This paper describes the basic threats to the network security and the basic issues of interest for designing a secure network. it describes the important aspects of network security. A secure network is one which is free of unauthorized entries and hackers
Over the past few years, Internet-enabled business, or e-business, has drastically improved efficiency and revenue growth. E-business applications such as e-commerce, supply-chain management, and remote access allow companies to streamline processes, lower operating costs, and increase customer satisfaction. Such applications require mission-critical networks that accommodate voice, video, and data traffic, and these networks must be scalable to support increasing numbers of users and the need for greater capacity and performance. However, as networks enable more and more applications and are available to more and more users, they become ever more vulnerable to a wider range of security threats. To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks.
Why Networks Must Be Secured?
Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors. In fact, according to several studies, more than half of all network attacks are waged internally. To determine the best ways to protect against attacks, we should understand the many types of attacks that can be instigated and the damage that these attacks can cause to data. The most common types of attacks include Denial of Service (DoS), password, and root access attacks. DoS attacks are particularly malicious because although they do not provide intruders with access to specific data, they "tie up" IS resources, preventing legitimate users from accessing applications. They are usually achieved by hackers sending large amounts of jumbled or otherwise unmanageable data to machines that areconnected to corporate networks or the Internet. Even more malicious are Distributed Denial of Service (DDoS) attacks in which an attacker compromises multiple machines or hosts. According to the 2001 Computer Security Institute (CSI) and FBI "Computer Crime and Security Survey," 38 percent of respondents detected DoS attacks, compared with 11 percent in 2000.
Historically, password attacks, attacks in which a perpetrator gains unauthorized access to network passwords in order penetrate confidential information, have been the most common type of attacks. When a hacker "cracks" the password of a legitimate user, he has access to that user's network resources and typically a very strong platform for getting access to the rest of the network. For example, in December of 2000, a hacker stole user passwords from the University of Washington Medical Center in Seattle and gained access to files containing confidential information regarding approximately 5000 patients. Hackers can often easily obtain passwords because users typically choose common words or numbers as their passwords, enabling the hacker's use of software programs to methodically determine those passwords. Hackers also deploy social engineering techniques to gain access to passwords. Social engineering is the increasingly prevalent act of obtaining confidential network security information through non technical means, such as posing as a technical support representative and making direct phone calls to employees to gather password information.
From the early days of the Internet, when only e-mail servers were on the network, a hacker's ultimate goal was to gain root access to the UNIX host that ran these applications. With root access, the hacker had full control of the system and could often collect enough information to gain access to the rest of the network and other partner networks. E-business...