Computer network security

Computer network security is ensured by policies and practices adopted to prevent and monitor unauthorized access, misuse, modification or shutdown of the network and the resources available to it. It includes data access authorization, which is controlled by a network administrator. Users select or assign an identifier and password or other authentication information that allows them to access data and programs within their authority.

Network security covers many computer networks, both public and private, that are used in everyday work, conducting transactions and communications between enterprises, government agencies and individuals. Networks can be private (for example, within the company) and others (which can be open to public access).

Computer network security is associated with organizations, enterprises and other types of institutions. This protects the network and also performs protective and supervisory operations. The most common and easiest way to protect a network resource is to assign it a unique name and corresponding password.

Security management

Security management for networks can be different for different situations. A home or small office may require only basic security, while large enterprises may require high-reliability services and advanced software and hardware to prevent hacking and sending unwanted attacks.

Types of network attacks and vulnerabilities

Vulnerability is a weakness in design, implementation, performance, or internal control. Most of the vulnerabilities discovered are documented in the Common Vulnerabilitiesand Exposures (CVE) database.

Networks can be attacked from various sources. They can be of two categories: “Passive”, when a network intruder intercepts data passing through the network, and “Active”, in which an attacker initiates commands to interrupt the normal operation of the network or to conduct monitoring in order to gain access to data.

To protect a computer system, it is important to understand the types of attacks that can be carried out against it. These threats can be divided into the following categories.

"Backdoor"

A backdoor in a computer system, cryptosystem, or algorithm is any secret method of circumventing conventional means of authentication or security. They can exist for a number of reasons, including the original design or poor configuration. They can be added by the developer to allow any legal access, or by an attacker for other reasons. Regardless of their motive, they create vulnerability.

Denial of service attacks

Denial of service (DoS) attacks are designed to make a computer or network resource inaccessible to its intended users. The organizers of such an attack can block individual victims from accessing the network, for example, by deliberately entering the wrong password many times in a row to cause the account to be locked, or to overload the capabilities of the machine or network and block all users at the same time. While a network attack from one IP address can be blocked by the addition of a new firewall rule, many forms of distributed denial of service (DDoS) attacks are possible, where signals come from a large number of addresses. In this case, protection is much more complicated. Such attacks can come from computers controlled by bots, but a number of other methods are possible, including reflection and amplification attacks, where entire systems involuntarily transmit such a signal.

Direct access attacks

An unauthorized user gaining physical access to a computer is likely to directly copy data from it. Such attackers can also compromise security by modifying the operating system, installing software worms, keyloggers, hidden devices to listen to or use wireless mice. Even if the system is protected by standard security measures, they can be circumvented by loading another OS or tool from a CD or other bootable media. Disk encryption is designed to prevent just such attacks.

Network Security Concept: Key Points

Information security in computer networks begins with authentication associated with the introduction of a username and password. This kind of it is one-factor. With two-factor authentication, an additional parameter is additionally used (security token or “key”, ATM card or mobile phone), and three-factor authentication also uses a unique user element (fingerprint or retinal scan).

After authentication, the firewall applies the access policy. This computer network security service is effective in preventing unauthorized access, but this component may not check for potentially harmful content such as computer worms or trojans transmitted over the network. Anti-virus software or intrusion prevention system (IPS) helps detect and block the action of such malware.

An intrusion detection system based on data scanning can also monitor the network for subsequent analysis at a high level. New systems that combine unlimited machine learning with a complete analysis of network traffic can detect active network intruders as malicious insiders or targeted external pests that have cracked a user computer or account.

In addition, communication between the two hosts can be encrypted to provide more privacy.

Computer protection

In ensuring the security of the computer network, countermeasures are applied - actions, devices, procedures or techniques that reduce the threat, vulnerability or attack, eliminating or preventing it, minimizing the damage caused or detecting and reporting its presence.

Secure coding

This is one of the main security measures for computer networks. In software development, secure coding aims to prevent accidental injection of vulnerabilities. It is also possible to create software designed from the ground up for security. Such systems are “safe in design”. In addition, formal verification is aimed at proving the correctness of the algorithms underlying the system. This is especially important for cryptographic protocols.

This measure means that the software is developed from scratch to ensure the security of information in computer networks. In this case, it is considered the main feature.

Some of the methods of this approach include:

1. The principle of least privilege, in which each part of the system has only certain powers necessary for its functioning. Thus, even if an attacker gains access to this part, he will gain limited authority over the entire system.
2. Code reviews and unit tests are approaches to ensure greater module security when formal proof of correctness is not possible.
3. Deep defense, where the design is such that it is necessary to violate several subsystems in order to violate the integrity of the system and the information that it stores. This is a deeper computer network security technique.

Security architecture

The Open Security Architecture organization defines the IT security architecture as "design artifacts that describe the location of security controls (security countermeasures) and their relationship with the overall architecture of information technology." These controls serve to maintain attributes of system quality such as confidentiality, integrity, accessibility, liability and guarantees.

Other experts define it as a single design for computer network security and information system security, which takes into account the needs and potential risks associated with a particular scenario or environment, and also determines when and where to use certain tools.

Its key attributes are:

• relationships between different components and how they depend on each other.
• definition of control measures based on risk assessment, best practices, finance and legal issues.
• standardization of controls.

