Network security Paper Presentation

NETWORK SECURITY

1. INTRODUCTION

For the first few decades of their existence computer networks were primarily used by university researchers for sending email, and by corporate employees for sharing printers. Under these conditions, security did not get a lot of attention. But now, as millions of ordinary citizens are using networks for banking, shopping, and filling their tax returns network security is looming on the horizon as a potentially massive problem.

Information systems have evolved in the last few decades from centralized and highly secure host-based systems to be decentralized. Enterprise computing systems, in which computers and information resources are distributed throughout an organization. It is often said that in the enterprise model, “the network is the computer”.

In the 1980s uses gained important ground in the information age with the personal computer. Suddenly they could store vast quantities of information at their own desktops, rather than on centralized computers controlled by “information czars”. But of course potential for data theft, corruption, and eavesdropping increased. The situation got worse as companies installed local area networks (LANs) to connect everything together and in the processed increased opportunities for security breaches. Ultimately, the systems so large that they were hard to manage effectively.

 To make things still worse, users of laptop and remote systems demanded connection into corporate offices from their homes, from hotel rooms, and from customer sites. Then the Internet becomes popular, and people inside the company wanted to connect out to it. To most administrators, the Internet is a nightmare that can potentially open the company's entire internal network to outsiders.

2. TYPES OF NETWORKS

            A number of single user systems and multi user systems linked together for the purpose of data and resource communications is called as network

2.1 Local area network

            The name local area network (LAN) implies that the network is relatively small and with in area. Cable connects all the systems in the department of an organization .The electric characteristics of the cable often define the limits of LAN and the number of computers you can attach to it. All the users in the department trust one another (in theory at least), because all the uses are known and working the same department. Detecting the preparatory of malicious activity is possible in most cases.

            In the early days of LANs, few people concerned themselves with the though that someone would tap their network cable and monitor transmissions: few people knew how to tap a cable. Besides, most information on LANs was easy to manage and secure because it was usually stored on a single server, and all the users connecting to it were known.

2.2 INTERCONNECTED NETWORKS:

Most companies are still fairly relaxed about the way they interconnect their information systems.  Network cables are open and anyone could have taped that cable on matter of minutes during the night.

            The end result of these interconnected networking was a mesh of cable running in all directions. A manager and technicians had trouble keeping track of every cable run. If you ran cable through the ceiling, then you had to be wary of air -conditioning service technician who might find some reason to II tap cable .If cable was concentrated in a telephone closets, the telephone repairer was suspect.

            Growing companies typically install cable through out the building and put connections in offices that are not yet occupied. Industrial spies who manage to get into your building may "set up office", posing as temporary employees or people from a branch office. They connect to the network and monitor its traffic using devices called packet snifters. Monitoring network traffic can provide vast amounts of information, such as logon names and passwords or information about the servers on your network and the types of services they provide.

2.3 HETROGENIOUS NETWORKS

Managing security on heterogeneous networks is also difficult. Each different type of computer runs an operating system with its own security system. An administrator faces a formidable task in developing a security strategy that accommodates all these different systems.

2.4 CAMPUS METRPOLITAN AND WANS

Large organizations are faced with the need to interconnect systems in different buildings on business and college campuses, in metropolitan areas, or around the globe. These networks are called campus networks, metropolitan networks (MAN), and wide area network (WAN). Another connection is set up between your local switching office and the remote switching office, and from there a third connection is set up to your remote site.  This arrangement is usually called a private network because you for exclusive use of the lines. However, can you be sure that the lines are private?  There are too many places where industrial spies or preachers (people who know how to break into phone systems) can monitor your traffic.  Once again, data encryption is a good idea.

2.5 REMOTE ACCESS AND MOBILE COMPUTERS

Telecommuting is the latest trend in corporate computing. Works with laptop computers or systems at home connect into the office network to access resources, send and receive electronic mail, and check the company bulletin boards for news and information.  Telecommuting is essential for mobile salespeople and employees who need to work in the field.  It makes economic sense to let employees with home computers do their jobs at home.  A home worker saves on commute time and costs and lowers the expense of maintaining an office at the corporate center.

