SECURITY COUNTERMEASURES TECHNIQUES AND TOOLS

Get Complete Project Material File(s) Now! »

Link Layer

This layer is also known as data link layer or network interface layer. Link layer interfaces the network interface card and the communication medium. The important role of link layer is address resolution that provides mapping between two different forms of addresses with ARP and RARP protocols (see fig 2.6) [11]. For proper functionality; it has complete information of network interface cards, i.e. driver details and kernel information. It interprets between two systems in network for the sake of information of source address and destination address from software address to hardware address to send information on physical medium, because the kernel only recognizes the hardware address of network interface cards not the IP address or Physical address. Address resolution Protocols (ARP) translates an IP Address to a Hardware Address whereas Reverse Address Resolution Protocol (RARP) converts a hardware address to IP Address [6]. (See fig 2.6)

Address Resolution Protocol

The interpretation of data transmitted to communication medium from network layer depends on ARP and RARP link layer protocols. Network layer has source and destination address which is also called the logical address or 32-bits of IP Address, but before sending the information on a network via communication medium it is required to change this address IP address into 48-bits of hardware address which is also called Ethernet address or MAC Address. The reason for changing the address is that, the communication medium is directly connected to the Ethernet interface cards and it may assess the data via serial communication lines [6].
ARP operation; a network device during transmission in a communication medium performs sequence of operations [11]. Packet format of ARP is also clarified this (fig 2.7) [6].
o ARP request: A broadcast request in the form of Ethernet frames for the whole network. Request is basically a query for getting a hardware address against an appropriate IP.
o ARP reply: Appropriate hardware address generates a send back rep; response to sender against its query, in the form of its hardware address with its IP address.
o Exchange: request-reply information.

SMTP Protocol

Electronic mail (e-mail) used almost everywhere in the world for communication of data in simple readable text or in GUI mode worked on application layer. The protocol used for Email is Simple Mail Transport Protocol (SMTP). This application protocol is laying on TCP protocol. Figure 2.22 shows the architecture of SMTP [11].
Mail transfer agent is responsible for transferring the e-mail messages from one system to another system on a local area network, but if email is delivered on wide area network then this agent is known as relay mail transfer agent. Similarly a user agent is responsible to send and receive electronic mail from mail-server to mail-client, i.e. Microsoft outlook express, Windows live mail etc [19].

Unauthorized Access

If you are trying to gain a casual access to an unsecured wireless network, you can be arrested on spot, even if you have no criminal intent (other than stealing their bandwidth, of course). In Canada it is called theft of telecommunication [23]. The main advantage of any network is resource sharing. As a part of network we share different types of services like file and printer sharing due to shared resources any one can try to gain illegal access which can cause unauthorized access in network. Password sharing, guessing and capturing are three common methods to gain illegal access. Password sharing and guessing are not a new mean of illegal access, there are different techniques for guessing a password.
Try default passwords. Try all dictionary words. Try all short words, usually 1 to 3 characters long. Try user’s personal number, mobile or phone number, home address, etc. By collecting user’s personal information like his/her birth day, family names.
Password capturing is a technique in which a hacker unknowingly steals user’s ID and password. Trojan horse program designed for this purpose that can capture the password. Below is some basic information that can prevent from unauthorized access.
Use strong passwords, contains at least 10 characters, contains at least one alpha, one numeric and one special character and use passwords that cannot contain dictionary words. Use hardware and software firewall. Use protection software against trojan, spyware, viruses and other malwares. Carefully handle emails, usually viruses, spyware and other malware are distributed through emails that have an e-mail attachment.

Inappropriate Access of resources

Unauthorized access occurs when a user try to access a resource that is not permitted for it. This may occur because administrators not properly assigned the resources. It may also occur when privileges are not enough for a user. Company which have different departments and users, some users have inappropriate access to any network resources, mostly because the users are not from the same department or may be such users who are from outside the company. For example access to the accounts department data is inappropriate by the administrators for the users which belong to some other department. In this case administrators need to grant more access rights than a user needed.

Disclosure of Data

In any organization, some information which is either stored in a computer in the network or transmitted may require some level of confidentiality. Illegal access occurs when some one who is not authorized for that tries to read the data. It mostly happen because our information is not encrypted. There are different encryption schemes that are used today; we will discuss them in detail in next chapters.

READ  HEALTH COMMUNICATION AFTER THE CHOLERA OUTBREAK

Unauthorized Modification

Unauthorized modification of data is attack on data integrity. Any changing in data or software can create big problems; possibly can corrupt databases, spreadsheets or some other important applications. Any miner unauthorized change in software can damage the whole operating system or all applications which are related to that software and perhaps need to reinstall the software with all related applications.
This can be made by unauthorized as well as authorized users. Any change in the data or in application can divert the information to some other destinations. This information can be used by any outsider or hacker who can make some changes and again send to the destination.
Some reasons that can cause the unauthorized modification are [24].
Lack of encryption of data The user which only requires read permission granted write permissions also. Access control mechanism that allow unnecessary write permission. Lack of protection tools.

