Sie sind auf Seite 1von 9

NETWORK SECURITY

ABSTRACT

John, sitting desperately in and losing his lifetime savings. In the present day
front of his system tries to hack his friend William’s scenario, where the earth is shrinking rapidly, such
bank account. But after a tiresome job, all he could that the entire world is now on your desktop,
succeed in getting was an encrypted code, which security is gaining much significance consequently.
did not make any sense to him and would take a Cryptography, authentication and access control
lifetime to decode making use of the concept of mechanisms play a very important role in secured
probability. Thanks! to the advanced techniques of communication as they form the major disciplines
security which saved William from getting bankrupt of network security.

INTRODUCTION Network security is an issue of great


What is security? significance today where a single problem can
Freedom from danger, fear or ensuring safety is change the fate of the companies and
security. organizations.
Measures adopted to prevent the authorized use, Orange Book: -
misuse, modification or denial of use of The National Computer Security Center
knowledge or facts, data or capabilities. (NCSC), an agency of the U.S government
published an official standard called “Trusted
Computer System Evaluation Criteria”
universally known as the “Orange Book”. The COMMON ATTACKS AGAINST NETWORK
Orange Book defines a series of ratings a ASSETS
computer system can have based on it’s security Attacks may occur through technical means
features and the care that went into it’s design, such as specific tools designed for attacks or
documentation and testing. This rating is exploitation of vulnerabilities in a computer
intended to give government agencies and system, or they may occur through social
commercial enterprises an objective assessment engineering, which is the use of non-technical
of a system’s security and to goad computer means to gain unauthorized access.
manufacturers into placing more emphasis on Attacks are primarily of four types:
security. The official categories are D, C1, C2, • Access
B1, B2, B3, and A1 ranging from minimal • Modification
protection or unrated to most secure. • Denial of service
When computers are networked together, new
• Repudiation
security problems occur which can prove to be
An access attack is an attempt to gain
great threats to major companies. The orange
information that the attacker is not authorized to
book did not address the issue of networked
see. This is an attack against the confidentiality
computers. The Red Book took all the
of the information. Snooping, Eavesdropping
requirements of the Orange book and attempted
and Interception come under this category.
to address a networked environment of
SNOOPING is looking through information
computers, thus creating the concept of network
files in the hopes of finding something
security
interesting. If the files are on a computer
A single layer of security cannot ensure good
system, an attacker may open one file after
security. Effective security is achieved by the
another until the required information is found.
combination of all security disciplines. The
EAVESDROPPING is the process of listening
prominent security technologies and product
to a conversation of which they are not a part.
categories used today are anti-virus software,
To gain unauthorized access to information, an
firewalls, smart cards, biometrics, intrusion
attacker must position him at a location where
detection, policy management, vulnerability
the information is likely to pass by. A sniffer is
scanning, encryption etc.
a computer that is configured to capture all the
traffic on the network. Most often they are
configured to capture user Ids and passwords. can be targeted at sensitive or public
Tapping a fibre-optic line requires more information.
specialized equipment and is normally not INSERTION- is the addition of information
performed by run-of-the-mill attackers. that did not exist previously. An attacker might
choose to add a transaction in a
banking system that moves funds
from a customer’s account to his
own.
DELETION attack is the removal
of existing information. This could
be the removal of information in a
historical record or in a record that
is yet to be acted upon.
INTERCEPTION is an active attack against
Denial-of-service (DoS) attacks are the attacks
the information. When an attacker intercepts
that deny the use of resources to legitimate users
information, he is inserting himself in the path
of the system, information or capabilities. DoS
of the information and capturing it before it
attacks generally do not allow the attackers to
reaches the destination. The attacker may or
access or modify information on the computer
may not allow the information to continue to its
system. DoS attacks are nothing more than
destination. On the Internet this could be done
vandalism. An attacker could encrypt a file and
by causing a name resolution change. The traffic
then destroy the encryption key. In that way, no
is then send to the attackers system instead of
one could get access to the information in the
the real destination. If configured correctly, the
file. This type of vulnerability allows an attacker
sender may never know that he was not talking
to send a pre-defined set of commands to the
to the real destination.
application that the application is not able to
A modification attack is an attempt to modify
process properly. The application is likely to
information that an attacker is not authorized to
crash when this occurs.
modify.
A Repudiation attack is an attack against the
CHANGES- one type of modification attack is
accountability of the information. In other
to change existing information. Change attacks
words, repudiation is an attempt to give false
information or to deny that a real event or come up very often as the flaw in an application
transaction should have occurred. that copies user data into another variable
MASQUERADING is an attempt to act like or without checking the amount of data being
impersonate someone else or some other copied. More and more programs seem to suffer
system. With few exceptions, any computer from this type of problem. If the programmer
system can take on any IP address. Thus it is checked the size of the user data before placing
possible for a computer system to masquerade it in the pre-defined variable, the buffer
as another system. overflow can be prevented.
Denial-of-Service
THE COMMON TECHNIQUES ADOPTED Single-source Denial-of-Service attack-
BY HACKERS Perhaps the most widely known DoS attack is
Open File Sharing via NFS was used by some called the SYN flood. Other attacks have also
of the hackers to gain access to information. been identified. The Ping of Death attack
They simply mounted the remote drive and read caused a ping packet to be sent to a target
the information. NFS uses user Ids to mediate system. Normally a ping packet does not contain
the access to the information on the drive. This any data. The ping of death packet contained a
became more dangerous when some systems large amount of data. When this data was read
were found to allow the sharing of the root file by the target, it would crash because of buffer
system. In this case, if a hacker could become overflow.
root on a system and mount a remote file Distributed Denial-of-Service attacks are
system; he could change the configuration files simply DoS attacks that originate from a large
of that remote system. number of systems. DDoS are usually controlled
Bad Passwords is the most common method from a single master and a single hacker. Such
used by the hackers to get into systems. Short attacks can be as simple as a hacker sending a
passwords allow the hacker to brute-force the ping packet to the broadcast address of a large
password. The other type of weak password is network while spoofing the source address to
the one that is easy to guess. direct all responses at a target. This particular
Buffer Overflows are one type of programming attack is called Smurf attack.
flaw exploited by the hackers. They are harder
to find than bad passwords. Buffer overflows
require quite a bit of expertise. Buffer overflows
Advanced techniques-Sniffing switch Since CodeRed used legitimate web connections
networks, redirecting traffic, IP spoofing are to attack, firewalls did not protect the victims.
few of the advanced techniques. Once on a system, CodeRed chose a random
Malicious code address to attack next.
• Computer viruses
• Trojan horse programs VARIOUS SECURITY TECHNOLOGIES

