With digital mainstream, the movement of information transmission, the adoption of individuals, institutions and governments on technology information and communication, the involvement of all sectors, scientific, social, academic, economic and the government in the information society, in addition to the availability of the technology easily, and the proliferation of programs and applications in an unprecedented way with low cost, especially for pirated programs or those distributed by private sites for hackers, the emergence of multimedia which used extensively .We find ourselves faced with an urgent need for security in the Siberian space. So that security It is an essential condition of the check-confidence.
Network security consists of the policies adopted to prevent and monitor unauthorized access, misuse, modification of a computer network. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Network security and the Internet security is strongly associated with information security. Access to the last mentioned, or show, or found and exchanged, or misshaped and abused is the thing that stands, regularly, behind the assault operations on the networks. And talk about security requires talk about what risk and weakness that marred system definition, and what should do to prevent that danger.
Threats to the networks consist of two ways:
1. Base security, and everything in it, from the Passage and way out, stockpiling, and interference of data.
2. Sabotage, destruction and disruption, which expect to receive and affect the money and people through it.
Before turning to special protection and security technologies, we must define the goal of protection which is success in making the aggressors are reluctant to plan, or to prevent them from achieving their plan. We must mention that the reality of security in a comprehensive, uncertain and guaranteed is not present. Each system has its own weaknesses, it made some consider the strength of any system was measured by the weakest point in it strongly. On the other hand, it must be compared, the cost of security and the value of protection, meaning that the value of what is intended to protect. So, before, it must be to determine who is supposed to protect. The biggest side of security is not a technical engineering standards or procedures, it is about awareness and good perception. Therefore, the risk assessment of the priorities , of the private security policy networks and internet where it is necessary to note all external and internal threats, including professional and informatics, that distinguish between the dangers associated person system users, those special measures adopted, and those related to the protocol, identifying what can be controlled , and what comes out of control .
There are several levels used to provide security of the networks because of the urgent need for the multiplicity of these levels. The security of the networks very large subject cannot be relatively limited.
These security policies used in operating systems:
1. Password protection.
2. Safety models
4. Protection protocols.
There are very complex definition of tools available for networks that require an unusual degree of safety. For example, one of the security mechanisms require the use of a smart card (Smart Card), a tool-like dependence with the magnetic strip on card, you must pass through the card reader connected to the computer so that the user can access the network. There is also a biological scanning devices, you can identify the user by scanning the unique physical attributes, such as a thumbprint or retina. However, most networks do not require such complex systems. Instead, most of the officials networks of users required to put passwords to gain access to network resources, drive movements, server applications.
Possible that the use of passwords is an excellent way to protect network resources, and could be not. When the system administrator gives the freedom to establish passwords for users of their own, users assigns passwords easy to remember short, rarely change those words. Users may put words in their name, passwords consisting of letters, numbers easily guessed, such as the first letters of their names or dates of birth or the like which can be used by intruders, There is a solution to these problems, the system administrator registered forcing users to choose a certain length of the passage and changed periodically words. This policy is determined by the charge based on the operating system that runs the network type.
' Determine the length of passwords:
Whenever the password is long whenever it harder to guess by Infiltrators.
' Encrypts passwords control:
Most operating systems store user passwords are encrypted so no knowledge of a possible intruder using a disk editor programs to read the contents of the discs stored by the engine. The show returned passwords as you type it in the form of stars or opaque points does not indicate anything
In operating systems that rely on a client / server network user accounts are stored in a central location is the directory service:
' (Active Directory) in Windows networks
' (Novell Directory Services) in Novell NetWare networks.
The Peer Networking (Peer to Peer) keeps each computer its own security information and carries out its own authentication. It's can operate computers as clients and servers at the same time, when a client tries to use resources on another device works as a server, the client ratify before being granted access.
There are two basic types of safety models used in Windows and most other operating systems are:
' user-level security
' Share Level Security
Are permissions to specific users on how to use the network resources.
Share Level Security:
Is set passwords for different shared resources they create on computers they have. It does not give a lot of protection because it gives everyone the same password to gain access to network resources. The advantage of the security on a common standard to any user, regardless of experience, can learn how to prepare a private shared resources passwords, which reduces ongoing network administrator follow-up.
Is security mechanisms internally network from a lot of threats to the internal or private network. Internet connections in most networks today is a door that can be implemented from these risks.
A firewall is hardware or software designed to protect the network from unauthorized parties have access to it. It is in fact a barrier between the two networks evaluates all incoming signals and decides whether they should be allowed to pass to the other network or not.
It can take several different firewall forms to evaluate the incoming signals to the network:
' Firewall device contain special program monitors incoming and outgoing signals.
' Program running on an ordinary PC.
The walls were very complex and expensive protection is used only in professional networks.
There are now protecting programs supplied with the operating systems but not enough to fully secure the network from external threats. There is also a free independent programs can be used for small networks or personal computer connects to the Internet.
There are a number of metrics security protocols used by applications and operating systems to protect data during transmission over the network. These protocols are applied in certain types of data encryption techniques.
Internet Protocol Security (IPSec)
It is one of the security protocols for communications across IP networks
IPSec has two independent protocols offer different levels of protection:
1. Authentication Header (AH)
It uses a signature in messages and data, does not work on encrypted, which preserves only the following for user:
' Data authenticity:
Mean that any data sent from the user it is not a fake or foisted on the web.
' Data Integrity:
Mean that any data sent have not been modified on the road (while passing the wire).
This method is used by hackers where they stole encrypted password and are re-sent it of the server as an encrypted then the server will open encryption, and they can enter as another user. IPSec offers solutions to prevent this process from happening.
2. Encapsulating Security Payload (ESP):
Is responsible for the encryption in the IPSec.
It offers some advantages
' Source authentication:
A sender's credibility, it can't be anyone who uses the IPsec, falsification of identity (identity of the sender).
' Data encryption:
Where data encryption to protect it from alteration or amendment and reading.
' Anti-Replay : as we mention Previously
How IPSec protects from attacks on the networks?
As we know that without taking security into consideration, the network and data can be exposed to many different types of attacks, some attacks ineffective (Passive) such as network monitoring, some of which is effective (Active), which means it can changed or stole data on the way over the network cables.
We will review some types of attacks on networks, how it happens and how to prevent them through the IPSec prevent.
First: Eavesdropping, sniffing or snooping
It is monitoring data packets that pass on the network in clear-text, without encryption and pick up what we want. the IPsec solve that by encrypting the data package, then even if picked up the package, the actor cannot be read or tampered with, because the only one that holds the key to decoding it receiver (in addition to the sender).
Second: Data modification
Steal data from network packets and modified, then forward to the receiver, IPsec prevent this by using the hash and place it with the data, then encrypt it together, when they reach the packet to the receiving end, the device examines Checksum of the package if has matched or not, if has conformance with the original hash turns out that the package had not been modified, but if the hash change then we know that the data packet has been changed on the road.
Third: MITM -Man in the Middle
One of the most of attacks on networks, that there is a third part working on the theft of data sent from one part to other part and the possibility of working on a modified or not to deliver them to the other side, IPSec prevent that by checking the reliability ways.
Fourth: DoS -Denial of Service
This attack works to disable a service from the network services to users and beneficiaries, IPSec works to prevent this by the possibility of closing or setting rules for open ports.
Network security is an important field that is getting more and more attention as the internet expands. The security threats and internet protocol should be analyzed to determine the necessary security technology. So we must have the awareness to this aspect.
...(download the rest of the essay above)