Security Protocols - Coursework Example

Security Protocols Security Protocols Sharing of information is an integral part of a company. Communication becomes even more important if a company has a number of branches remotely located all over the world. Communications has seen a great deal of improvement in the last decade or so. Network coverage all over the world has made exchange of information a lot easier and faster. Since, computerized systems have proven to be efficient in the past, therefore, companies have moved their entire operations and data online. However, with the innovation comes new threats. Digital thieves called hackers are always in search for their next victims. Hackers tend to break into different companies systems and steal, damage or duplicate their data, sometimes for beneficial gains and other times as acts of vandalism (Rhee, 2003). Threats to the current system Packet sniffing The first threat to the current system is the packet analyzer or packet sniffer. Packet sniffer is a program or a piece of equipment that monitors the activity over a network and grabs each packet to analyze its contents. There are two methods that are used for packet sniffing monitor method and promiscuous method. Monitor method can monitor a network without the need to share data with any of the access points. In other words, it obtains packets without having to reveal any of its own data which makes it almost impossible to detect. Monitor method can only be used for wireless networks. Promiscuous method views all the data that flows through the two access points. Detection of promiscuous method is a lot easier than monitor method. The snooping software used in promiscuous method usually leaves traces of its code in the form of responses. However an experienced individual would easily be able to cover his digital footprints. Attackers usually rely on promiscuous method because of two main reasons. First promiscuous attack can be used on both wireless and a wired network, and second promiscuous method provides the attacker with the complete details of the data being sent. Hackers usually use packet sniffers to obtain users ID, password and can use packet sniffing to spy on the company’s activity. These user ID can be used for impersonation and identity theft. Denial of service Denial of service or more commonly known as DoS is an attack that renders different servers and resources unavailable or inaccessible for the user. The attackers use DoS to either render a website useless or increase the workload on a server resulting in degradation of its service. DoS methods are also used by different web based companies to make sure that their competitor’s servers remain unavailable to the users. The attacker sends continuous fake requests to the targeted server making it impossible for the server to distinguish between real and fake requests. The main purpose of the DoS attack is to increase the workload on the server to the extent where the server slows down and is unable to respond in the appropriate time or force the server to crash. In both cases, the server is unable to provide proper service to the targeted users. Distributer Denial of Service (DDoS) uses the same concept as DoS. The only difference between the two is that DoS involves just one attacker or one machine, where as DDoS comprises of multiple attackers or multiple machines. Comparatively DDoS is a lot more dangerous to companies than DoS. A DoS attack can be prevented with the user blocking the IP address of the attacker, but in DDoS the attacker makes use of thousands of machines which the user cannot block. A DoS attack is quite easy to detect. Usually if, a website has been the target of a DoS attack the website would be inaccessible, and if a server has been the target of a DoS attack then the server is slow to respond to a request. Another type of DoS attack involves an increase in the number of spam emails. This type of attack is usually intended to flood an inbox or to render the server of an email providing websites useless or inaccessible (Bosworth et al., 2009). Spoofing Spoofing attack is an attack where the attacker is able to portray himself or herself as some individual, part of a closed network, in order to steal data from the network, harm its contents or gain access to restricted networks. There is a wide range of spoofing attacks that can be adopted by the attacker (Cole, 2002). IP address spoofing The most commonly used spoofing attack is IP address spoofing. In IP address spoofing, the attacker disguises his IP address and uses it to carry out his tasks. IP address spoofing is usually associated with a DoS attack. The attacker sends multiple requests from different IP addresses to overload the server or the attacker takes up the IP address of the victim and sends multiple requests to different machines. The response from those machines in return is what crashes the targeted server. IP spoofing is also used to get past security setups that use IP address instead of passwords to gain access to certain networks or websites. ARP spoofing Another type spoofing is the address resolution protocol also known as ARP. This type of spoofing attack transmits ARP messages throughout a network and connects the MAC address of the target’s computer to an IP address of someone who is a part of a network. This in turn sends all the data