Beruflich Dokumente
Kultur Dokumente
By
tadanki.ramakrishna@yahoo.co.in
INDEX
1. Importance of Network Security Composition and Architecture. (Page 1)
2. Network urd!es"#hreats$%u!nera&i!ity$%irus$Attacks etc. (Page1')
(. )ncryption and *ecryption Security Systems.(Page +()
+. Secured and ,nsecured !ayer systems.(Page -.)
/. 0S$1AN$2AN Security System.(Page '-)
3. 4outers 5 6irewa!!s compositions.(Page 1+.)
-. %PNs$ Authori7ation and Authentication Systems.(Page 133 )
'. Network Security Po!icy$ Auditing and 8onitoring Systems.(Page 1'2)
9. Conc!usion.(Page 21/)
1
1. Importance of Network Security Composition and Architecture
It is an important responsi&i!ity of a Computer )ngineer to gi:e an answer to the ;uestion !ike...
<2hy is computer and network security important=<&ut it is crucia! for organi7ations to define
why they want to achie:e computer security to
determine how they wi!! achie:e it. It is a!so a usefu! too! to emp!oy when seeking senior
management>s authori7ation for security"re!ated e?penditures. Computer and network
security is important for the fo!!owing reasons.
1. To protect company assets(Information): 0ne of the primary goa!s of computer and
network security is the protection of company assets. ere the asset means not the
hardware and software that constitute the company>s computers and networks. #he
assets are comprised of the <information< that is sa:ing on a company>s computers
and networks. Information is a :ita! organi7ationa! asset. Network and computer
security is necessary to e:ery network with the protection$ integrity$ and a:ai!a&i!ity of
information. Information can &e defined as data that is organi7ed and accessi&!e in a
coherent and meaningfu! manner.
2. #o gain a competiti:e ad:antage@ *e:e!oping and maintaining effecti:e security
measures can pro:ide an organi7ation with a competiti:e ad:antage o:er its
competition. Network security is particu!ar!y important in the arena of Internet
financia! ser:ices and e"commerce. It can mean the difference &etween wide
acceptance of a ser:ice and a customer response. 6or e?amp!e$ how many peop!e do
you know who wou!d use a &ank>s Internet &anking system if they knew that the
system had &een successfu!!y hacked in the past= Not many. #hey wou!d go to the
competition for their Internet &anking ser:ices.
2
(. To comply with regulatory requirements and fiduciary responsibilities: Corporate
officers of e:ery company ha:e a responsi&i!ity to ensure the safety and soundness of
the organi7ation. Part of that responsi&i!ity inc!udes ensuring the continuing operation
of the organi7ation. According!y$ organi7ations that re!y on computers for their
continuing operation must de:e!op po!icies and procedures that address organi7ationa!
security re;uirements. Such po!icies and procedures are necessary not on!y to protect
company assets &ut a!so to protect the organi7ation from !ia&i!ity. 6or"profit
organi7ations must a!so protect shareho!ders> in:estments and ma?imi7e return. In
addition$ many organi7ations are su&Aect to go:ernmenta! regu!ation$ which often
stipu!ates re;uirements for the safety and security of an organi7ation. 6or e?amp!e$
most financia! institutions are su&Aect to federa! regu!ation. 6ai!ure to comp!y with
federa! guide!ines can resu!t in the sei7ure of a financia! institution &y federa!
regu!ators. In some cases$ corporate officers who ha:e not proper!y performed their
regu!atory and fiduciary responsi&i!ities are persona!!y !ia&!e for any !osses incurred
&y the financia! institution that emp!oys them.
To keep the job: 6ina!!y$ to secure one>s position within an organi7ation and to
ensure future career prospects$ it is important to put into p!ace measures that protect
organi7ationa! assets. Security shou!d &e part of e:ery network or systems
administrator>s Ao&. 6ai!ure to perform ade;uate!y can resu!t in termination.
