This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The National Computer Security Center has issue guidance for trusted computer networks call the Trusted Network Interpretation (TNI) of the Trusted Computer System Evaluation Criteria (TCSEC). The Trusted Network Interpretation (TNI), also called the Red Book, was published in 1987. With the Orange Book as its basis, the Red Book addresses network and telecommunications. The purpose is to evaluate vendor products for use in trusted (secure) networks and let users know the level of trust they can expect from these products.
The TNI provide requirements for trusted computer networks that extend the guidance provided for traditional stand-alone computer systems by the TCSEC. It is probable that this Department of Defense (DOD) technical security guidance will be used as the basis for certification of DOD network system acquisitions. The author presents three major steps illustrating an application of the TNI. The stepladders are: formulating a TNI view; determining the fitting TNI security requirements that will apply; and formulation of network security architecture base on the allocation of the resolute security necessities.
Information Technology Security Evaluation Criteria (ITSEC):
The Information Technology Security Evaluation Criteria (ITSEC) is a standardized set of criteria for the evaluation of IT security products. It is an older standard than the Common Criteria (CC) and is recognized primarily in the UK, Australia and New Zealand.
ITSEC is a standard against which security evaluations of information products can be undertaken. It enables products to be compared using independently generated certifications. Six assurance levels are defined by ITSEC; E1 is the lowest level of assurance and E6 the highest.
ITSEC addresses protection of information from unauthorized disclosure (confidentiality), modification (integrity), or loss of use (availability). ITSEC is applicable to hardware, firmware and software systems.
The Common Criteria
Common Criteria, an internationally approved set of security standards, provide a clear and consistent evaluation of the security capabilities of Information Technology products. The Common Criteria represent the ending of efforts to develop criteria for estimate of IT security that are widely useful within the international community. It is a configuration and increase of a number of source criteria: the existing European, US and Canadian criteria (ITSEC, TCSEC and CTCPEC respectively).
The standard contains three main sections:
Part I: Introduces the standard, provides a glossary, and identifies abbreviations and other mention information
Part II: States the real functional security requirements needed to maintain a high level of data declaration and protection.
Part III: Describes classification requirements for the assurance levels
Evaluation Assurance Level:
Methodically tested and checked
Methodically designed, tested, and reviewed
Semi-formally designed and tested
Semi-formally verified designed and tested
Formally verified designed and tested
e) Types of Products evaluated using security Evaluation criteria: Evaluating a product with respect to security requires identification of the customer's security needs and an assessment of the capabilities of the product.
There are many types of products are evaluated using security criteria based of the security categories. These are given bellow:
1. Identification and Authentication:
2. Access Control:
3. Intrusion Detection:
Network Based IDS
Host Based IDS
Packet Filter Firewall
Application Proxy-Gateway Firewalls etc.
5. Public Key Infrastructure:
Key Protection and Cryptographic Modules
6. Malicious code protection:
Focus on: Intrusion detection systems
1. Intrusion detection systems (IDS):
An intrusion detection system (IDS) a device (or application) that monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network.
Figure: Intrusion detection system
IDS come in a variety of "flavors" and approach the goal of detecting suspicious traffic in different ways. There are IDS that detect based on looking for specific signatures of known threats- similar to the way antivirus software usually detects and protects against malware.
2. Intrusion prevention systems:
An Intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for spiteful or unwanted behavior and can react, in real-time, to block or avoid those activities. Network-based IPS, for example, may operate in turn to monitor all network traffic for malicious code or attacks. When an attack is detect, it can drop the antisocial packets while still allow all other traffic to pass. Intrusion prevention technology is considered by some to be an addition of intrusion detection (IDS) technology.
Figure: Intrusion prevention system (IPS)
3) Three main types of Intrusion-Detection systems
There are two main types of IDS's: network-based and host-based IDS.
Network intrusion detection system (NIDS)
In a network-based intrusion-detection system (NIDS), the sensors are situated at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malevolent traffic.
It is an independent stand that identifies intrusions by exploratory network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain admission to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap.
Host-based intrusion detection system (HIDS)
In a host-based system, the sensor typically consists of a software agent, which monitors all activity of the host on which it is installed, including file system, logs and the kernel. Some application-based IDS are also element of this category.
It consists of an agent on a host that identifies intrusions by analyze system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host actions and state. An example of a HIDS is OSSEC.