sent from the targets computer to the attackers IP address. ARP spoofing is only applicable to certain local area networks. DNS spoofing The third type of spoofing attack is the Domain Name System/DNS. The main use of this device is to connect different URLs to their appropriate IP address. In DNS spoofing, attack the attacker modifies the DNS and connects the URL of a particular website to the IP address of the attacker’s choice. This IP address is usually of a server is being used by the attacker. Man in the middle As the name suggests ‘man in the middle’ is a type of attack in which the attacker gains access to a communication channel and controls all the conversation that takes place on the channel. Also known as the Janus attack or the fire brigade attack the attacker observes and sometimes creates messages of his own which he sends to the recipient disguised as the authorized sender and vice versa. In this type of attack, the end users are not aware of the attacker (Cole, 2002). Trojans Trojans are seemingly harmless programs that perform the intended purpose, but also create an entry for unauthorized users. Trojans are usually attached to other software and gain access to the computer of a person when the user installs that file. A Trojan gives complete control of the target computer to the attacker making the contents of the computer vulnerable to theft, damage or modification. In some cases, Trojans are used to facilitate electronic money theft. The most common use of Trojans by attackers is to create botnets to send spam mail from the host computer. A botnet is a program that coordinates with other programs to carry out certain tasks cited by the user, in this case the attacker. Replay attack Hackers observing communication lines usually carry out replay attacks. Replay attack occurs when two users are using an unsafe channel. The hacker obtains the password of one of the users and uses it to send misleading information to the second user. Replay attacks have been known to use by different companies against their adversaries to cause confusion amongst the different departments of the company. Proposed security modifications The first and foremost thing that must be done is that a proper encryption algorithm preferably the AES algorithm must encrypt all data being transmitted from and to the head office. AES or Advanced Encryption Standard is an encryption algorithm that was designed by two Belgian cryptographers and used by the United States government since 2002. With a strong encryption algorithm the hacker, even if he is able to hack into the channel and obtain the data being sent he would not be able to understand or obtain the original data. The second modification would be to use a safe channel with secure protocols whenever possible. The replacement of hubs with switches is another idea that could help remove the possibility of data falling into the wrong hands. Hubs usually tend to route data and messages to the members of the entire network even to those users who have gained unauthorized access to the network. Switch, on the other hand, transmits the data or packet to the recipients IP address only making the switch a much safer option when compared to a hub. Wireless sniffer detection software available in the market help detect unknown networks or unauthorized users. These software can further be used to modify to detect a particular attack. The company should routinely try breaking into their own channels in order to detect any weak points on the network. Such checks would keep the company aware of any lapse that can occur in the communication channel over a period of time. Also such, checks would help the company understand how a hacker would perceive their system and what exactly would he attack the communication lines or try to gain entry into the network. Installing packet filters would significantly reduce the risk of IP spoofing. Packet filters block out packets that arrive from a machine situated outside the network, but is using the IP address of a machine that is working within the network or a machine situated within the network, but using the IP of a machine outside the network. Another way to reduce spoofing is to install programs that detect spoofing. Such programs target all kinds of spoofing and not just IP address spoofing. These software validate all the data that is sent from the network and is received by the network. These software discard the spoofed data. The company should avoid using protocols based on Trust relationships. As mentioned before trust relationships use IP address for verification and validation and it is relatively easier for the attackers to apply spoofing against networks using trust relationships as part of their authentication methods (Whitman & Mattord, 2012). Prevention against a DDoS attack is not an easy task and the risk of a server crash would be there even after prevention methods have been implemented. One way of preventing the server from crashing is with the help of the internet service provider. During a DDoS attack, the ISP instead of routing the traffic towards the targeted server could discard the entire traffic. However, the implementation of this method would also mean that the authentic users would be unable to access the server as well. Another strategy that can be implemented is the development of collection of reverse