Network Security

INTRODUCTION
In this world, existence of Computer affects life of every human
being.
Before half a century ago, people could never thought of exploring the
whole world just sitting at one place. Computers made that possible just
because they are connected to each other all over the world.

Nothing in this world is secure, so Computer Networks.

As the topic suggest, there are two terms “Network” and “Security”.

A network basically means interconnection between two objects.

What exactly a Computer Network is?

A computer network is an interconnection of a group of computers.
OR
A group of computers and other devices, such as printers and scanners,
connected by a communications link, enabling all the devices to interact
with each other.

What security means?

Freedom from anxiety or fear.
OR
The state of being free from danger or injury.

Why security is essential?

• No one on the Internet is immune.
• It is remarkably easy to gain unauthorized access to information in an
insecure networked environment, and it is hard to catch the intruders.
• Even if you have a computer connected to the Internet only to play the
latest games or to send email to friends and family, your computer
may be a target.
The consequences of a break-in cover a broad range of possibilities:
• a minor loss of time in recovering from the problem can cause
• decrease in productivity,
• a significant loss of money or staff-hours,
• a devastating loss of credibility or market opportunity,
• a business no longer able to compete, legal liability,

1
 Network Security

• the loss of life.

What is Network Security?

Network security involves all activities that organizations, enterprises,

and institutions undertake to protect the value and ongoing usability of
assets and the integrity and continuity of operations. An effective network
security strategy requires identifying threats and then choosing the most
effective set of tools to combat them.

Network security ensures (or attempts to ensure) that electronic

information is accurate, trustworthy, and always available to or for use by
those authorized to access or use it.
Securing network infrastructure is like securing possible entry points
of attacks on a country by deploying appropriate defense.
Network security starts from authenticating any user.

Types of Computer networks:

There are different ways to classify Computer networks.
The most common way to classify networks is by the scale:
Here, they are classified as

Local Area Network (LAN)

A network covering a small geographic area, like a home, office, or

building.

The defining characteristics of LANs, in contrast to WANs (wide area

networks), include their much higher data transfer rates, smaller geographic
range, and lack of a need for leased telecommunication lines.

Metropolitan Area Network (MAN)

A Metropolitan Area Network is a network that connects two or more

Local Area Networks together but does not extend beyond the boundaries of
the immediate town, city, or metropolitan area. Multiple routers, switches &
hubs are connected to create a MAN.

2
 Network Security

Wide Area Network (WAN)

A WAN is a data communications network that covers a relatively

broad geographic area (i.e. one city to another and one country to another
country) and that often uses transmission facilities provided by common
carriers, such as telephone companies.

The most popular network is Internet.

The Internet
What is the Internet?

The Internet is the world's largest network of networks. When you

want to access the resources offered by the Internet, you don't really connect
to the Internet; you connect to a network that is eventually connected to the
Internet backbone, a network of extremely fast (and incredibly overloaded!)
network components. This is an important point: the Internet is a network of
networks -- not a network of hosts.

If you have a connection ``to the Internet'' through a local ISP, you are
actually connecting your computer to one of their networks, which is
connected to another, and so on.

What is a protocol?

A protocol is a well-defined specification that allows computers to

communicate across a network. In a way, protocols define the "grammar"
that computers can use to "talk" to each other.

TCP/IP
TCP/IP (Transport Control Protocol/Internet Protocol) is the ``language'' of
the Internet.

TCP stands for Transport Control Protocol. TCP is a transport-layer

protocol.

3
 Network Security

IP stands for "Internet Protocol". It is a network layer protocol.

Attacks

Who does an attack"?

To do an attack, attacker is needed.

In security terms attacker is generally called as Intruder.

An intruder may be an adolescent who is curious about what he or she

can do on the Internet, a college student who has created a new software
tool, an individual seeking personal gain, or a paid "spy" seeking
information for the economic advantage of a corporation or foreign country.

Where do attacks come from?

How, though, does an attacker gain access to your equipment?
Through any connection that you have to the outside world. This includes
Internet connections, dial-up modems, and even physical access.

