Network Security

Business Network Threats and Their Effects

There are essentially two kinds of network threats that business organizations have to guard against:

Disruptions

Disruptions can be referred to as loss or reduction in network service. For instance a network switch might start malfunctioning leading to a breakdown of a part of the network. Although the part that has not been affected will be functioning perfectly, but the organization will have to replace immediately otherwise there would be a loss in employee productivity. For example finance manager failing to retrieve the information regarding the upcoming project.

A virus could also lead to disruptions. For instance, an employee opens an email from an unknown sender. A virus could prove to be very fatal and may result in loss of valuable time on part of the employees(s).

Natural calamities can also lead to disruptions. Fires, flood and earthquakes are common examples. It is good idea not to have company headquarters in areas that are vulnerable to such calamities.

Unauthorised Access

Unauthorised access is basically gaining access to organizational data files and resources, which you are not supposed to have an access to. Common term used for such offenders is hackers. Unfortunately in most of the cases the hackers are organizations’ own employees and can do a significant amount of damage to the organization if that valuable piece of information is leaked to organization’s close competitors. If the hacker happens to be a competitor, he can do an unimaginable amount of damage to the organization. He could access all the information regarding the latest products, which are under development, sales figures, company’s strength and weaknesses, financial position, future plans and a lot more.

There are several types of unauthorized access. They are discussed briefly discussed.

Trojan Horse Programs

Trojan horse programs are a common way for intruders to trick business organizations into installing "back door" programs. These can allow intruders easy access to organizations computer without its knowledge, change system configurations, delete files, changing any files the user can modify installing other programs with the privileges of the user, such as programs that provide unauthorized network access or infect the computer with a computer virus. Trojan horses, may have consequences for the other systems on your network. Particularly vulnerable are systems that transmit authentication material, such as passwords, over shared networks in clear text or in an encrypted form. This is very common. If a system on such a network is compromised via a Trojan horse (or another method), the intruder may be able to install a network sniffer and record usernames and passwords or other sensitive information as it traverses the network. Our university was a victim of this type of unauthorised access. Intruders who happened to be former students actually broke into the system using back door programs. In the wake of this event the server remained down for about two weeks.

Denial-of-Service (DoS)

Denial-of-Service attacks are probably they the easiest and most difficult to track. The main task is to send more requests to the machine than it can handle. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 30 requests per second, and the attacker is sending 60 per second, the host will be unable to service all of the attacker's requests and this will lead to obvious problems. As we are all aware that in the past month, the hotmail started to malfunction and it continued for about 5 days. When anybody tried accessing their account they were denied access.

Email spoofing

Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Packet sniffing

A packet sniffer is a program that captures data from information packets as they travel over the network. That data may include user names, passwords, and proprietary information that travels over the network in clear text. With perhaps hundreds or thousands of passwords captured by the packet sniffer, intruders can launch widespread attacks on systems. Installing a packet sniffer does not necessarily require administrator-level access.

Measures Against unauthorised access

Formulating a Network Security Policy

The first step towards securing the network is establishing the network security policy. A network security policy gives an overview as to what parts of the network need to be protected and the network threats that organization’s network might be exposed to. The network policy should talk about the code of conduct for the employees with regards to network security. It should give a clear plan for employee training on security matters. It imperative that the network policy is made available to all the employees who are going to have an access to the organization’s network.

Components of a Network Security Policy

Following are the components of the security policy. They are discussed in detail later in the report.

Physical Security

This component of the security policy gives the ways and means, which would ensure that the business organization’s network facilities and hardware are protected against unauthorized access. It gives guidelines for other matters such as which employees will be granted access to the network facilities.

Network Security

The network security component gives details of the security measures that would enure safe networking. Firewalls, network auditing, remote access, directory services, Internet services, and file system directory structures are some of the security measures and are discussed in the following section.

Access Control

This component determines the scope of access that different employees have to network facilities. It aims at ensuring that only appropriate people are allowed access to the networking facilities of the organization. A Good access control helps administrators to do their tasks efficiently.

