How to do Network Security

Network security refers to the practice of securing computers and devices in a network from unauthorized users and attacks. Network security can range from simple procedure such as using a username and password to using complex network devices to protect a network.

When you connect to the Internet, your computer and/or network is exposed to a public network where anyone could possibly attack and gain access to resources Including data.

Following are some of the common types of host & network based attacks:

Spoofing

Spoofing is a method that refers to use of forged IP address, MAC address, E-mail address, etc. falsifying and gaining data. For example someone could send a packet from IP address such as 10.1.1.1 but appears as if it was sent from another IP address thereby allowing the packet to enter into network, thus resulting in gaining access to someone’s network without their consent.

Root kits

Root kits are special programs that take control of a computer by replacing critical system files and usually do undetected. Most of root kit programs are kernel-based, they act like parasites and attach themselves with the operating system. Though it is difficult to detect, you can observe change in patterns and check integrity of the operating system to see if it’s affected by a root kit and take appropriate action.

Denial of service

Denial of service is a kind of attack that causes services to become unavailable when they are expected. For example a website under DOS (Denial of service) attack will cause itself to halt and affect the users by not providing the necessary service such as access to email or online shopping.

To prevent unauthorized users from galning access through any method, you need to implement a variety of security measures such as using a firewall, scanning your computer or network for weakness, apply security patches, use IDS, etc.

Firewall

Firewalls are software or hardware devices that protect a computer and/or a network by analyzing and controlling both incoming and outgoing network traffic. Firewalls act like a window between internal and external network allowing authorized users to access resources.

Most operating systems include a software firewall and are configured to keep your computer secure. While software firewalls are sufficient for home and smaller networks, hardware firewalls are essential for larger networks as it offers a higher level of protection and can scale to larger network traffic from tens to hundreds of computers.

Firewall generations:

  1. First generation: Firewalls use Packet filters, a mechanism in which each packet is analyzed based on a combination of source and destination IP address, ports and decide if the packet should be passed on or discarded.
  2. Second generation: Firewalls use stateful filters, a mechanism in which each packet is analyzed to track the state of network connection travelling through it. Only packets that match the active connection is allowed or else discarded. Stateful Packet inspection (SPI) used in this method is considered most secure as it allows packets to be transmitted to the internal network as the firewall checks if the response packet is originated based on the request sent from the Internal network.
  3. Third generation: Firewalls provide application layer filtering by working closely with the applications (browsers, email software, etc.) and protocols (http, ftp, smtp, etc.). This is useful when unwanted network application software or protocol attempts to use network bandwidth, causing harm to the computer or flood the network traffic and need to blocked or never allowed.
Note: Packet filtering alone does not provide enough protection. In order to effectively block peer-to-peer-related network traffic, what is needed is a firewall that does application filtering, which can be regarded as an extension to stateful packet inspection. Stateful packet inspection can determine what type of protocol is being sent over each port, but application-level filters look at what a protocol is being used for. For example, an application-level filter might be able to tell the difference between HTTP traffic used to access a Web page and HTTP traffic used for file sharing, whereas a firewall that is only performing packet filtering would treat all HTTP traffic equally..

Types of Firewalls

Personal Firewalls

Personal Firewalls are usually shipped with an operating system and protect anly the computer on which it is installed. Personal Firewalls are designed to control network traffic generated by applications such as web browsers, file transfer software, email software, etc. Installed on a computer. When an application tends to transmit or receive, the firewall looks up the policy defined in the firewall settings and allows or denies network traffic accordingly. If you do not have a personal firewall installed on your computer or you want to use a more advanced firewall software with advanced management capabilities, you can purchase a commercial firewall software or a hardware firewall.

Notable software firewalls include Windows Firewall (shipped with most versions of Microsoft Windows), ZoneAlarm, Commodo Internet Security Plus, etc. Some Anti-virus vendors bundle firewall software to provide complete protection such as McAfee Internet Security. Kaspersky Internet Security, Norton Internet Security, etc.

Enterprise Firewalls

Enterprise Firewalls are suitable for organizations that have thousands of users or for networks that need high level of security such as banks. Enterprise Firewalls are usually hardware based, expensive, require additional technical expertise but offer greater levels of protection and scale to larger network traffic without affecting stability in performance. Enterprise firewalls can protect the entire network and operate at the network layer scanning each packet that transmits through them. Notable vendors for enterprise firewalls include Cisco, HP, IBM, Microsoft, Juniper networks, etc.

Windows Firewall

Windows Firewall is a built-in firewall software bundled and installed by default on most Microsoft Windows Operating systems like Windows XP, Vista & 7.

Windows Firewall protects the computer by using the default settings (firewall nues) that can be modified anytime. Most commonly used network applications such as web browsers, email client software, etc. work without the need for modifying the settings on the firewall. Some network applications may work as intended if it is blocked by the firewall (for example, an antivirus software may not be able to update itself from the Internet); in such cases, you need to add the application to the exception list indicating that the application is permitted to use the network or the internet.

Part Scanner

You have learnt about port numbers in earlier sessions. Though there are 65,536 ports available, few port numbers are allowed to be used on computer having a firewall installed. However a user can get into a network or a computer using one of the open ports. In such cases it is advisable to block all unused ports.

For us to understand the ports that are open on a computer, you can use port scanner software that scans and provides a detailed report on used and unused ports. This can help you in determining if the computer is prone to any possible security attacks.

TELNET

Telnet is a client-server protocol used for established connections to a remote host. Terminal Emulation or Telnet is still widely used by administrators for troubleshooting network applications. TELNET can be used for connecting to remote computers, switches and routers as well. Telnet provides bi-directional text-oriented communication using a virtual terminal connection. Telnet uses TCP and port number 23:

TELNET Service is built-in with most operating system but may need to be Installed or started for accepting incoming connections.

Patch Management

When you install an Operating System or applications, they may have flaws, also referred to as security holes. This can be an opportunity for people who can manipulate and gain control of a computer or network resources using these Raws

Operating systems and applications may have vulnerabilities (weakness) that can be corrected using by applying security patches, a process referred to as Patch Management. Since presence of flaws is considered as a security risk & threat, these vulnerabilities must be addressed as quickly as possible. Most vendors analyze weaknesses and provide updates called as patches on a periodic basis. In most cases, the updates are automatically downloaded and updated by corresponding applications. However, it is a recommended practice to analyze a computer or computers on a network for any potential flaws and take necessary steps to correct them.

Belarc Advisor is a software utility that builds a detailed profile of installed software and hardware, missing security patches, anti-virus status, security configurations, and displays the results in a Web browser.

Microsoft Baseline Security Analyzer (MBSA) is another utility that can be used for scanning vulnerabilities by checking an operating system if appropriate security patches are applied or not. MBSA checks most products such as the operating system itself, Internet Explorer, IIS, SQL Server, etc. and is restricted to products from Microsoft.

Packet Analyzer

Packet Analyzer is a software or hardware that can be used for monitoring network traffic passing over wired or wireless networks. As data flows over the network, each packet is captured, decoded and contents are analyzed. Packet analyzers are used for analyzing network problems, network utilization and to even detect network misuse by internal or external users. Popular packet alyzers include wireshark, Microsoft Network Monitor, TCPDUMP, SniffPass, Capsa Free Network Analyzer, etc.

IDS (Intrusion Detection System)

IDS is a software application or a hardware device used for monitoring a computer or a network for any malicious activities or violations and reports to a management system. IDS are used by administrators to receive an alert when any suspicious attempt is made to a computer or a network and to prevent further access to the computer or the network. IDS can be host based or network based.

Leave a Comment