Telecommunication and Network Security

Published on January 2017 | Categories: Documents | Downloads: 32 | Comments: 0 | Views: 225
of 15
Download PDF   Embed   Report

Comments

Content

0

Telecommunication and Network Security

1

Table of Contents
Abstract ........................................................................................................................................................ 2 Telecommunication and network Security ............................................................................................. 4 History ................................................................................................................................................... 4 Common methods of attacking networks..………………………………………………………………….5      Eavesdropping………………………………………………………………………………………..5 Viruses……………………..…………………………………………………………………………….6 Worms and Trojans..………………..…………………………………………………………… 6 Phishing………………………………….………………………………………………………………7 DoS…………………………………………………………………………………………………………7

Solutions…………………………………………………………………………………………………………………….8        Cryptography………………………………………………………………………………….8 Firewalls…………………………..…………………………………………………….………8 Intrusion Detection System.…………………………………………………………..9 TLS…………………………………………………………………………………………………9 Anti Viruses……………………………………………………………………………………9 General Precautions…….…………………………………………………………………10 Hardware interface improvisation………………………………………………….11

Future of network Security…………………………………………………………………………………………12 References…………………………………….……………………………………………………………………………13

2

Abstract This paper focuses on the importance of the security in

telecommunication and networks. The paper not onl y addresses the various ways by which a hacker or some unauthorized person can get access to a computer or a network, but it also tells the ways and means to improve the securit y of a sys tem and a network. This paper addresses the emerging trends in network securit y and weighs the possible future aspects as well.

3

Telecommunication and Network Security

Over the past few decades the world has seen a revolution in Science and technology. To be a little more specific, the world has been introduced into a new age of Information Technology. The world has become a global village now. You don’t need to visit a market physically to buy anything. All you have to do is to search out for that item on the internet and order it. You don’t have to worry about the payment either. All you’ve got to do is to get in possession of a credit card or online account. You don’t have to go to post office to post your mail. You can now communicate with your dear ones via e-mail, video conference and social networking sites. The list doesn’t end here. The technology has played an important role in facilitating the office environment across the globe. All the computers in an office can be networked and hence the transfer of the files is now less time consuming process than ever. But off course, along with these positive aspects, technology has brought some risks or hazards as well. Like real life, the thieves exist in the e-world as well. The hackers try to sneak into your account or network to steal the data of their interest. Sometimes they do it for their interest. For this purpose the subject of Telecommunication and network security studies has been taken seriously around

4

the world. Authors have written books on this subject and we’ll briefly shed light on this topic in the following lines. History Today’s internet seems fine to us. High speed browsing and high speed downloads keep us content. But it wasn’t so since ever. The fore runner to this internet was called APRANET. When APRANET was developed in 70s, people could connect to each other. In 80s, some minds entered the taboo and started experimenting with developing applications which could break into computer networks. Such applications were very small sized and were sometimes installed inside a file to increase the chances of success. To cut a long story short, cases started to surface where it was complained that someone broke into the computer network and modified or stole some data. This raised a question over the vulnerability of the computer network systems. The IT experts then put their heads together to sort out ways and means of improving the network security. Since then, many ways and means of improving network security have been devised and still being devised but the hackers have continued to resume their battle with the networks. Common methods of attacking network There are many types of network security lapse. One can hack windows or operating system of a computer. One can hack dial-up, PBX or Voicemail. That’s not all. Hackers these days have become so advanced that they can hack your

5

firewall or even network devices. And off course hacking an internet user or a website is beyond that. The methods used by hackers to break into the networks are usually of two types. The attacks may gain access to the personal data or knowledge. Such attacks are usually made through phishing and eavesdropping. Sometimes the attacks are purposed to mingle with certain functions of computers. Such attacks are made through Trojans, viruses, worms etc. These attacks are common in a workgroup. We’ll now discuss them in a bit more detail.  Eavesdropping

Eavesdropping is the act of listening or accessing the conversation between others, without their consent. Such act is considered unethical generally. Security agencies of some countries have been doing this for a long time. Recently NSA was heavily criticized for taping the phones of international leaders. Eavesdropping is of two types. Active and passive. Passive Eavesdropping is that in which a person just listens or gets access to the networked messages whereas on the other hand in Active Eavesdropping, the hacker not only gets access to the message but inserts something in it or affects the quality of the message deliberately.  Viruses

Viruses are such programs which have ability to replicate and propagate themselves upon their insertion into a computer system. When such a file is opened, it becomes active and it may not only copy itself to that computer but to

