Ensuring information security of networks. Information security in computer networks
Topic: Problems of information security in
computer networks.
Introduction.
1. Problems of information security in computer systems.
2. Ensuring the protection of information in networks.
3. Security mechanisms:
3.1. Cryptography.
3.2. Electronic signature.
3.3. Authentication.
3.4. Network protection.
4. Requirements for modern means of information protection.
Conclusion.
Literature.
Introduction.
In computing, the concept of security is very broad. It implies both the reliability of the computer, and the safety of valuable data, and the protection of information from making changes to it by unauthorized persons, and the preservation of the secrecy of correspondence in electronic communications. Of course, in all civilized countries, the security of citizens is guarded by laws, but in the field of computer technology, law enforcement practice is not yet sufficiently developed, and the legislative process does not keep pace with the development of computer systems, and largely relies on self-defense measures.
There is always a problem of choosing between the necessary level of protection and the efficiency of networking. In some cases, users or consumers may perceive security measures as restricting access and effectiveness. However, tools such as cryptography can significantly increase the degree of protection without restricting user access to data.
1. Problems of information security in computer systems.
The widespread use of computer technologies in automated information processing and control systems has aggravated the problem of protecting information circulating in computer systems from unauthorized access. Information protection in computer systems has a number of specific features related to the fact that information is not rigidly associated with the media, it can be easily and quickly copied and transmitted over communication channels. A very large number of threats to information are known that can be implemented both by external intruders and by internal intruders.
A radical solution to the problems of protecting electronic information can only be obtained through the use of cryptographic methods that allow solving the most important problems of secure automated processing and transmission of data. At the same time, modern high-speed methods of cryptographic transformation make it possible to maintain the original performance of automated systems. Cryptographic data transformations are the most effective means of ensuring data confidentiality, integrity and authenticity. Only their use in conjunction with the necessary technical and organizational measures can provide protection against a wide range of potential threats.
Problems that arise with the security of information transmission when working in computer networks can be divided into three main types:
· interception of information - the integrity of information is preserved, but its confidentiality is violated;
· modification of information - the original message is changed or completely replaced by another and sent to the addressee;
· change of authorship of information. This problem can have serious consequences. For example, someone can send an email on your behalf (this type of deception is commonly called spoofing) or a Web server can pretend to be an electronic store, accept orders, credit card numbers, but not send any goods.
The needs of modern practical computer science have led to the emergence of non-traditional problems of protecting electronic information, one of which is the authentication of electronic information in conditions where the parties exchanging information do not trust each other. This problem is related to the creation of electronic digital signature systems. The theoretical basis for solving this problem was the discovery of two-key cryptography by American researchers Diffie and Hemiman in the mid-1970s, which was a brilliant achievement of the centuries-old evolutionary development of cryptography. The revolutionary ideas of two-key cryptography led to a sharp increase in the number of open research in the field of cryptography and showed new ways of developing cryptography, its new possibilities and the unique significance of its methods in modern conditions of mass application of electronic information technologies.
The technical basis for the transition to the information society is modern microelectronic technologies that provide continuous growth in the quality of computer technology and serve as the basis for maintaining the main trends in its development - miniaturization, reducing power consumption, increasing the amount of RAM (RAM) and the capacity of built-in and removable drives, increasing productivity and reliability, expanding the scope and scale of application. These trends in the development of computer technology have led to the fact that at the present stage, the protection of computer systems from unauthorized access is characterized by an increase in the role of software and cryptographic protection mechanisms compared to hardware ones.
The growing role of software and cryptographic tools is manifested in the fact that emerging new problems in the field of protecting computer systems from unauthorized access require the use of mechanisms and protocols with a relatively high computational complexity and can be effectively solved by using computer resources.
One of the important social and ethical problems generated by the ever-expanding use of cryptographic information protection methods is the contradiction between the desire of users to protect their information and the transmission of messages and the desire of special government services to be able to access information of some other organizations and individuals in order to suppress illegal activities. . In developed countries, there is a wide range of opinions on approaches to the issue of regulating the use of encryption algorithms. Proposals are made from a complete ban on the widespread use of cryptographic methods to complete freedom of their use. Some proposals relate to allowing only weaker algorithms to be used, or to requiring the registration of encryption keys. It is extremely difficult to find an optimal solution to this problem. How to evaluate the ratio of losses of law-abiding citizens and organizations from the illegal use of their information and the losses of the state from the inability to gain access to encrypted information of certain groups hiding their illegal activities? How can you be sure to prevent the illegal use of cryptographic algorithms by persons who violate other laws? In addition, there are always ways of hidden storage and transmission of information. These questions have yet to be addressed by sociologists, psychologists, lawyers and politicians.
