aml1205 16 | 1
Jul 01, 2011 | #1
Network Security Paper
This paper deals with the issue of network security. Before this issue can be addressed, there is a need to define exactly what network security is. The first part of this paper will explain the concept of network security, how it is protected, the possible attacks to this protection and the goals which need to be achieved.
As the following paragraphs will indicate, network security affects everyone. It is not limited to one's personal access to a private computer. As a matter of fact, the following paragraphs will indicate that the more important data one holds, the greater the need for network security.The following paragraphs will also indicate that the concept of network security is not a 1 man show. It involves the aspects of security and risk management, assessment of risks, planning and implementing a strategy to combat threats to the network.
Network security, definition, attacks and objectives
Network security broadly refers to the policies implemented by a network administrator to guard against unauthorized entry, use and modification of a computer network and it's accessible resources.
The first step towards this end is via the authentication of a username and password. The second step is the formation of a firewall which determines the extent to which users may avail themselves of the network's resources (Wikipedia the Free Encyclopedia).
A network attack takes place when an attacker (or hacker) uses technological means to maliciously compromise the security of the network. This could be for the purpose of using the data from corporate networks for financial gain or corporate espionage; to gain access to user accounts and privileges; to damage or corrupt data by implanting a virus; to steal data and software; to prevent the legitimate users of the network from using network services, along with other reasons (Responding to Network Attacks and Security Incidents).
Hackers can resort to different attempts to invade a network. Footprinting is usually the first step. This is the process of creating a map of the network to determine it's operating systems, applications and the address ranges being used, and to identify possible access ports. Port scanning, another strategy, is the process of collecting information about the services of a target network. Enumeration is the process of collecting information on applications and hosts on the network, and the user accounts on the network. Then there is privilege escalation wherein a hacker manages to get a higher level of access to control the network.
Backdoors can be installed for accessing the network in the future with the assistance of access granting codes (Responding to Network Attacks and Security Incidents).
Network security has 4 main goals
Confidentiality - the information involved is intended by the sender for particular recipients only;
Integrity - the sender and recipient need to be assured that the information sent and received are not altered in the delivery process;
Authentication - senders and receivers need to be able to confirm each others identity and the level of security must allow enoughmeasures to trace back sources of information, as well as measures to track the path by which information travels;
Availability - the needed information and other resources needed from the network must be accessible (Matik).
Network security and security management
The security management for different networks varies depending on the circumstances. The level of security management for a household would be lower than the level of security required by a fortune 500 company (Wikipedia the Free Encyclopedia).
This difference in the level of security needed in turn determines the kind of tools necessary for security management. A household will not need a commercial vulnerability assessment scanner which may be necessary for a company with 100 or so employees who communicate with clients via 1 network system. Such a tool is necessary for companies to monitor the network related activities of their many employees and to guard against the entry of any information that may threaten the network at least and the company at most. On a similar note, a household network will probably be fine with a mere vulnerability assessment tool, just to make sure the children are safe from on line intruders and no one is attempting to steal anyone's email information.
Another point related to security management is risk management. Securing information within a network deals with risk management. Information is just like any asset. The more important an asset is, the greater the security threat and, consequently, more resources must go into guaranteeing it's security (Matik). The idea of risk management is significant because total network security is next to impossible. The next achievable goal is to minimize the number of risks and it's effects.
Network security and assessment
In order to protect a network from attacks and breaches of security, it is important to determine the types of threats the network is susceptible to. This requires assessing the risk that each network threat poses on the entire infrastructure (Responding to Network Attacks and Security Incidents).
