Network security

To get a clearer picture of what network security is, it’s highly imperative to have an idea or knowledge of networking which is a requisite in order to understand the principles of network security. Networking is the combination of two or more computers for the purpose of resource sharing. Resources here include files, data, printers, electronic mails etc. It is the protection of these resources   from unauthorised users that brought the development of network security.

 

”Network security is the protection of networks and their services from unauthorized modification, destruction, or disclosure. It provides assurance the network performs its critical functions correctly and there are no harmful side effects”.

[INFOSEC-99]

 

It is a measure put in place to protect data during their transmission and also to ensure the transmitted is protected and authentic. Gaining access to the network by an unauthorised party can be classified as a threat, to understand the type of threats to security; the definition of security requirement is inevitable. Network security and data transmission addresses four requirements:

 

Confidentiality:

 This requires that the resources on the computer can only be accessed by authorised users only or by authorised parties. An example is printing, displaying, etc.

 

Integrity:

This means that the resources on the computer can only be modified by authorised parties. Which includes changing, chaging status deleting and deleting?

 

Availability: Requires that assets on the computer are made available to authorised parties on the network.

 

Authenticity: The identity of the user should be verified by the computer.

 

Security attacks on network can be classified in terms of passive and active attacks.

A passive attack gets information from the system, but doesn’t affect the resources. An active attack on the other side alters the system and the operation.

 

Passive attack:

This is an attack on the network in the nature of eavesdropping (i.e. listening to private conversation) or monitoring of transmission of data. The sender and recipient who are the authorised users of the network might not have a clue that the network is been tampered with and of this unauthorised user is to obtain information that is been transmitted. There are two types of passive attacks namely, release of message content and traffic analysis.

 

Release of message content can be described   as conversation between people over the phone, through an electronic mail message or transferred file which might contain sensitive or vital information and should be protected from an unauthorised user.

The second type of passive attack is the traffic analysis, which recognises that mechanism might be in place to protect data transmission, even if the data is captured, they might not be able to extract information from the message. Common mechanism for masking data is encryption. Even if we had this in place, an intruder might still follow the pattern of the message, to determine the location and identity of the commutating host and the observation of the frequency and the length of the message might be useful in knowing the nature of the message being sent.

To detect passive attack can be very difficult in the sense that it doesn’t involve any alteration or modification of the data in transmission. Data is sent and received without any interference or without the sender or the recipient being aware that an intruder has read the message or studied the pattern of the message. Emphasis here should be laid on prevention rather than detection and prevention is by the means of encrypting.

 

Active attack:

This involves an alteration or modification of the data in transmission. In this case the data is not only captured but also modified or altered before it is transmitted. The operation of this attack can be divided into four categories namely, masquerade, replay, modification of messages and denial of service.

 

The denial of service:

 This prevents or degrades the performance of a network or in a severe situation may cause the network to breakdown by overloading it messages. The target maybe specific for example an opponent might capture all the messages going a department within an organisation.

 

Replay:

Here the data in transmission is not only captured but also retransmitted to produce an unauthorised effect.

 

A masquerade:

 This involves some kind of impersonation in the sense that one entity pretends to be sender after which he must have captured the message from the sender, then study the pattern of sequences of the message, in order get extra privileges as the authorised entity.

 

Modification of messages: Here the message in transmission is not only captured, but also some part of the message is altered or delayed or reordered to produce an unauthorised effect.

Active attack is the opposite of passive in characteristics. Passive attacks by their nature can be difficult to detect because they do not involve any alteration of the data in transmission, but measure can be put in place to prevent their success. While on the other hand active attacks can be difficult to prevent because that will involve putting all the communication tools on physical protection. The goal here is measures to recover from the attack.

 

William Stallings, 2005, Operating systems.

 

http://www.atis.org/tg2k/_network_security.html

 

Next                                                                                                                      Back to Home