The computer network security manager should be able to cooperate with the users of the network. This is crucial since without the cooperation of the users, the best security management cannot secure a network. There should be clear and strict rules regarding security.
A research in computer network security concludes that sources of threats to information security are: 75% insider, 20% physical matter, and 5% outsider [8]. It means that the users of the system are the most possible threat to computer network security.
To make the security system logical and easy to implement and to maintain, a management of security system is needed. In some organizations, security management is a department, which deals with security issues of the organizations. The management should guarantee that the implementation of network security is effective and efficient for the organization.
Every user should be unique
The writer put this principle in a sub topic, because of its importance. Unfortunately, even modern systems do not implement it strictly. As an example: One can log on concurrently in two or more workstations in the same network. This should not happen if the system uses the mentioned principle. A user who logs into a network should be unique, so that he/she should not be allowed to log into a same network concurrently. Of course, concurrent logon can be useful for some purposes, for example, for a network administrator to test the implementation of the network by log into some workstations concurrently, but this facility should not be available as a public facility and need authentication from a network administrator.
Cost of network security
Network security has its cost. The cost described in this section should be taken into consideration when one decides whether to implement network security or not. If one decides to implement network security, compromises should be arranged so that the cost can be tolerated.
Degrade performance of network
Network security may degrade the performance of a computer network. The implementation of network security may need hardware, software or both. The cost of the additional equipments to secure the network is degradation of efficiency. Additional software can make main software loads longer than it takes without additional security software. Another possible case is that an additional hardware makes a transfer of data take a longer route than without additional hardware.
Unfriendly
Network security may cause network to be unfriendly. Some cases of these types can be seen in some modern operating systems, such as UNIX. UNIX-based system is known for its security, but the cost of security is the usability. A novice user will be annoyed by the interface of UNIX-based system. The result of unfriendliness is degradation in efficiency and effectiveness. The user cannot use the system to achieve his/her main goals because the system is difficult to use. One should learn how to use the system properly and even though one has learned the using of the system, because of the unfriendliness, the usability of the system is low.
Financial cost
Network security may cost a lot financially. It is an obvious cost of the network security. One should take into account of the financial cost of the security. Good security software and hardware cost a lot. If one decides to develop the software and/or the hardware, the cost of the time, developer, and the process should also be taken into account.
Time
Network security may cost time. Time can be considered more valuable than money or as valuable as money. To build a network security system, time is needed. The maintenance and upgrade of the security system also cost time. If security problem occurs, the troubleshooting also costs time. More complex the network security system, more time is needed to build, maintain, and troubleshoot problems.
Special management
Network security may need a special management. A complex network security system needs a special management. This is important to manage network security system components so that they can interact and cooperate efficiently and effectively. A network administrator can also handle the special management of network security system, if the system is simple. This can reduce cost.
Security system approaches
Network security solution has its own risk, advantages, and disadvantages. It is a responsibility of a network security manager to be able to implement suitable network security solutions for a system. Some approaches are mentioned in this chapter.
Series of concentric circles (SCC) [3]
The system is imagined as a series of concentric circles forming layers of protection around computer data and resources. The outer ring represents the least security, the inner ring the most security. The real difficulty with the concept presented by Davidson and White is that it is too simplistic in light of modern technology [7].
Series of layers (SL) [8]
The system is imagined as a series of layers. The bottom represents the least security level and the top represents the most security level. It can be implemented easily using OSI layers because it uses layers to represent its model, but it cannot be implemented directly because in OSI layers, the bottom layer is not the least security level and the top is not the most security level. The series of layers should be implemented per layer in OSI layers.
Combination of SCC and SL
This approach is better than above approaches. This system can secure the network both horizontally and vertically. There are some overlaps in the application of this approach; the most inner ring in SCC is also the top of SL and the most outer ring is also the bottom of SL. This is a good approach, but difficult to implement because of its complexity.
Flexible
This is the best approach. The form of the network determines the security system approach. There are many considerations in these approaches, some of them are: network topology, communication protocol, type of information transmitted, budget, security level needed, etc.
