by Abstract:
The Secure Network has become a necessity for every organization. Security threats are rising constantly and making high speed wired or wireless networks and internet services, unsafe and untrustworthy. During this time, security measures are more important to achieve the best needs of today’s growing trade. The necessity is also imperative in areas such as defense, where it is safe and proved that access to resources is the key issues regarding information security.
Introduction:
Network
The network consist all the collection of systems which are connected to each other to communicate with other channel. This channel may consist of any physical or logical medium and any computerized device such as a node. Some examples of nodes in a computer network are computers and printers, and when talk about the telecommunications network mobile phones and basic control units are the best examples. The nature of a network node has own identity in the mode of its unique network status.
Security
Conventionally, security is specified as a procedure to avoid unofficial access, use, modification, theft or physical harm to object by managing high confidentiality and integrity of information about things and information about things accessible when needed. Security is an ongoing process to protect something from assault. That thing can be a person, or organizations such as a company, or property such as a computer system or a file. For example, when we deem a computer system as its security, all its resources, such as physical hardware units such as readers, printers, CPU, monitors and others includes the security. Further to physical resources, non-physical data is also stored resources such as data and information to be shielded. In shared computer system like a network, the cover physical and non-physical sources that formulating the network, inclusive of transmission pathway and adapters such as modems, bridges, switches and servers, as well as files stored on those servers. In every cases means to avoid unauthorized access, use, modification and theft or physical damage these resources. Therefore, the security specified includes the following network security challenge:
· Confidentiality
To avoid illegal divulgence of information to third parties. This includes divulgence information about resources.
· Integrity
To avoid unofficial change of means and maintains a status quo. It consists of integrity of system resources, human resources and information. Changing sources such as information may be caused by a desire for personal gain or a need for counter- play.
· Availability
To avoid unofficial system holds resources of those who need it when they need them. Depended on these aspects, we see that security is physical, even though it may also be psychological at period. Psychological safety is sometimes referred to as non-genuine security.
Network Security
It is the protection of networks, their applications or services through illegal access that limits the form, expose or devastation of data. It also ensures that the network performs correctly without harmful results. This is acceptable, a broad definition, but a general sentence for the betterment of network administrators it dealing with new types of attacks. Each organization refers to its own security policy that describes the connection level, allowed or denied. It is therefore imperative for every organization to make such a broad security mechanism that helps to tackle new types of attacks.
Types of Attacks
There are some basic classes of attacks that can cause slow network performance, no traffic control, viruses, and so on. Network attacks by pernicious nodes. Attacks can be two categories:
“Passive” when a network interloper blocks data traveling through the network, and “Active” to interloper information begins to break the normal network operation.
Active attack
Active attack methods have been used for more than ten years. All servers or persons expressed via the internet are very attentive. There are some active attacks like spoofing attacks, Wormhole attacks, Modification, Denial of services, Sinkhole and Sybil attack.
· Spoofing attacks
Without a pernicious node, the sender changes the topology. In this type of attack, unidentified people act like authorized users and boost access to the network and embezzle important information. Spoofing is in different forms. A spoofing form is piloting wrong email from fake address and registration names, passwords and account information. Another one Spoofing is IP spoofing, where IP packages are used to send data to the network. This IP package hold source address and terminus address. In IP spoofing the address is so falsified it hold a different address. When the target the machine will get the fake IP package it sends the reaction back to the attacker and the attacker is possible get access to limited resources.
· Wormhole attacks
It attack is also known as tunneling attack. In this attack a aggressor receives a package at a given moment and tunnels it to other pernicious node on the network. To assume a beginner he found the shortest path on the network.
· Modification
When a pernicious node accomplishes change the routing route, so that the sender sends a message the prolonged route. This attack provoked a communication delay between the sender and the receiver.
· Denial of services
In a denial of service attacks, the hacker takes a lot of a shared resource without it the source is left with other users. There are two types of attacks of denial of service. The first type of attack trying to destroy the sources, so that no one can be uses it. The second type of attack is overloaded some system services or some kind of tool consume, so prevent others from using the service.