The emergence of global information networks such as INTERNET is an important achievement of computer technology, however, a lot of computer crimes are associated with INTERNET.
The result of the experience of using the INTERNET network is the revealed weakness of traditional information protection mechanisms and the lag in the application of modern methods. Cryptography provides an opportunity to ensure the security of information on the INTERNET, and work is now underway to introduce the necessary cryptographic mechanisms into this network. Not a rejection of progress in informatization, but the use of modern cryptography achievements is the strategically correct decision. The possibility of widespread use of global information networks and cryptography is an achievement and a sign of a democratic society.
Possession of the basics of cryptography in the information society cannot objectively be the privilege of individual government services, but is an urgent need for the widest layers of scientific and technical workers who use computer data processing or develop information systems, security personnel and the management of organizations and enterprises. Only this can serve as a basis for the effective implementation and operation of information security tools.
One single organization cannot provide sufficiently complete and effective control over information flows within the entire state and ensure proper protection of the national information resource. However, individual government agencies can create conditions for the formation of a market for high-quality security tools, training a sufficient number of specialists and mastering the basics of cryptography and information protection by mass users.
In Russia and other CIS countries in the early 1990s, there was a clear tendency to outpace the expansion of the scale and scope of information technology over the development of data protection systems. This situation to a certain extent was and is typical for the developed capitalist countries. This is natural: first a practical problem must arise, and then solutions will be found. The beginning of perestroika in the situation of a strong lag of the CIS countries in the field of informatization in the late 1980s created fertile ground for a sharp overcoming of the existing gap.
The example of developed countries, the possibility of acquiring system software and computer equipment inspired domestic users. The inclusion of the mass consumer, interested in the operational processing of data and other advantages of modern information and computing systems, in solving the problem of computerization has led to a very high rate of development of this area in Russia and other CIS countries. However, the natural co-development of information processing automation tools and information security tools has been largely disrupted, which has become the cause of massive computer crimes. It's no secret that computer crimes are currently one of the most pressing problems.
In today's globalized world, network security is critical. Enterprises need to provide employees with secure access to network resources at any time, for which a modern network security strategy must take into account a number of factors such as increasing network reliability, effectively managing security, and protecting against constantly evolving threats and new attack methods. For many companies, the problem of network security is becoming more and more difficult. Today's mobile workforce using personal smartphones, laptops and tablets for work brings new potential challenges. At the same time, hackers also do not sit idly by and make new cyber threats more and more sophisticated.
A recent survey of IT professionals managing network security [conducted by Slashdotmedia] showed that among the important factors in choosing network security solutions, almost half of those surveyed rated the reliability of their network solution as the number one choice.
Question asked: When choosing a network security solution, what are the most important factors for your company?
Network security vulnerabilities open up a range of potential issues and expose a company to various risks. IT systems can be compromised through them, information can be stolen, employees and customers can have trouble accessing resources they are authorized to use, which can force customers to switch to a competitor.
Downtime due to security issues can have other financial implications. For example, a website that is down during peak hours can generate both direct losses and powerful negative PR, which will obviously affect the level of sales in the future. In addition, some industries have strict criteria for the availability of resources, violation of which can lead to regulatory fines and other unpleasant consequences.
In addition to the reliability of solutions, there are a number of issues that have come to the fore today. For example, about 23% of IT professionals surveyed identify the cost of the solution as one of the main problems associated with network security; which is not surprising given that the IT budgets of the past few years have been significantly limited. Further, about 20% of respondents identified ease of integration as a priority when choosing a solution. Which is natural in an environment where the IT department is required to do more with fewer resources.
Concluding the conversation about the key parameters in choosing a solution, I would like to note that only about 9% of respondents named network functions as a key factor in choosing network security solutions. When choosing a network security solution for corporate systems and minimizing the associated risks, one of the most important factors for almost half (about 48%) of those surveyed was the reliability of the network and the associated solution.
