Elements of Network Security
Network / Datacom I TCM 537
Mr. Stuart Sandler
November 28, 2005
Elements of Network Security
The primary objective of a network security system is to, in a cost effective manner, balance convenient access to legitimate users and inaccessibility to attackers. In a nutshell, the goal is to prevent connectivity to anyone intending to cause harm to the network. The harm to which this paper refers can come in the following forms: 1.
Application-level security threats, such as e-mail viruses and attachments. 2.
Threats to network infrastructure devices.
Theft of network connectivity services.
Unauthorized access from internal and external sources.
Denial of service attacks.
Using a proper network security strategy reduces and, in some cases, even avoids the listed harmful attacks from occurring on a network (Gary, T., et al, Mar. 2002). This paper will discuss such a strategy used by the Los Angeles Department of Water and Power (LADWP), as well as the strategy's three primary elements: prevention, detection, and recovery. Prevention
Surprisingly, the most common threat to a company's information assets does not come from the sly and cunning computer hacker that is glamorized by Hollywood movies, but from human error, inappropriate disclosures, and sheer carelessness on the part of the company's employees. Hackers who do intentionally tamper with the company's network often do so because they are tempted by assets they know are poorly protected. Weak security policies present the image that a company does not truly value its assets, which in turn attracts the petty thief and curiosity seeker. Therefore, the preventive element of any network security system should include a strong and enforceable security policy for its employees to follow, re-enforced by a form of technical protection (Control Data, 1999). Firewalls, antivirus programs and packet filtering devices are used to protect access to the network at the LADWP. But these tools alone do not provide adequate system security a policy for system users, as mentioned above, that is based on the identification and prioritization of threats and assumed threats helps to maintain the network's health. The key feature of the policy is an ongoing training program that teaches all users the importance and value of including safe system user practices in their daily routine. Users are more likely to follow security practices if they understand the purpose of the practice and the consequences when these practices aren't used. Added to the training is a physical and electrical restriction of access to sensitive information and areas to users who have no business purpose for using such access. To ensure that the preventive measures are functioning effectively, regular audits of the security policy are performed. Log-on IDs are checked to verify their validity, and the users' activities are monitored to determine if the policies are being followed. Detection
The next element of a network security system is system violation detection, or intrusion detection. This is an effort, should a system violator manage to breach the security of the network, to catch the violation before any real damage can be done to the network. The most common approach to intrusion detection is based on the belief that violations can be discovered by looking for abnormal system usage, or scanning the system in search for known attack patterns or virus indicators (Denning, D., 1986). The two approaches used by LADWP are automated intrusion detection, and network traffic and vulnerability monitoring. For automated intrusion detection, LADWP has deployed the Cisco Intrusion Detection System (IDS). This system has two major components the sensors and the Director Platform. The sensor captures network packets, reassembles them, and compares these packets against known intrusion signatures. Should the sensor detect an attack,...
References: Control Data Systems Inc. (1999). Why security policies fail. [Electronic version] Retrieved Nov. 25, 2005, from http://downloads.securityfocus.com/library/Why_Security_Policies_Fail.pdf
Denning, G. (1998). An intrusion-detection model. [Electronic version]. Retrieved Nov. 25, 2005, from http://www.cc.gatech.edu/~wenke/ids-readings/id_model.pdf
Gary, T., et al (Mar. 2002). Network security credo. [Electronic version]. Retrieved Nov. 25, 2005, from http://staff.washington.edu/gray/papers/credo.html
Stiffler, R. & Carter, E. (Dec. 28, 2001). Intrusion detection: Cisco IDS overview. [Electronic version]. Retrieved Nov. 26, 2005, from http://www.informit.com/articles/article.asp?p=24696&rl=1
Please join StudyMode to read the full document