Fiber Optic Security Systems - Thesis Proposal Example

FIBER OPTIC SECURITY SYSTEMS College: Table of contents Table of contents 2 Introduction 3 1 Introduction 3 1.2 Background study 3 1.2.1 IDPS systems 4 1.2.2 Methods of detecting intrusion 5 1.2.3 Fiber optic threats 6 1.2.4 Methods of taping information from fiber optic cables: 10 1.3 Problem statement 11 1.4 Research objectives 11 1.5 Justification for study 12 2.0 Research methodology 12 2.1 case study analysis 12 2.1.1 Conduct a detailed analysis of the IDPS systems 12 2.1.2 Study of the different Standards used for security systems 13 2.1.3 Study of the fiber optic security threats 13 2.1.4 Propose and recommend a hybrid system 13 Appendix 14 References 15 Introduction 1.1 Introduction Globalization and technology advancement have facilitated the rapid development of the internet and other communication systems. Communication plays an imperative role in the success of any corporation or organization. Data and information flow in the internet allow for swift transactions through the internet, opening the business milieu to unlimited market and colossal profits. The data and information must be protected from potential misuse or must be concealed from loss, particularly where financial transactions are involved. 1.2 Background study To protect information, Intrusion Detection and Prevention Systems (IDPS) are used. An intrusion detection and prevention system is a software or hardware designed to detect and mitigate any attack to the computer or network system. A malicious program or E-mail causes unwanted manipulation and alteration of information and files, deleting of vital information and emails, software corruption and the transfer of information without the authority or consent of the user or the system administrator (Crothers, 2002). The major roles of IDPS are to protect networks and computers from: Unauthorized logins Access to vital information and files Malwares attacks Trojans attacks Worms attacks 1.2.1 IDPS systems Depending on the type of network, there are various IDPS systems, these include; Network based IDPS; Monitors the network. The sensors are located at choke points to analyze the information and identify malicious traffic. Host based IDPS; Identifies intrusion on hosts and agents. They analyze the information such as calls, File systems and modifications application logs and other host information to detect and suppress attacks. Wireless IDPS: They are used to detect intrusions on the wireless system and rogue access points (unauthorized wireless access point used by hackers). Other IDPS systems PIDPS: (Packet Intrusion Detection System) used for packet sniffing to detect attacks. APIDS: It monitors a group of servers by analyzing and monitoring communication between the application protocols. Hybrid intrusion detection systems: Hybrid intrusion detection systems are more efficient and effective in detecting attacks and controlling them. They consist of a combination of several intrusion detection systems integrated into one device. The key function of IDPS systems are Detection of intrusion Recording of information on the detected events Notifying the administrator of the detected events Trigger preventive measures such as port blocking, limiting access of the suspect program as well as deleting infected files. The main parts of an IDPS system are: Sensor: generates the security event Console: monitors the event Engine: it records the events logged by the sensors in a specified database. 1.2.2 Methods of detecting intrusion Though there are many methods of detecting intrusions, the principal methods are: Signature based intrusion The IDPS detects a given pattern corresponding to a known threat. The known events are those that were detected and are known to cause harm in the past. For example, an email with an attached file (freepics.Exe) is usually a characteristic of malwares, or an operating system log with code 645 that depict that the host is disenabled or a Telenet with user name 'root' that violates security policy. All these can be detected using signature based system. Signature based systems are effective but if the signature is changed slightly by the hacker, the IDPS does not detect it. For example, freepics3.Exe cannot be detected by a system with a signature 'freepics.Exe' (Dave, 2008). Anomaly based detection In this system, the normal process is identified and recorded. Any increase in activity from the normal operating conditions is a likely indication of an attack. For example, the operation of a given website can be found not to exceed a given bandwidth for a given period. If it does exceed, then there must be an attack on the system. Anomaly based detection system are effective in detecting unknown attacks that cannot be detected by the signature based protocols. For example, if a malwares caused the network or computer server to send huge number of emails it will be detected by this system (Scarfone & Peter, 2007). Stateful protocol analysis It involves the comparison between the observed events and predetermined profiles that are accepted within a given protocol. Unlike anomaly based system where the network or host profiles are used, Stateful protocol relies on universal profiles. For example, when using the File Transfer Protocol (FTP), only a few operations like user name or password check are done in the unauthenticated state. Any program trying to perform more operations is considered suspicious (Yu-Xi, and Tim, 2003). 