proxies over a number of locations. These reverse proxies allow the requests from authentic users to pass through and block out the requests from the DDoS attack. Since, the reverse proxies are spread over a number of locations therefore, the traffic is distributed among them preventing the increase of work load on one server. These methods might not be enough to prevent a DDoS attack, but taking such measures help a company manage a DDoS attack (Sun, 2008). To prevent anyone from viewing or altering the messages being transmitted, mutual authentication must be used. Mutual authentication is a process that can be used between two individuals to confirm the receiver’s identity and the identity of the sender as well Other than that TSL (Transport Security Layer) can be added as an extra security measure. TSL is a security cryptographic protocol that uses various cryptographic techniques and codes to ensure that the message can only be read or decoded by the authenticated user. TSL protocols must be applied to the company’s website and every site where the company plans to exchange sensitive information (Nemati & Yang, 2011). To further strengthen the security of the channels passwords and user ID can be used. Another trend that has emerged to keep unwanted users off a channel is with the use of a virtual private network (VPN). A VPN encrypts all the data sent from the users end making it difficult for a third party to understand any intercepted messages (Feilner, 2006). Prevention from Trojan viruses is relatively easy it just requires the user to remain a little cautious and careful. The first step is to make sure users do not open emails from unknown personnel. To prevent Trojan attacks one must ensure that the antivirus software being used is up to date and if there is a need to update software or add a patch to it then it is important that the patch or update is obtained from a reliable source and not from a third party. An antivirus gets rid of Trojan files that have entered the system firewall, on the other hand, restricts the entry of such software into the system. Firewall is an important tool to restrict unauthorized connections from a particular system. Antivirus software along with firewall plays the role of a sword and a shield, protecting the computer from Trojan programs. However once a Trojan program is executed then it is very its removal will not suffice. The execution of such programs usually leads to a lapse in computer securities, and there is a need to check the security system of the entire system remaining offline throughout that time (Gralla, 2005). To prevent any replay attacks in the future session tokens must be used whenever communicating between a client and server. Session token basically is an identifier that creates a session with the client. The client sends the password to the server as a reply to the token. The server carries out some calculations, and if the results of the calculations match the reply of the client only then would the client be allowed entry to the server. Cloud computing Cloud computing is a collection of different computational resources that can be accessed over the internet. This type of computing is nothing like traditional services. The clock cycles of a processor are sold as commodities in cloud computing or services are charged by the hour. Along with that the company providing the services of cloud computing are responsible for the entire setup the user does not have to get into the technical aspects of cloud computing. These services or resources have been categorized under the headings of Infrastructure as a service Infrastructure as a service in cloud computing refers to the provision of different hardware to a particular client by the provider. Hardware in cloud computing usually refers to the storage space, networking equipment, hard drives etc. The provider of the service is completely responsible for the maintenance, working and repair of the equipment. Software as a service The ability of cloud computing to provide the services of software without actually having to purchase it has made it popular among the masses. The provider rents the software to the client and via a network connection the user makes use of the features of that particular software. Platform as a service Platform as a service is integration of software as a service and infrastructure as a service. Platform as a service provides users with storage space, facilities of operating systems and even provides the services of a network. A cloud can be owned by a company or can be rented from an IT firm. A cloud that is owned by a company is called a private cloud and only employees from within the organization are allowed to use it. While companies that provide services of cloud computing to other institutions usually make use of public clouds. Public clouds are available for all those individuals who are willing to pay for the service. Benefits of cloud computing The multinational company IBM predicts that by 2015, the sales of cloud computing would be close to 150 billion dollars (Whiting, 2013). Cloud computing is bound to become a necessity for every company in the near future. The following reasons are tell us why companies are opting for cloud computing Availability of services Through cloud, computing needs of a particular company are easily met, and the supply is in