Introduction to Firewall
The definition of firewall is a network node that filters packets in order to let only certain kinds of messages pass to and from computer network(s). Firewall can be used to block IP spoofing. IP spoofing is an act to go into a network by masking the IP of the allowed IP domain by the network. Some important notes are:
- A firewall is actually a computer. It is placed between internal network and outside/global network. It can also be placed in internal networks where access to some segments of the networks is security aware.
- Firewall is a must if a computer network is connected to a global or outside network and security is important.
- Firewall is a gate between global/outside networks and the internal network. It also provides several services such as access control, authentication, activity logging, and alarm warnings.
- Firewall will not protect a network from bugs, human error, and non-network attacks. If there is bug(s) in network software or firewall software, even the best firewall cannot protect it. Human beings do mistakes and because a firewall is only a computer with software, then the firewall only do exactly what the setter tell it to do without tolerance.
Firewall design consideration
Designing a firewall is a heavy task. The basics will be discussed in this section. In practice, a system security management will do the design of firewall. The design needs special training and experience with various types of firewalls.
Policy
It plays an important role. What kind of security level needed by using firewall(s)? How sensitive are the protected resources? The answer to these questions determines the policy needed by the implementation of firewall. Higher security level needs tighter and stricter policy than lower security level.
Checklist
The next step is making a checklist. Some checkpoints to be considered are: level of monitoring, redundancy, and control. Following the first step, the level of the checklist should be adjusted to the policy.
Financial
The main considerations in this step are: cost of firewall(s); including the auxiliary equipments, quality of firewall(s), budget, time to install, overhead, future upgrade cost, cost of support, cost of maintenance.
Traffic routing service
There are two choices in this step. One can place a traffic routing service at an IP level via router or at an application level via proxy gateways and services. The decision depends on the cost one can afford. Proxy machine provides a greater level of usability and high-level security, but it adds cost and decreases level of service that may be provided since a proxy needs to be used for each desired service.
Secure Protocol
This chapter discusses Secure Hypertext Transfer Protocol (SHTTP) and Netscape’s Secure Sockets Layer (SSL) as instances of secure protocol. The discussion is in introductory level than a deep discussion.
Secure Hypertext Transfer Protocol (SHTTP)
The protocol was developed to keep safety of on line transaction using Internet. It is a secure protocol over HTTP for identification. It provides a wide variety of mechanisms for confidentiality, authentication, and integrity.
SHTTP provides secure communication mechanisms between an HTTP client-server pair in order to enable spontaneous commercial transactions for a wide range of applications. It is designed to work with HTTP applications.
The protocol provides symmetrical capabilities to both client and server while preserving a transaction model and characteristics of HTTP. Equal treatment is given to requests and replies.
It does not require client-side public key because it supports symmetric key-only operation modes. It means that spontaneous private transactions can occur without requiring individual user to have an established public key.
HTTP authorization mechanisms do not support end-to-end secure transactions. SHTTP overcomes this problem. Client can initiate a secure transaction to support encryption of fill-out forums. No sensitive data need to be sent over the network in obvious form.
Netscape’s Secure Sockets Layer (SSL)
SSL is intended to provide a practical, application-layer, widely applicable connection oriented mechanism for Internet client/server communications security. It is divided into two layers. Lower layer provides services and functionality to higher layer.
SSL record layer provides confidentiality, authenticity, and protection over a connection –oriented reliable transport protocol such as TCP. SSL handshake protocol is layered above record layer. It initializes and synchronizes cryptographic state at the two endpoints. After it completes its session, sensitive application data can be sent via SSL record layer.
Network topology and security
Network topology is an important factor in computer network security. It should be taken into consideration when implementing network security solutions.
Server only running TCP/IP
A server that connects internal computer network with global/outside network can only run TCP/IP. Using this topology for implementing network security, TCP/IP packets go to server directly. The TCP/IP packets cannot go to the internal network any further since the internal network using another protocol.
This topology is a secure one. The worst case will be that the TCP/IP server be damaged by external attacks using TCP/IP protocol. The disadvantage of this topology is that the configuration between the gate server and the internal network becomes more complex.
