Introduction to Network Security
Date: March 1999
Kaushik Mhadeshwar (BE - Elecs - TSEC)
Satyajit Phanse (SE - Elecs - TSEC)
There are many reasons to why network security has become such an important issue today. A few reasons would be the staggering amount of the personal and important information lying unprotected in various networks worldwide and the amazing growth of e-commerce (expected to be the tune of 300 billion dollars in 2001). This article tries to give an overview of the various important concepts in network security.
A lot of people have this wrong notion of network security being a range of high tech products with a lot of blinking lights. But research tells us that this is wrong - About 75% of security breaches are insider jobs which could be prevented by taking a few simple precautions. A few precautions could be keeping a close watch on the movement of floppies and allowing only authorized personnel to work on the machines All these precautions come under the important yet grossly neglected domain of Physical Security.
The e-mail is considered quite insecure because of its ubiquitous nature. To combat this, methods of cryptography are becoming quite popular. Cryptography converts your message to a coded form known as ciphertext, which is decoded at the receiver. An ideal cryptographic system achieves the twin purpose of Authentication (i.e. the receiver is sure that the sender is actually who he claims to be) and Confidentiality (i.e. only the reader and no one else can read the message).
A basic component of network security is the firewall. It is a set of hardware and software mechanisms, which enforce the security policy of the organization. They concentrate the traffic between the internal (protected) and external (e.g. Internet) networks at one point, making it easier to monitor and control the traffic.
There are many kinds of firewalls, from a simple packet filter to a moderately complex proxy gateway, with such components as network address translators, "smart" routers with Access Control Lists, and the like.
Firewalls can protect against network driven attacks such as floods, Denial of Service, etc., but they provide no protection against data-driven attacks like viruses and other malicious code, which may be downloaded and executed on a workstation inside the wall. Also, they are only gatekeepers -- they guard the network's connection to the outside at just one point.
For a firewall to provide adequate protection, it must be reactively and preventively maintained and upgraded against new attack methods.
One can use encryption for secure data transactions. Public key cryptography is good for email, but for e-business on the WWW, Netscape's Secure Sockets Layer (SSL) may be used. This works with digital authentication certificates to set up an encrypted connection between the SSL server and client.
Web servers and email servers are prime candidates for crackers because of the way they work. Web servers can be flooded with requests, leading to Denial of Service (DoS). Similarly email servers can be flooded with messages. Such attacks can help the cracker to gain access to other, more heavily protected machines, using IP spoofing and session hijacking.
Crackers can exploit all sorts of flaws in a network, and it is the system administrators' job to anticipate and guard against attacks. The various facets of network security are not independent but are facets of a coherent security procedure.
A condensed version of the paper on Network Security. Kaushik Mhadeshwar and I wrote the paper for an IEEE Bombay Section paper-writing contest around February 1999 (we were ranked second). This is the condensed introduction which appears in IEEE Bombay Section publication Short Circuit.