Network Security

March 7, 2012, by | Start Discussion

Introduction

Computer Networks are the back bone of all organizations which rely on Information Technology (IT) and are the primary entry point for users to access the Information resources of an organization. Networks today are no longer limited within the physical location of an organization, but are required to be accessible from anywhere in the world which makes it vulnerable to several threats.

In a recent survey conducted by the Computer Security Institute (CSI), 70 percent of the organizations polled stated that their network security defenses had been breached and that 60 percent of the incidents came from within the organizations themselves. Organizations have realized that having a secure network infrastructure is critical to safeguard their IT assets.

Network design can vary from one organization to the other but, it is recommended to use the layered design approach – core layer, aggregation modules and the access layer. These layers comprise of hardware necessary to control access between internal and external resources. Though we will not deal with the layers in depth, the basic building blocks of a network are the router which is part of the core layer, firewall and switch which are part of the access layer. Along with these we have supporting aggregation modules such as IDS/IPS, antivirus, etc. Before we begin on network design and security, let’s understand the basic network components:

Router

In simple words, router is a network device which connects two different networks. Perimeter router or the Edge router is placed in the outermost layer of the network and forms a part of the core layer of the network architecture and serves as the very first line of defense.  It is responsible for forwarding IP packets to the networks to which it is connected. These packets can be inbound requests from Internet clients to Web server, request responses, or outgoing requests from internal network. The router can also be configured to block unauthorized or undesired traffic between networks. The router itself must also be secured against reconfiguration by using secure administration interfaces and ensuring that it has the latest software patches and updates applied.

Firewall

A firewall is often imagined as a wall of defense in a building which prevents spreading of fire from one part of the building to another. In a network world a firewall is a device primarily used to protect the boundary of an organization’s internal network while it is connected to other networks. The role of the firewall is to block all unnecessary ports and to allow traffic only from known ports such as port 80 for all HTTP traffic, port 25 for SMTP traffic and in some cases known network segments.

Unfortunately the hackers have become so smart these days that they manage to get through the firewall through the permitted ports and try to compromise the IT assets of an organization.  Thus firewall cannot evaluate the contents of “legitimate” packets and can unknowingly pass through some attacks to the inside network.

Hence these days most organizations deploy Intrusion Detection System (IDS) which have the capability to monitor network traffic and logs any unauthorized access attempts and suspicious network patterns and report them to network administrators at the earliest. But again, there is a problem if the administrators are not able to take immediate action, though the attack is detected it is not stopped.

To prevent such malicious activities, Intrusion Prevention Systems (IPS) were introduced in the network architecture. When any such malicious activity is detected an IPS can block such traffic and notify the administrators. Coupled with IPS/IDS, the firewall is a useful tool for reventing attacks and detecting intrusion attempts, or in worst-case scenarios, the source of an attack.

Switch

A network switch is a device which enables networked devices to talk to each other efficiently. The main purpose of using a switch in a network is to segment the network into logical pieces. The network devices which are part of the network segment are connected to the switch and any communication to these devices happens through the network switch. Some amount of security is built into the switch to prevent packet sniffing by intruders between networks. A switch can forward packets to a specific host or a network segment, rather than sharing the data with the entire network

The second most important factor in the network design is the network segmentation. Having a flat network allows an intruder to gain easy access to organizations critical assets. Network is segmented logically with the help of network devices such as routers and switch and access between these zones is controlled by a firewall.

Let’s understand the network design aspects with the help of the above diagram. Though this is not a full-fledged network diagram of a typical organization network, it does provide the basic understanding of network architecture with more focus on the perimeter security. As depicted above perimeter router is the outermost network device exposed to the external world with a public interface, followed by an optional network switch or directly connected to a firewall interface which allows traffic only on specific ports. An IDS/IPS device is connected in line with the network firewall for detecting and preventing network intrusions. Further a switch is used to segment the network into different logical segments.

In most organizations we see their data center network segmented into the DMZ and Internal zone. DMZs are used to separate Internet facing devices such as Web servers, Mail Gateway, Domain Name Servers Proxy server. DMZ allows inbound or outbound traffic to be initiated to or from the internal network without revealing the actual details of the internal network. This adds an additional layer of security and provides a certain extent this assumption holds good, if network paths are configured properly. There should not be a direct path to internal network should one of the devices in the DMZ be compromised.

Internal zone mainly comprises of infrastructure required to support business applications. There can be more logical separations in the internal network based on customer needs such as a separate DB segment which is also a mandate by few regulations.

Having understood the network components and the basic layout of a network let’s focus on the need for security.

An intruder usually looks for poorly configured network devices to exploit. Some of the most common network vulnerabilities which intruders exploit are default installation settings, open access controls, unpatched devices and easy access to network devices. Some of the most common Network threats are:

  • Information gathering – information about network design, system configuration, and network devices is gathered and an attack is planned later.
  • Packet Sniffing – Intruder monitors data packets using network sniffers to read all clear text information and may steal some confidential information in clear text.
  • Spoofing – where the original source of attack is spoofed to appear as a trusted source and can cause a denial of service attacks.
  • Session hijacking – also known as man in the middle attacks in which an intruder uses an application that appears the genuine client or the server. This results in either the server or the client being tricked into thinking that the upstream host is the legitimate and share confidential information.
  • Denial of service – is the act of denying legitimate users access to required resources. Attackers deny service by flooding the network with traffic and throttle the available bandwidth and resources.

As attacks are evolving and becoming more mature, the security solutions to prevent them are also evolving. As you might have seen so far, organizations use collection of layered security devices such as firewalls, intrusion detection systems, antivirus, etc. But managing all these devices individually is a complex process. This led to the evolution of Unified Threat Management Solutions (UTM). UTM systems are bundled with many security features and capabilities such as intrusion detection and prevention, Anti-Virus solution, e-mail spam filtering and Web content filtering, functions of a firewall, integrated into a single appliance.

Though UTM is still in its evolution stage, it has managed to be of much use to smaller organizations and still a long way to be of much use to larger organizations. UTM device face the challenge of performance with a significant consumption of bandwidth as they analyze more and more data. But security experts believe that UTM is here to stay and hope to see a more mature UTM in future.

Network design is an evolving process, organizations must never sit back and relax once the initial network setup is complete. Networks must be monitored continuously and improve security from time to time. Security can mean different to different organizations and must take appropriate measures to secure themselves. Just remember we are never alone in this world, we always have company.


Pradeep works as an Infrastructure Security consultant with Enterprise Security and Risk management –Cloud practice, Infosys Ltd. Pradeep is currently working on Security Information and Event Management & Data loss prevention solutions. As a security enthusiast, Pradeep intends to become a cyber-forensic professional.

Leave a Reply