Unit 4

Security introduction
Network security is any activity designed to protect the usability and integrity of your
network and data.
 It includes both hardware and software technologies
 It targets a variety of threats
 It stops them from entering or spreading on your network
 Effective network security manages access to the network

How does network security work?

Network security combines multiple layers of defenses at the edge and in the network.
Each network security layer implements policies and controls. Authorized users gain
access to network resources, but malicious actors are blocked from carrying
out exploits and threats.
How do I benefit from network security?
Digitization has transformed our world. How we live, work, play, and learn have all
changed. Every organization that wants to deliver the services that customers and
employees demand must protect its network. Network security also helps you protect
proprietary information from attack. Ultimately it protects your reputation.

Illusion of network security

The illusion starts with disparate solutions

Disparate security solutions are those that are implemented in

isolation, without considering how they fit into the overall security
architecture or how they interact with other solutions. For example, an
organization may have separate solutions for network security,
endpoint security, cloud security, and application security, but no clear
vision of how they work together or how they support the
organization's objectives.

This can lead to several problems, such as:

- Lack of visibility and control: Disparate security solutions may not
provide a complete picture of the organization's security posture,
leaving blind spots and gaps that can be exploited. Additionally,
managing multiple solutions can be complex and time-consuming,
reducing the efficiency and effectiveness of security operations.

- Increased costs and risks: Disparate security solutions may require

more resources and maintenance than integrated ones, increasing the
total cost of ownership and reducing the return on investment.
Moreover, non-integrated solutions may not be able to respond
quickly or adequately to emerging threats, increasing the risk of
breaches and incidents.

- Reduced agility and innovation: Disparate security solutions may limit

the organization's ability to adapt to changing business needs and
customer expectations, as well as leveraging new technologies and
opportunities. For instance, non-integrated solutions may hinder the
organization's digital transformation efforts or cloud migration plans.

Overcoming the illusion

To overcome these challenges, organizations need to adopt a holistic

and comprehensive cyber security strategy that aligns with business
goals and covers all aspects of their digital environment. A holistic
cyber security strategy should include:

- Assessment: assess the organization's current security maturity and

identify gaps and areas for improvement.

- Security Objectives: Define clear and measurable security objectives

and metrics that support the organization's vision and mission.
-Integrated Security: Implement integrated and scalable security
solutions that provide end-to-end protection across all layers of the
organization's infrastructure, applications, data, and users.

-Continuous Monitoring : Monitor and measure the performance and

effectiveness of the security solutions and adjust them as needed.

-Education: Educate and empower the organization's stakeholders,

including employees, customers, partners and suppliers on cyber
security best practices and responsibilities.

Conclusion

Organizations should not fall for the illusion of being cyber secure by
implementing what is perceived as best of breed brands. Instead, they
should adopt a more realistic and pragmatic approach that considers
their own context and challenges, and leverages the best practices and
standards in the industry. Cyber security is not a destination, but a
journey that requires constant vigilance and improvement.

Security as a process
Security is a process not product”. Security is a continuous process to ensure information, people and
network have necessary protection for reliable and secure day to day operations. The Information
Technology(I.T) and telecommunications firms need complete and low cost security solutions. It is
required and essential to protect a secured network from dangerous and deliberate threats. Security
should have the qualities that enhance the interweaving of capabilities of security in complete end to end
solution for security. A standard security architecture is required for such a solution.
X.800 for Security Architecture:
The principles which defines a security structure for…show more content…
The motive of the security architecture will be to act as a foundation clear development recommendations
for network security.
A set of security measures developed to answer a particular aspect of network security is Security
Dimension. To protect against crucial threats, eight sets were identified by X.805. They are as below:
a. Access Control – The main purpose of access control security dimension is to provide protection against
unauthorized use of networks. The access control elements restricts unauthorized users from using
applications, services, network elements, stored information and information flows. There is a concept
called Role Based Access Control, which provides different levels of access like users of particular type can
be restricted to certain elements.
b. Authentication – This dimension provides confirmation for valid identities. It checks the validity of the
identity.
c. Non-repudiation – If a user try to change or duplicate data, this dimension provide proof about the
action. It sees that no user denies his/her action of data altering by providing proof.
d. Data Confidentiality – Encryption is the best example for this. Any unauthorized user, though gets access
to data, the user does not understand the data as it encrypted by the Data Confidentiality security
dimension.

