Written by Vyga V R Sunday, 28 March 2010 08:33
Encryption protects against passive attack. A different technique is to protect against active attack which is falsification of data and transactions. Protection against such attacks is known as message authentication and the protocols used to implement message authentication is known as message integrity protocols.
A message, file, document or other collection of data is said to be authentic when it is genuine and came from its alleged source. Message authentication is a procedure that allows communicating parties to verify that received messages are authentic. The two important aspects are to verify that the contents of the message have not been altered and that the source is authentic. It will be an added advantage if we are able to trace out the sequence number of a particular message relative to other messages flowing between two communicating parties.
Authentication Using Symmetric Encryption.
It is possible to perform authentication simply by the use of symmetric encryption. If we assume that only the sender and receiver share a key, then only the genuine sender would be able to successfully encrypt a message for the other participant. Also, if the message includes an error-detection code and a sequence number, the receiver is assured that no changes have been made and that sequencing is proper. If the message also includes a time stamp, the receiver is assured that the message has not been delayed.
Written by Vyga V R Sunday, 28 March 2010 08:18
A distributed IDS consists of multiple intrusion detection systems over a large network, all of which communicate with each other, or with a central server that facilitates advanced network, monitoring, incident analysis, and instant attack data. The two main components of distributed IDS are
The Central Analysis Server.
The central analysis server is really the heart and soul of the operation. This server usually consists of a database and Web server. The web interface provided by the Web server allows the corporate users to see the current attack status of their network. It also allows analysts to perform pre programmed queries, such as attack aggregation, statistics gathering and to perform rudimentary incident analysis, all from a web interface.
The Co-operative Agent Network.
The co-operative agent network is one of the most important components of the DIDS. An agent is a piece of software that reports attack information to the central analysis server. By having these co-operative agents distributed across a network, incident analysts and security personnel are able to get a broader view of what is occurring on their network as a whole. Ideally these agents will be located on separate network segments, and geographical locations. The agents can also be distributed across multiple physical locations, allowing for a single incident analysis team to view attack data across multiple corporate locations.
Written by Vyga V R Sunday, 28 March 2010 08:14
For a firewall to work, it must be a part of a consistent overall organizational security architecture. The firewall will be an integral part of any security program, but it is not a security program in and of itself.
Even though a firewall protects internal users from external users, it does nothing to protect or isolate internal users from each other. Firewalls can’t protect very well against things like viruses or malicious software .A firewall cannot replace security-consciousness on the part of your users. In general, a firewall cannot protect against a data-driven attack in which something is mailed or copied to an internal host where it is then executed.
It doesn’t protect against malicious insiders.
Authorized users can steal data, damage hardware and software, and generate attacks with out having to deal with the firewall. You can protect your network against these measures by developing and enforcing internal security policies.
It can’t prevent uncontrolled traffic.
A firewall can’t handle network traffic that bypasses it. A firewall is designed to handle users, rather than systems.
It can’t protect against completely new threats.
A firewall can protect only against known threats. No firewall can defend a system against every new threat.
It can’t prevent virus attacks.
Although firewall software does inspect incoming data packets, it looks at only the source and the destination addresses of a packet and not the contents of the packet. This type of firewall technology can’t guard against viruses because the firewall can’t detect that a packet contains a virus.
Written by Vyga V R Thursday, 18 March 2010 09:11
A network attack or security incident is defined as a threat ,intrusion, denial-of-service, or other attack on a network infrastructure that will analyze your network and gain information to eventually cause your network to crash or to become corrupted. In many cases, the attacker might not only be interested in exploiting software applications, but also try to obtain unauthorized access to network devices. Unmonitored network devices are the main source of information leakage in organizations. In most organizations, every email message, every web page request, every user logon, and every transmittable file is handled by a network device. Under some setups, telephone services and voice messaging are also handled by network devices. If the attacker is able to “own” your network devices, then they “own” your entire network. Network attacks cut across all categories of software and platform type. There are at least seven types of network attacks, spoofing, sniffing, mapping, hijacking, Trojans, Dos and DDoS, social engineering.
Written by Vyga V R Thursday, 18 March 2010 09:08
Computer networks are typically shared resources used by many applications for many different purposes. The data usually shared of transmitted between different computers are confidential in nature. Network security deals with the confidentiality, authentication and message is exchanged between computers on different networks or within the same network.
- Confidentiality ensures the fact that when a message is transmitted by a sender, only the intended receiver will understand the contents of transmitted message. An interceptor won’t be able to understand that message.
- Authentication means sender and receiver should be able to confirm identity of other party involved in the communication.
- Message integrity refers to the assurance that a message has not been disturbed or modified by an intruder during transmission.
- Non-repudiation means to ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message. Non-repudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. Non-repudiation can be obtained through the use of:
- Digital signatures—function as a unique identifier for an individual, much like a written signature.
- Confirmation services—the message transfer agent can create digital receipts to indicate that messages were sent or received.
- Timestamps—timestamps contain the date and time a document was composed and proves that a document existed at a certain time.
- Availability refers to protection against disruption of services. It ensures that services provided by any server system is available to all authorized users.
- Access control mechanism controls which users or computer programs can access data. Such techniques ensure that only authorized users will gain to access to resources. Appropriate access right policies should be defined first and only users having access rights will be allowed to utilize resources. For example, some systems implement an access control list foe each object that determines who is allowed to access the object. In other system each user is assigned a password. When a user needs to access protected resources, the user is asked to enter the password.
Page 1 of 2«StartPrev12NextEnd»