This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Internet and System technology has been a key technology for a vast of applications. Security is very vital to application and network i.e. intranet, extranet, internet. Although, internet security is a critical requirement in emerging networks, there is a major lack of security methods that can be easily implemented. There exits "communication gap" between the developers of security technology and developers of the networks. Open Systems Interface has produced a well-devised process which is called Network design. It does not only offer flexibility, ease-of-use, but also offers modularity, and standardization of protocols. This modular development can be done by combining the protocols of different layers. And this flexibility in development can be done by implementing individual layers without making other adjustments. Secure network design is not a well-devised process in comparison to network design. There is not a methodology to manage this complexity of security requirements. Secure network design doesn't contain the same advantages as network design.
When network security comes into consideration, it must be stressed that the whole network is secure. Network security does not limit to the security in the computers at each end of the communication chain. When communicating data the communication channel should not be vulnerable to attack. A hacker can easily target the communication channel, obtain the data, decipher it and reâ€insert a false message. Securing the internet is just as important as securing the computers and encrypting the message.
When developing a secure internet, the following need to be considered :
1. Access - authorized users are provided the means to communicate to and from a particular network
2. Confidentiality - Information on the network remains the private
3. Authentication - Ensure the users of the
Network is who they say they are
4. Integrity - To ensure that message is not modified in the network
5. Nonâ€repudiation - Ensure the user does not refute that he used the network
An effective network security plan is devised with the understanding the principles of security issues, potential attackers, needed level of security, and factors that make a network vulnerable to attack .
There are many products available to lessen the vulnerability of the computer to the network. These tools have encryption, authentication mechanisms, intrusionâ€detection, security management and firewalls. Businesses all over the world are using a combination of some of these tools. The internet architecture itself leads to vulnerabilities in the network. To understand the security issues of internet assist in developing new security technologies and approaches for networks with internet security.
The different types of attacks through the internet need to be studied to be able to detect and to guard against them. There is an establishment of an intrusion detect system based on the types of attacks most commonly used. Network intrusions consist of packets that are introduced to cause problems for the following reasons:
To consume resources inoperably
To interfere with any system resource's intended function
To gain system knowledge that can be exploited in later attacks
All the typical security currently exists on the computers which are connected to the network. In OSI reference model, security protocols as a single layer. A layered approach is taken to secure the network design. This security approach leads to an effective and efficient design which circumvents some of the common security problems.
2. INTERNET ARCHITECTURE AND SECURITY ASPECTS
Fear of security breaches on the Internet is causing organizations to use protected private networks or intranets . The Internet Engineering Task Force (IETF) has introduced security mechanisms at various layers of the Internet Protocol Suite . These security mechanisms allow for the logical protection of data units which are transferred across the network.
Figure 1: IPsec contains a gateway and a tunnel in order to secure communications. 
IP Security known as the security architecture of the internet is a standardization of internet security. IPsec covers the new generation of IP (IPv6) as well as the current version (IPv4). Even though new techniques, such as IPsec, have been developed to overcome internet's bestâ€known deficiencies, they seem to be insufficient. Figure 1 shows a visual representation of how IPsec is implemented to provide secure communications. IPSec is a pointâ€toâ€point protocol, one side encrypts, the other decrypts and both sides share key or keys. IPSec can be used in two modes, namely tunnel mode and transport modes.
3. Attacks through the Current Internet Protocol IPv4
There are four main computer security attributes. They were mentioned before in a slightly different form, but are restated for convenience and emphasis. These security attributes are confidentiality, availability, privacy, and integrity.
Availability means the computer assets can be accessed by authorized people . Privacy is the right to protect personal secrets . Various attack methods relate to these four security attributes. Table 1 shows
The attack methods and solutions.
Common attack methods and the security technology will be briefly discussed. Not all of the methods in the table above are discussed.
Computer Security attributes
Technology for Internet Security
Eavesdropping, Dos attacks, IP spoofing
IDS, Firewall, IPSec, SSL
Viruses, Worms, Trojans, DoS
IDS, Anti-Malware, IPSec and SSL
Email bombing, spamming, Hacking
IPSec and SSL
DoS, Email bombing, Spamming and System boot infectors
IDS, Anti-malwareand Firewall
Table 1: Attack Methods and Security Technology 
3.1 Common Internet Attack Methods
Common internet attacks methods are broken down into categories. Some of the attacks gain personal information or system knowledge, such as eavesdropping and phishing. Some attacks interfere with the system's intended function, such as worms, viruses and trojans. Denial of Service is when the system's resources are consumes uselessly. Other forms of network intrusions also exist, such as smurf attacks, teardrop attacks, and land attacks. These attacks are not as well-known as DoS attacks, but they are used in some form or another even if they aren't mentioned by name.