As this trend increases, so do the vulnerabilities of your information systems.  Someone might steal a mobile user's portable computer along with the sensitive information it contains, including logon scripts for accessing your corporate network.  The same thing can happen to a home computer.  You cannot be sure who is dialing into your network unless you take steps to properly authenticate these users.

            Branch officers are another security problem.  A typical branch office has a small LAN and a staff of people who log on to corporate systems.  In many cases, these offices are understaffed and prone to break-ins.  If salespeople and other staff are out in the field, the receptionist may be the only one in the office during long periods of the day. 

3. WHAT ARE THE THREATS?

            The biggest problem with the hacker threat is that hacking is fun!

Threats by floods and fires are easy to understand:  the techniques for protecting against them area well known.  But threats perpetrated by malicious users, disgruntled employees, and unknown hackers are a true nightmare.  Every day some new technique for attacking systems is developed.

You may not know you are being attacked or have been attacked. No site is an exception.  Even small businesses like corner food stores are targets for local hackers who notice an online computer system while in the store.  They break in using their computer and modem just for the fun or challenge.  Often these systems are the least secure because the owners think that no one would care about their system or even know it exists.  Professional hackers are quite busy as well.  Recent reports indicate that unemployed Russian security experts are hacking into and looting American corporations of billions of dollars.

There is no doubt that is entering an era of electronic crime.  Software systems are vulnerable.  It's that simple.  Accept it and start dealing with the problem.  Methods of encrypting data to hide it from prying eyes are breakable, given enough time and resources.  A major developer of encryption algorithms announced that its encryption system would take years to break.  .

3.1 AREAS OF SECURITY WEAKNESS

How do hackers break in?  What are the weak areas that they exploit?

The following list describes some of the weakest areas on company-wide networks:

Ø  Well-known (and easily guessed) passwords, or leaked passwords, that compromise user logon and authentication

Ø  Poorly implemented logon settings, user account rights, and file access permissions

Ø  Disks and electronic mail that carry viruses

Ø  Open doors into internal networks, created by users that access the Internet or by poorly implemented Internet firewalls

Ø  Dial-up mobile and remote computers that have been stolen along with logon information

3.2 WHO ARE THE HACKERS?

You may not know any hackers personally; On the other hand, a hacker might be your next-door neighbor’s son--someone with a computer and modem who is familiar with what you do, and who might guess your logon password because you use some derivative of your kids' names. The people who do it see hacking as an electronic sport.  They will spend all of their free time breaking into systems just for the thrill of having done so.  Don't try to understand why, just know that they are out there. 

Dangerous hackers are very knowledgeable about computers and security techniques, and they use sophisticated techniques to break into computer systems.  Your competitor may hire such a hacker.  If hackers cover their tracks, you might never know that they have stolen your customer mailing list or trade secrets.  The information that your competitors, foreign governments, and other hackers are after may include the following:

Ø  Research information

Ø  Product information

Ø  Customer lists and proprietary customer information

Ø  Information about your organization, such as employee records, financial data, or legal information

Ø  Almost anything else of value

Hackers learn about hacking by sharing information with their fellow hackers.   There is an incredible amount of information available.  Bulletin boards and electronic newsletters exist for the purpose of spreading this information around.  Hackers get online to brag about their techniques and exploits. 

Hackers often intend to make a profit or want to obtain free services.  A phone hacker (or preacher) is intent on obtaining logon information to online services or on making long-distance phone calls through your phone system so that you pick up the charges.  A hacker often uses information obtained during one break-in to access and break into another computer system.  They might sell information obtained during a break-in, such as credit card numbers and access codes, to foreigners or competitors.

3.3 THE INTERNAL THREAT

A recent online survey by Network World magazine revealed that most security experts and readers felt that internal employees were the biggest threat to their information systems.  Employees are familiar with the network, know which systems hold valuable information, and may have easy access to those systems through their own account or the account of another use.  The American Society for Industrial Security estimates that 77 percent of information theft is perpetrated by insiders.

