Network Security

Introduction

First , let us define what network security is . Network security is the method used in applying appropriate measures in to protect the entirety of the network from external unauthorized use , malfunction improper closure , and modification . With this in mind , it creates a secure integrated platform for the network of computers and users in to perform essential tasks in a secure computer environment Furthermore , specific provisions and policies applied in a particular computer network structure comprise network security . This is implemented by the network administrator in to protect and secure

the entire network together with its resources . The subject of network security is a complex matter only to be discussed by computer pundits and software experts . Eventually , as the need for a comprehensive understanding of network security increases , more people are deemed to understand the fundamentals of security in the vast world of networking before engaging in e-commerce and data communications . In to do such , it is a staple requisite to understand the basic principles of network security . One must adhere to the basic foundations of networking , and its fundamentals as well . The fundamentals of networking are essential in understanding the concept of network security . This aims to explain to ordinary users the basic concepts in to cope with management risks and troubleshooting in the cyberspace marketplace (Curtin , 1997

However , this is not an instructional manual hands-on document but rather a refresher course on how to reduce and moderate network security risks in the workplace . It is also aimed at giving a networking neophyte a more comprehensive perspective on what networking and networking security is . An in-depth overview of networking history is considered a probable introduction for networking neophytes . Inter networking and TCP /IP is some of the subjects that should be understood Networking neophytes are to be briefed with aspects like network threats firewalls , risk management , and special-purpose secure networking tools . Administrators and managers are always subjected into such aspect of office work due to the fast-paced trading of information through the cyberspace (Curtin , 1997

Network Security : An Overview

Network is defined as a particular set of interlinking lines that resembles a net - an interconnected system of a plethora of network alliances . This is a comprehensive definition of what a computer network is - a series of interlinked computers augmenting each other . Most people have ignored the importance of network securities in networks . It has been dismissed as simply deploying an apt firewall in to protect the entirety of a particular network from external interference In a recent report by CERT , apparent threats to national infrastructure and a handful of security incidents has become an international obstacle for most companies . The cumulative in 1988 to over 82 ,000 in 2002 , with over 82 ,000 occurring in 2002 alone . Security vulnerabilities are doubling every year . In 2002 , over 4 ,000 security vulnerabilities were reported . Such figures only suggest external networking threats . Internal network threats are hardly reported , and can be more complex and destructive than external threats The magnitude of such matter is staggering . Bear in mind that every incident , which includes a particular site and a myriad of others can be infected by the apparent sinister network sabotage within a period of time . This becomes a crucial and alarming matter for network service providers , business enterprises , government officials , and end users as far as apt network security is concerned (Richman et al , 2004

Undoubtedly , network security is the leading concern of many network executives according to a recent survey . With this in mind , it is essential for companies to instigate the formation of security solutions in to be applied in the company network . This will affect an end-to-end perspective for networks that cross the public telephone network , the Internet , or any Internet protocol (IP ) network due to the fact that security vulnerabilities affect the U .S . Government and major corporations on a daily basis . Factors such as balance of price features , and the utilization of security solutions should understood by service providers before applying apt network securities . Bell labs has developed the Lucent Network Security Framework in to address international obstacles of service providers , enterprises , and consumers for wireless , optical , and wire line voice , data , and converged networks . Management information , control /signaling information , and end-user data used by and transported by

The network infrastructure , network services , and network-based applications are all given apt troubleshooting solutions by the Lucent framework . It provides the network administrator a comprehensive and holistic perspective of network security . This will enable the network administrator to apply apt network elements and applications in determining , monitoring , and correcting certain security vulnerabilities . The Lucent framework is one simple example of a network security measure . It is used o assist in the development of network security policies and requirements , as well as to form the basis for a network security assessment (Richman et al , 2004

Anatomy of a Network : Security Threats , Security Layers , and Security Planes

The Lucent Network Security or any security framework identifies security issues both intentional and accidental , which needs to be prevented , detected , and corrected within the network . The four primary security threats are interruption , interception , modification , and fabrication . The following are defined as

