Computer networks and communication methodologies are getting much valuable to todays organization to carry out operational work efficiently and accurately. It is much more useful to communicate data and information within remote locations or deferent department in an organization.
Computer network is basically a telecommunication network which connects autonomous computers to exchange data between applications, systems, and end users. Communication between computers can be established by combination of wired or wireless media with networking hardware. In an organization before sending data through a transmission medium, the security of the information identified to be most valuable to an organization existence and competence. An example old days all the important files were kept in lock and key in steal cabinets and the access keys were kept with responsible officer. So when introduction of the computers and networks the requirement for a proper security mechanism became more critical. When it comes to shared system or a system works with public telephones or over public internet even more disposed to security threats and to have a confident of the communication proper security measures have to be adapted according to standards.
Among various types of networks, the very much vulnerable and the best known computer network is the Internet. Most of the governments, academic organizations and private businesses are virtually interconnected via public networks. Therefore in networking world we should consider the term internet security. Introduction to Security ThreatsIn recent days computers and networks have been used often to do most of the things efficiently accurately.
Past decades lots of computer users getting connected to networks and the security threats that cause massive harm will increasing gradually. Network security is a major part of the network communication and has to be maintain and watch frequently since information is passed between computers and it is very vulnerable to attacks. According to IT security.com following are the ten of biggest threats to computer network security. 1.
Viruses and Worms 2.Trojan Horses 3. SPAM 4. Phishing 5.
Packet Sniffers 6. Maliciously Coded Websites 7. Password Attacks 8.Hardware Loss and Residual Data Fragments 9. Shared Computers 10.
Zombie Computers and Botnets [2,3] direct copy Malware TypesAccordingly to the network threats I have mention in the above paragraphs we can say Malicious Software is software that is intentionally included or inserted in to alter the original information or a program to sabotage the process. Malicious software can be separated into two sections which are those that need a host program, and those that are independent. Malware Types and its characteristics are as follows: Malware NameDescriptionNeed Host ProgramStandalone ProgramVirus Malware when executed tries to replicate itself to another program’s executable code and when it is achieved the program known as infected. So when the infected code is executed the virus will generate its activities. YES NO Worm A computer program can spread same version on the other computer on the network NO YES Logic bomb A program insert into a software by an intruder and it actives when a applied condition become valid. It activates and run in an unauthorized manner.
YES NO Trojan horse It’s a malware that act as a useful program and gain secret information from the computer to do unauthorized work. NO YES Backdoor Any method that can bypass normal security mechanism and gain access to a functionality YES NO Mobile code It can be a script, macro other small instruction code which can transmitted over the network and run in the targeted computer to do unauthorized prcessers. YES NO Auto-rooter Kit Malware tool that can be used to break into a system remotely. NO YES Spammer A program used to send large amount of unwanted emails without any user control.
NO YES Flooders A program used to send large amount of traffic over the network to use its full bandwidth to degrade performance of the network system. NO YES Keyloggers Malicious program that intend to capture key strokes of the computer to obtain user sensitive data. NO YES Rootkit Set of malicious hacking tools to gain access in a hacked computer to obtain root access to use root permission in a computer system. NO YES Zombie A program that is activated in an infected computer to launch an attack to other computers in the network.
NO YES [4] Security Conceptual FrameworkSince I have been working as a Network/Security engineer in medium scale Import and Export Company and my duties are to design, implement and maintain a interrupted highly secured network system for organization operation. Highly competence in Import Export business company privacy is much more valuable as the company’s network communication. Entire operation in the company depend on the network system and its application servers. Since finance/accounting department, sales department, HR department are depend on the ERP System (Enterprise Resource Planning) and it the backbone of the system. Given below is the basic diagram of the company network design.
The better practices to maintain network securityI have listed most important security principles check the companies network is adhere to the ethics of the network. 1. Network devices should be configured securely and accessed in a secure manner – All the workstation should be configured using VLANs and separate in department level to increase department level security. Network devices residing in network should configure in a strong password mechanism. 2.