When communications are intercepted by unauthorized party, it's called eavesdropping. When person secretly listens to networked messages it's called passive eavesdropping. On the other hand, active eavesdropping is when the intruder listens and inserts something into the communication stream. It can lead to the messages being misleading. Sensitive information can be stolen this way .
Viruses are selfâ€replication programs that use files to infect and propagate . Once a file is opened, the virus will activate within the system.
A worm is similar to a virus but it does not require a file to allow it to propagate . There are two main types of worms, network aware worms and massâ€mailing worms Mass mailing worms use email system as a means to infect other computers. Networkâ€aware worms are a major problem for the Internet. A networkâ€aware worm selects a target and once the worm accesses this target host, it can infect it by means of a Trojan or otherwise.
Trojans seems to be benevolent programs to the user, but will actually have some malicious purpose. Trojans usually carry some payload such as a virus .
Phishing is to obtain confidential information from an individual, group, or organization . Users are tricked by phishers into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information.
3.1.6 IP Spoofing Attacks
Spoofing means to have the IP address of the computer mirror the address of a trusted computer in order to gain access to other computers. By making detection and prevention difficult, the identity of the intruder is hidden. IPspoofed packets cannot be eliminated with the current IP protocol technology .
3.1.7 Denial of Service
When the system receiving too many requests cannot return communication with the requestors is called Denial of Service . The system then consumes all the resources waiting for the handshake to complete. Eventually, the system cannot respond to any more requests rendering it without service.
3.2 Technology for Internet Security
As long as information is accessible and transferred across the Internet, Internet threats will continue to be a major issue in the global world. Different defense and detection mechanisms were developed to deal with these attacks.
3.2.1 Cryptographic systems
Cryptography is very useful and widely used tool in security engineering today. It transforms data into unintelligible with use of codes and ciphers.
A firewall is like a typical border control mechanism or perimeter defense. The firewall used to stop the traffic from the outside but it can be used to do the same from inside. A firewall is the front line defense mechanism against intruders. Firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software or a combination of both .
3.2.3 Intrusion Detection Systems
An Intrusion Detection System (IDS) is an additional protection system that helps ward off computer intrusions. IDS systems can be hardware and software devices used to detect an attack. IDS products are used to monitor connection in determining whether attacks are been launched. Some IDS systems just do alert of an attack and monitor, whereas others try to block the attack.
3.2.4 Antiâ€Malware Software and scanners
Worms, Trojan horses and Viruses are all examples of malicious software, or Malware for short. Special soâ€called antiâ€Malware tools are used to detect them and cure an infected system.
3.2.5 Secure Socket Layer (SSL)
A standard way to achieve a good level of security between a web browser and a website is called Secure Socket Layer (SSL) is a suite of protocols. SSL is designed to create a secure channel, or tunnel, between a web server and the web browser, so that if any information exchanged is protected within the secured tunnel. Authentication is done by providing certificates by SSL. Clients present a certificate to the server to prove their identity.
4. Security Issues of IP Protocol IPv6
From a security point of view, IPv6 is a considerable advancement over the IPv4 internet protocol. IPv6 still continues to be vulnerable to threats despite having great security mechanisms. Some areas of the IPv6 protocol still pose a potential security issue.
This new internet protocol does not protect against poorly designed applications, misconfigured servers or poorly protected sites.
The possible security problems emerge due to the following :
Header manipulation issues
Due to the IPsec's embedded functionality, Header manipulation issues arise . Because of header manipulation extension headers deter some common sources of attacks. The only problem is that extension headers need to be processed by all stacks, and this can lead to a long chain of extension headers. The huge number of extension headers can overwhelm a certain node and is a form of attack if it is deliberate. Spoofing continues to be a security threat on IPv6 protocol.
When a whole section of a network is scanned to find potential targets with open services, it is called port scanning occurs . Despite having large address space, IPv6 protocol is still not invulnerable to this type of attack. IPv6 has incorporated a new feature called Mobility. The feature requires special security measures. While using IPv6's mobility feature, Network administrators need to be aware of these security needs.
5. Security Issues of DNS
We will briefly review some of the most attacks on Domain Name Server known as DNS.
