International Journal of Scientific and Research Publications, Volume 3, Issue 8, August 2013 1

ISSN 2250-3153

Network Security
Priyank Sanghavi, Kreena Mehta*, Shikha Soni**

EXTC, D.J Sanghvi College of Engineering

*
IT, Sardar Patel Institute of Engineering
**
EXTC, D.J Sanghvi College of Engineering

Abstract- Network security has become more important to

personal computer users, organizations, and the military. With II. NETWORK SECURITY
the advent of the internet, security became a major concern and System and network technology is a key technology for a
the history of security allows a better understanding of the wide variety of applications. Networks and applications need
emergence of security technology. The internet structure itself security. Although, network security is a critical requirement,
allows for many security threats to occur. If the architecture of there is a significant lack of security methods that can be
the internet is modified, it can reduce the possible attacks that implemented easily.
can be sent across the network. Knowing the attack methods There exists a “communication gap” between the developers
allows us to emerge with appropriate security. Many businesses of security technology and developers of networks. Network
secure themselves from the internet by means of firewalls and design is a well‐developed process that is based on the Open
encryption mechanisms. The businesses create an “intranet” to Systems Interface (OSI) model. The protocols of different layers
remain connected to the internet but secured from possible can be easily combined to create stacks which allow modular
threats. The entire field of network security is vast and in an development. The implementation of individual layers can be
evolutionary stage. In order to understand the research being changed later without making other adjustments, allowing
performed today, background knowledge of the internet, its flexibility in development. In contrast to network design, secure
vulnerabilities, attack methods through the internet, and security network design is not a well‐developed process. There isn’t a
technology is important and therefore they are reviewed. methodology to manage the complexity of security requirements.
Secure network design does not contain the same advantages as
Index Terms- Data Security, Internet Architecture, IPv4, network design.
Network Security. Network security doesn’t mean securing both end computers.
When transmitting data the communication channel should not
be vulnerable to attack. A possible hacker could target the
I. INTRODUCTION communication channel, obtain the encrypted data, and decrypt it

T he world is becoming more interconnected due to Internet

and new networking technology. There is a large amount of
personal, commercial, military, and government information on
and re‐insert a false message. Securing the middle network is just
as important as securing the computers and encrypting the
message.
networking infrastructures worldwide. Network security is When developing a secure network, the following need to be
becoming of utmost importance because of intellectual property considered [1]:
that can be easily acquired through the internet. There can be 1. Access– Authorized users are provided the means to
breach in intellectual property. communicate to and from a particular network
There are two types of fundamentally different networks: 2. Confidentiality– Information in the network remains
data networks and synchronous network comprised of switches. private
The internet is considered a data network. Since the current data 3. Authentication – Ensure the users of the network are who
network consists of computer‐based routers, information can be they say they are
obtained by special programs, such as “Trojan horses,” planted in 4. Integrity – Ensure the message has not been modified in
the routers. The synchronous network that consists of switches transit
does not buffer data and therefore are not threatened by attackers. 5. Non‐repudiation – Ensure the user does not refute that he
That is why security is emphasized in data networks, such as the used the network
internet, and other networks that link to the internet.
The vast topic of network security is analyzed by researching With the understanding of security issues, potential attackers,
the following: needed level of security, and factors that make a network
1. Internet architecture and vulnerable security aspects of vulnerable to attack an effective network security plan is
the Internet developed [1]. To make the computer less vulnerable to the
2. Types of internet attacks and security methods network there are many products available. These tools are
3. Security for networks with internet access encryption, firewalls, intrusion‐detection, and security
4. Current development in network security hardware management and authentication mechanisms. Businesses
and software throughout the world are using a combination of some of these
tools. “Intranets” are both connected to the internet and
reasonably protected from it. The internet architecture itself leads

www.ijsrp.org
International Journal of Scientific and Research Publications, Volume 3, Issue 8, August 2013 2
ISSN 2250-3153

