NETWORK SECURITY PROJECT A1
Network Security Principles1
Network Security protocols and associated technologies2
Why a secure network is necessary?4
Selection of the networking devices for the prototype4
A Comparison of Network Security protocols4
Importance of Network Security4
Network Security Principles
Confidentiality, integrity and availability are the three network principles which are considered to be the most crucial components of security.
Confidentiality is essentially a set of rules that are used to limit the amount of information that someone has access to. This policy is designed to stop sensitive information for reaching the wrong people whilst making sure that it reaches the correct people, in order to do this access to the information is restricted to those who are authorized to view the information.
Network Security protocols and associated technologies
MD5 is a hashing function that produces a 128-bit hash value. This function was designed to be a cryptographic hash function, but it has been known to be susceptible to extensive vulnerabilities. It is still used as a checksum to verify data integrity.
SSL is a standard security protocol that is used for establishing encrypted links between web servers and browsers through online communication. SSL ensures that any data that is transmitted between a web server and browser remain encrypted.
A VPN is used to extend a private network across a public network which enables uses to send and receive data from either shared and public networks which acts like their devices are directly connected to the private network.
AES is a symmetric block cipher which is implemented in both hardware and software to encrypt sensitive data. AES was also implemented into restricted environments and was able to offer good protection against various attacks.
SHA-1 is a cryptographic hashing function which takes an input and produces a 160-bit has value. It uses 80 rounds of cryptographic operations in order to encrypt and secure data. SHA-1 is deemed unsecure and has since been replaced by SHA-2 and 3.
SHA-2 is also a set of cryptographic hashing functions. SHA-2 has many differences to SHA-1 such as the fact that it contains 6 hash functions whereas SHA-1 contains 1. SHA-2 is also implemented in many security applications and protocols like TLS and SSL for example.
RSA was one of the first public-key cryptosystems. This is an asymmetric encryption method uses two keys one of which is public, and the other is private. The user creates a public key by multiplying two large prime numbers together and an auxiliary value. Anyone can use the public key to encrypt a message but only the person with the private key can decrypt the message.
DES is a symmetric key algorithm that was used for encryption purposes. DES uses the same key for both encryption and decryption. DES groups plain text into 64-bit blocks in order to encrypt it by enciphering each block using the secret key into 64-bit cipher text.
3DES works the same way as DES but is more secure as it applies the DES cipher algorithm to each data block 3 times.
IPSec is a framework of open standards that was used to ensure private secure communications IP networks using cryptographic security services. IPSec is configured by creating either global or local policies that define how IP packets are authenticated, signed and encrypted.
DNS translates domain names into IP addresses so browsers can load the internet resources. The process of DNS resolution starts with converting a hostname into an IP address. Any device that is connected to the internet has an IP address which is necessary in order to find an appropriate internet device.
DHCP is a client/server protocol that is used to provide and internet protocol with an IP address and other information like subnet masks and default gateways. A router or residential gateway can be used to act as a DHCP server.
HTTP is a protocol that outlines how messages are formatted and transmitted. It also determines what actions web servers and browsers should use in response to any commands.
HTTPs is a more secure version of HTTP. Whilst doing what HTTP does it also means that any communications between a browser and website are all encrypted.
FTP is a protocol that is used for transferring files between clients and servers on a network. FTP relies on two channels which are the command channel for controlling the conversations and the data channel for transmitting the file contents.
FTPS is and extension to FTP that’s adds Support for the transport layer security. This used to add support for the secure sockets layer but that is now prohibited.
This a protocol used in the client/server which is used to receive and hold emails by the internet server. When the email box on the server is checked and emails are downloaded it is usually done using POP3.
This is an internet standard for email transmission. Electronic mail servers use SMTP to send and receive mail, other mail apps only use it for sending messages to servers to be relayed and uses either IMAP or POP3 to retrieve the messages.
IMAP is a protocol that is used by email clients for receiving mail from a server using TCP/IP connections. IMAP is supported by almost every email client and server including GMAIL, Outlook and Yahoo!
Why a secure network is necessary?
A secure network is necessary for everyone for protecting yourself from attacks. For large companies’ security is especially important for protecting themselves against industry sabotage and espionage. Some other concerns are large amounts of users downloading large amounts of data, like videos for example, on a network can cause stability problems.
For businesses having a secure network mean that they can protect client data safe from attacks as this is usually a target for hackers. Secure networks can protect computers from harmful spyware as these can cause physical harm to computers which usually has an outcome where you must buy a new computer.
Selection of the networking devices for the prototype
Every workstation and server will all contain a network interface card as this contains the components that establish and control network communications. Switches will be used for this network as they are generally more suited to large networks than hubs and contain more intelligence. Switched will determine the source and destination devices of packets. Routers are used to translate information from one network to another. Gateways are used as they can connect networks that use different protocols or data formats. Gateways are a combination of hardware and software with the built-in ability to perform protocol conversions.
