Network security consist of requirements and procedures implemented by a network administrator to thwart and observe prohibited access, exploitation, alteration, or denial of a computer network and available assets. The network administrator must lay the groundwork to all users and administrators by implementing policies, performing a risk analysis, and have a security team available to deter any attacks against the network. Firewalls and secure authentication can be utilized for deterrence of the network. Furthermore, a response to identify the attack is necessary in order to pinpoint the source and block the attack. Compromised machines must be identified and restored to facilitate in re-establishing the network.
Groundwork
The issue of security has always been standing in front of computer networks, but now more than ever there is a growing awareness of the importance of the security of computer networks in corporate environments. Currently, for every corporate network, you must have a clear policy in the field of security. This policy is developed based on risk analysis, determination of critical resources and possible threats.
Security policy can be called both the simple rules for the use of network resources, and detailed descriptions of all the compounds and their features, occupying hundreds of pages. Defined by RFC 2196 (which is considered to be more narrow and limited) describes the security policy as follows: it is a formal statement of the rules that should be subject to the person receiving access to corporate information and technology (Alpcan & Baar, 2010).
It is important to understand that network security is an evolutionary process. There is no product that can provide corporations complete safety. Reliable protection of the network is achieved by a combination of products and services, as well as reasonable security policies and compliance with them of all staff from top to bottom. It can be seen that the correct security policy even without dedicated protection gives better results than the remedies without security policy.
Enterprise network security policy is the result of the risk assessment and identification of important resources and potential threats (Whalen, 2014). Means of network include:
Hosts of network (such as a PC, including the operating system, applications and data hosts).
Network devices (such as routers, switches and firewalls).
Data network (data that is transmitted over the network).
It is necessary to establish the means and degree to which each of these agents must be protected. If network devices or data are at risk, will it lead to difficulty or collapse? The greater the probability of ruin, the stricter safety policy should be.
The basic elements of security policy are the identification, integrity and active verification. Identification is designed to prevent the threat of depersonalization and unauthorized access to resources and data. Integrity provides protection against eavesdropping and data manipulation, maintaining confidentiality and the immutability of the information transmitted. Finally, active verification (audit) means checking the correct implementation of security policy elements and helps to detect unauthorized access to the network and attacks such as DoS.
Identity mechanisms need to be implemented carefully, because even the most well thought-out policy can be upset if it is difficult to use improvements. A classic example is the password entry on a piece of paper attached to the computer monitor - which is the output for the consumer who has to remember multiple passwords to gain access to the changing components of the network (Shinder, 2001). Burdensome or overly redundant system verification and authorization can frustrate users, so they should be avoided. Methods of identification may be based on the protocol S/Key or carried out with the aid of special hardware (token password authentication). A medium access modem is often used for protocol identification mechanism Point-to-Point Protocol (PPP), which involves the use of protocols Password Authentication Protocol (PAP), Challenge Handshake Protocol (CHAP), and Extensible Authentication Protocol (EAP).
Integrity is the element that includes the safety device of the network infrastructure (physical and logical access), perimeter security and confidentiality of data. Physical access security can be expressed in the placement of network equipment in a specially created for this equipment cabinets that have limited access.
Logical access security mainly relates to the provision of mechanisms of identity (authentication and authorization) before granting access to the network connection or Telnet terminal to common network infrastructure components (such as a router or firewall). Perimeter security is associated with firewalls functions that determine what traffic is allowed or denied by the different network zones, usually - between the internet and the main complex, or between users remote access and the main complex.
Confidentiality of data can be provided by security protocols at the transport layer SSL and Secure Shell Protocol (SSH), which carry out secure data transfer between client and server. Secure Hypertext Transfer Protocol (S-HTTP) provides a robust mechanism for Web-transactions, but currently the most popular method is SSL (Rosenblatt, 2013). Means SOCKS is a framework that allows client/server applications in the domains TCP and UDP comfortably and safely to use the services of a network firewall. Security protocol IP (IPSec) is a set of standards to support the integrity and confidentiality of the data at the network level (in IP networks). X.509 is a standard of security and authentication that supports the structure of the security of electronic information transport.
