Fundamentals of Network Security - Coursework Example

Index 2.Applying Computer Forensics for Security Management 11 2.1.Introduction and Security Issue 11 2.2.Attributes of Computer Forensics 12 2.3.Methods of Application 13 2.4.Proposed Solution 15 2.5.Conclusion 17 3.References 18 Fundamentals of Network Security and Application of Forensics for Security Management 1. Fundamentals of Network Security 1.1. Introduction to Network Security Over the last couple decades there has been increased reliance on the networked resources with the world shifting on the networked online medium for supporting its operations. Companies, hospitals as well work at home mothers to name a few are amongst the active users of the internet employing it as a source of entertainment and information for decision making. The World Wide Web one the largest networks at present is growing in terms of its importance for business operations as well as providing technical support to the economy. As a result network security is increasingly becoming an issue of significant importance in the world of today. There can be different types of networks, internal which are private and for exclusive use or external like the internet which can be accessed and used by all. All types of networks however are now threatened with violating and harmful parties who seek personal benefit from the manipulation of data and process on the networks. Here the importance of network security becomes paramount which has to be managed for proactively. Network security in general relates to the set of policies developed to keep the network secure in from harmful manipulation and illegal access. These policies are built specifically to retain the integrity of the data and processes by protecting the reliability utility and the relevancy of the data being communicated and stored on the network (Meghanathan et al., 2010). In order for network security to be effective it has to be able to target and stop diverse threats from both entering as well as disseminating into a network. The fundamentals of network security are explored in detail in the consecutive sections. 1.2. Fundamentals The fundamentals of network security are the main elements that form the basis of the network security policy at the very basic level. These fundamentals include identification, authentication, access control, availability, confidentiality, integrity, accountability and non repudiation. These fundamentals seek to prevent incidents where unauthorized access, misuse of network resources, modification of data being stored and communicated on the network and the denial of accessibility might occur often initiated through hack attacks (Leidigh, 2005). Identification involves forming entities on the network and setting up characteristics that enable the entity to have a distinct identity. The authentication element involves determining proof of identity and claim especially when communicating over the network as trust s established on the basis of authentication. When authenticating on networks, usually a combination based approach is employed with authentication being gauged from multiple perspectives (Leidigh, 2005). Access control can also be referred to as authorization where the level of access for those interacting in and with the network is set. The level of access can be broadly categorized as either being classified, public, or confidential. The availability of networks is significantly relevant as well as a fundamental as it depicts whether a network is going to be available when required. The reliability of the network and its consistency in operations is covered in the aspect of availability. The confidentiality of the network is a further categorization of access control where the privacy of the data, resources and the user information is managed. In most cases the integrity of the network is what is threatened which deals with the accuracy of the information and processes involved in the network. This accuracy can also be applied to the functioning of the application and software on the network as well. The fundamental of accountability refers to the ownership and responsibility of activity on the network for the different entities communicating and operating through it. The recordkeeping and data and process tracking is covered under the accountability fundamental. Non repudiation on the other is significantly important from the perspective of ecommerce and deals with the denial of access to information on the network highlighting the liabilities of the entities involved. 1.3. Prevalent Issues in Network Security Network security is threatened by a myriad of security issues and attacks. These threats can be either passive or active. The passive threats are those that tend to monitor and access information on the network without causing any harm to them. The active attacks on the other hand are those where the information is changes and altered causing harm to the relevance, reliability and the integrity of data and resources on the network. The main security issues that are prevalent in the network security today include those pertaining to eavesdropping, data modification, spoofing attacks, attacks based on passwords (Technet Microsoft), attacks specific to denial of service, attacks pertaining to man-in-the-middle concept, those relating to compromised keys, sniffed attacks, attacks involving trojans, worms and viruses through emails and application layer attacks (Meghanathan et al., 2010). The highlighted attacks and security breaches that are prevalent can broadly be categorized as per the fundamentals of network security. Eavesdropping involves a third party monitoring the communications and information transfer on the network through sniffing or snooping. The main cause of this attack can be attributed to insufficient data encryption and access authentication and authorization protocols. Data modification is a more harmful form of threat where the third party can change and alter the data after gaining access to it thus threatening the integrity of the data and its accuracy (Technet Microsoft). This is often done without the