This paper will introduce the concept of networks that we have nowadays. It will then discuss the main threats and security issues that can exist for our networks and the counter measures and any proactive measures where applicable. In other words, the purpose of this piece of work is to analyse the different types of network that exist in the business sector and personal home networks and discuss on how it is exposed to threats that exist and any precautions that needs to be taken.
A Computer Network is an interconnected group of autonomous computing nodes which use a well-defined, mutually-agreed set of rules and conventions known as Protocols, interact with one-another meaningfully and allow resource-sharing preferably in a predictable and controllable manner. Study of methods of analysis of security requirements and needs of such systems and consequent design, implementation and deployment is the primary scope of the discipline named as Network Security (S. Subasree and N. K. Sakthivel, 2010).
Security is often viewed as the need to protect one or more aspects of network's operation and permitted use (access, behavior, performance, privacy and confidentiality included). Security requirements may be Local or Global in their scope, depending upon the network's or internetwork's purpose of design and deployment. Criteria for evaluating security solutions include ability to meet the specified needs / requirements, effectiveness of approach across networks, computing resources needed vis-à-vis the value of the protection offered, quality and scalability, availability of monitoring mechanisms, adaptability, flexibility, practicability from sociological or political perspective economic considerations and sustainability. Security Attacks compromises the information-system security. Active attacks involve active attempts on security leading to modification, redirection, blockage or destruction of data, devices or links. Passive attacks involve simply getting access to link or device and consequently data. Security Threats are those having potential for security violation. Security Mechanism is a mechanism that detects / locates / identifies / prevents / recovers from "security attacks". Importance of identification of sources cannot be underestimated. Strategic importance applies to planning, preventing and / or countering whereas other variety of importance is with respect to Sensitivity-analysis and Economic-impact-analysis and pro-active protection. Network security monitoring approaches can be either Log-based or Agent-based type; whereas Non-monitoring approaches can be either Model-based or Experimental Replication-based.
The number of information security breaches has been on the rise during the past several years. Computer systems have been under attack by hackers through using several techniques including malicious software attached to email. According to the literature, malicious software attached to email accounts for the majority of computer breaches. There are various estimates about the cost of damage, but the most recent statistics is stated to be in the range of billions of dollars for 2002 alone. Some suggest that computer security issues we have seen to date might be the tip of a very large iceberg, and it is urgent that organizations take measures to safeguard their networks. Yet, firms' budget allocations appear unaffected by the accelerated rate of computer security incidents. Companies have been slow in spending more money and adopting strategies to secure their information resources. There is a trade-off between security and the budget allocation, and organizations are having difficult times to find a balance. The initial step in the process of finding a balance is to conduct an analysis of the existing security situation and to understand where the company stands on the information resources risk (Marzie Astani and Mohamed Elhindi, 2004).
In order to have security, we must sacrifice a certain level of convenience for a measure of discipline. This promotes systems with predictable behavior, where one can arrange to safeguard the system from unpleasant occurrences. To develop computer security by assuring predictability, we have to understand the interrelationships between all of the hosts and services on our networks as well as the ways in which those hosts can be accessed. A system can be compromised by firstly, physical threats like weather, natural disaster, bombs, power failures, etc. Secondly human threats like cracking, stealing, trickery, bribery, spying, sabotage, accidents. And thirdly, software threats like viruses, Trojan horses, logic bombs, and denial of service. Protecting against these issues requires both pro-active (preventative) measures and damage control after breaches.
Basic elements of security that should be considered are confidentiality (restriction of access), authentication (verification of presumed identity), integrity (protection against corruption or loss, trust (underlies every assumption), availability (preventing disruption of a service) and non-repudiation: preventing deniability of actions.
For a computer to be secure it must be physically secure else disks can be removed, sophisticated users can tap network lines and listen to traffic, the radiation from monitor screens can be captured and recorded, showing an exact image of what a user is looking at on his/her screen or one can simply look over the shoulder of a colleague while he or she types a password. The level of physical security one requires depends on the sophistication of the potential intruder, and therefore in the value of the assets which one is protecting. Cleaning staff have keys to the building, so locking an office door will not help here.
Assuming that hosts are physically secure, we still have to deal with the issues of software security which is much more difficult. Software security is about access control and software reliability. No single tool can make computer systems secure. Major blunders have been made out of the belief that a single product (e.g. a 'firewall') would solve the security problem. The bottom line is that there is no such thing as a secure operating system. What is required is a persistent mixture of vigilance and adaptability. The following table shows the main type of threats.
Types of threat
Unauthorized party (person, program, system) gain access to an asset
Illicit copying of program/data files or wiretapping
Attack on confidentiality
Interruption(Denial Of Service - DoS):
Asset lost, unavailable, or unusable.