Some risks may include eavesdropping, IP address spoofing, and man-in-the-middle attack, just to name a few. Eavesdropping is the process of listening to network traffic and interpreting unprotected data. IP address spoofing is the process of assuming the source IP address of IP packets, then making it appear that the packet originated from a valid IP address, for the purpose of identifying the computers on a network. The man-in-the-middle attack takes eavesdropping a step further by capturing and controlling data being communicated between 2 parties, for the purpose of obtaining information to impersonate the communicating parties (Responding to Network Attacks and Security Incidents). These risks could have far reaching consequences that may bring down an entire company or affect the professional future of the legitimate users of the network depending on the information acquired and manipulated. With regard to the government and it's military, the consequences could lead to unimaginable damage to diplomatic relations and national security. These are the consequences that need to be assessed in the realm of network security.
Network security assessment consists of 4 phases
Reconnaissance phase- this is the discovery of the network devices through alive scanning via Internet Control Message Protocol (ICMP) or TCP;
Enumeration and assessment phases - this is where the security assessor determines whether a service or application is running on a particular host and assesses it's potential vulnerabilities;
Exploitation phase - this is where the assessor leverages one or more vulnerabilities to gain some level of privileged access to the host and uses this access to further exploit the host or to escalate privilege on that host or throughout the network or domain (Cochran).
Assessment also refers to the tricks and tools employed by professional security consultants to identify the above risks that internet-based networks need to reckon with. This may include a penetration testing model to secure networks of governments, militaries and commercial establishments. The penetration testing model to be employed depends on the level of intrusion that a network seeks to avoid. Black box testing seeks to avoid intrusion from someone who has no prior knowledge about a network. White box testing seeks to avoid inside jobs from users of the network (Wikipedia, the Free Encyclopedia).
Penetration testing has the additional function of assisting network administrators in discovering the vulnerable spots in a network. These vulnerabilities include incorrect configuration settings and holes in security processes and policies (Responding to Network Attacks and Security Incidents).
Network security, planning and implementation
Part of maintaining network security is to monitor for network intrusions on a daily basis. There is a need to be alert for any strange activities or files to outsmart the hackers who try to disguise their activities. Firewalls should be configured to log the traffic that it blocks, and monitoring firewall logs is 1 way of detecting intruder activities (Responding to Network Attacks and Security Incidents).
As a means of addressing security breaches in an orderly manner, it is important to come up with an incident response plan. This is the strategy of having a planned approach which is based on a security policy. Security policies should define the reaction that is to be received by different breaches of security, the reaction to be received by the individuals who perpetuate these incidents, and the procedure for escalation when the same should be necessary.
It is also important to have an incident response team that has the skills and training to deal with security breaches systematically so that the organization involved can either recover quickly, or not be disturbed at all, by such incidents (Responding to Network Attacks and Security Incidents). They need to take into account what the actual risk is in order to avoid long-term failure (Matik).
To summarize, the security plan for network protection mainly consists of 3 phases:
Prevention - this is the phase of implementing measures to safeguard information against modification, destruction or compromise;
Detection - this is the phase of implementing measures to identify when a security breach has been and the source of such a breach;
Reaction - this is the phase of implementing measures to rectify a security breach by recovering lost information, reverting altered data back to its original form, restoring network operations and avoiding future instances of invasion (Matik).
Conclusion
The goals which network security need to achieve is easy to grasp. So are the processes which are put on paper. But the fact remains that there are no hard and fast rules to follow when it comes to protecting a network. It depends on so many things, primarily what needs to be protected and the threats to this protection. Then there's the ever developing field of technology that evolves faster than the human capacity to solve problems. Simply put, a security risk which is killed today may rise from the dead tomorrow to become an even more invincible enemy. In conclusion, the only solution seems to be to remain vigilant. Network administrators have no other option but to keep watching and cannot expect the network to act like an artificial being that can take care of itself - it cannot. It is being threatened by this specie of human beings called hackers. While technology has afforded many tools which can serve as weapons for defense, in the end the best defense remains the other specie of human beings who can combat the hackers.
References:
Cochran, J. 10 Network Security Assessment Tools You Can't Live Without.
Matik, M.(n.d.). Planning Network Security.
Network security. In Wikipedia the Free Encyclopedia.
Responding to Network Attacks and Security Incidents.