Network Security

Jiuqin Wang

June, 2000

Security & Operating system

• To protect the system, we must take security measures at two levels:

• Physical level: The site or sites containing the computer systems must be physically secured against armed or surreptitious entry by intruders.

• Human level: Users must be screened carefully so that the chance of authorizing a user who then gives access to an intrude is reduced.

• Security at both levels must be maintained if operating system security is to be ensured.

Security & Operating System• Windows NT: Although Windows NT was designed with security in

mind,it was plagued with security problems. Microsoft has improved its security significantly,it is possible to run a very secure system using Windows NT.

• Windows 95: When Windows 95 files are shared across the network, they use a simple password scheme with limited security.

• UNIX: Most commonly broken into systems on the Internet. However, it’s possible to make an extremely secure UNIX system by carefully configuring features and installing security fixes.

• Netware:. Netware has included security features from the beginning, The latest version, Netware 4.11, is comparable with Windows NT’s level of security.

Establishing a plan

• Considering the security of the network as a whole, a comprehensive network security plan should be built firstly.

• An effective plan must encompass all the elements that make up the network and provide five important services:

Establishing a plan (Cont.)

• Accessibility: Provides users with the means to transmit and receive data to and from any network resources with which they are authorized to communicate.

• Confidentiality: Ensures that the information in the network remains private.This is typically accomplished through encryption.

• Authentication: Ensures that the sender of a message is who he claims to be.

• Integrity: Ensures that a message has not been modified in transit.

• Nonrepudiation: Ensures that the originator of the message can’t deny that he sent the message. This is useful for both commercial and legal reasons.

Types of network security threats• The various threats to network security are of two general types:

passive threats and active threats.

• Passive threats include monitoring and/or recording of data while it is being transmitted over a communication facility, release of message contents, and traffic analysis.

• Active threats involve an interruption of data movement, modification of data, or the creation of a false data stream.e.g.denial of services, a masquerade,virus, worm,trojan horse, logic or time bombs.

• Understand the sources of risk.

• Incorporate the right balance between the level of security and the threat.

Security Devices &Measures

• Cryptography

• Firewalls

• Network intrusion detection

• Security in the server and host environments, mobile code, data transport etc

Cryptography

• It provides the fundamental mechanisms for privacy, authentication, and integrity that are at the heart of most security plans

• The basic mechanism works as follow:

• The information(text) is encrypted(encoded) from its readable form, called clear text, to an internal form, called cipher text,although readable,does not make any sense.

• The cipher text can be stored in a readable file, or transmitted over unprotected channels.

• To make sense of the cipher text, the receiver must decrypt(decode) it back into clear text.

Cryptography (Cont.)

• There are two kinds of encryption schemes:

• Symmetric key algorithms: Encryption schemes in which the same key used to encrypt a message can be used to decrypt it.

• Asymmetric key algorithms: Encryption schemes that use two mathematically related keys. Messages encrypted using one key can be decrypted using the other key. Also known as public-key algorithms.

Simplified example of public key cryptography

• The original message(1) is passed through a one-way hash function(2).

• The result of hash function is encrypted (3) with the private key of the sender(4).

• The encrypted hash value acts as a digital signature(5), then is added to the original message to form the message to be transmitted(6).

• The entire message is first encrypted(7) with the public key of the receiver(8), then is transported over the untrusted network(9).

• The received message is decrypted(10) with Alice’s private key(11).

• The received message(12) should be composed two parts.The original portion is passed through the same one-way hash function(13). The digital signature is decrypted(14) with Bob’s public key.

• Alice compares the result of the hash of the original portion to the decrypted value of the digital signature portion(16).If same,success.if different,message was damaged or not sent by Bob.

Simplified example of public key cryptography (Cont.)

Firewalls

• A firewall is a computer or router that sits between the trusted and the untrusted.

• Packet filter firewalls examine endpoint identifiers in datagrams passing through a link to determine if each packet should be allowed to proceed.

• Proxy firewalls act as a mediate between two devices attempting to communicate through the firewall.

Network intrusion detection

• Network intrusion detection devices try to detect and call attention to odd and suspicious behavior.