#ermination shou!d not &e the automatic resu!t of a security fai!ure$ &ut if$ after a
thorough postmortem$ it is determined that the fai!ure was the resu!t of inade;uate
po!icies and procedures or fai!ure to comp!y with e?isting procedures$ then
management needs to step in and make some changes.
(
The Security Trinity
#he &asic three essentia!s components of the security trinity is pre:ention$ detection$ and
response$ comprise the &asis for network security. #he security trinity shou!d &e the
foundation for a!! security po!icies and measures that an organi7ation de:e!ops and dep!oys.
Prevention
#he foundation of the security trinity is pre:ention. #o pro:ide some !e:e! of security$ it is
necessary to imp!ement measures to pre:ent the e?p!oitation of :u!nera&i!ities. In de:e!oping
network security schemes$ organi7ations shou!d emphasi7e pre:entati:e measures o:er
detection and response@ It is easier$ more efficient$ and much more cost"effecti:e to pre:ent
a security &reach than to detect or respond to one. 4emem&er that it is impossi&!e to de:ise
a security scheme that wi!! pre:ent a!! :u!nera&i!ities from &eing e?p!oited$ &ut companies
shou!d ensure that their pre:entati:e measures are strong enough to discourage potentia!
crimina!s"so they go to an easier target.
Detection
0nce pre:entati:e measures are imp!emented$ procedures need to &e put in p!ace to detect
potentia! pro&!ems or security &reaches$ in the e:ent pre:entati:e measures fai!. As !ater
chapters show$ it is :ery important that pro&!ems &e detected immediate!y. #he sooner a
pro&!em is detected the easier it is to correct and c!eanup.
4
Response
0rgani7ations need to de:e!op a p!an that identifies the appropriate response to a security
&reach. #he p!an shou!d &e in writing and shou!d identify who is responsi&!e for what actions
and the :arying responses and !e:e!s of esca!ation.
6irst$ network security is not a technica! pro&!emB it is a &usiness and peop!e pro&!em. #he
techno!ogy is the easy part. #he difficu!t part is de:e!oping a security p!an that fits the
organi7ation>s &usiness operation and getting peop!e to comp!y with the p!an. Ne?t$
companies need to answer some fundamenta! ;uestions$ inc!uding the fo!!owing.
C ow do you define network security=
C ow do you determine what is an ade;uate !e:e! of security=
#o answer these ;uestions$ it is necessary to determine what youDcompany are trying to
protect either information or system. A system is a co!!ection of :arious types of networks
and architectures which predefined or conse;uent to the o&Aects of the system.
Information Security
Network security is concerned and an essentia! to a network$ with the security of company
information assets. 2e often !ose sight of the fact that it is the information and our a&i!ity to
access that information that we are rea!!y trying to protect"and not the computers and
networks. A simp!e definition for information security@
Information security E confidentia!ity F integrity F a:ai!a&i!ity F authentication
#here can &e no information security without confidentia!ityB this ensures that unauthori7ed
users do not intercept$ copy$ or rep!icate information. At the same time$ integrity is necessary
so that organi7ations ha:e enough confidence in the accuracy of the information to act upon
it. 8oreo:er$ information security re;uires organi7ations to &e a&!e to retrie:e dataB security
measures are worth!ess if organi7ations cannot gain access to the :ita! information they need
to operate when they need it.
/
6ina!!y$ information is not secure without authentication determining. whether the end user is
authori7ed to ha:e access. Among the many e!ements of information security are ensuring
ade;uate physica! securityBhiring proper personne!B de:e!oping$ and adhering to$ procedures
and po!iciesB strengthening and monitoring networks and systemsB and de:e!oping secure
app!ications. It is important to remem&er that information security is not Aust a&out
protecting assets from outside hackers. #he maAority of the time threats are interna! to an
organi7ation@ <2e ha:e found the enemy and it is us.<
Information security is a!so a&out procedures and po!icies that protect information from
accidents$ incompetence$ and natura! disasters. Such po!icies and procedures need to address
the fo!!owing@
C Gackups$ configuration contro!s$ and media contro!sB
C *isaster reco:ery and contingency p!anningB
C *ata integrity.
