08-11-2016, 02:58 PM
1466934682-NetworkSecurity.pdf (Size: 294.83 KB / Downloads: 18)
ABSTRACT
Network security has become more important to
personal computer users, organizations, and the
military. With the advent of the internet, security
became a major concern and the history of security
allows a better understanding of the emergence of
security technology. The internet structure itself
allowed for many security threats to occur. The
architecture of the internet, when modified can
reduce the possible attacks that can be sent across
the network. Knowing the attack methods, allows
for the appropriate security to emerge. Many
businesses secure themselves from the internet by
means of firewalls and encryption mechanisms.
The businesses create an “intranet” to remain
connected to the internet but secured from
possible threats.
The entire field of network security is vast and in an
evolutionary stage. The range of study
encompasses a brief history dating back to
internet’s beginnings and the current development
in network security. In order to understand the
research being performed today, background
knowledge of the internet, its vulnerabilities, attack
methods through the internet, and security
technology is important and therefore they are
reviewed.
INTRODUCTION
The world is becoming more interconnected with
the advent of the Internet and new networking
technology. There is a large amount of personal,
commercial, military, and government information
on networking infrastructures worldwide. Network
security is becoming of great importance because of intellectual property that can be easily acquired
through the internet.
There are currently two fundamentally different
networks, data networks and synchronous network
comprised of switches. The internet is considered a
data network. Since the current data network
consists of computer‐based routers, information
can be obtained by special programs, such as
“Trojan horses,” planted in the routers. The
synchronous network that consists of switches
does not buffer data and therefore are not
threatened by attackers. That is why security is
emphasized in data networks, such as the internet,
and other networks that link to the internet.
The vast topic of network security is analyzed by
researching the following:
1. History of security in networks
2. Internet architecture and vulnerable
security aspects of the Internet
3. Types of internet attacks and security
methods
4. Security for networks with internet access
5. Current development in network security
hardware and software
Based on this research, the future of network
security is forecasted. New trends that are
emerging will also be considered to understand
where network security is heading.
1. Network Security
System and network technology is a key technology
for a wide variety of applications. Security is crucial to networks and applications. Although, network
security is a critical requirement in emerging
networks, there is a significant lack of security
methods that can be easily implemented.
There exists a “communication gap” between the
developers of security technology and developers
of networks. Network design is a well‐developed
process that is based on the Open Systems
Interface (OSI) model. The OSI model has several
advantages when designing networks. It offers
modularity, flexibility, ease‐of‐use, and
standardization of protocols. The protocols of
different layers can be easily combined to create
stacks which allow modular development. The
implementation of individual layers can be changed
later without making other adjustments, allowing
flexibility in development. In contrast to network
design, secure network design is not a well‐
developed process. There isn’t a methodology to
manage the complexity of security requirements.
Secure network design does not contain the same
advantages as network design.
When considering network security, it must be
emphasized that the whole network is secure.
Network security does not only concern the
security in the computers at each end of the
communication chain. When transmitting data the
communication channel should not be vulnerable
to attack. A possible hacker could target the
communication channel, obtain the data, decrypt it
and re‐insert a false message. Securing the network
is just as important as securing the computers and
encrypting the message.
When developing a secure network, the following
need to be considered [1]:
1. Access – authorized users are provided the
means to communicate to and from a
particular network
2. Confidentiality – Information in the network
remains private
3. Authentication – Ensure the users of the
network are who they say they are 4. Integrity – Ensure the message has not
been modified in transit
5. Non‐repudiation – Ensure the user does not
refute that he used the network
An effective network security plan is developed
with the understanding of security issues, potential
attackers, needed level of security, and factors that
make a network vulnerable to attack [1]. The steps
involved in understanding the composition of a
secure network, internet or otherwise, is followed
throughout this research endeavor.
To lessen the vulnerability of the computer to the
network there are many products available. These
tools are encryption, authentication mechanisms,
intrusion‐detection, security management and
firewalls. Businesses throughout the world are
using a combination of some of these tools.
“Intranets” are both connected to the internet and
reasonably protected from it. The internet
architecture itself leads to vulnerabilities in the
network. Understanding the security issues of the
internet greatly assists in developing new security
technologies and approaches for networks with
internet access and internet security itself.
The types of attacks through the internet need to
also be studied to be able to detect and guard
against them. Intrusion detection systems are
established based on the types of attacks most
commonly used. Network intrusions consist of
packets that are introduced to cause problems for
the following reasons:
• To consume resources uselessly
• To interfere with any system resource’s
intended function
• To gain system knowledge that can be
exploited in later attacks
The last reason for a network intrusion is most
commonly guarded against and considered by most
as the only intrusion motive. The other reasons
mentioned need to be thwarted as well.
Typical security currently exists on the computers
connected to the network. Security protocols
sometimes usually appear as part of a single layer
of the OSI network reference model. Current work
is being performed in using a layered approach to
secure network design. The layers of the security
model correspond to the OSI model layers. This
security approach leads to an effective and
efficient design which circumvents some of the
common security problems.
2. Differentiating Data Security and
Network Security
Data security is the aspect of security that allows a
client’s data to be transformed into unintelligible
data for transmission. Even if this unintelligible
data is intercepted, a key is needed to decode the
message. This method of security is effective to a
certain degree. Strong cryptography in the past can
be easily broken today. Cryptographic methods
have to continue to advance due to the
advancement of the hackers as well.
When transferring ciphertext over a network, it is
helpful to have a secure network. This will allow for
the ciphertext to be protected, so that it is less
likely for many people to even attempt to break
the code. A secure network will also prevent
someone from inserting unauthorized messages
into the network. Therefore, hard ciphers are
needed as well as attack‐hard networks
The relationship of network security and data
security to the OSI model is shown in Figure 1. It
can be seen that the cryptography occurs at the
application layer; therefore the application writers
are aware of its existence. The user can possibly
choose different methods of data security.
Network security is mostly contained within the
physical layer. Layers above the physical layer are
also used to accomplish the network security
required [2]. Authentication is performed on a
layer above the physical layer. Network security in
the physical layer requires failure detection, attack
detection mechanisms, and intelligent
countermeasure strategies [2].
HISTORY OF NETWORK SECURITY
Recent interest in security was fueled by the crime
committed by Kevin Mitnick. Kevin Mitnick
committed the largest computer‐related crime in
U.S. history [3]. The losses were eighty million
dollars in U.S. intellectual property and source code
from a variety of companies [3]. Since then,
information security came into the spotlight.
Public networks are being relied upon to deliver
financial and personal information. Due to the
evolution of information that is made available
through the internet, information security is also
required to evolve. Due to Kevin Mitnick’s offense,
companies are emphasizing security for the
intellectual property. Internet has been a driving
force for data security improvement.
Internet protocols in the past were not developed
to secure themselves. Within the TCP/IP
communication stack, security protocols are not
implemented. This leaves the internet open to
attacks. Modern developments in the internet
architecture have made communication more
secure.