As mentioned previously, the term honeypot refers to a computer system masking its identity and inviting abuse to collect information on attackers. Although honeypots have recently gained in popularity, they have been deployed in various functions over the past decade. But because many security professionals have a variety of misconceptions about honeypots, this intrusion detection device has been slow to catch on.
There are a number of tools that can be installed on a honeypot, and a honeypot can serve any number of purposes. Some popular examples of honeypots include:
A computer system that is built to be secure and generates an event for any computer that attempts to bypass its security controls.
A Linux server that is configured to respond like a Windows machine to record malicious attacks against Windows hosts.
4) IDS evasion techniques:
Intrusion Detection System evasion techniques are modification made to attacks in classify to foil detection by an Intrusion Detection System (IDS). Approximately all published evasion techniques modify network attacks. The 1998 paper Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection popularized IDS dodging, and discusses both evasion techniques and areas where the correct explanation was unclear depending on the targeted computer system. The 'fragroute' and 'fragrouter' programs implement evasion technique discussed in the paper. Many web vulnerability scanners, such as 'Nikto', 'whisker' and 'Sandcat', also
b) Selected free IDS and function of Intrusion Detection Systems:
There are many IDSs available in the internet many of which are free and many need to buy. I searched through internet for free versions of IDS and found many such as Snort, Prevx Home, SnoopNetCop, AIDE, Prelude etc. But I went for Snort. Because
There are many free IDSs available in the internet. I select XRAY Intrusion Detection System. It run on UNIX based Servers, but for win32 there is scarcely any Attack finding Software and that why we wrote XRAY.
Figure: Main Window of XRAY
Main Window of XRAY enables logging of suspicious packets, or simply logs every packet that arrives at the System.
Through selecting the Network interface to listen on and clicking on the Start button, the IDS will start to run and analyze anything that arrives in excess of the Network.
Figure: Options menu
In the Options menu can select the Rulset. This tells XRAY what it should look for.
Figure: Email notify
It has Email notify. Click on the Options menu and select Email settings, then insert a sender email.
Figure: activate an Alarm tone
It can also activate an Alarm tone once a rule is matching. To do this, just click on Options -> Alarm Tone Settings. We can enable or disable the Alarm and also select a tone to be played.
Figure: realtime Packet
In the realtime Packet view we can see what just arrives at the System and have a look at the raw packets. Click on File -> Realtime View and hit the Start button. It only works if the IDS have been started!
We can view the current Network connections to Computer. Click on Statistics -> Network Stats to view the current active connections.
Focus on: Peer-to-peer system vulnerabilities
Peer-to-Peer, commonly referred to as P2P, is an encompassing term that includes computer systems directly connected to each other or communicating with each other via a network. A P2P network forms when a number of users ("peers") with network connectivity each initiate a particular P2P application on their computer.
Figure: peer-to-peer model
Five Common Vulnerabilities of P2P Network:
The full idea of P2P is based on concerning to a star else in order to share files.
(2) Data corruption:
This is less ordinary with BitTorrent and Ares, as they tender native methods of inspection data integrity during reaction. It's still a problem with a lot of P2P applications. Even in programs that do hold data integrity inspection, sporadically downloaded data can be besmirched.
(3) Bandwidth shaping/throttling:
The most ISPs are clever to the P2P concept. It does not tell apart between one person downloading the latest Adobe programs illegally and another person downloading a legal Linux distribution.
(4) Signal to noise ratio:
It is nearly impossible to tell a justifiable copy of a desired file from a fake one, or worse, when downloading files. That is dirty with a virus or other malware. To the skilled eye, it is easy to stain these things in the wild.
Many common P2P programs come bundle with spyware, adware or a different form of unanticipated and undesired software. Also, the vast majority of common P2P programs require precise network and firewall settings to role properly.
b) Peculiar Vulnerabilities to the P2P technology:
Denial of service attack:
Denial of service attack is an attack by an intruder that prevents a computer system from providing a service. It is known as DoS attack.
A denial-of-service attack will typically involve opening and dropping a large number of TCP/IP connections very quickly so that the target system spends all its time dealing with the connection overhead to the point that it cannot respond to valid user requests. Other attacks may exploit known software security holes to crash servers. Though there are a lot of arrivals of DoS in P2P networks it is a straightforward deluge.