5.1 Man in the middle (MITM) attacks
The recipient of data from a DNS name server has no way of authenticating its origin or verifying its integrity. There is no mechanism in DNS for servers to provide authentication details for the data they push down to clients. Authenticity and integrity of the data sent by name servers cannot be verified by a resolver.
The Resolver can only authenticate destination and source port numbers and DNS transaction ID, the origin of a DNS reply data packet using the source IP address of the DNS server,. An attacker can easily craft a DNS server response packet to match these parameters. The client is left with no choice but to trust as reliable the data provided by an attacker. An attacker can resolve legitimate queries, responding with false information.
5.1.1 Packet Sniffing
DNS sends an entire response or query in a single unsigned, unencrypted UDP packet, which makes it easy to tamper with. A wrong answer can be generated fast enough to reach the resolver before the correct answer from the name server by capturing DNS query packets. An attacker can capture DNS Reply packet from name server and modify it by compromising a router on a transit network. This will not be detected by the resolver as no source authentication or data integrity checks are supported.
5.1.2 Transaction ID Guessing
Without having to be on the LAN to intercept packets an attacker can respond with false answers to a predicted query. Resolver or name server will cache these answers. The DNS Transaction ID field is only a 16-bit field, and the server UDP port associated with DNS is 53. On the client there are only 232 possible combinations of ID (216) and client UDP ports (216) for a given client and server. The client UDP port and the Transaction ID can be predicted from previous queries. Due to firewall restrictions, client port will be a known fixed value, or due to resolver library behavior the port number will increase incrementally.
5.2 Caching Problems
The DNS sacrifices consistency in favor of reduced access time through the use of caches. Concerns about cache inconsistency and staleness of data are raised by DNS caching. Stale information may include security critical information, e.g. a compromised key. The current DNS protocol does not support to spread data updates or refutations to caches or DNS server in a fast and secure way.
5.2.1 Cache Poisoning using Name Chaining
This attack defines false information into DNS caches. This can be achieved by means of DNS RRs whose RDATA portion includes a DNS name which can be used as a hook to let an attacker feed bad data into a victim's cache. The most affected types of RRs are CNAME, NS and DNAME RRs.
5.3 DDoS attacks
DDoS attacks can have a significant impact on the global DNS database and its users. They are usually directed at root servers. This was evident with the recent DDoS attack in June 2004 , which was a repeat
of a similar attack in October 2002 . These attacks caused a loss of availability of name resolution services to the Internet community.
6. Domain Name System Security Extension (DNSSEC)
DNSSEC adds security to the DNS protocol by providing data integrity, origin authentication and authenticated denial of existence to DNS data provided by a name server. All answers from DNSSEC servers are digitally signed. A DNSSEC resolver is able to check if the information originated from a legitimate server and that data is identical to the data on the authoritative DNS server by checking the signature. An authenticated denial is produced if the data is not present on the server.
DNSSEC requires only minor changes to the DNS protocol to maintain backward compatibility with DNS. DNSSEC adds four record types to DNS, namely DNS Public Key (DNSKEY), Resource Record Signature (RRSIG), Next Secure (NSEC) and Delegation Signer (DS). DNSSEC uses two of the previously unused flag bits in the DNS query and answer message header (AD and CD). The AD (Authentic Data) bit in a response indicates that all the data included in the answer and authority portion of the response has been authenticated by the server. The CD (checking disabled) bit indicates that unauthenticated data is acceptable to the resolver sending the query. DNSSEC requires the use of EDNS0  extensions that override this limitation because the UDP protocol has a packet size limit of 512 bits, so that larger key sizes can be accommodated.
DNSSEC does not prevent MITM attacks on DNS through the addition of data origin authentication, transaction and request authentications, but DNSSEC helps to identify them. Both servers and resolvers must use the DNSSEC protocol to maintain data origin authenticity and integrity,
6.1 Keys in DNSSEC
Each secured zone will always have a key pair, made up of a zone private key and the corresponding public key. The zone public key is stored as a resource record (type KEY) in the secured zone. The public key resolvers to verify the zone's digital signature and is used by DNS servers. All resource records in a secured zone are signed by the zone's private key. It is possible to use one or more keys as Key Signing Keys (KSKs) to make zone re-signing and key roll-overs easier to implement.
A Key Signing Key will only be used to sign the top level KEY RRs in a zone. Zone Signing Keys (ZSKs) are used to sign all the RRsets in a zone.