A Comparison of Network Security protocols
For this section I will be comparing two of the current standards for data encryption which are 3DES and AES. AES is a newer encryption method whereas 3DES is just an adaption of the older DES. AES uses three encryption key lengths which are 128, 192 and 256 bits whereas 3DES only uses 56 bits. Since 3DES is implemented 3 times it allows you to have 2 identical and 1 discrete or three identical keys. This allows 3DES to have encryption key lengths of 168, 112 and 52 bits.
3DES only uses a block length of 64 bits whereas AES uses 128. Using AES adds additional insurance and it is harder to sniff leaked data. However, with 3DES the user would have to switch their encryption key every 32GB of data transfer in order to minimize leaks.
AES is much faster the 3DES when it comes to encrypting anything because you must repeat the encryption process 3 times. It also takes a long time to migrate from 3DES hardware to AES which can result in slower processing times.
Importance of Network Security
Over the last few years the internet has evolved significantly and as a result computer networks are becoming bigger and bigger which has made network security and important factor for any company to consider. For large enterprises like Microsoft who design and build software products network security is possibly one of the most important things that stop protect them against foreign attacks. The more you increase the networks security the more you decrease the chance of someone spoofing or stealing data from the network. The tools that are used by hackers have become so sophisticated that the super intelligence is no longer required to be able to hack into a computer. Although there are still a few people out there that have the natural ability to hack a computer most hackers do not possess a high enough programming skill, so they must resort to using programs that are on the internet.
There are so many different attacks that can be made on a network which all do different things and understanding how each of these attacks work allows a user to have the correct defences in place in case one of these attacks should happen. I am going to talk about some of the most common types of attacks and how they affect the targets.
Unstructured attacks are made by unskilled hackers which use hacking tools available on the Internet and most of the time are not aware of the environment that they are attacking. These threats should not be neglected because they can expose sensitive information to malicious attackers.
Structured attacks are made by individuals who possess advanced computing skills. Such hackers are experts in exploiting system vulnerabilities. These attackers attack by researching information about a company’s network, then these attackers can create custom hacking tools to breach the network security. Structured attacks are done by people with good programming skills and a good understanding of operating systems and networking.
Social engineering attack are another type of network attack. These attackers will take advantage of user’s credibility and can often gain important and sensitive information directly from their victims. They often call or send fraudulent emails to their victims pretending to be some other person entirely. These attacks are easy to counter as most people tend to have these types of emails filtered into the spam folder so that they do not cause any damage.
Phishing is a method that is easy to implement by hackers. Phishing is the act of attempting to acquire information such as usernames, passwords and credit card details by pretending to be a trustworthy person in an electronic communication. Sometimes entire sites can be duplicated by hackers to steal precious information from users.
There are also some kinds of attacks that require some more specialised skills in order to carry out.
Eavesdropping is probably one of the common types of attacks. A malicious user can gain critical information from listening to network traffic. Most communications are sent unencrypted so there are many cases in which traffic is susceptible to interception. The traffic can be analysed using sniffing tools to read information as it is sent into the network. Eavesdropping can be prevented by using encryption algorithms.
Denial of Service and Distributed Denial of Service attacks take advantage of network traffic to create abnormal behaviour to network services or applications. Servers are often targeted and flooded with data until you can no longer connect to them. Network equipment can be blocked and prevent normal traffic from flowing into the network. Distributed denial of service attacks is more dangerous because attacks are made from multiple sources. This type of attack is often done by gamers who want an easy win in a game. They will flood their opponents with large amounts of data so that they are disconnected from the game giving the attacker an instant win.
Password attacks are based on cracking user or equipment passwords. They are one of the most feared network attacks because once a user is compromised, the whole network can be damaged, especially if that user is a domain user or network administrator.
Dictionary attacks use patterns to guess passwords through multiple attempts. Critical information can be gained by using a compromised username. This is one of the main reason’s companies use strong passwords that have to be changed frequently.
Compromised-Key attacks work by obtaining the private key of a sender and using that key they are able decipher secured network traffic. This kind of attack is often hard to be carried if the attacker is unstructured because it requires good computing resources and skills.
Man-in-the-Middle attack is an attack is based on intercepting and modifying information between two transmitting nodes. A hacker can modify network routes to redirect traffic to its machine before it is carried out to the destination. The hacker then can see everything that goes between these two nodes if they are both connected.
IP address spoofing is where hackers use spoofed IPs to impersonate a legitimate machine. The attacker can then modify packets making them look like legitimate traffic to the receiving network device.
Application layer attacks are based on cracking applications that run on servers or workstations. These types of attacks are common because there are many different applications that run on machines and are susceptible to attacks. Hackers use viruses, Trojans and worms to infect devices and gain important information.
Exploit attacks are usually made by individuals who possess strong computing skills and can take advantage of software bugs or misconfigurations. By having enough information of a specific software, hackers can exploit a problem and use it to gain access to private data.