Beruflich Dokumente
Kultur Dokumente
Level of Defenses In Network Security- A Case Study Of Geetanjali Institute of Technical Studies, Dabok
Naveen Malkani#1, Bhavesh Jain*2, Kritika Soni*3, Kunal Singhvi*4
1
2, 3 , 4
Department Of Computer Science and Engineering Geetanjali Institute of Technical Studies, Dabok
Abstract A secured network is one which is free of unauthorized access, threats and hackers. This paper describes the different levels o f network security. A brief overview of the Network Security, its need, different hreats and related pro tection techniques are presented. The paper presents a general overview of the most common network security threats and the steps which can be taken to p o tect an educatio nal institution and to ensure that data travelling across the network is safe and secure. The objective of the paper is to highlight the loopholes in the existing network of computer science department of Geetanjali Institute of Technical Studies. The paper presents the setup of an Ideal Network Defense System in the institute. Keywords Network Security, IP Sec, VLANs, Firewalls, Antivirus Packages, MAC Filtering, Access Control Lists, Tokens, Security Policies, Intrusion Detection.
administrative and management policy required to provide an acceptable level of protection for hardware, software, and information in a network. [1]
I.
Introduction
The Internet has undoubtedly become the largest public data network, enabling and facilitating both personal d educational communications worldwide. The volume of traffic moving over the internet, as well as education networks, is expanding exponentially every day. This vast network and its associated technologies have opened the door to an increasing number of security threats from which educational institution must protect them. Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access, and consistent and continuous monitoring and measurement of its effectiveness combined together. Network Security refers to all hardware and software functions, characteristics, feature, operational procedures, accountability measures, access controls, and
Ridhima ,Sheela Bhatt ,Amandeep et.al. (Eds.): ICOACCE 2010 Geetanjali Institute Of Technical Studies , Udaipur.
Networks in the institution are isolated from each other. It is desired to have a single backbone network. The paper will discuss:
Users in college.
Current network plan. Drawbacks in the existing network plan. Level of defenses in an ideal network system.
Proposed network plan for the college.
IV.
Current Scenario
A. Users
College has departments - Computer Science, Electronics and Communication, Mechanical, Electrical, Automobile, Information Technology, MBA and MCA. Besides these departments, internet facility is required by accounts section, administrative department and director sir. All faculty me mbers and students are availing the internet
The network in Geetanjali Institute is divided into three different netw orks.
1) BLOCK-A
The block-A network includes Computer Science department, MCA department, IT department, Mechanical department and the administrative department. The networ k plan is shown in figure.
Figure: BLOCK- B Network
3) ACCOUNTS
C.
In the college environment, a single unpatched or compromised end-terminal threatens the entire network. It can serve as a backdoor to intruders, a channel for worms and spywares, and it can infect the entire network. The institution tries hard to implement a consistent security policy that defines w hats permitted and whats prohibited on student end-terminals , but a number of logistical problems prohibit enforcement of such policies. Major of the m include:
2) BLOCK-B
The block-B network includes Electronics department, Electrical department and MBA department. The network
Level of Defenses
We have an extensive choice of technologies, ranging fro m antivirus software packages to dedicated network security hardware, such as firewalls and intrusion detection systems, to provide protection for all areas of the network. Further tools can be deployed that periodically detect security vulnerabilities in the network providing ongoing, proactive security. With all these currently options available, it is possible to implement a security infrastructure that allows sufficient protection quick access to information. A network requires multiple layers of protection to be truly secure.
Security Level
5. Network
Applicable Security Measure Access Control Lists Intrusion Detection/Prevention Systems MAC Filtering Security Policies VLANs Tokens
5) Mesh Network
There is no planning in the current network set-up. All the end -terminals and switches are arranged in a disorganized manner. The side effects of this topology are:
Level
4. 3.
Switch Level
Server Level
More amount of cabling is required. Detection of point of fault is difficult. More effort is required in installing, modifying and maintaining the network devices.
2.
PC Level
6) No Load Balancing
There is no provision of switching between the alternate
1.
Physical Level
A.
