LEVEL OF DEFENSES IN NETWORK SECURITY
Kritika Soni1, Kunal Singhvi2, Naveen Malkani3
1,2 Department Of Computer Science and Engineering
Geetanjali Institute of Technical Studies, Dabok
3 Executive Director of Microsystems, Udaipur
Email: 1 sonikritika569@gmail.com
2 kunal.singhvi.1987@gmail.com 3 director@micro-systems.org
ABSTRACT: A secured network is one which is free of NETWORK SECURITY
unauthorized access, threats and hackers. This paper
describes the different levels of network security. A brief Network security consists of the provisions made in an
overview of the Network Security, its need, different threats underlying computer network infrastructure, policies
and related protection techniques are presented. The paper adopted by the network administrator to protect the network
presents a general overview of the most common network and the network-accessible resources from unauthorized
security threats and the steps which can be taken to protect access, and consistent and continuous monitoring and
an organization and to ensure that data travelling across the measurement of its effectiveness combined together.
network is safe and secure. The paper presents the setup of Network Security refers to “all hardware and software
an Ideal Network Defense System. functions, characteristics, feature, operational procedures,
accountability measures, access controls, and administrative
KEYWORDS: Network Security, Probes and Scans, and management policy required to provide an acceptable
Account Compromise, Packet Sniffing, Denial of Service, level of protection for hardware, software, and information
Malicious Code, Anti-viruses Packages, IP Sec, VLANs, in a network.” [1]
MAC Policies, Tokens, Access Control Lists, Firewalls.
TYPES OF THREATS
INTRODUCTION
Threats to network security range from harmless pranks to
The Internet has undoubtedly become the largest public data devastating crimes of destruction and theft. Breaches in
network, enabling and facilitating both personal and network security occur internally by employees and
business communications worldwide. The volume of traffic externally by hackers. Penetration into a network can occur
moving over the Internet, as well as corporate networks, is through password sniffers, IP snooping, and E-mail attacks.
expanding exponentially every day. More and more Further damage can be accomplished through the use of
communication is taking place via e-mail; mobile workers, viruses, worms, Trojan horses and logic bombs. Some
telecommuters and branch offices are using the Internet to threats are discussed here [2]:
remotely connect to their corporate network. This vast
network and its associated technologies have opened the Probes and scans-A probe is characterized by unusual
door to an increasing number of security threats from which attempts to gain access to a system or to discover
corporation must protect themselves. Despite the costly risks information about the system. . One example is an attempt
of potential security breaches, the Internet can be one of the to log in to an unused account. Probing is the electronic
safest means by which to conduct business.
equivalent of testing doorknobs to find an unlocked door for
easy entry. Probes are sometimes followed by a more serious
PURPOSE security event, but they are often the result of curiosity or
confusion. A scan is a way of performing multiple probes
This paper examines some of the different aspects of using an automated tool. The most common kind of scan is a
network security and how they work to keep our information "port scan." This kind of scan queries for listening ports on a
safe from people with malicious intent. This paper will remote computer. Scans are often a prelude to a more
reveal into the general information behind the different directed attack on systems that the intruder has found to be
networks out there and the reasons why we need network vulnerable.
security. Next, the different threats and the ways network
security is implemented will be discussed. Account compromise - It is the discovery of user accounts
and their passwords on a system. It allows an unauthorized
user to gain access to all resources for which that user
1
�account is authorized. An account compromise might expose PROPOSED IDEAL NETWORK DEFENSE SYSTEM
the victim to serious data loss, data theft, or theft of services.
An ideal network defense system is presented along with the
Packet sniffing - A packet sniffer is a program that captures Level of Defenses.
data from information packets as they travel over the
network. That data may include user names, passwords, and
proprietary information that travel over the network. If the
data captured by a packet sniffer is encrypted, it is unlikely
that someone will be able to reveal any sensitive
information. However, if the data is not encrypted, just about
any information sent is vulnerable to being compromised.
Installing a packet sniffer does not necessarily require
privileged access; however, it requires obtaining access to a
network card interface somewhere in the line of
communication.
Denial of service- The goal of denial of service attacks is
not to gain unauthorized access to machines or data, but to
prevent legitimate users of a service from using it. It is
basically, flooding a network with requests that can
overwhelm it and ultimately make a computer slow down or
ultimately crash. A denial of service attack can come in
many forms.. They may also disrupt physical components of
the network or manipulate data in transit, including
encrypted data. The underlying purpose to a denial of
service attack is to bog down a system by giving it too much
information to process quickly enough.
Malicious code -Malicious code is a general term for
programs that, when executed, can cause undesired results
on a system. Users of the system usually are not aware of the
program until they discover the damage. Malicious code
includes Trojan horses, viruses, and worms. Trojan horses
and viruses are usually hidden in legitimate programs or files
that attackers have altered to do more than what is expected.