knowledge of the owners, or the sender and receiver of information and is therefore significantly more harmful in terms if implications. Spoofing on the network is employed by hackers through spoofing programs where a combination of IP is determined which can attain access to the networks (Technet Microsoft). These IPs are then falsely set up and used by the hacker to attain access to the network, thus directly threatening the access of control, identification and authorization fundamentals of security. Another access based prevalent issue is that of password based attacks. Most of the information and resources on the networks are protected through passwords, and hackers seek to obtain lists of registers logs and their passwords through confidential resources or iteration based software that can enable them to bypass the word protection. Sniffer attacks and compromised key attacks are also those related to the authorization and access of control of the network resource (The Patricia Bennett Group, 2011). They involve observing the data transfer and communication on the network latently which can later be employed by the malicious parties to harm the network and its entities at a future date. The denial of service attack is another prevalent threat where the systems, processes and resources on the network are made unavailable by the third party to the actual owners and users of the resource. This is usually done by either changing the requirements for accessing control of the network, or through malicious software that cause illegal termination of the resources and processes on the network thus bringing the system down when valid users try to access the network. The man-in-the-middle attack is just as what the name suggests, an infiltration of the network where a malicious third party is present between the two communicating parties on the internet, having access to all their communication information. The application level attacks usually involve a malicious software, virus or worm to be injected in the network which then attacks on the application software and resources connected to the network, thus bringing the network as well as the associated resources down (Webb, 2007). This malicious software can be disseminated through illegal access of networks or through emails as well. The passive threats and issues highlighted here are less threatening in the short terms as they do not significantly alter the data having relatively low negative implications compared to those that involve altering of data and exposing malicious software into the network. However the passive threats can become active ones in the long term with the hacking third parties using the information used and gathered through monitoring to cause significant harm to the network as well as the entities associated with it. Therefore no type of issue or threat can be treated as trivial. 1.4. Current Trends in Network Security The current trends in network security are moving towards operating on multiple levels to provide a comprehensive protection to the network. These directly reflect the changing nature of users of the networks and the changing way in which networks are being used today as well. Earlier the trend towards cyber attacks threatening network security involved causing direct or indirect harm in an active manner. Now the trend has moved on towards silent hacking where the attacks usually involve monitoring data exchange and transfers (The Patricia Bennett Group, 2011). This has been particularly been observed for medical resources on networks. The hackers seek to attain confidential information regarding patients, treatments and pricing to add legitimate charges to make private profit off the information. The element of personal glory as depicted earlier in the attacks taking place in the 90s and early 2000s has shifted towards monetary personal gain. Another trend is towards the rendering of antivirus software as ineffective by development of software and programs which can pass undetected through protection software. This is particularly threatening with the shift towards client side hacking attacks instead of the previously prevalent attacks on servers and corporations. The servers and corporations extensively fund the protection of their networks and resources which as a result are protected through complex measures. The hackers are finding these difficult to penetrate and have therefore transferred their attention towards the client side networks (The Patricia Bennett Group, 2011). Accessing and controlling client side information, resources, as well as confidential information like credit card and identity theft is fast becoming more prominent. 1.5. Prospective Outlook The use of smart phones and related mobile devices running on operating systems like android are fast becoming popular in the market. With the increased use of these devices, the interconnectivity of people through networks has increased, providing fodder for the malicious parties as well. These parties are targeting such users through the social media websites like twitter and facebook (Hogben, 2008) and through custom made applications provided on the public marketplaces injected with malicious software to threaten their network resources and personal information. The cases involving ransomeware for mobile devices as depicted by an article titled ‘Network Security Trends’ in 2012, facebook photo virus (Telegraph, 2012), and those spread through instant messaging system of the same social media network (Waugh, 2012) are increasingly threatening the personal computing devices of the users. As a result there is a distinct need to focus on providing client side protection to the users through either OS based applications for effective threat detectors or through supportive network security applications provided in the market places. Another prospective trend that is apparent already is that towards hacktivism (‘Network Security Trends’, 2012), where hackers are using their skills to hack for the good of people. The philanthropic initiatives of these hackers are questionable in nature despite their aim to target corrupt parties and bring their corruption into public view thus exposing them. Anonymous operating since 2003 was a hacker to venture into this field, and more recently many like LulzSec have emerged that threaten to expose the members belonging to the drug cartel in Mexico, and those involved in child pornography. 