NETWORK-SECURITY-USING

advertisement
for more:- www.PPTSworld.com
A
TECHNICAL PAPER
ON
NETWORK SECURITY USING FIREWALLS
PRESENTED BY:
GUDLAVALLERU ENGINEERING COLLEGE
GUDLAVALLERU
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
INTRODUCTION:
This paper discusses the need for and the concept of network security. Some solutions to
implement network security like firewalls, back-ups etc., are discussed. It mainly
emphasizes on packet filtering firewalls, their advantages and disadvantages. It concludes
with the difficulties encountered in the implementation of network security.
Keywords: network security, threats and sources, firewalls, packet filtering.
The requirements of information security have undergone three major changes in
the last three decades. The first major change was the introduction of the computer. The
need for protecting files and information became evident. Collection of tools and
procedures designed to protect data and to control access to computing resources has the
generic name computer security. The second major change was the introduction of
distributed systems, networks, and facilities for data communication. The third change is
the current, rapid development of wireless networks and mobile communications.
Wireless security is therefore of high priority today.
Network security measures are neededto protect data during transmission and storage
to control access to networks and network nodes.
Some terminology commonly used within network security can be defined as follows:
• Data Integrity
Protection against change.
• Data Availability
Protection against disruption of services.
• Data Confidentiality
Protection against unauthorized data.
• Privacy
Refers to the ability of a sender to remain anonymous.
• Accountability
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
The clear identification of responsibility.
• Authorization
Refers to the process of awarding, monitoring.
“Taxonomy Diagram” shows the fundamental properties of network security - integrity,
protection, and security administration – as an interactive, animated Network Security
tree (Figure 2).
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
Types and Sources of Network Threats -
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
1) Denial-of-Service -The attacker's program simply makes a connection on some
service port, perhaps forging the packet's header information that says where the packet
came from, and then dropping the connection. If the host is able to answer 20 requests per
second, and the attacker is sending 50 per second, obviously the host will be unable to
service all of the attacker's requests, much less any legitimate requests.
2) Unauthorized Access - The goal of these attacks is to access some resource that your
machine should not provide the attacker.
3) Executing Commands Illicitly - An attacker might wish to make configuration
changes to a host for which he gains administrator privileges.
4) Destructive Behavior - There are two major categories(a)Data
Diddling. It is the data diddler who actually works behind the scene
manipulating all the data, which would be unaware to the actual user.
(b)Data Destruction. –It includes the destruction of data.
Solutions1) Hope you have backups This is coordinated with a
disaster recovery plan.
2) Don’t put data where it
doesn't
need
to
be
-
Information that doesn't need
to be accessible from the
outside world sometimes is.
3) Avoid systems with single points of failure -In security degree of redundancy is
good, which helps in protection of any organization.
4) Watch for a person who is in knowledge of the current operating system patches.
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
Internet Firewalls
Encryption helps to solve many security problems. However, it is not a complete
solution and is often complimented with a firewall to restrict the types of access
permitted between a company’s internal network and the rest of the Internet (i.e. a
firewall protects against unwanted Internet traffic). In order to provide some level of
separation between an organization's Intranet and the Internet, firewalls have been
employed. A firewall is a system or group of systems that enforces an access control
policy between two networks. In principle, the firewall can be thought of as a pair of
mechanisms: one, which exists to block traffic, and the other, which exists to permit
traffic.
To be effective, all network traffic either entering or leaving the organization
must pass through the firewall. In turn, the firewall implements a defined security policy
that rejects any traffic that does not adhere to the policy. Finally, the firewall is itself
constructed to be immune to security attacks. Firewalls help to define a security
perimeter; as such they can lower the cost of providing adequate security.
NEED FOR A FIREWALLProbably the most important thing to recognize about a firewall is that it is designed
to prevent unauthorized access to or from a private network connected to the Internet,
especially intranets. They can be implemented in both hardware and software, or a
combination of both. They sit between two or more networks and mediate traffic.
General-purpose computer used to control access between the internal (private) network
(Intranet) and the Internet (or any other untrusted network).
Types of Firewalls
1) Application Gateways -Also known as proxy gateways, application proxy or
application-level proxy, it is an application program that runs on a firewall system
between two networks. These are made up of bastion hosts that run special software to
act as a proxy server.
2) Packet Filtering -Packet filtering is a technique whereby routers have ACLs (Access
Control Lists) turned on. By default, a router will pass all traffic sent it, and will do so
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
without any sort of restrictions. Employing ACLs is a method for enforcing your security
policy with regard to what sorts of access you allow the outside world to have to your
internal network, and vice versa. There is less overhead in packet filtering than with an
application gateway, because the feature of access control is performed at a lower
ISO/OSI layer (typically, the transport or session layer). Due to the lower overhead and
the fact that packet filtering is done with routers, which are specialized computers
optimized for tasks related to networking, a packet filtering gateway is often much faster
than its application layer cousins. Figure 6 shows a packet-filtering gateway.
Packet filtering is a network security mechanism that works by controlling what
data can flow to and from a network. To transfer information across a network, the
information has to be broken up into small pieces of data called as packets, each of which
is sent separately. Packets traversing an Internet work (a network of networks) travel
from router to router until they reach their destination.
A router has to make a routing decision about each packet it receives; it has to
decide how to send that packet on towards its ultimate destination. In general, a packet
carries no information. The packet tells the router where it wants to go, but not how to get
there. Routers communicate with each other using "routing protocols" such as the
Routing Information Protocol (RIP) to build routing tables in memory to determine how
to get the packets to their destinations. When routing a packet, a router compares the
packet's destination address to entries in the routing table and sends the packet onward as
directed by the routing table.