Secure protocols should be used for network communications – SSL encryption should use for data exchange with the corporate web server. Connecting through a remote location and the DR site has to be connected to the corporate network with strong VPN connection using one or more technologies such as Layer 2 Tunneling Protocol (L2TP), IPSec or SSL utilizing a minimum of 128-bit encryption. 3. Internal and external facing networks should be appropriately segregated through the use of demilitarized zones (DMZs) and control devices such as securely configured firewalls or router Access Control Lists – Only the servers which requires internet for their services and can expose via using DMZ method. 4. Internal networks should be configured to prevent or detect attempted unauthorized connections and the flow of suspicious traffic – We can use Network Intrusion Detection System (NIDS) is utilized to monitor all systems in the Internet DMZs 5.
Anti-virus server has to be implemented in the network to manage all the virus guards in the user computers to detect and correct any virus issues appear and to maintain updates periodically. 6. When a client computer is idle and if the user is not present in the location it should lock the device itself immediately in a given time period from physical data theft. 7. All the critical entry points and server location and the DR location have to be monitored using a proper CCTV system to avoid physical access and to avoid cable tampering. VulnerabilitiesIn computer world vulnerabilities are weaknesses in the software or network system or a client that can be misused by a determined intruder to gain access to or interrupt a network communications.
A system vulnerability is a condition, a weakness of or a nonexistence of security procedure, or technical, physical, or other controls that could be expose by a threat. Vulnerabilities to EavesdroppingEavesdropping is the unauthorized real-time capturing or listening of a private communications.As an example eavesdropping can be targeted to phone call, instant message, videoconference, fax transmission, VOIP sessions and wireless communication systems. “The term eavesdrop derives from the practice of actually standing under the eaves of a house, listening to conversations inside” In figure 1 network eavesdropping attack can be encountered to company database servers and DR site server when replication take place.
To avoid the threat there should be a proper encryption mechanism for the communication link. There is another eavesdropping threat can be faces into WiFi network. Since the communication channel is wirelessly spreading attacker can easily try to capture the transmission and attack to possible weakness in the communication. Eavesdropping also be prone to copper network cables which can be capture data through electromagnetic capturing techniques. [5] Application VulnerabilitiesApplications are weak link to data protection strategy. An application vulnerability is a system flaw or weakness in an application that could be exploited to compromise the security of the application.
Once the attacker has found the system flaw or vulnerability in an application and has a solution to gain access and change the original structure can be facilitate to cybercrime. These crimes target the confidentiality, integrity, or availability (known as the “CIA triad”) of resources possessed by an application, its creators, and its users. According to Gartner Security, the application layer currently contains 90% of all vulnerabilities. Common Application Vulnerabilities can be stated as follow: Cross Site Scripting (XSS) Cross-site scripting is a type of computer security vulnerability typically found in Web applications.
It enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls its own policies. Buffer Overflows The buffer overflow, one of the common security vulnerabilities, occurs when the application does not perform adequate size checking on the input data. This programming flaw can be used to overwrite memory contents. When the data written to the buffer exceeds the allocated buffer length, the excess data spills over to adjacent memory space. This memory space is normally the application’s program stack that is used to store the address of next piece of code that it will execute.
Through Buffer Overflow attack, this memory space can be overwritten causing the application to lose control of its execution.Under buffer overflow conditions programs may behave in a very strangemanner. The results can be unpredictable. In many instances they may not respond or in other words they may hang. This “hang” situation of the application program can turn into a “Denial of Service (DoS)” attack thus making program inaccessible.
Cross Site Request Forgery Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.[2] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser. Insecure Cryptographic Storage Websites that need to store sensitive information, such as usernames, passwords or other personal details, must use strong encryption to secure the data. Insecure cryptographic storage means sensitive data isn’t stored securely. If malicious users can access insecurely stored data, they can view it with little effort.
[http://support.godaddy.com/help/article/6739/insecure-cryptographic-storage [6,7] Vulnerabilities in Encryption Mechanisms“Brute Force” Cracking “Brute force” is another way of saying “trial and error.” With this method, a “cracker” tries every possible key until he or she stumbles upon the correct one. No encryption software program it is entirely safe from the brute force method, but if the number of possible keys is high enough, it can make a program astronomically difficult to crack using brute force.
For example, a 56-bit key has 256 possible keys. That’s up to 72,057,594,037,927,936 – seventy-two quadrillion – keys that a cracker may have to try in order to find the correct one. TIP: The more bits in a key, the more secure it is, so choose software with as many bits as possible. If you have a choice between 56-bit encryption and 128-bit encryption, for example, use the 128-bit encryption.