Authentication

Authentication is the process of proving to the system that the user actually is who he claims to be. Authentication can take various forms for example, passwords, authentication cards and biometrics. These are discussed in the following section.

Encryption

Encryption is a way to prevent unauthorised access. Encrypted messages are extremely difficult if not impossible for intruders to intercept. Such protection is essential when public networks, for example the Internet, are used to access the organization’s system.

Key Management

Keys are tools that are used to encrypt and decrypt messages. Key Management is an important issue. A key management policy addresses various issues of crucial importance. For example how long should the key length be and how often should the keys be changed.

Compliance

The compliance section outlines how the network policy would be implemented. It also states the measures and the methods that would be used to track down the breaches of the policy. It also states the penalties on violation of the network policy.

Acceptable Use Policy

This component of the network security states how users are expected to use network resources. For example the measures that have to be taken when accessing organization’s system from an insecure network and when encryption has to be done.

Software Security

The software security component of the network policy section gives directions on the use of commercial and non-commercial software. It also identifies the personnel who have the authority and to purchase and install software and the guidelines that have to follow while downloading software from the Internet.

Developing User Profiles

The network manager of the business organization should assign each user a network profile. Each user has a separate user account and profile. The network profile states explicitly the data and network resources each user has an access to. Passwords have been in use for a long time to identify a particular user, but statistics prove that passwords do not ensure complete security. A good way to deal with this problem is to have a device that has to be used along with the password to access a system, for instance magnetic cards. A good example is the EFTPOS, the customer has to swipe the magnetic card and then punch in the password to pay for his/her shopping.

Another good use of the user profile is that user’s access to the system can be controlled. For examples, the number of days and geographic locations he can log on from. The network manger can take additional steps to ensure security like limiting the number of login attempts.

It is extremely essential that the network manager is aware of any user(s) who leave the organization so that their access privileges cease to exist. There have been instances when the employee(s) were fired and they still had an access to organization’s system. This can prove to be very fatal if the ex-employees decide to join hands with organization’s close competitors, leaking vital information or enabling them to have an access to the system.

Using biometrics

Biometric authentication analyses some part of the user body to ensure that the person is who he says he is. Finger print analysers are inexpensive and effective. On the other hand iris analysers can also be used although they are more reliable, but relatively expensive. Biometrics is one of the most sophisticated methods of authentication, currently in use in some of the affluent organization like FBI.

Updating the operating system

Almost all the operating systems that are being used are not fully secure from intruders. For example the Unix systems are known for their vulnerability to the hackers. The weak areas or “holes” that make the operating systems susceptible to attack from intrudes are often documented and can be gotten rid of by using techniques that are available in the market. The network manager needs to monitor these potential threats very closely. The network managers should be up to date with the latest developments in the operating systems so that business organization’s systems can be upgraded well in time.

Since the competing organizations most probably use the same operating system and may be fully aware of all the weaknesses, thus the organization needs to be pro-active rather than reactive.

Taking care of the network access points

The top management has to make a profound analysis of all the ways through which the network can be accessed. The hardware, software and network devices have to be very secure from any type of misuse. Only authorised personnel should have an access to these facilities.

Allowing the users to access the system from remote locations via dial in modems is a threat in itself. This opens a world of opportunities for the hackers to get  into organization’s system.

A very effective strategy to deal with this problem is to use dial back modems discussed late in the security devices’ section. Another technique is to use one-time passwords. In this case the user’s passwords is changed automatically every time he logs on. A number of ways can be used to send the new password to the user, for example, a pager.

Security Measures when connected to the Internet

Connecting the corporate network to the Internet. Hackers have the capability to make use of the Internet so as to access the internal computers of the business organization. In this age of intense competition an organization cannot afford to disconnect it’s network from the Internet as it gives a major competitive edge to its competitors. An organization can chose to disconnect some of the applications from the Internet to enhance security; nonetheless Internet is essential to compete effectively. Firewall is one of the tools that can be used as a security measure.

Firewall

A firewall is an effective measure to guard against threats from the Internet. A firewall is essentially a computer that intercepts every packet going into and out of the corporate network, only authorised traffic, as defined by the security policy of the organization, is allowed to pass through it. In simpler terms we can say that firewalls guards the trusted network (the corporate network) against the un trusted network that is the Internet.

