Unformatted text preview: ork design, secure network design is not a well‐
developed process. There isn’t a methodology to manage the complexity of security requirements. Secure network design does not contain the same advantages as network design. An effective network security plan is developed with the understanding of security issues, potential attackers, needed level of security, and factors that make a network vulnerable to attack . The steps involved in understanding the composition of a secure network, internet or otherwise, is followed throughout this research endeavor. To lessen the vulnerability of the computer to the network there are many products available. These tools are encryption, authentication mechanisms, intrusion‐detection, security management and firewalls. Businesses throughout the world are using a combination of some of these tools. “Intranets” are both connected to the internet and reasonably protected from it. The internet architecture itself leads to vulnerabilities in the network. Understanding the security issues of the internet greatly assists in developing new security technologies and approaches for networks with internet access and internet security itself. The types of attacks through the internet need to also be studied to be able to detect and guard against them. Intrusion detection systems are established based on the types of attacks most commonly used. Network intrusions consist of packets that are introduced to cause problems for the following reasons: • To consume resources uselessly • To interfere with any system resource’s intended function • To gain system knowledge that can be exploited in later attacks The last reason for a network intrusion is most commonly guarded against and considered by most as the only intrusion motive. The other reasons mentioned need to be thwarted as well. When considering network security, it must be emphasized that the whole network is secure. Network security does not only concern the security in the computers at each end of the communication chain. When transmitting data the communication channel should not be vulnerable to attack. A possible hacker could target the communication channel, obtain the data, decrypt it and re‐insert a false message. Securing the network is just as important as securing the computers and encrypting the message. When developing a secure network, the following need to be considered : 1. Access – authorized users are provided the means to communicate to and from a particular network 2. Confidentiality – Information in the network remains private 3. Authentication – Ensure the users of the network are who they say they are 2 Typical security currently exists on the computers connected to the network. Security protocols sometimes usually appear as part of a single layer of the OSI network reference model. Current work is being performed in using a layered approach to secure network design. The layers of the security model correspond to the OSI model layers. This security approach leads to an effective and efficient design which circumvents some of the common security problems. The relationship of network security and data security to the OSI model is shown in Figure 1. It can be seen that the cryptography occurs at the application layer; therefore the application writers are aware of its existence. The user can possibly choose different methods of data security. Network security is mostly contained within the physical layer. Layers above the physical layer are also used to accomplish the network security required . Authentication is performed on a layer above the physical layer. Network security in 2. Differentiating Data Security and the physical layer requires failure detection, attack Network Security detection mechanisms, and intelligent countermeasure strategies . Data security is the aspect of security that allows...
View Full Document
- Fall '13
- Internet protocols