Transferring data securely over the internet is a major concern of all organisations these days. As the count of hackers, looking to hack confidential data, increasing day by day, network engineers need to secure data from reaching third parties or unauthorised personal. To do so they rely on providing authentication to the clients and ensuring efficient, reliable transfer of the original data using security standards and techniques.
The oldest and best known techniques used for encryptingÂ data over an insecure network are symmetric and asymmetric encryptions. The principle involved was a combination of public andÂ Â Â private keys. These techniques were replaced by Diffie Hellman where the secret key is securelyÂ transfered to receiver using modular function.
Using the tools like wireshark, fluke and sniffer help detecting network problems by capturing packets.
Key words : Hackers, Encrypting ,Security
2.1.Techniques for data security
184.108.40.206 Symmetric Encryption
2.1.2 Advanced Encryption Standards
3.1Tools for data security
3.1.2 Monitoring Tools
220.127.116.11 Fluke optiview
3.1.3 Internet Security using HTTPS
3.1.4 Intrusion Detection System
Data security is keeping the data safe from corruption which helps to protect our personal data by encrypting it. This article describes the tools and techniques used to secure data over internet and it also tells how the hacker gain unauthorized access.
Many organizations address security only during installation and never revisit. Maintaining security is something that must be revisited periodically. As attackers learned to store data and execute code, it became network analysts to develop their own methodologies to secure data from unauthorised access(Beth Pariseau). The investigator cannot access encrypted data unless they crack the user's password or recover the key used to encrypt the data. Keys and passwords are very rarely stored on the disk. Furthermore, it is becoming increasingly common for attackers to write viruses, Trojans, and worms that reside only in memory and do not write themselves to the physical disk drive (Shirley Radack). As a result, a forensic analysis of the disks will not reveal the code or allow analysts to understand how the attack is being executed. Many of the tools and techniques developed for legitimate purposes are modified and misused by hackers to compromise security and obtain unauthorized access to networks around the world.
According to John Livingston ,(2007) the first step for the formation of a data security policy that requires management and employs to agree on a code of conduct with respect to confidential data access and use. General principles of such a code include the following:
Identify data that strictly cannot leave the organization.
Limit the data that can leave the organization to only those that is required while away from the office.
Educate employees to gain their agreement and understanding.
2. LITERATURE REVIEW
2.1 TECHNIQUES USED FOR DATA SECURITY:
Security policy implemented in any organization should consist a "defence-in-depth" strategy (Beth Pariseau). From technical and procedural standpoint, a defence-in-depth strategy addresses personnel, technology, and operations for the duration of systems life cycle.
Implementation of protection mechanisms, procedures, and policies not only prevent security breaches, but also buy an organization time to detect and respond to an attack. The following techniques safeguard all layers to a successful security program.
The process by which information is modified to make it unreadable without a decryption key is known as Encryption. Unless one avails the Key to decrypt data, it remains useless. For centuries encryption has been the best known techniques used to protect confidential communication during wars (Hsinchun Chen, Daniel Zeng, 2006). Encryption is used by organisations these days to protect Information over many kinds of systems, including internet sites, mobile telephone networks, banking and settlement transmissions and automatic banking teller machines.
Organizations should implement efficient encryption policies and standards to retaining any sensitive information, such as social security numbers and payment card account information (Harold F.Tipton, Micki Krause, 2009). Data encryption policies implemented by organizations should encrypt data transmitted into or out of an organizations network at least for five levels.
Let's move on to discuss some encryption methodologies and standards used to provide data security
18.104.22.168 SYMMETRIC ENCRYPTION:
This is the oldest and best known technique. A secret key which can be a text, a number, a word is applied to change the content in a particular way (Csilla Farkas). This is as simple as shifting each letter by a number of places in the alphabet. As long as both sender and receiver know the secret key they can encrypt and decrypt the messages.
There are two primary types of symmetric algorithms block and stream cipher. In block cipher data is broken into blocks of certain size and each block is encrypted with the same key. In stream cipher bit by bit encryption goes with the same key.
DES is another symmetric cryptography where it uses a key that is 56bits or seven characters long. It breaks the given string into two halves and the encryption is used using S-boxes. It is considered by many to be insufficient as it can be cracked by brute force. A variant Triple DES uses a longer key and is more secure, but has never become popular .It uses three 56-bit DES keys, total a length of 168 bits. Encryption using Triple-DES is simply
Encryption using DES with the first 56-bit key.
Decryption using DES with the second 56-bit key.