to vulnerabilities in the network. Understanding the security above the physical layer are also used to accomplish the network
issues of the internet greatly helps to develop secure solutions to security required. Authentication is performed on a layer above
protect the networks from the internet. the physical layer. Network security in the physical layer requires
failure detection, attack detection mechanisms, and intelligent
The types of attacks through the internet need to also be counter measure strategies [2].
studied to be able to detect and guard against them. Intrusion
detection systems are established based on the types of attacks
most commonly used. Network intrusions consist of packets IV. INTERNET ARCHITECTURE AND VULNERABLE
that are introduced to cause problems for the following reasons: SECURITY ASPECTS
 To consume resources uselessly Fear of security breaches on the Internet is causing
 To interfere with any system resource’s intended organizations to use protected private networks or intranets. The
function Internet Engineering Task Force (IETF) has introduced security
 To gain system knowledge like passwords, logins that mechanisms at various layers of the Internet Protocol Suite [4].
can be exploited in later attacks These security mechanisms allow for the logical protection of
data units that are transferred across the network. The current
version and new version of the Internet Protocol are analyzed to
III. DIFFERENTIATING DATA SECURITY AND determine the security implications. Although security may exist
NETWORK SECURITY within the protocol, not all attacks are guarded against. These
Data security is the aspect of security that allows a client’s attacks are analyzed to determine other security mechanisms that
data to be transformed into unintelligible data for transmission. may be necessary.
Even if this unintelligible data is intercepted, a key is needed to The security architecture of the internet protocol known as IP
decode the message. This method of security is effective to a Security is a standardization of internet security. IP security, IP
certain degree. Strong cryptography in the past can be easily sec, covers the new generation of IP (IPv6) as well as the current
broken today. Due to advancement of hackers, cryptographic version (IPv4). Although new techniques, such as IP sec, have
methods have to develop constantly to be one step ahead. been developed to overcome internet’s best‐known deficiencies,
When transferring cipher text over a network, it is helpful to they seem to be insufficient [5].
have a secure network. This will allow for the cipher text to be
protected, so that it is less likely for many people to even attempt
to break the code. A secure network will also prevent someone
from inserting unauthorized messages into the network.
Therefore, hard ciphers are needed as well as attack‐hard
networks.

Figure 2: shows a visual representation of how IPsec is

implemented to provide secure communications.

IP sec is a point‐to‐point protocol, one side encrypts, the

other decrypts and both sides share key or keys. IPsec can be
used in two modes, namely transport mode and tunnel modes.
[1] Figure 1

The relationship of network security and data security to the V. ATTACKS THROUGH THE CURRENT INTERNET
OSI model is shown in Figure 1. It can be seen that the PROTOCOL IPV4
cryptography occurs at the application layer; therefore the
application writers are aware of its existence. The user can 1. Common Internet Attack Methods
possibly choose different methods of data security. Network Common internet attacks methods are broken down into
security is mostly contained within the physical layer. Layers categories. Some attacks gain system knowledge or personal
information, such as eaves dropping and phishing. Attacks can

www.ijsrp.org
International Journal of Scientific and Research Publications, Volume 3, Issue 8, August 2013 3
ISSN 2250-3153

