050-22 STRo’ group student Temirov Okhunjon Explain network and system security
Network security.Software and hardware security. Methods and means of protecting networks and inter-network information. The use of computer and information technologies, telecommunications, data transmission networks, Internet services, which are among the priorities of our country's policy, is developing and modernizing. Broad implementation of modern information technologies in our daily life in all spheres of our society ensures achievement of our goals in the future. The use of the Internet in every industry is increasing productivity.
It is the rapid exchange of information using the network that allows us to save time. In particular, the formation of the electronic government system in our country and the strengthening of the interaction between state management bodies and the population will be implemented using the network. Effective use of the network ensures the formation of a democratic information society. In such a society, the speed of information exchange will increase, the collection, storage, processing and use of information will have a quick result.
However, from problems such as illegal access to the network, use and change, loss of informationprotection has become an urgent issue. Enterprises, organizations and government agencies that connect their work to the network should pay serious attention to network security before connecting to the network to share information. Network security is implemented through the use of various tools and methods, taking measures and implementation of measures in order to ensure the transmitted, stored and processed information in a reliable and systematic manner. A network security tool must quickly detect and counter the threat. There are many types of network security threats, but they fall into several categories:
by attacking, listening and changing (Eavesdropping);
denial of service; (Denial-of-service)
Port scanning.
In the process of information transmission, it is possible to eavesdrop, change and block information without the users noticing in the information exchange carried out through telephone communication lines, instant messaging over the Internet, video conferencing and fax transmissions. This attack can be performed using several network analysis protocols. Attackers can easily convert digital audio from CODEC (video or audio analog signal to digital signal and vice versa) standard into high-quality but large audio files (WAV). Usually, the process of this attack is completely invisible to the user. The system performs the specified actions without excessive stress and noise. There is absolutely no doubt about the theft of information. Only those who have prior knowledge of this threat and want to preserve the value of the information being sent will be able to exchange information through a network protected by the application of special network security measures. There are several effective technologies against eavesdropping and tampering of information sent over the network:
IPSec (Internet protocol security)protocol;
VPN (Virtual Private Network) is a virtual private network;
IDS (Intrusion Detection System) is a system for detecting unauthorized access.
Ipsec (Internet protocol security) allows secure data exchange over a network using security protocols and encryption algorithms. This special standard ensures that software and data and hardware are compatible with each other in the communication between computers on a network. The Ipsec protocol ensures the confidentiality of the information transmitted over the network, that is, it is understandable only to the sender and receiver, the purity of the information, and the authentication of packets. The use of modern information technologies has become a necessary tool for the development of every organization, and the Ipsec protocol provides effective protection for:
when connecting the head office and branches with a global network;
remote management of the enterprise via the Internet;
in protecting the network connected with sponsors;
in increasing the security level of e-commerce.
A VPN (Virtual Private Network) is defined as a virtual private network. This technology is aimed at ensuring reliable protection, based on the formation of an internal network, where all data exchange between users is within another network. The Internet is used as the network base for VPN.
Advantage of VPN technology. By combining local networks into a public VPN network, a low-cost and highly secure tunnel can be built. To create such a network, you need to install a special VPN gateway that serves to exchange information between branches on one computer of each part of the network. Information sharing in each department is done in a simple way. If you need to send data to another part of the VPN network, then all data is sent to the gateway. In turn, the gateway processes the data, encrypts it based on a reliable algorithm, and sends it to a gateway in another branch over the Internet. At this point, the data is decrypted again and transmitted to the end computer in a simple way. All this happens completely imperceptibly for the user and does not differ from working on a local network. Using an eavesdropping attack, intercepted information becomes unintelligible.
In addition, a VPN is a great way to connect an individual computer to an organization's local network. Let's imagine that you went on a business trip with your laptop, and there was a need to connect to your network or get some information from it. You can connect to a VPN gateway using a special program and act like any other worker in the office. It is not only convenient, but also cheap.
How VPN works. To create a VPN network, in addition to new devices and software, you need to have two main parts: a data transfer protocol and tools for its protection.
An intrusion detection system (IDS) detects the method or means by which an attempt is made to break into a system or network security policy. Intrusion detection systems have a history of almost a quarter of a century. Early models and prototypes of intrusion detection systems used computer systems audit data analysis. This system is divided into two main classes. It is divided into network intrusion detection system (Network Intrusion Detection System) and computer intrusion detection system (Host Intrusion Detection System).
