How Can We Securing Ipv4 Networks Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

More and more, we are using an IP networks. Company business reliable on this environment security is a constantly growing requirement. We expect to use secure network applications and services. Network become more and more complex, securing it become a prerogative.

Network security is now an integral part of computer networking and involves protocols, technologies, devices, tools and techniques to secure data and mitigate threats. Network security solution emerged in the 1960s but did not mature into a comprehensive set of solution for modern networks until the 2000s [1].

Device to secure a networks

Almost every company is now connected to Internet, and most of the threats will come from Internet. In order to secure the internal network, the basic design is to put a firewall between the internal network and the external network (the Internet in most cases). A firewall can have two different approaches: only block specific traffic and allow everything else or only allow specific traffic and block the rest.

The firewall is the most important device in network security, it provides security on the network and stop forbidden traffic. Generally it is placed between internet and the company network, but it can be place anywhere to secure parts of the network. Ideally every device connected to the network will have a firewall running on it. The firewall can be software or a dedicated device.

There are different type of firewall [2], some are basic firewall analyzing only the destination (also called stat less) of every packet or complex firewall analyzing every data of every packet until the layer 7 using a technique called Deep Packet Inspection (DPI) and keeping track of opening session (also call state full).

Except the firewall, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) [3] can be use to increase the level of security on the network.

IDS like a firewall, can be a dedicated device or a software application, it will monitor networks or systems activities for malicious activities and warn the network administrator, it cannot block any unauthorized flow that it detects.

IPS works more deeply than IDS, it also monitors network traffic and system activities for suspicious action but can block it.

A proxy server is another device which role is to act as a middle man generally between internal and external networks. They are use more often for HTTP traffic but you can have a proxy for any protocol/application. Because all the traffic will go through this device for a network, applying security policy is easier for a network administrator. [4]

Virus and worms have become more and more smarter, to provide our network to get infected using antivirus on every devices connected which is really important. antiviruses are host-based and need to be keeping up to date.

Threat Analysis

Reconnaissance Attacks

The first category of attack is reconnaissance (also known as gathering). It is generally the first type attack use by an hacker. In this attack the hacker tries to learn any information he can get about the victim network. This includes both type of gathering information: active (scan) and passive (searching in public resources). To gain access to a network, reconnaissance attacks use various tools like:

Packet sniffers

Ping sweeps

Port scans

Mitigating reconnaissance attacks is relatively easy, implement IPS can stop port scanning and ping sweeps, encryption will make packet sniffing useless.

Denial Of Service attacks

A Denial Of Service (DOS) [5] attack attempt to by many way to interrupt services to users, devices, or applications. They are several ways to generate a DoS attack. Generating a large amounts of valid traffic is simplest method in order saturates the network so that valid user traffic cannot be process.

A DoS attack can use the fact that systems such as servers must keep state information. If the software is badly made, sending specific information or more than expected (buffer overflox) can makes the server crash of network packets (buffer overflow).

There are two types for a DoS attack:

A system receives a specific data that it was not programmed to process and the server will crash.

A system is unable to process all the data it receives because the quantity are enormous, causing the system to become extremely slow event to crash.

DoS attacks try to compromise the availability of a network, host, or application. They are a major risk, they can easily paralyze a business and cause significant loss. Moreover these type attacks are not difficult to conduct, even by an unskilled hacker.

A DOS attacks can use the follow technique:

Ping of Death

Smurf Attack

TCP SYN flood

Mitigating DOS attack can be really difficult, because you have to make the difference between real traffic and the attack. Firewall and IPS are the most important element to prevent DOS. But because DOS reliable generally on spoofing source address, using antispoofing technology is strongly recommended.

Rogue device

Rogue devices are any devices connected to the network that are not authorized. It can be a simple unauthorized laptop, or more interesting for an attacker wireless access point with DHCP or DNS server to intercept data and access it via wi-fi.

ARP and DHCP attacks attempt to provide malicious information to host before it receive the valid one. These attacks need a physical access to the network. The attacker try to get end hosts to communicate with an unauthorized or compromised device by hijack IP address of the router or provide incorrect network information such as default gateway, DNS server IP addresses, and so on. All information going thought the network will pass by the rogue device which can intercept them and reroute to the original destination.

To avoid rogue device to be installed on the network, using AAA servers, layer 2 securities as 802.1x protocol, disable non-used port on switch.

Best practices

Defending your network against attack requires constant vigilance and education. Using a firewall between your trusted network and untreated network is the most important part.

Keep patches up to date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks.

On the network devices such as switches routers or servers, shut down unnecessary services and ports and use strong passwords and change them often.

Physical access is also really important, using password to access to a device prevent any visitor so get in the network. Keep switches, router and server in a secure room where access is controlled.

Perform backups saved in different secure location and test the backed up files on a regular basis provide an emergency plan in case of disaster.

But the most important is to educate employees about the risks of social engineering and attack such an attached file on email, and develop strategies to validate identities over the phone, via email, or in person.

Implement security hardware and software such as firewalls, IPSs or IDSs, virtual private network (VPN) devices, anti-virus software, and content filtering are the foundation of a secure network.

Yet all this security measure are not enough, it is very important to think about physical security and access, recording personal entry per example.