Looking At Network Security Vulnerability Information Technology Essay

Introduction

Network attacks and business losses resulting from network security breaches have recently drawn public attention to network security concerns. The importance of protecting network security is increasing for virtually every business entity as well as for individuals dealing with these networks. Moreover, the society is currently in the state of irrational fear concerning network security and potential consequences of hackers’ actions. The dependency on computers and possibilities given by networks is also growing, and as a result, the number of attacks grows in geometrical progression.

Another distinctive tendency is greater availability of tools for network attacks and intrusions (Maiwald, 2004). Attacks involving multiple computers and distributed attacks have become more common. At the same time, network protection instruments are also becoming more complicated and varied. All these tendencies require more attention to network security vulnerabilities and deeper understanding of their causes. Moreover, for effective action against network threats separate actions are not likely to be effective and there is a need for an integrated security framework.

Statement of the Problem

The variety of network attacks, abundance of software and growing number of reports on security incidents press an overwhelming workload on system administrators and require more and more attention. In order to maintain security of large computer systems, it is necessary to structure security issues and develop a consistent action plan.

The aim of this research paper is to study and classify network security vulnerabilities, analyze basic types of network attacks as well as methods of addressing these attacks, and outline core policies necessary for covering network security vulnerabilities and maintaining network security. The outcome of this paper is to give a recommendation for maintaining informational security framework.

Definition and classification of network security vulnerabilities

Concept and elements of network security

There are two goals of network security: computer system security and communication security (Maiwald, 2004). Computer system security implies protection of information against malicious or unauthorized use, disclosure, modification or destruction. The aim of communication security is to protect information in the transmission process from unauthorized disclosure, modification or destruction.

In terms of network security, there are five major objectives: confidentiality, integrity and availability (Krsul, 1998). Confidentiality means the prevention of information disclosure to unauthorized people or entities. Integrity means that no changes of data might go untracked. Availability implies that the network system should be available when it is needed, to subjects with proper grants. Currently, two more concepts are considered to be added to basic requirements for networks: authenticity and accountability. Authenticity is the possibility to verify the identity of user and confidence about transmission validity. Finally, accountability requires keeping track of actions of all entities within the system, and clear identification of the entity related to an action or piece of information.

Network security is highly important for both individual users and enterprises for various purposes. For individual users, the benefits of maintaining proper network security are protection of information, proper functioning of PCs and other network devices, safety in terms of unauthorized access to network. For companies, this list of benefits can be expanded with such advantages as protection of company’s assets, gaining competitive advantage and compliance with regulatory requirements.

Definition of vulnerability

Maintaining network security involves the protection of network system against malicious or unauthorized interference and access. Such access can be performed using the vulnerabilities of a network system. Schneider (1998) uses the following definition: “a vulnerability is an error or weakness in design, implementation or operation”.

Kizza (2009) describes this concept in the following way: “system vulnerabilities are weaknesses in the software or hardware on a server or a client that can be exploited by a determined intruder to gain access or to shut down a network”. From practical point of view, a vulnerability of the network system means the weakness in a security procedure or an absence of appropriate security measure or other control that could be exploited by an intruder (Ciampa, 2008). Not only computer systems, i.e. hardware and software, have vulnerabilities. The possibilities for intrusion might evolve from insufficient policies and procedures applied for a network system and for users/employees of this system.

Classification and sources of vulnerabilities

As it was identified in the previous section, vulnerabilities may come out of software and hardware security flaws as well as from policies and regulations used within a network system. In this paper the classification developed by Kizza (2009) will be used; according to it, vulnerabilities are classified by: Vulnerability Presence, Protection Barriers, Temporal Constraints, Complexity, Context, Social engineering, Access, and Exposure (Weber & Karger & Paradkar, 2005). It is possible to outline several major sources of vulnerabilities which should be addressed while building a consistent security policy.

