.:: || Security In Network || ::.

Computer Networks

Definiton

Computer Networks is a computing enviroment with more than one independent processors.

Network Resources :

• Computers


• Operating Systems


• Programs


• Process


• People

Network Architecture


Network architecture is the design of a communications network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation.

In computing, the network architecture is a characteristics of a computer network. The most prominent architecture today is evident in the framework of the Internet, which is based on the Internet Protocol Suite.

Basic Termonology

• Node


• Host


• Link


• Topology

Type of Network



Network Topology

Bus Topology


A bus network topology is a network architecture in which a set of clients are connected via a shared communications line, called a bus. There are several common instances of the bus architecture, including one in the motherboard of most computers, and those in some versions of Ethernet networks.

Bus networks are the simplest way to connect multiple clients, but may have problems when two clients want to transmit at the same time on the same bus. Thus systems which use bus network architectures normally have some scheme of collision handling or collision avoidance for communication on the bus, quite often using Carrier Sense Multiple Access or the presence of a bus master which controls access to the shared bus resource.

Star Topology


Star networks are one of the most common computer network topologies. In its simplest form, a star network consists of one central switch, hub or computer, which acts as a conduit to transmit messages. Thus, the hub and leaf nodes, and the transmission lines between them, form a graph with the topology of a star. If the central node is passive, the originating node must be able to tolerate the reception of an echo of its own transmission, delayed by the two-way transmission time (i.e. to and from the central node) plus any delay generated in the central node. An active star network has an active central node that usually has the means to prevent echo-related problems.

Ring Topology


A ring network is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node - a ring. Data travels from node to node, with each node along the way handling every packet.

Because a ring topology provides only one pathway between any two nodes, ring networks may be disrupted by the failure of a single link. A node failure or cable break might isolate every node attached to the ring. FDDI networks overcome this vulnerability by sending data on a clockwise and a counterclockwise ring: in the event of a break data is wrapped back onto the complementary ring before it reaches the end of the cable, maintaining a path to every node along the resulting "C-Ring". 802.5 networks -- also known as IBM Token Ring networks -- avoid the weakness of a ring topology altogether: they actually use a star topology at the physical layer and a Multistation Access Unit to imitate a ring at the datalink layer.

Many ring networks add a "counter-rotating ring" to form a redundant topology. Such "dual ring" networks include Spatial Reuse Protocol, Fiber Distributed Data Interface (FDDI), and Resilient Packet Ring.

Mesh Topology


Mesh networking is a type of networking where each node in the network may act as an independent router, regardless of whether it is connected to another network or not. It allows for continuous connections and reconfiguration around broken or blocked paths by “hopping” from node to node until the destination is reached. A mesh network whose nodes are all connected to each other is a fully connected network. Mesh networks differ from other networks in that the component parts can all connect to each other via multiple hops, and they generally are not mobile. Mesh networks can be seen as one type of ad hoc network.

Layer Responsibilities




Advantage Computer Network

• Resource sharing


• Increase realibility


• Distributing the workload


• Expandability

Disadvantages Computer Network

• Sharing


• Complexity


• unknown parameter


• Many point of attack


• Unknows path


• Label format diffrence

Person who cause the Security Problem:

• Hacker


• Spy


• Student


• Stockbroker


• Terrorist


• Ex-employee

Network Security Control

• Encryption


• Strong Authentication


• IPSec, VPN, SSH


• Kerberos


• Firewallt


• Intrusion Detection System (IDS)


• Intrusion Prevention System (IDS)


• Honeypot

1. Encryption

It have 2 type:

• Link to link


• End to end

Link to link

• cover layer1 and layer 2 of the OSI Model.


• decryption occursjust as the communications arrives and enters the receiving computer.

End to end

• Some assert that the end-to-end principle is one of the central design principles of the Internet and is implemented in the design of the underlying methods and protocols in the Internet Protocol Suite. It is also used in other distributed systems. The principle states that, whenever possible, communications protocol operations should be defined to occur at the end-points of a communications system, or as close as possible to the resource being controlled.

2. Strong Authentication

• Strong authentication is a notion with several unofficial definitions; is not standardized in the security literature.


• Often, strong authentication is associated with two-factor authentication or more generally multi-factor authentication. It should also be remembered, however, that "strong authentication" and "multi-factor authentication" are fundamentally different processes. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves 'something you have' or 'something you are', it would not be considered multi-factor.

3. IPSec, SSH and SSL

IPSec

• optional in IPv4


• define a standard mean for handling encrypted data


• Implemented at IP layer, so affects all layer above it, in particular TCP and UDP.


• provide authentication (AH) & encryption (ESP)

SSH

• secure remote login (encrypt data send over the network)

SSL

• Secure socket layer, encrypt data over the transport layer.


• SSL interfaces between applications (such as browsers) and the TCP/IP protocols to provide server authentication, optional client authentication, and an encrypted communications channel between client and server.

4.Kerberos

• Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner.


• Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds on symmetric key cryptography and requires a trusted third party. Extensions to Kerberos can provide for the use of public-key cryptography during certain phases of authentication.

A simplified and more detailed description of the protocol follows. The following abbreviations are used:

• AS = Authentication Server


• SS = Service Server


• TGS = Ticket-Granting Server


• TGT = Ticket-Granting Ticket

Phase 1: In messages 1 and 2, C and AS authenticate and set up short-term key and ticket granting ticket.

Phase 2: In messages 3 and 4, C and TGS authenticate and set up session keys and (session) ticket.

Phase 3: In messaged 5 and 6, C and S use session key and ticket to authenticate and set up secure session.

Phases 2 and 3 will usually be repeated many times for each execution of Phase 1.

5. Firewall

• A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer traffic between different security domains based upon a set of rules and other criteria.


• Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria

There are several types of firewall techniques:

• 1. Packet filter: Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. In addition, it is susceptible to IP spoofing.


• 2. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.


• 3. Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.


• 4. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

Show how a firewall works

6. Intrusion Prevention System

• An Intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks . When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology.

7. Intrusion Detection System

• An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees. An IDS cannot directly detect attacks within properly encrypted traffic.



• An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

8. Intrusion Prevention System

• An Intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks . When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology.