Title: Introduction to Network Security

Author: SpyHat

1. Abstract:

This thesis is based on the features and functionality of the specified network technology. The technology selected for this thesis is network security. Extensive analysis was carried out on the various aspects of this technology.

2. Introduction to network security:

In the past, Network Security was nothing more than secured frames that acted as central hosts and data repositories that were accessed only by dumb terminals with limited rights. Network security was not considered to be a significant issue. The rapidly expanding size of networks and the increasing misuse, lead to the necessity for secure networks .

3. Research on the Network Security:

This is the first section of the report, it include the research carried out on the Network Security.

3.1  Factors affecting the introduction of a communications network:

The introduction of Network security or any other technology is initialized by the identification of its necessity in a certain problem domain. Once the public is aware of the importance of the commodity, a large number of hassles and obstacles are avoided . However the following factors are also affected during the initial stages.

3.2 Necessity:

No technology is implemented unless the necessity for the product is not justified. This justification can be done in the following ways.

3.3 Advantages:

The customers/ users should be informed of its advantages like protection of confidential data from hackers, viruses' etc

3.3  Cost Factor:

The costs involved in purchase and installation should correspond to the needs of the organization. The investments to be made on security is based on

• Degree of confidentiality
• Degree of the effect of corruption of data
• Possibility of Intrusion, attacks etc.

3.4  General Threats faced by Networks :

• Threats associated with Hardware and Network Design

- Interception:

Networks using leased line (VPN) over the Internet are vulnerable to eavesdropping. Repeater hubs broadcast traffic over the entire segment thus making the transmission more widely vulnerable to sniffing. On the other hand switches provide logical point-to-point communications, which limit the availability of data transmissions to the sending and receiving nodes.

Unused hub, router or server ports can be exploited and accesses by crackers if they are not disabled. A router's configuration port, accessible by Telnet, may not be adequately secured . If routers are not properly configured to mask internal subnets, users on outside networks (Internet) can read private addresses. Modems attached to network devices may be configured to accept incoming calls. This might open security holes if they are not properly protected .

• Threats associated with Protocols and Software

Hardware secures only if configured. Most of these threats that occur in the higher layers of the OSI model (Transport, session, presentation & application layers) have a combined role of software and hardware. Improper configuration of the router can lead to the improper use of the flexibility of the TCP/IP to gain access.

TCP/IP and UDP require little or no authentication. IP addresses can be falsified and checksums can be deceived. Trust between servers may allow crackers to access the entire network through minor loopholes or flaws.

• Threats associated with Internet access

Improper configuration of a firewall allows outsiders to obtain IP address, pretend that they have authority to access internal network from the internet- a process called IP spoofing. Alternatively a firewall can screw up to such an extent that it cannot prevent unauthorized packets from entering the LAN from outside.

Crackers might launch denial of service attack. System becomes unable to function because it has been deluged with messages or otherwise disrupted . The attacked server has to be brought down , firewall to be reconfigured to deny service to the attacking machine. 

4. SWOT Analysis for Network security/its products:

4.1 Introduction to the firewall:

One of the most widely used products in the field of Network Security is the firewall. It can be described as a specialized device or router that is configured to protect a network. It can also be a PC running special software. The firewall usually resides in-between two interconnected private networks or between a private and public network (Internet). One of the top quality firewalls is the EtherFastCable /DSL Router w/Built-in 4-Port Switch. 

4.2 Strengths:

Some of the salient features of the firewall are

• Encryption support:

Ability to encrypt confidential data that is passed on to the public networks

• User authentication

Ability to authenticate the users of the system and its administrators

Ability to differentiate between a user and an intruder

• Management

The firewall can be managed centrally and through a standard interface.

• Access

Ease of access enabled for permitted users without breaching security

• Filtration

The firewall does the filtration of the packets at DLL, transport and
application layers.

The firewall provides logging and auditing capabilities & initializes alert systems
for possible intrusions. The Firewall also protects the identity of the LAN from
external elements.

4.3 Weakness:

One of the major drawbacks of the firewall is the difficulty in configuring it. A firewall cannot provide the promised benefits just upon purchase and installation. The product has to be configured by experts after properly analyzing the situation. The traffic of the dataflow should be relevant to the type of firewall chosen. Improper analysis may end up in improper configuration and greater damages. The product will not be put to optimum utilization. Improper configuration increases the level of security to such an extent that users cannot communicate important information among one another. In other situations, the security level is brought so low that crackers can easily hack into the system.

4.4 Opportunities:

Opportunities are positive aspects external to the entity. Firewalls have been created as a solution to tackle the problem of network security. The rise of hackers and crackers in today's society has kept the demand up for firewalls.

Administrators are becoming all the more proficient in configuring firewalls. The firewall is being cheaper, more added functions, better configurations

• Reliability

Firewalls require plenty configuration to be effective, criteria that firewalls use to accept or deny data:

• Source and destination IP address

• Source and destination ports (e.g. ports that supply TCP/UDP connections,
FTP, telnet, SNMP RealAudio.

• The TCP, UDP or ICMP protocols

• A packet's status as the first packet in a new data stream or a
subsequent packet

• A packets status as in bound or outbound to or from your private network

• A packets status as originating from or being destined for an application
on your private network

Packet filtering routers operate at the network and transport layers of the OSI model and examines the network addresses. Users and crackers cannot be distinguished . User authentication is required for this purpose.

• Portability:

Firewalls are created flexible to several operating systems. Certain firewalls however are limited to the Win 9x , NT, 2000 & Me. Firewalls are usually installed in the routers of networks. For stand-alone systems the firewall is software installed on the system.

• Scalability:

As networks expand, the threats to security increase. “Open” networks are more susceptible to attacks than closed LANs. Therefore security measures taken in large networks are much higher. A simple firewall configured for a stand-alone need not be sufficient. 

Enhance security provided by network and transport layers are to combine packet-filtering firewall with proxy service. A proxy service is a software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic. The network hosts that run the proxy service is known as proxy server or gateway. Proxy servers maintain security at the application layer of the OSI model a proxy server is actually another filtering device for the internal LAN. It prevents the external elements from discovering the addresses of the internal network.

Every message sent first goes first to the proxy server. The proxy servers repackage the data frames that make up the message so that the source workstation's IP address is replaced by the proxy server's IP address. The proxy server would pass the repackaged data to the packet filtering firewall. The firewall verifies that the sources IP addresses in the packets are valid.