Computer Network Security

The “security” state of a computer is a conceptual ideal achieved by using three processes: preventing a threat, detecting it, and responding to it. These processes are based on various policies and system components, which include the following:

1. User account access control and cryptography controls that can protect system files and data.
2. Firewalls, which today are the most common preventive systems in terms of computer network security. This is due to the fact that they are able (if configured correctly) to protect access to internal network services and block certain types of attacks by filtering packets. Firewalls can be either hardware or software.
3. Intrusion Detection Systems (IDS), which are designed to detect network attacks during their implementation, as well as to provide assistance after the attack, while audit trails and directories perform a similar function for individual systems.

The “answer” is necessarily determined by the assessed security requirements of a particular system and can range from a simple security update to notifying the appropriate authorities, counterattack, etc. In some special cases, it is best to destroy a hacked or damaged system, as it may happen that not all vulnerable resources will be discovered.

What is a firewall?

Today, a computer network security system mainly includes “preventative” measures, such as firewalls or exit procedures.

A firewall can be defined as a way to filter network data between a host or network and another network, such as the Internet. It can be implemented as software running on a machine and connected to the network stack (or, in the case of UNIX-like systems, built into the kernel of the OS) to provide real-time filtering and blocking. Another implementation is the so-called “physical firewall”, which consists of a separate filtering of network traffic. Such tools are common among computers that are constantly connected to the Internet, and are actively used to ensure the information security of computer networks.

Some organizations are turning to large data platforms (such as Apache Hadoop) to ensure data availability and machine learning to detect advanced persistent threats.

However, relatively few organizations support computer systems with effective detection systems, and they have even fewer organized response mechanisms. This creates problems of ensuring technological security of a computer network. The main obstacle to the effective eradication of cybercrime is excessive reliance on firewalls and other automated detection systems. However, this is a fundamental data collection using packet capture devices that stop attacks.

Vulnerability Management

Vulnerability management is a cycle of identifying, eliminating or mitigating vulnerabilities, especially in software and firmware. This process is an integral part of securing computer systems and networks.

Vulnerabilities can be detected using a scanner that analyzes a computer system in search of known “weaknesses” such as open ports, insecure software configuration and vulnerability to malware.

In addition to vulnerability scanning, many organizations contract with security outsourcing to conduct regular penetration tests on their systems. In some sectors, this is a contractual requirement.

Vulnerability Reduction

Although formal validation of computer systems is possible, it is not yet common. Officially tested operating systems include seL4 and SYSGO PikeOS, but they make up a very small percentage of the market.

Modern computer networks that ensure the security of information on the network actively use two-factor authentication and cryptographic codes. This significantly reduces risks for the following reasons.

Hacking cryptography is almost impossible today. Its implementation requires a certain non-cryptographic input (illegally obtained key, plaintext or other additional cryptanalytic information).

Two-factor authentication is a method of mitigating unauthorized access to a system or confidential information. To enter the protected system, two elements are required:

• “What you know” - password or PIN;
• "What you have" - ​​a card, key, mobile phone or other equipment.

This increases the security of computer networks, as an unauthorized user needs both elements at the same time to gain access. The tighter you take security measures, the less hacking can occur.

You can reduce the chances of attackers by constantly updating systems with security feature fixes and updates using special scanners. The effect of data loss and corruption can be reduced by carefully backing up and storing.

Equipment Protection Mechanisms

Hardware can also be a source of threat. For example, hacking can be carried out using microchip vulnerabilities maliciously introduced during the manufacturing process. Hardware or support security in computer networks also offers specific protection methods.

Using devices and methods, such as passkeys, trusted platform modules, intrusion detection systems, disk locks, disabling USB ports, and mobile-enabled access, can be considered more secure due to the need for physical access to stored data. Each of them is described in more detail below.

The keys

USB keys are commonly used in the software licensing process to unlock software features, but they can also be considered as a way to prevent unauthorized access to a computer or other device. The key creates a secure encrypted tunnel between it and the software application. The principle is that the encryption scheme used (for example, AdvancedEncryptionStandard (AES)) provides a higher degree of information security in computer networks, since it is more difficult to crack and replicate the key than simply copying your own software to another machine and using it.

Another use of these keys is to use them to access web content, such as cloud software or virtual private networks (VPNs). In addition, the USB key can be configured to lock or unlock the computer.

Protected devices

Trusted Platform Trusted Device (TPM) devices integrate cryptographic capabilities into access devices using microprocessors or so-called on-chip computers. TPMs, used in conjunction with server-side software, offer an original way of detecting and authenticating hardware devices, as well as preventing unauthorized access to network and data.

Intrusion detection into the computer is carried out by means of a push-button switch, which is activated when the machine is opened. The firmware or BIOS is programmed to alert the user the next time the device is turned on.

Lock

. , , , . .

USB- - . USB-, , .

- . , Bluetooth, (LE), (NFC) , . ( ), QR-, . , . , .

. - (ACL) .

Using ACLs to limit program performance has proven to be unsafe in many situations. For example, a host computer can be tricked by indirectly allowing access to a limited file. It has also been shown that the promise of an ACL to grant access to an object to only one user can never be guaranteed in practice. Thus, today there are practical shortcomings in all ACL-based systems, but developers are actively trying to fix them.

Capability-based security is mainly used in research operating systems, while commercial OSs still use ACLs. However, features can only be realized at the language level, which leads to a specific programming style, which is essentially a refinement of the standard object-oriented design.