Internal + server = TCP/IP
This is a least secure topology. The internal network and server that connects the internal network and outside/global network run on TCP/IP protocol. This opens a possibility from traffic from outside the internal network to penetrate the internal network using TCP/IP protocol.
To increase security, the routing should be turned off when turn off when configuring TCP/IP on a server. Router with packet filtering capability is needed in this topology. Firewall is a good solution for this. It can act as a router and have packet-filtering capability.
OSI network security
OSI is used widely to represent computer network into layers. In OSI network security, all network security services are handled in layer 7(application layer). It is done to make the administration easier. Some security services can be applied at almost all layers.
Location of security services in OSI layers [8] (modified):
One can see from the table that security is not needed in layer 5(session layer). This happens because the layer is used to set up a connection session.
Active threat
It is called active, because it can change or alter information in traffic, stored information, and the traffic itself. It can destroy, delay or alter stream of information. Active threat can be done using many methods. Some of the methods are: Trojan horse, IP spoofing, IP sniffing, etc. One needs special knowledge to do an action that can be considered an active threat. The damage level that can be resulted from this threat is as high as passive threat.
Passive threat
Reading information to gain knowledge can be called a passive threat. Passive threat does not change or alter information, data, traffic, etc. It only tries to gain knowledge by reading, sniffing, and analyzing.
Knowledge and information must be prevented. One solution is by encrypting the knowledge and information, but this is not enough. By doing traffic analysis, even though data can be encrypted, the attacker can still read the source and destination of the message by reading the packet header (in packet switched network communication). The type of encryption needed for more secure solution is end-to-end encryption.
Some other solutions for passive threat are:
- Use of special channel & devices (private network).
- Analyze statistic of total volume and the amount of traffic entering and leaving selected nodes.
- Generate continuous stream of random data so that it becomes difficult to distinguish between the real data and noise. The problem with this solution is the degradation of network throughput.
- Secure protocol; ex: Netscape SSL (Socket Secure Layer) and Secure Hypertext Transfer Protocol (SHTTP).
A glance at Windows NT security
In the United States, the security criteria Microsoft met is the C2-level criteria defined by the U.S Department of Defense’s Trusted Computer System Evaluation Criteria Document. This document is commonly called the Orange Book. The following are important C2 requirements:
- The system must identify and authenticate each user using a unique name and password, and track the entire user’s activities using this identification.
- Resources must have owners who can control access to those resources.
- The system must protect objects so that other processes do not use them without permission. This protection applies to memory locations, files, and other objects.
- The system must audit all security-related events, and it must restrict the audit data to all but authorized users.
-
The system must protect itself from external interference or tampering, such as modifications to the running system or to system files stored on disk [7, p.227].
Windows NT Security consists of:
- Local Security Authority (LSA), which controls user access permission
- Security Account Manager (SAM), which maintains user and domain database and validates user for LSA
- Security Reference Monitor (SRM), which checks access control entries of object and grants permission to user through LSA
- Logon process, which displays the initial logon interface. This security feature is not good in Windows NT. I had an experience when my account was locked. I did not do anything against the rules but my account was locked. I found out that there was neither violation nor problem with my account. Someone who attempted using my login account several times caused the problem. It was possible because after I logged off, the next user at the terminal I had used could know my user account after pressing Ctrl-Alt-Del and if he/she tried to fill wrong password three times, then my account will be locked automatically. A solution for this problem is easy. One can fill a fictive login account after log off, but it is still annoying though.
Trusted domain property is used in Windows NT security system. The advantage and disadvantage of the method are respectively:
- It can reduce authentication time so that the network performance is increased.
- An unauthorized user can breach the security of any trusted domain.
NTFS file security
Windows NT using NTFS file security to secure information stored. This is considered a secure solution for data. The access to data can be conditioned so that one needs authentication before using the data. The disadvantage of this solution is that NTFS File Security slows down performance of computer networking by checking request to access file.
E-mail
Popular E-mail protocols used today is Post Office Protocol (POP) and Internet Message Access Protocol (IMAP). POP is designed for “off-line” mail processing where the user does not change computer often and use the same computer and email client to do email processing. It can be used with multiple different computers with consequence that the messages will be sprinkled throughout the computers. IMAP, on the other hand, is designed to be used by multiple computers. The technology allows the message to be centralized, so that messages are not sprinkled when using several different computers and same account.