Security terminology and concepts

Basic Security Terminology

Before you embark on the rest of this chapter and this book, it is important to know some basic terminology. The security
and hacking terms in this section provide a basic introduction to computer security terminology, but they are an excellent
starting point to help you prepare for learning more about computer security. Additional terms will be introduced
throughout the text and listed in the Glossary at the end of this book.

The world of computer security takes its vocabulary from both the professional security community and the hacker
community.

Hacker Slang
You probably have heard the term hacker used in movies and in news broadcasts. Most people use it to describe any
person who breaks into a computer system. In the hacking community, however, a hacker is an expert on a particular
system or systems, a person who simply wants to learn more about the system. Hackers feel that looking at a system’s
flaws is the best way to learn about that system. For example, someone well versed in the Linux operating system who
works to understand that system by learning its weaknesses and flaws would be a hacker.

This process does often mean seeing if a flaw can be exploited to gain access to a system. This “exploiting” part of the
process is where hackers differentiate themselves into three groups:

 A white hat hacker, upon finding some flaw in a system, will report the flaw to the vendor of that system. For
example, if a white hat hacker were to discover some flaw in Red Hat Linux, he would email the Red Hat company
(probably anonymously) and explain exactly what the flaw is and how it was exploited. White hat hackers are often
hired specifically by companies to do penetration tests. The EC Council even has a certification test for white hat
hackers: the Certified Ethical Hacker test.
  A black hat hacker is the person normally depicted in the media. Once she gains access to a system, her goal is to
cause some type of harm. She might steal data, erase files, or deface websites. Black hat hackers are sometimes
referred to as crackers.
 A gray hat hacker is normally a law-abiding citizen but in some cases will venture into illegal activities.

Regardless of how hackers view themselves, intruding on any system is illegal. This means that technically speaking all
hackers, regardless of the color of the metaphorical hat they may wear, are in violation of the law. However, many people
feel that white hat hackers actually perform a service by finding flaws and informing vendors before those flaws are
exploited by less ethically inclined individuals.

Script Kiddies
A hacker is an expert in a given system. As with any profession, it includes its share of frauds. So, what is the term for
someone who calls himself a hacker but lacks the expertise? The most common term for this sort of person is script kiddy).
Yes, that is an older resource, but the term still means the same thing. The name comes from the fact that the Internet is
full of utilities and scripts that one can download to perform some hacking tasks. Many of these tools have easy-to-use
graphical user interfaces that allow those with very little or no skill to operate them. A classic example is the Low Orbit
Ion Cannon tool for executing a DoS attack. Someone who downloads such a tool without really understanding the target
system is considered a script kiddy. A significant number of the people you are likely to encounter who call themselves
hackers are, in reality, mere script kiddies.

Ethical Hacking: Penetration Testers

When and why would someone give permission to another party to hack his system? The most common answer is in order
to assess system vulnerabilities. Such a person used to be called a sneaker, but now the term penetration tester is far more
widely used. Whatever the term, the person legally breaks into a system in order to assess security deficiencies, as
portrayed in the 1992 film Sneakers, starring Robert Redford, Dan Aykroyd, and Sidney Poitier. More and more
companies are soliciting the services of such individuals or firms to assess their vulnerabilities.

Anyone hired to assess the vulnerabilities of a system should be both technically proficient and ethical. Run a criminal
background check and avoid those people with problematic pasts. There are plenty of legitimate security professionals
available who know and understand hacker skills but have never committed security crimes. If you take to its logical
conclusion the argument that hiring convicted hackers means hiring talented people, you could surmise that obviously
those in question are not as good at hacking as they would like to think because they were caught.

Most importantly, giving a person with a criminal background access to your systems is on par with hiring a person with
multiple DWI convictions to be your driver. In both cases, you are inviting problems and perhaps assuming significant
civil liabilities.
Also, some review of their qualifications is clearly in order. Just as there are people who claim to be highly skilled hackers
yet are not, there are those who will claim to be skilled penetration testers yet lack the skills truly needed. You would not
want to inadvertently hire a script kiddy who thinks she is a penetration tester. Such a person might then pronounce your
system quite sound when, in fact, it was simply a lack of skills that prevented the script kiddy from successfully breaching
your security. Later in this book, in Chapter 11, “Network Scanning and Vulnerability Scanning,” we discuss the basics of
assessing a target system. In Chapter 11 we also discuss the qualifications you should seek in any consultant you might
hire for this purpose.