Question asked: What type of network attacks is your IT organization most worried about?
Today, hackers use a variety of methods to attack company networks. The study showed that IT professionals are most concerned about two specific types of attacks: denial of service (DoS) attacks and eavesdropping (Eavesdropping) - these attacks are listed as the most dangerous and priority attacks by about 25% of respondents. And 15% of respondents each chose attacks such as IP Spoofing and MITM (man-in-the-middle) as key threats. Other types of threats turned out to be a priority for less than 12% of respondents.
Question asked: In terms of mobile vulnerabilities, what is your IT team's biggest concern?
Today, the number of mobile workers is growing and the adoption of Bring Your Own Electronic Devices for Work (BOYD) policy is placing new demands on network security. At the same time, unfortunately, the number of insecure network applications is growing very quickly. In 2013, HP tested over 2,000 applications and found that 90% of applications had security vulnerabilities. This situation poses a serious threat to corporate security and it is not surprising that 54% of respondents rated threats from malicious applications as the most dangerous.
Summarizing the above, we can draw the following conclusion: modern network security solutions, among other things, must necessarily have the following properties:
- be able to work at the seventh level of the OSI model (at the application level);
- be able to associate a specific user with traffic content;
- have a network attack protection system (IPS) integrated into the solution
- support built-in protection against DoS and eavesdropping attacks;
- generally have a high degree of reliability.
- Federal Law 149 “On information, information technologies and information protection”;
- Federal Law 152 "On the protection of personal data";
- Federal Law 139 (amendments to Federal Law 149, the law on communications and Federal Law 436 on the protection of children from information);
- Federal Law 436 (on the protection of children from information);
- FZ 187 (on the protection of intellectual property and the Internet);
- Federal Law 398 (on blocking extremist websites);
- FZ 97 (on bloggers who equated them with the media);
- FZ 242 (on the placement of personal data on the territory of the Russian Federation).
- under article 137 of the Criminal Code of the Russian Federation (illegal collection or dissemination of information about the private life of a person) - imprisonment for up to four years;
- under article 140 of the Criminal Code of the Russian Federation (illegal refusal to provide documents and materials collected in the prescribed manner) - a fine or deprivation of the right to hold certain positions or engage in certain activities for a period of 2 to 5 years;
- under article 272 of the Criminal Code of the Russian Federation (illegal access to computer information protected by law) - imprisonment for up to 5 years.
Compliance with the requirements of federal legislation by enterprises is currently controlled by three state bodies: the Federal Security Service (FSB), Roskomnadzor and FSTEC. Control is carried out by carrying out scheduled and unannounced inspections, as a result of which the company can be held accountable.
Thus, ignoring the problem of ensuring network security in our country can not only bring great losses to business, but also entail criminal liability for specific company executives.
Conclusion
Information security threats are becoming more complex, hackers and cybercriminals are using new techniques and implementing more and more sophisticated attacks to compromise systems and steal data.Fighting new attacks requires network security solutions and the development of a network security strategy that meets the requirements of reliability, cost and integration issues with other IT systems. The developed solutions must be reliable, provide protection against attacks at the application level and allow traffic to be identified.
From all of the above, a simple conclusion suggests itself - in the modern world, information security issues cannot be ignored; in response to new threats, it is necessary to look for new approaches to the implementation of the information protection strategy and use new methods and tools to ensure network security.
Our previous publications:
»
| Information security network technology work
Lesson 38
Information security network technology work
Information systems security threats
There are four actions performed with information that may contain a threat: collection, modification, leakage and destruction. These actions are basic for further consideration.
Adhering to the accepted classification, we will divide all sources of threats into external and internal.
Sources of internal threats are:
employees of the organization;
Software;
Hardware.
Internal threats can manifest themselves in the following forms:
Errors of users and system administrators;
violation by employees of the company of established regulations for the collection, processing, transfer and destruction of information;
software errors;
failures and failures in the operation of computer equipment.
External sources of threats include:
Computer viruses and malware;
Organizations and individuals;
Natural disasters.
Forms of manifestation of external threats are:
Infection of computers with viruses or malware;
unauthorized access (UAS) to corporate information;
information monitoring by competing structures, intelligence and special services;
actions of state structures and services, accompanied by the collection, modification, withdrawal and destruction of information;
accidents, fires, man-made disasters.
