiate the connection with the target host. The process will involve the hacker to request for connection by predicting which sequence numbers would be used by TCP for a new connection. The 3-way handshake is completed on the basis of this guessed number, allowing the hacker to perform functions on the target host. The method of port scanning might also be used to gain as much information as possible about the target host. 1.2.3 Denial of Service Jawahar (2004) states that another type of network security risk that exists is denial of service (DoS). This kind of attack is framed to limit the users traffic of a target computer system by making one or more nodes go offline. A node might go offline due to any crashing attempts or overloading it with unnecessary continuous traffic. There exists another form of DoS which is Distributed Denial of Service (DDoS). DDoS is an attack which is performed from many different locations and systems. Cybertelecom Federal Internet Law & Policy An Educational Project (2009) states that in DDoS, an attacker might take control of one’s PC and make use of it to send large amount of data to overload it or send large amount of spam to some email addresses (which shall be discussed later). This threat is called ‘distributed’ because different locations are being used to jam further traffic and hence produce denial of service attack. Similar overloading can occur within email inboxes and cease the receiving of any further messages. Every email account has a set quota of storage provided, if an attacker sends a large amount of spam emails on an email address, it will cause the memory to fill up and deny any receiving of any new messages (even if valid messages). It is very difficult to mitigate such attacks as the difference between a valid packet or one used for DoS is not very obvious. A company might face great losses due to this attack. Jawahar (2004) states a real life example explaining the incident of DoS within a big organiztion. An organization launched a new software product but didn’t receive as much traffic as they had expected. They analyzed and investigated the situation and found to their surprise that they could not access the website themselves which meant that they had been attacked with DoS. Later, they found that some spammers had taken control of around 100 computers and utilized them to become zombies and overload that organization’s website. The company faced a great loss during this attack and caused a certain degree of mistrust among the users of that company. To refrain from such attacks, websites tend to put an image at every data entry page. This image will have some characters written on it. These characters are required to be reproduced in order to move any further from that initial spot. A zombie computer will never be able to decipher or understand the characters in the image, thereby reducing chances of DoS. There are several ways in which a service can be denied, some of them are: SYN Flood: Jawahar (2004) states that in this technique, the attacker sends a SYN request to the host. When the target replies to the SYN message and sends SYN ACK, the attacker does not reply with ACK to complete the 3-way handshake for a successful connection. On the contrary, the attacker sends another SYN message. This causes the target to be jammed with requests and memory buffer also fills up. Due to this it ceases to give anymore connections and denies service to the legitimate users. Spoofing: Jawahar (2004) states that spoofing is a technique in which an attacker makes use of a fake IP address. This technique can be used to reroute users to any desired network node or to pretend to be a legitimate node to a server to get unauthorized access. 1.2.4 Password attacks Techfaq.com (2009) states that these kinds of attacks occur when the hacker’s efforts are aimed at guessing the passwords for a particular destination until he succeeds at determining the password. The fact that the entire security is dependant on the password and ID of the user is considered to be a weakness. In the older applications, it is noticed that they didn’t encrypt the ID and passwords when they were sent over the network to the server for verification. This created a loophole and an opportunity for the sniffers to gain this information. The system is at additional risks if the ID and password that have been retrieved by the hacker, belong to an administrator of the system. Since administrator has extra authorizations with which he can modify the system more than a simple user. Two ways have been observed to perform password based attacks; Online cracking: In this approach, the network message flow is sniffed to extract the relevant information regarding the ID and password of the required user. Nowadays, special sniffing tools are available to retrieve passwords from the traffic. Offline cracking: The attacker might take control of a system with the aim of retrieving access to password based information. Later, a password cracker technology might also be used to decipher valid information. 