Worms are self-replicating programs that spread with no
human intervention after they are started. Viruses are also
self-replicating programs, but they usually require some
action on the part of the user to spread inadvertently to other
programs or systems. These sorts of programs can lead to
serious data loss, downtime, denial of service, and other
types of undesirable effects FIGURE 1
Spoofing - Making a computer look like a "trusted
computer". Computers on networks often have trust
relationships with one another. For example, before
executing some commands, the computer checks a set of
files that specify which other computers on the network are
permitted to use those commands. If attackers can forge their
identity, appearing to be using the trusted computer, they
may be able to gain unauthorized access to other computers.
2
� LEVEL OF DEFENSES field is designed to foil this type of attack), Traffic flow (for
this, Tunnel Mode have to be selected. In tunnel mode, the
We have an extensive choice of technologies, ranging from entire IP packet is encapsulated in the body of a new IP
antivirus software packages to dedicated network security packet with a completely new IP header. It is most effective
hardware, such as firewalls and intrusion detection systems, if implemented at a security gateway, thus company
to provide protection for all areas of the network. Further machines in a network do not have to be aware of IPSec).
tools can be deployed that periodically detect security
vulnerabilities in the network providing ongoing, proactive • Firewall:
security. With all these currently options available, it is A firewall is a dedicated appliance, or software running on
possible to implement a security infrastructure that allows another computer, which inspects network traffic passing
sufficient protection quick access to information. A network through it, and denies or permits passage based on a set of
requires multiple layers of protection to be truly secure. rules [4]. The firewall creates a protective layer between the
network and the outside world. In effect, the firewall
replicates the network at the point of entry so that it can
1. Physical Level Security: receive and transmit authorized data without significant
Physical security is an initial concern when designing a delay. However, it has built-in filters that can disallow
secure network. The easiest and best means of protecting unauthorized or potentially dangerous material from entering
important machines like servers is to secure them under a the real system. It also logs an attempted intrusion and
lock and key. Next, make sure to use wiring that is least reports it to the network administrators.
susceptible to eavesdropping and snooping. Copper wiring
can be connected to with greater ease than other types of
cables, and is thus more vulnerable.
2. PC Level Security:
This level of defense includes technologies as Antivirus • Folder Guards:
Software Packages, IP Sec, host Firewalls, Folder Guards Folder Guard is a computer security software tool that lets
etc. you password-protect, hide, or restrict access to files and
folders of your choice, and also restrict access to other
• Antivirus Packages: Windows resources, such as Control Panel, Start Menu,
Virus protection software is packaged with most computers Desktop, and more. You can configure the protection so that
and can counter most virus threats if the software is only specific users would be restricted, on both stand-alone
regularly updated and correctly maintained. The package and networked computers.
includes a virus database that helps it to identify known
viruses when they attempt to strike. To keep updates and
maintenance costs to a minimum, all the computers on a 3. Server Level Security:
network should be protected by a same antivirus package. It
is essential to update the antivirus package on a regular This level of defense includes Port Blocking, Service
basis. Authentication, VLANs, Tokens, and Security Policies etc.
• IPSec: • Security Policies:
It is an industry-wide standard suite of protocols and Security policies are rules that are electronically
algorithms that allows for secure data transmission over an programmed and stored within security equipment to control
IP-based network that functions at the layer 3 of the OSI such areas as access privileges [5]. These are also written or
model [3]. The two primary security protocols used by IPSec verbal regulations by which an organization operates. The
are Authentication Header (AH) and Encapsulating Security policies that are implemented should control who has access
Payload (ESP). The AH protocol provides authentication for to which areas of the network and how unauthorized users
the data and the IP header of a packet using a one-way hash are going to be prevented from entering restricted areas. The
for packet authentication. AH does not offer any encryption security policy management function should be assigned to
services. ESP protocol provides Confidentiality (through the people who are extremely trustworthy and have the technical
use of symmetric encryption algorithms like DES or 3DES), competence required.
Data origin authentication and connectionless integrity,
Anti-replay service (it is based upon the receiver, meaning • VLANs:
the service is effective only if the receiver checks the A VLAN is a logical grouping of network users and
sequence number. When the hacker nicks a copy of an resources connected to administratively defined ports on a
authenticated packet and transmit it later to the intended switch. A VLAN is treated like its own subnet or broadcast
destination, it can disrupt services. The sequence Number domain, meaning that frames broadcast onto the network are
only switched between the ports logically grouped within the
3
�same LAN. It allows network administrator to have total statements within any access list is significant. Access
control over each port and user plus whatever resources each lists can be applied as inbound or outbound access lists.
port can access. VLANs can be created in accordance with Inbound access lists process packets as they enter a
the network resources a given user requires. router's interface and before they are routed. Outbound
access lists process packets as they exit a router's
• Tokens: interface and after they are routed.
