Network Security Issues and Concept of Firewalls

2012

OUTLINE

o Introduction.

o Network security Issues.

o Network security methods.

o Concept of firewalls.

Sarvjeet Singh Sohal M.Tech. (ECE)

Page 1

Network Security Issues and Concept of Firewalls

2012

INTRODUCTION Access to internet is a great source of information and fast transaction, which is necessary for the steep competition faced in modern industrial era. With the advancement of Internet and Internet related services, the network security becomes more and more significant as people spend more and more time stay connected. This leads to: 1. Increasing online transactions. 2. Personal and sensitive information is shared over the network. Therefore Network Security can be defined as: Protection of network and related resources from misuse or unauthorized use and also providing its monitoring and measure of its effectiveness. Or we can say that a network is secure if its resources are used and accessed intentionally under any circumstances. Here we have to protect misuse of: a. Our data. (Information we keep on computers like product design, financial records, personnel data) b. Our resources. (Unauthorized use of computer time & space) c. Our reputation. (Misrepresentation, forgery, negative publicity) The misuse of network can be categorised as intentional and accidental. The accidental misuse is much easier to handle or if we able to deal with intentional misuse of the network accidental misuse is automatically eliminated. Although it is not possible to fully eliminate the intentional misuse of network and its resources. The intentional misuse of resources is called attacks. Data, resources and reputation are protected against: a. Unauthorized reading of data. (information theft) b. Unauthorized modification and destruction of data.(intrusion)

Sarvjeet Singh Sohal M.Tech. (ECE)

Page 2

Network Security Issues and Concept of Firewalls

2012

c. Denial of service. (Preventing legitimate use of systems in network). The denial of service attack does not involve gaining information or stealing data or resources, instead disabling legitimate use of systems or facility.

The following are some commonly known attacks to which a secure network has to deal with. Data diddling Spoofing Eavesdropping SYN Attack Smurf attack Teardrop attack Email related - Virus, Trojan, Worm

Attacks are further classified into two categories: 1. Passive attacks. Attack in which intruder only steals or copy the sensitive data. The attributes of passive attacks are as follows: Interception: attacks confidentiality such as eavesdropping, man-in-the-middle attacks. Traffic Analysis: attacks confidentiality, or anonymity. It can include trace back on a network, CRT radiation. 2. Active attacks. Attack in which intruder not only steal data but also modify it or destroy it. The attributes of active attacks are as follows, Interruption: attacks availability such as denial-of-service attacks. Modification: attacks integrity. Fabrication: attacks authenticity.

Sarvjeet Singh Sohal M.Tech. (ECE)

Page 3

Network Security Issues and Concept of Firewalls

2012

NETWORK SECURITY ISSUES To implement network security successfully, the following important network security issues are keep in view.

1. Authentication: Authentication is the process of verifying identity of user. Authentication deals with determining whom we are talking to before revealing sensitive information or entering into a business deal. 2. Integrity: Integrity means the data must arrived at the receiver exactly as sent. There must no changes during transmission either intentional (malicious) or accidental. 3. Privacy: Privacy or confidentiality, the transmitted massage must make sense only to intended user. The sensitive information must not be visible to eavesdroppers. 4. Non-repudiation: Non-repudiation means the receiver is able to prove that the received message is came from a specific sender. Assurance that any transaction that takes place can subsequently be proved to have taken place. 5. Authorization: It deals with assigning access rights to users.

Sarvjeet Singh Sohal M.Tech. (ECE)

Page 4

Network Security Issues and Concept of Firewalls

2012

NETWORK SECURITY METHODS Keeping in view the previously discussed issues the most commonly used network security methods are: 1. Cryptography. 2. Intrusion detection system.(IDS) 3. Firewalls.

Cryptography: Cryptography is most commonly used tool for securing information and services. Cryptography relies on ciphers, which is nothing but mathematical functions used for encryption and decryption of a message.

Figure (a) the encryption model The messages to be encrypted, known as the plaintext, are transformed by a function that is parameterized by a key. The output of the encryption process, known as the ciphertext, is then transmitted, often by messenger or radio. We assume that the enemy, or intruder, hears and accurately copies down the complete ciphertext. However, unlike the intended recipient, he does not know what the decryption key is and so cannot decrypt the ciphertext easily.

Sarvjeet Singh Sohal M.Tech. (ECE)

Page 5

Network Security Issues and Concept of Firewalls

2012

Sometimes the intruder can not only listen to the communication channel (passive intruder) but can also record messages and play them back later, inject his own messages, or modify legitimate messages before they get to the receiver (active intruder). The art of breaking ciphers, known as cryptanalysis, and the art of resisting them from breaking ciphers (cryptography) is collectively known as cryptology. The cryptography includes Encryption/Decryption and Digital signature. Encryption/Decryption provides privacy and Digital signature provides integrity, authentication and non-repudiation also. There are two categories of Encryption/Decryption methods: the secret key method and the public key method. In secret key encryption/decryption same key is used by sender and receiver to encrypt/decrypt data with their corresponding encryption/decryption algorithms. In public key encryption/decryption method there are two keys: a private key and a public key the private key is retained by the receiver and public key is announced to the public. If any sender wants to send data, sender use public key to encrypt the data. When the data is received by receiver, the receiver use private key to decrypt the data. Digital signature is also implemented using public key encryption/decryption. The sender use private key to sign the whole document. And the receiver decrypt the message using public key, verifies the sign on the document.