· Sinkhole
Sinkhole is a service attack that blocks the base terminal from getting complete and accurate information. In this case attack, a node endeavor to attract its data from its completely neighboring node. Choice of change, forward or data drops can be done by using this attack.
· Sybil attack
This attack is associated to several copies of pernicious nodes. Sybil’s attacks may occur as a result of a pernicious node sharing his privacy key with other pernicious nodes. So the number of harmful nodes increased in network and the possibility of attack also increases. If we use numerous routing, the feasibility is that selecting the mode of the pernicious node will increase over the network.
· Fabrication
A pernicious node creates a fake message of routing. This means that it creates misinformation about route between devices.
Passive Attack
Passive Attack tries to make information from the system or learn from some external people, but it does not change system assets. This means that attackers can get system data, but have no access to system resources. These attacks have the nature of relevance that monitoring the transmission. The purpose of the disputant is to get the data and sent it from one end to the other.
Passive attacks are those where the attacker’s objective is to acquire information. They do not want to change the contents of the original message. It is hard to detect because it is not changing data. Message release, traffic analysis, sniffing and key loggers are some techniques of voice attacks.
· Message release
When we send a message to our friend, we just want that person can read the message. With the help of some security mechanism, we can avoid the content of messages from being released. For example, we can code the message using an algorithm.
· Traffic analysis
It is a type of passive attack, where the attack occurs by observing the exterior traffic attributes. The attacker examines traffic, identify location, identify communication parties, and examine the time-span of the message is exchanged. With all this information the attacker can prognosticate the nature of communication. Analyses all incoming and outgoing traffic, but not modified.
· Sniffing
Sniffing is a way to resolve the transferred data that has been sent of the sender. It only attempt to find out what kind of message or the data is sent by the sender without the consent of the sender.
· Key loggers
It’s a program running in the background, where everything is keystrokes. When keystrokes are recorded, they are hidden in machine that will be returned later or forwarded not to the attacker. The attacker then conscientiously searches them in hopes of either search of passwords, or possibly other beneficial information can be used to accommodate the system or to use it in a social environment technical attack. For example, a key logger shows contents of all user composed e-mails. Key logger is often included with root kits.
Principle of security
Principles of security are as follow:
· Accuracy
If it has no defects and it is worth expected by user then the information is accurate.
· Availability
Computer resources available for authorized persons when he needed. To access the data, sources are constantly available for authorized person.
· Authentication & identification
Validation of information shows the data is real or authentic rather than fabrication.
The information is verified when it was originally created, placed or transferred. The recipient of the data must be capable to establish the source.
· Access Control
In this regulation, the trustee gives control over others should have access to “what”. For example, for user A is only possible to read the database, but B can also read including update the database.
· Confidentiality
Any unidentified people may have not be able to ingress to others data or other computer resources.
· Integrity
It depends on the correctness of the data. Unidentified people only are empowered to generate, edit and delete data according to agreed conditions and situation.
· Non repudiation
This principle does not permit the operator or a message to cancel the allegation not to send that message. It offers security against the denial of one of the quantity involved with a notice of involvement in a part of communication.
Vulnerabilities of network security
Vulnerabilities in network security can be resolved by soft places that presented in each network. These are given in the network and individual devices that create the network.
The networks are usually deliberate due to one or all of the three major vulnerabilities or weaknesses:
■ Technological weaknesses
■ Conformity vulnerabilities
■ Security problems
■ Technological weaknesses
Computer and network technologies have security vulnerabilities. These include weak vulnerabilities in TCP / IP protocols, weak operating vulnerabilities and weak vulnerabilities on network equipment.
■ Conformity vulnerabilities
Network operators or network engineers need to know the arrangements of security vulnerabilities and configure their computer and network devices correctly to recover.
■ Security problems
Security policy vulnerabilities can cause unexpected security threats. The network may cause security threats for the network if users do not follow the security policy.
Conclusion
Security is a very important and essential issue. Everyone has a different idea about security rules, and which level of risk is tolerable. There are various types of attacks on the network security and these are also growing with progress and the growing use of the internet. In this article mention the different types of attacks that invade our system. There is also mention some principles of security. This assessment is useful to learn more about network vulnerabilities. Network security Problems can be resolved through the soft areas displayed on each network.
