Ntc 410 - Network Security Concepts

Network Security Concepts

Name

NTC 410

Instructor's Name

November 1, 2005

File security falls into two categories, encryption and access. Access to files can mean physical access to a computer with unsecured files or access via user permissions or privileges in the form of access control lists (ACLs) (Strengthen Your Users' File Security, 2003). The files kept on a server with NTFS storage can be locked to prevent anyone who does not have the correct permissions from opening them. This is secure but can be bypassed with physical access to an open computer and should not be used for sensitive information. The other method of securing files is by encrypting the information in the files using an Encrypting File System (EFS), which employs public key encryption privileges (Strengthen Your Users' File Security, 2003).

A firewall prevents access to an internal system from the outside the company via the internet on any open ports. A firewall will also prevent internal network users from accessing certain internet sites which could be dangerous or offensive (Shay, 2004). The firewall acts at the OSI model's layers three and four by searching packets for certain types of headers (Shay, 2004). So, firewalls differ from file security because anyone inside the company can theoretically access files behind the firewall, while file security provides internal security against a company's own workers.

Symmetric and asymmetric encryption differ from each other in that with symmetric encryption, the same key is used for both the encryption and decryption process. With asymmetric encryption, the keys are in pairs but are not the same, and one is used for encryption and another for decryption (Matuszek, 1999). Symmetric encryption is simple and faster than asymmetric encryption, with the security of the key being directly related to the length of the key. Asymmetric encryption has one key that is known only to the person receiving the encrypted data, which does not have to be shared with any users and one key that is public and known to many users (Matuszek, 1999).

Secret and private keys are very similar and are often used interchangeably. The difference is that secret keys are used for both encryption and decryption, while a private key is part of the public/private key system and is used only for decryption (Cryptography, 2005). In both cases, the key may be known only to a single person or a limited group of people in order to keep the key secure.

Public-Key Infrastructure (PKI) is a method of verifying users on a network, while a digital certificate is a reference from a neutral company that confirms the identity of an internet site (Shay, 2004, p. 321) and (Tomsho, G., Tittel, E. Johnson, D., 2004, P. 378). The digital certificate is issued by a Certificate Authority (CA) such as Verisign, and a registration authority (RA) that acts as a reference to identify an entity to a user of the website, and uses a directory that holds the certificate and can revoke a company's digital status. The PKI technology is at the core of the digital certificates used in almost all transactions on the internet. The PKI uses a cryptographic key pair, one of which is public and one which is private, to authenticate the owner of the certificate (PKI, 2002).

In each of the layers of the OSI model, there are security risks that exist and are developing now, and countermeasures to combat them. The physical layer is a layer that must be approached from a physical point of view, because access to this layer is most likely to come from outside the device level. The threats to the physical layer include people taking the equipment itself, traffic sniffing and wiretapping, loss of power or environmental damage from natural disasters (Reed, 2003).

These threats can be combated by using identifying badges, locks and surveillance equipment to reduce the exposure of outsiders to the equipment as well as sniffer equipment to identify leaks on the cabling. To protect against disasters, electromagnetic shielding and distributed data backups may be used along with backup power supplies.

On the data link layer MAC address identities are established, so spoofing of MAC addresses can occur at layer 2. In addition, errors can be introduced which cause loops with spanning tree protocols (Reed, 2003). There is vulnerability at this layer with the use of virtual LANs, where the interconnection of LANs and wireless LANs with VLAN policies can be used to perform VLAN hopping, creating data pathways to bypass firewalls and subnet addressing (Convery, 2004).

These threats can be mitigated by separating the sensitive areas from the rest of the physical network and by using security at other layers to establish security for VLANs (Aber, 2004). Wireless networks must be secured and unauthorized wireless access pints should be detected and removed as soon as they are discovered (Reed, 2004). VPNs also provide a level of security at this layer by allowing encrypted data transfer (Song, 2004). Network Intrusion Detection (NID) systems can be implemented here to watch the data and look for suspicious packets (Frazier, n.d.).

At Layer 3, Internet Protocols and routing protocols prove a challenge for security control. At this layer, address spoofing and route spoofing can occur, using a machines' own address to send out malicious packets that appear to be from within the network (Reed, 2004). Firewalls that can be configured at the edge of a network to closely examine packets coming in from outside a network will reduce the chances of these kinds of attacks (Song, 2004). Routing controls and filters should be used alongside ARP monitoring software (Reed, 2004). IPSec will also prevent insertion of packets into the transport layer protocols

The transport layer provides error checking and uses Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) to route packets around the network and ensure successful delivery of data (Song, 2004). When the transport layer receives packets which are not well defined, some protocols have difficulty handling those packets (Reed, 2004). This is the layer where Denial of Service (DOS) and DDOS attacks occur (Song, 2004).

The solutions to problems at this layer are the use of firewalls with stateful packet inspection and dynamic NAT (Arizona enterprise architecture, 2005). Firewalls can be configured to drop partial packets in DOS attacks as well as to filter out undesired protocol users and packets from some devices