CONTENTS
1. Abstract
2. Introduction
3. Security Threats
Passive Attacks
Active Attacks
4.Importance of Security
Firewalls
5. Conclusion
ABSTRACT:
Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become "wired'', an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them. Some history of networking is included, as well as security threats and importance of security. We go on to consider risk management, network threats, firewalls, and more specialpurpose secure networking devices. It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally, at home, and in the workplace.
SECURITY THREATS:
Security threats can be inflicted in the form of passive attack and active attack.
1) PASSIVE ATTACK:
A passive attack is one in which the attacker eavesdrops and listens to the message exchanges but does not modify the message contents in any way. Even if the messages are encrypted, the attacker is able to do traffic analysis on the stream of data exchanged. Some of the threats under this category are: i)Unauthenticated access ii)Unauthorized access iii)Spoofing (fabrication or impersonation) iv)Attack (making resources unavailable) v)Malicious software
2) ACTIVE ATTACK:
An active attack is one in which the attacker modifies the messages exchanged, delete selected messages, replay old messages, introduce new messages into the stream of message exchanges or impersonate one end of the conversation. Some threats under this category are:
PASSIVE ATTACKS:
Passive threats involve monitoring the transmission data of an organization. The goal of the alteration of data.
1.Unauthenticated Access:
attacker is to obtain the information being transmitted. Passive threats are difficult to detect, as they dont involve The threat of release of message contents is of great concern. A telephone conversation, an e-mail message, or a transferred file may contain sensitive or confidential information. One needs to prevent the attacker from learning the contents of these transmissions.
2.Unauthorised Access:
The threat of traffic analysis is subtler and is more often applicable to military solutions. Even though one may have a way to masking the contents of messages, the attacker may still determine the location and identity of the communicating hosts. And can also observe the frequency and length of the messages being exchanged. The emphasis in dealing with passive threats is prevention rather than detection. Although these threats can be directed at communication resources (routers and lines), they are generally perpetrated at the host level.
ACTIVE ATTACKS:
Active threats involve the modification of the data stream or the creation of a false stream.
1.Interception or Sniffing:
Message stream modification is done which means that some portion of the legitimate message is altered or that messages are delayed, replayed, or recorded to produce an unauthorized effect. For e.g.: a message Allow Amelie to read confidential file accounts is modified to Allow Gabrielle to read confidential file accounts.
2. Masquerade:
Masquerade takes place when an attacker pretends to be someone else. The attack usually includes one of the other two forms of attack. Such an attack can take place, for e.g. by capturing and replaying an authentication sequence.
3.Denial of Service:
It prevents or inhibits the normal use of management of communication facilities. This attack may have a specific target; for e.g. an attacker may suppress all messages directed to a particular destination. Another form of service denial is the disruption of the entire network, either by disabling the network or by overloading it with messages so as to degrade the performance.
IMPORTANCE OF SECURITY:
The situation today is radically different from the one 10 years ago. Over that period of time, the crackers and hackers, groups of people have faced off and crystallized into opposing teams. The network is now at war and these are the soldiers. Everyone has a different idea of what security is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization.
FIREWALLS:
A firewall is a point at which your private company network and a public network, such as the Internet, connect. A firewall system is a hardware/software configuration, which sits at this perimeter, controlling access incoming and outgoing of your companys network
Types of Firewalls:
There are three basic types of firewalls. They are: 1. Application gateways. 2. Packet filtering. 3. Hybrid systems.
APPLICATION GATEWAYS:
These are also known as proxy gateways. These are made up of bastion hosts that run on special software to act as a proxy server. This software runs at theApplication Layer. Clients behind the firewall must be proxitized in order to use Internet services. These are most secure. These are also typically the slowest, because more processes need to be started in order to have a request serviced.
PACKET FILTERING:
Packet filtering is a technique whereby routers have ACLS (Access Control Lists). Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa. There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO/OSI layer. Due to the less overhead packet filtering is done with routers, which are specialized computers optimized for tasks related to networking. The below figure shows a packet filtering gateway.
HYBRID SYSTEMS:
Security of the application layer gateways with the flexibility and speed of packet filtering, some vendors have created systems that use the principles of both. These systems are called Hybrid Systems. In these systems, new connections must be authenticated and approved at the application layer. Once this has been done, the remainder of the connection is passed down to the session layer. The benefits of using these systems include providing a measure of protection against your machines that provide services to the Internet, as well as provide the security of an application layer gateway to the internal network. Additionally, using this method, an attacker, in order to get to services on the internal network, will have to break through the access router, the bastion host, and the choke router.
ENCRYPTION ANDDECRYPTION:
Data that can be read and understood without any special measures is called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called cipher text. We use encryption to make sure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting cipher text to its original plaintext is called decryption.
Crypto-Capable Routers:
A feature that is being built into some routers is the ability to session encryption between specified routers. Because traffic traveling across the Internet can be seen by people in the middle who have the resources to snoop around, these are advantageous for providing connectivity between two sites, such that there can be secure routes.
CONCLUSION:
Security is a very difficult topic. Everyone has a different idea of what security is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization. Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with your security policies and practices. Many people pay great amounts of lip service to security, but dont bother when it gets in their way. It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand that what can be improved, and it's important to let them know, and what has been done to minimize the organization's exposure to them. Security is everybody's business and only with everyone's cooperation and intelligent policy, it will be achieved.