The last major element of the security system is the audit, which is required to monitor and verify the research process security policy. To test the effectiveness of security infrastructure, security audits should occur frequently, at regular intervals. It should also include checking the installation of the new system, the methods for the determination of possible sabotage actions of any of the internal staff and the possible presence of a particular class of problems (attacks such as "denial of service"), as well as the total adherence to security policy object.
When developing security policies, it is necessary to take into account the requirement to balance the ease of access to information and adequate mechanism to identify authorized users and ensure the integrity and confidentiality of data. The security policy should be implemented in a forced way both technically and organizationally - then it will be really effective.
Deterrence
If a person has ever installed a program or set up a printer, it will not be difficult to perform these tasks. A very effective measure in the network security is installing anti-virus software. It constantly checks for infections that could damage or destroy the data within the network. However, keep in mind that hackers are constantly creating new viruses and your antivirus software is effective only if it is able to detect the latest threats (Hess, 2013). Therefore, when you install anti-virus software, configure it to automatically download updates to detect new viruses. If you bought your computer with anti-virus software installed on probation, register at the end of the free period, to continue to receive updates, or buy another antivirus product (Wilson, 2003).
Software companies (such as Microsoft) have free tools that can be used to upgrade the software to ensure its safety. For example, it takes only a few mouse clicks to set up automatic updates for Windows 8. This tool enables a Windows system to automatically connect to the Internet to find and install the latest updates to eliminate security threats. After turning on the Automatic Updates service, on your part there are not required any further efforts. The software will be updated independently. Microsoft Office suite also has a tool for automatic updating.
It is also necessary to install and regularly update software that searches for spyware programs that try to collect your passwords and bank account numbers. Installing a firewall is also a good idea, as it checks data incoming into your network and does not allow them if they do not meet certain criteria. Software firewalls such as the built-in Windows, protect only the computer on which you are working, but are a good addition to a hardware firewall. To enable Windows Firewall is very easy.
It is also necessary to install the software to filter unwanted messages. Spam is unsolicited commercial messages that can fill mailboxes and force employees to waste time sorting their contents (Goodwin, 2007). Although most unwanted messages are just irritating, they are dangerous if they contain attachments that can run at the opening of the virus. In addition, some of these posts are for phishing - received from the user passwords and other valuable information fraudulently that can deliver enterprise security at risk. Installing the product for filtering spam or setting in Outlook can help significantly reduce the amount of junk mail.
Response
An attack on a computer system is a specific kind of action taken by the attacker. It is aimed to find and use some system vulnerability. Thus, it is the threat realization. The attack interpretation (involving a person who has intent of malicious character), does not include the presence of a certain threat chance element. Still, in practice, it is usually not possible to differ intentional and unintentional actions, and good protection system must adequately respond to each one of them (Kahate, 2013).
There are usually distinguished three main security threats types - threats of integrity, disclosure, and service denial. Threat to the integrity involves all the intentional changes (deletion or modification) of data that is transmitted from one system to another or preserved in a computer system. It is usually assumed that the threat of disclosure is subject to more government agencies, and the threat of integrity - business or commercial (Robichaux, n.d.).
The threat of disclosure is all about the information that can becomes known to those people who should not have known it. When talking about the computer security, threat of disclosure takes place when access is gained to some confidential information transmitted from one system to another or preserved on a computer system.
The threat of denial of service takes place when a result of some action blocked access to resources of a computer system. Really blocking may be permanent, so that the requested resource would never be received, or it may cause a delay of only the resource being requested, long enough for it to become useless.
Typical threats in the Internet environment are:
Failure of one of the components of the network. Failure due to errors in the design or hardware or software errors can lead to a denial of service or compromise in safety due to improper functioning of one of the components of the network. Failure of a firewall or false denials of authorization authentication servers are examples of failures that have an impact on safety (Comptech, n.d.).
Scanning information. Unauthorized viewing of sensitive information by hackers or authorized users may occur through various mechanisms - an email with the wrong destination, printer, misconfigured access control lists, several people sharing the same identifier, etc.
Use of the information for other purposes - the use of information for purposes other than those authorized, may lead to a denial of service, excessive expenses, loss of reputation. The culprits of this can be both internal and external users.