E-mail security is an important issue since the nature of e-mail can be private or personal. Unfortunately, POP and IMAP does not have any security facilities with it. It depends on the network security to secure the information. In practice, it is important to have security for e-mail protocol. Many organizations begin to implement paperless office, where one of the facilities used is e-mail. The information in an email can be confidential for a specific department, for example. This information should be protected from security threats, but there is no protection if the threat comes from inside the organization.
Network Security Needs
The most important security needs are describe as
- Confidentiality
- Reliability
- Integrity
A network should not allow any one to see confidential information without authorization. This requires a reliable way to identify users. It also requires that set up of a system like the government security clearness. Only certain people have access to certain kind of information.
Threats to network security
- Physical harm
- Natural disaster
- Mechanical failure
- Electronic signals
- External connection
- People
A network is physical vulnerable to intrudes and misuse. Some one enters in building and can steal important information or often find some important password and access to information.
Natural disaster means loss of data while destruction of building like bombing in world trade center not. In PC most critical mechanical device lies in hard disk. When it fails it destroys lot of data. Electronic component like power supplies also fails.
Network is also vulnerable when it connected with outside world. These include internetworking device like bridge, routers and modems. People working in side organization should not always access all the information in network. Many have wide range of access though because some assume they ought to have it.
Viruses cause some error and large of distraction. They also have found a profit motive. Some new kinds of viruses are more discriminating. They amid at specific targets and are designed to cause specific problems.
A new type of ‘‘cruise virus’’ or ‘‘attack software’’ enters a company ‘s network. Instead of causing random destruction this virus circulate in all network until it finds required target. It may broadcast confidential information or private communication, or it may sabotage the entire system.
A history of computer crime
Computer crime has been around for as long as there have been computers. A international security consulting organization, says unofficial report date back to 1940.The first official reported crime (prosecution) was took place in 1966.The technique of fighting crime were added to standard FBI course training in1976.
First bill for anti computer crime was introduced in1977. After 10 years and many more bills, the computer fraud and abuse bill Act of 1966 was adopted.
Security Plan For Network
Building a security plan
In security plan we have to do some preliminary steps. First of all we have to know the goal of security, which are
- To protect data from accidental destruction or modification
- To protect data from deliberately destruction or modification
- Make sure that data is available to authorized users
A plan for a security plan
- Helping identify the key management area in each client department
-
Devising professional surveys and other means to learn about employee’s current attitude towards security
- Helping to setup and conduct interviews with department managers and employees
- Planning and delivering training programmes to support the security programme
- Keeping in mind above mention points, objective should be to which part of organization needs more security improvement.
Element of security plan
A security plan should have two major sections
- A risk assessment
- Strategies to deal with the identified risks, these strategies fall into several category
- Procedural tactics like revised security policies
- Physical protection, to prevent direct access to important resources
- Technical security, which includes both hard ware and software techniques.
The first major task is to perform risk assessment. Identify the threat to network system and determination of how serious it could be.
This assessment will become the foundation of security plan. In many organizations errors and accidents are biggest threats. Deliberately action by dishonest employee is next. Outsider and viruses bring up the end of the list. A good way to assess your risk is to examine the kind of data we handle, question like these help us
- What kind of data is maintained?
- For what purpose does the organization use it?
- What would the organization lose if the data were lost or stolen?
The best security strategy is to attack the most serious identified risks. No security measure is good security measure unless it effectively responds to specific, significant risk.
It is better to adopt following step
- Secure polices and procedures
It is harder to understand and enforce if there will be thicker policy manual. It is better to establish basic set of policies, to back up measure. Possible subjects for polices include the proper use of password, guideline for administration use the system, anti virus procedures, provision for the auditing, back up and audit trails.
- Training
This is the security tactic that ‘s frequently overlooked. People often endanger data because they don’t know how to do the right things.
3. Audit trails
The system should maintain a record of every one who logs on and off the system. It can be important to identify unauthorized user.