            Revenge is a common theme: workers against co-workers employees against personnel staff, subordinates against managers, and so on.  Downsizing may put people in jobs where they are overworked and underpaid.  They may break into company employee records or, to cover a trail of theft, alter inventory and asset records.  An employee who is being laid off may plant a virus. 

            Janitors have become dangerous in the information age.  They steal information that can be used to break into computer systems form the outside, such as user accounts and even passwords that users paste on their walls.  The latest trend among hackers is to share information about how to get a job as a janitor!

            Contractual partners are also a threat. Organizations involved in electronic data interchange (EDI) set up communication links with other companies for the purpose of exchanging business information.  Hackers take advantage of these links.  The hacker may be an employee of the other company, or an external hacker who has found a way into one company and uses the link to gain access to the other company.  Any data-exchange agreement with other companies should be considered a potential threat in which your company's trade secrets and other vital information area at risk.

            Trusted users are a constant security threat as well.  They spread viruses form one system to another.  They can inadvertently leak sensitive information or reveal their password to unauthorized users.  A caller into giving out a password or some other vital information can dupe them.  These last two points describe what is often called "social engineering".

4. METHODS OF ATTACK

4.1PHONE ATTACKS

A preacher is a person who takes advantage of the telecommunications system to make free lone-distance telephone calls, listen to private conversations, access internal systems, or hack into other systems via the system broken into.  Preachers are familiar with telephone switches, networks, and other equipment, and often have manuals from the manufacturers of telecom equipment that describe exactly how to operate and repair that equipment.  Experienced preachers can manipulate telephone billing, access codes, and call routing.

Preachers can make free long-distance phone calls by gaining "dial-in / dial out" capabilities.  For example, a preacher calls a number in your organization, and then asks to be transferred back to the operator.  He then poses as an important person within the company and asks for an outside line.  His call is now looped through your company, and you pay the bill.  Attacks on other systems may be perpetrated in this way.  Worse, the targets of the attack may think your company is responsible.

            Hackers and preachers even pose as service technicians to gain access to phone closets and PBX systems, where they reprogram the systems, install bugs, or set up circuits that can be accessed late and used to attack your company or other companies.

4.2 HACKERS USER ACCOUNTS AND PASSWORDS ATTACK

An attacker's first priority is to obtain user account names and passwords since this provides easy access to a system. Once inside, the hacker will find away to elevate his privileges. The attacker can obtain a list of user account names from a number of likely sources. For example, the company e-mail system might provide such lists. In high-security environments, make sure these lists are not readily available. Internal users will usually have easy to access to account names. Once a user account list is obtained, the hacker will try to determine which account will give the most access if broken into .the pc support staff may inadvertently provide this information in the form of list of uses to contact in case of problems. Once a hacker obtains alginate user account name, cracking the password is the next step. Hackers take advantage of common passwords: if they know the user of an account, they may try various combinations of the user's kids and pets' names. Many people use the same password to log on to other systems, such as ATM machines. A co-workers/hacker could obtain this password by watching you at the bank machine with a part of binoculars (yes, it's done). A good reason to choose an obscure password is to make it difficult for people with good eyes to follow your keystrokes as you type it.

If a hacker obtains a user account name, but not a password, he can try brute force methods of breaking into the account. A program is set up to try thousands or millions of different passwords until the account opens. This method is ineffectively if logon restrictions that limit the number of attempted. 

Logons Are Set Exhaustion attacks and dictionary attacks are methods for cracking password files and other encrypted information .in an exhaustion attack thousands of password combinations are used until a guessed. In a dictionary attack, a complete dictionary of common password s in multiple in languages is tried until a password is guessed. Hackers often know the manufacture's default passwords to equipment like routers and depend on the fact that the passwords are not changed.

4.3 ELECTRONIC EAVESDROPPING AND CABLE SNIFFING

A packet snifter is a device or software that can read transmitted packets. Packet sniffing is a passive eves dropping technique that is hard to detect. The packet-sniffing devices may be installed on internal or external networks. Although packet sniffing an internet transition line is not necessarily informative, sniffing a cable that runs into your facilities who are armed with packet snifters, or from hackers who have penetrated your building and planted listening devices.

