Network security refers to the protection of network systems, hardware, software and data, so they are not leaked by accident or due to malicious reasons, and the network service is stable and runs continuously without interruption. Network security involves a comprehensive calculation of computer science, network technology, communication technology, password technology, information security technology, applied mathematics, number theory, information theory and other disciplines.
Key Features:
Confidentiality
Information is not leaked to unauthorized users.
Integrity
Information and data kept in storage or in the transmission process, are not modified without authorization, not destroyed and not missing any features.
Availability
With authorization, data can be used as necessary.
Controllability
The ability to control the dissemination of information and content.
Auditability
Filtration of bad data, prevention of illegal or harmful usage of data such as information involving state or national secrets, and prevention of confidential information leakage.
Typically, system security, performance and functionality have a contradictory relationship. If a network system does not provide any service to (i.e. is disconnected from) the public, the outside world is unlikely to pose a security threat. However, most companies provide online stores and e-commerce services that require a somewhat open network environment, which then opens the gateway for security issues.
The necessary authentication, encryption, monitoring, analyses, and reports affect network efficiency, and reduce the flexibility of the client's application and Internet connection. At the same time, it will increase administrative expenses.
Good network security coverage should have the following features:
1. Check for security vulnerabilities: Perform cycle checks; even if a hacker can reach its target, the system is able to make the attack/s ineffective.
2. Attack monitoring: Real-time detection and attack monitoring; such as auto disconnect network services, recording attack history and log file, and tracking the source of the attack.
3. Encrypt data: With encryption, an attacker cannot understand or modify the information.
4. Authorization: Prevents an attacker from impersonating legitimate users.
5. Backup and recovery: A good backup and recovery mechanism, so as soon as losses occur in an attack, the data service will stop and restore immediately.
6. Multiple layers of defense: When an attacker breaks through the first layer, the system delays or blocks it from reaching the next layer or target.
7. Hide internal information: An attacker will not be able to understand the system.
Tuesday, September 25, 2012
Tuesday, September 11, 2012
One Internet connection - Two Private LANs
There are times when 2 router sharing same internet connection, the requirement on configuration, each router must be set to a different Class C subnet. Below chart indicate that both router setting with different subnet, which is 192.168.1.1 and 192.168.1.2
Wednesday, September 5, 2012
How Address Resolution Protocol (ARP) Attack VLAN
VLAN (Virtual LAN) is the concept of partitioning a physical network, so that distinct broadcast domains are created. Regardless of server location, VLAN is able to maintain private network communication with each host. It provides users with a separate network segment, with the added benefit of saving bandwidth and equipment usage, thus helping companies save costs.
VLAN is suitable for private network connections, however, it is not particularly safe. VLAN builds on the second layer of the OSI data link layer. Although each OSI layer is independent, they are interrelated. If one of the layers has problems, it will also affect the data transfer of other layers. The potential security threats are:
Address Resolution Protocol (ARP) Spoofing
The working principle of ARP is actually the process of turning the third layer IP address into the second layer MAC address.
A malicious user can forge the IP address and MAC address. ARP protocol cannot detect fake information, which causes safety problems. The malicious user will be mistaken as a legitimate user, and will be free to use the network resources and have administrator access. Furthermore, they can even send ARP packets in the VLAN devices.
When the hacker sends an ARP data packet to the targeted victim, the packet cannot be detected because the received ARP table has been forged. The hacker can receive the actual device messages, and can even attempt to receive information from other network devices. The hacker then hides his/her identity by restoring the ARP data table and network equipment back to normal process.
Famous ARP spoofing tools such as rpspoof, Arpoison, Cain and Abel, Ettercap, and Trapper are inspired from Cain.
An effective strategy to deal with ARP attacks is dynamic ARP monitoring (DAI). DAI is an ARP packet network authentication security feature that can remove the IP address and MAC address in the ARP data packet.
Steps to configure the router to prevent ARP attacks:
VLAN is suitable for private network connections, however, it is not particularly safe. VLAN builds on the second layer of the OSI data link layer. Although each OSI layer is independent, they are interrelated. If one of the layers has problems, it will also affect the data transfer of other layers. The potential security threats are:
Address Resolution Protocol (ARP) Spoofing
The working principle of ARP is actually the process of turning the third layer IP address into the second layer MAC address.
A malicious user can forge the IP address and MAC address. ARP protocol cannot detect fake information, which causes safety problems. The malicious user will be mistaken as a legitimate user, and will be free to use the network resources and have administrator access. Furthermore, they can even send ARP packets in the VLAN devices.
When the hacker sends an ARP data packet to the targeted victim, the packet cannot be detected because the received ARP table has been forged. The hacker can receive the actual device messages, and can even attempt to receive information from other network devices. The hacker then hides his/her identity by restoring the ARP data table and network equipment back to normal process.
Famous ARP spoofing tools such as rpspoof, Arpoison, Cain and Abel, Ettercap, and Trapper are inspired from Cain.
An effective strategy to deal with ARP attacks is dynamic ARP monitoring (DAI). DAI is an ARP packet network authentication security feature that can remove the IP address and MAC address in the ARP data packet.
Steps to configure the router to prevent ARP attacks:
- VLAN DAI status (CISCO DHCP environment)
- Enter the global configuration command
- Router# configure terminal
- Through the use iparp checking VLAN {vlan_id | vlan_range} global configuration allows use in VLAN DAI
- Router (config) # iparp inspection vlan {vlan_ID | vlan_range}
- Finally, verify the configuration
- Router (config-if) # do show iparp inspection vlan {vlan_ID | vlan_range} | begin Vlan
Subscribe to:
Posts (Atom)