2. Technologies involved in this area  Due to the appalling security risks prevailing in the networking environment, there has been much development in the field of inventing more efficient and reliable security technologies. Some of the most successful technologies are listed below: 2.1 Firewalls SearchSecurity.com, (2009) states that a firewall can be termed as a set of related programs that serve to protect the data and resources of a network from any external access from other networks. Let’s take an example of an organization and its network to explain firewalls. The organization allows it users to access the World Wide Web and connect with the systems within the intranet. Since the users are allowed to access the internet, it is vital to install a firewall that will restrict any outsiders to access the organizational internal data and resources. Firewall can also serve to control what the organization’s employees will be allowed to access for e.g. some organizations forbid downloading any songs from the internet or even restrict social networking websites so that they are not distracted from their work. The basic mechanism of a firewall is that it has to examine every network packet that flows in the network to determine whether it should be forwarded towards its destination. Firewalls are also said to work with a proxy server which takes care of network requests from the workstation’s users. Every request has to go through the computer system on which the firewall is installed so that no request can reach directly at private network resources. It is a good practice to screen requests to ensure that they are coming from authentic domain name and IP addresses. 2.2 Intrusion Detection Systems Tony Bradley (2009) explains that another technology to ensure the security of the network is to make use of intrusion detection systems. It monitors all the traffic and messages so that there is no malicious activity possible on the network. It examines the network traffic and informs the network administrator incase something inappropriate takes place. In such cases, the intrusion detection system (IDS) may block the user or source IP from which this activity has been observed. There are two kinds of IDS- network based intrusion detection systems (NIDS) and host based intrusion detection systems. NIDS NIDS should be put at one or more places on the network so that they are able to monitor all the traffic generating on the network. HIDS These kind of systems are made to execute on specific hosts or devices on the network. They are used to examine the incoming and outgoing packets from the device and will inform the administrator incase of any unauthorized activity. 2.3 Routers Wikimedia Inc (2009) states that it is a device which is used to connect several computer systems with each other and connect to the internet at the same time, either by wires or wireless technology. This enables the users to connect with each other’s computers and have internet access at the same time. A router may be located at any point where one network connects with the other one- also known as gateway. A router is usually included to be a part of a network switch. The router technology is able to create a table stating all the possible destinations that can be reached along with their distance and cost. This helps in analyzing the most economical route that should be adapted for a specific destination to minimize the duration and cost of the packet. The path that may be adapted by a packet many include many intermediary points after which it will eventually reach its destination. Routing is related to the Network Layer, which is termed a layer 3 according to the OSI model. Due to such excessive usage of networking, it becomes essential for users to be aware of the security policies and 3. Principles of Network Security Infocrystals.com (2009) explains that there are three principles of network security which dictate the network to be reliable and efficient for the users. Integrity: A secure network will have integrity such that all the information stored in it will be correct and safeguarded from all unauthorized modifications. Confidentiality: This property dictates the network to allow only the validated users and no unauthorized person is allowed to access or view the information. There are several techniques to validate the users. When data is being transferred from one place to the other on the network, we need to be careful off it’s confidentially as it should be leaked at any point. Availability: The last property is that the information is available for use when it is desired by the validated users. It can also be termed as accessibility, it helps in running the network smoothly. 4. Future Trends in Network Security There is a lot of on-going research regarding the measures to ensure more reliable security measures. It is said that the next wave of network technology will encapsulate specialization, integration and virtualization. Geiger (2005) concludes that intrusion detection systems are considered an important technology to handle security threats. The current systems either prevent the damage or facilitate detection. But the intrusion detection systems of tomorrow are said to be coupled with both the capabilities. The fusion of these two concepts will make the network security systems more efficient. Cartwright (2003) states that current firewalls are said to be bottlenecks in the fast internet connections of today and security threats and risks are becoming more complex. Therefore greater processing power is required to avoid the scenarios of bottlenecks and handle network security threats easily. 