bembry.org
Home / Technology / Inet
Directory_Logo

Network Security

The following set of notes corresponds to the Network Security module of the Internet Design course, providing students an outline of the information they are expected to understand. The corresponding reading for this module is chapter seven of i-Net+ Study Guide by David Groth, et. al., pages 298 - 328.

Authentication

  • Authentication is the process of verifying that a user is the same person he claims to be.
  • Password authentication simply requires that the user enter a password to verify their identity. This measure is only as secure as the password itself.
  • A good password will have a mix of numbers, lower case letters, capital letters, and symbols. Futher, a good password will not be a dictionary word or proper name associated with the user.
  • Key or card authentication requires that the user have a physical object, such as a key or card, to further authenticate their identification to the computer.
  • Biometric authentication allows the computer to scan a person's unique physical features as proof of their identity. Biometric authenications include fingerprints, voiceprints, face recognition, and retinal scanning.
  • Biometric authentications are currently limited by cost as well as by the possibility of changes and fluctuations in a person's physical appearance.
  • A digital signature is a value obtained by performing unique mathematical algorithms on data. This special value, and the algorithm used to obtain it, are encrypted using the recipient's public key and then sent to the recipient along with the original data, which is not encrypted. This signature assures the user that the data has not been altered in transit.
  • A digital certificate is issued by a third party, such as www.verisign.com, to authenticate the identity of a server or an individual. This third party, called the certificate authority, verifies that the public key being used is valid and associated with a particular individual or organization.

Access Control

  • Firewalls are devices (computers with specialized software or a stand-alone specialized hardware component) that prevent unwanted traffic from accessing a network.
  • Firewalls using Access Control Lists analyze a hosts IP address and refer to a special list to determine which processes the host is permitted to access. This type of access restriction is subject to IP spoofing (hosts using a false IP address to gain unauthorized access).
  • Dynamic packet filtering allows a firewall to keep track of the data packets it is transferring and determine whether or not a packet actually belongs in the sequence of packages.
  • The protocol switching technique translates TCP/IP data into a different network protocol (such as IPX/SPX) to limit the effectiveness of certain TCP/IP specific attacks.
  • A demilitarized zone is a section of network made accessible to the public and to the internal LAN, thus providing public access to a portion of the network while securing the remainder of the network from public access.
  • Proxy servers make Internet requests on behalf of internal hosts, then forward the received data on to that host. This setup protects the hosts on the LAN because they are never directly exposed to the Internet.

Encryption

  • Encryption involves translating clear-text into cipher-text using mathematical algorithms.
  • Encryption works by one computer applying an algorithm to encode a message, sending the coded message, and then decoding the message using a key.
  • A private key is a single, secret key shared by two individuals. Both individuals have the same key and use it for encoding and decoding their messages.
  • Public keys use one key to encrypt a message and separate key to decode the message. In this format, the code needed to encrypt a message is publicly available, but the decryption key is private. This way, anyone can encrypt a message to the recipient, but only the recipient can read it.
  • Public keys use a one-way encryption scheme
  • A key's security is measured by the bit length of the key. A 40-bit key is less secure than a 128-bit key.
  • Pretty Good Privacy (PGP) is a free encryption scheme using public-keys of variable lengths. PGP is one of the most common encryptions used on the Internet.
  • Secure Sockets Layer(SSL) is a method of establishing a secure connection between a server and a client. With SSL, the server uses a digital certificate to identify itself to the client, then the two computers collaborate on a private key to be used for the remainder of the transmission.
  • S/MIME(Secure Multipurpose Internet Mail Extension) is an encryption technique for email. This technique uses the recipient's public key to encode the email, then attaches a digital signature to the data to ensure that the data has not been tampered with during transmission.

Auditing

  • Auditing is the process of keeping track of the events that occur on a system, including successful logins, failed login attempts, changes in user privileges, remote logins, and system shut-downs and restarts.
  • Auditing information is typically stored in log files on the computer.
  • Log files may be analyzed automatically by a software application to aid in administration and help alert administrators of possible problems.

Attacks and Suspicious Activities

  • People may attempt to break into a network for a variety of reasons, including the desire to do harm to the organization, a yen for personal profit, or merely for fun.
  • There are two main types of attacks: denial of service (DOS) attacks and information theft or destruction.
  • In a denial of service attack, a server is overwhelmed with bogus requests, to the point that it is unable to service the legitimate requests it receives.
  • Attackers may gain access to a network through social engineering, which is simply persuading legitimate users to give out their user name and password on a network. Such attackers often pose as an administrator, though a true system administrator may access any account without having to know the user's password.
  • The brute force method of gaining access uses a computer program to try every possible letter combination until it finds a working user name and password, or until it is able to duplicate the key used for decryption.
  • Flaws in software design can also open up gateways for attackers to enter or harm a system. These "bugs" in software are often fixed in patches released by the software maker.
  • Some attacks do not require a user name and password; instead, they simply exploit the very services the server was designed for. Such attacks include mail flooding (signing a system user up for hundreds of mailing lists or sending them very large messages), ping floods (issuing a multitude of pings, or requests for connection verification, to a server), a ping of death (a ping package larger than 65,536 bytes), and SYN floods (filling the TCP/IP buffer with SYN requests for connections that are never answered by the requesting host).

Network Security Requirements

  • To maintain security with an Internet connection, use some type of firewall to keep out unauthorized traffic, and send sensitive information only within a secure environment using proper encryptions.
  • To secure an intranet, virtual private network, or LAN which is accessible only to employees (some of which may become upset at the organization), restrict each user's access to only the information they need to access, back up data regularly, use an anti-virus program to prevent virus infections, require periodic password changes, and educate users on basic security issues and precautions.
Restricted access