Sarvjeet Singh Sohal M.Tech. (ECE)

Page 6

Network Security Issues and Concept of Firewalls

2012

Intrusion detection system (IDS): Intrusion detection is process of monitoring events occurring on computer system or network. Signs of violation of computer security policies, acceptable use policies, or standard security practices are analyzed. Intrusion prevention is process of detecting signs of intrusion and attempt to stop the intrusion. Collectively it is known as intrusion detection and prevention system (IDPS. Types of intruders: Masquerades: they are typically outsiders from the trusted users and are not authorized to use the computer systems. These intruders are penetrating the system protection using legitimate user accounts. Misfeasors: these are insiders and legitimate users who access recourses that are not authorized to use or they may be authorized but they misuse privileges. Clandestine users: they can be both insiders and outsiders and gain supervisory access to system.

Sarvjeet Singh Sohal M.Tech. (ECE)

Page 7

Network Security Issues and Concept of Firewalls

2012

Firewalls: A firewall is a single point of defence between two networks. Firewall is a component or set of components acts as barrier between trusted and untrusted network. It limits the network access between two security domains. A firewall can be a router that uses to filter packets or a complex multi computer, multi routing solution that performs packet filtering along with application level proxy services. In network security essentially, a firewall is a router or group of routers and computers to enforce access control between two networks. A firewalled network shown in figure below:

It constitutes of: a. Internal network (intranet or trusted network): every one inside this network is assumed to be trustable or good guy. b. External network (internet or untrusted network): intruders or bad guys are lies in this network.
Sarvjeet Singh Sohal M.Tech. (ECE)

Page 8

Network Security Issues and Concept of Firewalls

2012

c. DMZ (Demilitarized Zone): separation between internal and external network. The fire walls are placed between the internet and DMZ and DMZ and the internal network. The necessary servers are placed in the DMZ; the DMA is semi secure zone. The connections are allowed from internet to DMZ computers and from intranet computers to internet, but are not allowed from internet or DMZ to intranet. The communication between intranet and DMZ may exist but in controlled manner. Types of firewalls: 1. 2. 3. 4. Packet filters. Circuit level Firewalls Application layer firewalls. Dynamic packet filters.

Packet Filters: A firewall operates on two mechanisms: allow rules, which permits traffic and deny rules, which blocks traffic. Each IP network packet is examined to see if it matches to one of the set of rules. The packet filter deny a packet if it matches with deny rules and allow if the packet is matches with allow rules. They do not understand application layer protocols. They kept in TCP/IP kernel and applied to any packet. Circuit level filtering: They are similar to packet filtering firewalls but they operate in transport and session layer. The biggest difference between packet filters and circuit level firewalls is that circuit level fire wall validates TCP and UDP sessions before opening a connection or circuit through firewall. When a session is established the firewall maintains a table of valid connections and lets the data pass through when session matches any of the table entry. Now the table entry is removed and the circuit is closed. Application layer filters: An application layer firewalls are third generation firewall technology that evaluate valid data at application layer before allowing a connection. They use special purpose programs called proxy services to manage data transfer through firewall for a specific service such as ftp or http. The proxy services sit transparently between the user and real server and handles and inspects
Sarvjeet Singh Sohal M.Tech. (ECE) Page 9

Network Security Issues and Concept of Firewalls

2012

communication between them. The proxy services have two components: proxy server and proxy client. When real server wants to communicated to external device in the internet, the request is directed to proxy server. Then the proxy server evaluates it and decide to allow or deny, depending upon set of rules. Proxy servers also perform auditing, user authentication and caching which were not performed in packet filters. Once the packet from real client is allowed by proxy server, the packet is forwarded to proxy client who contacts the actual server providing the service. The proxy service is transparent to a user who believes he/she communicate directly with the service in internet. Dynamic packet filters: They are fourth generation firewalls that allow modification of security rules on fly. This fire wall associates all UDP packets that cross form internal network to external network or vice-versa, with a virtual connection. If response packet is generated and sent back to original requester, then the virtual connection is established and the packet is allow to pass the firewall. The information corresponding to virtual connection is remembered for small unit of time. If no response is received within time the connection is invalidated and no packet is transferred.

Sarvjeet Singh Sohal M.Tech. (ECE)

Page 10

Network Security Issues and Concept of Firewalls

2012

REFERANCES

1. Chapter No. 8, Network Security, Computer Networks Fifth Edition by Andrew S. Tanenbaum, PHI 2. Chapter No. 27, Network Security, Data Communication And Networking Second Edition By Behrouz A. Forouzan, TMH 3. neptel.iitm.ac.in 4. Wikipedia.

Sarvjeet Singh Sohal M.Tech. (ECE)

Page 11