6.2 Signatures in DNSSEC
DNSSEC provides an un-forgeable authentication of a RRset by associating it with a signature resource record that binds DNS data to a time interval and the signer's
MD5 or SHA-1 is used to generate Hashes. MD5/RSA, DSA or elliptic curve cryptographic algorithms are used to create Signatures. Signatures are stored as resource records (type RRSIG) and are used with the zone's public key to authenticate resource records.
6.3 NSEC Records
Each unique name in a secured zone is also assigned a corresponding NSEC resource record, which points to the next name present in the zone. What resource records actually exist in NSEC zone is defined by sequential chain of NSEC resource records for that zone. The zone private key, preventing the zone from being compromised through unauthorized addition or deletion of zone resource records sign the NSEC resource records. NSEC resource records for a zone are automatically generated when the zone records are signed.
7. Intranet Architecture
The technologies of the Intranet and Internets are quite similar, but the way in which the technologies are exploited, are different. Internet can be defined as a computer network, which is based on smaller independent networks owned by single organizations. These small networks are connected by means of routers and fixed communications connections to the global Internet.
The Internet was originally defined as a communication channel for researchers, scientists and specialists. Then, Simplification of data and information search took place by the introduction of browser software and the graphical user interface. New groups of people were attracted by the uncomplicated use of browsers and the explosive increase of information available on the net.
As a conclusion, we offer the following definition:
An Intranet is an internal computer system based on Internet technology and owned by a single organization. Outsiders have strongly restricted access to the Intranet. The communication networks of the Intranet are based on local networks at the different sites of the organization and the interconnecting networks between them. Communication between the remote sites of the organization is carried out via the Internet, the network of the organization or a hired network supplied by a network operator. The user interface consists of WWW browsers, enabling the transmission of text, voice and image files.
There have been a lot of open questions concerning Intranet security and further research is an absolute necessity. It is very hard to discuss security without reference to technical solutions.
From the technical point of view, Intranets are systems using physical network opponents. The basic components are the same in every organization:
·€ € Workstations
·€ € Server Computers
·€ € Network cables
·€ € Physical interfaces to networks
·€ € Network and transportation protocols
·€ € TCP/IP services
The realization of an Intranet is always organization-dependent. The basic Intranet solution consists of a server computer and a number of workstations connected to it by means of a network. The server dynasties Intranet software and the documents presented. Viewing of these documents is allowed by Browser software from the workstations. Intranets are in many senses identical to traditional local area networks (LANs), the only difference is that Intranets include a server.
Figure 3 Intranet Hardware
Intranets are virtual networks based on real network architecture from the point of view of information networks. A virtual network is a logical information network connecting limited groups of users by means of real networks. Intranets are private networks within a single organization from the organizational point of view. And they only reserve a small part of the organization's network for their own use.
In Figure 4, the thicker lines represent the virtual network connecting the different sites
A, B and C of an organization. The thinner lines, in turn, depict the rest of the organization's communications network.
Intranets increasingly resemble that of the Window desktop in terms of available application programs, the work environment. These increasing numbers of applications are capable of exploiting the advantages provided by Intranets, thereby blurring the distinction between Intranet applications and workgroup tools. In addition to their communication facilitation function, intranets are capable of offering a wide variety of services including applications supporting group work, expert tools, decision support systems, database management tools, corporate telephone directories and orientation applications for new employees. The possibilities are practically limitless.
Figure 4 Virtual Private Network structure
8. Security threats in Intranets
There are security threats in intranets same as they exist in Internet. The interest of potential misusers might be increased by assets held on internal Intranets. Hence, protecting data and Intranets and information transmitted via them against various threats jeopardizing the integrity, availability and confidentiality of information is an extremely important consideration.
There are several ways of classifying information security threats. In this research, we use the following classification:
·€ € Threats based on technology
·€ € WWW technology
·€ € Software
·€ € Software code under process
·€ € Telecommunications
·€ € Viruses
·€ € Threats based on human activities
·€ € Natural phenomena
8.1 Threats based on technology
The following list of technology-based threats is presented without further discussion.
â€¢ Threats based on WWW technology
â€¢ New features in browser software
â€¢ Browser software test versions
â€¢ Server software
â€¢ CGI scripts
â€¢ Threats based on Unix and TCP/IP tools
â€¢ Difficulties in firewall management
â€¢ Use of cryptographic software
â€¢ Hacker tools
â€¢ Other software based threats
â€¢ Intranet application software
â€¢ Java language
â€¢ Threats based on communications
8.2 Threats based on Human Activities
Hacking comprises the most serious threat for the modern society in the next millennium. All other types of harm may be derived to hacking. Thus, hackers may be behind virus attacks, software piracy, theft, information misuse and sabotage.
An Intranet poses a serious threat using as the part of Internet, because the Internet is inherently not secure. As a result, users should be very cautious particularly in encrypting their communications. Alteration of message contents (superzapping), prevention of service availability, imitation (spoofing), reply (rapid fire) and active and passive wiretapping are among the most malicious threats. Wiretapping, for example, could lead to a situation where strategic knowledge regarding an organization gets in the hands of outsiders, if communication encryption is not implemented by means of strong encryption methods.
Hacker tools which are developed for the Internet are also usable on Intranets. They can be hardware or software based or a combination of both. Their authorized use includes correcting and finding information security weaknesses on Intranets. However, they also able insiders to hack such communication systems and access information which they are not authorized to access. Hacker tools can be divided into six categories:
·€ € Tools for finding attack objects (searching telephone numbers and network addresses)
·€ € Password tools (stealing and opening passwords)
·€ € Communication tools (following, disturbing and misleading communications)
·€ € Security hole tools (searching and "defining" security holes)
·€ € Damage and teasing tools (viruses, worms and chain letters)
·€ € Other tools (based on well-known information security holes of systems and combination tools)
Threats caused by people, employees in particular, can be much more serious on Intranets than on the Internet. Personnel unvaryingly constitute the most severe information security threat. Intranets have made easier for employees to access information, but they have also made it easier to misuse this information.
Dishonesty among personnel is always considered to be an information security threat. It is easier for corporate personnel to gain access to sensitive information than outsiders. Authorized users might be attracted to exploit vital information. Even unauthorized members of staff may access sensitive information, if, for example, they know the weaknesses of the system. Also negligence among personnel and carelessness may result in sensitive information landing in the hands of unauthorized persons. Papers left lying on a table are easy to read and copy. Printing a document into a wrong address may also have an undesirable outcome.
8.3 Threats based on natural phenomena
Natural phenomena have always been difficult to estimate source of information security threats. Even though such threats may feel insignificant, they must nevertheless be registered. Attention should be paid at least to the following eventualities: thunderstorms, floods, frost in the ground and earthquakes. They all have the capacity to bring down Intranets.
9. Protection methods in Intranet
In an attempt to provide protection against Intranet security threats a number of governments have adopted the model of the Canadian Mounted Police (1980) based on eight security levels. The most important levels in Intranets are those of communications, software, data and operations security. These are the areas in which Intranet security solutions differ most from their Internet counterparts.
9.1. Communications Protection
Communications security is very important when the Internet is employed as a communication channel between the different sites of an organization. The same things are applicable for isolating Intranets from external networks than in protecting internal networks. Firewall hardware may protect Intranets against external hacking and other information security threats. Firewalls are used to control traffic in communication networks and they do it by examining the communication passing through them and by imposing certain restrictions on it. Such communications as fail to follow the restrictions are filtered out. Firewalls use one or more of the following basic technologies:
·€ € Server-based communications filtering
·€ € Router-and-server-based packet filtering
·€ € Server-based communication transmission for every single application
The many parts of an Intranet can be secluded with firewalls thus growing information security against internal misuse. These kinds of firewalls also prevent external invaders from moving on the Intranet. One can encrypt an organization's network addresses for outsiders using address translation. All data packages have an identical network address in address translation, when they leave the network of the organization. Address conversion restricts unknowns from making decisions based on real network addresses and the number of addresses within the organization.
9.1. Data Protection
The probability of internal information security threats is decreased by appropriate data protection. All materials that can be published on a corporate Intranet should have Personnel guidelines. A basic, yet very effective way of providing a security organization on an Intranet is to divide all corporate data into data that can be published and data that cannot be published on the Intranet. The limitations of user rights are an essential consideration when publishing confidential data on the Intranet. The deletion of data on the Intranet should be provided by clear guidelines. In addition, all data published on the Intranet must be backed up using appropriate back-up media. Finally, user rights for every Intranet directory and file must also be carefully defined.
9.1. Operations Protection
Intranet operations security contains activities which advance security without influencing practices. Thus, security threats posed by business personnel should be prohibited in a simple and efficient manner without cooperating the efficiency of the system as supposed by the users. The right to use the different parts of an Intranet and the right to access each data directory must be defined for each employee in harmony with to his/her tasks. Isolated access must also be carefully regulated to ensure security. The design and implementation of operative user rights management is in many ways a demanding process, but a successful solution significantly decreases information security threats posed by corporate personnel.