Skip to main content

The Importance of Network Security


Network security affects many organisations, whether they are large, small, or government organisations. If network security is breached an intruder can do all sorts of harm. That is why people need to be aware of and to be educated about network security and how to secure their computer and network. Systems are required to be updated regularly as new security flaws are discovered. Without being up to date, it makes it easy for a hacker to gain unauthorized access to the system.

Security Focus

If you are in charge of network security in your organisation, there are a few areas of focus:
  1. Deter – To educate people and discourage people to break into systems for illegal and malicious reasons
  2. Prevent – To put in place measures to prevent unauthorised access. This can be authorising uses with special access, encrypting communication, and updating security systems
  3. Detect – To become aware of a security breaches. This could be setting up logs to record who has accessed items or used the system
  4. Correct – To implement a fix to the flaw discovered in a system. If someone has breached the security of the system, implement measures to prevent it from happening again

Security Attacks

Not only do you have to focus on security, you also have to be aware of the types of security attacks that can happen on your computer network. Before we go on to discuss about the types of security attacks, an attacker may aim to do one of the following:
  • Interruption – Interruption is an attack on availability such as a denial of service attack (or DOS). An interruption attacks’ aim is to make resources unavailable. Not to long ago, WordPress.com, a popular Blog Hosting Site was faced with a DOS attack taking down the servers so the service was unavailable to its users
  • Interception – Interception is an attack to gain unauthorised access to a system. It can be simple eavesdropping on communication such as packet sniffing or just copying of information
  • Modification – Modification is an attack that tampers with a resource. Its aim is to modify information that is being communicated with two or more parties. An example of a modification attack could be sending information that was meant to go to one party but directing it to another.
  • Fabrication – A Fabrication attack is also known as counterfeiting. It bypasses authenticity checks, and essential is mimicking or impersonating information. This sort of attack usually inserts new information, or records extra information on a file. It is mainly used to gain access to data or a service.
Keeping the above in mind, there are two main types of attacks whose aim is to compromise the security of a network – passive attack and an active attack.

Passive Attack

A passive attack can be split into two types. The first type of passive attack is to simply monitor the transmission between two parties and to capture information that is sent and received. The attacker does not intend to interrupt the service, or cause an effect, but to only read the information.The second type of attack is a traffic analysis. If information is encrypted, it will be more difficult to read the information being sent and received, but the attacker simply observers the information, and tries to make sense out of it; or to simply determine the identity and location of the two communicating parties.
A passive attack is usually harder to detect as there is little impact to the information communicated.

Active Attack

On the other hand, an active attack aim is to cause disruption, and it is usually easily recognised. Unlike a passive attack, an active attack modifies information or interrupts a service. There are four types of an active attack:
  • Masquerade – To pretend to be someone else. This could be logging in with a different user account to gain extra privileges. For example, a user of a system steals the System Administrators username and password to be able to pretend that they are them
  • Reply – To capture information to send it, or a copy it elsewhere
  • Modification – To alter the information being sent or received
  • Denial of service – To cause a disruption to the network
Even though a passive attack doesn’t sound harmful, it is just as bad as an activate attack, if not worse.

Security Services

Security services is a service that provides a system with a specific kind of protection. The X.800 OSI Security Architecture defines 6 major security service categories, that once a system satisfies these 6 categories, the system is X.800 compliant.
  • Confidentiality – Protects data from being read or accessed by unauthorised personnel
  • Authentication – Ensures that no one can impersonate someone to be legitimately authorised to access a services they should not access.
  • Integrity – Ensures data cannot be alternated and messages that are sent and received have not been read, duplicated, modified or replayed to another party.
  • Non-repudiation – Prevents the sender or receiver from denying the transmission of a sent or received message. The sender and receiver are to be able prove that they sent or did not send or received a message
  • Access control – Limits and control access to certain system applications to certain users
  • Availability – Ensures the service is only available to legitimated users and not available to users who do not have access to the application

