These are the three Security goals and can be threatened by attacks.
Attacks
Internet Security
Security services are provided in the Internet at the network, transport and
application layers, through several protocols based on cryptography and other
techniques. We study here the protocols and other techniques at the Network
Layer. Security is needed at the network layer for three reasons:
Transport mode: this mode protects what is delivered from the TL to the NL,
i.e., only the payload, not the IP header. IPSec header and Trailer are added to
the data coming from TL. IP header is added later.
This mode is normally used for host-to-host (end-to-end) protection of data. The
sending host uses IPSec to authenticate/encrypt the payload delivered by the
TL. The receiving host uses IPSec to check the authentication/decrypt the IP
packet and deliver it to the TL.
Tunnel Mode: in this mode, IPSec protects the entire IP packet. It takes the
entire IP packet including the IP header, applies IPSec security methods to the
entire packet 9IPSec H and T) and then adds a new IP header.
This mode is normally used between two routers, between a host and a router or
between a router and a host. The entire original packet is protected from
intrusion between sender and receiver, as if the whole packet goes through an
imaginary tunnel.
Firewalls
Firewall acts a packet filter- inspects every incoming and outgoing packet- those
that meet the criteria set by the network administrator are forwarded normally,
others are dropped
Criteria- as Rules or tables that list sources and destinations that are blocked or
acceptable, default rules about what to do with packets going to or coming from
other machines- some sites may be blocked
Security is needed, but cannot cut off communication with the outside world
Hence we have the De Militarised Zone or DMZ- the part of the network that
lies outside the security perimeter
For example, the web server and the email server: Rules to permit connections
between internal machines and web server (port 80).
Firewalls may be stateful these map packets to connections and use TCP-IP
header fields to keep track of connections. This can be done by a Rule which
says that an external web server can send packets to an internal host, but only if
the internal host has first established a connection to it.
Thus firewall may violate the standard layering of protocols. They are
network-layer devices, but they peek at the transport and application layers to
do their filtering.
An intrusion detection system (IDS) inspects all inbound and outbound network
activity and identifies suspicious patterns that may indicate a network or system
attack from someone attempting to break into or compromise a system.
Non-intrusion attacks are those in which the goal is not to destroy or steal your
data but to crash your server or clog your network to prevent access. These are
also referred to as denial of service (DoS) attacks.
Intrusion attacks are those in which an attacker enters your network to read,
damage, and/or steal your data. These attacks can be divided into two
subcategories: pre-intrusion activities and intrusions.
Pre-intrusion activities
Pre-intrusion activities are used to prepare for intruding into a network. These
include port scanning to find a way to get into the network and IP spoofing to
disguise the identity of the attacker or intruder.
Ways of intruding into your network to do damage include the following: Trojan
attacks, password hijacking attack, etc.