First of all, vulnerabilities emerge as a result of design flaws (Dowd & McDonald & Schuh, 2006). Hardware systems are less likely to incorporate design flaws, while the growing complexity of software leads to many sources of vulnerabilities hidden in this factor. Human factors in software development might result in security flaws due to as memory lapses, use of non-standard algorithms, lack of security testing, complacency and even malicious intentions. The complexity of programs and consequent difficulty of testing, developing speed, contradictions between design specifications etc. lead to potential vulnerabilities (Dowd & McDonald & Schuh, 2006). Another reason of growing number of software vulnerabilities is the lack of trustworthy software sources (Andress, 2004). Users do not bother about security issues and consequences of using a particular program due to abundance of software and various distribution rules (such as freeware, shareware and beta-tested products). Many of products available in trial version and open source software might contain trojan viruses, for example (Choi & Robles & Kim, 2008). Open code might be used by hackers and intruders for creating new vulnerabilities; thus, free and open-source products should be treated cautiously.

Besides built-in vulnerabilities, there are security management issues. If security management is not well-organized, e.g. if strong encryption of secure data and firewalls are not used within the network, or user security policies are not defined or not controlled, then the network system might experience security problems. With the growing number of wireless networks, planning security starting from hardware level and ending with policies is absolutely essential. Core components of security management are: (Stallings, 2010) risk management, policies of information security, classification of information, security monitoring and security education.

Vulnerabilities might also evolve from incorrect implementation (for example, using software with incompatible interfaces or wrong versions of system parts), due to changing nature of technology (and changing nature of hackers and intrusion methods) and as a result of multiple troubles in fixing vulnerable system, e.g. applying multiple patches, updates and running multiple protection systems.

Finally, the ever-lasting source of vulnerabilities and attacks is Internet and web-related software. According to Kizza (2009), the number of reported system vulnerabilities has grown by 24 times during the 1995-2002 period. Software vulnerabilities might be coming from operating system security breaches, port-based vulnerabilities, web application errors and vulnerabilities of software dealing with client and server network protocols.

Network attacks

Classification of network attacks

A network attack can be defined as “any method, process or means used to maliciously attempt to compromise the security of the network” (Banzhof, 2003). Network attacks can be classified using various criteria and characteristics. First of all, network threats may be divided into internal and external threats. Major external threats are: data modification or data manipulation, eavesdropping, spoofing, denial of services, man-in-the-middle, sniffers, password attacks, brute force attacks, backdoor attacks, viruses, spyware, and adware (Pothamsetty & Akyol, 2004). Internal threats include malicious disclosure of information by employees, password sharing, unauthorized access, purposeful data damage, and vulnerability to social engineering (Poole, 2002).

Secondly, attacks might be distinguished by the zones of vulnerability (Fig. 1): attacks on centralized resources, distributed resources, branch offices and access network attacks.

Figure 1. Zones of vulnerability (Barnum & Sethi, 2006)

In general, network attacks are difficult to classify because of various vulnerability sources and multiple methods used by intruders. Landwehr, Bull, McDermott & Choi (1994) have developed a detailed classification table sorting existing network threats and attacks according to 14 characteristics. This classification and major types of attacks correspondingly are listed in Table 1.

Classification feature:

Attacks

1. By the attack objective

Super-user privilege gain

User privilege gain

Denial of service

Information integrity violation

Information or system resource confidentiality violation

Malicious code execution

Security policy violation

2. By the effect type

Executable code detection

„Trojan” horse, virus

Web application executable code detection

Unauthorized proxy server use

Buffer overflow

Probe or scan

Nonstandard protocol use

Nonstandard port use

Masquerading as another host

False object insertion

3. By the ISO/OSI model level

Physical

Data Link

Network

Transport

Session

Presentation

Application

4. By type of the operating system

Windows

Linux

Solaris

BSD

MacOS

Other

5. By the location

of attack subject

Inside local segment

Between segments

Physical access

System user privilege

System administration privilege

6. By the type of object location

Local system

Local network (Ethernet)

Global network (Internet)

Wireless network

P2P network

7. By the attacked service

Web (HTTP)

File transfer (FTP, SMB, CIFS)

Mail (SMTP, POP3, IMAP)

Network control (SNMP)

Domain name (DNS)

Remote control (telnet, ssh, RDP)

Host configuration (DHCP)

Dynamic routing (RIP, OSPF, BGP it kt.)