It is a!so important to remem&er that network security is not a&so!ute. A!! security is re!ati:e.
Network security shou!d &e thought of as a spectrum that runs from :ery unsecured to :ery
secure. #he !e:e! of security for a system or network is dependent on where it !ands a!ong
that spectrum re!ati:e to other systems. It is either more secure or !ess secure than other
systems re!ati:e to that point. #here is no such thing as an a&so!ute!y secure network or
system. Network security is a &a!ancing act that re;uires the dep!oyment of <proportionate
defenses.<
#he defenses that are dep!oyed or imp!emented shou!d &e proportionate to the threat.
0rgani7ations determine what is appropriate in se:era! ways$ descri&ed as fo!!ows.
C Ga!ancing the cost of security against the :a!ue of the assets they are protectingB
C Ga!ancing the pro&a&!e against the possi&!eB
C Ga!ancing &usiness needs against security needs.
3
0rgani7ations must determine how much it wou!d cost to ha:e each system or network
compromised"in other words$ how much it wou!d cost in do!!ars to !ose information or access
to the system or to e?perience information theft. Gy assigning a do!!ar :a!ue to the cost of
ha:ing a system or network compromised$ organi7ations can determine the upper !imit they
shou!d &e wi!!ing to pay to protect their systems. 6or many organi7ations this e?ercise is not
necessary$ &ecause the systems are the !ife&!ood of the &usiness. 2ithout them$ there is no
organi7ation. 0rgani7ations a!so need to &a!ance the cost of security against the cost of a
security &reech.
Henera!!y$ as the in:estment in security increases$ the e?pected !osses shou!d decrease.
Companies shou!d in:est no more in security than the :a!ue of the assets they are protecting.
#his is where cost &enefit ana!ysis comes into p!ay.
8oreo:er$ organi7ations must &a!ance possi&!e threats against pro&a&!e threats@ As it is
impossi&!e to defend against e:ery possi&!e type of attack$ it is necessary to determine what
types of threats or attacks ha:e the greatest pro&a&i!ity of occurring and then protect against
them.
It is a!so important to &a!ance &usiness needs with the need for security$ assessing the
operationa! impact of imp!ementing security measures. Security measures and procedures
that interfere with the operation of an organi7ation are of !itt!e :a!ue. #hose types of
measures are usua!!y ignored or circum:ented &y company personne!$ so they tend to create$
rather than p!ug$ security ho!es. 2hene:er possi&!e$ security measures shou!d comp!ement
the operationa! and &usiness needs of an organi7ation.
Risk Assessment
#he concept of risk assessment is crucia! to de:e!oping proportionate defenses. #o perform a
risk ana!ysis$ organi7ations need to understand possi&!e threats and :u!nera&i!ities. 4isk is
the pro&a&i!ity that a :u!nera&i!ity wi!! &e e?p!oited. #he &asic steps for risk assessment are
!isted as fo!!ows@
-
Identifying and prioriti7ing assetsB
Identifying :u!nera&i!itiesB
Identifying threats and their pro&a&i!itiesB
Identifying countermeasuresB
*e:e!oping a cost &enefit ana!ysisB
*e:e!oping security po!icies and procedures.
#o identify and prioriti7e information assets and to de:e!op a cost &enefit ana!ysis$ it is
he!pfu! to ask a few simp!e ;uestions such as the fo!!owing.
