Transcript Secure Your Network

Secure Your Network
Tianhui Gao
Class: COSC513
Summer, 2000
How Network problems occur
• Companies want to connect their private network to the
Internet, security has become one of the primary concerns.
• Corporations want to offer WWW home pages and FTP
servers for public access on the Internet.
• Regardless of the business, an increasing number of users
on private networks are demanding access to Internet
services such as the World Wide Web (WWW), Internet
mail, Telnet, and File Transfer Protocol (FTP).
Concerns of Network Security
• Intrusions of the Public Switched Network (the
telephone company)
• Major computer network intrusions
• Network integrity violations
• Privacy violations
• Industrial espionage
• Pirated computer software
Main factors of network problems
and the percentage of losses
9%
Human errors
4% 2%
10%
55%
20%
Physical security
problems
Dishonest
employees
Disgruntled
employees
Viruses
Outsider attacks
Prevention Measures









Maintain a solid, well thought out corporate security policy;
Install audit trails and ensure them are turned on;
Maintain backups;
Install strong user authentication and encryption capabilities on
your firewall;
Use a stand-alone firewall (hardware and software) with network
monitoring capabilities;
Do not provide overfriendly log-in procedures for remote users;
Restrict physical access to the server and configure it so that
breaking into one server won't compromise the whole network;
Change log-ins/passwords frequently, especially when
employees change jobs; and
Minimize the number of modems on the system.
Security policy
• The first step an organization must take to achieve a secure
system is to define the organization's security policy.
• A security policy must apply at all times. The policy must
hold for the data stored on disk, data communicated over a
telephone line with a dialup modem, information printed
on paper, data transported on portable media such as a
floppy disk, and data communication over a computer
network.
• Assessing the costs and benefits of various security
policies also adds complexity
Access control and passwords
A simple password scheme works well for a
conventional computer system because the system doesn't
reveal the password to others.
In a network, however, a simple password mechanism is
susceptible to eavesdropping. In such situations, additional
steps must be taken to prevent passwords from being
reused.
Audit trail
An audit trail is a record showing who has
accessed a computer system and what operations
he or she has performed during a given period of
time.
Audit trails are useful both for maintaining
security and for recovering lost transactions.
Encryption and privacy
To ensure that the content of a message remains
confidential despite wiretapping, the message
needs to be encrypted. The data is transformed or
encrypted into an unreadable format, called
cyphertext. Only those who possess a secret key
can decipher (or decrypt) the message into
plaintext.
Public key encryption
• It assigns each user a pair of keys. One is private key
that is kept secret, and the other one is called public
key that is published along with the user name. Public
key encryption can be used to guarantee
confidentiality.
• The scheme ensures that data remains confidential
because only the receiver can decrypt the message.
Antivirus programs
Most people use antivirus programs or utilities to
prevent viruses and recover from them if they infect a
computer. These programs range in cost from free
(shareware) to a few hundred dollars. Antivirus
programs are developed for different operating
systems. For example, Norton Antivirus for Windows
95/98 and NT workstations, Norton Antivirus for
Macintosh, etc.
Firewall
• A firewall can include hardware and software
combinations that act as a barrier between an
organization's information and the outside world. It
protects private information on server or network from
unauthorized access. All messages entering or leaving
the network pass through the firewall, which examines
each message and blocks those that do not meet the
specified security criteria.
Components of the Firewall System
A typical firewall is composed of one or more of
the following building blocks:
· Packet-filtering router
· Application-level gateway (or proxy server)
· Circuit-level gateway
Packet-Filtering Routers
To prevent each computer on a network from accessing
arbitrary computers or services, many sites use a
technique known as packet filtering. A packet filter is a
program that operates in a router. The packet filter
operates by examining fields in the header of each
packet. A manager must configure the packet filter to
specify which packets are permitted to pass through the
router and which should be blocked. The router
examines each packet to determine whether it matches
one of its packet-filtering rules.
Benefits of Packet-Filtering Routers
• The majority of Internet firewall systems are deployed
using only a packet-filtering router. Other than the time
spent planning the filters and configuring the router, there
is little or no cost for implementing packet filtering since
the feature is included as part of standard router software
releases.
• A packet-filtering router is generally transparent to users
and applications,
so it does not require user training or that specific software
be installed on each host.
Problems with packet filtering:
There are certain types of attacks that are difficult to identify using basic
packet header information. Examples include:
• Source IP Address Spoofing Attacks
For this type of attack, the intruder sends messages to a computer with
an IP address indicating that the message is coming from a trusted port.
• Source Routing Attacks.
In a source routing attack, the source station specifies the route that a
packet should take as it crosses the Internet. This type of attack is
designed to bypass security measures and cause the packet to follow an
unexpected path to its destination.
Application-Level Gateways
• Allows the network administrator to implement a much stricter
security policy than with a packet-filtering router.
• Special-purpose code (a proxy service) is installed on the gateway for
each desired application.
• If the network administrator does not install the proxy code for a
particular application, the service is not supported and cannot be
forwarded across the firewall.
• The proxy code can be configured to support only those specific
features of an application that the network administrator considers
acceptable while denying all other features.
Circuit-Level Gateways
A circuit-level gateway is a specialized function
that can be performed by an application-level
gateway. A circuit-level gateway simply relays
TCP connections without performing any
additional packet processing or filtering.
Summary
• Each organization must assess the value of information and then define
a security policy that specifies the items to be protected.
• A set of mechanisms has been created to provide various aspects of
security. Although most system uses a password scheme for protection,
simple passwords do not work well in a network environment. To keep
information private in an Internet environment, two computers can use
encryption. Use antivirus programs or utilities to prevent viruses and
recover from them if they infect a computer. Audit trails are useful
both for maintaining security and for recovering lost transactions.
•
Firewall is the first line of defense in protecting private information. A
firewall can be constructed using one or more of these techniques:
packet filter router, application-level gateway and circuit-level
gateway.