Disclosure of Network Traffic

When we talk about the data security we see that there are two different types of data, first type of data which is in system or computers and the second one which is transferring from machine to machine or share among the network users. These two types of data falls under two types of security, computer security and network security. The tools that are designed to protect the first type of data fall in computer security while the protection of data during transmission called network security. However we cannot distinguish a clear difference between these two types of security. As we discuss earlier that users know which type data is confidential it is also important to maintain the confidentiality of that data during its transmission. The data which can be compromised consist of passwords, e-mail messages, user names or any other useful information that could be used in future for negative purpose. Even e-mails and passwords which are stored in encrypted format in system, they can also be captured during transmission as a plaintext.

Table of contents :

Chapter 1 INTRODUCTION
1.1 Motivation
1.2 Goal/Aim
1.3 Methodology
Chapter 2 NETWORKS AND PROTOCOLS
2.1 Networks
2.2 The Open System Interconnected Model (OSI)
2.3 TCP/IP Protocol Suite
2.3.1 Link Layer
2.3.1.1 Address Resolution Protocol (ARP)
2.3.1.2 Reverse Address Resolution Protocol (RARP)
2.3.2 Internet Layer
2.3.2.1 Internet Protocol (IP)
2.3.2.2 Internet Control Message Protocol (ICMP)
2.3.2.3 Internet Group Message Protocol (IGMP)
Security Level Protocols
2.3.2.4 Internet Protocol Security (IPSec)
2.3.2.4.1 Protocol Identifier
2.3.2.4.2 Modes of Operation
2.3.3 Transport Layer Protocol
2.3.3.1 Transmission Control Protocol (TCP)
2.3.3.2 User datagram Protocols (UDP)
Security Level Protocols
2.3.3.3 Secure sockets layer (SSL)
2.3.3.4 Transport Layer Security (TLS)
2.3.4 Application Layer Protocol
2.3.4.1 Simple Mail Transfer Protocol (SMTP)
2.3.4.2 File Transfer Protocol (FTP)
Security Level Protocols
2.3.4.3 Telnet
Chapter 3 NETWORK SECURITY THREATS AND VULNERABILITIES
3.1 Security Threats
3.2 Security Vulnerabilities
3.3 Unauthorized Access
3.4 Inappropriate Access of resources
3.5 Disclosure of Data
3.6 Unauthorized Modification
3.7 Disclosure of Traffic
3.8 Spoofing
3.9 Disruption of Network Functions
3.10 Common Threats
3.10.1 Errors and Omissions
3.10.2 Fraud and Theft
3.10.3 Disgruntled Employees
3.10.4 Physical and Infrastructure
3.10.5 Malicious Hackers
3.10.6 Malicious Application Terms
Chapter 4 NETWORK SECURITY ATTACKS
4.1 General Categories of Security Attacks
4.1.1 Reconnaissance Attack
4.1.1.1 Packet Sniffers
4.1.1.1.1 Passive Sniffing
4.1.1.1.2 Active Sniffing
4.1.1.2 Prot Scan & Ping Sweep
4.1.1.3 Internet Information Queries
4.1.2 Access Attack
4.1.2.1 Password Attack
4.1.2.1.1 Types of Password Attack
4.1.2.2 Trust Exploitation
4.1.2.3 Port Redirection or Spoofed ARP Message
4.1.2.4 Man-in-the-Middle Attack
4.1.3 DOS Attacks
4.1.3.1 DDOS
4.1.3.2 Buffer Overflow
4.1.4 Viruses and Other Malicious Program
Chapter 5 SECURITY COUNTERMEASURES TECHNIQUES AND TOOLS
5.1 Security Countermeasures Techniques
5.1.1 Security Policies
5.1.2 Authority of Resources
5.1.3 Detecting Malicious Activity
5.1.4 Mitigating Possible Attacks
5.1.5 Fixing Core Problems
5.2 Security Countermeasures Tools
5.2.1 Encryption
5.2.1.1 Overview
5.2.2 Conventional or Symmetric Encryption
5.2.2.1 Principle
5.2.2.2 Algorithm
5.2.2.3 Key Distributions
5.2.3 Public-key or Asymmetric Encryption
5.2.3.1 Principle
5.2.3.2 Algorithm
5.2.3.3 Key Management 
Chapter 6 SECURITY SOLUTIONS
6.1 Applications Level Solutions
6.1.1 Authentication Level
6.1.1.1 Kerberos
6.1.1.2 X.509
6.1.2 E-Mail Level
6.1.2.1 Pretty Good Privacy (PGP)
6.1.2.2 Secure/ Multipurpose Internet Mail Extension (S/MIME)
6.1.3 IP Level
6.1.3.1 Internet Protocols Security (IPSec)
6.1.4 Web Level
6.1.4.1 Secure Sockets Layer/ Transport Layer Security (SSL/TLS)
6.1.4.2 Secure Electronic Transaction (SET)
6.2 System Level Solutions
6.2.1 Intrusion Detection System (IDS)
6.2.2 Intrusion Protection System (IPS)
6.2.3 Antivirus Technique
6.2.4 Firewalls
Chapter 7 SIMULATION / TESTING RESULTS
7.1 Overview
7.2 Goal
7.3 Scenario
7.4 Object Modules
7.5 Applications/Services
7.6 Task Assignments
7.7 Object Modules
7.8 Results
7.8.1 General Network
7.8.2 Firewall Based Network
7.8.3 VPN with Firewall
7.8.4 Bandwidth Utilization
Chapter 8 CONCLUSION AND FUTURE WORK
8.1 Conclusion
8.2 Future Work
REFERENCES

GET THE COMPLETE PROJECT

Related Posts