After completing this unit, you will be able to:
· Understand Network Security.
· Understand Security Measures against Network Attacks.
· Appreciate the Need for a Firewall.
· Understand the Encryption Methods used as Security Measures.
A.2 Network Security
A.3 Classification of Networks
A.6 Self Assessment Questions
data has become the most vital issue today. The network designs are
prepared in such a way that intrusions and data loss is avoided.
Generally speaking, Network Security is broadly classified into the two
broad areas of Computer Security and Information Security.
A.2 NETWORK SECURITY
group of computers form a network and is invariably subjected to
attacks originating from any terminal on that network. The network
security is enforced by extending well known security approaches adopted
for protection of non-networked systems as well as network-specific
mechanisms. Enforcing various security check points has a definite
effect on the usefulness of the network; rather one can have a design
which ensures the optimum use of the network with maximum benefits of
the network to the organization.
Security of information in transit across the network
information on a network can reside in two forms. It can reside on a
physical storage media or memory or it can reside in transit across the
physical network in the form of packets. The problem of security is
largely due to unethical practices by intruders to observe (capture)
packets travelling across the network, or an ability to introduce
spurious packets on a network. This can be restricted to some extent by
enforcing certain encryption techniques to handle critical pieces of
Nature of Attacks
The attacks on a system’s security can be mainly attributed to the following reasons:
1. To obtain unauthorized access to private, or secret information stored on the system.
2. To use the system as a start point for attacks on other systems, data servers or key servers on network.
Denial-of-service attacks attempt to use up system resources to
inconvenience the users. A classic example is to send vast megabytes of
electronic mail to a target host in an attempt to exhaust its disk
4. A variation of the denial-of-service attack is where
an intruder actually attempts to cause damage to the system; for
example, by removing important files, changing configurations, etc.
5. To insert spurious packets on a network.
information becomes the top most priority and the network administrator
is majorly concerned with preventing the theft, destruction, corruption
and introduction of information that can cause irreparable damage to
sensitive and confidential data on a network.
Look at some of the common methods of attack on your network:
1. Network packet sniffers.
2. IP spoofing.
3. Password attacks.
4. Distribution of sensitive, internal information to external sources.
5. Man-in-the-middle attacks.
We shall now look at these in detail:
1. Network Packet Sniffers
networked computers communicate serially (one piece of information is
sent after another), large data is broken into smaller data packets.
Several network applications distribute network packets in clear text
----that is, the information sent across the network is not encrypted.
(Encryption is the transformation, or degeneration, of a message into an
unreadable format by using a mathematical algorithm.) Because the
network packets are not encrypted, they can be processed and understood
by any application that can pick them up off the network and process
A network protocol specifies how packets are identified
and labeled, which enables a computer to determine whether a packet is
intended for it or not. Because the specifications for network
protocols, such as TCPI1P, are widely published, a third party can
easily interpret the network packets and develop a packet sniffer. A packet sniffer is
a software application that uses a network adapter card when it sends
all packets received on the physical network wire to an application for
processing and captures all network packets that are sent across a
local-area network. As several network applications distribute network
packets in clear text, a packet sniffer can provide its user with
meaningful and often sensitive information, such as user account names
and passwords. If you use networked databases, a packet sniffer can
provide an attacker with information that is queried from the database.
One serious problem with acquiring user account names and passwords is
that users often reuse their login names and passwords across multiple
In addition, many network administrators use
packet sniffers to diagnose and fix network-related problems. Because in
the course of their usual and necessary duties, these network
administrators (such as those in the Payroll Department) work during
regular employee hours, they can potentially examine sensitive
information distributed across the network. Many users employ a single
password for access to all accounts and applications. If an application
is run in client/server mode and authentication information is sent
across the network in clear text, this same authentication information
can probably be used to gain access to other corporate resources.
Because attackers know and use human characteristics (attack methods
known collectively as social engineering attacks), such as using a
single password for multiple accounts, they are often successful in
gaining access to sensitive information.
2. IP Spoofing
IP spoofing, attack occurs when an attacker outside your network
pretends to be a part of your network or legal terminal. This is
facilitated either by using an IP address that is within the range of IP
addresses for your network, or by using an authorized external IP
address that you trust and to which you want to provide access to
specified resources on your network.
Normally, an IP spoofing
attack is limited to the injection of data or commands into an existing
stream of data passed between a client and server application or a
peer-to-peer network connection. To enable bi-directional communication,
the attacker must change all routing tables to point to the spoofed IP
However, if an attacker manages to change the routing
tables to point to the spoofed IP address, he can receive all the
network packets that are addressed to the spoofed address and can reply
just as any trusted user on a network can.
Like packet sniffers, IP spoofing attacks are not restricted to people who are external to the network.
3. Password Attacks
attacks can be implemented using several methods, including brute-force
attacks, Trojan horse programs, IP spoofing, and packet sniffers.
Although packet sniffers and IP spoofing can yield user accounts and
passwords, password attacks usually refer to repeated attempts to
identify a user account and/or password; these repeated attempts are
called brute-force attacks.
Often, a brute-force attack is
performed using a dictionary program that runs across the network and
attempts to log into a shared resource, such as a server. When an
attacker successfully gains access to a resource, that person has the
same rights as the user whose account has been compromised to gain
access to that resource. If this account has sufficient privileges, the
attacker can create a back door for future access, without concern for
any status and password changes to the compromised user account.