Encryption using DES with the third 56-bit key.
Decryption using Triple-DES is the same as the encryption but is a reverse process of encryption.
22.214.171.124 ASYMMETRIC ENCRYPTION:
In asymmetric encryption keys come in pairs. It is also known as Public key cryptography, since users typically create a matching key pair and make one key public while keeping the other a private one. Users can send secret messages by encrypting a message with the recipients' public key (Hamido Fujita, 2006). In this case only recipient can decrypt the message. Different keys to encrypt and decrypt avoid problems with key exchange.
2.2 ADVANCED ENCRYPTION STANDARD (AES):
AES uses one of the three cipher key strengths: 128-, 192-, 256-bit encryption key. Encryption key size causes the algorithm to behave differently and increase the complexity of the cipher algorithm (Shay Gueron and Michael E. Kounavis, 2009). AES-128,AES-192, AES-256 process the data block in 10,12, or 14 iterations also called as AES rounds.The 10,12,14 round keys are derived from cipher key by the "key expansion algorithm."This algorithm is independent of the data processed, and encryption and decryption phase can be carried out independently. AES provides protection against software side-channel attacks.
2.3 DIFFIE HELLMAN:
The protocol allows two users to exchange a secret key over the insecure medium. This protocol uses a Modular function to transfer the information (Jerry FitzGerald). It is a method to securely exchange the keys that encrypt data. This secure exchange accomplishes by creating a "shared secret." Users share a secret key, using the modular function and, they encrypt or decrypt the data transferred. Thus exchange of information can be done securely.
TOOLS FOR NETWORK SECURITY:
Encryption tools usually in the form of computer programs or software are widely available and can be used to secure
Stored data, from single files to entire hard disks
Computer code such as operating systems
Information transmitted over the Internet, including emails and VoIP.
Communications such as wireless (including mobile telephony).
Both hackers and computer security professionals have developed software tools for breaking into systems or identifying security problems in the network (Csilla Farkas, Pierangela Samarati) . Many of the tools and techniques developed for legitimate purposes are modified and misused by hackers and obtain unauthorized access to networks around the world. These are some of the tools used to secure data from unauthorised access:
3.1 .1 SCANNER:
A scanner is a tool to obtain information about a host or network. These tools are developed by the security-conscious system administrators (Alex Noordergraaf, 2002). Scanners are broken down into two basic categories network auditing tool and host based static auditing tool.
Network auditing tool are used to scan a remote host or series of hosts on a network and report security related vulnerabilities for each host.
Host based static auditing tool are used to scan local host and report its security vulnerabilities (Boulanger). Static auditor is a valuable tool to both system administrator and the hacker. If the hacker is able to get an unprivileged account on the system, the local scanner will point out common security weaknesses in the host.
Remote exploits is the driving force behind the development of network tools. The firewall protects the network from remote attacks by minimizing its exposure to the outside world. For instance when we send mails, server accepts connection and communicates with the client system. In case if the mail server has security vulnerability then the server's host is vulnerable to be attacked by unprivileged users on any connected system. This is the most feared and dangerous, most closely guarded, of all the tool sets.
Local exploits is a method used to gain unauthorized privileges on computer system. Once access is attained the hackers are in control of the system. It is a good tool to utilize for system administrators and cops to ensure the systems can withstand.
3.1.2 MONITORING TOOLS:
Monitoring tool allows a user to monitor the computer system and the network data (Boulanger, 2001). Intruders can also use this information to prepare attacks against other computer systems. This category of tools includes:
Wireshark is a wonderful tool to track network problems. It is a helpful tool for network administrators. The use of wireshark and its features can solve many network analyzed problems which are very hard and difficult to find.
Its a powerful tool to know about the behaviour of the protocols in the network range. Using wireshark the network administrators can analyze traffic generated by different application users so that the administrator can allocate relevant bandwidth for different applications to overcome network outage (Nitesh Dhanjani, Justin Clarke, 2005). It is a good tool to trouble shoots the network problems. By using wireshark we can improve the performance of the network.
Inefficient performance: If the network performance is very slow i.e for example if we run an http page request from the server and the server replies slowly then the network administrator can check for the bandwidth performance over the Ethernet line or cable.
Protocol problems: If they are multiple protocols running in the network and there is incompatibility between two protocols the network administrator can use wireshark to deal with the problem.
Virus files: when a person in the network sending a lot of intended or unintended virus files in the network then the network administrator using wireshark can view the packets send by the person by viewing its ip address and the data it sends (Carlo Kopp).