The network manager should make sure that a firewall exists between all network connections between the firewall and the Internet. There are two types of firewalls:

Packet Filter firewalls

A packet filter analyses the contents of the fields in IP packets so as to find the source and the destination addresses. If they are acceptable then the packets are allowed to move into or out of the corporate networks.

There are some drawbacks using the packet filters. The packet filters are the simplest kind of firewalls. They do not analyse the contents of the packets to ascertain what type of information is contained in them or the reason for their transmission into or out of the corporate networks. The packet filters are vulnerable to spoofing, discussed earlier. The intruder can change the source address on the incoming packet to an address that is being used inside the organization. This ensures that the packet filters would not filter the packets and the chances of getting the messages into the corporate network are very high.

Application Firewalls

Application firewalls are more complex than the packet filter firewalls. They provide a safety barrier between the corporate network and the Internet. Each user has a profile on the application firewall. To be able to access the corporate network from the Internet the user has to login to application firewall. Similarly, if an internal user wishes to connect to the Internet, first the user has to establish a connection with the application firewall and the application firewall then connects the user with the required World Wide Web on the Internet.

 In case of the application firewalls a user can have an access to the corporate network if the user has been authorised. Many application firewalls do not allow the external user (users accessing the corporate network through the internet) to upload executable files. This essentially means that for the user to modify the software he has to login from the corporate network.

A particularly useful type of application firewall is the proxy server. The proxy server works on the principle of address translation or address mapping.

Every time a computer in corporate network accesses any computer on the Internet. The proxy server alters the address on the outgoing packet to a new address. The proxy server receives all the messages that the external computer sends. After receiving the messages the proxy server ascertains whether the messages should be allowed to access the corporate network or not. If yes then the destination address of the internal computer is put on the message and the message is send into the corporate network. Proxy server ensures that IP address of the internal client PC never becomes visible to the world outside the firewall.

There is drawback of using the application firewall. Since this type of firewall has to perform a number of tasks it can slow down the corporate network.

Physical security of the network

Network cables and devices are susceptible to unauthorized access. The cables that lie in the vicinity of the organization should be well taken care of. The rooms that house the network devices, for examples hubs and bridges, and switches should be locked and guarded by security devices such as alarms. A “sniffer program” program can easily be installed in an insecure hub to keep track of the traffic.

A useful device that can guard against this type of intrusion is a secure hub(designed for Ethernet networks). A unique authorization code has to be entered before attaching any additional device to the network.

Encryption

One of the most effective ways to prevent unauthorized access is encrypting the information of the message. Encryption is a process in which a message, referred to as plain text, is transformed into an unreadable format, ciphertext, so that an interceptor is not able to grasp the message as it travels through the network. On reaching its destination the message is decrypted or converted back to plain text.

There are two fundamental constituents of encryption, the encryption method or the algorithm and the key. The algorithm comprises of the step that encrypt the whole message. The encrypting key is of primary significance. It is shared by both parties and used to encrypt and decrypt the message. Using different values for the encryption keys with the same method will give different outputs. The strength of encryption depends on the length of the encryption key.

There are two general encryption methods:

-Symmetric Key Encryption

This is the simplest kind of encryption. Both communicating partners use the same key to encrypt or decrypt the message. The major drawback of using this type of encryption is that the key has to be kept secret otherwise messages can be intercepted by intruders. A business organization would not want all the companies to have access to the information that is sent to a particular recipient. for example the organization may be offering discount rates to one of its partners in exchange for something and this has to kept secret from other partner(s) for obvious reasons. This essentially means that there would be a separate key for communicating with each one of the partners.

-Public Key (asymmetric) Encryption

This type of encryption is a lot more secure than the symmetric key encryption. Essentially there are two keys involved, the public key and the private key.  Each one of the communicating partners has a private key. All interacting parties know the public keys for all of these private keys. The message(s) are encrypted using the public key of the target recipient. Once it has been encrypted it can only be decrypted using the private key of that particular recipient. Therefore, no one apart from the recipient can decrypt the message, not even the sender because the sender does not have the private key. The public key encryption can also be used for authentication, also referred to as digital signatures. It works on the principle that text that has been encrypted with either one of the keys can be decrypted using the other key. This further ensures security.