1.2.3 Fiber optic threats Though fiber optic system has been deemed as the fastest, most reliable, effective and secure method of transferring data and information, new inexpensive technology has proven that the fiber is extremely susceptible to attackers and information through fiber cable is readily available to hackers (Fouchereau, 2009). The main advantages of the fiber optic system are: Able to transport huge volumes of data relatively fast It is very reliable Space advantages Unlimited bandwidth Limited loss of information as the light propagation has little loss as compared to electrical cables. Types of threats There are two types of threats experienced in the fiber optic systems, these are; Physical threats Non physical threats Non physical threats These threats and attacks occur in the normal email security systems as stipulated by section 1.2.2. There are protected by the current Intrusion Detection Systems, such as (Host IDPS, Network IDPS, Wireless IDPS, NBA) however, with the advent of the fiber optic cable which has unlimited bandwidth and super high speeds. The convectional Intrusion Detections System suffers the following major drawbacks: The sensors are not able to collect and analyze all the information Due to the huge number of emails, anomaly based IDPS may not detect attacks. New threats are being detected day by day making it hard for signature based IDPS to detect and mitigate such attacks. Data flowing in form of packets surpasses the IDPS system easily. For the case of wireless IDPS, rogues can be used to tap information on WLAN systems. Wireless IDPS have been known to be easily hacked, SSID systems used by most WLAN devices is susceptible to attacks. for example, for Cisco systems use the name 'tsunami' for the SSID. Other attacks on the wireless systems include man-in-the-middle attacks, use of the Airmagnet, NetStumber and Airopeek. These are all used to analyze the WLAN and generate the SSID. Hackers are also able to decrypt WEP encrypted information by monitoring WLAN for less than a day (Geier, 2002; Eweek, 2004; Scarfone & Peter, 2007; Wright, 2004, Fluhrer, 2009). Various programs such as fragrouter can be used to successfully divert information. The software can be used to modify, egress and intercept traffic destined to a given host. The software performs functions such as fragmentations and overwriting. Fragmented particles are not detected by IDPS systems (MARUHN, 2007). Physical attacks Though it was believed that it is impossible to hack and tap information from the fiber optic cable physically, new techniques and knowledge reveal that it is not only easy to tap information but it requires very cheap technology. A survey conducted by the federal bureau of investigation (FBI), computer squad shows that; The financial loss of $9,171,400 was reported The overall financial loss was $201,797,340 Theft of proprietary information was $2.7 million. The report indicates that it is possible, with enough computing power, to correctly guess the encryption key and the current design errors may make computers more vulnerable to future attacks (Network Integrity Systems, 2005). About 4.5 million credit and debit card details from a supermarket chain and 1800 cases of fraud were reported. The US government has the capacity to eavesdrop the entire worldwide fiber optic network and has security rooms at AT&T (world net)(CNN.com, 2005; Blackhat Federal Briefing, 2003; COM craft. 2009) United States security forces discovered illegally installed fiber eavesdropping devices installed on the Verizons optical network. The device was placed at Mutual Fund Company shortly before the release of there quarterly numbers (Fouchereau, 2009). According to information security magazine. Illegal monitoring of the German police networks and pharmaceutical giants in France and United Kingdom has caused a lot of information breach. According to Kabay (2003), it is very easy to tap fiber optic systems. 1.2.4 Methods of taping information from fiber optic cables: The three main methods used to tap information from fiber optic network systems are: Splinter/ coupler method It is also refereed to as curve method; information is tapped from the system by bending the cable so that small amount of light can escape from the cable. A photo detector is then used to capture the light and the data contained in the light stream.(Fouchereau, 2009). Splice method It is the most common method of tapping the optical fiber network system. A small break is made and is used to monitor the information flowing. The main limitation with this method is that the intrusion can be detected by the technicians. However, if the cutting process is done fast, the technicians dismiss it as a network glitch which reduces the possibility of detection. Maintenance points are mostly used by hackers to monitor data flows (Fouchereau, 2009). Non touching optical tapping methods These are state of the art hacking devices. They are mainly modified from the convectional maintenance tools used to secure optical networks. Sensitive photo detectors are mounted round the fiber optic cables and the small radiations emanating from the fiber cable are captured and amplified. The light is then redirected to another optical cable (Finisar, 2007; Fouchereau, 2009). 1.3 Problem statement As stipulated in the background study, physical and none physical methods can be used to illegally collect information from a fiber optic cable. There are numerous cases of information theft and loses that have occurred in countries using the fiber optic cable. Organizations such as banks, financial institutions, supermarkets, pharmaceutical firms, government departments, corporations and individuals face disastrous repercussions in the advert of information loss. Encrypted information is also vulnerable to attacks as key generation using state of the art computers exposes this information. There is the need to conduct a case study on the different IDPS systems, the fiber optic threats and formulate techniques of mitigating such threats. 