accordance to the need, which means that the company doesn’t need to buy a service it doesn’t need. For example if a person needs storage space of 1.5 GB he would have to buy a storage space of 2GB. However, with cloud computing the person would get the required space and would have to pay for the amount of space he buys. Backup Companies buying services from cloud computing have no need to plan or have a backup system. The provider is responsible for making sure the cloud has foolproof backup system and that all possible scenarios have been covered. This saves a number of resources and cost for hiring a team to plan out the company’s backup system. Availability of updated services Cloud computing provides the user with the latest and updated software. The provider has the responsibility of updating the software and security services making it easier for the user to avail the latest software. With cloud computing the user does not have to worry about installing the new version of any software or service. Initial investment With cloud computing the cost of starting a business is significantly decreased. A large number of resources that an investor have to buy at the start of his or her business can be provided through cloud computing. As the needs of the company increase, the resources can be bought off the cloud computing. Coordination among employees Cloud computing allows different employees to work with each other. It improves coordination among them and helps the supervisor keep an eye on things. With the help of cloud computing multiple employees can work on a document or use a piece of software simultaneously. Remote access Cloud computing provides employees with the option of working from any part of the world. Remote access for employees mean they have access to information that would increase their awareness of what is going on in the company from anywhere in the world. Documentation Cloud computing provides access of one file to multiple users. That means there would be only one copy of the document, other than the backup that would be allowed to be modified by all employees. Since, there would be only one copy, therefore, whoever would access the document would receive the updated version of the document. Data security Since, most of the documents of a company are stored on a cloud, therefore, the loss of a file from a personal computer won’t really matter because a copy of that file would always be available on the cloud for the employee’s use. Cleaner technology Since, the companies only use the amount of resources they need, therefore, this has a huge impact on the conversion of energy. It is estimated that the use of cloud computing decreases the consumption of energy by 30% (Sampson et al., 2013). Fairness Since, cloud computing provides the latest technology to small businesses at a cheaper rate, therefore, there is a reduction in the competitive edge that huge firms have over these small businesses in terms of technology. Drawbacks of cloud computing Dependency on internet connection With cloud computing a business becomes completely dependent on the availability of an internet connection. If the server of cloud crashes or is down for some reason the company is neither able to access its files nor is it able to access any of the services. Security issues Company’s data on cloud computing doesn’t necessarily mean a company’s data is safe. The provider does use the latest security measures. However, if unauthorized users get access to the cloud the result could be devastating for a company. Summary and conclusion In the given scenario, the company’s security is almost nonexistent. The provided recommendations would defiantly boost the company’s security and would make sure that the company’s network is more resistant to future cyber attacks. However, the cost of implementing all these features would be immense. On the other hand, cloud computing seems like a more feasible option. Not only would cloud computing help the company improve its security, but would also provide it with better services and features. However, more thorough analysis of the cost, requirements and the benefits of cloud computing is needed before any decision regarding the future of the company is made. List of References Bosworth, S., Kabay, M.E. & Whyne, E., 2009. Computer Security Handbook. New Jersey: John Wiley & Sons. Cole, E., 2002. Hackers Beware. Indianapolis: Sams Publishing. Feilner, M., 2006. Openvpn: Building and Integrating Virtual Private Networks. Birmingham: Packt Publishing. Gralla, P., 2005. PC Pest Control: Protect Your Computers From Malicious Internet Invaders. North Sebastopol: OReilly Media. Nemati, H.R. & Yang, L., 2011. Applied Cryptography for Cyber Security and Defense. Hershey: Idea Group. Rhee, M.Y., 2003. Internet Security: Cryptographic Principles, Algorithms and Protocols. West Sussex: John Wiley & Sons. Sampson, D.G., Isaias, P., Ifenthaler, D. & Spector, J.M., 2013. Ubiquitous and Mobile Learning in the Digital Age. New York: Springer. Sun, H., 2008. A High-speed Robust Distributed Denial of Service (DDoS) Defense System. Ann Arbor: ProQuest. Whiting, R., 2013. XChange: IBM Helping Partners Capture Cloud, Analytics Opportunities. [Online] Available at: [Accessed 14 march 2013]. Whitman, M.E. & Mattord, H.J., 2012. Principles of Information Security. Boston: Cengage Learning. Read More