NETWORK BASED SECURITY INFORMATION SYSTEM

CHAPTER ONE

INTRODUCTION


1.1    Introduction

Security on the Internet and on Local Area Networks is now at the forefront of computer network related issues.  The  evolution  of  networking  and  the  Internet,  the  threats   to   information   and   networks   have   risen   dramatically.   Many   of   these   threats   have   become   cleverly    exercised    attacks    causing    damage    or    committing   theft.   The   Internet   continues   to   grow   exponentially.  As  personal,  government  and  business-critical  applications  become  more  prevalent  on  the  Internet, there are many immediate benefits. However, these network-based applications and services can pose security   risks   to   individuals   as   well   as   to   the   information  resources  of  companies  and  government.  In  many  cases,  the  rush  to  get  connected  comes  at  the  expense  of  adequate  network  security.  Information  is  an asset that must be protected.  Without  adequate  protection  or  network  security,  many  individuals,  businesses,  and  governments  are  at  risk   of   losing   that   asset.   Network   security   is   the   process   by   which   digital   information   assets   are   protected,    the    goals    of    security    are    to    protect    confidentiality,     maintain     integrity,     and     assure     availability.  With  this  in  mind,  it  is  imperative  that  all  networks  be  protected  from  threats  and  vulnerabilities  in  order  fora  business  to  achieve  its  fullest  potential.  Typically,    these    threats    are    persistent    due    to    vulnerabilities,  which  can  arise  from  mis-configured  hardware  or  software,  poor  network  design,  inherent  technology  weaknesses,  or  end-user  carelessness.  A  router is similar to many computers in that it has many services enabled by default. Many of these services are unnecessary   and   may   be   used   by   an   attacker   for   information    gathering    or    for    exploitation.    All  unnecessary  services  should  be  disabled  in  the  router  configuration  to  prevent  the  attacker  from  using  it  to  damage   the   network   or   to   stealing   the   important   information,  or  network  devices  configuration.  In  this  project  a  review  of  attacks  on  routers,  and  how  can  prevent, or mitigating it will be described. Routers and firewall  are  very  critical  parts  of  network  operations  and    network    security.    Careful    management    and    diligent  audit  of  router  and  firewall  operations,  can  reduce  network  downtime,  improve  security,  prevent  the  attacks  and  hackers,  network  threats  decrease,  and  aid in the analysis of suspected security breaches.


1.2Background of the Study

Security  has  one  purpose,  to  protect  assets.  With  the  advent  of  personal  computers,  LANs,  and  the  wide-open  world  of  the  Internet,  the  networks  of  today  are  more  open.  As  e-business  and  Internet  applications  continue  to  grow,  finding  the  balance  between  being  isolated  and  being  open  will  be  critical.  With  the  increased  number  of  LANs  and  personal  computers,  the Internet began to create untold numbers of security risks. Firewall devices, which are software or hardware that  enforce  an  access  control  policy  between  two  or  more networks, were introduced. This technology gave businesses   a   balance   between   security   and   simple   outbound  access  to  the  Internet,  which  was  mostly  used, for e-mail and Web surfing. Network  security  is  the  most  vital  component  in  information   security   because   it   is   responsible   for   securing  all  information  passed  through  networked  computers.   Network   security   refers   to   all   hardware    and    software    functions,    characteristics,   features,     operational     procedures,     accountability   measures,     access     controls,     administrative     and  management  policy  required  to  provide  an  acceptable  level   of   protection   for   hardware,   software,   and   information  in  a  network.  Network  security,  in  order  for  it  to  be  successful  in  preventing  information  loss,  must follow three fundamental precepts. First, a secure network   must   have   integritysuch   that   all   of   the   information   stored   therein   is   always   correct   and   protected  against  fortuitous  data  corruption  as  well  as  willful  alterations.  Next,  to  secure  a  network  there  must   be   confidentiality,   or   the   ability   to   share information on the network with only those people for whom   the   viewing   is   intended.   Finally,   network   security   requires   availabilityof   information   to   its  necessary recipients at the predetermined times without exception.  The  three  principles  that  network  security  must  adhere  to  evolved  from  years  of  practice  and  experimentation that make up network history. 