Malicious destruction of a hardware device, erasure of program/data or cutting communication wire
Attack on availability
Unauthorized party not only access but tampers with asset
Change values in DB, alter program so that it performs additional computation, modify data being transmitted
Attack on integrity
Intruder inserts spurious messages to a communication or add records to a database
Attack on authenticity
Table 1 - Types of threats
Some more examples of attacks are data diddling, spoofing, eavesdropping, denial of service, SYN attack, smurf attack, teardrop attack and e-mail related like virus, Trojan and worm. Passive attacks are very difficult to detect, because there is no overt activity that can be monitored or detected. Example of passive attacks would be packet sniffing or traffic analysis - gathering info - used later in active attacks. Active attacks employ more overt actions - easier to detect, but much more devastating to a network. For example denial-of-service attack or active probing of systems and networks and data tampering. Sniffing is the capture of network traffic like passwords, usernames, IP addresses and message contents. Many commercial, freeware, and hacker-ware sniffers are available. Just to mention a few, Etherpeek, WinDump, Ethereal, sniffit, snort, trinux and Snmpsniff. Primary countermeasure to sniffing attacks is to use encrypted traffic. Radiation involves the detection, capture, and recording of radio frequency signals and other radiated communication methods, including sound and light. War Driving is using an attack tool to penetrate wireless systems from outside the facility where the wireless system sits. A wireless Ethernet card set to work in promiscuous mode is needed to War drive, and a powerful antenna - to remain at a distance. Social Engineering is the attempt by an attacker to convince an employee to perform an unauthorized activity to subvert the security of an organization. For example, exploiting the weakness of human nature to get someone to hand over their credentials to you from either peer pressure or trickery. This is often successful due to lack of security awareness. Dumpster Diving is digging through the refuse, remains, or left-overs from an organization or operation in order to discover or infer confidential information. Denial of Service (DoS) is depriving an organization of resources e.g. mail server, Web server, or database server. Most often, DoS attacks are caused by flooding - sending more data or TCP/IP packets to a resource than it can handle. Other types of DoS include locking an account after a set number of failed login attempts or causing a system to reboot because legitimate account reboot. Owner cannot log in to the system. Many methods exist to launch DoS attacks and more are discovered every day."Ping of Death" attack is a TCP/IP command that simply sends out an ICMP packet to a specified IP address or host name to see if there is a response from the address or host. Attacker sends an oversized Internet Control Message Protocol (ICMP) packet (65537 bytes) to a system - if OS process packet before checking size - unpredictable results occur.
Now, after knowing the different types of attacks, let's now find out the types of attackers. A hacker is someone who is knowledgeable and curious about computers. Hackers like to know how things work - break into systems to see whether they can (holes exist?); intent is not malicious. They are hard to catch because they cover their tracks so well. A cracker is a hacker with malicious intent - attacks personal (vengeance), defacing Web sites, creating DoS attacks, & corrupting data. Dangerous & hard to catch - hide their tracks very well. Script Kiddies is a recent phenomenon. Someone with lack of knowledge is most dangerous because they blindly run scripts against targets without understanding their full impact but they are easy to catch. Typical attackers are firstly malicious insiders. The biggest threat is from inside where unhappy employees know the system and have access to information and resources. Secondly, industrial espionage is rapidly growing. Companies hire attackers to break into competitors' systems to gain information on new product releases, financial standing, contracts, etc. They are highly skilled, well paid and difficult to catch.
According to All Business website, businesses use networking to connect their employees to one another and create a productive shared work environment. However, in their haste to get the network up and running, some businesses do not take the time to make sure all security measures are in place. Here are a few common network security mistakes.
Improper password use. Passwords are the simplest form of security. By leaving passwords blank or simple (i.e., password or admin), unauthorized users are practically invited to view sensitive data. Passwords are more secure when they contain both letters and numbers in a combination of upper-case and lower-case characters, and they should be changed periodically.
Lack of education. Educate users in the use of their software, especially with regard to e-mail, attachments, and downloads. They need to know exactly what kinds of threats are out there. Uneducated computer users are often those who fall victim to viruses, spyware, and phishing attacks, all of which are designed to corrupt systems or leak personal information to a third party without the user's consent.
No backups. Laziness is one of the biggest security threats. It's considerably more difficult to completely re-create a crippled system than it is to take the time to create proper backups. Create backups often, and do not immediately overwrite them with the next set of backups. In addition, make copies and keep them off-site in case of emergency.
Plug and surf. Unfortunately, computers are not designed to be connected to the Internet straight out of the box. Before a phone line, Ethernet cable, or wireless card is anywhere near a new computer, install a line of defensive software. Ideally, this should include virus protection, multiple spyware scanners, and a program that runs in the background to prevent malicious software from ever being installed.
Not updating. What good are all those virus and spyware scanners if they're not updated? It's crucial to update what are called the "virus/spyware definitions" every week. This keeps the scanners up-to-date to detect the latest malicious software.
Ignoring security patches. Security holes may exist in your operating system. No software is perfect. Once an imperfection or hole is found, it's usually exploited within a very short period of time. Therefore, it is imperative to install security patches as soon as possible.
Trust. Ads on the Internet have become devious and deceptive. They now appear as "urgent system messages" and warnings designed to scare users into clicking. As a rule of thumb, if a popup window contains an ad claiming to end popups, chances are it's a scam of some sort.
Not using encryption. Encryption is especially important when dealing with banking and credit cards. Storing and transferring unencrypted data is the equivalent of posting that data for everyone to see. If you're not comfortable implementing encryption technology, have an IT specialist assist you.
Trying to do it all yourself. Setting up a network, applying proper security measures, and downloading and installing software can be tricky. Large companies have IT departments. Small business owners should also ask for advice or even hire help. It's worth the extra cost.
Proper instruction. Security measures are most effective if everyone is aware of how the system operates. Give employees a brief overview of the security measures they're expected to follow.
Other measures are locking the front door, minimize network presence, using strong passwords, install security patches regularly, backup computer data, encrypted login, use network firewall, use switched Ethernet, share files correctly, use anti-virus software, protect against email viruses, minimize open network services, run a security analyzer, do regular backups, apply special OS fixes, permissions, unused programs and monitoring.
Computer security attempts to ensure the confidentiality, integrity, and availability of computing systems' components. Three principal pieces of a computing system are subject to attacks: hardware, software, and data. These three, and the communications among them, constitute the basis of computer security vulnerabilities. In turn, those people and systems interested in compromising a system can devise attacks that exploit the vulnerabilities. To counteract the four kinds of attacks on computing systems: interception, interruption, modification, and fabrication, one should take proactive measures like using firewall, secure network, encrypt data before sending through the network.