What is a Network Security Policy? It is a policy intended to protect a network's integrity and to mitigate the losses as well as the risks which are associated with security threats to the network and its resources. Without Network Security Policy, a user's network availability could be easily compromised. A Network Security Policy starts with assessing the risk to the network and building a response team. Implementing a security change management practice and network monitoring for security violations are required in the continuation of a Network Security Policy.
Some aspects of a Network Security Policy are:
a) The Network Security Policy must be understandable
Users who read the policy must be able to comply with it easily. Ensuring that the policy is understandable will help the users understand it better.
b) The Network Security Policy must be consistent
If the policy is not consistent, it may raise discontent among the user community. An example would be making a decision in one issue and changing the decision again a few weeks later.
c) The Network Security Policy must be enforceable
If a user were to violate one of the policies, without punishing the user, the policy would be useless. So the management has to enforce the policy by punishing those who violate the terms and conditions of the policy.
d) The Network Security Policy must be documented, distributed, and communicated properly
If the policy is not documented, distributed nor communicated, enforcing a policy that no user has read would mean that only the one who created the policy would enforce it. So having new hires to sign a copy as they join the organisation would help enforce the policy.
e) The Network Security Policy needs to be flexible
Policies would surely experience changes as the business changes, and the management will need to stay on top of the policy.
f) The Network Security Policy must be reviewed
Implementing a regular review of the policies would ensure that they do not become obsolete. Months after the policy has been created, it is possible for the policy to become obsolete as the company changes its business relationship.
g) The Network Security Policy must be realisticIf the policies are too restrictive, complaints would arise, and the management will not help with the back up as the policies are unrealistic.
Examples of Network Security Policies:
1) Virtual Private Network Policy
2) Acceptable Encryption Policy
3) Information Sensitivity Policy
4) Password Policy
5) Wireless Communication Policy
References:
http://www.utoronto.ca/security/documentation/policies/policy_5.htm
http://www.cpcstech.com/sample-network-computer-security-policies.htm
http://www.windowsecurity.com/articles/Defining_a_Security_Policy.html
Sunday, 29 April 2012
Common Networking Attack Threats and Solutions
What is a network attack? It is defined as attempting to compromise network security using any means, method or process. Having compromised the network security, the attacker is able to run codes to damage systems or corrupt data, use user accounts and privileges illegally,or some other malicious activities. These are Network Attack Threats.
There are many different Network Attack Threats, but there are the more common Network Attack Threats such as:
1) IP Address spoofing
The IP Address of a computer is used by most networks and operating systems to identify a valid entry. And it is possible for IP Addresses to be falsely assumed with IP Address Spoofing. Special programs are used by attackers to change into IP packets that seems to have originated from valid addresses inside the corporate intranet. Once the attacker has successfully gained access to the network with a valid IP Address, he/she will be able to modify or delete data, or even change the route of the data.
2) Denial-of-Service Attack (DOS Attack)
The Denial-of-Service Attack (DOS Attack) prevents normal use of network and the computer by valid users. Once the attacker has gained access to your network, the attack is able to:
a) Randomise the Internal Information Systems staff's attention so that they will not see the intrusion immediately, which allows the attacker to initiate more attacks during this diversion.
b) Flood one computer or the whole network with traffic until a shut down occurs due to overloading.
c) Block traffic, which will result in the loss of access to network resources by authorised users.
But, there are solutions to solve or counter the problems caused by the Network Attack Threats.
For IP Address spoofing, users can trace the spoofed IP Packets, and so IP trace-back technology play a big part in discovering the source of the spoofed packets. The two main methods for tracing spoofed IP packets back to the source is Hop-by-Hop trace back and logging of suspicious packets in routers. It can inform the Internet Service Provider (ISP) when a node detects that it has become a victim of a flood attack. During flood attacks, the ISP can determine which router is sending the stream to the victim, and then it can also determine which is the next router that is going to be the next victim. So the ISP would either reach the source of the flood attack or reach the end of its administrative domain.
For DOS attacks, users can use the pattern recognition web application security engine to effectively protect against malicious behavior such as DOS attack. The patterns are regular expression-based and designed to efficiently and accurately identify a wide variety of application-level attack methods.
References:
http://www.tech-faq.com/network-attacks.html
http://technet.microsoft.com/en-us/library/cc959354.aspx
http://www.applicure.com/solutions/prevent-denial-of-service-attacks
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-4/104_ip-spoofing.html
Picture :
http://www.windowsecurity.com/img/upl/ssh1_21026823126250.gif
There are many different Network Attack Threats, but there are the more common Network Attack Threats such as:
1) IP Address spoofing
The IP Address of a computer is used by most networks and operating systems to identify a valid entry. And it is possible for IP Addresses to be falsely assumed with IP Address Spoofing. Special programs are used by attackers to change into IP packets that seems to have originated from valid addresses inside the corporate intranet. Once the attacker has successfully gained access to the network with a valid IP Address, he/she will be able to modify or delete data, or even change the route of the data.
Picture of how spoofing is done
2) Denial-of-Service Attack (DOS Attack)
The Denial-of-Service Attack (DOS Attack) prevents normal use of network and the computer by valid users. Once the attacker has gained access to your network, the attack is able to:
a) Randomise the Internal Information Systems staff's attention so that they will not see the intrusion immediately, which allows the attacker to initiate more attacks during this diversion.
b) Flood one computer or the whole network with traffic until a shut down occurs due to overloading.
c) Block traffic, which will result in the loss of access to network resources by authorised users.
But, there are solutions to solve or counter the problems caused by the Network Attack Threats.
For IP Address spoofing, users can trace the spoofed IP Packets, and so IP trace-back technology play a big part in discovering the source of the spoofed packets. The two main methods for tracing spoofed IP packets back to the source is Hop-by-Hop trace back and logging of suspicious packets in routers. It can inform the Internet Service Provider (ISP) when a node detects that it has become a victim of a flood attack. During flood attacks, the ISP can determine which router is sending the stream to the victim, and then it can also determine which is the next router that is going to be the next victim. So the ISP would either reach the source of the flood attack or reach the end of its administrative domain.
For DOS attacks, users can use the pattern recognition web application security engine to effectively protect against malicious behavior such as DOS attack. The patterns are regular expression-based and designed to efficiently and accurately identify a wide variety of application-level attack methods.
References:
http://www.tech-faq.com/network-attacks.html
http://technet.microsoft.com/en-us/library/cc959354.aspx
http://www.applicure.com/solutions/prevent-denial-of-service-attacks
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-4/104_ip-spoofing.html
Picture :
http://www.windowsecurity.com/img/upl/ssh1_21026823126250.gif
Subscribe to:
Posts (Atom)