Chapter 5 Network Security

Network security issues

When businesses connect their systems and computers, one user's problems may affect everyone
on the network. Despite the many benefits of using networks, networking raises a greater potential
for security issues such as:
 data loss
 security breaches
 malicious attacks, such as hacking and viruses

Protection with common network security issues

Typical preventive measures to help you avoid network security threats include:
 security devices such as firewalls and anti-virus software
 security settings in the router or the operating system
 data encryption systems for sensitive data
 data backup, including the use of off-site backup
 restricting access to the network infrastructure to authorised personnel only
 training staff in the safe and secure use of the equipment
As well as training staff, you should also implement policies and rules for computer use in the
workplace. You should let your staff know that misuse of networked equipment can be regarded as
misconduct and may result in disciplinary action. Find sample IT policies, disclaimers and notices
for your business.

Threats against networked applications

The possibly external network threat for organization are listed below.

1. Malicious threat:
Malicious threat include Computer viruses, Trojan, worm and spyware. It is code or software that
is particularly intended to damage, steal, disrupt, or as a rule inflict some other “terrible” or
illegitimate activity on information, hosts, or network.

2. DOS attack:
A Denial-of-Service (DOS) attack is an attack intended to close down a machine or network,
making it unavailable to its intended users.

3. Eavesdropping:
Eavesdropping refers to the unauthorized monitoring of other people’s communications. It can be
conducted on ordinary telephone systems, emails, instant messaging or other Internet services.

4. Data breaches:
A data breach is an occurrence in which sensitive, secured or confidential data has potentially been
seen, stolen or utilized by an individual unapproved to do as such. In case of small organisation
data breaches may involve personal information and intellectual property.
Chapter 5 Network Security

5. Phishing:
Phishing is the process to gain sensitive information like usernames, passwords and credit card
information, frequently for malicious reasons, by taking on the appearance of a dependable
element in an electronic correspondence.

6. D-DOS attack
A distributed Denial of Service (DDOS) attack is a challenge to make an online service
inaccessible by overpowering it with traffic from numerous sources. It focus on wide range
banking information and confidential data of any organization.

How to stop this threats:

1. Malicious threat:
Security measure:
• Install antivirus software into the system and download updates to ensure that software has the
latest fixes for new viruses, Trojans, worms and bots.
• Ensure that antivirus software can scan email and the all the files downloaded from the internet.

2. DOS attack:
Security Measure:

• Using Over-provisioning brute force defense.

• Configuring windows firewall and IP access lists.

3. Eavesdropping:
Security Measure: An electronic search of the radio frequency (RF) spectrum to detect any
unauthorized emanations from the area being examined.
Use encrypted data using data transmission or conversation.

4. Data breaches:
Security measure:

• Encrypting all the sensitive information and shred them before disposing.
• Retain the third party and limiting the staffs to access system and devices.

5. Phishing:
Security Measure:

• Keep websites certificates up to date so that users are assured the legitimacy of the websites.
• Educate users about the best practices that they should follow and observe when using Internet
services.

6. D-DOS attack
Security Measure:
Chapter 5 Network Security

• Limit the rate of router to prevent form web server being overwhelmed
• Use of firewall and pack sniffing technique for controlling high packet traffic

Introduction to Secure Network Design

All information systems create risks to an organization, and whether or not the level of risk
introduced is acceptable is ultimately a business decision. Controls such as firewalls, resource
isolation, hardened system configurations, authentication and access control systems, and
encryption can be used to help mitigate identified risks to acceptable levels.

Designing Security into a Network

Security is often an overlooked aspect of network design, and attempts at retrofitting security on
top of an existing network can be expensive and difficult to implement properly. Separating assets
of differing trust and security requirements should be an integral goal during the design phase of
any new project. Aggregating assets that have similar security requirements in dedicated zones
allows an organization to use small numbers of network security devices, such as firewalls and
intrusion-detection systems, to secure and monitor multiple application systems.

Other influences on network design include budgets, availability requirements, the network’s size
and scope, future growth expectations, capacity requirements, and management’s tolerance of
risks. For example, dedicated WAN links to remote offices can be more reliable than virtual
private networks (VPNs), but they cost more, especially when covering large distances. Fully
redundant networks can easily recover from failures, but having duplicate hardware increases
costs, and the more routing paths available, the harder it is to secure and segregate traffic flows.