Now, we've covered enough background information on networking

that we can actually get into the security aspects of all of this. First of all,
we'll get into the types of threats there are against networked computers, and
then some things that can be done to protect against various threats.

Attacks on any network are possible because these are vulnerable.

Vulnerability is a weakness that a person can exploit to accomplish

something that is not authorized or intended as legitimate use of a network
or system.

4
 Network Security

Attacks or Causes of attacks on

Network

 Attacks against IP
 Trojan horse programs
 Denial of service
 Unauthorized Access
 Unprotected Windows shares
 Mobile code (Java/JavaScript/ActiveX)
 Cross-site scripting
 Email spoofing
 Email borne viruses
 Hidden file extensions
 Chat clients
 Packet sniffing

Attacks against IP
A number of attacks against IP are possible. Typically, these exploit
the fact that IP does not perform a robust mechanism for authentication,
which is proving that a packet came from where it claims it did. A packet
simply claims to originate from a given address, and there isn't a way to be
sure that the host that sent the packet is telling the truth.

IP Spoofing

This is where one host claims to have the IP address of another. Since
many systems (such as router access control lists) define which packets may
and which packets may not pass based on the sender's IP address, this is a
useful technique to an attacker: he can send packets to a host, perhaps
causing it to take some sort of action.

5
 Network Security

IP Session Hijacking

This is a relatively sophisticated attack. This is very dangerous,

however, because there are now toolkits available in the underground
community that allow otherwise unskilled bad-guy-wannabes to perpetrate
this attack. IP Session Hijacking is an attack whereby a user's session is
taken over, being in the control of the attacker. If the user was in the middle
of email, the attacker is looking at the email, and then can execute any
commands he wishes as the attacked user. The attacked user simply sees his
session dropped, and may simply login again, perhaps not even noticing that
the attacker is still logged in and doing things.

Trojan horse programs

Trojan horse programs are a common way for intruders to trick you
(sometimes referred to as "social engineering") into installing "back door"
programs. These can allow intruders easy access to your computer without
your knowledge, change your system configurations, or infect your
computer with a computer virus.

Trojan horse and Other Malware

Malware is an abbreviation for malicious software, and refers to

programs that perform unwanted actions. These programs include viruses,
worms, Trojans and other malicious executable programs. Also included are
spyware and adware programs that are installed on a system without the
user’s permission.

Viruses and Worms

Worms are self-replicating programs that spread with no human
intervention after they are started. Viruses are also self-replicating programs,
but usually require some action on the part of the user to spread
inadvertently to other programs or systems.

Some are relatively harmless (for example, those that pop up a dialog
box at a specified time or date). Others can do great damage by deleting

6
 Network Security

files, crashing programs, or flooding networks with so much traffic that

normal network communications become impossible.

By some definitions, viruses spread from one file to another within the
same computer and worms are designed to spread from one computer to
another. Another difference is that viruses attach themselves to other
software programs (such as word processing programs, e-mail programs, or
even operating systems), and worms reside in active memory and do not
need a host program to attach themselves to.

Viruses and worms can be spread through e-mail attachments and

HTML mail, online P2P file sharing services, instant messages, Windows
file sharing, or files downloaded from Web sites, FTP sites, newsgroups, or
other sources. They may lie dormant until a particular date or time or
specific circumstances trigger them.

Viruses and worms that are programmed to activate on a certain date

or time are called time bombs. Those that are programmed to activate under
certain conditions (for example, the tenth time you open a particular
program) are called logic bombs.

Spyware and Adware

Adware
Adware refers to software products that display advertising.
Sometimes you do not even have to explicitly install anything to get infested
with adware; all you have to do is visit a Web site or open an HTML e-mail
message. One type of adware is a browser hijacker program that changes
your Web browser’s home page.

Spyware
A particularly insidious form of adware is spyware, which collects
information about your system or your computer activities and transmits it to
the program's developers for statistical and marketing purposes. For
example, spyware may send a list of Web sites that you visited. When you
install the software you do want, you may or may not be informed that the
adware or spyware is also being installed.

