A PAPER PRESENTATION ON NETWORK & SECURITY At

ARUNAI ENGINEERING COLLEGE

PRESENTED BY AARTHEE.M.R kushmi6t@gmail.com LAKSHMIDEVI.D lakshmidurai7@gmail.com

III B.E DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

RANIPPETTAI ENGINEERING COLLEGE WALAJA,VELLORE dist.

CONTENTS
1. Abstract

2. Introduction

3. Security Threats

Passive Attacks

Active Attacks

4.Importance of Security

Firewalls

Encryption & Decryption

Secure Network Devices

5. Conclusion

ABSTRACT:
Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become "wired'', an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them. Some history of networking is included, as well as security threats and importance of security. We go on to consider risk management, network threats, firewalls, and more specialpurpose secure networking devices. It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally, at home, and in the workplace.

INTRODUCTION: CYBER TERRORISM:

Cyber-terrorism refers to the convergence of terrorism with the cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computer, networks and information stored therein, when done to intimidate or coerce a government or its people, or in a larger perspective, the international community, in furtherance of political, or religious, or social objectives. Cyber-terrorism, being a digital weapon preserves life of the terrorist and thrives on the development of new technologies. The attack is undetectable and the victim may not even know that he is being attacked. The famous quote of a writer in the millennium is to conquer an enemy without fighting. Is this still a terrorists dream? No. In the age of information revolution, terrorist organizations, which generally have no access to television or audio communications, conveniently broadcast their messages to the entire world via the Internet, the backbone of web technology. In fact, many of the terrorist group maintains their own websites. The traditional tools of terrorism-explosives, bullets and more recently nuclear, chemical and biological weapons -are dangerous not only to the target but also to the terrorist himself. If somebody hacks, we need to know that, Are they just kids or more nefarious? Is it Saddam or Laden who is planning another World Trade Center bombing? What is Network Security? Network security can be described as the effort to create a secure computing platform, designed so that agents (users or programs) cannot perform actions that they are not allowed to perform, but can perform the actions that they are allowed to. Network Security systems insure the integrity of the system by protecting from hackers trying to get into the system and by restricting access within the system to individuals specific needs.

SECURITY THREATS:
Security threats can be inflicted in the form of passive attack and active attack.

1) PASSIVE ATTACK:
A passive attack is one in which the attacker eavesdrops and listens to the message exchanges but does not modify the message contents in any way. Even if the messages are encrypted, the attacker is able to do traffic analysis on the stream of data exchanged. Some of the threats under this category are: i)Unauthenticated access ii)Unauthorized access iii)Spoofing (fabrication or impersonation) iv)Attack (making resources unavailable) v)Malicious software

2) ACTIVE ATTACK:
An active attack is one in which the attacker modifies the messages exchanged, delete selected messages, replay old messages, introduce new messages into the stream of message exchanges or impersonate one end of the conversation. Some threats under this category are:

i)Interception or sniffing ii)Modification iii)Denial of action (repudiation)

PASSIVE ATTACKS:
Passive threats involve monitoring the transmission data of an organization. The goal of the alteration of data.

1.Unauthenticated Access:
attacker is to obtain the information being transmitted. Passive threats are difficult to detect, as they dont involve The threat of release of message contents is of great concern. A telephone conversation, an e-mail message, or a transferred file may contain sensitive or confidential information. One needs to prevent the attacker from learning the contents of these transmissions.

2.Unauthorised Access:
The threat of traffic analysis is subtler and is more often applicable to military solutions. Even though one may have a way to masking the contents of messages, the attacker may still determine the location and identity of the communicating hosts. And can also observe the frequency and length of the messages being exchanged. The emphasis in dealing with passive threats is prevention rather than detection. Although these threats can be directed at communication resources (routers and lines), they are generally perpetrated at the host level.

3.Source IP Address Spoofing Attacks:

For this type of attack, the intruder transmits packets from the outside that pretend to originate from an internal host: the packets falsely contain the source IP address of an inside system. The attacker hopes that the use of a spoofed source IP address will allow penetration of systems that employ simple source address security where packets from specific trusted internal hosts are accepted and packets from other hosts are discarded. Soure spoofing attacks can be defeated by discarding each packet with an inside source IP address if the packet arrives on one of the routers outside interfaces.

4.Source Routing Attacks:

In a source routing attack, the source station specifies the route that a packet should take as it crosses the Internet. This type of attack is designed to bypass security measures and cause the packet to follow an unexpected path to its destination. Simply discarding all the packets that contain the source route option can defeat a source routing attack.