All types of threats (forms of manifestation) listed by us can be divided into intentional and unintentional.
According to the ways of influencing information security objects, threats are subject to the following classification: informational, software, physical, radio-electronic and organizational and legal.
Information threats include:
Unauthorized access to information resources;
illegal copying of data in information systems;
theft of information from libraries, archives, banks and databases;
violation of information processing technology;
illegal collection and use of information;
use of information weapons.
Software threats include:
Use of errors and "holes" in the software;
computer viruses and malware;
installation of "mortgage" devices;
Physical threats include:
Destruction or destruction of information processing and communication facilities;
theft of storage media;
theft of software or hardware keys and means of cryptographic data protection;
impact on staff;
Electronic threats include:
Implementation of electronic devices for intercepting information in technical facilities and premises;
interception, decryption, substitution and destruction of information in communication channels.
Organizational and legal threats include:
Procurement of imperfect or obsolete information technologies and means of informatization;
violation of legal requirements and delay in making the necessary legal and regulatory decisions in the information sphere.
Let's consider the network security model and the main types of attacks that can be carried out in this case. Then we will look at the main types of services and security mechanisms that prevent such attacks.
Network security model
Classification of network attacks
In general, there is an information flow from the sender (file, user, computer) to the recipient (file, user, computer):
Rice. 1 Information flow
All attacks can be divided into two classes: passive and active
.
Passive Attack
A passive attack is such an attack in which the adversary is unable to modify the transmitted messages and insert his messages into the information channel between the sender and the recipient. The purpose of a passive attack can only be listening to transmitted messages and traffic analysis.
Rice. 2 Passive Attack
Active attack
An active attack is such an attack in which the adversary has the ability to modify the transmitted messages and insert his own messages. There are the following types of active attacks:
1. Denial of Service - DoS attack (Denial of Service)
A denial of service disrupts the normal functioning of network services. An adversary can intercept all messages sent to a specific destination. Another example of such an attack is the creation of significant traffic, as a result of which the network service will not be able to process requests from legitimate clients. A classic example of such an attack in TCP/IP networks is a SYN attack, in which the attacker sends packets that initiate the establishment of a TCP connection, but does not send packets that complete the establishment of this connection. As a result, the server may run out of memory and the server may not be able to establish a connection with legitimate users.
Rice. 3 DoS attack
2. Data flow modification - "man in the middle" attack
Modifying a data stream means either changing the content of the message being forwarded or changing the order of the messages.
Rice. 4 Attack "man in the middle"
3. Creating a false flow (falsification)
Falsification (violation of authenticity) means an attempt by one subject to impersonate another.
Rice. 5 Creating a false stream
4. Reuse.
Reuse means passively capturing data and then sending it to gain unauthorized access - this is the so-called replay attack. In fact, replay attacks are one type of spoofing, but due to the fact that this is one of the most common attacks to gain unauthorized access, it is often considered a separate type of attack.
Rice. 6 Replay attack
The listed attacks can exist in any type of networks, not only in networks using TCP / IP protocols as a transport, and at any level of the OSI model. But in networks built on the basis of TCP / IP, attacks are most common, because, firstly, the Internet has become the most common network, and secondly, when developing TCP / IP protocols, security requirements were not taken into account in any way.
Security Services
The main security services are as follows:
Confidentiality - prevention of passive attacks on transmitted or stored data.
Authentication - confirmation that the information is obtained from a legitimate source, and the recipient is really who he claims to be.
In the case of a single message transmission, authentication must ensure that the intended recipient of the message is the intended one and that the message is from the claimed source. There are two aspects to a connection establishment.
Firstly, when initializing a connection, the service must ensure that both parties are required.
Secondly, the service must ensure that the connection is not affected in such a way that a third party can masquerade as one of the legitimate parties after the connection is established.
Integrity - a service that guarantees that information has not changed during storage or transmission. Can be applied to a message flow, a single message, or individual fields in a message, as well as stored files and individual file records.
Impossibility of refusal - the impossibility, both for the recipient and the sender, to refuse the fact of the transfer. This way, when a message is sent, the recipient can verify that the legitimate sender did it. Similarly, when a message arrives, the sender can verify that it has been received by a legitimate recipient.
