Network and information security refer to the confidence that unauthorized users cannot access the information and services available on a network. It assumes data integrity, freedom from unauthorized access of resources and freedom from disruption of services. You need to protect both physical and abstract resources such as information. Protecting the latter is more difficult.
Information security is concerned with three main areas: confidentiality (information should be available only to those who rightfully have access to it), integrity (information should be modified only by those who are authorized to do so) and availability (information should be accessible to those who need it when they need it).
On the Internet, where data passes across intermediate routers and networks, source authentication can be easily attacked at one of the intermediate routers. For example, an impostor can gain control of a router R that lies between a valid client and a server. He can then alter the routes in R to direct return traffic to him and generate a request using the authorized client’s address as a source address. The server will, in this case, accept the request and send the reply to the authorized client. When it reaches R, the reply will be forwarded along the incorrect route to the impostor.
This example illustrates the need for the server and client to not communicate with impostors. One way of ensuring this is to use the authentication mechanism (also known as IP address authentication). This is a simple security mechanism to verify identification. Here, a server is configured with a list of valid IP source addresses. And when a request arrives, the server makes sure that it is from a valid client by matching the client’s IP address with the ones in the configured list. Only if the client is authorized does the server grant it the service requested.
Another method is the public-key encryption mechanism. In this case, you use a pair of keys: a public key and a private key.
A sender can ensure that only the intended receiver can read his message, by using the public key of the receiver to encrypt his message. And, when the receiver receives it, he decrypts it using his private key .
Another common security attack is password cracking. To crack a password, one needs to know the encrypted password file and the encryption algorithm used. There are two methods to crack the passwords: Dictionary method and brute-force method. Each involves encrypting the password and comparing to see if there is a match.
Some ways to avoid password cracking include changing passwords after a specified period (say 90 days), using complex passwords and setting a length for passwords.
In URL rewriting, the attacker’s first trick is to re-write URLs so that they point to the attacker’s server . In this case, the attacker can fool the server and modify the responses coming from the real server before passing them back to the victim. Assuming the attacker’s server is on the machine www.attacker.org, the attacker can rewrite a URL by adding http://www.attacker.org at the front of the URL. For example, http://home.netscape.com becomes http://www.attacker.org/ http://home.netscape.com.
DoS and DNS Hijack
DNS or Domain Name Server translates readable host names (such as www.myfirm.com) to machine-readable IP addresses (such as 220.127.116.11). The common attacks associated with DNS are Denial of Service (legitimate users are denied of services) and DNS hijack (redirection of services).
DoS (Denial of Service) attacks are probably the nastiest and the most difficult to address. The premise of a DoS attack is simple: send more requests to the machine than it can handle. Toolkits in the underground community make this simply a matter of running a program and telling it which host to blast with requests. The attacker’s program simply makes a connection on some service port, perhaps forging the packet’s header information that says where the packet came from, and then dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker’s requests. A suite of applications, known as DoS Attack and Prevention System, provide a controllable platform for detecting the DoS attacks and blocking their malicious effects.
DNSSEC is a technique for securing the DNS. It is a set of extensions to DNS that provide end-to-end authenticity and integrity. In this, cryptographic verification information is provided along with DNS messages. Public-key cryptography is used along with digital signatures and with the help of these the requester can authenticate the source of data.
What’s the need for DNSSEC? Information crucial to the operation of the Internet is usually stored in a distributed database. Because of this distributed nature, changes to the database may not propagate through all of the DNS servers on the Internet instantly. One cannot be guaranteed that the data received by a name server is authoritative or that a name server is not maliciously providing false information. Thus, there is a need to make sure that one gets the information from a name server that is authorized to provide the data. In other words, all data must be authenticated before it can be trusted.
In the context of DNS, security refers only to authentication, not confidentiality. DNS itself has no way of hiding data. A query can originate from any host and any host will receive the same answer to the same query. Though DNSSEC provides excellent security, it is complex to implement and significantly increases the size of DNS response packets.
Maintaining a high network security requires continuous efforts:
- Establishing a security policy that defines the security goals
- Implementing network security technologies in a comprehensive and layered approach so that the enterprise does not rely upon only one technology to solve all security issues
- Auditing the network on a recurring basis and using the results of the audits to modify the security policy and the technology implementations as needed.