In this modern generation, organizations greatly rely on computer networks to share information throughout the agency in an green and efficient way. Organizational computer networks are now becoming massive and ubiquitous. Assuming that every staff member has a dedicated computer, a massive scale employer might have few thousands workstations and many server on the network.
It is probably that these workstations may not be centrally controlled, nor could they have perimeter safety. they may have a selection of running systems, hardware, software, and protocols, with unique level of cyber awareness among users. Now consider, these thousands of workstations on organization network are immediately connected to the net. This form of unsecured community becomes a goal for an attack which holds treasured information and displays vulnerabilities.
In this chapter, we describe the primary vulnerabilities of the network and importance of network security. In subsequent chapters, we will discuss the techniques to obtain the same.
A network is defined as or more computing devices connected together for sharing assets efficiently. further, connecting two or greater networks together is known as Internetworking. therefore, the internet is just an internetwork – a set of interconnected networks.
For setting up its internal network, an organisation has numerous options. it can use a wired network or a wireless network to connect all workstations. nowadays, organizations are generally the use of a combination of both wired and wireless networks.
In a wired network, devices are related to each different using cables. usually, wired networks are based on Ethernet protocol where devices are related the use of the Unshielded Twisted Pair (UTP) cables to the different switches. these switches are further related to the network router for accessing the internet.
In wireless network, the device is connected to an access point through radio transmissions. The access points are further connected through cables to switch/router for external network access.
Wireless networks have received recognition because of the mobility presented through them. mobile devices need not be tied to a cable and can roam freely within the wireless network range. This ensures efficient records sharing and boosts productivity.
The common vulnerability that exists in both wired and wireless networks is an “unauthorized access” to a network. An attacker can connect his device to a network though unsecure hub/switch port. on this regard, wireless network are considered less at ease than wired network, because wireless network may be easily accessed without any physical connection.
After accessing, an attacker can exploit this vulnerability to release attacks such as −
Network Protocol is a fixed of rules that govern communications among devices related on a network. They consist of mechanisms for making connections, as well as formatting rules for information packaging for messages sent and obtained.
Several computer network protocols had been advanced every designed for specific purposes. The popular and widely used protocols are TCP/IP with related higher- and decrease-level protocols.
Transmission control Protocol (TCP) and internet Protocol (IP) are awesome computer network protocols generally used collectively. because of their recognition and wide adoption, they are constructed in all operating systems of networked devices.
IP corresponds to the network layer (Layer three) whereas TCP corresponds to the transport layer (Layer four) in OSI. TCP/IP applies to network communications where the TCP transport is used to supply records across IP networks.
TCP/IP protocols are normally used with different protocols including HTTP, FTP, SSH at application layer and Ethernet on the data link/physical layer.
TCP/IP protocol suite changed into created in 1980 as an internetworking answer with very little problem for security aspects.
It became advanced for a communication inside the limited trusted network. but, over a period, this protocol became the de-facto preferred for the unsecured internet communication.
Some of the common security vulnerabilities of TCP/IP protocol suits are −
Apart from the above-noted, many other protection vulnerabilities exist inside the TCP/IP Protocol family in design as well in its implementation.
Incidentally, in TCP/IP based network communication, if one layer is hacked, the other layers do not become aware of the hack and the whole communication receives compromised. hence, there is want to employ protection controls at each layer to ensure foolproof security.
Domain Name System (DNS) is used to solve host domain names to IP addresses. network users depend on DNS functionality specially during browsing the internet through typing a URL inside the web browser.
In an attack on DNS, an attacker’s goal is to alter a legitimate DNS record so that it receives resolved to an incorrect IP address. it may direct all visitors for that IP to the wrong computer. An attacker can both exploit DNS protocol vulnerability or compromise the DNS server for materializing an assault.
DNS cache poisoning is an attack exploiting a vulnerability observed in the DNS protocol. An attacker may also poison the cache through forging a response to a recursive DNS question sent by way of a resolver to an authoritative server. once, the cache of DNS resolver is poisoned, the host gets directed to a malicious website and may compromise credential information by communication to this site.
Internet control management Protocol (ICMP) is a primary network control protocol of the TCP/IP networks. it is used to send errors and manage messages regarding the fame of networked devices.
ICMP is an essential part of the IP network implementation and thus is present in very network setup. ICMP has its own vulnerabilities and may be abused to release an assault on a network.
The common assaults that can occur on a network due to ICMP vulnerabilities are −
Other protocols including ARP, DHCP, SMTP, etc. also have their vulnerabilities that may be exploited through the attacker to compromise the network security. we will discuss a number of these vulnerabilities in later chapters.
The least problem for the security aspect during layout and implementation of protocols has changed into a main reason of threats to the network security.
As mentioned in earlier sections, there exists large number of vulnerabilities in the network. hence, at some point of transmission, records is highly vulnerable to assaults. An attacker can target the communication channel, obtain the information, and read the same or re-insert a false message to obtain his nefarious aims.
Network security is not only involved about the security of the computers at each end of the communique chain; but, it targets to ensure that the complete network is secure.
Network security includes protective the usability, reliability, integrity, and protection of network and information. effective network safety defeats a selection of threats from entering or spreading on a network.
The primary purpose of network security are Confidentiality, Integrity, and Availability. those three pillars of network safety are often represented as CIA Triangle.
Ensuring network security can also appear to be very simple. The goals to be carried out seems to be straightforward. but in truth, the mechanisms used to achieve these goals are highly complex, and information them includes sound reasoning.
International Telecommunication Union (ITU), in its advice on security architecture X.800, has described certain mechanisms to bring the standardization in techniques to reap network security. some of those mechanisms are −
Having developed and recognized various protection mechanisms for achieving network security, it is critical to decide where to use them; both physically (at what region) and logically (at what layer of an architecture including TCP/IP).
Several security mechanisms were advanced in the sort of way that they may be developed at a selected layer of the OSI network layer model.
It is considered that designing a cryptographically sound utility protocol is very difficult and implementing it nicely is even more challenging. hence, utility layer security mechanisms for protecting network communications are preferred to be simplest standards-based solutions that have been in use for some time.
An example of application layer security protocol is relaxed Multipurpose internet Mail Extensions (S/MIME), that is usually used to encrypt messages. DNSSEC is another protocol at this layer used for secure exchange of DNS question messages.
Incidentally, a security mechanism designed to operate at a better layer cannot offer safety for information at decrease layers, because the lower layers perform features of which the higher layers are not conscious. hence, it may be important to deploy multiple security mechanisms for enhancing the network protection.
In the following chapters of the tutorial, we can discuss the security mechanisms employed at special layers of OSI networking architecture for achieving network security.
Network Security Related Interview Questions
|Networking Interview Questions||Verilog Interview Questions|
|Switching Interview Questions||Firewall Support Interview Questions|
|System Verilog Interview Questions||Penetration Testing Interview Questions|
|Cryptography Interview Questions||Firewall (computing) Interview Questions|
|Check Point Certified Security Administrator (CCSA) Interview Questions||CheckPoint Firewall Interview Questions|
|Digital Communication Interview Questions||Siemens PLC Interview Questions|
|ASIC Interview Questions||Information Security Analyst Interview Questions|
Network Security Related Practice Tests
|Networking Practice Tests||Verilog Practice Tests|
|Switching Practice Tests||Firewall Support Practice Tests|
|System Verilog Practice Tests||Cryptography Practice Tests|
|Firewall (computing) Practice Tests||Check Point Certified Security Administrator (CCSA) Practice Tests|
Network Security Tutorial
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.