5. Regulatory issues surrounding the area In the modern age, if a company does not implement appropriate security measures then they are held accountable by the law. Douligeris (2007) states “Under private law, failure to implement security measures might result in damages for breech of contractual obligations, for example negligence and breach of a fiduciary relationship.” Further explains that there have been more obligations introduced through law on banking, data protection and health care. Security is a concern for many people involved in running a business for e.g. Shareholders and management personnel and last but not the least the customers themselves. The customer gives the companies there data in confidence that it will never be used for any other purpose. The company can be held accountable for any leakage of the data for some malicious intent and can suffer lot of damage in-terms of money and reputation. Privacy has been stated as an individual’s right in Article 8 of the European Convention on Human Rights. This includes all the aspects of the privacy of the data and identity as well. The element of confidentiality has also been invoked through Article 5 of the Telecommunication Data Protection Directive 97/66/EC. It dictates the members to ensure confidentiality in public telecommunication networks and services. 6. Companies involved in this area There are many companies all over the world who offer efficient network security products. Some of the companies and their products shall be discussed here; IBM One of the biggest IT companies in the world offers many products regarding network security. IBM (2009) states that they have a wide range of solutions regarding this area from IBM Internet Security Systems (ISS). IBM protection software offer efficient and comprehensive solutions. They offer the following solutions: Intrusion Detection Systems, Intrusion Prevention Systems, Network Anamoly Detection Proventia Network Mail Security System. Guardian Analytics  Messmer (2008) states that this company was founded in 2005, whose headquarters are in Los Altoc, California. The focus of this company is on financial institutions online data security. Their services are ideal to protect data so that fraudulent activities can be mitigated. Their techniques are commendable as they blend their Guardian Analytics with the IP geo-location to help prevent any fraudulent activities related with the customer’s data. NexTier Networks  Messmer (2008) states that this company was founded in 2007 by Tarique Mustafa in Santa Clara in California. The main focus of this company is on data leakage prevention which is achieved by their creation called Information Search and Security. 7. Global Implications of Network Security Due to the increasing security threats over networks, the companies have become aware of its necessity and are starting to focus on it. They have realized that lack of reliable security measures can lead to demise of the organization. Network security has made the globalization of e-commerce a reliable and successful venture. It is because of these measures that customers tend to trust their companies and continue giving them business. Mallard, (2007) states that according to a FBI’s security survey in 2004, the following information was concluded resulting from security losses that year: $26 million dollars – denial of service $11.5 million dollars – theft $55 million dollars – viruses As can be seen from the above figures that companies tend to face huge amounts of losses, because of which network security has become one of their main focus areas. References Bob Geiger, (2005), The future of network security: Intelligence behind IPS, SearchNetworking.com http://searchnetworking.techtarget.com/tip/1,289483,sid7_gci1051288,00.html Christos Douligeris, Dimitrios N. Serpanos, (2007), Network security: current status and future directions, Wiley and Soas Publishers http://books.google.com.pk/books?id=dHys9OXMFMIC&dq=future+of+network+security&printsec=frontcover&source=in&hl=en&ei=JR8JS6H6DcGHkAWcgv3eCQ&sa=X&oi=book_result&ct=result&resnum=11&ved=0CDYQ6AEwCg#v=onepage&q=&f=false Christopher Leidigh, (2005),Fundamental Principles of Network Security, http://www.ptsdcs.com/whitepapers/70.pdf Cybertelecom Federal Internet Law & Policy An Educational Project, (2009), Denial of Service Attacks, http://cybertelecom.org/security/dos.htm David Cartwright, (2003), Future of Firewalls, Computer World, http://www.computerworld.com.au/article/121130/future_firewalls?relcomp=1 Bottom of Form Ellen Messmer, (2008), 10 IT security companies to watch, http://www.networkworld.com/news/2008/111708-security-companies.html?page=3 Farlex Inc. (2009), Network Security http://encyclopedia2.thefreedictionary.com/network+security IBM, (2009), Network protection solutions, https://www-935.ibm.com/services/uk/index.wss/offerfamily/gts/y1026882 Infocrystals.com, (2009), Principles of Network Security, http://about.infocrystals.com/network_security.asp Jawahar, (2004), Hacking Tutorial: Denial of Service (DOS) Attacks, Experts Forge, http://www.expertsforge.com/Security/denial-service-dos-attacks-2.asp R.T. Morris, (1985), "A Weakness in the 4.2BSD UNIX TCP/IP Software", AT&T Bell Laboratories, NJ. SearchSecurity.com, (2009), Firewall http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212125,00.html Steve Mallard, (2009), The History behind Network Security, http://www.brighthub.com/computing/smb-security/articles/4779.aspx Steve Mallard, (2007), Network and Computer Security Stanford University School of Earth Sciences, 2004, Security risks, http://pangea.stanford.edu/computerinfo/resources/network/security/risks.html Techfaq.com, (2009), Network Attacks, http://www.tech-faq.com/network-attacks.shtml Tony Bradley, (2009), Introduction to Intrusion Detection Systems (IDS), About.com, http://netsecurity.about.com/cs/hackertools/a/aa030504.htm Wikimedia Inc, (2009), Router, http://en.wikipedia.org/wiki/Router Read More