L11: Data Security Technology and Tools| Firewall and VPN|Intrusion Detection System| Access Control

Network Security

Information security is a critical need for individuals as well as society and all countries around the world. Since invented, computer network has brought along tremendous effectiveness in every aspect of life. Besides that users also have to face threats from all kinds of attack from hackers. Network security includes protection methods for all information that is stored and transferred through a system network. This is also a special field of interest and a difficult and complex work at the same time.

Network Security Methods

Due to a lack of absolute security solutions a network should be contemporarily constructed with multilayers to form a barrier against violating activities. The act of information security in the network focuses on protecting data stored on computers, especially on servers.

Network servers commonly have many security layers in order to enhance the ability to protect data and information. The innermost layer of protection is Access Right. This layer controls network resources (information) and rights (what users can do with those resources). This control applies to partitions, folders and files. The next layer restricts account access including usernames and passwords (Password/Login). This is a commonly used method of protection due to its simplicity, economical and highly effective. The administrator has full responsibility to control and manage the activities of other users. The third layer uses a data encryption method (Data Encryption). Data is encrypted with a certain algorithm so that even in case of data loss, hackers will not be able to read it without an encryption key. The outermost layer (Firewall) prevents intrusions, filters unwanted outgoing or incoming information packets.

Firewall

Firewalls can be understood as a piece of software running on an individual’s PC, notebook or host. It is designed to allow or restrict data transferred on a network based on a set of rules. A firewall is used to protect a network from intrusions and concurrently allow legitimate data pass through. Usually a firewall should have at least two network traffics, one for private network and one for public network activities such as the Internet. At that time it acts as a gate controlling outgoing/incoming data streams of an intranet.

Firewall Characteristics

Lists the following design goals for a firewall:

  1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall. Various configurations are possible, as explained later in this chapter.
  2. Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types of firewalls are used, which implement various types of security policies, as explained later in this chapter. 3. The firewall itself is immune to penetration. This implies the use of a hardened system with a secured operating system. Trusted computer systems are suitable for hosting a firewall and often required in government applications.

Lists four general techniques that firewalls use to control access and enforce the site’s security policy. Originally, firewalls focused primarily on service control, but they have since evolved to provide all four:

  • Service control: Determines the types of Internet services that can be accessed, inbound or outbound. The firewall may filter traffic on the basis of IP address, protocol, or port number; may provide proxy software that receives and interprets each service request before passing it on; or may host the server software itself, such as a Web or mail service.
  • Direction control: Determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.
  • User control: Controls access to a service according to which user is attempting to access it. This feature is typically applied to users inside the firewall perimeter (local users). It may also be applied to incoming traffic from external users; the latter requires some form of secure authentication technology, such as is provided in IPsec.
  • Behavior control: Controls how particular services are used. For example, the firewall may filter e-mail to eliminate spam, or it may enable external access to only a portion of the information on a local Web server.

 

VPN:

A Virtual Private Network is a connection method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. Virtual Private Networks are most often used by corporations to protect sensitive data. However, using a personal VPN is increasingly becoming more popular as more interactions that were previously face-to-face transition to the Internet. Privacy is increased with a Virtual Private Network because the user's initial IP address is replaced with one from the Virtual Private Network provider. Subscribers can obtain an IP address from any gateway city the VPN service provides

A virtual private network (VPN) allows the provisioning of private network services for an organization or organizations over a public or shared infrastructure such as the Internet or service provider backbone network. The shared service provider backbone network is known as the VPN backbone and is used to transport traffic for multiple VPNs, as well as possibly non-VPN traffic.

 

VPN (Virtual Private Network) is a generic term used to describe a communication network that uses any combination of technologies to secure a connection tunneled through an otherwise unsecured or untrusted network. Instead of using a dedicated connection, such as leased line, a "virtual" connection is made between geographically dispersed users and networks over a shared or public network, like the Internet. Data is transmitted as if it were passing through private connections.

 

VPN Devices

Before describing the various VPN technologies and models, it is useful to first describe the various customer and provider network devices that are relevant to the discussion.