• Worms
VIRUSES FIREWALLS

A computer virus is a set of instructions that, A firewall is a network access control device

when executed, inserts copies of itself into other that is designed to deny all traffic except that is

programs. Some viruses are malicious and explicitly allowed. Firewalls can be configured

delete files or cause systems to become to allow traffic based on the service, the IP

unusable. Other viruses do not perform any address of the source or destination, or the ID of

malicious act except to spread to other systems. the user requesting service. Firewalls are

Examples include Michelangelo (a traditional generally of two types: application layer

virus) and Melissa (a macro virus). firewalls and packet filtering firewalls.

TROJAN HORSES Application layer firewalls are software

Just as the Greeks used a gift to hide evidence of packages that sit on top of the general –purpose

their attack, so too does a Trojan horse program operating systems or on firewall appliances. If a

hide its malicious nature behind the façade of rule does not specifically allow the traffic to

something useful or interesting. Example is the flow, the firewall will deny or drop the packets.

“ILOVEYOU” Trojan horse. It arrived as an With an application layer firewall, all

email with a visual basic program, which caused connections terminate on the firewall. If the

the e-mail services to stop completely. policy rules allow the traffic, the firewall

WORMS initiates a new connection from its external

A worm, as the name implies is a program that interface to the server system.

crawls from system to system without any Packet filtering firewalls is similar to the

assistance from its victims. The program application layer firewalls in matters related to

replicates itself by installing copies of itself on policy rules. Policy rules are enforced through

other machines across the network. The most the use of packet inspection filters. With a

famous recent worm is called the CodeRed. packet filtering firewall, connections do not
terminate on the firewall, but instead travel applications that touch everyday life; the
directly to the destination. As the packets arrive security of ATM cards, computer passwords,
at the firewall, the firewall will determine if the and electronic commerce all depend on
packets and the connection state are allowed by cryptography.Until modern times, cryptography
the policy rules. If so, the packet is sent on its referred almost exclusively to encryption, the
way. If not, the packet is denied or dropped. process of converting ordinary information
Drawbacks with firewalls-Firewalls assume (plaintext) into an unreadable ciphertext.
that all the unauthorized members are on the Decryption is the reverse process.
outside and everyone inside can be completely
trusted. This is an unwarranted assumption. A
Firewalls can be defeated by somehow injecting cipher
malicious code into the corporate network. (or
Firewalls, when not configured properly refuse cypher)
to recognize legitimate users and make their job is a
difficult. pair of