A significant but often missed or under-considered factor in determining an appropriate security

design strategy is to identify how the network will be used and what is expected from the business
it supports. This design diligence can help avoid expensive and difficult retrofits after the network
is implemented. Let’s consider some key network design strategies.

Firewalls

What is a Firewall?

A firewall is simply a program or network devices that filters the information coming through the
internet connection into your private network or computer system.
In computing, a firewall is a network security system that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. A firewall typically establishes a
barrier between a trusted internal network and untrusted external network, such as the Internet.
Chapter 5 Network Security

Firewalls are often categorized as either network firewalls or host-based firewalls. Network
firewalls filter traffic between two or more networks and run on network hardware. Host-based
firewalls run on host computers and control network traffic in and out of those machines.

What is an Application Firewall?

 Application Fire wall is a special firewall that is specifically coded (Software Programs)
for the type of traffic it is inspecting.
 Example: The most widely developed application firewall is the web application
firewall.

Difference between Host based & Network based Firewall

 A host based firewall is installed on the individual computer to protect it from activity
occurring on its network.
 A network based firewall is implemented at a specific point i n the network path and
protects all computers on the “internal” side of the firewall from all computers on the
external side of the fire wall.

Hardware and Software Firewall:

 Hardware firewalls are integrated into the router that sits between a computer and the
internal.
 Software firewalls are integrated on individual servers. They intercept each connection
request and then determine whether the request is va lid or not.
Chapter 5 Network Security

Three Design goals of Firewalls.

 The first design goal for a firewall is that collectively the sum of all the network from
internal to external must go through the firewall physically cutting off all access to the local
network except via firewall. Example: Security Guard in the commercial Bank of
Ethiopia, Arba Minch Main Branch.
 The second goal would be only authorized traffic which is delineated by the local security
policy will be allowed to proceed. Example: The Bank Manager informed the security
Guard to Block A & B.
 Finally the last design goal is that the firewall itself is resistant to penetration inclusive in a
solid trustworthy system with a protected operating system. Example: Here the security
guard himself/herself act as an intellectual to block few peoples.

Types of Firewalls:

1. Packet Filtering Router

2. Application Level Gateway
3. Circuit Level Gateway

1. Packet Filtering Router

 Applies a set of rules to each incoming IP packets and then forwards or discards the
packets.
 Filter packets going in both directions.
 The packet filter is typically set up as a list of rules based on matches in the IP or TCP
header.
Chapter 5 Network Security

2. Application Level Gateway

 Also called as proxy server.

 Acts as a relay of application level traffic.

 It is used to check the traffic levels.

3. Circuit Level Gateway

 Standalone Software.
 Sets up two TCP connections.
 The gateways typically relays TCP segments from one connection to the other without
examining the contents (simply it will send).
 The Security functions consists of determining which connections will be allowed.
Chapter 5 Network Security

The Role of Firewalls

 A firewall is a term used for a “barrier” between a network of machines and users that
operate under a common security policy and generally trust each other and the outside
world.
 There are two basic reasons for using a firewall at present: to save money in concentrating
your security on a small number of components, and to simplify the architecture of a system
by restricting access only to machines that trust each other.

Advantages of Firewalls

 Concentration of security all modified software and logging is located on the firewall
system as opposed to being distributed many hosts.
 Protocol Filtering, where the firewalls filters protocols and services that are either not
necessary or that cannot be adequately secured from exploitation.
 Information Hiding, in which a firewall can “hide” names of internal systems (or)
electronic mail addresses, thereby revealing less information to outside hosts.
 Application Gateways, where the firewalls requires inside or outside users to connect
first to the firewall before connecting further, thereby filtering the protocol.

Disadvantages of Firewalls

 The most obvious being that certain types of network access may be hampered or even
blocked for some hosts, including telnet, ftp, NFS etc.

 A second disadvantages with a firewall system is that it concentrates security in one spot as
opposed to distributing it among systems, thus a compromised of the firewall could be
disastrous to other less protected systems on the subnet. Example: If someone attacks the
security guard, the organization face more risks.

IP Security Overview

The Internet community has developed application-specific security mechanisms in a number of

areas, including electronic mail (S/MIME, PGP), client/server(Kerberos), Web access (SSL), and
others. However, users have some security concerns that cut across protocol layers.