Encryption (SSL)

Other

8. By the attack

concentration

Atomic

Fragmented

9. By feedback

With feedback

Without feedback

10. By the attack execution initial conditions

On attack object request

On specified attack object event

Unconditional

11. By the impact type

Passive

Active

Manual

12. By the attack automation

Automatic

Semi-automatic

Manual

13. By the attack source

One vs one

Many vs one

One vs many

14. By the connection quantity

Single

Multiple

Table 1. Network system attack classification

(Landwehr & Bull & McDermott & Choi, 1994)

Common attacks and protection methods

Eavesdropping – gaining access to network through “listening” to network traffic (sniffing or snooping), and gaining access to secure information as a result. This attack is solved with the help of cryptography.

Modification of data – altering network packets after gaining access, especially common for billing and payment systems (Harrington, 2005). This attack is solved by applying modern encryption solutions which also check data integrity.

IP address spoofing – intruder’s computer falsely assumes to be a trusted computer with IP address from allowed range, and might request any information exchange. Protection against spoofing is done using authorization sessions and protocols like IPsec (Howard & LeBlanc & Viega, 2005).

Password-based attacks – breaking password for a certain account by dictionary attacks and brute force selection. In order to avoid such attacks, strict password policy should exist, passwords should be at least 8 symbols long and must include letters, numbers and punctuation marks. Also, password change policy should be planned.

Denial of service – network attach which makes a resource unavailable due to a large number of network traffic and packets to a chosen server or host. To protect from such attacks, network administrator needs to configure routers to perform IP verify unicast reverse-path interface, or filter all available namespace using ACL lists (Harrington, 2005).

Man-in-the-middle – the intruder interferes into the communication between server and client, pretending to be some of them (or both) or re-routes the data exchange. Latest security patches, browsers with properly set up security and accurate use of SSL certificates can help against this type of attack.

Worms and trojans – malware performing various types of access attacks is installed in the system through web or comes with infected software. Means of protection from this threat are properly set up and timely updates antivirus and firewall systems.

Application layer attack taken place when intruders use the vulnerabilities of operating systems and software to bypass access control and break into the system. To avoid these attacks, security updates and patches should be maintained everywhere, and firewall protection enabled.

It should be noted that it is not quite useful to address different types of attacks separately; instead, a consistent set of measures for maintaining network security should be developed. With respect to al types of network attacks, the core components which should be included in the process of designing a network security system are: Network attack prevention, Network attack detection, Network attack isolation, and Network attack recovery.

Network security policies

Vulnerability Assessment

According to Manzuik, Pfeil, Gold and Gatford (2006), 95% of intrusions use existing vulnerabilities with countermeasures available. Thus, in order to address network security vulnerabilities it is necessary to develop a consistent security policy including all aspects of system: hardware, software and humanware (Bishop, 1995). The process of evaluating system security can be divided into 5 major steps.

Step 1. Identification of Systems

First of all the administrator should scan network structure, determine all computers and other associated devices, and prepare a network plan using appropriate network mapping software. After identification of key devices, it is necessary to outline critical systems and assign priority to these systems.

Step 2. Vulnerability assessments

Currently there are many vulnerability scanners available. Such scanners generally address not only software vulnerabilities, but also defects of network protection such as not secured accounts, improper configurations and the existence of backdoors (Seacord & Householder, 2005). The best practice is to use several vulnerability assessment tools and create a whole picture of security breaches after the scanning.

Step 3. Review of vulnerabilities

This step focuses on estimating the severity of vulnerabilities identified and prioritizing within the critical troubles. The best solution for step 3 is “to leverage vulnerability remediation” (Chambers & Thompson, 2004) and search for tools that allow to combine data from various assessment scanners.

Step 4. Remediation of vulnerabilities

There are three common ways of addressing network vulnerabilities for network administrator: manual remediation, patch deployment tools and automated remediation tools. In case of patch deployment, a secondary scanning for vulnerabilities should be performed. Some vulnerability scanners also offer automatic remediation; however, the results should be checked by independent vulnerability assessment software.