A packet filtering firewall filter inspection takes place at the network or transportation
layers, and they are application independent. It is the least secure form of firewall, as
they do not take account of the communication performed by different applications.
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
Packet filtering is based on:
The address of the source and destination data.
The session and application protocols being used to transfer the data.
NEED FOR PACKET FILTERING
The main advantage of packet filtering is leverage: it allows you to provide, in a single
place, particular protections for an entire network. Routers also present a useful
chokepoint all of the traffic entering or leaving a network. Only filtering routers can
provide certain protections.
Protocols Are Usually Bi-directional-Protocols is usually bi-directional; they almost
always involve one side sending an inquiry or a command, and the other side sending a
response of some kind.
What Does a Packet look like?
A packet has two parts: the header and the body. The header contains protocol
information relevant to that layer, while the body contains the data for that layer which
often consists of a whole packet from the next layer in the stack. Each layer treats the
information it gets from the layer above it as data, and applies its own header to this data.
At each layer, the packet contains all of the information passed from the higher layer;
nothing is lost. This process of preserving the data while attaching a new header is known
as encapsulation.
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
Filtering by Address
The simplest, although not the most common, form of packet filtering is filtering by
address. Filtering in this way lets you restrict the flow of packets based on the source
and/or destination addresses of the packets, without having to consider what protocols are
involved. Such filtering can be used to allow certain external hosts to talk to certain
internal hosts, for example or to prevent an attacker from injecting forged packets
(packets handcrafted) so they appear to come from somewhere other than their true
source into your network.
Risks of Filtering by Source Address
It's not necessarily safe to trust source addresses because source addresses can be forged.
Unless you use some kind of cryptographic authentication between you and the host you
want to talk to, you won't know if you're really talking to that host, or to some other
machine that is pretending to be that host. The filters we've discussed above will help you
if an external host is claiming to be an internal host, but they won't do anything about an
external host claiming to be a different external host. There are two kinds of attacks that
rely on forgery: source address and man in the middle.
In a basic source address forgery attack, an attacker sends you packets that claim to be
from some trusted person, hoping that you would take some action without expecting to
get any packets from you. In fact, your responses will go to whoever the attacker is
pretending to be, not to the attacker. There are plenty of attacks that can be carried out
without the attacker needing to see the results directly. For example, suppose an attacker
issues a command to your system that causes it to email your password file to him; if
your system is going to send the attacker the password file in the mail, there is no need
for him to see it during the attack itself.
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
In many circumstances - particularly those involving TCP connections - the real machine
(that the attacker is pretending to be) will react to your packets by trying to reset the
bogus connection. Obviously, the attacker doesn't want this to happen. He has to ensure
the attack completes before the real machine gets the packets you're sending, or before
you get the reset packets from the real machine. There are a number of ways to ensure
this - for example:
1) Carrying out the attack while the real machine is down
2) Crashing the real machine so the attack can be carried out
3) Flooding the real machine while the attack is carried out
4) Confusing the routing between the real machine and the target
5) Using an attack where only the first response packet is required, so that the reset
doesn't matter.
Filtering by Service
Blocking incoming forged packets, as discussed previously, is just about the only
common use of filtering solely by address. Most other uses of packet filtering involve
filtering by service, which is somewhat more complicated. We're going to take a detailed
look at Telnet. Telnet allows a user to log in to another system, as if the user had a
terminal directly connected to that system.
Outbound Telnet Service-In outbound Telnet service, in which a local client (a user) is
talking to a remote server for handling both outgoing and incoming packets.
Inbound Telnet Service-In this a remote client (a remote user) communicates with a
local Telnet server.
Advantages of Packet Filtering
1) One screening router can help protect an entire network you gain tremendous
leverage on network security
2) Packet filtering doesn't require user knowledge or cooperation , custom software or
configuration of client machines, nor does it require any special training or procedures for
users.
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
3) Packet filtering is widely available in many routers hardware and software routing
products, both commercial and freely available over the Internet
Disadvantages of Packet Filtering1) Current filtering tools are not perfect-Despite the widespread availability of packet
filtering in various hardware and software packages, packet filtering is still not a perfect
tool.
2) The packet filtering rules tend to be hard to configure. Although there is a range of
difficulty, it mostly runs from slightly mind-twisting to brain-numbingly impossible.
3) Once configured, the packet filtering rules tend to be hard to test.
4) The packet filtering capabilities of many of the products are incomplete, making
implementation of certain types of highly desirable filters difficult or impossible.
CONCLUSIONSNetwork security implies restrictions such as
network traffic filtering with firewall
technology, defence against distribution of malicious programs like virus
prevention.
Security is a very difficult topic. Everyone has a different idea of what ``security'' is, and
what levels of risk are acceptable. The key for building a secure network is to define what
security means to your organization. It's important to build systems and networks in such
a way that the user is not constantly reminded of the security system around him. Users
who find security policies and systems too restrictive will find ways around them. It's
important to get their feedback to understand what can be improved, and it's important to
let them know why what have been done has been, the sorts of risks that are deemed
unacceptable, and what has been done to minimize the organization's exposure to them.
Security is everybody's business, and only with everyone's cooperation, an intelligent
policy, and consistent practices, will it be achievable.
for more:- www.PPTSworld.com
for more:- www.PPTSworld.com
REFERENCES:
.NET Messenger Service (2002). Free Instant Messaging service. Retrieved November
29, 2002 from the World Wide Web
http://messenger.microsoft.com/default.asp?mkt=en-us
Bluetooth. (2001). the Official Bluetooth Wireless Info Site. Retrieved November 29,
2002 from the World Wide
http://www.bluetooth.com/
for more:- www.PPTSworld.com
Download