Access control - the ability to restrict and control access to systems and applications via communication lines.
Availability
- the result of attacks may be the loss or decrease in the availability of a particular service. This service is designed to minimize the possibility of DoS attacks.
Security mechanisms
We list the main security mechanisms:
Symmetric encryption algorithms - encryption algorithms in which the same key is used for encryption and decryption, or the decryption key can easily be obtained from the encryption key.
Asymmetric encryption algorithms - encryption algorithms in which two different keys, called public and private keys, are used for encryption and decryption, and knowing one of the keys, it is impossible to calculate the other.
Hash functions
- functions, the input value of which is a message of arbitrary length, and the output value is a message of a fixed length. Hash functions have a number of properties that make it possible to determine, with a high degree of probability, a change in the input message.
Networking Model
The model of secure networking in general can be represented as follows:
Fig.7 Network security model
A message that is transmitted from one participant to another passes through various kinds of networks. In this case, we will assume that a logical information channel is being established from the sender to the recipient using various communication protocols (for example, TCP/IP).
Security features are necessary if you want to protect the transmitted information from an adversary that may pose a threat to confidentiality, authentication, integrity, and so on. All safety enhancement technologies have two components:
1. Relatively secure transmission of information. An example is encryption, where the message is modified in such a way that it becomes unreadable to an adversary, and possibly augmented with a code that is based on the content of the message and can be used to authenticate the sender and ensure the integrity of the message.
2. Some secret information shared by both participants and unknown to the adversary. An example is an encryption key.
In addition, in some cases, a third trusted party (TTP) is needed to ensure secure transmission. For example, a third party may be responsible for distributing secret information between two parties that would not be made available to an adversary. Alternatively, a third party may be used to resolve disputes between two parties regarding the authenticity of the message being transmitted.
From this general model, there are three main tasks that need to be solved when developing a specific security service:
1.
Develop an encryption/decryption algorithm to perform secure information transfer. The algorithm should be such that the adversary could not decrypt the intercepted message without knowing the secret information.
2.
Create secret information used by the encryption algorithm.
3.
Develop a messaging protocol to distribute shared secret information in such a way that it does not become known to the enemy.
Information system security model
There are other security-related situations that do not fit the network security model described above. The general pattern of these situations can be illustrated as follows:
Rice. 8 Information system security model
This model illustrates the concept of information system security, which prevents unwanted access. A hacker who is trying to hack into systems accessible over the network may simply enjoy hacking, or may be trying to damage the information system and/or introduce something into it for his own purposes. For example, a hacker's goal might be to obtain credit card numbers stored on the system.
Another type of unwanted access is the placement of something on a computer system that affects application programs and software utilities such as editors, compilers, and the like. Thus, there are two types of attacks:
1.
Access to information in order to obtain or modify data stored in the system.
2.
Attacking services to prevent them from being used.
Viruses and worms are examples of such attacks. Such attacks can be carried out both using floppy disks and over the network.
Security services that prevent unwanted access can be divided into two categories:
1.
The first category is defined in terms of the watchdog function. These mechanisms include login procedures based, for example, on the use of a password, which allows access to only authorized users. These mechanisms also include various firewalls that prevent attacks at various levels of the TCP / IP protocol stack, and, in particular, prevent the penetration of worms, viruses, and other similar attacks.
2.
The second line of defense consists of various internal monitors that control access and analyze user activity.
One of the basic concepts in ensuring the security of an information system is the concept of authorization - the definition and granting of access rights to specific resources and/or objects.
The security of an information system should be based on the following basic principles:
1.
The security of an information system should be consistent with the role and objectives of the organization in which the system is installed.
2.
Ensuring information security requires an integrated and holistic approach.
3.
Information security should be an integral part of the management system in a given organization.
4.
Information security must be economically justified.
5.
Responsibilities for security should be clearly defined.
6.
The security of the information system should be periodically reassessed.
7.
Social factors, as well as administrative, organizational and physical security measures, are of great importance for ensuring the security of an information system.
The security of computer networks is ensured by the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or shutdown of the network and the resources available to it. It includes data access authorization, which is controlled by the network administrator. Users select or assign an ID and password or other authentication information that allows them to access data and programs within their authority.