4.4 VIRUSES AND TROJAN HORESES

Viruses are small programs that mimic the activities of real-life viruses. They get into computer systems by being copied from contained disks or downloaded from online services by unsuspecting users. Once a system is contaminated, the virus executes some immediate action, or waits until a specified time or for a specific command executed by the user. Viruses may display harmless messages or destroy the information stored on entire hard disks. A Trojan horse is similar to a virus, but contaminates a system by posing as some other type of program.

            Virus are especially dangerous on networks because once they contaminate one system, they may spread to systems throughout the entire network. The biggest threat is that unsuspecting employees will pick up virus through normal business transactions spread them throughout an organization.

Virus contamination comes from a number of sources:

Ø  Library computers or company kiosk computers that many different people use

Ø  Service technicians who use disk-based utilities to check computers

Ø  Computers infected by malicious users or by disgruntled employees who want to get with the company or another employee

Ø  Yes, even packages of off-the –self-software.

In fact, viruses were available for sale in a recent magazine advertisement for the purpose of testing your anti-virus software! Anyone not sure hoe to get a virus can now just buy one in order to infect someone else's system.

Viruses are created by authors who are fascinated by how quickly their virus may spread through computer systems. Terrorists and industrial spies create viruses that cause damage in order to seek revenge on an opponent or to viruses that cause damage in order to seek revenge on opponent or tom damage the operations of a competitor. Some viruses are intended targets.

4.4 NATURAL THREATS

Obviously, not all threats to the integrity of your network come from people. Power surges, failing components, and other problems may bring down systems and cost your organization thousands or millions of dollars in down time. In some cases, continuous access to information is critical to the operation of the entire business. The following list covers most major natural threats:

Ø  Electrical power may be lost during storms or for other reasons. Backup power supplies are essential.

Ø  Hardware failures can cause loss of data availability. Redundant systems and backup are imperative.

Ø  Fires, floods earthquakes, and other disasters require backup systems and backup are imperative.

In any of these situations, communication lines that are essential to the operation of your company may be cut. You need to establish alternate lines or backup methods to keep system online in emergencies.

5 COUNTER MEASURES

5.1DEFINING SECURITY

Information security is the practice of protecting resources and data on computer systems and networks, including information on storage devices and in transmission.  Make it your business to control and monitor the security of your systems and to implement security policies and procedures that people can follow.

Ø  Identification and authentication: Identification and verification of users through a login process, and authorization to use other systems based on this security clearance

Ø   Access control:  Rights and permissions that control how users can access network resources and files

Ø  Accountability and auditing:  A system of tracking and logging activities on network systems and linking them to specific user accounts.

Ø  Object reuse:  Methods for providing multiple users with access to individual resources.

Ø  Accuracy: Methods for protecting resources against errors, corruption, and unauthorized access.

Ø  Reliability: Methods for ensuring that systems and resources are available and protected against failure or loss

Ø  Data exchange:  Methods for securing data transmissions over internal or external communication channels

5.2 SECURITY COSTS

Consider how much your organization can afford to spend on security.  At the physical level, power surges, failing components and other problems may bring down systems and cost your organization thousands or millions of dollars in downtime.  In some cases, continuous access to information is critical to the operation of the entire business.

There are also direct costs, such as equipment costs, as well as administrative expenses.  Beyond the dollar costs, there are expenses related to the inconvenience of the security system.  It may simply take more time to get things done when complex procedures are in place to provide security.  Will users circumvent these security procedures?  How much will it cost to make sure they don't?

            It's wise to have a security manager for large organizations.  This person should work with upper-level management, department managers, system administrators, and users to develop a workable security plan.  Just having a person who concentrates solely on security is one of the biggest advantages in the battle against computer crime.  As organizations connect their internal systems---and connect to the Internet---a security manager becomes even more important.

5.3 PROTECTIVE MEASURES

There are a number of protective measures that help you "harden" your defenses, put up walls, and lessen the chances that someone is going to physically or electronically attack your systems.  A few obvious steps are:

Ø  Create security policies, plans, and job positions as appropriate.

Ø  Set up a security-response team, experts who handle security problems.  The team can provide a place for users to report security breaches or contacts by suspicious people who may be industrial spies.

