Methods And Countermeasures For Network Security

Methods for Network Access Security

Discuss about the Safeguard The System From The Security.

Network security is a set of procedures and policies that are used prevent unauthorised access, modification of data or denial of service. Network security assures that data is accessed only by valid users it is important as many type of institutions and organisations are involved with it. The main concept of network security arises from authentication that is designed to allow the access rights [1]. Thus report covers the main concern about network security the major methods that are used to secure the network. The threat that exists in the network of a system is addressed.  The count measures are also discussed to safeguard the system from the security.

There are various methods used to secure the network and stop the threats to enter or spread in the network. This is done by managing the threat by keep the software’s updated to protect the network from all the existing threats [2]. There are following ways used to network access security.  

• ACL stands for access control list. These are the list of rules that are applied to the interface of routers that specifies the data could be denied or permitted. These act a as a filter that allow only valid users to enter in the system and the users who are not given any right to access the information is denied to do so [3]. The term ACL can be treated as firewall that allow list of users that are allowed to access the system and only those users gain access to the network.
• Filtering- Every network has a unique MAC address thus MAC filtering is a type of interface that allow only those packets to be transmitted over internet that are registered [4]. The MAC filtering allows checking the access to a network is granted.
• Tunnelling and encryption- Tunnelling is a process that allows one protocol to be encrypted into another. This make sure that communication is secure between devices. This is done by making use of cryptograph that assures that communication is secured and the privacy of users is also designed. The encryption is another method to boost up the security of network. This is done by changing the plain text of data in the form of cipher text [5]. The cipher text make sure that even if the data is leaked the hackers will not be able to read the data as it is not in a human readable form.
• Security Monitoring- it is the method that ensure that the network remain secure as it is continuously monitored by the user regarding the attacks. They use main tools to monitor the network. Intrusion detector is one such tool that monitors the network and gives an alert whenever some vulnerability is scanned. Other tool could be firewall that deny the traffic and also check the vulnerability that exists in the network.
• Update- The system should be updated so that there are no chances of threats to exist in the system [6]. If the system and network remains update than there will be no chances of threats to exist in the system.
• Intrusion prevention- The prevention methods are designed to manage the signatures so that if any bug hit the system then prevention. They are installed at the edge of the internet and make sure that attacks do not occur.

Network security is breached due to various threats that exist due to malicious activities. The threats or attacks can be either active or passive [7]. Active attack is actually caused when intruder intentionally perform certain activities to destroy the normal operations. The hackers try to modify the data and make changes in normal operation. The passive attack is where the hackers just monitor the path over the network without making any changes.

The threat that exists in a system is due to viruses that spoils the normal operation of network. Data modification is one of the threats that are performed by third part user to violet the confidentiality of data. Denial of service is another threat that says that valid users are not able to access the information or make the resources unavailable [8]. The DNS spoofing is the other threat in which the domain name system is introduced in the cache server that returns incorrect result. The man in the middle attack is a threat that is caused by a third party where they silently read the data or alter the communication between certain parties. Phishing is another threat on the network in which the hacker tries to access the password as well as sensitive data. These threats spoil the trust as well as confidentiality of data [9]. These threats spoil the goodwill of an organisation as they leak the sensitive information by spoiling the confidentiality and integrity of data.
The motive of these threats is to keep the network busy by increasing the traffic of the network.  The major threats that exist are due to old security measures that allow hackers to steal, utilize the information without any permission. The other such threats are weak access control that is due to poor authentication and authorization. The rights to access the resources need to be checked so that credentials or privileges are not affected [10]. The external threats that exist on the network include viruses, worm, spywares and Trojans. They enter the system from side doors and damage and steal the data by performing various activities on the network. One of the main threats that spoils the confidentiality of data is eavesdropping that allow unauthorised monitoring to people unknowingly. These threats focus on accessing the confidentiality data of an organisation so that it can be misused or steeled. 

Threats to Network Security

Preventive Controls are designed so that flaws do not occur at the first place only. These steps are taken before any loss or problem occurs to prevent security violations and stop the incident from occurring at all. Examples are blocking certain codes, firewalls, Security guards, using locks, using encryption and so on.