6

other computer as well. Whatever area of hard drive is captured by that virus, is called the infected area. Virus may not only affect the functions of a computer but may stalk unto your key strokes hence causing a greater probability of your password being stolen without letting you know that what has happened. Such a virus is called key-logger. The purposes of developing such programs are various. Back in 70s and 80s, people used to do it to make some profit. There were cases where people made viruses, dropped them into computers via network and then advised the user to get their computer alright from so and so computer shop. A law was made then according to which hacking was declared an international crime. Although the hacking for profit didn’t stop since then but people started hacking for stealing important data and leaving political messages as well.  Worms and Trojans

Worms and Trojans are much like viruses but not exactly the same. A worm is often referred as a sub-class of viruses. A worm is much more difficult than a virus since it can become active without any click on any file and can replicate through your system. It can make hundreds of copies and send them to other computers. Worm transfers through file exchange, usually through e-mail. Trojan or Trojan horse has a very interesting background. It derives its name from its mythological Trojan Horse tale. As Trojan Horse was used to get into the city, similarly Trojan in IT is a manipulated program or application which appears to

7

be a useful application at first and tempts the user to click it. Once clicked, it becomes active and may do harm to the computer much like a virus.  Phishing

Phishing usually aims to hit at the confidential information of the individuals such as dates of birth, passwords, user names, credit card numbers etc. This is usually done through e-mails. Such e-mails may include content which may potentially tempt the reader to share his information with the sender or a link to a website which includes malware. Whatever mean is opted the end result is the loss of the user. The word has been inspired from ‘fishing’, probably because the victim is trapped through a bait, though an emotional one. Phishing is done not only by emails but through phones as well. Phishing through phones involve some sort of a fake number. The user is tempted to dial that number to get some prize (imaginary though). Once the user dials that number, his balance starts decreasing or he suffers some other sort of loss. Recently another interesting technique has been opted which is referred as Evil Twins. This technique actually employs the establishment of a fake wireless network , when a user connects onto that and starts using it the hackers try to capture the passwords and credit card pins.  DoS

DoS stands for Denial of Service. In such kind of attack, so many requests are sent to the host system to let join that the ability of system to answer those requests fails and the system can’t respond to the requests. The system has to go offline i.e. without offering service for quite some time.

8

Solutions The threats to the telecommunication and network security have been a major concern for the world and will remain. Many techniques have been devised to deal with these threats, in the following lines we’ll discuss a few of those techniques which have been somewhat successful in dealing with these threats and concerns.  Cryptography

Cryptography is an ancient art. It was used to convey messages secretly by coding them. The idea is intelligibly employed in network security where the sender sends a message, it is coded by the network or some other service provider and decoded into the spoken language at the receiver’s end. The only main drawback with this system is that it is useful as long as the pattern or system of encryption remains hidden or unknown to the hacker. Once the hacker gets to know it, it becomes prone to decryption by the hacker.  Firewalls

Like Trojans, firewalls too have a reason behind their name. Firewalls are used in construction. A brick wall is usually built between too structures with the purpose to keep the fire from spreading. And that’s how Firewalls of e-world work. They provide protection to both incoming data and outgoing data of an organization or an individual or between different components of a network, to be precise. Firewall can revoke access to spoofed IPs etc. The settings of a firewall can be customized according to your own requirements.

9

There are various types of firewalls. The main one being the Network layer or Packet filter. These firewalls operate at a low level and do not allow the packets to pass unless they match the established requirements. The admin, user or moderator can define his own set of requirements. If he doesn’t define any, default instructions/rules/ requirements, the default set becomes active. The other type of firewalls is application-layer firewall. Such firewall allows all the packets to travel (traffic) to and from a particular application. Such firewalls block packets from all other sources. The latency of data being transmitted depends upon the inspection criteria of the firewall. There is another type of firewall, which is not exactly firewall by its very nature but can behave so and that is a Proxy. A proxy server can behave as an application firewall by inspecting all the incoming packets of data and blocking other packets.  Intrusion detection systems

An intrusion detection system consists of a device or a software which monitors a system or network for malicious or suspicious activities as well as policy violations and then forms reports. Although it sounds much similar to firewall, it is a bit different from firewalls. Firewalls are purposed to block unauthentic traffic whereas intrusion system primarily notice intrusion attempts and just report them. That’s the difference between the two. There are some limitations of the intrusion detection system, however. Noise in the packets can reduce the efficiency of an I.D.S. By noise, we mean bad packets here. Such packets may generate a false alarm. Since attack-patterns are called