A security token can be a physical device that an authorized
user of computer resources is given to ease authentication. A SECURE NETWORK DVELOPMENT
They are used to prove one’s identity electronically.
Hardware tokens typically store cryptographic keys, such as
PROCESS
digital signature, or biometric data, such as finger-print
We have discussed techniques for preventing network
minutiae. The simplest security tokens do not need any
security threats. Now we are in a position to design a
connection to a computer. Other tokens connect to the
strategy for designing a secure network. Network
computer using wireless techniques. The new form of tokens
Security must follow three fundamental percepts [7].
are mobile devices which are communicated with out-of-
First, a secure network must have integrity such that all
band channel (like voice, sms etc.). Disconnected tokens
of the information stored therein is always correct and
have neither a physical nor logical connection to the client
protected against fortuitous data corruption as well as
computer. They use a built-in screen to display the generated
willful alterations. Next, to secure a network there must
authentication data, which the users enter manually via
be confidentiality, or the ability to share information on
keyboards. Connected tokens are tokens that must be
the network with only those people for whom the
physically connected to the client computer. These tokens
viewing is intended. Finally, network security requires
automatically transmit the authentication info to the client
availability of information to its necessary recipients at
computer once the physical connection is made, eliminating
the predetermined times without exception.
the need for the user to manually enter the authentication
info.
Additionally, certain preliminary steps must be taken in
order to access the need for and overall level of network
4. Switch Level Security
security. First, an appraisal of the dependency on the
information within the network must be performed to
This level of defense includes VLANs, MAC policies and
know the level of security necessary to protect that
MAC filtering.
information. Next, measurements must be taken of any
foreseeable weakness in the current network structure as
• MAC Filtering:
well as the design for future network security. In
MAC filtering refers to a security access control
addition, it must be realized that security is a continuous
methodology whereby the 48-bit address assigned to each
task. Network security is not purchased once; instead it
network card is used to determine access to the network.
must be continually monitored and managed. Finally,
MAC addresses are uniquely assigned to each card, so using
network security should be an evolutionary process
MAC filtering on a network permits and denies network
whereby its progression and subsequent protection
access to specific devices through the use of blacklists and
occur in stages.
whitelists. While giving a wireless network some additional
protection, MAC filtering can be circumvented by scanning
a valid MAC and then changing the own MAC into a CONCLUSION
validated one.
Network must be secure in order to prevent against
5. Router Level Security: threats to their integrity, otherwise the loss or misuse of
information can be catastrophic. The paper set upon
This level of defense includes Access Control Lists. defining the role of network security and hoped to
explain further how to achieve that role. The changing
• Access Control Lists: strategy for developing a secure network coincides with
It is a list of conditions through which router can control the creation of new threats; therefore, it is an
(permit or deny) the packet on the basis of sources and evolutionary process constantly changing to meet new
destination address and protocols. Access lists are requirements. In conclusion, computers and software are
processed in sequential, logical order, evaluating now the part of world-wide-network, making them more
packets from the top down, one statement at a time. As susceptible to threats and thus demanding Network
soon as a match is made, the permit or deny option is Security.
applied, and the packet is not applied to any more
access list statements. Because of this, the order of the
4
� ACKNOWLEDGMENT
We are bestowed with single honor of acknowledging our
indebtedness and deep sense of veneration towards our
respectable teacher Mrs. Ridhima Khamesra , head of
computer department of GITS, Udaipur (Raj.) under whose
supervision & expert guidance we have been able to
complete the project.
We express our gratitude to our teachers Mrs. Pallavi Ameta
& Mr. Satish Somani for regular encouragement.
In the last but not the least we owe our deep sense of
gratitude to our respected parents without whose blessings &
guidance this work could never be completed.
REFERENCES
[1]. Shaffer, Steven L., and Alan R. Simon, Network
Security, Academic Press, 1994.
[2]. Library Computer and Network Security: Library
Security Principles – Security Threats and
Vulnerabilities – Infopeople.org.
[3]. Cisco Certified Network Associate, Study Guide,
Todd Lammle, 6th edition.
[4]. Microsystems Networking and Security Solutions.
URL: http://www.i2sc.org
[5]. A Beginner’s Guide to Network Security, Cisco
System.
[6]. Security Tokens, Wikipedia. URL:
http://en.wikipedia.org/wiki/Security_token.
[7]. Alexander, Michael, The Underground Guide to
Computer Security, Addison-Wesley Publishing
Company, 1996.
