This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The topology and placement of hosts within the network, the selection of hardware and software technologies and the careful configuration of each component are the important factors which are to be considered to build and achieve a well secured network.
SECURITY TECHNOLOGIES INVOLVED IN NETWORK MODELING
The daunting task of securing a network infrastructure is divided into manageable sections in the proposed Network Security Model ( NSM). The development of the OSI model brings unity in the architecture of network as such unity can build in securing networks with the emergence of Network Security Model. The NSM is used to fix and locate an underlying issue if an attack has succeeded on a network. There are three different layers in networking model .Any network security can studied ,implemented and maintained using a well - structured NSM. The network modeling have three different layers .
DIFFERENT LAYERS IN OSI MODEL
ACL (Access Control List)
Data link layer and Network layer
Presentation and session layer
ACL (Access Control Lists):
Access control list identifies each object security attribute. An entry for each system user with access privilege is provided by Access Control Lists. Security attribute provides a list of objects and user access privileges such as read , write or execute , and users who have access it. Security attribute is unique for each object. Access control list will be in the form of table which provides the detail about the particular system object user such as individual file or file directory to a computer operating system. ACL gives permission and ignorance to the host to access in the network. It will be easy to control the attack if the Access Control Lists are strong. The power to provide permission and ignorance to traffic resource those who are allowed or not allowed to view for other networks is provided by the access control lists. It limits the network traffic by which the network performance is increased. By restricting the delivery of routine updates, traffic flow control is maintained by ACL. It acts as an additional security which controls the type of traffic forwarded or blocked by the router Hence this access control list acts as the main part in layers of networking model .
ACCESS CONTROL LIST TYPES:
1. Standard access-list
2. Extended access lists
3. Masks access lists
ACCESS CONTROL LIST BENEFITS:
1. It is very simple to implement
2. It is well mapped to our organizational structures.
3. It is well known.
4. It is very easy to explain
ACCESS CONTROL LIST DRAWBACKS:
1., and the security system can be broken if checking is missed anywhere.
2. Any program can be broken down with super user permission.
3. It is unable to support delegation.
PN (Virtual private networks):
The secure transmission of data to unsecured networks is provided by a Virtual Private Network (VPN).Using a virtual private network remote sites and users can access their network information without the cost connected with long distance calls or leased lines .A privacy in YPN is maintained using security procedure s and tunneling protocols. A foreign protocol travel across a network by wrapping inside the host network pockets is enabled by tunneling. An additional security is provided through encrypting the data by security protocol before transmission.
1. Site-to-site VPN
2. Remote access VPN
Protocols used by VPN:
VPN use three different types protocol .They are,
1. PPTP (Point-to-Point Tunneling Protocol)
1. L2TP (Layer Two Tunneling Protocol)
3. IP Sec (Internet protocol security)
Benefits of VPN:
1. The information can be accessed remotely to any other place using VPN.
2. The data is kept secured and encrypted when we connect the network through VPN.
DRAWBACKS OF VPN:
1. VPN devices are not completely fault tolerant even though there are efforts underway to address this issue.
2. While implementing VPN there are diverse choices.
The user -defined group of stations are limited using secured ports. The part of securing the port is defined as the size of address table .Any pocket with the source of addresses provided by us will not be forwarded to any outside group of addresses when you share secure addresses to a secure port. The full bandwidth of the port is offered as security to the work station when there is only one address table with only one address outside the group of addresses.
Intrusion detection technology (IDS) is commonly an extension of Intrusion -Prevention Technology. An art of detecting inappropriate ,incorrect or unknown activity is known as Intrusion Detection. It is used to determine whether a computer network or server has experienced an unauthorized intrusion or not. It is used to disconnect the connections having unauthorized data and drop packets of data in prevention system.