4. Distribution of Sensitive Information
the distribution of sensitive information is the critical issue of a
network security policy. Although such an attack may not be obvious, the
majority of computer break-ins that organizations suffer, are usually
at the hands of disgruntled present or former employees. At the core of
these security breaches is the distribution of sensitive information to
competitors or others who will use it to the organization’s
disadvantage. An outside intruder can use password andIP
spoofing attacks to copy information, and an internal user can easily
place sensitive information on an external computer or share a drive on
the network with other users.
For example, an internal user could place a file on an external FTP
server without ever leaving his or her desk. The user could also e-mail
an attachment that contains sensitive information to an external user.
5. Man-in-the-Middle Attacks
man-in-the-middle attack requires that the attacker has access to
network packets that come across the networks. An example of such a
configuration could be someone who is working for your Internet Service
Provider (ISP), who can gain access to all network packets transferred
between your network and any other network. Such attacks are often
implemented using network packet sniffers, routing and transport
protocols. The possible uses of such attacks are theft of information,
hijacking of an ongoing session to gain access to your internal network
resources, traffic analysis to derive information about your network and
its users, corruption of transmitted data, and introduction of new
information into network sessions, etc.
Protecting Your Network: Maintaining Internal Network System Integrity
considering what to protect within your network, you are concerned with
maintaining the integrity of the physical network, your network
software and network resources. This integrity involves the verifiable
identity of computers and users, proper operation of the services that
your network provides and optimal network performance; all these
concerns are important in maintaining a productive network environment.
1. Network Packet Sniffers
mentioned earlier, network packet sniffers can yield critical system
information, such as user account and/or passwords. When an attacker
obtains the correct account information, he or she has the run of your
network. In a worst-case scenario, an attacker gains access to a
system-level user account, which the attacker uses to create a new
account that can be used at any time as a back door to get into network
and its resources. The attacker can modify system-critical files, such
as the password for the system administrator account, the list of
services and permissions on file servers and other servers.
sniffers provide information about the topology of your network that
many attackers find useful to steal the information. This information,
such as what computers run which services, how many computers are in a
network, which computers have access to others, and so on, can be
collected from the information contained within the packets that are
distributed across your network.
In addition, a network packet
sniffer can be modified to interject new information or change existing
information in a packet. By doing so, the attacker can cause network
connections to shut down prematurely, as well as change critical
information within the packet. Imagine what could happen if an attacker
modified the information being transmitted to your accounting system.
The effects of such attacks can be difficult to detect and at the same
time would be very costly to rectify.
2. IP Spoofing
spoofing can yield access to user accounts and passwords, and it can
also be used in other ways. For example, an attacker can emulate one of
your internal users in ways that prove embarrassing for your
organization; the attacker could send e-mail messages to business
partners that appear to have originated from someone within your
organization. Such attacks are easier when an attacker has a user
account and password, but they are possible by combining simple spoofing
attacks with knowledge of messaging protocols. For example, Telnet
directly to the SMTP port on a system allows the attacker to insert
bogus sender information.
3. Password Attacks
as with packet sniffers and IP spoofing attacks, a brute-force password
attack can provide access to accounts that can be used to modify
critical network files and services. An example that compromises your
network’s integrity is an attacker modifying the routing tables of a
network. By doing so, the attacker ensures that all network packets are
routed to him or her before they are transmitted to their final
destination. In such a case, an attacker can monitor all network
traffic, effectively becoming a man in the middle.
4. Application Layer Attacks
layer attacks can be implemented using several different methods. One
of the most common methods is exploiting well-known weaknesses in
software commonly found on servers, such as send mail, PostScript and
FTP. By exploiting these weaknesses, attackers can gain access to a
computer with the permissions of the account running the application,
which is usually a privileged system-level account.
attacks are implemented using bogus programs that an attacker
substitutes for common programs. These programs may provide all the
functionality that the normal application or service provides, but they
also include other features that are known to the attacker, such as
monitoring login attempts to capture user account and password
information. These programs can capture sensitive information and
distribute it back to the attacker. They can also modify application
functionality, such as applying a blind carbon copy to all e-mail
messages so that the attacker can read all of your organization’s
One of the oldest forms of application layer attacks is a
Trojan horse program that displays a screen, banner or prompt that the
user believes is the valid login sequence. The program then captures the
information that the user types in and stores or e-mails it to the
attacker. Secondly, the program either forwards the information to the
normal login process or simply sends an expected error to the user,
exits and starts the normal login sequence. The user, believing that he
or she has incorrectly entered the password (a common mistake
experienced by everyone), retypes the information and is allowed access.
of the newest forms of application layer attacks exploits the openness
of several new technologies: the HyperText Markup Language (HTML)
specification, web browser functionality and HTTP. These attacks, which
include Java applets and ActiveX controls, involve passing harmful
programs across the network and loading them through a user’s browser.
However, attackers have already discovered how to utilize properly
signed and bug-free Active X controls to make them act as Trojan horses.
This technique uses VBScript to direct the controls to perform the
irrelevant work, such as overwriting files and executing other malicious
These new forms of attack are different in two respects:
are initiated not by the attacker, but by the user, who selects the
HTML page that contains the harmful applet or script stored using the ,or