Physical security is less important in a networked environment. A network has served component where physical security can help prevent theft and manipulation.
Technical security option includes
- Identification
- Access control
- Ensuring data integrity
- Encryption
Identification is foundation of security techniques. No security system is perfect, and password offers no exception. Every user should be allocated a unique password. The best database management system has multiple ways to check new entries and flag possible error. Encryption can be time consuming, though it is most use full when critical information is sent.
Extending a security plan to the network is mainly a matter of applying these old principals to the new environment.
- Identification and authentication
- Discretionary access control
- Auditing
- Object reuse
- Secure communication
These can be implemented with combination of procedural, physical and technical controls.
Three levels can be used as a framework for planning
- Base line
- Selective control
- Special control
The process of building a security base line has seven basic steps
- Determine the scope of review
- Identify existing controls
- List additional control objectives
- See what other combines are doing
- Building a preliminary list of base line control
At the second level are selective controls. These are used less universally than the base line techniques. Someone who proposes one of these controls should demonstrate that the risk is worth the effort, but the selection of strategy itself is more or less automatic.
At the third level are special controls. Here both the risks and the responses are truly unique to your situation. Anyone who makes the proposal at this stage should be prepared to strongly justify both the needs and the response.
Hardware and Software Security
Both in hardware and software, the computer has ability to protect itself, that’s true even of PC and networks. Nevertheless, there are two important points to remember.
- No form of security is automatic. Whatever the size of system, work has to be done to make it secure. Network requires more work than centralized systems.
- No form of security can do it all. Even the most advanced and comprehensive form of large system security can do the part of job.
- The role of technical security
The increased use of network and personal computers has directed new attention to technical type of protection. It is now possible to design technical measures that will protect you against most type of crime and abuses.
The major type of technical security also overlaps and works together
- Hardware controls are used to make sure the operating system functions properly and to control access to the programme and data.
- Software controls are used primarily to identify users and control their success. They also let you monitor use of the system
- Communication controls are applied to networks, modems, and other communication systems components to control access and flow of data over the system.
Keeping up with technical developments
Development Potential problems Technical responses
Computer processor have Password may be bypassed High speed identification
become faster and more complex before the system can react method
More people have computer know- Unauthorized employees can Multiple levels of ledge and experience gain access to sensitive access control
information
More people has detailed Programs can be modified to Input-output protection
technical knowledge bypass normal controls to isolate users
Information has been made more More opportunity to manipulate Allow access
widely available in client-server and misuse data only to authorized database systems files
Local Area Network
Security in Local Area Network
The local area network is the key to enterprise network security. LAN s security itself was once a minor problem. Now the things are changing and security is becoming a vitally important.
Pillars of LAN security are
- Password administration
- Back up control
- Build awareness
- Teach techniques
- Identifying the work station and restricting the times at which they can provide access
- Enforcing a minimum password length
- Requiring that password can be changed at regular intervals
File access can be managed by providing the user to access privilege according to their needs.
Users are key to data integrity. Most error prone when they download their data and add flawed data. Back up is the key to network reliability whether from failed component or natural disaster. It is important to check the file server and check the periodically backup. Other available measure include
- A help desk readily available
- Good network tools, but access restricted to designated network managers
- Alternative routing around failed components
- Physical access control over network server
- Uninterruptible power supplies
Manager must manage the network people, users must learn how to use network, and this is fundamental weapon against network crime. The most fruitful areas of training include
- Educating employees about the security issues involved in work
- Training users how to properly use and protect their passwords
- Making people aware of the needs to maintain accurate data and of the ways which they can do this
- Educating users about the possible impact, personal as well as corporate of illegally copying
- Software
- Establishing a policy that internal e-mail message can not private or secure
Technical security for LANs
Network operating systems are tools for network security. To secure a network managers first have to look in operating system and version they are using for their organization.
Manger should always look in market and use an operating system that fulfills their needs.
Operating systems may be Window NT, Novell NetWare, and Unix.