Devices in the customer network fall into one of two categories:

  • Customer (C) devices—C devices are simply devices such as routers and switches located within the customer network. These devices do not have direct connectivity to the service provider network. C devices are not aware of the VPN.
  • Customer Edge (CE) devices—CE devices, as the name suggests, are located at the edge of the customer network and connect to the provider network.
  • Service Provider (P) devices—P devices are devices such as routers and switches within the provider network that do not directly connect to customer networks. P devices are unaware of customer VPNs.
  • Service Provider Edge (PE) devices—PE devices connect directly to customer networks via CE devices. PE devices are aware of the VPN in PE-based VPNs, but are unaware of the VPN in CE-based VPNs.

There are three types of PE device:

— Provider Edge routers

— Provider Edge switches

— Provider Edge devices that are capable of both routing and switching        

Why do I need a VPN?

  • Hide your IP address

Connecting to a Virtual Private Network often conceals your real IP address.

  • Change your IP address

Using a VPN will almost certainly result in getting a different IP address.

  • Encrypt data transfers

A Virtual Private Network will protect the data you transfer over public WiFi.

  • Mask your location

With a Virtual Private Network, users can choose the country of origin for their Internet connection.

  • Access blocked websites

Get around website blocked by governments with a VPN.

 

Intrusion detection:

An intrusion detection system (IDS) is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information system through malicious activities or through security policy violations. 

An IDS works by monitoring system activity through examining vulnerabilities in the system, the integrity of files and conducting an analysis of patterns based on already known attacks. It also automatically monitors the Internet to search for any of the latest threats which could result in a future attack.

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents.

Different types of intrusion detection systems      

Intrusion detection systems come in different flavors and detect suspicious activities using different methods, including the following:

  • A network intrusion detection system (NIDS) is deployed at a strategic point or points within the network, where it can monitor inbound and outbound traffic to and from all the devices on the network.
  • Host intrusion detection systems (HIDS) run on all computers or devices in the network with direct access to both the internet and the enterprise internal network. HIDS have an advantage over NIDS in that they may be able to detect anomalous network packets that originate from inside the organization or malicious traffic that a NIDS has failed to detect. HIDS may also be able to identify malicious traffic that originates from the host itself, as when the host has been infected with malware and is attempting to spread to other systems.
  • Signature-based intrusion detection systems monitor all the packets traversing the network and compares them against a database of signatures or attributes of known malicious threats, much like antivirus software.

 

Access control:

Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization.

To secure a facility, organizations use electronic access control systems that rely on user credentials, access card readers, auditing and reports to track employee access to restricted business locations and proprietary areas, such as data centers. Some of these systems incorporate access control panels to restrict entry to rooms and buildings as well as alarms and lockdown capabilities to prevent unauthorized access or operations.

Access control systems perform identification authentication and authorization of users and entities by evaluating required login credentials that can include passwords, personal identification numbers (PINs), biometric scans, security tokens or other authentication factors. Multifactor authentication, which requires two or more authentication factors, is often an important part of layered defense to protect access control systems.

Types of access control

The main types of access control are:

  • Mandatory access control(MAC): A security model in which access rights are regulated by a central authority based on multiple levels of security. Often used in government and military environments, classifications are assigned to system resources and the operating system or security kernel, grants or denies access to those resource objects based on the information security clearance of the user or device.
  • Discretionary access control (DAC):An access control method in which owners or administrators of the protected system, data or resource set the policies defining who or what is authorized to access the resource. Many of these systems enable administrators to limit the propagation of access rights. A common criticism of DAC systems is a lack of centralized control.
  • Role-based access control(RBAC): A widely used access control mechanism that restricts access to computer resources based on individuals or groups with defined business functions -- executive level, engineer level 1 -- rather than the identities of individual users. The role-based security model relies on a complex structure of role assignments, role authorizations and role permissions developed using role engineering to regulate employee access to systems. RBAC systems can be used to enforce MAC and DAC frameworks.
  • Rule-based access control:A security model in which the system administrator defines the rules that to govern access to resource objects. Often these rules are based on conditions, such as time of day or location. It is not uncommon to use some form of both rule-based access control and role-based access control to enforce access policies and procedures.
  • Attribute-based access control (ABAC):A methodology that manages access rights by evaluating a set of rules, policies and relationships using the attributes of users, systems and environmental conditions.