Elements of Network Security
Essay by review • November 24, 2010 • Research Paper • 1,625 Words (7 Pages) • 1,923 Views
Elements of Network Security
Louis Kibby
Network / Datacom I TCM 537
Mr. Stuart Sandler
November 28, 2005
Elements of Network Security
Introduction
The primary objective of a network security system is to, in a cost effective manner, balance convenient access to legitimate users and inaccessibility to attackers. In a nutshell, the goal is to prevent connectivity to anyone intending to cause harm to the network. The harm to which this paper refers can come in the following forms:
1. Application-level security threats, such as e-mail viruses and attachments.
2. Threats to network infrastructure devices.
3. Theft of network connectivity services.
4. Unauthorized access from internal and external sources.
5. Denial of service attacks.
Using a proper network security strategy reduces and, in some cases, even avoids the listed harmful attacks from occurring on a network (Gary, T., et al, Mar. 2002). This paper will discuss such a strategy used by the Los Angeles Department of Water and Power (LADWP), as well as the strategy's three primary elements: prevention, detection, and recovery.
Prevention
Surprisingly, the most common threat to a company's information assets does not come from the sly and cunning computer hacker that is glamorized by Hollywood movies, but from human error, inappropriate disclosures, and sheer carelessness on the part of the company's employees. Hackers who do intentionally tamper with the company's network often do so because they are tempted by assets they know are poorly protected. Weak security policies present the image that a company does not truly value its assets, which in turn attracts the petty thief and curiosity seeker. Therefore, the preventive element of any network security system should include a strong and enforceable security policy for its employees to follow, re-enforced by a form of technical protection (Control Data, 1999).
Firewalls, antivirus programs and packet filtering devices are used to protect access to the network at the LADWP. But these tools alone do not provide adequate system security - a policy for system users, as mentioned above, that is based on the identification and prioritization of threats and assumed threats helps to maintain the network's health. The key feature of the policy is an ongoing training program that teaches all users the importance and value of including safe system user practices in their daily routine. Users are more likely to follow security practices if they understand the purpose of the practice and the consequences when these practices aren't used. Added to the training is a physical and electrical restriction of access to sensitive information and areas to users who have no business purpose for using such access. To ensure that the preventive measures are functioning effectively, regular audits of the security policy are performed. Log-on IDs are checked to verify their validity, and the users' activities are monitored to determine if the policies are being followed.
Detection
The next element of a network security system is system violation detection, or intrusion detection. This is an effort, should a system violator manage to breach the security of the network, to catch the violation before any real damage can be done to the network. The most common approach to intrusion detection is based on the belief that violations can be discovered by looking for abnormal system usage, or scanning the system in search for known attack patterns or virus indicators (Denning, D., 1986). The two approaches used by LADWP are automated intrusion detection, and network traffic and vulnerability monitoring.
For automated intrusion detection, LADWP has deployed the Cisco Intrusion Detection System (IDS). This system has two major components - the sensors and the Director Platform. The sensor captures network packets, reassembles them, and compares these packets against known intrusion signatures. Should the sensor detect an attack, it logs the attack and then forwards an attack notification to the Director Platform. Once the Director Platform receives an attack notification, it displays an alarm and takes action to reduce the effect of the attack (Stiffler & Carter, Dec. 28, 2001). Because this is an automated system, it depends on a mechanical process of discerning what is good or bad. This at times can lead to false positives or negatives, or the blocking of a legitimate user and giving access to a system violator. This weakness in the Cisco IDS requires that an additional form of violation detection be used.
In addition to the IDS, LADWP has a staff of technicians who provide continuous network monitoring. In addition to keeping track of the alarms detected by the IDS' Director Platform, these technicians also use other tools to keep an eye on network traffic levels, as well as performing routine vulnerability probing. One key tool used is Lucent's VitalSuite. This tool uses real-time event analysis, which helps to identify network resources that have exceeded acceptable levels.
To properly use VitalSuite, the technicians establish what they believe to be normal network activity. This norm is then used as a baseline to help in the identification of any abnormal network traffic. Once the baseline is established, levels of severity are set. The levels are minor, major and critical, with critical meaning immediate action is required. The only time the system alarms is when a critical error is detected. During normal operations, the technicians monitor VitalSuites' display, looking for unusual events. These events can come as a serious of major alarms that occur only a one specific time of day or a continuous string of minor alarms. These events can indicate subtle attempts at compromising the network. In the case of such events, the traffic is examined closer and any needed corrective action is taken at that time.
Data collected by VitalSuite can also be used to expose points of vulnerability by looking for unused ports or poorly configured network devices. When a point of vulnerability is found, the technicians make any necessary system corrections.
The
...
...