In today’s era, almost every single organisation uses a computer and has a computer network to send, receive and store information. Whether it’s sending emails, storing documents, or serving information through a web server, it is very important to focus on security, especially if your network contains sensitive, confidential and personal information.
The Importance of Network Security
Network security affects many organisations, whether they are large, small, or government organisations. If network security is breached an intruder can do all sorts of harm. That is why people need to be aware of and to be educated about network security and how to secure their computer and network. Systems are required to be updated regularly as new security flaws are discovered. Without being up to date, it makes it easy for a hacker to gain unauthorized access to the system.
If you are in charge of network security in your organisation, there are a few areas of focus:
- Deter – To educate people and discourage people to break into systems for illegal and malicious reasons
- Prevent – To put in place measures to prevent unauthorised access. This can be authorising uses with special access, encrypting communication, and updating security systems
- Detect – To become aware of a security breaches. This could be setting up logs to record who has accessed items or used the system
- Correct – To implement a fix to the flaw discovered in a system. If someone has breached the security of the system, implement measures to prevent it from happening again
Not only do you have to focus on security, you also have to be aware of the types of security attacks that can happen on your computer network. Before we go on to discuss about the types of security attacks, an attacker may aim to do one of the following:
- Interruption – Interruption is an attack on availability such as a denial of service attack (or DOS). An interruption attacks’ aim is to make resources unavailable. Not to long ago, WordPress.com, a popular Blog Hosting Site was faced with a DOS attack taking down the servers so the service was unavailable to its users
- Interception – Interception is an attack to gain unauthorised access to a system. It can be simple eavesdropping on communication such as packet sniffing or just copying of information
- Modification – Modification is an attack that tampers with a resource. Its aim is to modify information that is being communicated with two or more parties. An example of a modification attack could be sending information that was meant to go to one party but directing it to another.
- Fabrication – A Fabrication attack is also known as counterfeiting. It bypasses authenticity checks, and essential is mimicking or impersonating information. This sort of attack usually inserts new information, or records extra information on a file. It is mainly used to gain access to data or a service.
Keeping the above in mind, there are two main types of attacks whose aim is to compromise the security of a network – passive attack and an active attack.
A passive attack can be split into two types. The first type of passive attack is to simply monitor the transmission between two parties and to capture information that is sent and received. The attacker does not intend to interrupt the service, or cause an effect, but to only read the information.The second type of attack is a traffic analysis. If information is encrypted, it will be more difficult to read the information being sent and received, but the attacker simply observers the information, and tries to make sense out of it; or to simply determine the identity and location of the two communicating parties.
A passive attack is usually harder to detect as there is little impact to the information communicated.
On the other hand, an active attack aim is to cause disruption, and it is usually easily recognised. Unlike a passive attack, an active attack modifies information or interrupts a service. There are four types of an active attack:
- Masquerade – To pretend to be someone else. This could be logging in with a different user account to gain extra privileges. For example, a user of a system steals the System Administrators username and password to be able to pretend that they are them
- Reply – To capture information to send it, or a copy it elsewhere
- Modification – To alter the information being sent or received
- Denial of service – To cause a disruption to the network
Even though a passive attack doesn’t sound harmful, it is just as bad as an activate attack, if not worse.
Security services is a service that provides a system with a specific kind of protection. The X.800 OSI Security Architecture defines 6 major security service categories, that once a system satisfies these 6 categories, the system is X.800 compliant.
- Confidentiality – Protects data from being read or accessed by unauthorised personnel
- Authentication – Ensures that no one can impersonate someone to be legitimately authorised to access a services they should not access.
- Integrity – Ensures data cannot be alternated and messages that are sent and received have not been read, duplicated, modified or replayed to another party.
- Non-repudiation – Prevents the sender or receiver from denying the transmission of a sent or received message. The sender and receiver are to be able prove that they sent or did not send or received a message
- Access control – Limits and control access to certain system applications to certain users
- Availability – Ensures the service is only available to legitimated users and not available to users who do not have access to the application
Security mechanisms are ways to detect, prevent, or recover from a security attack. It is important for systems to have implemented as many security mechanisms as possible as required for their system.
Specific Security Mechanisms
- Encipherment – Encrypting and decrypting communication
- Digital signatures – An electronic signature to assure the genuineness of a digital document
- Access controls – To only allows people with permission to access something
- Data integrity – Ensure data is in full and unchanged
- Authentication exchange – The exchange of communication that takes place when authorising someone
- Traffic padding – Determining what is legitimate data and what is false data
- Routing Control – Sending information through a specific line or path
- Notarisation – Official documentation of procedures
Pervasive Security Mechanisms
- Trusted functionality – How well you trust the information
- Security labels – Label information with a particular security attribute
- Event detection – Logging events that take place
- Security audit trails – Checking security to ensure that measures are being followed and intrusions have not occurred
- Security recovering – Recovering from a security issue
Network Security Model
The network security model is a model that determines how the information is sent securely over a communication line.
The components the model contains are:
- Sender – who sends the information
- Receiver – who receives the information
- Communication line – the line in which the communication is sent over
- Encryption / Decryption – to encrypt and decrypt the communication over the information channel
- Trusted Third Party – who distributes the secrete key and information between the two parties to be able to communicate securely
The tasks that network security model performs is to be able to have the two parties communicate with each other without any other parties being able to read and understand the information being sent. To do this, the model needs to:
- Have a suitable algorithm to encrypt the messages (Secure Socket Layer – SSL)
- Generate a secrete key to be used by the algorithm (SSL Provider)
- Develop methods to distribute and share the secrete key (SSL Provider)
- Specify a protocol to be able to transmit the information (https)
The OSI Security Architecture defines three main areas of security management. These activities are to be preformed System Administrators.
- System security management – The management the entire computing environment focusing on the security aspects
- Security service management – The management of particular security services
- Security mechanism management – The management of particular security mechanisms
Information and network security is an important and critical issue that all computer systems need to have implemented some sort of security control. Without having security, sensitive information can be easily gained, so it is important that we deter, prevent, detect, and correct security issues.
There are a number of security attacks that can take place, and system administrators need to implement measures to ensure security breaches do not occur.
The next article in this series will look at encryption techniques to ensuring communicates are encrypted so they cannot be read my other parties.