Network Security

Network security is the security provided to a

network from unauthorized access and risks. It is
the duty of network administrators to adopt
preventive measures to protect their networks
from potential security threats.
Computer networks that are involved in regular
transactions and communication within the
government, individuals, or business require
security. The most common and simple way of
protecting a network resource is by assigning it a
unique name and a corresponding password.
In this presentation we will discuss regarding the
network from the view of security. We will also look
into which are the systems that help us as system
administrators to increase the security.
For example − We are system administrators of a large
chain of super markets, but our company wants to go
online by launching an online selling platform. We have
done the configuration and the system is up and
working, but after a week we hear that the platform
was hacked.
We ask a question to ourselves – What did we do
wrong? We skipped the security of the network which
is as important as the set up because this hacking can
directly influence the company’s reputation resulting in
decrease of sales and market value.
 Devices that Help us with Network Security
Firewalls − They can be software or applications which operate at
the network level. They protect Private networks from external users
and other networks. Generally, they are a compound of programs
and their main function is to monitor the traffic flow from outside to
inside and vice versa. Their position is generally behind a router or in
front of the router depending on the network topologies.
They are also called Intrusion detection devices;
their traffic rules are configured according to the
company policy rules. For example, you block all
incoming traffic to port POP because you don’t
want to receive a mail so as to be secured from
all possible mail attacks. They log all the network
attempts for a latter audit for you.
They also can work as packet filters this means
that the firewall takes the decisions to forward
or not the packet based on source and
destination addresses and ports.
 Types of Network Security Devices
Active Devices
These security devices block the surplus traffic. Firewalls,
antivirus scanning devices, and content filtering devices are
the examples of such devices.
Passive Devices
These devices identify and report on unwanted traffic, for
example, intrusion detection appliances.
Preventative Devices
These devices scan the networks and identify potential
security problems. For example, penetration testing devices
and vulnerability assessment appliances.
Unified Threat Management (UTM)
These devices serve as all-in-one security devices. Examples
include firewalls, content filtering, web caching, etc.
Firewalls
•A firewall is a network security system that manages and regulates
the network traffic based on some protocols. A firewall establishes a
barrier between a trusted internal network and the internet.
•Firewalls exist both as software that run on a hardware and as
hardware appliances. Firewalls that are hardware-based also provide
other functions like acting as a DHCP server for that network.
•Most personal computers use software-based firewalls to secure
data from threats from the internet. Many routers that pass data
between networks contain firewall components and conversely,
many firewalls can perform basic routing functions.
•Firewalls are commonly used in private networks or intranets to
prevent unauthorized access from the internet. Every message
entering or leaving the intranet goes through the firewall to be
examined for security measures.
•An ideal firewall configuration consists of both hardware and
software based devices. A firewall also helps in providing remote
access to a private network through secure authentication certificates
and logins.
Hardware and Software Firewalls
•Hardware firewalls are standalone products.
These are also found in broadband routers.
Most hardware firewalls provide a minimum of
four network ports to connect other computers.
For larger networks − e.g., for business purpose
− business networking firewall solutions are
available.
•Software firewalls are installed on your
computers. A software firewall protects your
computer from internet threats.
Antivirus
•An antivirus is a tool that is used to detect and
remove malicious software. It was originally
designed to detect and remove viruses from
computers.
•Modern antivirus software provide protection
not only from virus, but also from worms,
Trojan-horses, spywares, keyloggers, etc. Some
products also provide protection from malicious
URLs, spam, phishing attacks, botnets, DDoS
attacks, etc. (Description provided in the next
slides)
• The purpose is to deny the victims’ access
to a particular resource, which usually
means cutting off access to the service or
network as a whole.
• It is normally carried at the application
layer.
• An attacker sending large amounts of
legitimate requests to an application
• A bot is a software program that operates on the
Internet and performs repetitive tasks
• A denial of service (DoS) is a deliberate cyber-attack
that floods a computer system with so much data that
it is slowed down, and in many cases, is forced
offline.
• In distributed denial of service (DDoS), the source of
the cyber-attack is ‘distributed’ amongst hundreds
and sometimes thousands of different computer
sources.
• By using multiple computers, the perpetrators make
it difficult to combat and find the source of the
attack, causing widespread disruption to the system
or website.
 Phishing attacks
Phishing is a type of social engineering attack often
used to steal user data, including login credentials
and credit card numbers.
It occurs when an attacker, masquerading as a
trusted entity, dupes a victim into opening an email,
instant message, or text message. The recipient is
then tricked into clicking a malicious link, which can
lead to the installation of malware, the freezing of
the system as part of a ransomware attack or the
revealing of sensitive information.
Content Filtering
•Content filtering devices screen unpleasant and offensive emails or
webpages. These are used as a part of firewalls in corporations as well
as in personal computers. These devices generate the message
"Access Denied" when someone tries to access any unauthorized web
page or email.
•Content is usually screened for pornographic content and also for
violence- or hate-oriented content. Organizations also exclude
shopping and job related contents.
•Content filtering can be divided into the following categories:
– Web filtering
– Screening of Web sites or pages
– E-mail filtering
– Screening of e-mail for spam
– Other objectionable content
 Intrusion Detection Systems
Intrusion Detection Systems, also known as Intrusion Detection and Prevention
Systems, are the appliances that monitor malicious activities in a network, log
information about such activities, take steps to stop them, and finally report them.
Intrusion detection systems help in sending an alarm against any malicious activity
in the network, drop the packets, and reset the connection to save the IP address
from any blockage. Intrusion detection systems can also perform the following
actions
Let us see the schema of their positions:
Intrusion detection systems can also perform
the following actions:
•Correct Cyclic Redundancy Check (CRC) errors -
A cyclic redundancy check (CRC) is an error-
detecting code commonly used in digital
networks and storage devices to detect
accidental changes to raw data.
•Prevent TCP sequencing issues
•Clean up unwanted transport and network
layer options
 Intrusion Detection Tools
One of the best intrusion detection tool is Snort, you can take
information and download the same from − www.snort.org
It is software based, but is an open source so it is free and easy to
configure. It has a real time signature based network – IDS, which
notifies the system administrators or attacks like port scanners,
DDOS attacks, CGI attacks, backdoors, OS finger printing.
The other IDS are:
•Black ICE Defender
•Cyber Cop Monitor
•Check point Real Secure
•Cisco Secure IDS
•Vanguard Enforcer
•Lucent RealSecure.
 Virtual Private Network (VPN)
A virtual private network (VPN) is a technology that is
gaining popularity among large organizations that use the
global Internet for both intra- and inter-organization
communication, but require privacy in their intra-
organization communication. VPN is a network that is
private but virtual. It is private because it guarantees privacy
inside the organization.
The public network (Internet) is responsible for
carrying the packet from R1 to R2. Outsiders cannot
decipher the contents of the packet or the source
and destination addresses. Deciphering takes place
at R2, which finds the destination address of the
packet and delivers it.
Thank you!!!!!