Real-world  security  includes  prevention,  detection,  and   response.   If   the   prevention   mechanisms   were  perfect, you wouldn’t need detection and response. But no prevention mechanism is perfect. Without detection and  response,  the  prevention  mechanisms  only  have  limited  value.  Detection  and  response  are  not  only  more cost effective but also more effective than piling on  more  prevention.  On  the  Internet,  this  translates  to  monitoring. In Network    Protection,there    are  fortunately  many  preventative  techniques  to  properly  secure  network  against  threats.  The  first  method  of  protection is to address the actual physical layer of the network  to  assure  that  it  is  properly  equipped.  Next, three   network   administrative   guidelines   should   be  adhered to.Additionally,   firewalls   and   encryption   should   be incorporated  into  a  network  to  heighten  its  security.  

Finally,  several  other  passwords,  variations  of  capital  and  small  letters  further  increase  the  strength  of  a  password.  Proper  authentication  is  an  integral  part  of  the administrative step in securing a network. Firewalls are yet another measure used in increasing the level of security in a network. A firewall is in essence a portal through which information enters and exits.      

On one side of the portal is the internal network that must remain secure, and on the other is the information needed  from  the  outside  world  combined  with  the  undesirable  threats  of  external  networks.  Three  of  the  major  types  of  firewalls,  listed  in  order  of  increasing  quality    and    price,    are    packet-filtering    routers,   

application-level gateways, and circuit-level gateways. Although it is not the best available firewall, a positive step in increasing network security is the use of packet-filtering  routers.  A  packet  filtering  router  allows  the network   to   determine   which   connections   can   pass   through  the  router  into  the  local  area  network  and  which  connections  will  be  denied.  The  application-level gateway is designed specifically as a firewall that authenticates  the  user  for  individual  applications.  Its  primary  function  is  to  identify  and  validate  the  user  and then provide access to specific applications such as E-Mail  or  file  browsers  depending  on  which  one  the  user   is   requesting.   Finally,   a   circuit-level   gateway   performs  all  of  the  packet-filtering  that  a  router  does  and a bit more. The primary enhancement is the use ofidentification  and  authentication  before  an  insider  can  access your in-house network.

Emerging applications like electronic commerce and secure communications over open networks have made clear the fundamental role of public key cryptography as unique security solutions. On the other hand, these solutions clearly expose the fact that the protection of private keys is a security bottleneck in these sensitive applications. This problem is further worsened in the cases where a single and unchanged private key must be kept secret for very long time (such is the case of certification authority keys, and e-cash keys).

When classified information is sent electronically from one individual to another, some form of encryption must be used to protect the information from prying eyes. Because internet technology relies on the transmission of data through the public domain, this encryption is absolutely essential to preserving the security of electronically-transmitted information. Public key encryption, which was first developed in the 1970s, has gradually come to dominate the “cryptology market” because of its innate advantages over private-key methods of encrypting data; unlike its counterpart, public key encryption does not require that individuals share a secret key.

Although public key encryption algorithms such as RSA (Rivest et al, 1977) have achieved universal acceptance in the modern cryptology arena, they remain vulnerable to many potential security threats. For example, because public key encryption involves the “receiver” providing a public key to any “senders” who wish to send him confidential information (the receiver uses a different, private key to decrypt the data), it is entirely possible for a devious individual to send an encrypted message to the receiver that appears to have been sent from someone else; after all, the public key used to encrypt this message is fully available to everyone. In other words, when constructed improperly, public encryption systems such as RSA do not intrinsically protect against false sender identification.


1.3Statement of the Problem

The Network-Based security problem includes lots of buggy and insecure applications.  Attackers can infect your system with malware and steal credentials like credit card details, passwords etc. Example of this is a malware called SilentBanker. It appends itself to your computer and stays silent. Now anytime your computer makes a web request to port 80 or 443 it monitors the request. Though port 443 is encrypted using SSL it doesn’t bother the malware. The malware injects malicious javascript to the target page to change it so whenever you type your password for authentication the password would get sent to the attacker. This malware was used to steal a lot of passwords from UK banks.

 An attacker can steal your IP address and use it to send spam messages. An attacker does this to protect himself and shift the blame to the person whose computer he uses to send the spam messages. There are organizations that provide Denial of Service as a service. That is they can attack a web page or web server for a fee you pay. They do this by bombarding either a web server or web page with a lot of requests than it can process. 