Network security encompasses the many computer networks, both public and private, that are used in day-to-day operations by conducting transactions and communications between businesses, government agencies, and individuals. Networks can be private (eg, within a company) or otherwise (which may be open to the public).
Computer network security is associated with organizations, businesses and other types of institutions. This secures the network and also performs protective and supervisory operations. The most common and simplest way to protect a network resource is to give it a unique name and an appropriate password.
Security Management
Security management for networks can be different for different situations. A home or small office may require only basic security, while large enterprises may require highly reliable service and advanced software and hardware to prevent hacking and unwanted attacks.
Types of Attacks and Network Vulnerabilities
A vulnerability is a weakness in design, implementation, operation, or internal controls. Most of the discovered vulnerabilities are documented in the Common Vulnerabilitiesand Exposures (CVE) database.
Networks can be attacked from various sources. They can be of two categories: "Passive", when a network intruder intercepts data passing through the network, and "Active", in which the attacker initiates commands to disrupt the normal operation of the network or to monitor in order to gain access to data.
To protect a computer system, it is important to understand the types of attacks that can be carried out against it. These threats can be divided into the following categories.
"Backdoor"
A backdoor in a computer system, cryptosystem, or algorithm is any secret method of bypassing conventional means of authentication or security. They can exist for a number of reasons, including original design or poor configuration. They can be added by a developer to allow some kind of legitimate access, or by an attacker for other reasons. Regardless of their motives for existence, they create vulnerability.
Denial of Service Attacks
Denial of Service (DoS) attacks are designed to make a computer or network resource unavailable to its intended users. The perpetrators of such an attack can block access to the network for individual victims, for example, by deliberately entering the wrong password many times in a row to cause an account lockout, or by overloading the capabilities of a machine or network and blocking all users at the same time. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of distributed denial of service (DDoS) attacks are possible, where signals originate from a large number of addresses. In this case, the defense is much more difficult. Such attacks can originate from bot-controlled computers, but a variety of other methods are possible, including reflection and amplification attacks, where entire systems involuntarily transmit such a signal.
Direct access attacks
An unauthorized user gaining physical access to a computer is likely to be able to directly copy data from it. These attackers can also compromise security by making changes to the operating system, installing software worms, keyloggers, hidden listening devices, or using wireless mice. Even if the system is protected by standard security measures, they can be bypassed by booting another OS or tool from a CD or other bootable media. designed to prevent just such attacks.
Network security concept: main points
Information security in computer networks begins with authentication associated with the introduction of a username and password. This kind of it is one-factor. With two-factor authentication, an additional parameter is additionally used (a security token or “key”, an ATM card or a mobile phone), with three-factor authentication, a unique user element (fingerprint or retinal scan) is also used.
After authentication, the firewall applies the access policy. This computer network security service is effective in preventing unauthorized access, but this component may not check for potentially harmful content such as computer worms or Trojan horses transmitted over the network. Antivirus software or an intrusion prevention system (IPS) helps detect and block such malware.
An intrusion detection system based on data scanning can also monitor the network for high-level analysis. New systems that combine unlimited machine learning with full network traffic analysis can detect active network intruders in the form of malicious insiders or targeted external pests that have compromised a user's computer or account.
In addition, communications between two hosts can be encrypted for greater privacy.
Computer protection
In computer network security, countermeasures are used - actions, devices, procedures or techniques that reduce a threat, vulnerability or attack, eliminate or prevent it, minimize the harm caused or detect and report its presence.
Secure coding
This is one of the main security measures of computer networks. In software development, secure coding aims to prevent the accidental introduction of vulnerabilities. It is also possible to create software designed from the ground up for security. Such systems are "safe by design". Apart from this, formal verification aims to prove the correctness of the algorithms underlying the system. This is especially important for cryptographic protocols.
This measure means that the software is developed from scratch to ensure the security of information in computer networks. In this case, it is considered the main feature.
Some of the methods of this approach include:
- The principle of least privilege, in which each part of the system has only certain powers necessary for its functioning. Thus, even if an attacker gains access to this part, he will receive limited authority over the entire system.
- Code reviews and unit tests are approaches to making modules more secure when formal proofs of correctness are not possible.
- Defense in depth, where the design is such that several subsystems must be breached in order to compromise the integrity of the system and the information it stores. This is a deeper security technique for computer networks.