Network security basic
A full LAN security systems should include following
- A availability system to make sure that network’s assets are readily available to authorized users
- A access-control systems that allows restricted data to be used only by authorized users
- A security system that guard against modification of data, whether by accident or design
New forms of data communication bring together many activities that previously handled at separate place. These developments has several consequences
- They have combine and multiplied the risk associated with each of these previously separate component
- There has been increase in number of communication channel that must be secured
- Departmental distinction within organization has been blurred.
Almost every one in the office now has computing and communication power, to be used wisely or otherwise.
This creates a sense of diffusion within the organization that can easily outstrip the company’s ability to manage it. Management includes security. Just as expanding communication net require tighter and better management.
Electronic mail is leading example. Like other kind of networks, it is a communication system that has many points of access and number of vulnerable spots. Be careful while sending secure data (it should be encrypt first).
In fact role should apply to any communication whose security is not absolute certain. The first role of communication security is careful what sends on network. Don’t assume it safe.
Assume that what ever is transmitted will arrive shortly on the desk of the desire person.
One reason communication network has been vulnerable is that many users don’t know how vulnerable they are?
Tips for Secure Network
These tips sum up the process of meeting that responsibility
- Manage software installation. A central authority should be responsible for all installations, insuring that license terms are honored and incoming software is free from viruses
- Place server behind locked doors
- Scan regularly for viruses. Include the network nodes as well as servers
- Grant supervisors right to as few people as possible
- Change all the default password provided with applications or network operating systems
- Maintain a log of employees who fail to log out properly, practically after hours
- Maintain the gentile record of who was using the network, when, where and why.
- Make backup daily. Secure them off site in a secure and fireproof location. Along with them, store documentation on which your backup system is configured.
- Require password change at fixed intervals. Require that password should be at least five characters.
- Control access to e-mail, and its folders and groups, just as control access to other network resources.
- If staff use dial in access, make sure the security feather available in communication package includes encrypted or hidden password and dial back features. If communication software lacks these find alternative.
- Use screen savers. They protect against random eyeballing of critical data. Many also include password protection
- Make sure people know what the printing options are. Don’t let print job be sent to non-existence printers.
- Place printer that handle sensitive information to secure area
- Grant trustee right only to people who truly needs programs or information
Security And Windows NT
The highly networked and multi-user nature of Windows NT operating system makes the security an issue of prime concern to Window NT users
Overview of privilege
There are six basic file permissions: read, write, execute, delete, change permission and take ownership to implement a secure network.
Allows the correspondent user to read the object file or directory
Allows the corresponding user to write to that object file or directory
Allow the user to execute the object. The object must be an execute .com, .exe,.bat file
Allows the user to delete the correspondent object, file or directory
Allows the user to change the object. The object’s owner must always change the object’s permissions. This permission should be provided to highly trustable user.
Care should be taken when using this permission this permission because it has the tendency to generate the Windows NT security equivalent.
File systems and protection
NTFS gives the most capability in the security arena. Conversely FAT offers the most flexibility for recovery when things go wrong.
Partly due to this tradeoff developer of Windows NT implement a network with some capable security features using the FAT file system.
Two modes of implementing security
These modes are called modes1 and mode2. Using mode1. We can use networked share as directories to control file access. Using mode2, you can fully exploit the security capability of NTFS to support implementation.
Security mode1: File/Directory Protection on FAT Drives
Because file/directory level security is not a FAT construct, implementing a secure network using FAT disks is a little tricky. Windows NT, fortunately, has support features that make it possible to put together such an implementation with minimal difficulty.
- Identify the user who will need access to your networked FAT drives
- Log on as the system administration
- Create subdirectory on the FAT disk that is being networked for each of the intended network users. This will make the backup every easier.
- For each directory at steps3, share these directories using File Manager share option.