Detective Control is used to discover the unwanted activities and report them. It happens after the bug has already taken place as prevention control failed, it is important to detect so that it does not future effect the performance [10]. But it is difficult as one can’t identify when an incident will occur.

There are various threats that spoil the confidentiality, integrity and security of network.  Thus there are series of count measures that are undertaken to maintain the security level. Some of the countermeasures like access control, authentication, integrity of data, availability and nonrepudiation of data. Access control makes sure that admin ensures the access to functions by giving permission to only authenticated user. The purpose of authentication is to make sure that only user with valid identity can send and receive data over the network [11]. Other than that confidentiality of data is maintained by providing the encryption, access control as well cryptography.

Security Policy- A security related policy has been designed to deal with all the attacks. These policies are designed to take proper steps by making user that all the security incidents are handled properly [12]. Apart from various countermeasures are designed to protect the network against all security risks.

Thus all the vulnerabilities are eliminated by removing the entire security hole in the network. The patches need to be removed from the network by applying proper security updates. Thus the count measures are used to make sure that all the sensitive information is protected [13]. The authentication mechanism should be done in such a way that it allows only authenticated data to be transmitted and blocking all the users. To avoid the chances of loss of confidentiality and integrity of the network a proper access control should be delivered to the end user. A proper control regarding who can read, write and modify the information need to be accessed [14]. If the rights are provide in a proper manner than misuse of information will not occur. The defining the rights of information only valid users could read the relevant portion of the database.

Conclusion

It can be concluded that network security is an important to protect the files and directories by providing proper access control it also make sure that network is safe from all the hackers and unauthorised users. This report covers the all the major threats that exist in the system to spoil the integrity and confidentiality of information. The threats and its count measures have been discussed in this report.

Perlman, Radia, Charlie Kaufman, and Mike Speciner. Network security: private communication in a public world. Pearson Education India, 2016.

Beberlein, L. T., G. Dias, K. N. Levitt, B. Mukherjee, and J. Wood. “Network attacks and an Ethernet-based network security monitor.” (2017).

Chen, Gaojie, Yu Gong, Pei Xiao, and Jonathon A. Chambers. “Physical layer network security in the full-duplex relay system.” IEEE transactions on information forensics and security 10, no. 3 pp-574-583, 2015.

Knapp, Eric D., and Joel Thomas Langill. Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress, 2014.

Ayyagari, Arun, Timothy M. Aldrich, David E. Corman, Gregory M. Gutt, and David A. Whelan. “Context aware network security monitoring for threat detection.” U.S. Patent 9,215,244, issued December 15, 2015.

Perlman, Radia, Charlie Kaufman, and Mike Speciner. Network security: private communication in a public world. Pearson Education India, 2016.

Lin, Derek. “Anomaly detection system for enterprise network security.” U.S. Patent 9,112,895, issued August 18, 2015.

Borders, Kevin R. “Method, system and computer program product for detecting at least one of security threats and undesirable computer files.” U.S. Patent 9,055,093, issued June 9, 2015.

Talooki, Vahid Nazari, Riccardo Bassoli, Daniel E. Lucani, Jonathan Rodriguez, Frank HP Fitzek, Hugo Marques, and Rahim Tafazolli. “Security concerns and countermeasures in network coding based communication systems: A survey.” Computer Networks 83, pp- 422-445, 2015.

White, Gregory B., Eric A. Fisch, and Udo W. Pooch. Computer system and network security. CRC press, 2017.

Sharma, Rajesh K., and Danda B. Rawat. “Advances on security threats and countermeasures for cognitive radio networks: A survey.” IEEE Communications Surveys & Tutorials 17, no. 2, pp- 1023-1043, 2015.

Shu, Zhaogang, Jiafu Wan, Di Li, Jiaxiang Lin, Athanasios V. Vasilakos, and Muhammad Imran. “Security in software-defined networking: Threats and countermeasures.” Mobile Networks and Applications 21, no. 5 pp-764-776, 2016.

Chen, Min, Yongfeng Qian, Shiwen Mao, Wan Tang, and Ximin Yang. “Software-defined mobile networks security.” Mobile Networks and Applications 21, no. 5, pp-729-743, 2016.