10

signatures and they keep updating rapidly, a signature based IDS needs to be updated regularly. An outdated IDS may leave the system exposed to newer patterns of attacks.  TLS

TLS is the abbreviation of Transport Layer Security. It is a suite of protocols which ensures a good level of security. Such protocol is usually used by web browsers to make the conversation between web and the user more secure than ever. Internet Explorer and Netscape use this protocol. This protocol usually makes use of cryptography and is used on those webs where passwords or credit card no. etc. are required. Both TLS and its predecessor SSL use asymmetric cryptography, which make them quite safer since symmetric encryption is more vulnerable.  Anti-viruses

Anti-viruses are applications which detect Trojans, viruses or worms as well as infections. They primarily work to stop attacks from external data storage sources such as an external hard drive, floppy, CD, DVD or flash drive etc. Anti-viruses are usually designed for individual computers but these days anti-viruses are being developed which have the ability to stop and counter the threats and attacks on a network as well. To protect a network through the use of an anti-virus the anti-virus’s signature definitions need to remain updated all the time. There are many methods to do that.

11

The easiest method of updating anti-virus however is the bi-directional updating of anti-virus.
he

method includes receiving a new antivirus file at one of the the central service computer and updating the

user computer and

computer's antivirus database.  General precautions

Having discussed these methods we’ll now discuss a few general pre-cautions which can be done to secure a system or a network. On the top of the list is setting up a password to the system or the network. While setting the password it should be ensured that the password is not a common one. The more complex the password, the better security it ensures. Passwords more than 10 characters long, with at least one number and one punctuation sign are generally considered strong enough. Passwords should be changed periodically. However one problem with the passwords is that they are only good as long as you are able to keep them in your mind. Once you forget them, you may suffer heavy loss. While installing a firewall, make sure that you audit your firewalls regularly. Do not connect with strangers on social networking sites unnecessarily. Do not click on suspicious links shared by them, especially suspicious pictorial or video links shared by them. While checking your e-mails, do not open those mails which appear totally irrelevant or suspicious to you. At least don’t do so on your own PC or a PC which is the part of the network.

12



Hardware Interface improvisation

Big organizations and institutions can’t just rely on software protection. The advancements in technology are being focused to make the security of computer networks as well as real life networks i.e. work places, offices more secure and fool proof. One such step taken is the introduction of smart cards, RFID cards etc. But the drawback of these cards is that once they get snatched or lost i.e. the person loses the possession, the card may go into the wrong hands which may then break into the network by just swiping it. Some organization, especially those related with defense projects or projects of national security have recently employed the methods of Biometric verification. The most commonly used methods for Biometric verification are retina scan, thumb print verification, voice recognition etc. Recently, hackers have started using methods which may steal your data without letting you know. These methods include use of some external hardware source, plugged into USB port of your computer. The hardware appears to be harmless, but when plugged, may ask to install drivers and that driver file is actually a corrupt one. As soon as you click to install the driver file, you open up a door to troubles. Sometimes, these external devices don’t need a river file to be clicked. Their interface has some hidden corrupt file which may infect your computer without any action of yours. Different OS have a set of hardware interfaces, yet there is no accepted standard of interface to system software. Different groups, both on industrial level as well

13

as students are trying to develop a set of idealized high-level interfaces for tailored devices. Such sets of interfaces will try to detect the suspicious devices and their corrupt interfaces as well as the corrupt drivers for the external devices. Future of network security Although developments are being made both in hardware and software to protect the networks around the globe, yet the future of network security lies in the improvisation of software primarily. The future of network system lies in the establishment of a successful immune system which not only fights the attacks and threats but makes itself able to fight tougher attacks.

14

References Peake, T. M. (2005). Eavesdropping in communication networks. Animal communication networks. Cambridge University Press, Cambridge, 13-37. Fraser, K., Hand, S., Neugebauer, R., Pratt, I., Warfield, A., & Williamson, M. (2004, October). Safe hardware access with the Xen virtual machine monitor. In1st Workshop on Operating System and Architectural Support for the on demand IT InfraStructure (OASIS). Elgamal, T., & Hickman, K. E. (1997). U.S. Patent No. 5,657,390. Washington, DC: U.S. Patent and Trademark Office.s Daya, B. Network security: History, importance, and future. University of Florida Department of Electrical and Computer Engineering.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close