For example, an enterprise can run a secure, private TCP/IP network by disallowing links to
untrusted sites, encrypting packets that leave the premises, and authenticating packets that enter the
premises. By implementing security at the IP level, an organization can ensure secure networking
not only for applications that have security mechanisms but also for the many security-ignorant
applications.
Chapter 5 Network Security

In response to these issues, the Internet Architecture Board (IAB) included authentication and
encryption as necessary security features in the next-generation IP, which has been issued as IPv6.
Fortunately, these security capabilities were designed to be usable both with the current IPv4 and
the future IPv6. This means that vendors can begin offering these features now, and many vendors
do now have some IPsec capability in their products.

IP-level security encompasses three functional areas: authentication, confidentiality, and key
management.
The authentication mechanism assures that a received packet was, in fact, transmitted by the party
identified as the source in the packet header. In addition, this mechanism assures that the packet
has not been altered in-transit.
The confidentiality facility enables communicating nodes to encrypt messages to prevent
eavesdropping by third parties.
The key management facility is concerned with the secure exchange of keys. The current version
of IPsec, known asIPsecv3, encompasses authentication and confidentiality. Key management is
provided by the Internet Key Exchange standard, IKEv2.

Overview of IP security (IPsec)

Internet Protocol Security (IPsec) is a network protocol, that authenticates and encrypts the packets
of data sent over a network.
• IPsec includes protocols for establishing mutual authentication between agents at the
beginning of the session and negotiation of cryptographic keys to use during the session.
• IPsec can protect data flows between a pair of hosts (host-to-host), between a pair of
security gateways (network-to-network), or between a security gateway and a host (network-to-
host).
• Internet Protocol security (IPsec) uses cryptographic security services to protect
communications over Internet Protocol (IP) networks.
• IPsec supports network-level peer authentication, data-origin authentication, data integrity,
and data confidentiality (encryption), and replay protection.

The IPsec suite is an open standard. IPsec uses the following protocols to perform various
functions:
• Authentication Headers (AH) provides connectionless data integrity and data origin
authentication for IP datagrams and provides protection against replay attacks.
• Encapsulating Security Payloads (ESP) provides confidentiality, data-origin
authentication, connectionless integrity, an anti-replay service (a form of partial sequence
integrity), and limited traffic-flow confidentiality.
• Security Associations (SA) provides the bundle of algorithms and data that provide the
parameters necessary for AH and/or ESP operations. The Internet Security Association and Key
Management Protocol (ISAKMP) provides a framework for authentication and key exchange
Chapter 5 Network Security

What is intrusion detection?

Intrusion detection is the process of monitoring the events occurring in a computer system or
network and analyzing them for signs of intrusions. Intrusions are caused by attackers accessing
the systems from the Internet, authorized users of the systems who attempt to gain additional
privileges for which they are not authorized, and authorized users who misuse the privileges given
them. Intrusion Detection Systems (IDSs) are software or hardware products that automate this
monitoring and analysis process.

Functions of Intrusion detection systems:

 Monitoring and analysis of user and system activity
 Auditing of system configurations and vulnerabilities
 Assessing the integrity of critical system and data files
 Recognition of activity patterns reflecting known attacks
 Statistical analysis for abnormal activity patterns

Benefits of intrusion detection:

 Improving integrity of other parts of the information security infrastructure
 Improved system monitoring, Tracing user activity from the point of entry to point of exit or
impact
 Recognizing and reporting alterations to data files
 Spotting errors of system configuration and sometimes correcting them
 Recognizing specific types of attack and alerting appropriate staff for defensive responses
 Keeping system management personnel up to date on recent corrections to programs
 Allowing non-expert staff to contribute to system security
 Providing guidelines in establishing information security policies
Chapter 5 Network Security

IDS Taxonomy

A distributed intrusion detection system is one where data is collected and analyzed in multiple
host, as opposed to a centralized intrusion detection system. Both distributed and centralized
intrusion detection systems may use host- or network-based data collection methods, or most likely
a combination of the two.
--IDS can react to intrusion in two ways: Active - takes some action as a reaction to intrusion
(such shutting down services, connection, logging user...) Passive - generates alarms or
notification.
--Audit information analysis can be done generally in two modes. Intrusion detection process can
run continuously, also called in real-time. The term "real-time" indicates not more than a fact that
IDS reacts to an intrusion "quick enough". Intrusion detection process also can be run periodically.
Chapter 5 Network Security

S/MIME vs PGP
Chapter 5 Network Security