Unauthorized removal, modification or disclosure - a special distortion of information assets, which may lead to loss of integrity or confidentiality of information.
Penetration - attack of unauthorized persons or systems, which may lead to a denial of service or significant costs to recover from the incident.
The masquerade - attempts to masquerade as an authorized user to steal services or information, or to initiate a financial transaction that will result in financial losses or problems for the organization.
Historically, the technology on which are based intrusion detection systems, is conventionally divided into two categories: anomaly detection and misuse detection. However, in practice there is used a different classification that takes into account the principles of the practical implementation of such systems: detection of attacks at the network level (network-based) and at the level of the host (host-based). The first systems analyze network traffic, while the second - logs an operating system or application. Each class has its advantages and disadvantages. It should be noted that only some of the intrusion detection systems may be uniquely assigned to one of these classes. Typically, they include the possibility of a few categories. However, this classification reflects the key features that distinguish one system from another attack detection.
Currently anomaly detection technology is not widespread, and in any commercially distributed system is not in use. This is due to the fact that this technology looks nice in theory, but very difficult to put into practice. Another approach to intrusion detection - detection of abuse, which is to describe the attack as a pattern or signature and find the template in a controlled space (network traffic, or log). Antivirus systems are a prime example of the intrusion detection system running on this technology.
As noted above, there are two classes of systems, which detect attacks on the network and the operating level. A principal advantage of the network-based systems, intrusion detection is that they identify attacks before they reach the attacked site. These systems are easier to deploy in large networks because it does not require installation on various platforms used in the organization.
Intrusion detection systems at the host are created to run on a specific operating system, which imposes certain restrictions on them. Using the knowledge of how this operating system should work, features built into account this approach can sometimes detect intrusion, skipped nu network intrusion detection. However, this is often achieved at great cost, because permanent registration required to perform this kind of detection significantly reduces the performance of the protected host. Such systems are highly CPU intensive and require large amounts of disk space to store the logs, and, in principle, are not applicable for mission-systems operating in real time. However, in spite of everything, both of these approaches can be used to protect an organization. If you want to protect one or more nodes, the intrusion detection system at the level of the host may be a good choice. However, if you want to protect most of the network nodes of organization, intrusion detection systems at the network level are likely to be the best choice, since an increase in the number of nodes in the network will not affect the level of security, achieved by means of intrusion detection systems. It can be done without additional configuration to protect additional nodes, whereas in the case of system functioning at the level of the host, it will need to install and configure on each protected host. The ideal solution would be intrusion detection system that combine both of these approaches.
References
Alpcan, T., & Baar, T. (2010). Network security: A decision and game-theoretic approach. Cambridge University Press.
Comptech.org (n.d.). Incident Response Plan. Retrieved from http://www.comptechdoc.org/independent/security/policies/incident-response-plan.html
Goodwin, Michael (2007). Introduction to Enterprise Network Firewalls. Retrieved from http://www.itsecurity.com/features/intro-enterprise-firewalls-012507/
Hess, K. (2013). 10 security best practice guidelines for businesses. Retrieved from http://www.zdnet.com/10-security-best-practice-guidelines-for-businesses-7000012088/
Kahate, A. (2013). Cryptography and network security. Tata McGraw-Hill Education.
Robichaux, P. (n.d.) Noticing and Responding to Network-Borne Attacks. Retrieved from http://technet.microsoft.com/en-us/library/cc723457.aspx
Rosenblatt, S. (2013). Two-factor authentication: What you need to know (FAQ). Retrieved from http://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/
Shinder, D. (2001). Understanding and selecting authentication methods. Retrieved from http://www.techrepublic.com/article/understanding-and-selecting-authentication-methods/
Whalen, K. (2014). Arbor Networks Peakflow 7.0 Dramatically Reduces Time to Detect and Mitigate DDoS Attacks. Retrieved from
http://finance.yahoo.com/news/arbor-networks-peakflow-7-0-130000780.html
Wilson, M. J. (2003). Network Security Best Practices. Retrieved from http://www.computerworld.com/article/2580194/security0/network-security--best-practices.html
