Network Security Control - Essay Example

Network Security Network Security: Network Security is one of the most highly debated topics in the present day world. Network Security has many dimensions. Securing any network is like securing a country's access points with several defense mechanisms. Network Security has become a very essential part of each and every network present on this planet- be it the Internet which we use or the LANs (Local Area Networks) and MANs (Metro Area Networks). It deals with stopping attacks on a network from outer entities such as hackers and from non-intentional attacks. As more and more networks are being introduced every single day, the implementation of network security has become very important. The interconnection of networks has made flow of information easier between organizations or individuals (Curtin, 1997). But with this ease of information access comes the issue of security. With the increase of information flow, there has been an increase in the number of attacks on information by hackers. Attacks such as Denial of Service (DoS) Attacks, Spoofs, Sniffing, etc. have increased with the increase in the availability of hacking tools which are free of cost. Valuable information is lost in the process. For example, if a customer buys a product of a particular organization through their web-site and a hacker presents himself as the organization and receives the money from the customer, valuable information such as the ID of the customer, his credit card numbers, his passwords are all stolen by the hacker. Therefore such information has to be transferred securely over the Internet. Encryption is the most common way of securing valuable information while transmitting over the Internet (Rahman, 2003). Networks are secured in a different manner. They are secured using tools called "Firewalls". Whenever transactions or information between a customer and an organization are being carried out, a particular pattern is followed. Firewalls recognize and allow only these transactions or processes to be carried out and block out all the unrecognized patterns. By implementing Firewalls, most of the attacks from the hackers can be kept out. Securing a network just does not happen. There are many issues to be considered when making policies for network security. The three main issues back in the earlier days were Confidentiality, Integrity and Availability. Due to the advances in the technologies, these issues have been mostly resolved. But in the present day Networks, other issues have appeared. These issues will eventually result in the breaching of confidentiality, integrity and availability thereby defeating the cause of coming up with Network Security policies. We can ask the following questions to resolve the recent issues related to Network Security: Should Identity Manager be put back to the User Identity Control from the top down approach has traditionally been imposed by all Enterprises and Governments. But this has resulted in resilience from the users. Users have always found it difficult to cope up with the time constraints resulting from the above mentioned approach. This approach looks increasingly antiquated for the present day user needs. Microsoft's Kim Cameron once noted that: "A system that does not put users in control will - immediately or over time - be rejected" (Dean, 2006). This is true because users expect real fast response and do not like to waste their time in waiting for a response from the requested network or system. Identity Control being at the Server side is the key to ensuring trusted relationship for billions of business transactions all over the world. Identity Control being at the server side makes it possible for the replying Network to ensure that the keys constructed are secure. Since the control will be present with the server, no user will have chance of even attempting to break the key and steal the information being transferred. At the macro level, the advantages that accrue in the form of innumerable applications and services, with enhanced benefits for all, can clearly be seen zipping across the ether; but that macro level is ultimately composed of individuals, and so a problem arises: it's personal. Michael Howard, Senior Security Program Manager, Microsoft USA, said at the Information Security Solutions Europe (ISSE) Conference 2006, "You can be in the poshest place on earth, but as soon as you plug into the computer, you are slumming it with some of the nastiest people in the world.". There are many variations of Identity Control. One form of Identity Control is Digital Identity. There are many technologies to carry out Digital Identity. These technologies and services are often very complex. These technologies include different dimensions such as enterprise identity management, HR applications, CRM, web access management, (enterprise) single sign-on, role-based access control, network identity management, subscriber-centric networks, federated identity management, meta-directories, identity meta-system(s), local and national government identity cards and e-passports. Also, the emerging technologies around personal digital identities, RFID, PKI, smart cards, biometric technologies are encompassed in these technologies. These technologies use