An especially dangerous type of spyware is not intended to collect

information for marketing, but is designed to log your keystrokes or save

7
 Network Security

images of your screen so that someone else can monitor what you do on the
computer. This type of spyware can be used for identity theft.

Denial of service
DoS (Denial-of-Service) attacks are probably the nastiest, and most
difficult to address. These are the nastiest, because they're very easy to
launch, difficult (sometimes impossible) to track.

The goal of denial-of-service attacks is not to gain unauthorized

access to machines or data, but to prevent legitimate users of a service from
using it. A denial-of-service attack can come in many forms. This type of
attack causes your computer to crash or to become so busy processing data
that you are unable to use it.

The premise of a DoS attack is simple: send more requests to the

machine than it can handle. There are toolkits available in the underground
community that make this a simple matter of running a program and telling
it which host to blast with requests. If the host is able to answer 20 requests
per second, and the attacker is sending 50 per second, obviously the host
will be unable to service all of the attacker's requests, much less any
legitimate requests.

It is important to note that in addition to being the target of a DoS

attack, it is possible for your computer to be used as a participant in a denial-
of-service attack on another system. Thus, the end target of the attack is not
your own computer, but someone else’s -- your computer is just a convenient
tool in a larger attack.

Unauthorized Access
“Unauthorized access'' is a very high-level term that can refer to a
number of different sorts of attacks. The goal of these attacks is to access
some resource that your machine should not provide the attacker.

Executing Commands Illicitly

There are two main classifications of the severity of this problem:
normal user access, and administrator access. A normal user can do a

8
 Network Security

number of things on a system (such as read files, mail them to other people,
etc.) that an attacker should not be able to do. This might, then, be all the
access that an attacker needs. On the other hand, an attacker might wish to
make configuration changes to a host (perhaps changing its IP address,
putting a start-up script in place to cause the machine to shut down every
time it's started or something similar). In this case, the attacker will need to
gain administrator privileges on the host.

Confidentiality Breaches
There is certain information that could be quite damaging if it fell into
the hands of a competitor, an enemy, or the public. In these cases, it's
possible that compromise of a normal user's account on the machine can be
enough to cause damage.

Destructive Behavior
Among the destructive sorts of break-ins and attacks, there are two
major categories.

Data Diddling
The data diddler is likely the worst sort, since the fact of a break-in
might not be immediately obvious. Perhaps he's toying with the numbers in
your spreadsheets, or changing the dates in your projections and plans.
Maybe he's changing the account numbers for the auto-deposit of certain
paychecks. In any case, rare is the case when you'll come in to work one day,
and simply know that something is wrong. An accounting procedure might
turn up a discrepancy in the books three or four months after the fact. Trying
to track the problem down will certainly be difficult, and once that problem
is discovered, how can any of your numbers from that time period be
trusted? How far back do you have to go before you think that your data is
safe?

Data Destruction
Some of those perpetrate attacks are simply twisted jerks who like to
delete things. In these cases, the impact on your computing capability -- and
consequently your business -- can be nothing less than if a fire or other
disaster caused your computing equipment to be completely destroyed.

9
 Network Security

Unprotected Windows shares

Unprotected Windows networking shares can be exploited by
intruders in an automated way to place tools on large numbers of Windows-
based computers attached to the Internet. Because site security on the
Internet is interdependent, a compromised computer not only creates
problems for the computer's owner, but it is also a threat to other sites on the
Internet. The greater immediate risk to the Internet community is the
potentially large number of computers attached to the Internet with
unprotected Windows networking shares combined with distributed attack
tools.
Another threat includes malicious and destructive code, such as viruses or
worms, which leverage unprotected Windows networking shares to
propagate.
There is great potential for the emergence of other intruder tools that
leverage unprotected Windows networking shares on a widespread basis.

Mobile code (Java/JavaScript/ActiveX)

There have been reports of problems with "mobile code" (e.g. Java,
JavaScript, and ActiveX). These are programming languages that let web
developers write code that is executed by your web browser. Although the
code is generally useful, it can be used by intruders to gather information
(such as which web sites you visit) or to run malicious code on your
computer. Many emails also have such code as their part.