The architecture of IDS systems includes:
a sensor component system that collects and analyzes situations related to the security of protected systems;
designed to detect suspicious activities and attacks based on sensor dataanalysis part system;
a repository that provides collection of data on analysis results and initial conditions;
A management console that allows you to configure the IDS system, monitor the state of the IDS and the protected system, and monitor the conflicts detected by the analysis subsystems.
This system is divided into two main classes. It is divided into network intrusion detection system (Network Intrusion Detection System) and computer intrusion detection system (Host Intrusion Detection System). The principle of operation of Network Intrusion Detection System (NIDS) is as follows:
1. checks the traffic that has access to the network;
2. restricts malicious and unauthorized packets.
Eavesdropping threats can be effectively protected by following the listed security steps.
This type of DOS (Denial-of-service) network attack is called a denial-of-service attack. In this, the attacker tries to prevent legitimate users from using the system or service. Often, these attacks are carried out by flooding infrastructure resources with service access requests. Such attacks can target an entire network as well as an individual host. Before carrying out an attack, the object is thoroughly studied, that is, the weaknesses or shortcomings of the protection tools used against network attacks, what operating system is installed, and the time of peak activity of the object. By determining the following and based on the test results, a special program is written. At the next stage, the created program is sent to servers with a high position. Servers send to registered users in their database. The user who receives the program installs the program, knowing or not knowing that it was sent by a trusted server. This exact situation can occur on thousands or even millions of computers. The program activates on all computers at the specified time and continuously sends requests to the server of the object to be attacked. The server is busy responding to the incessant requests and cannot perform its basic operations. The server will stop serving. The program activates on all computers at the specified time and continuously sends requests to the server of the object to be attacked. The server is busy responding to the incessant requests and cannot perform its basic operations. The server will stop serving. The program activates on all computers at the specified time and continuously sends requests to the server of the object to be attacked. The server is busy responding to the incessant requests and cannot perform its basic operations. The server will stop serving.
The most effective ways to defend against a denial of service attack are:
technology of inter-network screens (Firewall);
IPsec protocol.
Inter-network screen is the first protection device of internal and external perimeters. The inter-network screen manages the incoming and outgoing data in information and communication technologies (ICT) and provides ICT protection by filtering data, performs information verification based on established criteria, and decides whether packets enter the system. The firewall looks at all the packets passing through the network and decides whether to allow the packets in both directions (inbound, outbound) based on defined rules. Also, the firewall provides protection between two networks, that is, it protects the protected network from an open external network. The following features of the protective device are particularly packet filtering is an effective defense against DOS attacks. Packet filters control:
The firewall cannot provide complete protection against DoS attacks due to some disadvantages:
errors or shortcomings in the design - various technologies of inter-network screens do not cover all possible intrusions into the protected network;
implementation defects - each network screen is a complex software (software-hardware) complex, so it has errors. In addition, there is no general testing methodology that allows you to determine the quality of the software implementation and make sure that all the specified features are implemented in the network interface;
disadvantages in application (operation) — management of firewalls, their configuration based on security policy is very complicated, and in many situations there are cases of misconfiguration of firewalls. The listed shortcomings can be overcome by using the IPsec protocol. Summarizing the above, adequate protection against DOS attack can be obtained by proper use of firewalls and IPsec protocol.
Port scanning is a type of attack that is often used against computers that provide network services. We need to focus more on virtual ports to ensure network security. Because ports are a means of transporting data through a channel. A computer has 65,536 standard ports. Computer ports can be metaphorically compared to the door or window of a house. A port inspection attack is similar to burglars knowing whether doors and windows are open or closed before entering a home. If a thief notices that the window is open, it will be easy to enter the house. A hacker uses a Port Probe attack to find out whether a port is open or not at the time of the attack.
A message is sent to analyze all ports at the same time, as a result, it is determined in real time which port of the computer the user is using, which is considered a sensitive point of the computer. It is precisely through the known port number that it is possible to tell exactly what service the user is using. For example, if the following port numbers are determined as a result of the analysis, it is possible to determine the name of the service being used through these numbers
Port #21: FTP (File Transfer Protocol) file sharing protocol;
Port #110: POP3 (Post Office Protocol 3) E-mail port.
An effective defense solution against port scanning attack is the effective use of network shielding technology. The attack can be prevented by introducing a special rule on the inter-network screen against incoming requests to check all ports at the same time.