Network Security Know the Lingo

[amitbhandari 0]

The Internet arose out of the natural need of the worldwide to communicate, and has become the backbone of digital age. Now-a-days, the Net has reached to billions of individuals as against in the past when it was envisaged only for scientific community. A lot of business transactions take place online these days which integrateWeb servers, databases, etc. Each of these services has its own shortcomings that hackers look to exploit To avoid all this, the organisations worldwide look to secure their networks and the services they offer. As the existing technologies mature, and new technologies are invented, hackers refine their technology as well, making it more expensive and difficult to detect digital onslaughts. Vulnerability analyses, incident response, forensic analysis, cryptography and monitoring are some of the sub-areas under network security and have evolved as a result of the need for information security.

 

Vulnerabilities, threats and attacks

Although all these terms seems to be similar, in reality, they differ. A vulnerability is a weakness due to hardware or software shortcomings. A threat can be defined as anything that could cause damage or loss to the assets. The loss could be of any form - financial, a loss of reputation for an organisation, etc. Attacks are active entities. The attacker exploits vulnerabilities and attacks your services/networks.

 

Attacks

The network attacks can be classified into various types. An attacker has to put in some groundwork before launching an attack. The groundwork includes identification of the hosts and the vulnerabilities that these hosts have. Later, the attacker uses the gathered information to launch attacks.

 

Before attacking the network/services, the attacker probes the network/hosts for vulnerabilities. These types of attacks are termed as reconnaissance attacks. For example, an attacker from external network tries to poll your network and to identify the live hosts in your network. Knowing the live hosts is not a big deal. As a next step, the attacker would collect information on various services running on each host. The attacker sends a request to all the ports, and if there is any positive response from the server, it means that the service is running; and if the response is negative, it means that service is not running using that particular port number. Most of the services like Web server, telnet server, SSH server, etc, run using standard port numbers that are pre-defined and standardised.

 

After getting to know the services running on the host, the next step is to attack the services running, using the vulnerabilities associated with each service. If the vulnerabilities are not properly patched, the host under attack could be compromised.

 

CIA - the secret

The principles of network/information security revolve around the seemingly simple abbreviation CIA; confidentiality, integrity and availability.

 

Confidentiality is keeping the resources confidential and not disclosing critical information to any third party not entitled to receiving the information.

 

Integrity is keeping the information intact by not letting others corrupt the data inappropriately. This includes marking the users with the right previleges require to modify/alter the data. Through integrity, we make sure that data is authentic and complete.

 

Availability is another area that is often overlooked. Availability is act of keeping the resources available when they are needed most. The resource that is not available when required is as bad as not present at all.

 

Also, asset is a resource that is of some value to you, and to your organisation. For example, for an organisation that has many online users, a Web server might be a critical resource. A security policy is a document that describes how your organisation will enforce security. It starts with asset identification. The second step is doing a risk analysis - possible risks might be Denial of Service (DoS) to authorised users, unauthorised access to the network/services by attackers, etc.

 

References

https://www.purdue.edu/securepurdue/