Network Security

.

 

Security is generally regarded as a cost, rather than a revenue generator. The return on investment is not readily apparent and is often difficult to quantify which generally causes a problem when it comes to budget allocation.

It is often necessary to look at the bigger picture for example, remote authentication enables employees to securely access the network away from the office therefore improving flexibility and in turn the effectiveness and profitability of the organisation.

It is necessary to authenticate the identity of users and computers, maintain an appropriate level of network service operations and optimal network performance.

There are four main security objectives:

  • Authentication - Proving identity to gain access.
  • Integrity - Ensuring only authorised personnel can amend data.
  • Confidentiality - Restricting data access.
  • Non-repudiation - Decisive tracking of actions to a specific user.

Benefits of Security:

  • Increased productivity. Limit or eliminate access to non-critical resources addressing potential security issues and improving productivity.
  • Improved visibility and control. Know who is connecting to the network, how they are connected and what they are accessing.
  • Be pro-active. Stop security breaches before they happen or, at worst, quarantine attacks in order to minimise disruption.
  • Legislative compliance. Deploy security procedures and solutions to address the legalities associated with use of e-mail and the Internet.
  • Control and management. Set strategic levels of security ensuring that the right people have the right level of access at any one time, and have the ability to amend this instantly, for example when people leave the organisation.
  • Better use of IT resources. Monitor and manage spam and unauthorised web browsing ensuring adequate bandwidth for mission-critical applications.
  • Data protection. Control the flow and content of data in and out of the organisation protecting client, supplier and organisational confidentiality.

Types of network security

Authentication

Controlling who has access to what data is a central theme of information security. Security built around passwords is too easy to defeat. User authentication becomes even more important when the user is remote. Whether users are dialling in from home into a RAS solution or using a VPN connection these links provide the single most vulnerable link into a network. If an electronic identity can be faked the connection will provide an open path in the system.

Strong authentication addresses any of the vulnerabilities of single authentication. Furthermore, this stops an authorised user accidentally accessing another user's resource and allows that administrator to track all events linked to each individual user where necessary.

Strong authentication can be achieved by incorporating more than one means of authentication: Something you have. Something you know. Something you are.

IDS - Intrusion Detection System

Intrusion Detection Systems are designed to alert system managers to potential trouble whether it is from an internal or external source. Commonly attackers make a tentative probe first, wait to see if it is detected and then home in on a subsequent attempt. IDS is an intelligent system that reads and interprets the contents of log files from routers, firewalls, servers and other network devices to identify the type of traffic on the network and network activity patterns. The IDS responds to alerts by raising an alarm, activating an automatic response action to limit potential damage and attempts to identify the intruder and correlate evidence of activity.

The main types of IDS:

  • Network-based - looks for attack signatures and monitor network backbones.
  • Host-based - defends and monitors the operating and file systems.
  • Application-based - monitors only specific applications.
  • Signature-based - looks for patterns in events specific to known attacks.
  • Anomaly-based - looks for anomalies in network activities that may indicate attacks.

Firewall

A perimeter security measure permitting only authorised LAN access to and from the Internet. Access can be administered according to job description and user requirements rather than a 'one rule suits all' basis.

The firewall analyses the traffic routed between the network and the Internet, both inbound and outbound, against set access criteria. Non-compliant traffic is stopped.

Firewalls fall into four categories: packet filters, circuit level gateways, application level gateways and stateful multilayer inspection firewalls.

  • Packet filtering firewall - Operating at the Network layer of the OSI analysing each packet is against a pre-determined set of criteria before being forwarded. Once analysed the firewall can drop the packet, forward it, or send a message to the originator.
  • Circuit level gateways - Operating at the Session layer of the OSI. TCP handshaking between packets is analysed to determine the legitimacy of requested sessions. Packets are not filtered by circuit level gateways.
  • Application level gateways (proxies) - Application specific, filtering packets at the application layer of the OSI model. An application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. User activity and logins and also be logged.
  • Stateful inspection firewall - A combination the other above firewalls. Packets are filtered at the network layer to determine whether session packets are legitimate and contents of packets are analysed at the Application layer. Algorithms identify and process application layer data as opposed to application specific proxies.

Anti-Virus

Anti-virus searches for any known or potential viruses. New viruses emerge at an increasing rate and old viruses remain a threat to poorly updated systems.

A good anti-virus will:

  • Detect and quarantine viruses before reaching the internal network and servers.
  • Protect workstations and servers against viruses with regular signature updates.
  • Check for viruses in attachments as well as in the body of emails.
  • Be capable of identifying suspicious file types and virus-like signatures in addition to known viruses.
  • Provide the option of excluding file types most likely to be virus carriers.

Email security

Emails present a wide range of risk, notably the leakage of sensitive information and potential legal liability for employee email conduct.

A good email security solution will:

  • Be based on a clear internal email usage policy.
  • Identity and remove viruses at the point of entry to the network whether within an email body or attachment.
  • Identify and quarantine suspect file types and any mismatches between file suffix and content.
  • Implement user-defined policies to control the release of company data as email attachments.
  • Enable unwanted email sources and addresses to be blocked.
  • Attach legal disclaimers to all outgoing messages.
  • Protect against spam and spoof attacks.
  • Provide detailed analysis and management reports.

Web access control

To get the greatest business benefit out of the internet users need desktop access. However, personal web browsing and web-based email needs to be managed so as not to compromise the organisation in any way.

To this end web access control is more than just blocking web addresses and protecting from web-borne viruses. It is necessary to administer access rights at user level.

Access can be allowed, denied or limited by time-based quota according to policies applied to users, workgroups, computer or the entire network. Policies may be set for web address, specific file types and are often associated with a database of inappropriate websites such as gambling, chat sites and sites with pornographic content.