also interfere with the system’s intended function, such as 2. Technology for Internet Security
viruses, worms and trojans. The other form of attack is when the Internet threats will continue to be a major issue in the global
system’s resources are consumes uselessly, these can be caused world as long as information is accessible and transferred across
by denial of service (DoS) attack. Other forms of network the Internet. Different defense and detection mechanisms were
intrusions also exist, such as land attacks, surf attacks, and developed to deal with these attacks.
teardrop attacks. These attacks are not as well-known as DoS
attacks, but they are used in some form or another even if they 2.1 Cryptographic systems
aren’t mentioned by name. Cryptography is a useful and widely used tool in security
engineering today. It involved the use of codes and ciphers to
1.1 Eavesdropping transform information into unintelligible data. These
Interception of communications by an unauthorized party is unintelligible data is thus transferred in the network safely.
called eavesdropping. Passive eavesdropping is when the person
only secretly listens to the networked messages. On the other 2.2 Firewall
hand, active eaves dropping are when the intruder listens and A firewall is a typical border control mechanism or perimeter
inserts something into the communication stream. This can lead defense. The purpose of a firewall is to block traffic from the
to the messages being distorted. Sensitive information can be outside, but it could also be used to block traffic from the inside.
stolen this way [8]. A firewall is the frontline defense mechanism against intruders. It
is a system designed to prevent unauthorized access to or from a
1.2 Viruses private network. Firewalls can be implemented in both hardware
Viruses are self‐replication programs that use files to infect and software, or a combination of both [8].
and propagate [8]. Once a file is opened, the virus will activate
within the system. 2.3 Intrusion Detection Systems
An Intrusion Detection System (IDS) is an additional
1.3 Worms protection measure that helps ward off computer intrusions. IDS
A worm is similar to a virus because they both are systems can be software and hardware devices used to detect an
self‐replicating, but the worm does not require a file to allow it to attack. IDS products are used to monitor connection in
propagate [8]. There are two main types of worms, mass‐mailing determining whether attacks are been launched. Some IDS
worms and network‐ aware worms. Mass mailing worms use systems just monitor and alert of an attack, whereas others try to
email as a means to infect other computers. Network‐aware block the attack.
worms are a major problem for the Internet. A network‐aware
worm selects a target and once the worm accesses the target host, 2.4 Anti‐Malware Software and Scanners
it can infect it by means of a Trojan or otherwise. Viruses, worms and Trojan horses are all examples of
malicious software, or Malware for short. Special so‐called
1.4 Trojans anti‐Malware tools are used to detect them and cure an infected
Trojans appear to be benign programs to the user, but will system.
actually have some malicious purpose. Trojans usually carry
some payload such as a virus [8]. 2.5 Secure Socket Layer (SSL)
The Secure Socket Layer (SSL) is a suite of protocols that is
1.5 Phishing a standard way to achieve a good level of security between a web
Phishing is an attempt to obtain confidential information browser and a website. SSL is designed to create a secure
from an individual, group, or organization [9]. Phishers trick channel, or tunnel, between a web browser and the web server, so
users into disclosing personal data, such as credit card numbers, that any information exchanged is protected within the secured
online banking credentials, and other sensitive information. tunnel. SSL provides authentication of clients to server through
the use of certificates. Clients present a certificate to the server to
1.6 IP Spoofing Attacks prove their identity.
Spoofing means to have the address of the computer mirror
the address of a trusted computer in order to gain access to other
computers. The identity of the intruder is hidden by different VI. SECURITY ISSUES OF IP PROTOCOL IPV6
means making detection and prevention difficult. With the IPv6 is the next thing everyone’s talking about. From a
current IP protocol technology, IP‐ spoofed packets cannot be security point of view, IPv6 is a considerable advancement over
eliminated [8]. the IPv4 internet protocol Despite the IPv6’s great security
mechanisms; it still continues to be vulnerable to threats. Some
1.7 Denial of Service areas of the IPv6 protocol still pose a potential security issue.
Denial of Service is an attack when the system receiving too The new internet protocol does not protect against is configure
many requests cannot return communication with the requestors servers, poorly designed applications, or poorly protected sites.
[9].The system then consumes resources waiting for the
handshake to complete. Eventually, the system cannot respond to The possible security problems emerge due to the following:
any more requests rendering it without service. 1. Header manipulation issues
2. Flooding issues

www.ijsrp.org
International Journal of Scientific and Research Publications, Volume 3, Issue 8, August 2013 4
ISSN 2250-3153

3. Mobility issues VIII. CURRENT DEVELOPMENTS IN NETWORK

SECURITY
Header manipulation issues arise due to the IPsec’s The network security field is continuing down the same
embedded functionality [7]. Extension headers deter some route. The same methodologies are being used with the addition
common sources of attacks because of header manipulation. The of biometric identification. Biometrics provides a better method
problem is that extension headers need to be processed by all of authentication than passwords. This might greatly reduce the
stacks, and this can lead to a long chain of extension headers. unauthorized access of secure systems. The software aspect of
The large number of extension headers can overwhelm a certain network security is very dynamic. Constantly new firewalls and
node and is a form of attack if it is deliberate. Spoofing continues encryption schemes are being implemented. The research being
to be a security threat on IPv6 protocol. A type of attack called performed assist in understanding current development and
port scanning occurs when a whole section of a network is projecting the future developments of the field.
scanned to find potential targets with open services [5]. The
address space of the IPv6 protocol is large but the protocol is still 1. Hardware Developments
not invulnerable to this type of attack. Mobility is a new feature Hardware developments are not developing rapidly.
that is incorporated into the internet protocol IPv6. The feature Biometric systems and smart cards are the only new hardware
requires special security measures. Network administrators need technologies that are widely impacting security. The most
to be aware of these security needs when using IPv6’s mobility obvious use of biometrics for network security is for secure
feature. workstation logons for a work station connected to a network.
Each workstation requires some software support for biometric
identification of the user as well as, depending on the biometric
VII. SECURITY IN DIFFERENT NETWORKS being used, some hardware device. The cost of hardware devices
The businesses today use combinations of firewalls, is one thing that may lead to the widespread use of voice
encryption, and authentication mechanisms to create “intranets” biometric security identification, especially among companies
that are connected to the internet but protected from it at the and organizations on a low budget. Hardware device such as
same time. Intranet is a private computer network that uses computer mice with built in thumbprint readers would be the
internet protocols. Intranets differ from "Extranets" in that the next step up. These devices would be more expensive to
former are generally restricted to employees of the organization implement on several computers, as each machine would require
while extranets can generally be accessed by customers, its own hardware device.
suppliers, or other approved parties.
There does not necessarily have to be any access from the 2. Software Developments
organization’s internal network to the Internet itself. When such The software aspect of network security is very vast. It
access is provided it is usually through a gateway with a firewall, includes firewalls, antivirus, VPN, intrusion detection, and much
along with user authentication, encryption of messages, and often more. The research development of all security software is not
makes use of virtual private networks (VPNs). feasible to study at this point. The goal is to obtain a view of
Although intranets can be set up quickly to share data in a where the security software is heading based on emphasis being
controlled environment, that data is still at risk unless there is placed now.
tight security. The disadvantage of a closed intranet is that vital
data might not get into the hands of those who need it. Intranets
have a place within agencies. But for broader data sharing, it IX. FUTURE TRENDS IN SECURITY
might be better to keep the networks open, with these safeguards: What is going to drive the Internet security is the set of
applications more than anything else. The future will possibly be
1. Firewalls that detect and report intrusion attempts that the security is similar to an immune system. The immune
2. Sophisticated virus checking at the firewall system fights off attacks and builds itself to fight tougher
3. Enforced rules for employee opening of e‐ enemies. Similarly, the network security will be able to function
Mail attachments as an immune system.
4. Encryption for all connections and data transfers The trend towards biometrics could have taken place a while
5. Authentication by synchronized, timed passwords or security ago, but it seems that it isn’t being actively pursued. Many
certificates security developments that are taking place are within the same
set of security technology that is being used today with some
It was mentioned that if the intranet wanted access to the minor adjustments.
internet, virtual private networks are often used. Intranets that
exist across multiple locations generally run over separate leased
lines or a newer approach of VPN can be utilized. VPN is a X. CONCLUSION
private network that uses a public network (usually the Internet)
to connect remote sites or users together. Instead of using a Network security is an important field that is increasingly
dedicated, real‐world connection such as leased line, a VPN uses gaining attention as the internet expands. The security threats and
"virtual" connections routed through the Internet from the internet protocol were analyzed to determine the necessary
company's private network to the remote site or employee. changes in security technology. The security technology is
mostly software based, but many common hardware devices are