Interruption - A particular asset of the system becomes unavailable , or unusable . It is an attack on availability . Malicious destruction of a network element , omission of a software program or data , and malfunction of an operating system manager are prime examples of this threat (Richman et al , 2004

Interception - An unauthorized host gains access to an asset . The external user can be a person , a program , or a computing system . This is an attack on confidentiality . Wiretapping to acquire substantial data and listening to wireless radio transmission are some examples of this threat (Richman et al , 2004

Modification- An unauthorized host tampers with a particular asset . A deliberate attack on integrity , examples of theses are : paralyzing the network configuration values in a database and modification of data being transmitted in a network (Richman et al , 2004

Fabrication - An unauthorized host gains access in form counterfeit objects on a network

An obvious attack on authenticity , examples of this particular threat are : unauthorized access to the network , as well as omission and commission of unclassified data in the database (Richman et al , 2004 Security planes are the types of activities , which occur within the network . There are the end-user plane , control plane , and management plane . Comprehension of the planes is required in to ascertain the integration of these planes in the network (Richman et al , 2004

p Management Plane - This plane initiates and performs the operations administration , maintenance , and provisioning (OAM

) of the network elements , transmission facilities , and back-office systems . This plane supports the fault , configuration , accounting , performance , and security (FCAPS ) functions (Richman et al , 2004 Control Plane - This plan is concerned with enabling the efficient delivery of information , services , and applications . It also secures of securing and protecting the

applications across the network . It typically involves end-user data being transported by the service (Richman et al , 2004

End-user Plane - This plane explains how customers use and gain access to the service provider 's network . The end-user plane represents

Actual end-user data flows as well . End-users benefit from such through the use of various network-based applications (Richman et al , 2004 Aside from the security planes , network frameworks also consist of security layers that consist of a hierarchy of network equipment and facility groupings . The triad of security layers complements each other in to provide apt security solutions . Security layers comprise infrastructure , services , and applications areas

Infrastructure Layer - It consists of network transmission facilities as well as individual network elements and hardware platforms . It includes the hardware and software comprising the network elements and platforms

Service Layer - It consists of services , which customers receive from its service providers . The services layer has a wide-array of services such as basic transport and basic IP connectivity or internet access . IP service enablers such as authentication , authorization , and accounting (AAA ) services , dynamic host configuration services , and domain name services . Value-added services are also included like voice over IP (VoIP (VPNs , location services , 800-services , and instant messaging (IM

Application Layer - This particular layer emphasizes on the network-based applications , which are accessed by service provider clients , as well as other end-user applications that will need network services . Such applications are made available by network services Applications which are enabled are : transport , web-browsing applications , network-based voice messaging , and e-mail . The application layer also carries high-end applications like Peoplsoft , electronic commerce , video collaboration , and customer relationship management Encryption and Decryption

Data encryption is an essential tool in making network securities efficient . It is the procedure in which data are transformed into cipher text using a mathematical algorithm and a handful of confidential information or encryption key . On the other hand , decryption decodes this process with another mathematical algorithm , which reverses the outcome of a particular encryption algorithm . Cryptosystem is the term given to encryption algorithm and all its possible keys , plaintexts and cipher texts . A myriad of advance encryption systems , which uses algorithms have been made known to users . For instance , a well-known and very simple algorithm is the Caesar cipher , which encrypts each letter of the alphabet by shifting it forward three places (OpenLearn , 2008 Thus A becomes D , B becomes E , C becomes F and so on . A cipher that uses an alphabetic shift for any number is called as a Caesar cipher (OpenLearn , 2008 .It is the most commonly-used cipher in the encryption process