- Using the permission box on the share as window, specify that each directory have read, write, execute, and delete privileges assigned to the correspondent user. Assign no other user to access to these directories. The administration will take ownership of them the structure is now in place for secure implementation. To further ensure security, ascertain that no users can log onto a system that host one of the FAT drives shared in the above process. Although it may possible to conceive a ’’mix and match’’ networked where share directories exist on several machines assign to various users in the network. It is possible to short-circuit a complex security scheme just by logging on the system containing the FAT drive. Security is not a FAT construct, therefore after accessing the FAT drive, any one can roam anywhere on that drive. It is therefore recommended that you use a dedicated networked server when sharing FAT drives
- Sharing information using security mode 1
Unfortunately FAT don’t allow any one to set permission on individual files, sharing information is the most easily done by copying file to directory where another user may access them. Often companies have a public drive where every user can access them. If there is network FAT drive, define a share as directory for each user to serve as an ’’in’’ directory. Then permit all users to write. Permit only the user whose ’’in’’ directory it is to have read, write, add and delete privileges.
Security Mode 2: File/Directory Protection Using NTFS
This mode of operation takes maximum advantage of the security capabilities of NTFS. To implement network mode 2, allows all network users to share those NTFS directories that they need. Generally the system administration is privilege to access the root directory. The individual systems users are then permitted access appropriate to their role on the individual system. User accesses the Network either through connecting the network drive or by remote login to the appropriate host system.
Each system must have an administrator whose role it is to manage the security of network.
- Sharing information using security mode 2
A user who wants to share a file with another user in a mode 2 would simply grant the second user read privileges to the file. The second user should be given the name of the system where the file resides. Once the information has been transferred, or the user no longer requires system, remove the read privilege.
Auditing
Just as company’s accountants periodically keep the book straight with an audit, system administrator must keep the Windows NT security system straight using auditing.
Auditing is the automatic process of recording successful and unsuccessful access to Windows NT objects.
Using file manager to view and change security auditing options
For each user or group of users that you want to audit, you can choose to track attempts to read, write, execute, delete, change permissions, and/or take ownership of the file, group of files or directory selected. For each of these events, it can be chose to track successful attempts
The EVENT VIEWER allows monitoring events
- The Main Event Viewer Display
The following attribute associated with it
- Date/Time: The date and time event occurred
- Source: The name of the application, subsystem, or driver that generated the event
- Category: Some events are categorized based on the type of event. This create event subtypes
- Event. A numeric identification that identifies the type of event
- User: The user name associated with the events
- Computer: The name of system on which the event occurred.
In keeping with the network nature of the Windows NT operating system. The event viewer makes it possible to view the events on the other systems connected to network.
Configuring NT Network Services
From user point of view Windows NT service controller is managed by graphical accessory application access by the service icon on the control panel. Double clicking on that icon cause service dialogue box which show the service currently installed on system.
The following can be managed and they are important in security point of view.
1 Alert: This service sends the message to connected client workstations warning them of problem with the server. An example alert message might be a disk full error message. To transmit its warning message, this service relies on messenger service.
2 Directory Replicator: This service lets you maintain duplicate copies of directories and there file contents across multiple networked computers. The computer maintaining the original set of directories and files is known as the export server, the other computer on which information is duplicated is known as import servers.
3 Net Logon: This service authenticates a user’s right to logon on to the network and accesses its resources. It does this by coordinating Security Account Manager (SAM) databases-a database of user account information-across network services. This service should be loaded only if your machine is connected to Windows NT Advanced Server network on which one server store the SAM for entire network domain. With this configuration, a user’s account information is stored in a single place and verified once at logon time for all users on the domain to which the user has rights.
4 Server: This service provides support for file and printing sharing. Without this, other users will not have access to shared directories and printer on computers
5 UPS: If there is an uninterrupted power supply connected to the computer, this service manages that unit during power failure or blown out of sufficient magnitude to affect system operation
Window NT ’S Administrative Tools
Many of Windows NT ’s high-level capabilities-such as its multi-user environment and disk configuration-are controlled and monitored through administrative tools. These tools
Consist of five basic components
User manager allows the administrator to manage the user accounts, groups, and what in NT parlance are known as policies. A policy typically consist of three component
- Account Policy
- User right policy
- Audit policy
Each of which controls the way NT will deal with and control user and their application on the system.
The account policy more concern about password whether the password will expire or user will change password on next time.
User right policy describes the privileges of user in network.
Audit policy tracks the events in systems.
Disk Administrator is a tool that allows you to create and delete disk partition and control their features.