1.6. Conclusion The analysis of the resources and the trends in the industry specific to network security has revealed that the main weakness that is inherent in the system is that associated with the human nature. People are humans, and susceptible to making mistakes. They often neglect to put of sufficient security measures to protect themselves on public networks which results in them increasingly being targeted by malicious parties. The policies, procedures and effective technology is present to prevent such malicious attacks, however people often disregard their importance and venture into dangerous network avenues without protection. In order to address network security issues, the human element needs to be addressed first with comprehensive control procedures set to standardize control and effectiveness of policy against hackers. Moreover technology, specifically that relating the computing and networking is constantly developing and changing. This makes it difficult to have consistently effective network security in place. The evolving and adapting nature of the malicious parties and the changing dynamics in networking therefore contribute towards the increased threats faced by networks. In order to address these issues, the basic fundamentals of network security need to be effectively managed, while the network protection has to be iteratively developed to be effective in the long term. 2. Applying Computer Forensics for Security Management 2.1. Introduction and Security Issue Computer forensics is an applied field of forensics where the criminal forensic techniques are employed to gather evidence through computers and mass storage devices. It is a further classification of the forensic science in the digital field and can be significantly employed to monitor and stop cyber and computer based crime (Kessler and Schirling, 2002). The main objective of computer forensics is to allow the data collection regarding facts through identification, preservation, recovery of data, forensic analysis and forensic presentation (Kay, 2006). The field has wide applicability from being able to provide support for resolution and prevention of computer based crime, to providing support in other civil cases as well. The popularity of crime scene investigation related shows on the television have sparked in interest in the field as a career choice as well as a viable source of investigation tool for solving crimes. With regards to the paper, a scenario has been provided where computer forensics can be applied. The provided scenario highlights and proposition of a computer forensic initiative and methodology that seeks to examine the computer equipment for an employee who has been alleged to having misused the equipment. The following section highlight the characteristics inherent to computer forensics, the different methods available that can be employed for resolving the case as well as a formal propositioned forensic computing based solution addressing the case requirements. 2.2. Attributes of Computer Forensics While computer forensics is an application of the forensics filed, it has significant characteristic which makes it different from other forensic techniques as well. These attributes incorporate that computer forensics is highly analytical, systematic, efficient, fast and effective when required for litigation purposes. The data that is gathered and investigated through computer forensics significantly differs from that involved in normal forensic investigation. In normal forensic investigation there is usually a paper trail of information, however in computer forensics there are many versions of the same data which can be employed as evidence (Kruse and Heiser, 2001). Therefore it is possible for the same evidence to be present in different places in varying forms. This is mostly because the data that is stored on computer or hard disk drives cannot be destroyed completely. Signs and digital sources of the data remain in the system which can be retrieved as different versions of evidence (Mercuri, 2005). Moreover a myriad of different types of evidence can be related to a single fact or evidence source. These can take the form of textual and graphical data or even informational retrieved from viruses and malware programs like spy ware. In addition to this computer forensics is very fast enabling data search, analysis and processing instantaneously with application of data mining techniques for further forensic investigation. The similarities that exist between the field of forensic computer and normal forensics are that they both are specialized, with significant amount of technical documentation required. The field of computer forensics is highly specialized, requiring skills professionals in the field of computing and forensics to undertake the initiatives (Steen and Hassell, 2004). Similarly computer forensics involves careful documentation of procedures to record the different stages undergone during the investigation process. 