The entirety of the encryption process secures data exchange in a particular network . It makes the influx of data more confidential . It prevents traffic from node to node and avoids instances of eavesdropping as well . Encryption complements a network whenever what portions are to be encrypted and the layers that are included in a specific reference model . It is crucial for packer-switched networks to ascertain the application of encryption to such important network tools such as routers , bridges , and switches . With this in mind , encryption is aptly labeled as end-to-end encryption . It will depend on whether it is implemented or re-applied at the end of each link within a certain communication path . It aids the network administrator in distinguishing a wide-array of encryption on a designated OSI layer . Encryption is applied in network layers , which are identified by an internet protocol Link layer encryption and end-to-end encryption is described at the figure below (OpenLearn , 2008

Encryption in relation to the protocol layers (Source : based on King and Newson , 1999 ,

. 104

Implementing Firewalls

The implementation of firewalls is one crucial and essential matter in to moderate and restrict unwanted access in a particular network Usually , it is implemented within a gateway . The firewall monitors incoming and outgoing traffic within the boundaries of the zone protected by the firewall . It restricts external parties to gain access in designated unprotected zones . IT also denies internal hosts in gaining access to insecure external services . A firewall is a company 's primary weapon in restricting unwanted external hosts from infiltrating their network system . IT augments their network security , and moderates traffic

This figure shows how a firewall filters information

The Network Security Framework

Each network security framework has its share of standard security services , which it utilizes to adhere to its particular network security . These security services are found in the ITU-T Recommendation X .800 . There are eight basic dimensions of network security , which should be addressed in to deter various external host attempts in exploiting and sabotaging a company 's network . However , such dimensions are not limited to the network . It also covers from end-users to application . Furthermore , these dimensions concerns service providers that offer security services . The eight dimensions are present in to integrate all the aspects of network security . These dimensions are as follows

Access Management - protects against unauthorized use of network resources . It ensures that only authorized hosts are allowed to gain access to network elements , stored information , information flows services , and applications

Communication Security - ascertains that data only flows between authorized and secure endpoints . Information influx should not be diverted and intercepted during its flow within the endpoints

Authentication - It is used to confirm identities of communication hosts . This dimension ascertains that the validity of the claimed identities of hosts . It also determines whether the host is duplicating an authorized host . It addresses the security threat known as fabrication

Data Integrity - This dimension ascertains the accuracy of information against instances of unauthorized modification , omission , and replication of activities within the network . It prevents instances of fabrication and modification threats

Non-Repudiation - The dimension that provides assurance of the origin of the data or the apparent cause of a network activity . It ascertains the availability of proof that a particular activity has transpired within the network . It also prevents the security threat of fabrication

Data Security - It protects data from unauthorized disclosure . It ensures that data remains private , and prevents unauthorized access Data confidentiality is made possible by encryption , which prevents the security threat of interception

Availability - The dimension that ascertains that makes it possible for authorized access for authorized host . It makes network elements present such as : stored information , information flows , services , and applications . It also prevents the security threat of interception

Privacy - It provides the essential protection of information , which is derived from network activities observation . It is a protection against direct and covert unauthorized attempts from individual users , service providers , enterprises , or the network infrastructure

Conclusion

Network Security should be a standard ordinary procedure for any organization or company , which is adamant on securing and protecting its vast database from unwanted authorizations and apparent sabotaging from external hosts . Network security provides holistic network protection and moderation of the influx of data . Activities within the network should be monitored and filtered in to prevent harmful unauthorized access from external hosts bent on sabotaging an organization 's database . Network security should not be limited to service alone it should be developed in to provide holistic end-to-end solution for a network . With this in mind , a network can be secured and protected . A network should revolve around a specific and apt design of network security framework

References

Richman ,S . McGee ,A , Picklesimer ,D . et al (2004 . A Framework for Ensuring Network Security . Bell

Labs Technical Journals

Curtin ,M (1997 . Introduction to Network Security . Retrieved April 9 2008 , from

http /www .interhack .net /pubs /network-security

Openlearn (2008 . Network Security . Retrieved April 9 , 2008 , from

http /openlearn .open .ac .uk /course /view .php ?id 2587 Network Security PAGE 1 ...