Nowadays, we see the spread of war from physical space to the cyber space. An example of this is the Stuxnet virus (2008) which the NSA and Israeli Intelligence agencies used in shutting down Iran’s nuclear power plant. What the attackers did was that they use four zero day windows exploit to infect the computer of the administrator that maintains the nuclear facility. This exploits just sits on your windows computer and only functions if you have the Siemens PCS 7 SCADA control software on your windows computer. It will wait for your to connect the Siemens controller to the network then it will affect the network. This malware in the target computers serves as logic bombs. They used this to attack the nuclear plant thereby shutting down a billion dollar project with just a malware.

Snowden (2013), an NSA whistleblower released a top secret espionage carried out by US and British Intelligence agencies in which they intercept over 80% of web traffics from sites like Facebook, Google, Twitter etc. and store this information to be used for various activities. These revelations together with the ones from whistleblowing site WikiLeaks made aware of the insecurity of the web which we depend so greatly for our daily activities.

More recently, we were made aware that some Nigerian governors use the exploits of the malware firm Hacking Team. Hacking Team is a legal malware company that creates exploit used to attack varieties of devices ranging from web servers, computers and anything you can think of. This exposes the fact that in Nigeria today there are people who poses this weaponized- cyber tools that can be used to access virtually almost all devices and steal information, plant information for the purpose of implicating the target.

Noting these problems we face in this modern era, we turn to cryptography. Cryptography is used to encrypt data so it can only be read by the person who has the secret key. So, even though an attacker breaks into our system he cannot decode our information.


1.4 Research Question

The proliferation of Wi-Fi routers makes the researchers confident that a dense enough ad hoc networks could be created, but they noted that a lack of unsecured routers would require municipalities to work with citizens to allow for the devices to be easily switched into emergency mode. The big question is whether enough citizens would really allow such access, even if security was assured.

 1.5 Purpose of Study

Many network security attack/threats today are spread over the Internet. The most common include:

Viruses, worms, and Trojan horses

Spyware and adware

Zero-day attacks, also called zero-hour attacks

Hacker attacks

Denial of service attacks

Data interception and theft

Identity theft    etc

Several business activities are faced with disruption, which helps keep employees less productive. This is where Network Based security information system comes into play. Because network based security helps protect your customers' data, it reduces the risk of legal action from data theft.

over the years versions of RSA implemented in WEP, HTTP etc has been broken. This project analysis the security of RSA in WEB, HTTP etc and also covers attacks on RSA, and at the end designing and implement a version of RSA that is intrusion tolerant.

1.7 Scope of Study

This project covers ITTC (Boneh et al, 1999), an intrusion tolerant application that uses RSA for encryption. ITTC is a projects that protects the private keys of web servers and certificate authorities by splitting server into smaller share servers so that even if the attacker penetrates a few of the servers he cannot compromise the whole system. Also, I discussed about SITAR (Sargor et al, 2001) a DARPA-funded research project that investigates the intrusion tolerance in distributed system to provide reliable services. I showed some attacks on RSA like the binding attack, common modulus attack etc. and I also analyzed security problems of some versions of RSA like the PKCS1 etc. I also showed how to design and implemented RSA correctly



Overall Rating

0

5 Star
(0)
4 Star
(0)
3 Star
(0)
2 Star
(0)
1 Star
(0)
APA

Orogun, J. (2019). NETWORK BASED SECURITY INFORMATION SYSTEM. Afribary. Retrieved from https://track.afribary.com/works/network-based-security-information-system

MLA 8th

Orogun, Jerrison "NETWORK BASED SECURITY INFORMATION SYSTEM" Afribary. Afribary, 27 Aug. 2019, https://track.afribary.com/works/network-based-security-information-system. Accessed 22 Nov. 2024.

MLA7

Orogun, Jerrison . "NETWORK BASED SECURITY INFORMATION SYSTEM". Afribary, Afribary, 27 Aug. 2019. Web. 22 Nov. 2024. < https://track.afribary.com/works/network-based-security-information-system >.

Chicago

Orogun, Jerrison . "NETWORK BASED SECURITY INFORMATION SYSTEM" Afribary (2019). Accessed November 22, 2024. https://track.afribary.com/works/network-based-security-information-system