C 2hat do you want to safeguard=
C 2hy do you want to safeguard it=
C 2hat is its :a!ue=
C 2hat are the threats=
C 2hat are the risks=
C 2hat are the conse;uences of its !oss=
C 2hat are the :arious scenarios=
C 2hat wi!! the !oss of the information or system cost=
Prioriti7e assets and systems &y assigning a do!!ar :a!ue to the asset. #he do!!ar :a!ue can &e
the rep!acement cost$ the cost to not ha:e the asset a:ai!a&!e or the cost to the organi7ation
to ha:e the asset$ such as proprietary information$ o&tained &y a competitor. It is a!so
necessary to inc!ude more o&scure costs$ such as !oss of customer confidence. 2eed out the
pro&a&!e threats from the possi&!e. *etermine what threats are most !ike!y$ and de:e!op
measures to protect against those threats.
8
Classification of Computer Networks
#here are &asica!!y three types of networks &ased on fo!!owing....
.Based on !ransmission "ode
#.Based on $uthentication
%.Based on &eo'raphical location
(imple)
simp!e? mode$ the communication is unidirectiona!.
*alf+Duple)
In ha!f"*up!e? mode$ the communication is &idirectiona!.
,ull+Duple)
In 6u!!"*up!e? mode$ &oth stations can transmit and recei:e simu!taneous!y.
Based on !ransmission "ode
(ynchronous !ransmission
)ach &it reaches the destination with the same time de!ay after !ea:ing the source.
$synchronous !ransmission
Packets are recei:ed with :arying de!ays$ so packets can arri:e out of order. Some
packets are not recei:ed correct!y.
Based on $uthentication
Peer to Peer Connection
In peer"to"peer networks$ there are no dedicated ser:ers. No one can contro! the other
computers.
(erver Based Connection
A dedicated ser:er is optimi7ed to ser:ice re;uests from network c!ients. A ser:er can
contro! the c!ients for its ser:ices.
-
Based on &eo'raphical location
.$N /.ocal $rea Network0
Networks which co:er c!ose geographica! area
"$N /"etropolitan $rea Network0
8etropo!itan area network is an e?tension of !oca! area network to spread o:er the city.
1$N /1ide $rea Network0
2AN spread o:er the wor!d may &e spread o:er more than one city country or continent.
1$N !echnolo'y
2AN spread o:er the wor!d may &e spread o:er more than one city country or continent.
Systems in this network are connected indirect!y. Henera!!y 2AN network are s!ower
speed than 1ANIs. #he 2AN network are owned or operated &y network pro:iders. If it
is owned &y a sing!e owner then it is ca!!ed )nterprise network. 0ften these types ha:e
com&ination of more than one topo!ogy.
!opolo'y
#opo!ogy refers to physica! !ayout inc!uding computers$ ca&!es$ and other resourcesB it
determines how components communicate with each other.
#odayIs network designs are &ased on three topo!ogies@
Bus consists of series of computers connected a!ong a sing!e ca&!e segment
(tar connects computers :ia centra! connection point or hu&
Rin' connects computers to form a !oop
A!! computers$ regard!ess of topo!ogy$ communicate &y addressing data to one or more
computers and transmitting it across ca&!e as e!ectronic signa!s. *ata is &roken into packets
and sent as e!ectronic signa!s that tra:e! on the ca&!e. 0n!y the computer to which the data is
addressed accepts it.
2
Protocol
Protoco!s mean set of ru!es. It is a forma! description of message formats and the ru!es two
or more machines has fo!!ow to e?change messages. #he key e!ements of a protoco! are
synta?$semantics and timing.
(ynta)
Synta? refers to the structure or format of the data$ meaning the order in which they are
presented.
(emantics
Semantics refers to the meaning of each section of &its.
!imin'
#iming refers to when data shou!d &e sent and how fast it can &e sent.
3nternet workin' !echnolo'ies
Internet working #echno!ogies te!! how the Internet accommodating mu!tip!e under!ying
hardware techno!ogies and how they are interconnected and formed the network$ and set of
communication standard which the network used to inter operate.
#he !owercase internet means mu!tip!e networks connected together$ using a common
protoco! suite. #he uppercase Internet refers to the co!!ection of hosts around the wor!d that
can communicate with each other using #CPDIP. 2hi!e the Internet is an internet$ the re:erse
is not true.