5.Tiny Fragment Attacks:

For this type of attacks, the intruder uses the IP fragmentation feature to create extremely small fragments and force the TCP header information into a separate packet fragment. Tiny fragment attacks are designed to circumvent the user-defined filtering rules; the hacker hopes that a filtering router will examine only the first fragment and allows all other fragments to pass. Discarding all packets where the protocol type is TCP and the Fragment Offset is equal to 1 can defeat a ting fragment attack.

ACTIVE ATTACKS:
Active threats involve the modification of the data stream or the creation of a false stream.

1.Interception or Sniffing:
Message stream modification is done which means that some portion of the legitimate message is altered or that messages are delayed, replayed, or recorded to produce an unauthorized effect. For e.g.: a message Allow Amelie to read confidential file accounts is modified to Allow Gabrielle to read confidential file accounts.

2. Masquerade:
Masquerade takes place when an attacker pretends to be someone else. The attack usually includes one of the other two forms of attack. Such an attack can take place, for e.g. by capturing and replaying an authentication sequence.

3.Denial of Service:
It prevents or inhibits the normal use of management of communication facilities. This attack may have a specific target; for e.g. an attacker may suppress all messages directed to a particular destination. Another form of service denial is the disruption of the entire network, either by disabling the network or by overloading it with messages so as to degrade the performance.

IMPORTANCE OF SECURITY:
The situation today is radically different from the one 10 years ago. Over that period of time, the crackers and hackers, groups of people have faced off and crystallized into opposing teams. The network is now at war and these are the soldiers. Everyone has a different idea of what security is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization.

FIREWALLS:
A firewall is a point at which your private company network and a public network, such as the Internet, connect. A firewall system is a hardware/software configuration, which sits at this perimeter, controlling access incoming and outgoing of your companys network

Types of Firewalls:
There are three basic types of firewalls. They are: 1. Application gateways. 2. Packet filtering. 3. Hybrid systems.

APPLICATION GATEWAYS:
These are also known as proxy gateways. These are made up of bastion hosts that run on special software to act as a proxy server. This software runs at theApplication Layer. Clients behind the firewall must be proxitized in order to use Internet services. These are most secure. These are also typically the slowest, because more processes need to be started in order to have a request serviced.

PACKET FILTERING:
Packet filtering is a technique whereby routers have ACLS (Access Control Lists). Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa. There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO/OSI layer. Due to the less overhead packet filtering is done with routers, which are specialized computers optimized for tasks related to networking. The below figure shows a packet filtering gateway.

HYBRID SYSTEMS:
Security of the application layer gateways with the flexibility and speed of packet filtering, some vendors have created systems that use the principles of both. These systems are called Hybrid Systems. In these systems, new connections must be authenticated and approved at the application layer. Once this has been done, the remainder of the connection is passed down to the session layer. The benefits of using these systems include providing a measure of protection against your machines that provide services to the Internet, as well as provide the security of an application layer gateway to the internal network. Additionally, using this method, an attacker, in order to get to services on the internal network, will have to break through the access router, the bastion host, and the choke router.

ENCRYPTION ANDDECRYPTION:
Data that can be read and understood without any special measures is called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called cipher text. We use encryption to make sure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting cipher text to its original plaintext is called decryption.

SECURE NETWORK DEVICES:

The device which is having more security is secure network devices. Some of the examples of these devices are discussed below:-

Secure Modems; Dial-Back Systems:

The modem is a device which is used to convert the analog signals into digital signals, and viceversa. The terminal server or network device that provides dial-up access to your network. Its password need to be strong -- not ones that can be guessed. Accounts that aren't actively used should be disabled. In short, it's the easiest way to get into your network from remote: guard it carefully. There are some remote access systems that have the feature of a two-part procedure to establish a connection. The first part is the remote user dialing into the system, and providing the correct userid and password. The system will then drop the connection, and call the authenticated user back at a known telephone number. Once the remote user's system answers that call, the connection is established, and the user is on the network. This is mostly used when you are working in home.

Crypto-Capable Routers:
A feature that is being built into some routers is the ability to session encryption between specified routers. Because traffic traveling across the Internet can be seen by people in the middle who have the resources to snoop around, these are advantageous for providing connectivity between two sites, such that there can be secure routes.

Virtual Private Networks:

VPNS provide the ability for two offices to communicate with each other in such a way that it looks like they're directly connected over a private leased line. The session between them, although going over the Internet, is private and the link is convenient, because each can see each others' internal resources without showing them off to the entire world.

CONCLUSION:
Security is a very difficult topic. Everyone has a different idea of what security is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization. Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with your security policies and practices. Many people pay great amounts of lip service to security, but dont bother when it gets in their way. It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand that what can be improved, and it's important to let them know, and what has been done to minimize the organization's exposure to them. Security is everybody's business and only with everyone's cooperation and intelligent policy, it will be achieved.