2.3. Methods of Application As highlighted computer forensics is very dynamic in terms of results. There are a myriad of different methodologies and techniques of forensics that can be applied to computer forensics. Some of these are depicted below. When applying computer forensics to computer networks, it is possible to undertake in investigation through packet sniffing, IP address tracing and through email address tracing (Vyavhare, 2011). Packet sniffing makes use of retrieving data packets communicated over the network using predetermined criteria for selection. The method of IP address tracing uses address cache in the network to reverse follow the data being communicated in order to determine the IP address of the data disseminator. The number of servers that exist between the sender and receiver are counted through hops with the shortest route highlighting the required IP address sought. Email tracing is a simple procedure, where the headers of emails can be analyzed for relevant information. When applying computer forensics to assess a certain machine as required in the case at hand, four main techniques are available. One of them is file structuring. This technique can be applied to gather information that might be scattered all over the machine (Vyavhare, 2011). This information is then coded and analyzed using trend analysis and data characteristics to form meaningful information through a structuring process. Often files sought through this technique are encrypted or have hashed algorithms performed on them (Craiger). Therefore in order to make this information useful the files have to be decrypted with relevant codes. Utilities are available in the market that allow for decryption of files. The second methodology that can be employed is focusing on storage media or the main storage repository of the machine. The data here can be manipulated or deleted which through forensic computing can be retrieved (Vyavhare, 2011). Formatted hard disks often present this problem. However there exist software, disk analyzers as well as specific software and tools that can be used for data recovery on such disks (Craiger). The retrieved data is then recoded into meaningful information by restructuring the fragmented data into comprehendible information. The third method available is that of reverse stenography (Craiger). It is often possible for the sought data to be encrypted into non apparent formats which might appear to be a normal sound file or an image, but in actuality may house encoded information. Such data is decrypted and evaluated through reverse stenography employing steg-analysis (Vyavhare, 2011). The fourth methodology applicable is the use of prints to investigate the machine. All information retrieved and gathered is printed out and recorded to create hard copy evidence. The data on such print outs can be garbled information or data that does not depict trends or meaningful results to the naked eye. However analysis performed on this data can reveal hidden and latent information that is sought through computer forensics. In addition to the different techniques, various forms of supporting tools and software are available which can be employed to support data gathering, encryption, decryption, structuring and analysis. These can take the form of disassemblers, hex editors, disk analyzers and decryptions. 2.4. Proposed Solution In order to assess the machine for possible illegal use by the alleged employee a mixed approach of computer forensics is suggested. The proposed method that can be employed will incorporate data restructuring, decryption, while performing reverse stenography to determine any hidden information. The proposed solution should be very systematic and analytical in order to make the results of the investigation suitable for submission for possible legal proceedings (Craiger). It is suggested that the investigation should be divided into different phases. These phases can take the form of data retrieval, data gathering, data decryption, data analysis, predictive restructuring. Each of these stages should be properly documented with multiple copies of the documentation being made. This is to ensure a proper flow of work with investigation being documented at each and every step, disallowing room for mistakes and liability. The first thing that needs to be done is to shut down the computer and note the hardware and software configurations of the machine. The machine then should be relocated to a secure facility where access can be limited and supervised. Then the disks should be back up using bit streaming with authentications being made for the storage devices on the machine. The system specific date and time should be documented along with documentation of the key search words used on the machine. The Windows or applicable operating system swap file should then be evaluated along with the file slack and the erased files that may still be having digital trace on the system. Any discrepancies and abnormalities should be recorded during the investigation along with the results of the analysis being performed. Then the software installed on the system should be checked for functionality with all findings being documented. The data can be restructured, and analyzed using the software available as highlighted in the previous section. The latent data can be retrieved and analyzed through steg-analyses of suspicious files on the system. Prints should be made at every stage of the documentation as well as the data being retrieved to have a continuous record of the investigation undertaken (Craiger). In additional to the search of the machine, the network browsers should also be investigated with the predetermined suspicious key words to ascertain what type of data has been retrieved or communicated through the network using the machine. All the above initiatives for the assessment of the machine and applying forensic computing techniques are undertaken to support relevant fact collection for investigative purposes. The risk of overlooking information is minimized through the use of complex and diverse computer forensic techniques, not relying on just one of them as depicted by the article published in the Journal of Information Systems Security (1997). In addition continuous in detail documentation is performed to reduce the risk of loss of data trail. Moreover the systematic way in which the computer forensic techniques are applied in this case can aid in the viability and the reliability of the results during the decision making process regarding the confirmation or the negation of the allegation 2.5. Conclusion Computer forensics is a fast developing field with diverse applicability in the field of forensics. Highly specialized professionals are required in the field, having certain characteristics that support systematic and in detail data retrieval and processing for results. With regards to the proposed scenario, a combination approach towards computer forensics is proposed to comprehensively as well as effectively gather facts for processing of information regarding the allegation of the employee for a possible crime. 