This makes the task of encryption very easy for the business organization. There is no need for going through the tedious process of exchanging the keys before a message is transmitted. There are some drawbacks though. First and foremost is the speed since the process is complicated it is very slow and therefore can be used effectively when short messages have to be transmitted.

Monitoring The Network

The network manager should make sure that “awkward events” do not go unnoticed. A considerable number of attempts to log to the account of user(s) or a dramatic increase in the number of accesses to any of the user accounts are examples of awkward events. The network devices and hardware should also be checked on regular intervals. The rules should clearly forbid all kinds of unauthorised accesses to the network state strict penalties in case violation is done.

Some useful practices

• Making regular backups of important data
• Disabling scripting features in email programs
• Disconnecting from the network when not in use
• Patching all applications and software patched
• Avoid running programs or opening email attachments of unknown origin
• Don't put data where it doesn't need to be
• Avoid systems with single points of failure

Secure Network Devices

Following are secure network devices.

Secure Call-Back Modems

There are some remote access systems that have the feature of a two-part procedure to establish a connection. The first part is the remote user dialling into the system, and providing the correct user id and password. The system will then drop the connection, and call the authenticated user back at a known telephone number. Once the remote user's system answers that call, the connection is established, and the user is on the network.  Due to rapid advancements in networking design and technology the secure call-back modems are not very common.

Crypto-Capable Routers

These routers have the ability to carry out encryption between specified routers. Because traffic travelling across the Internet can be seen by people in the middle who have the resources to snoop around, these are advantageous for providing connectivity between two sites, such that there can be secure routes.

Virtual Private Networks

A VPN is a private connection between two machines or networks over a shared or public network. In practical terms, VPN technology lets an organization securely extend its network services over the Internet to other offices and partner companies. Thus, a communications link can be established done quickly, cheaply, and safely.

As we know, Internet is fairly insecure since data packets travelling the Internet are transported in clear text. Consequently, anyone who can see Internet traffic can also read the data contained in these packets. This is clearly a problem if companies want to use the Internet to pass important, confidential business information.

In case of VPN instead of packets crossing the Internet out in the open, data packets are first encrypted for security, and then encapsulated in an IP package by the VPN and tunnelled through the Internet. The VPN can be made more secure by making use of an authentication process to ensure that the connecting user has the rights to enter the destination network

Cost-effective, secure and reliable alternatives to private line networks are the key to ISP success. VPNs also provide networked-based features and management capabilities not usually found in private networks. VPNs clearly provide a cornerstone of corporate requirements and those customers will increasingly seek VPN solutions from ISPs.

Conclusions

In every age human always tried to take tighter security steps but every time, somewhat, some people do bad things by breaking the security. Banks had locks but burglars invented tools to break locks. Nowadays infrared technologies are used but still they can bypass that as well. In a similar way, on networks whatever security you do there are some hackers who are keen to break into the system. It is the human nature, whatever he is not allowed to do, he always does the same.

A good way of implementing and carrying out the security procedure is to take the employees into confidence. The support of the employees who are going to live with what is implemented is vital. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand what can be improved It is imperative that the business organization maintains state of the art technical tools to combat security threats. It should be ensured that the organization does not compromise by weaknesses in the systems of its collaborative business partners. The security rules and procedures are kept simple enough so that the organization’s employees adhere to the rules. The network manager should be in touch with the top management, communicating what is being done and why so that he has all the support he needs. The results of all actions that have been taken with regards to the security should be regularly audited and tested for weaknesses.

References

Network Security Library. Available online:  [05/10/2001]

Writer (2001). Topic. Business data communication and networking.

Cert Coordination Center. Available online:  [04/10/2001]

Network Magazine.Com. Available online:  [09/10/2001]

ZDNet’s Research Center. Available online:  [02/10/2001]