Saturday, October 17, 2009

Lecture 6 -14092009-

This lecture is all about security in networks.

 

The network security issues concern with few areas which is resource sharing, complexity, unknown perimeter, many points of attack, unknown path, anonymity and etc. A network may combine two or more systems with dissimilar operating systems and different mechanisms for interhost connection. Complexity of this nature makes the certification process difficult. Besides, access controls on one machine preserves the secrecy of data on that processor but files stored in a remote network host may pass through many host machines to get to the user.

 

The hacking phase in network is reconnaissance, scanning, gaining access, maintaining access and covering tracks.

 

It is hard to ensure security in networks. This is due to the complexity nature of network. Thus, threats in network are greatly increase nowadays. With many unknown users on a network, concealing sensitive data becomes more difficult and this makes privacy hard to be exercised.  Besides, authenticity is also hard to maintain as it is difficult to assure identity of user on a remote system. Impersonating and eavesdropping in often occurs, too. Cracker can configures a system to masquerade as another system, thus gaining unauthorized access to resources or information on system that ‘trust’ the system being mimicked.  Besides, cracker can eavesdropping using wiretapping, radio, auxiliary ports on terminals and suing software that monitors packets sent over the network. Denials of service, packet replay, packet modification are also threats in networks. In denial of service, a user can render the system unusable for legitimates users by ‘hogging’ a resource or damaging or destroying resources. Packet replay refers to capturing and then resending packets on a network, with or without packet modification.

 

To control network security, there are several means include encryption, strong authentication and Kerberos. Firewall is also one of the means. Encryption can be divided into link encryption and end-to-end encryption.  Link encryption is applied between 2 hosts while end-to-end encryption can be applied between 2 applications. On the other hand, strong authentication is a form of computer security in which the identities of networked users, clients and servers are verified without transmitting passwords over the network. In order to support authentication in distributed system, Kerberos is appearing. It is the network authentication program that Fermilab uses to implement strong authentication. In addition to establishing identity (authentication), it supports encrypted network connections, thereby providing confidentiality.

 

Next, firewall is an important network security device. It is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

There are several types of firewall techniques:

·         ·Packet filters: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

·         ·Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose performance degradation.

·         ·Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

·         ·Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

That’s all for our lecture today.

 

 

 

 

No comments:

Post a Comment