different encryption standards which encode data taking part in the transactions taking part. If these are allowed at the user side, a lot of load is reduced on the remote network and therefore ensures better throughput. But then, it also means that the data is exposed to all the other attackers and hackers. New encryption algorithms are being found to ensure that the encoded data is not broken. Are VPNs (Virtual Private Networks) Secure VPNs (Virtual Private Networks) are private communications network tunnel which pass through another network and are specific to one particular network. For example, if an organization has to communicate with its own branch situated elsewhere, it has to connect to the network of its branch making a private network. This private network has to pass through different networks such as the Internet itself. There is a big risk of its information being stolen. Therefore, this private network has to be virtual so that no other network or observer can look at the contents of the messages being passed between the two branches. This is again ensured by encrypting the data being passed. But now a days the security involved in the virtual private networks is of a great concern. This is mainly due to the fact that technology has increased so much that encryption keys are not very difficult to break. Earlier, the encryption keys were of 32 or 16 bits. This could have taken days, months or even years to break with the traditional technology. But in the present day world, using the modern technology, these keys can be broken in just may be in a few minutes or even seconds. This has become a great concern for organizations communicating through Virtual Private Networks. Great research is being carried out to find out keys which are of size greater than 128 bits. With a key of such size, there are so many combinations available that it could take more than 5 years to crack the key. Since the key is known only to the branches of the organization, the transfer of information becomes highly secure. Can all Attacks be Prevented using the Modern Technologies and Tools Modern tools and technologies claim to block and prevent all attacks from outer entities like hackers. There are many different kinds of attacks which a hacker can choose to attack an organization. The attacks can be classified into several classes such as Interruption, Interception, Modification, Fabrication attacks. And there are different types of attacks such as DoS (Denial of Service) attacks, Packet Sniffing, Information Thefts, Malicious Code, Social Engineering attacks. DoS attacks are generally carried out on the servers (Wani, 2001). They block the server service to the requesting users thereby crashing the server. Packet Sniffing means sniffing the packets being transmitted through the network. This is generally done to take a look at the information in the packet. This information could be confidential to an organization. There are many several tools which allow packet sniffing such as ethereal. Malicious Code includes programs called worms and trojans. These programs are passed into a particular system in a network. These programs then execute themselves automatically and steal information from that system. Important information can be stolen in such a manner. Such programs can also destroy or crash the system in which they are executing. This can result in a huge blow to the working of an organization. To counter these attacks, all organizations implement tools called "Firewalls". Firewalls work on recognizing the patterns. The transactions between the organizations and the users or the customers are carried out using particular keys called the public and the private keys. These transactions follow particular patterns. These patterns are unique to each organization. This is due to the fact that each organization will have their own public and private keys. But as we already know, these keys if not complex, can be broken easily without any effort. Therefore, keys have to be very complex so that the information being passed has to be secure. Many attacks in the modern day world cannot be stopped. In-order for the information to be safe, Firewalls have to be very strong and have to be programmed in such a way that the patterns of transactions can never be recognized by others other than the Firewall itself. Extensive research is going on to improve the standards of Networks and Network Security. References: Wani, Pankaj. (2001), "Information Security Attacks, Exploits and Threats", pp: 1-4, http://www.nihilent.com/white_papers/information_security_attacks.pdf Curtin, Matt. (1997), "Introdcution to Network Security", pp: 3-15, http://www.interhack.net/pubs/network-security.pdf Rahman, B. S. Abdul (2003), "Current Issues in Network Security Management", pp: 2-22, http://www.aptsec.org/meetings/2003/nsm/Malaysia-Sem/Session-1_Malaysia-MCMC.ppt aptsec.org, "Principles to Guide Efforts to Improve Computer and Network Security for Higher Education", pp: 1-5, http://www.educause.edu/ir/library/pdf/SEC0310.pdf Dean, Roger. (2006), "Network Security", pp: 1-7, http://www.infosecurity-magazine.com/related/nesesample.pdf comptechdoc.org, "Security Attacks", http://www.comptechdoc.org/independent/security/recommendations/secattacks.html Read More