Cross-site scripting
A malicious web developer may attach a script to something sent to a
web site, such as a URL, an element in a form, or a database inquiry. Later,
when the web site responds to you, the malicious script is transferred to your
browser.

You can potentially expose your web browser to malicious scripts by

10
 Network Security

• Following links in web pages, email messages, or newsgroup postings

without knowing what they link to
• using interactive forms on an untrustworthy site
• viewing online discussion groups, forums, or other dynamically
generated pages where users can post text containing HTML tags

Email spoofing
Email “spoofing” is when an email message appears to have originated from
one source when it actually was sent from another source. Email spoofing is
often an attempt to trick the user into making a damaging statement or
releasing sensitive information (such as passwords).

Spoofed email can range from harmless pranks to social engineering ploys.
Examples of the latter include

• Email claiming to be from a system administrator requesting users to

change their passwords to a specified string and threatening to
suspend their account if they do not comply
• Email claiming to be from a person in authority requesting users to
send them a copy of a password file or other sensitive information

Email borne viruses

Viruses and other types of malicious code are often spread as
attachments to email messages. Before opening any attachments, be sure you
know the source of the attachment. It is not enough that the mail originated
from an address you recognize.

Hidden file extensions

Windows operating systems contain an option to "Hide file extensions
for known file types". The option is enabled by default, but a user may

11
 Network Security

choose to disable this option in order to have file extensions displayed by

Windows. Multiple email-borne viruses are known to exploit hidden file
extensions. The first major attack that took advantage of a hidden file
extension was the VBS/LoveLetter worm which contained an email
attachment named "LOVE-LETTER-FOR-YOU.TXT.vbs". Other malicious
programs have since incorporated similar naming schemes. Examples
include

Downloader (MySis.avi.exe or QuickFlick.mpg.exe)

VBS/Timofonica (TIMOFONICA.TXT.vbs)
VBS/CoolNote (COOL_NOTEPAD_DEMO.TXT.vbs)
VBS/OnTheFly (AnnaKournikova.jpg.vbs)
The files attached to the email messages sent by these viruses may appear to
be harmless text (.txt), MPEG (.mpg), AVI (.avi) or other file types when in
fact the file is a malicious script or executable (.vbs or .exe, for example).

Chat clients
Internet chat applications, such as instant messaging applications and
Internet Relay Chat (IRC) networks, provide a mechanism for information to
be transmitted bi-directionally between computers on the Internet. Chat
clients provide groups of individuals with the means to exchange dialog,
web URLs, and in many cases, files of any type.
With such exchanges, there are chances of malware penetration.

Packet sniffing
A packet sniffer is a program that captures data from information
packets as they travel over the network. That data may include user names,
passwords, and proprietary information that travels over the network in clear
text. With perhaps hundreds or thousands of passwords captured by the
packet sniffer, intruders can launch widespread attacks on systems. Installing
a packet sniffer does not necessarily require administrator-level access.

Relative to DSL and traditional dial-up users, cable modem users have
a higher risk of exposure to packet sniffers since entire neighborhoods of
cable modem users are effectively part of the same LAN. A packet sniffer

12
 Network Security

installed on any cable modem user's computer in a neighborhood may be

able to capture data transmitted by any other cable modem in the same
neighborhood.
Protection/Recommendations against
Threats to Network Security
 Use of virus protection software
 Use of firewall
 Don’t open unknown email attachments
 Don’t run programs of unknown origin
 Disable hidden filename extensions
 Session Encryption
 Protection against Denial of service
 Protection against Packet sniffers
 Keep all applications (including your operating system) patched
 Turn off your computer or disconnect from the network when not
in use
 Disable Java, JavaScript, and ActiveX if possible
 Make regular backups of critical data
 Don't put data where it doesn't need to be
 Avoid systems with single points of failure
 Virtual Private Networks

Prevention measures help you to stop unauthorized users/intruders from

accessing any part of your computer system. Detection helps you to
determine whether or not someone attempted to break into your system, if
they were successful, and what they may have done.

Use of virus protection software

Use anti-virus software on all Internet-connected computers.

Be sure to keep it up-to-date because new viruses are discovered daily.