126.96.36.199 FLUKE OPTIVIEW:
It is an integrated network analyzer through which the network administrator can analyze the entire network blueprint (Lei Wang,2009). It has all the features encapsulated in it like monitoring and troubleshooting.
It starts its discovery process through the Ethernet card. It gives the real time results of the devices connected and the problems associated with the network.
Problem discovery: It analyses the problem in the network and display it on the screen. The problems are displayed according to the severity and the problems which are discovered. It also displays the resolved problems.
Cable test: It automatically performs the cable test and gives the details of the cable which is used to attach the devices like bandwidth, cable length.
Packets capture: It captures packet, it uses the context sensitive filter and a capture engine which automatically gives the source and the destination address. If the source and destination are sending the data it even captures the data which is send from source and destination.
Reporting and monitoring: Optiview reporter software transforms the collected network data to professionally formatted documents it creates the reports on net bias or IP inventory devices (Carlo Kopp). It gives the report about collisions in the network the bandwidth utilization and the errors in the network.
Analyzing the web: With the fluke optiview the network administrator can be anywhere in the network while sitting on the single host by using this tool we can view the real time remote monitoring problems and try to solve the problems sitting in the host system. The remote web browser directly connects to the distinct sites of the network directly from the administrators desktop we can learn multiple sections.
188.8.131.52 PACKET SNIFFERS:
A "sniffer" program monitors and logs network data (Boulanger, 2001). The network traffic that passes through a host's network interface usually contains user name-password pairs as well as other system information that would be useful to an intruder. Most systems do not encrypt the data that are transmitted on a computer network. A hacker with physical access to the network can plug in a sniffer, monitor the network traffic, and gain enough information to be able to access other systems on the network.
3.1.3 INTERNET SECURITY USING HTTPS:
HTTPS is a hypertext transfer protocol over a secure socket layer. It encrypts as well as decrypts the web pages. It is the protocol developed by the Netscape. It uses the port 443.
Ajax Secure Service Layer:
According to Judith Myerson, (2008) ASSL, a library distributed under the MIT license, is the open source Ajax version of SSL that comes without HTTPS. Because HTTP is not secured, ASSL at the browser cannot check the SSL certificates like SSL does. Instead, ASSL uses the RSA algorithm to enable the client to negotiate a random 128-bit key with one or more servers. Once the connection has been established, this Ajax tool uses the AES algorithm to send and receive data. ASSL is better suited in securing non-critical sites as chats and blogs that come through firewalls, because these sites do not require SSL certificates.
ASSL starts the process when the browser calls the server. After the server receives the call, it returns its RSA modulus. Next, the browser generates a random exchange 128-bit key, encrypts it using the server public key, and passes the encrypted exchange key to the server. The server receives the encrypted exchange key and decrypts it with its private key. Finally, the browser receives the session duration time and sets a timeout to keep the connection alive.
3.1.4 INTRUSION DETECTION SYSTEMS:
Intrusion detection systems are another kind of security providers which help organizations to identify security attacks in time and encounter them effectively.
The three mandatory security functionalities that should be served by an efficient intrusion detection system (IDS) are: It should monitor, detect, and respond to unauthorized activity by any external or internal intrusion (Hsinchun Chen, Daniel Zeng, 2006). The functionality of IDS s is to issue an alert to an appropriate incident responder as soon as certain network events, defined by their policies, are detected.
Some IDSs also have the capability to respond automatically for a given event. These automatic yet tactical responses might include logging off a user, disabling a user account, or executing a number of other countermeasures.
Firewalls control access to computer or network resources. It resides between a restricted system and other network components, including the internet. Every packet of information flowing in or out of the restricted system must pass through Firewalls. Only data that adheres to specific rules implemented by the firewall are allowed to pass successfully.
To develop a reliable and robust internal firewall strategy, internal host should be accurately classified into logical segments based on the connectivity they require with other internal hosts (Lei Wang, 2009). Once a firewall strategy is developed mechanisms to enforce these connectivity requirements are implemented.
A firewall administrator should have profound understanding of network protocols and of computer security to configure and maintain of firewalls effectively (C. Farkas & Pierangela Samarati). A very simple mistakes caused by a routing error, can make a firewall worthless as a security tool and can even expose the network to further exploitation.
Organizations are now beginning to address seriously the issues of electronic and data security. If an organization depends on its computer network for its daily operations then it should take necessary steps to better secure the systems. If an organization has the Internet connection, installing a firewall an implementing Security measures such as discussed above can provide effective protection against the attacks.