Threats to network security
Threats are processes or people that pose a potential danger to identified assets. There are several types of threats to network security:
- Physical harm
- Natural disaster
- Mechanical failure
- Electronic signals
- External connection
- People
- Virus
A network is physical vulnerable to intrudes and misuse. For example some one enters in building and can steal important information or often find some important password and access to information.
Natural disaster means loss of data while destruction of building like bombing in world trade centre. In PC most critical mechanical device lies in hard disk. When it fails it destroys lot of data. Electronic component like power supplies also fails.
Network is also vulnerable when it connected with outside world. These include internetworking device like bridge, routers and modems. People working in side organization should not always access all the information in network. Many have wide range of access though because some assume they ought to have it.
Virus is a program that can infect to other program by modifying the program, and can be infected to other program. A virus can do anything that other programs do. The only difference is attached itself to another program and execute secretly when the host program run. Viruses cause some error and large of distraction. They also have found a profit motive. Some new kinds of viruses are more discriminating. They amid at specific targets and are designed to cause specific problems.
A new type of ‘‘cruise virus’’ or ‘‘attack software’’ enters a company ‘s network. Instead of causing random destruction this virus circulate in all network until it finds required target. It may broadcast confidential information or private communication, or it may sabotage the entire system.
Firewalls
The definition of firewall is a filters packets in order to let only certain kinds of messages pass to and from computer network(s), in other word protecting local system or network system from unknown message or threats. Firewall can be used to block IP spoofing. Some important notes are:
- A firewall is actually a computer. It is placed between internal network and outside/global network. It can also be placed in internal networks where access to some segments of the networks is security aware.
- All traffic from inside and outside global must pass through firewall. This is achieved by physically blocking all access to the local network except via the firewall.
- Firewall is a gate between global/outside networks and the internal network. It also provides several services such as access control, authentication, activity logging, and alarm warnings.
- Firewall will not protect a network from bugs, human error, and non-network attacks. If there is bug(s) in network software or firewall software, even the best firewall cannot protect it. Human beings do mistakes and because a firewall is only a computer with software, then the firewall only do exactly what the setter tell it to do without tolerance.
Types of firewalls
There are three common types of firewalls:
- Packet-Filtering Routers (figure 1.0)
- Application-level gateways (figure 1.1)
- Circuit level gateways (figure 1.2)
Packet-filtering routers filter every incoming or outgoing packet (from or to the internal network). Packets that meeting some criterion are forwarded normally and those that fail the test are dropped.
Application-level gateway act as a relay of application level traffic, the users contact the gateway by using a TCP/IP application, such as telnet and FTP, and the user gives a name of the remote host to the gateway to be access. The gateway contact the application on the remote host and relays TCP segments containing the application data between the end two points while the user provide a valid ID and authentication information.
The last type for firewalls is a circuit level gateway. A circuit level gateway does not permit an end-to-end TCP connection; rather, the gateway set up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside. Circuit level gateway can be a stand-alone system or it can be a specialized function performed by an application-level gateway for certain application.
Conclusion
In conclusion network security is essential in IT industries. We have realized that network security is a real issue, not just paranoia. In short, implementing effective network security is everyone’s responsibility, not just the IT staff. If we are understand about the security needs.
Firewall is really important in a big network it will prevent from someone sneaking into you privacy document. Designing a firewall is a heavy task. In practice, a system security management will do the design of firewall. The design needs special training and experience with various types of firewalls.
Reference
- Goldman E.JAMES & Rawles T.PHILIP (2001): Applied Data Communication (Third Edition)
- Tanenbaum S.Andrew (1996): Computer network (Third Edition)
-
Case Study chapter 6
Extreme Networking
Activities:
- Top-down model
Business :Upgrade the communication links in the Amundsen-Scott South Pole base through the new VoIP system, and to have a reliable, fast and secure communication with inexpensive cost.
Application: VoIP, Windows NT, fast operating system to receive data from the base, internet connectivity.
Data : Graphic files, data and voice.
Network : Voice over IP, subnet, satellite links.
Technology: Cisco 12 SP+IP, router, switch, fibre optics cable, firewall, TDRS F1, gateway, selsius gateway, GOES-3
- Unanswered question:
Do we need to worry about the network security?
Business:
- The motive of this case study was to upgrade the system communication in South Pole base to become more efficient, reliable, fast with inexpensive cost.
- The voices over IP replace the rudimentary voice links that relied on ham radio and ATS-3, an ancient NASA satellite originally used to support the Apollo lunar missions.
Application:
- VoIP, communication of voice and data through the use of internet protocol and gateway which is used for data integrity.
- Windows NT for security
Data:
- Graphic file, voice and data file.
Network:
- Because of LES-9 has limited bandwidth, they change it to VoIP system.
- They used ATS-3 to communicate before the using VoIP, after the installation GOES-3, LES-9, TDRS F1 satellite were used for the communication and transmission data.
Technology:
- Linux based Netmax firewall, Cisco 4000 router, Cisco 2500 router, Cisco 12 SP+IP, Catalyst 2924M-XL, GOES-3, LES-9, TDRS F1, fibre optic cable, catalyst 6509 core switch.
Case study chapter 7
Web Switches Open e-Comm Doors at Nettaxi
Activities:
- Top-down model
Business : Nettaxi want to prioritize the request of premium customer, and organize the traffic on the site.
Application : fast data switching depending on the type of customer
Request for a particular content should to that particular server
Data : data files
Network : separation of data accessed
Technology : data request of the servers
Traditionally, a load balancing schema was used
Nettaxi now uses six arrow points CS-100 switches to route request to 72 sun servers running solaris.
Network : switches are used to switch to the type of data request by user.
Data : nettaxi gets about million hits and pushes out 7.8 terabytes of data to users on daily basis.
Application : Http, e mail, cookies
Business : the result was greater bandwidth, and server horsepower to cluster hosting the most crucial data.
Unanswered : how is it possible to distinguish between user?
Business : the importance of scribes initiated this change, because it’s quite important to satisfy those who are the basis of the business.
The business are primarily marketing oriented