The effectiveness of antivirus software is dependent on having the latest

virus profiles installed on your computer so that it can look for recently
discovered viruses.

13
 Network Security

Many anti-virus packages support automatic updates of virus definitions.

Use a firewall
The Firewall is "a system or group of systems that enforces an access
control policy between two networks."

OR

A firewall is a collection of hardware and software designed to examine a

stream of network traffic and service requests. Its purpose is to eliminate
from the stream those packets or requests that fail to meet the security
criteria established by the organization.

There are two t types of firewalls:

Software firewall - specialized software running on an individual computer,

or

Network firewall - a dedicated device designed to protect one or more

computers.

Intruders are constantly scanning systems for known vulnerabilities.

Network firewalls (whether software or hardware-based) can provide some
degree of protection against these attacks. However, no firewall can detect or
stop all attacks, so it’s not sufficient to install a firewall and then ignore all
other security measures.

Though effective to prevent unauthorized access, this component fails

to check potentially harmful contents such as computer worms being
transmitted over the network. An intrusion prevention system helps detect
and prevent such malware.

Don't open unknown email

attachments
Before opening any email attachments, be sure you know the source of the
attachment. It is not enough that the mail originated from an address you
recognize. Malicious code might be distributed in amusing or enticing
programs.

14
 Network Security

If you must open an attachment before you can verify the source, we suggest
the following procedure:

• Be sure your virus definitions are up-to-date (see "Use virus

protection software" above)

• Save the file to your hard disk

• Scan the file using your antivirus software

• Open the file

• For additional protection, you can disconnect your computer's

network connection before opening the file.

Following these steps will reduce, but not wholly eliminate, the chance that
any malicious code contained in the attachment might spread from your
computer to others.

Don't run programs of unknown

origin
Never run a program unless you know it to be authored by a person or
company that you trust. Also, don't send programs of unknown origin to
your friends or coworkers simply because they are amusing -- they might
contain a Trojan horse program.

Disable hidden filename extensions

Windows operating systems contain an option to "Hide file extensions for
known file types". The option is enabled by default, but you can disable this
option in order to have file extensions displayed by Windows. After
disabling this option, there are still some file extensions that, by default, will
continue to remain hidden.

There is a registry value which, if set, will cause Windows to hide certain
file extensions regardless of user configuration choices elsewhere in the
operating system. The "NeverShowExt" registry value is used to hide the

15
 Network Security

extensions for basic Windows file types. For example, the ".LNK" extension
associated with Windows shortcuts remains hidden even after a user has
turned off the option to hide extensions.

Session Encryption
In this case, the attacker can take over the session, but he'll see only
“gibberish” because the session is encrypted. The attacker will not have the
needed cryptographic key(s) to decrypt the data stream from G, and will,
therefore, be unable to do anything with the session.

Encryption is the process of translating information from its original form

(called plaintext) into an encoded, incomprehensible form (called
ciphertext). Decryption refers to the process of taking ciphertext and
translating it back into plaintext. Any type of data may be encrypted,
including digitized images and sounds.

Protection against Denial of service

Some things that can be done to reduce the risk of being stung by a denial of
service attack include

• Not running your visible-to-the-world servers at a level too close to

capacity

• Using packet filtering to prevent obviously forged packets from

entering into your network address space.

• Keeping up-to-date on security-related patches for your hosts'

operating systems.

Protection against Packet sniffers

One-Time Passwords: Intruders often install packet sniffers to capture
passwords as they traverse networks during remote log-in processes.
Therefore, all passwords should at least be encrypted as they traverse
networks. A better solution is to use one-time passwords because there are
times when a password is required to initiate a connection before
confidentiality can be protected.

16
 Network Security

Keep all applications, including your

operating system, patched
Vendors will usually release patches for their software when vulnerability
has been discovered. In most cases, the latest patches will prevent the attack.

Turn off your computer or disconnect

from the network when not in use
Turn off your computer or disconnect when you are not using it. An intruder
cannot attack your computer if it is powered off or otherwise completely
disconnected from the network.