Phreaking
One specialty type of hacking involves breaking into telephone systems. This subspecialty of hacking is referred to
as phreaking. The New Hacker’s Dictionary actually defines phreaking as “the action of using mischievous and mostly
illegal ways in order to not pay for some sort of telecommunications bill, order, transfer, or other service” Phreaking
requires a rather significant knowledge of telecommunications, and many phreakers have some professional experience
working for a phone company or other telecommunications business. Often this type of activity is dependent upon specific
technology required to compromise phone systems more than simply knowing certain techniques.

Professional Terms
Most hacker terminology, as you may have noticed, is concerned with the activity (phreaking) or the person performing
the activity (penetration tester). In contrast, security professional terminology describes defensive barrier devices,
procedures, and policies. This is quite logical because hacking is an offensive activity centered on attackers and attack
methodologies, whereas security is a defensive activity concerned with defensive barriers and procedures.

Security Devices
The most basic security device is the firewall. A firewall is a barrier between a network and the outside world. Sometimes
a firewall takes the form of a standalone server, sometimes a router, and sometimes software running on a machine.
Whatever its physical form, a firewall filters traffic entering and exiting the network. A proxy server is often used with a
firewall to hide the internal network’s IP address and present a single IP address (its own) to the outside world.

Firewalls and proxy servers guard the perimeter by analyzing traffic (at least inbound traffic and in many cases outbound
traffic as well) and blocking traffic that has been disallowed by the administrator. These two safeguards are often
augmented by an intrusion detection system (IDS). An IDS simply monitors traffic, looking for suspicious activity that
might indicate an attempted intrusion. We will examine these technologies and others in Chapter 9.

Security Activities
In addition to devices, there are security activities. Authentication is the most basic security activity. It is merely the
process of determining if the credentials given by a user or another system (such as a username and password) are
authorized to access the network resource in question. When you log in with your username and password, the system will
attempt to authenticate that username and password. If it is authenticated, you will be granted access.
management goals related to security
Security Management has two objectives:
1.To meet the security requirements of the SLAs and other external
requirements further to contracts, legislation and externally imposed
policies.
2.To provide a basic level of security, independent of external
requirements Security Management is essential to maintaining the
uninterrupted operation of the IT organisation.
It also helps to simplify Information Security Service Level
Management, as it is much more difficult to manage a large number of
different SLAs than a limited number.
The process input is provided by the SLAs, which specify security
requirements, possibly supplemented by policy documents and other
external requirements. The process also receives information about
relevant security issues in other processes, such as security incidents.
The output includes information about the achieved implementation of
the SLAs, including exception reports and routine security planning.
At present, many organisations deal with Information Security at the
strategic level in information policy and information plans, and at the
operational level by purchasing tools and other security products.
Insufficient attention is given to the active management of Information
Security, the continuous analysis and translation of policies into
technical options, and ensuring that the security measures continue to
be effective when the requirements and environment change. The
consequence of this missing link is that, at the tactical management
level, significant investments are made in measures that are no longer
relevant, at a time when new, more effective measures ought to be
taken. Security Management aims to ensure that effective Information
Security measures are taken at the strategic, tactical and operational
levels.
Benefits
Information Security is not a goal in itself; it aims to serve the interests
of the business or organisation. Some information and information
services will be more important to the organisation than others.
Information Security must be appropriate to the importance of the
information. Striking a balance between security measures and the
value of the information, and threats in the processing environment
develops tailor-made security.
An effective information supply, with adequate Information Security is
important to an organisation for two reasons:

 Internal reasons: an organisation can only operate effectively if

correct and complete information is available when required. The
level of Information Security should be appropriate for this.
 External reasons: the processes in an organisation create products
and services, which are made available to the market or society,
to meet defined objectives. An inadequate information supply will
lead to substandard products and services, which cannot be used
to meet the objectives and which will threaten the survival of the
organisation. Adequate Information Security is an important
condition for having an adequate information supply. The external
significance of Information Security is therefore determined in
part by the internal significance. Security can provide significant
added value to an information system. Effective security
contributes to the continuity of the organisation and helps to
meet its objectives.
risk assessment?
The definition of a risk assessment is a systematic process of identifying
hazards and evaluating any associated risks within a workplace, then
implementing reasonable control measures to remove or reduce them.

When completing a risk assessment, it is important to clearly define

some keywords:

An accident is ‘an unplanned event that results in loss’

A hazard is ‘something that has the potential to cause harm’
A risk is ‘the likelihood and the severity of a negative occurrence (injury,
ill-health, damage, loss) resulting from a hazard.’

Security policies
A network security policy delineates guidelines for computer network
access, determines policy enforcement, and lays out the architecture of
the organization's network security environment and defines how the
security policies are implemented throughout the network
architecture.