• Anomaly detection devices use statistical methods to try to detect activity that deviates from normal behavior.

• Misuse detection devices examine traffic and use patterns, and try to identify a pattern that they can compare to signatures or scenarios known to be dangerous or suspicious.

Sever Security &Securing the host

• A web server has two root directories: the server root and the document root. The best practice is to run the server as a genuine user with both a unique user ID and membership in a group.

• Host security focuses on the host system’s configuration and operational practices and provides a foundation for server security. Challenges in host system security include complexity, access control, and accountability.

Securing data transport

• There are two fundamentally different approaches to securing data in transit.

• In the network-layer approach, the encryption and authentication is added directly into the networking stack so that traffic is protected without requiring the application to incorporate it.

• In the application-level approach, the application itself is modified so that traffic is encrypted before it is submitted to the operating system and network layer. It is then decrypted by the receiving server application.

Mobile code security

• Mobile code comprises general-purpose executables that run in remote locations.

• There are basically three practical techniques to secure mobile code: Sandboxing, code signing, and firewalling.

• The sandbox method limits the executable’s privileges to a small set of operations.

• The code signing method checks to see if the executable’s source is trustworthy.

• The firewalling approach limits the programs a client can run based on the executables’ properties.

Low-tech and high-tech solutions

• Finally, from another point of view, the steps being taken to improve network security include adopting some simple, yet effective, “low-tech” network management practices as well as employing the latest in high-tech solutions to security threats.

• The following tables simply review some of these solutions, along with their present products, systems and some vendors. Of these, Table 1 and table 2 are belong to low-tech, others are high-tech network security measures.

TABLE 1. Network Management Systems

SecurityFeature Product/System

Vendor

NetworkManagementSystems

FUN Frye ComputerSystems, Boston,MA

Netback CheyenneSoftware, Roslyn,NY

NetworkAdministrationSuite

Symantec/Norton,Lindale, GA

NetSPvlr2 IBM Corp.

TABLE 2. Network Security Analysis Systems

Security Feature Product/System

Vendor

Network SecurityAnalysis Systems

Kane SecurityAnalyst

Intrusion Detection,New York, NY

SmartPass e.g. software,Portland, OR

AudiTrack On TechnologyCorp., Cambridge,MA

TABLE 3. Firewalls

Security Feature Product/System VendorFirewalls:a. packeting filteringrouters

DISCO 2514 Disco Systems, Inc.,San Jose, CA

Firewall IRX Livingston Enterprises,Inc., Pleasanton, CA

b. dedicatedworkstation run onpacket-filteringsoftware

FireWall-1 CheckPoint SoftwareTechnologies, Ltd.,Lexington, MA

c. application gateways Interlock ANS CO+RE SystemsInc., Reston, VA

Janus Firewall Server NetPartners Inc.,Newport Beach, CA

Eagle NeetworkSecurity Mgmt. Systemand Eagle Remote

Raptor Systems Inc.,Waltham, MA

Sidewinder Security ComputingCorp., Roseville, MN

TABLE 4. Public-Key Encryption

Security Feature Product/System VendorPublic-KeyEncryption

PersonacardPCMCIA

National SemiconductorPower Business Unit,Sunnyvale, CA

Pathkey Paralon Technologies Inc.,Bellevue, WA

LJK/Login LJK Software, Cambridge,MA

RSA Secure RSA Data Security Inc.,Redwood City, CA

Crypta Plus Telequip Corp., Hollis, NH

TABLE 6. Virus Protection Systems

Security Feature Product/System VendorVirus ProtectionSystems

ROMshield McAfee, Santa Clara,CA

LANDesk VirusProtect

Intel Corp., Santa Clara,CA

Inoculan Cheyenne Software,Roslyn, NY

SuiteMeter BrightworkDevelopment, SantaClara, CA

Conclusions

• No system is absolutely secure.

• Firstly an effective network security plan must be addressed.

• Then balance between a through assessment of the threats and risks present and the plan’s objectives.

• Incorporate the appropriate security technology to provide a secure environment.