Ø  Perform background checks on personnel and keep tabs on employees who are disgruntled, who are working closely with other companies, and who are in the process of leaving the company.

Ø  Classify your employees much the way the military classifies its personnel, giving some people higher clearance for access to sensitive information than others.  Make sure to differentiate between part-time and temporary employees.

5.4 FAULT TOLERANCE AND REDUNDANT SYSTEMS

Fault-tolerant systems are designed to withstand hardware failures and software errors.  A fault-tolerant feature called disk mirroring writes data to two disks at the same time.  If one disk in the pair fails, the other remains accessible to users. 

            Replication servers provide a way to automatically copy data to other servers on our network.  You can install servers in branch offices, and then replicate information to those offices.  This puts information "closer" to users at the remote offices and reduces transmissions over long-distance lines.  In addition, replicated data provides real-time backup to fully functioning systems that can be accessed in case the primary system fails.

5.5 BACKUPS

Backups are essential.  You already know that.  If your systems are stolen, destroyed by fire, or corrupted by hackers, you'll need to go back to the last uncorrupted backup.  The National Computer Security Association provides some interesting figures.  It estimated a cost of around $17,000 to recreate 20 megabytes of sales and marketing information.  That figures goes to $19,000 for the same amount of accounting data and $98,000 for engineering data.

            The procedures you use to restore backups are critical in the case of virus attacks.  Your backups may be corrupted, in which case you'll need to go back in the archive until you find a non-corrupted backup set.  Back up as frequently as possible and place back up media into permanent archives as often as possible.  Virus contamination can destroy a whole series of backups, and you may need to go into permanent achieves for the last good set of data.

A user who backs up files must have read privileges in the directories that require backup and write privileges to restore files. You must give these rights to trust worthy people since they use them for unauthorized activities. Anyone restoring files must be knowledgeable of virus -contamination issues to prevent viruses from being writing to disk.

5.6 ENCRYPTION

You can use cryptographic techniques to protect files stored on disks and backups from prying eyes, or to conceal data transmissions and electronic mail. Encryption utilities scramble files and lock them with a password key. Using encryption may cause a drop in performance.

            Encryption may give you the feeling that your files are private, when in fact someone might have cracked your encryption key and begun reading all your files. The stronger the encryption system, the better, but sure to implement additional security measures as appropriate. Also be aware that someone who gains access to your system might replace your encryption program with a Trojan horse version of the program that steals your password.  Make sure the encryption software is protected and secure.  Then take actions to monitor for possible virus infections.

5.7 VIRUS PROTECTION

Viruses are a real threat to your network.  They are easily contracted form unknown disks or by downloading files form online services, bulletin boards, and the Internet.  Any of your network users can contract a virus at any time and spread it to the network.  A virus is often hard to detect.  It may wait on your system before it executes.  Vigilant users or network administrators may detect unusual activity or notice an increase in the size of files (indicating potential infection).

Your can monitor your system for telltale signs of virus activity, such as increased file sizes, changes in file timestamps, unusual disk activity, or an abrupt decrease in disk space.  A better way is to install virus-detection software that does this for you automatically.  Administrators and users must be trained in techniques for avoiding and detecting viruses.

            Even after detecting and cleaning up a virus infection, there is still a good chance that the virus is lurking somewhere in your organization, ready to re-infect systems.  It may even have infected the backup sets.  You may need to implement a plan to detect and remove the virus throughout your organization.  Check all workstations, disks, and other data sources for infections.

            If you need to rebuild systems from backup, carefully scan the backups to detect the virus.  Start with the most recent set of backups and remove the virus if possible.  Otherwise, go back through the achieves until you find an uncontaminated set.  If you do need to rebuild a system, back up the most recent data files only.  Executable files may contain unknown viruses.  You can restore program files form your original program disks, assuming they are uncontaminated.

6. CONCLUSION

I conclude my seminar saying that as hackers and many algorithms are there to break passwords and much valuable information, which leads to a great loss.  Hence network security provides the remedy by many ways.  Hence much more advanced security measures would be more helpful.  So always that should be an eye on network security as it is much and more important.