1.4 Research objectives The main research objective is to conduct a case study on the fiber optic network security systems. The specific objectives include; Study different IDPS system in use and their effectiveness Study the security threats poised by the use of the fiber optic cable Study the different IDPS system used to secure information on the fiber optic cable Recommend a hybrid system, comprised of several IDPS that can be used to further secure the fiber optic cable and mitigate attacks. 1.5 Justification for study By conducting a case study on the different IDPS systems, their mode of operation, their limitation and their use in further securing the fiber optic system, the author will gain an in-depth understanding of the security system as well as expose the drawbacks of using the current system. The author will also study the different physical intrusions on the fiber optic cable with a view of proposing a hybrid system that can detect and alleviate most of the physical and non physical attacks. 2.0 Research methodology 2.1 case study analysis The researcher will conduct a case study on the fiber optic network security systems. The main focus of the research work will be 2.1.1 Conduct a detailed analysis of the IDPS systems The author will critically study the different IDPS technologies, their merits and limitations. The three main IDPS systems that will be studied include Host based IDPS Network based IDPS Wireless IDPS A study of methods of integrating different IDPS systems 2.1.2 Study of the different Standards used for security systems Conduct a detailed analysis on the different standardization on which the IDPS technologies are based on and also the different E-mail security standards in use. 2.1.3 Study of the fiber optic security threats The researcher will conduct an in-depth study and analysis of the different fiber optic security threats. It will be based on: Types of threats Nature of threats Different methods through which the intruders fool the network system The effects of speed on the IDPS system The effects of unlimited bandwidth on the security systems 2.1.4 Propose and recommend a hybrid system The research will then propose a hybrid system formulated by combining different IDPS systems. The main attributes of the hybrid system are A hybrid system that combines several IDPS technologies A hybrid system that can control most of the threats exposed in the case study A hybrid system that has unlimited speed and can detect malicious software at high data transfer rates A system that can detect packets of carrying malicious software's. The proposed hybrid system can monitor and control physical intrusions. Appendix NBA -network behavior analysis IDPS- intrusion detection and prevention system IPS - intrusion prevention system IDS- intrusion detection system WEP wired equivalent privacy SSID service set identifier FTP: File Transfer Protocol WLAN: Wireless Local Area Network References Blackhat Federal Briefing. 2003. Threats To Fiber Optic Infrastructure: I Defense. [Online]. Available at http://www.blackhat.com/presentations/bh-federal-03/bh-fed-03-gross-up.pdf Accessed 7 October 2009. Crothers, T.2002. Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network. COM craft. 2009. Fiber Optic Tap. [Online]. Available at: http://www.comcraftfr.com/fiberoptictap.htm . Accessed 2 October 2009. CNN.com. 2005. Experts: New Submarine Can Tap Fiber Optic Cables. USS jimmy carter to be commissioned Saturday. Washington: Washington post. Dave, D. 2008. Network monitoring/Intrusion Detection Systems (IDS). Washington: University of Washington Eweek. 2004. Wireless IDSes Defend Your Airspace. [Online]. Available at: http://www.eweek.com/c/a/Mobile-and-Wireless/Wireless-IDSes-Defend-Your-Airspace/ . Accessed 9 October 2009. Fouchereau, R. 2009. Technology Assessment: Fiber Optic Network: Is Safety Just An Optical Illusion IDC, analyze the future. [Online]. Available at http://www.infoguard.com/docs/PDF/IDC_report_Fibre_optic_security.pdf Accessed 3 October 2009. Fluhrer, S. Itsik, M and Adi, S. 2009. Weaknesses in the Key Scheduling Algorithm of RC4. [Online]. Available at: http://www.drizzle.com/aboba/IEEE/rc4_ksaproc.pdf Accessed 8 October 2009. Finisar. 2007. High Density Fiber Optic Tap. [Online]. Available at: http://www.storage-expo.com/ExhibitorLibrary/40/High_density_tap_3.pdf . Accessed 3 October 2009. Geier, J.2002. Tutorials, Minimizing WLAN Security Threats. [Online]. Available at: http://www.wi-fiplanet.com/tutorials/article.php/1457211 Accessed 9 October 2009. Kabay, M.E. 2003. Tapping Fiber Optics Gets Easier. [Online]. Available at: http://www.networkworld.com/newsletters/sec/2003/0303sec1.html.Accessed 8 October 2009. Scarfone, K & Peter, M.2007. Guide to Intrusion Detection and Prevention Systems (IDPS): Recommendations of the National Institute of Standards and Technology. [Online]. Available at: http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf Accessed 9 October 2009. MARUHN. 2007. Fragrouter Intercept, Modify, And Rewrite Egress Traffic. [Online]. Available at: http://dir.filewatcher.com/d/OpenBSD/3.3/vax/fragroute-1.2p1.tgz.259557.html .Accessed 8 October 2009. Network Integrity Systems. 2005. Fiber Optic Intrusion Detection Systems. [Online]. Available at: http://www.networkintegritysystems.com/pdf/NIS-FiberOpticIntrusionDetectionSystems.pdf. Accessed 7 October 2009. Yu-Xi, L, Tim, S. 2003. Wireless Intrusion Detection and Response. School of Electrical and Computer Engineering. Atlanta: Georgia Institute of Technology. [Online] available at: http://users.ece.gatech.edu/%7Eowen/Research/Conference%20Publications/wireless_IAW2003.pdf . Accessed 2 October 2009. Read More