3. References 1997, Computer Crime Investigation and Computer Forensics, Journal of Information Systems Security, Vol. 6, Issue 2, pp56 2008, Hogben, G., Security issues in the future of social networking, available at 2012, Facebook 'photo virus' spreads via email, The Patricia Bennett Group, available at 2012, Network Security Trends, available at Common Type of Network Attacks, Technet Microsoft, available at Craiger, P.J., Computer Forensic Procedures and Methods, To Appear in Handbook of Information Security John Wiley and Sons, available at Kay, R., 2006, The fundamentals of computer forensics, Computerworld UK, available at Kessler, G.C., Schirling, M., 2002, Computer Forensics: The Issues and Current Books in the Field, Cracking the Books, Cracking the Case: A Review of Computer Forensics Texts in Information Security Magazine Kruse, W.G., Heiser, J.G., 2001, Computer Forensics: Incident Response Essentials, Addison Wesley, p2 Leidigh, C., 2005, Fundamental Principles of Network Security, American Power Conversion White Paper 101, available at Meghanathan, N., Boumerdassi, S., Chaki, N., Nagamalai, D., 2010, Recent Trends in Network Security and Applications: Third International Conference CNSA, Springer Mercuri, R.T., 2005, Security Watch: Challenges in Forensic Computing, Communications of the ACM, Vol. 48, Number 12, pp17-21 Steen, S., Hassell, J., 2004, Computer Forensics 101, available at The Patricia Bennett Group, 2011, Latest Security Trends, Disaster Resource Guide The Patricia Bennett Group, available at Vyavhare, A., 2011, Basic Computer Forensics and Techniques, available at Waugh, R., 2012, Beware the new computer virus spreading via chat messaging window on Facebook, Daily Mail UK, available at Webb, D., 2007, Trends in Network Security, Network World, available at Read More

The authentication element involves determining proof of identity and claim especially when communicating over the network as trust s established on the basis of authentication. When authenticating on networks, usually a combination based approach is employed with authentication being gauged from multiple perspectives (Leidigh, 2005). Access control can also be referred to as authorization where the level of access for those interacting in and with the network is set. The level of access can be broadly categorized as either being classified, public, or confidential.

The availability of networks is significantly relevant as well as a fundamental as it depicts whether a network is going to be available when required. The reliability of the network and its consistency in operations is covered in the aspect of availability. The confidentiality of the network is a further categorization of access control where the privacy of the data, resources and the user information is managed. In most cases the integrity of the network is what is threatened which deals with the accuracy of the information and processes involved in the network.

This accuracy can also be applied to the functioning of the application and software on the network as well. The fundamental of accountability refers to the ownership and responsibility of activity on the network for the different entities communicating and operating through it. The recordkeeping and data and process tracking is covered under the accountability fundamental. Non repudiation on the other is significantly important from the perspective of ecommerce and deals with the denial of access to information on the network highlighting the liabilities of the entities involved. 1.3.

Prevalent Issues in Network Security Network security is threatened by a myriad of security issues and attacks. These threats can be either passive or active. The passive threats are those that tend to monitor and access information on the network without causing any harm to them. The active attacks on the other hand are those where the information is changes and altered causing harm to the relevance, reliability and the integrity of data and resources on the network. The main security issues that are prevalent in the network security today include those pertaining to eavesdropping, data modification, spoofing attacks, attacks based on passwords (Technet Microsoft), attacks specific to denial of service, attacks pertaining to man-in-the-middle concept, those relating to compromised keys, sniffed attacks, attacks involving trojans, worms and viruses through emails and application layer attacks (Meghanathan et al., 2010). The highlighted attacks and security breaches that are prevalent can broadly be categorized as per the fundamentals of network security.

Eavesdropping involves a third party monitoring the communications and information transfer on the network through sniffing or snooping. The main cause of this attack can be attributed to insufficient data encryption and access authentication and authorization protocols. Data modification is a more harmful form of threat where the third party can change and alter the data after gaining access to it thus threatening the integrity of the data and its accuracy (Technet Microsoft). This is often done without the knowledge of the owners, or the sender and receiver of information and is therefore significantly more harmful in terms if implications.

Spoofing on the network is employed by hackers through spoofing programs where a combination of IP is determined which can attain access to the networks (Technet Microsoft). These IPs are then falsely set up and used by the hacker to attain access to the network, thus directly threatening the access of control, identification and authorization fundamentals of security. Another access based prevalent issue is that of password based attacks. Most of the information and resources on the networks are protected through passwords, and hackers seek to obtain lists of registers logs and their passwords through confidential resources or iteration based software that can enable them to bypass the word protection.

Read More