Performance monitor allows identifying performance bottlenecks, with this tools performance of different object can be monitor in graphical format, and their affect on system. Processor Memory, Cache and Process can be monitor.
A reliable backup system is must. Back up is power full new utility that comes with Windows NT, and it support a number of powerful back options, which offer normal and incremental back ups as well as differential and daily back ups.
Secure Electronic Commerce
Electronic commerce is a new source of making revenue, expanding new markets reducing cost. The risk of e-commerce some time seems as large as the rewards. The infrastructure that support electronic commerce can be susceptible to abuse, misuse and failure causing number of business problems including financial loss due to fraud lost business opportunities due to service disruption and loss of customer confidence.
There is famous fraud took place in City bank in which a hacker attack on Citibank cash management system.
Some of common security risks are
- Unauthorized access: in which an person gain access to computer system without having right
- Planting: an attacker leaves behind a mechanism to facilitate future attacks.
- Spoofing: in this a attacker tamper with the data or learn about confidential information
- Repudiation: a party to transaction falsely denies that the transaction occurred or was an authorized after the fact
Cryptography
Cryptography techniques, such as encryption and digital signatures are important in implementing secure electronic commerce
In this system information are protecting through ”key” system in which information is coded according to an algorithm and can only be shared among users who hold a key or encoding algorithm.
It is piece of data that is sent with an encoded message to uniquely identify the originator and verify and it is verified that message has not been altered since it was sent .A digital signature goes beyond techniques such as integrity check-value mechanism because it supports non repudiation. In other word it may be used to resolve dispute between the parties involved in transaction.
Electronic commerce application security
Here is a brief overview of higher-level security measure needed for electronic data interchange (EDI) and Internet bankcard payment system
EDI is the application-to-application exchange of business data in industry standard formats. It can provide instantaneous data transmission. It is based upon open standards and Internet has potential to low cost dramatically. Currently it is possible to apply standard Internet message security protocol to EDI interchange message. For example EDI MIME (Multipurpose Internet Mail Extensions) contents are fully compatible with MIME security protocol.
Secure electronic Transaction is a complete protocol and infrastructure specification for supporting bankcard payment over the Internet. It was developed by the visa Master card and other organization.
How it work is illustrated by an example
Suppose when a cardholder agrees to make purchase from the merchant, the car holder sends online payment instruction to the merchant. The merchant then communicates with the appropriate financial institution via payment gateway forwarding the payment instruction, to authorize and capture the transaction. The acquiring bank does the capturing.
Conclusion
We cannot trust a software vendor completely for security matters. One of the recent examples is that a network computer security company found a security hole in Windows NT and subsequently Microsoft released a patch for it.
The best solution for computer network security depends on many factors and considerations. The best solution for a system might not be the best solution for another system.
Network security design, implementation, and maintenance are needed during the use of the system. It should not be done temporarily, but it should be done continuously. It does not have to be static since internal and external threats and challenges change rapidly.
Bibliography
-
Andrew S.Tanenbaum, Computer Network
-
Balaji Kumar, Broad Band Communication
-
Donn B. Parker, Seventeen Information Security Myths Debunked, ISSA Access, Vol.3, No.1, pp.43-46, first-quarter 1990
-
Len Feldman, Windows NT: The Next Generation, SAMS Publishing, 1993
-
Marcus J. R. & Matt Curtin, Internet Firewalls FAQ, 1998
-
Microsoft Corp., Microsoft Windows NT server one-step at a time, Microsoft Press, 1996
-
Peter T.Davis & Barry D.Lewis, Teach Yourself Windows NT Server 4 in 14 days, SAMS Publishing, 1997
-
Thomas W.Madron, Network Security in the 90’s: issues and solutions for managers, John Wiley&Sons, Inc., 1992
-
D.Wagner and B.Scheneier, Analysis of the SSL 3.0 Protocol, The second USENIX Workshop on Electronic Commerce Proceedings, USENIX Press, November 1996, pp. 29-40
-
W.Peter.Davis, Windows NT, MCSE series
- http://www.verisign.com
________________________________________________________________________
Page