CRYPTOGRAPHY AS A TOOL FOR


SECURITY
The German Lorenz cipher machine, used in
World War II for encryption of very high-level
general staff messages
algorithms for encryption and decryption. The
Cryptography is a discipline of mathematics
exact operation of a cipher is controlled by a
concerned with information security and related
key, which is a secret parameter for the cipher
issues, particularly encryption, authentication,
algorithm.Historically, ciphers were often used
and access control. Its purpose is to hide the
directly for encryption or decryption without
meaning of a message rather than its
additional procedures. The Enigma machine,
existence.Cryptography is used in many
used in several variants by the German military
between the late 1920s and the end of World
War II, implemented a complex electro-
mechanical cipher to protect sensitive
communications.In cryptography, code has a
more specific meaning, referring to a procedure Symmetric-key cryptography
which replaces a unit of plaintext (i.e. the Symmetric-key cryptography refers to
meaningful words or phrases) with a code word encryption methods in which both the sender
(for example, apple pie replaces attack at dawn). and receiver share the same key. This was the
Codes are no longer used in serious only kind of encryption publicly known until
cryptography - except incidentally for such 1976. The modern study of symmetric-key
things as unit designations - since properly ciphers relates mainly to the study of block
chosen ciphers are both more practical and ciphers and stream ciphers and to their
secure than even the best codes, and better applications. Block ciphers take as input a block
adapted to computers as well. In recent decades, of plaintext and a key, and output a block of
the field has expanded beyond confidentiality ciphertext of the same size.Stream ciphers, in
concerns to include techniques for contrast to the 'block' type, create an arbitrarily
authentication, digital signatures, interactive long stream of key material, which is combined
proofs, and secure computation.The main with the plaintext bit by bit or character by
classical cipher types are transposition ciphers, character, somewhat like the one-time pad. In a
which rearrange the order of letters in a message stream cipher, the output stream is created based
(e.g. 'help me' becomes 'ehpl em'); and on an internal state which changes as the cipher
substitution ciphers, which systematically operates. That state's change is controlled by the
replace letters or groups of letters with other key. Cryptographic hash functions (often
letters or groups of letters (e.g. 'fly at once' called message digest functions) do not use
becomes 'gmz bu podf' by replacing each letter keys, but are a related and important class of
with the one following it in the alphabet). cryptographic algorithms. They take input data
Simple versions of either offered little (often an entire message), and output a short,
confidentiality. The development of digital fixed length hash, and do so as a one-way
computers and electronics after WWII made function. For good ones, collisions (two
possible much more complex ciphers. Many plaintexts which produce the same hash) are
computer ciphers can be characterised by their extremely difficult to find.
operation on binary bits (sometimes in groups or Message authentication codes (MACs) are
blocks), unlike classical and mechanical much like cryptographic hash functions, except
schemes, which generally manipulate traditional that a secret key is used to authenticate the hash
characters (i.e. letters and digits). value on receipt.
Public key cryptography • Change frequency- passwords
must not be more than 60 days old.
In a groundbreaking 1976 paper, Whitfield • History- the last ten passwords
Diffie and Martin Hellman proposed the notion should not be re-used.
of public-key (also, more generally, called Content- passwords should not be made up of only
asymmetric key) cryptography in which two letters but instead should include letters,numbers
different but mathematically related keys are and special punctuation characters.
.
used: a public key and a private key A public
key system is constructed so that calculation of KEY CERTIFICATION
the private key is computationally infeasible If keys are transmitted to a remote destination
from knowledge of the public key, even though by some means,they must be checked once they
they are necessarily related. Instead, both keys arrive to be sure that they have not been
are generated secretly, as an interrelated pair. tampered with during the transmission. Public
The public key algorithms are: keys are intended to be published or given out to
Modular addition, multiplication and modular other users and must also be certified as
exponentiation, RSA algorithm and the DSS belonging to the owner of the key pair. This can
algorithm. be done through a central authority- certificate
authority. CA generates certificates, which are
AUTHENTICATION signed messages specifying a name and the
The authentication of authorized users prevents corresponding key.
unauthorized users from gaining access to
information systems. The use of authentication INTRUSION DETECTION SYSTEMS
mechanisms can also prevent authorized users Intrusion detection systems(IDS) are the burglar
from accessing information that they are not alarms of the network. An IDS is designed to
authorized to view. Currently, password remain differentiate between an authorized entry and a
the primary authentication mechanism for malicious intrusion into a protected network. A
internal system access. If passwords are to be very common intrusion detection mechanism is
used, the following are recommended as best anti-virus software. Other forms of intrusion
practices: detection include the following:
• Length- passwords must be a • Manual log examination
minimum of eight characters in length. • Automated log examination
• Host-based intrusion detection security techniques are indeed successful and
software serve their purpose to a great extent , they are
• Network based intrusion not completely fool proof. Every technique does
detection software have its flaw. Man is very skilled at developing

• Manual log examination can be new security mechanisms , but an equally

effective, but is time consuming destructive code can be written to foil the

and error-prone. A better form of already existing mechanisms. Network security

log examination would be to create does not guarantee the safety of any

programs or scripts that can search organisation, information or computer systems.

through computer logs looking for Physical security must not be neglected at any

potential anomalies. cost. Inspite of its minor drawbacks, network

CONCLUSION security techniques do offer a great deal of

Examining the threats and managing them safety and we cannot disregard the revolution

appropriately is very important for the smooth brought about by techniques like cryptography

running of any organisation. Although the and authentication in the field of network
security