Security Mechanism

Security mechanisms are ways to detect, prevent, or recover from a security attack. It is important for systems to have implemented as many security mechanisms as possible as required for their system.
Specific Security Mechanisms
  • Encipherment – Encrypting and decrypting communication
  • Digital signatures – An electronic signature to assure the genuineness of a digital document
  • Access controls – To only allows people with permission to access something
  • Data integrity – Ensure data is in full and unchanged
  • Authentication exchange – The exchange of communication that takes place when authorising someone
  • Traffic padding – Determining what is legitimate data and what is false data
  • Routing Control – Sending information through a specific line or path
  • Notarisation – Official documentation of procedures
Pervasive Security Mechanisms
  • Trusted functionality – How well you trust the information
  • Security labels – Label information with a particular security attribute
  • Event detection – Logging events that take place
  • Security audit trails – Checking security to ensure that measures are being followed and intrusions have not occurred
  • Security recovering – Recovering from a security issue

Network Security Model

The network security model is a model that determines how the information is sent securely over a communication line.
The components the model contains are:
  • Sender – who sends the information
  • Receiver – who receives the information
  • Communication line – the line in which the communication is sent over
  • Encryption / Decryption – to encrypt and decrypt the communication over the information channel
  • Trusted Third Party – who distributes the secrete key and information  between the two parties to be able to communicate securely
The tasks that network security model performs is to be able to have the two parties communicate with each other without any other parties being able to read and understand the information being sent. To do this, the model needs to:
  • Have a suitable algorithm to encrypt the messages (Secure Socket Layer – SSL)
  • Generate a secrete key to be used by the algorithm (SSL Provider)
  • Develop methods to distribute and share the secrete key (SSL Provider)
  • Specify a protocol to be able to transmit the information (https)

Security Management

The OSI Security Architecture defines three main areas of security management. These activities are to be preformed System Administrators.
  • System security management – The management the entire computing environment focusing on the security aspects
  • Security service management – The management of particular security services
  • Security mechanism management – The management of particular security mechanisms

Conclusion

Information and network security is an important and critical issue that all computer systems need to have implemented some sort of security control. Without having security, sensitive information can be easily gained, so it is important that we deter, prevent, detect, and correct security issues.
There are a number of security attacks that can take place, and system administrators need to implement measures to ensure security breaches do not occur.


Comments

Post a Comment

Popular posts from this blog

Black swan

A  black swan event  is an incident that occurs randomly and unexpectedly and has wide-spread ramifications. The event is usually followed with reflection and a flawed rationalization that it was inevitable. The phrase illustrates the frailty of inductive reasoning and the danger of making sweeping generalizations from limited observations. The term came from the idea that if a man saw a thousand swans and they were all white, he might logically conclude that all swans are white. The flaw in his logic is that even when the premises are true, the conclusion can still be false. In other words, just because the man has never seen a black swan, it does not mean they do not exist. As Dutch explorers discovered in 1697, black swans are simply outliers -- rare birds, unknown to Europeans until Willem de Vlamingh and his crew visited Australia. Statistician Nassim Nicholas Taleb uses the phrase black swan as a metaphor for how humans deal with unpredictable events in his 2007...
Post a Comment
Read more

A Graphics Processing Unit (GPU)

A graphics processing unit (GPU) is a computer chip that performs rapid mathematical calculations, primarily for the purpose of rendering images. A GPU may be found integrated with a central processing unit (CPU) on the same circuit, on a graphics card or in the motherboard of a personal computer or server. In the early days of computing, the CPU performed these calculations. As more graphics-intensive applications such as AutoCAD were developed; however, their demands put strain on the CPU and degraded performance. GPUs came about as a way to offload those tasks from CPUs, freeing up their processing power. NVIDIA, AMD, Intel and ARM are some of the major players in the GPU market. GPU vs. CPU A graphics processing unit is able to render images more quickly than a central processing unit because of its parallel processing architecture, which allows it to perform multiple calculations at the same time. A single CPU does not have this capability, although multi...
Post a Comment
Read more

6G (sixth-generation wireless)

6G (sixth-generation wireless) is the successor to 5G cellular technology. 6G networks will be able to use higher frequencies than 5G networks and provide substantially higher capacity and much lower latency. One of the goals of the 6G Internet will be to support one micro-second latency communications, representing 1,000 times faster -- or 1/1000th the latency -- than one millisecond throughput. The 6G technology market is expected to facilitate large improvements in the areas of imaging, presence technology and location awareness. Working in conjunction with AI, the computational infrastructure of 6G will be able to autonomously determine the best location for computing to occur; this includes decisions about data storage, processing and sharing.  Advantages of 6G over 5G 6G is expected to support 1 terabyte per second (Tbps) speeds. This level of capacity and latency will be unprecedented and wi...
Post a Comment
Read more