Disable Java, JavaScript, and ActiveX

if possible
It is possible to disable Java, JavaScript, and ActiveX in your web browser.
We recommend that you do so if you are browsing web sites that you are not
familiar with or do not trust.

Be aware of the risks involved in the use of "mobile code" such as ActiveX,
Java, and JavaScript. A malicious web developer may attach a script to
something sent to a web site, such as a URL, an element in a form, or a
database inquiry. Later, when the web site responds to you, the malicious
script is transferred to your browser.

The most significant impact of this vulnerability can be avoided by disabling

all scripting languages. Turning off these options will keep you from being
vulnerable to malicious scripts. However, it will limit the interaction you can
have with some web sites.

Many legitimate sites use scripts running within the browser to add useful
features. Disabling scripting may degrade the functionality of these sites.

17
 Network Security

Make regular backups of critical data

Keep a copy of important files on removable media such as ZIP disks or
recordable CD-ROM disks (CD-R or CD-RW disks).

Make a boot disk before having a security event.

Don't put data where it doesn't need

to be
Although this should go without saying, this doesn't occur to lots of folks.
As a result, information that doesn't need to be accessible from the outside
world sometimes is, and this can needlessly increase the severity of a break-
in dramatically.

Avoid systems with single points of

failure
Any security system that can be broken by breaking through any one
component isn't really very strong. In security, a degree of redundancy is
good, and can help you protect your organization from a minor security
breach becoming a catastrophe.

Virtual Private Networks

Given the ubiquity of the Internet, and the considerable expense in private
leased lines, many organizations have been building VPNs (Virtual Private
Networks).

VPNs provide the ability for two offices to communicate with each other in
such a way that it looks like they're directly connected over a private leased
line. The session between them, although going over the Internet, is private
(because the link is encrypted), and the link is convenient, because each can

18
 Network Security

see each others' internal resources without showing them off to the entire
world.

Advantages of Network Security

Centralized protection
Network security software is accessed for changes by one central user. The
advantage to having your monitoring centralized is that hacks can be halted
before they do their dirty work.

Network security software can be put on a machine that is separate from the
internet and network but able to monitor information coming into other
machines that are net connected.

Firewalls everywhere
One essential effect of network security software is that you can install
firewalls at every important node in your network even between every
machine.

Some Other Advantages

• Less drag, more processing time. Anti virus software on each
machine slows down each machine. Centralized protection eliminates this
cumulative drag.

• Centralized compatibility. Any time you download or install a new

program you run the risk of it being incompatible with your old anti-virus
software.

• Updating. Can you count on all individual users in your organization

to update anti-virus software? Centralized network protection eliminates any
worries about employee vigilance.

19
 Network Security

• Time saving. This applies to all of the above. Updating and managing
downloads can all be done from one central location.

Conclusions
Attacks could be stopped at their entry points before they spread.

Access Vs Security

Users want easy access to network resources. Administrators want to keep

the network secure. These two goals are at odds, because access and security
are always on opposite ends of the continuum; the more you have of one, the
less you have of the other.

Everyone has a different idea of what ``security'' is, and what levels of risk
are acceptable. The key for building a secure network is to define what
security means to the organization.

None of the security approaches alone will be sufficient to protect a network,

but when they are layered together, they can be highly effective in keeping a
network safe from attacks and other threats to security.

Protecting your computer from hackers, crackers, attackers, viruses,

spyware, spam and other threats that exist because of network connectivity
is a joint effort. It involves individual computer users, organizational IT
departments and organizational policy-makers, and the Internet community
as a whole. By putting good security practices into use, we not only protect
our own computer and our local network, we also contribute to the overall
security of the global network.

Network security is a complicated subject, historically only tackled by well-

trained and experienced experts. However, as more and more people become
“wired'', an increasing number of people need to understand the basics of
security in a networked world.

20
 Network Security

The simplest advice is the oldest better to be safe than sorry.

Reference:
http://www.cert.org/tech_tips/home_networks.html

http://www.interhack.net/pubs/network-security/

http://en.wikipedia.org/wiki/Malware

http://www.softwareinfoguide.com/computer-security-software/advantages-
of-network-security.aspx

21