Physical security is an initial concern when designing a secure network. The easiest and best means of protecting important machines like servers is to secure them under a lock and key. Next, make sure to use wiring that is le st susceptible to eavesdropping and snooping. Copper wiring can be connected to with greater ease than other types of cables, and is thus more vulnerable.
terminals.
Install UPS (uninterruptible power supply) systems for mission-critical hardware. Deploy backup generator systems for missioncritical disaster recovery if feasible. Test and maintain UPS and/or generators based on the manufacturers' suggested preventative maintenance schedule.
Ridhima ,Sheela Bhatt ,Amandeep et.al. (Eds.): ICOACCE 2010 Geetanjali Institute Of Technical Studies , Udaipur.
Monitor and alarm power-related parameters at the supply and device level. Use filtered power and install redundant power supplies on mission-critical devices. B. PC Level Security
This level of defense includes technologies as Antivirus Softw are Packages, IP Sec, host Firewalls, Folder
Guards etc.
Antivirus Packages:
through it, and denies or permits passage based on a s of rules[3]. The firewall creates a protective layer between the network and the outside world. In effect, the fire all replicates the network at the point of entry so that it can receive and transmit authorized data without significa delay. However, it has built-in filters that can disallow unauthorized or potentially dangerous material from entering the real system. It also logs an attempted intrusion and reports it to the network administrators.
Folder Guards:
Virus protection softw are is packaged with most computers and can counter most virus threats if the software is regularly updated and correctly maintained. The package includes a virus database that helps it to identify known viruses when they attempt to strike. To keep updates and maintenance costs to a minimum, all the computers on a network should be protected by a same antivirus package. It is essential to update the antiv rus package on a regular basis.
Folder Guard is a computer security software tool that lets you password-protect, hide, or restrict access to files and folders of your choice, and also restrict access to ot er Windows resources, such as Control Panel, Start Menu, Desktop, and more. You can configure the protection so that only specific users would be restricted, on both d-
IPSec:
This level of defense includes Port Blocking, Service Authentication, VLANs, Tokens, and Security Policies
It is an industry-wide standard suite of protocols and algorithms that allows for secure data transmission over an IP-based network that functions at the layer 3 of the OSI model [2 ]. The two primary security protocols used by IPSec are Authentication Header (AH) and Encapsulating Security Payload (ESP). The AH protocol provides authentication for the data and the IP header of a packet using a one-way hash for packet authentication. AH does not offer any encryption services. ESP protocol provides Confidentiality (through the use of symmetric encrypti n algorithms like DES or 3DES), Data origin authenticati n and connectionless integrity, Anti-replay service (it is based upon the receiver, meaning the service is effective only if the receiver checks the sequence number. When e hacker nicks a copy of an authenticated packet and transmit it later to the intended destination, it can disrupt services. The sequence Number field is designed to foi this type of attack), Traffic flow (for this, Tunnel Mode have to be selected. In tunnel mode, the entire IP pac et is encapsulated in the body of a new IP packet w ith a completely new IP header. It is most effective if implemented at a security gateway, thus company machines in a network do not have to be aw are of IPSec).
etc.
Security Policies:
Security policies are rules that are electronically programmed and stored within security equipment to control such areas as access privileges [4]. These are also written or verbal regulations by w hich an organization operates. The policies that are implemented should control who has access to which areas of the network and how unauthorized users are going to be prevented from entering restricted areas. The security policy management function should be assigned to people who are extremely trustworthy and have the technical competence required.
VLANs:
Firewall:
A firewall is a dedicated appliance, or software running on another computer, which inspects network traffic passing
A VLAN is a logical grouping of network users and resources connected to administratively defined ports a switch. A VLAN is treated like its own subnet or broadcast domain, meaning that frames broadcast onto t network are only switched between the ports logically grouped within the same LAN. It allows network administrator to have total control over each port and user plus whatever resources each port can access. VLANs can be created in accordance with the network resources a given user requires.