www.ijsrp.org
International Journal of Scientific and Research Publications, Volume 3, Issue 8, August 2013 5
ISSN 2250-3153

used. The current development in network security is not very [4] Molva, R., Institut Eurecom,“Internet Security Architecture,” in Computer
Networks & ISDN Systems Journal, vol. 31, pp. 787‐804, April 1999
impressive.
[5] Sotillo, S., East Carolina University, “IPv6 security issues,” August 2006,
Originally it was assumed that with the importance of the www.infosecwriters.com/text_resources/pdf/IPv6_SSot illo.pdf.
network security field, new approaches to security, both [6] Andress J., “IPv6: the next internet protocol,” April 2005,
hardware and software, would be actively researched. It was a www.usenix.com/publications/login/2005‐04/pdfs/andress0504.pdf.
surprise to see most of the development taking place in the same [7] Warfield M., “Security Implications of IPv6,” Internet Security Systems
technologies being currently used. Combined use of IPv6 and White Paper, documents.iss.net/whitepapers/IPv6.pdf
security tools such as firewalls, intrusion detection, and [8] Adeyinka, O., "Internet Attack Methods and Internet Security Technology,"
authentication mechanisms will prove effective in guarding Modeling & Simulation, 2008. AICMS 08. Second Asia International
Conference on, vol., no., pp.77‐82, 13‐15 May 2008
intellectual property for the near future. The network security
[9] Marin, G.A., "Network security basics," Security & Privacy, IEEE , vol.3,
field may have to evolve more rapidly to deal with the threats no.6, pp. 68‐72, Nov.‐Dec. 2005
further in the future.

AUTHORS
REFERENCES
[1] Dowd, P.W.; McHenry, J.T., "Network security: it's time to take it
First Author – Priyank Sanghavi, Final Year - EXTC, D.J
seriously," Computer, vol.31, no.9, pp.24‐28, Sep 1998 Sanghvi College of Engineering, priyanksanghavi92@gmail.com
[2] Kartalopoulos, S. V., "Differentiating Data Security and Network Security," Second Author – Kreena Mehta, Final Year – IT, Sardar Patel
Communications, 2008. ICC '08. IEEE International Conference on, Institute of Technology, kreenasmehta@gmail.com
pp.1469‐1473, 19‐23 May 2008 Third Author – Shikha Soni, Final Year - EXTC, D.J Sanghvi
[3] “Security Overview,” www.redhat.com/docs/manuals/enterprise/RHEL‐4‐ College of Engineering, shiksoni92@gmail.com
Manual/security‐guide/ch‐sgs‐ov.html.

www.ijsrp.org