“Back Doors” A “back door” is a security hole in a piece of software. A “back door” may be present because someone created it in the software with malicious intent, or by accident. Whatever the reason, if a malicious “cracker” discovers a “back door” in a program, he or she may be able to discover your key or password. TIP: Make sure that the encryption software you choose has been rigorously tested.
Read online reviews, and consider how long the software has been available. Visit the software’s Web site periodically to check for patches and updates, and install them. Making Good KeysIn every kind of encryption software, there is some kind of password that must be created so that the intended recipients of the information can read it. Creating a password that “hackers” or other malicious parties cannot easily guess is just as important as choosing a good algorithm or strong encryption software. TIP: Take care to make a strong key.
Use a varied set of characters, including lowercase and uppercase letters, numbers, and symbols (like spaces, colons, quote marks, dollar signs, etc.). A good password should be longer than eight characters; the longer it is, the harder it is to crack. TIP: If you forget your password, you will not be able to decrypt data that you have encrypted. Be sure to make a backup copy of your password and store it in a safe place, such as on a floppy or zip disk, a CD, or a separate hard drive.
You can also copy and paste your password into a new document, print the document, file the paper somewhere safe, and delete the document from your computer. [8] Vulnerabilities in ConfigurationWhen configuring a firewall in an organization perimeter, firstly it has to be started from blocking state on all ports and enabling only required ports for the operation. If it is not happened in that order there will be chance of opening unwanted ports to do an attack. When configuring a server in organization we should consider the average hit rate. If it is a mail server, attacker can obtain access to mail server and send unwanted spam email and degrade its performance and it can be get into black list of the server.
If any organization uses windows based machines it have to be installed with recommended internet security virus guard system which cover most of the Malware attacks and it should performed a periodic updates. To implement VPN serveries for DR site access and for remote users you should select a proper encryption mechanism since if you select DES encryption it will more prone to brute force attacks. When implementing WiFi systems Strong authentication mechanisum has to adapted to the system like WPA2 Enterprise. If you select WEP authentication it is more prone to security attacks. In a SQL Injection attack, the attacker is able to modify the SQL command that is being executed at the backend database to read, delete, or insert data. The application becomes vulnerable to SQL Injection in situations where the dynamic SQL is created without data validation.
CountermeasuersCountermeasures are the protection measures that reduce the level of vulnerability to threats. PreventiveRisk Analysis. A continuous risk assessment can help minimize network security risks by examining the risks that a user or an organization face. This is a well-known planning tool that forms the basis for risk management and prevention. Security Policy. A security-related policy with Incident handling and escalation procedures is important for handling network security incidents and attacks.
Having a policy available for network users provides the necessary resources, steps, and actions to effectively respond to such security events. Security Awareness Training. If network users are aware of security incidents, threats, and attack intrusions, they will likely know what to do and how to act before, during, and after a network attack. This may be the most effective defense countermeasure for network security. As affirmed by SANS, “Security Awareness is a critical part of an organization’s information security program; it is the human knowledge and behaviors that the organization uses to protect itself against information security risks.” [2] Awareness training can raise the level of general interest and concern among enterprises and network users.
[http://www.brighthub.com/computing/smb-security/articles/107026.aspx] DetectiveIntrusion Detection Systems (IDSs) are designed to detect network attacks in progress and assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems.NIDS is an intrusion detection system that resides on the internal network of an organisation. The NIDS attempts to detect malicious activity by observing traffic around the network via sensors placed at key points in the network.
NIDS can inspect both incoming and outgoing traffic for suspicious activity or data. CorrectiveMeasure of complianceTo avoid eavesdropping in replication of the databases to DR site stated in Figure 1 diagram over the internet is a challenging task.To encrypt the connections between main site and the DR site there are several industry standard methods, such as Virtual Private Networks (VPN), Secure Sockets Layer (SSL), or IP Security (IPsec). [http://msdn.
microsoft.com/en-us/library/ms151227.aspx] In this organization operation I use IPSec with 3DSE encryption mechanisum to enable communication between perimeter firewall router of the organization and the DR site firewall router. Avoid connecting to the database as a superuser or as the database owner. Always use customized database users with the bare minimum required privileges required to perform the assigned task.