Figure: Denial of service attack
A denial-of-service attack is much easier to execute than an attempt at unauthorized access, because the denial-of-service attack never actually requires access to the system.
Acronym for Write Once Read Many. IT is unlike a virus. A high-capacity optical storage device that can only be written to once, but that can be read a number of times. A worm manufactures very noteworthy fear to P2P networks.
WORM devices can store huge amounts of data, as much as 1 terabyte, are highly reliable, and are well suited to archival and other no changing storage.
With the sheer volume of computers infected, legitimate network traffic came to a screeching halt.
Worms can also be prevented by installing and updating antivirus clients.
3. Man in the Middle Attack:
A from of the attack intruder intercepts messages between parties in a public key exchange. Each party's messages are diverted to the intruder, who may alter them before sending them on. The parties on each end of the exchange remain unaware that their messages are being intercepted and modified.
Figure: Man in the Middle Attack
By installing a network sniffer or another software analysis program, the cryptanalyst might be able to intercept the encryption key as it is sent over the network.
Countermeasures a rounds to defend against attacks in P2P:
There are many attacks available in P2P network but there are countermeasures rounds to defend against attacks in P2P. THREE of the vulnerabilities described above in parts (a) and (b), detail the countermeasures that could be implemented to defend an enterprise from potential attacks are given bellow:
Prevention of DoS Attack:
First look up to secure DoS attack is observes this attack. But the cyphers of this range of attack are very analogous to high network misuse. It is very problematic to hunk this since a large number of nodes may be pretentious. The technique to protect this attack is to slow down it extremely. This scheme is well-known as "Pricing".
When the attacker needs to appeal something of some node, the node responds with certain sort of computationally severe puzzle. Then, the attacker necessity resolves this puzzle and provides a valid response before the request is even familiar. Some preventing way is given bellow:
Applying Decent Security policy in network/machine.
Install IDS on gateway/hosts to attentive us when somebody effort to snort in.
Setting up a firewall which does entrance and outlet filtering at Gateway.
Checkup network on a usual basis to see that our network is vulnerable to attacks.
Regular Audits on all hosts on the network to find installation of DDOS tools / vulnerable applications.
Instrument security events on hosts in the network.
Prevention from Worm:
The key knowledge to protect against worm is to save the program itself secure. Without this corporate vulnerability the worm could not spread as successfully through the network. One proposal that was agreed was to write P2P clients in muscularly typed languages, which could evade many security faults like bumper excesses. Anti-Worm program or software can be installed in the system to protect from the Worm. There is several ways to help avoid getting dirty by computer worms:
Expending Firewall and continuously turned it on.
Possession operating system up-to-date through security updates.
Using worry before open e-mail connections.
Using updated antivirus software from a reliance source like AVG.
Prevention of Man in the Middle Attack:
The key method of defensive against Man in the Middle Attacks is creation them as useless as probable. Using some kind of vital node like a Certificate Authority (CA) or an indexing server or a super node which controls a cluster a Man in the Middle attack can be banned up to certain unit.
Different blockades against Man in the Middle Attack attacks apply proof techniques that are stance on:
Public key infrastructures.
Stronger shared verification, such as:
Secure channel authentication etc.
Vulnerabilities of THREE different P2P applications:
The three P2P applications that I have chosen these are given bellow:
Kazaa is become very popular for its features. Using Kazaa it is probable to give-and-take music files, videos, documents and applications.
Buffer overflow in KaZaA Media Desktop 2.0 let detached assailant to basis a denial of service and possibly implement unaware code done a response to the ad server.
Kazaa Media Desktop 2.0 launched advertisement in the Internet Explorer local security zone, which lets remote assailants to view local files.
B3d kind all add-ons started from different web pages. Just similar it pop-ups these advertisement.
iMesh is a video, music and file sharing P2P application. It is preserved by american company iMesh.
Possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
Buffer overflow in iMesh allows remote attackers to execute arbitrary commands via a long string to the iMesh port.
Napster is a video, music and file sharing P2P application.
Buffer flood in the Napster client beta 6 decide to distant attackers to basis a denial of service consuming an extended message.
The gangster and knapster clients for Napster do not properly control access only to MP3 files, which permit remote attackers to interpret unfamiliar files from the client by finding the complete pathname for the file.