Tokens:
A security token can be a physical device that an authorized user of computer resources is given to ease authentication. They are used to prove ones identity electronically. Hardware tokens typically store cryptographic keys, such as digital signature, or biometric data, such as finger-print minutiae. The simplest security tokens do not need any connection to a computer. Other tokens connect to the computer using wireless techniques. The new form of tokens are mobile devices which are communicated with out-of-band channel (like voice, sms etc.). Disconnected tokens have neither a physical nor logical connection to the client computer. They use a builtin screen to display the generated authentication data, which the users enter manually via keyboards. Connected tokens are tokens that must be physically connected to e client computer. These tokens automatically transmit the authentication info to the client computer once the physical connection is made, eliminating the need for e user to manually enter the authentication info. [ 5] D. Switch Level Security
statements. Because of this, the order of the statements within any access list is significant. Access lists can be applied as inbound or outbound access lists. Inbound access lists process packets as they enter a router's interface and before they are routed. Outbound access lists process packets as they exit a router's interface and after they are routed.
Intrusion Detection is the process of monitoring the e occurring in a computer systems or network and analyzing the m for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies or standard security practices. Intrusion Detection System (IDS) is software that automates the intrusion detection process. An Intrusion Prevention System (IPS) is software that has all the capabilities of IDS and can also attempt to stop possible incidents [6].
VI.
Proposed Network
This level of defense includes VLANs, MAC policies and MAC filtering.
MAC Filtering:
MAC filtering refers to a security access control methodology whereby the 48 -bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of black lists and white lists. While giving a w ireless network ome additional protection, MAC filtering can be circumvented by scanning a valid MAC and then changing the own MAC into a validated one. E. Router Level Security
We have discussed techniques for preventing network security threats. Now we are in a position to design a strategy for designing a secure network. Network Security must follow three fundamental percepts [7 ]. First, a secure network must have integrity such that all of the information stored therein is always correct and protected against fortuitous data corruption as well as willful alterations. Next, to secure a network there must be confidentiality , or the ability to share information on the network with only those people for w hom the viewing is intended. Finally, netw ork security requires availability of information to its necessary recipients at the
It is a list of conditions through which router can control (permit or deny) the packet on the basis of sources an destination address and protocols. Access lists are processed in sequential, logical order, evaluating packets from the top dow n, one statement at a time. As soon as a match is made, the permit or deny option is applied, and the packet is not applied to any more access list
Ridhima ,Sheela Bhatt ,Amandeep et.al. (Eds.): ICOACCE 2010 Geetanjali Institute Of Technical Studies , Udaipur.
Centralized Network
Redundancy Multiple ISPs (Internet Service Provider) Netw ork with Load Balancing
VII. Conclusion Network must be secure in order to prevent against threats to their integrity, otherwise the loss or misuse of information can be catastrophic. The paper set upon defining the role of network security and hoped to explain further how to achieve that role. The changing strategy for developing a secure network coincides w ith the creation of new threats; therefore, it is an evolutionary process constantly changing to meet new requirements. In conclusion, computers and software are now the part of world-wide -network, making them more susceptible to threats and thus demanding Network Security. REFERENCES
[1]. Shaffer, S teven L., and Alan R. S imon, Network S ecurity, Academic Press, 1994. [2]. C isco Certified N etwo rk Associate, S tud y Guid e, Tod d Lammle, 6 th edition. [3]. M icrosystems Networking and Security S olutio ns. URL : http ://www.i2 sc.org [4]. A Beginners Guide to Netwo rk S ecurity, C isco S ystem. [5]. Security Tokens, W ik ipedia. URL : http ://en.wik iped ia.o rg/wiki/Security_tok en. [6 ]. Alexander, M ichael, The U nderground Guid e to Co mputer S ecurity, Addison- Wesley P ub lishing Company, 1996. [7]. G uide To Intrusio n Detectio n And P reventio n S ystems(IDPS ), recommendation o f National Institute Of Standards and Techno logies (Special Pub licatio n 800-94) . URL: csrc.nist.go v
protection. B.
Redundancy
Redundancy is the internetworking, the duplication of connections, devices or services that can be used as a backup in the events like the primary connections or service failure.
C. Multiple ISPs (Internet Service Provider) Multiple ISP solution addresses more than alternate
pathways and disaster recovery. It can also provide a solution for network traffic jams or supply network isolation for specific applications .