Step 5. Vulnerability management

Network administrator should elaborate a scalable system of addressing emerging vulnerabilities (Vanden & Riordan & Piessens, 2005). This might be an automated solution or a scheduled set of tasks; however, this tactic should be repeatable and address all aspects of a network system.

Building a network security system

Protecting network security and overcoming network security vulnerabilities requires a detailed security policy. In order to establish protection against external and internal attacks, an Intrusion Detection System (IDS) should be planned and implemented (Kaeo, 2003). An IDS might consist of firewall, network monitoring means and other appropriate software. It is important to set up the IDS against all types of threats and ensure logging all kinds of attacks. In addition to addressing common network threats it is necessary to analyze risks imposed on the network by different types of threats and prioritize which types of threats should be addressed primarily.

It is possible to identify five main security groups in the process of developing a security strategy (Kaeo, 2003). The first group is security policies. There should be separate document describing security policies, what employees can do and what is restricted. Security policy document should also describe e-mail and internet usage, classification of information that might be disclosed and that should never be disclosed to second parties. This document usually describes the cycles of security review and improvement.

Security on the network “perimeter” represents a set of controls over the devices connected to the network, control over types of users getting access to network, and types of access (remote/local) and monitoring for any deviations in the network behaviour. Figure 2 illustrates the perimeter protection performed by firewall and IPS.

Figure 2. Example of network security structure (Liska, 2003)

The network should be divided into segments, with filtering internet access and firewall protection blocking unused ports and moderating effect of spoofed ports (Stallings, 2007). Patches and security updates should be installed timely. It is recommended to establish user authentication policy and strengthen it. Finally, the network needs to be protected against known types of attacks; informational security policy has to be established and users should be strongly aware of it.

Summary

Network security can be divided into two branches: security of computer systems and communication security. There are numerous sources of vulnerabilities in both of these security spheres. The major sources of vulnerabilities are design flaws, software development flaws, security management issues, incorrect implementation, changing technologies and troublesome process in fixing vulnerable systems.

There exist multiple types of network attacks evolving due to the above-mentioned types of vulnerabilities. These attacks may be classified according to scope and other characteristics. Detailed classification taxonomy is presented in section 2. Common attacks are eavesdropping, data modification, spoofing, password attacks, DOS and DDOS, man-in-the-middle, trojans, worms, viruses and application layer attacks.

For each type of these attacks, there is a number of countermeasures. However, to create an efficient network security system it is necessary to use integrated approach. It includes creating a security policy document, 5-step vulnerability assessment, Intrusion Prevention System, a system for logging/tracking security incidents, Incident Response Plan and security risk management methods.

Problem resolution

The essential measures such as proper user authentication procedures, efficient system monitoring and professional system administrators are only the background of the security framework. It is very strongly recommended to create a separate policy document where all specifications, access rules, monitoring and controlling procedures and employee behaviors are described. Analyzing network security policies and vulnerability assessments discussed in the last section, it is possible to develop the following recommendations.

A network security system should perform monitoring, alert and reporting on all the types of network threats at the internal and external levels. Outside protection measures include perimeter defense (Stallings, 2007), network segmentation, anti-malware and intrusion prevention systems, control of access and secure configuration. At the level of physical security, unauthorized access to servers and data storages with sensitive information should be prohibited, and mechanisms of data backup should be implemented. At the internal level, such measures as secure configuration, control of access, use of anti-malware and intrusion preventive software as well as network segmentation need to be implemented.

Several features recommended for protecting critical data and systems are:

Planning special security for servers with sensitive information

Controlling access to devices and using a certain form of user authentication

Setting maximal security for devices with secure configurations

Controlling physical access to critical network devices

Using VLANs for increasing network security (Stallings, 2007)

It is strongly recommended to document the security reports, and to create an Incident Response Plan for orderly dealing with security incidents (Liska, 2003). The security policy needs to contain a plan of reacting to network attacks and security incidents. Such policy should determine the responses to various types of incidents, actions for different network attacks. This policy should also determine the individuals responsible for dealing with different types of security issues and escalation procedures. In general, it is necessary to remember that network functionality and network security are working at cross-purposes, and the key to successful network protection is effective risk management and prioritization.