Security architecture
The Open Security Architecture organization defines IT security architecture as "design artifacts that describe the location of security controls (security countermeasures) and their relationship to the overall information technology architecture." These controls serve to maintain system quality attributes such as confidentiality, integrity, availability, liability, and assurance.
Others define it as a unified design for computer network security and information system security that takes into account the needs and potential risks associated with a particular scenario or environment, and determines when and where to apply certain tools.
Its key attributes are:
- relationships of different components and how they depend on each other.
- determination of control measures based on risk assessment, best practices, financial and legal issues.
- standardization of controls.
Ensuring the security of a computer network
A computer's "safe" state is an ideal achieved by using three processes: preventing a threat, detecting it, and responding to it. These processes are based on various policies and system components, which include the following:
- User account access controls and cryptography that can protect system files and data.
- Firewalls, which are by far the most common prevention systems in terms of computer network security. This is because they are able (if properly configured) to protect access to internal network services and block certain types of attacks through packet filtering. Firewalls can be either hardware or software.
- Intrusion detection systems (IDS), which are designed to detect network attacks during their implementation, as well as to provide assistance after an attack, while audit trails and directories perform a similar function for individual systems.
The "response" is necessarily determined by the assessed security requirements of the individual system and can range from a simple upgrade of protection to notification of the appropriate authorities, counterattack, etc. In some special cases, it is best to destroy a compromised or damaged system, as it may happen that not all vulnerable resources will be discovered.
What is a firewall?
Today, the security of a computer network includes mostly "preventive" measures, such as firewalls or an exit procedure.
A firewall can be defined as a way to filter network data between a host or network and another network such as the Internet. It can be implemented as software running on a machine and plugged into the network stack (or, in the case of UNIX-like systems, built into the OS kernel) to provide real-time filtering and blocking. Another implementation is the so-called "physical firewall", which consists of separate network traffic filtering. Such tools are common among computers that are constantly connected to the Internet, and are actively used to ensure the information security of computer networks.
Some organizations are turning to large data platforms (such as Apache Hadoop) for data availability and machine learning to detect advanced persistent threats.
However, relatively few organizations maintain computer systems with effective detection systems, and they have even fewer organized response mechanisms. This creates problems of ensuring the technological security of a computer network. An over-reliance on firewalls and other automated detection systems can be cited as a major barrier to effectively eradicating cybercrime. However, it is fundamental data collection using packet capture devices that stops attacks.
Vulnerability management
Vulnerability management is the cycle of identifying, fixing or mitigating vulnerabilities, especially in software and firmware. This process is an integral part of securing computer systems and networks.
Vulnerabilities can be detected using a scanner that analyzes a computer system looking for known “weak spots” such as open ports, insecure software configuration, and exposure to malware.
In addition to vulnerability scanning, many organizations contract security outsourcers to perform regular penetration tests on their systems. In some sectors this is a contractual requirement.
Reducing vulnerabilities
While formal verification of the correctness of computer systems is possible, it is not yet common. Officially tested OSes include seL4 and SYSGO PikeOS, but they make up a very small percentage of the market.
Modern computer networks that ensure the security of information on the network actively use two-factor authentication and cryptographic codes. This significantly reduces the risks for the following reasons.
Breaking cryptography is almost impossible today. Its implementation requires some non-cryptographic input (illegally obtained key, plaintext or other additional cryptanalytic information).
It is a method of mitigating unauthorized access to a system or sensitive information. Two elements are required to log into a secure system:
- "what you know" - password or PIN;
- "what you have" - a card, key, mobile phone or other equipment.
This improves the security of computer networks, since an unauthorized user needs both elements at the same time to gain access. The tighter you follow security measures, the less hacks can happen.
You can reduce the chances of attackers by keeping systems up to date with security patches and updates, using special scanners. The effect of data loss and corruption can be reduced by careful backup and storage.
Equipment protection mechanisms
Hardware can also be a source of threat. For example, hacking can be done using microchip vulnerabilities maliciously introduced during the manufacturing process. Hardware or auxiliary security of work in computer networks also offers certain methods of protection.
The use of devices and methods such as passkeys, TPMs, intrusion detection systems, drive locks, disabling USB ports, and mobile-enabled access may be considered more secure due to the need for physical access to stored data. Each of them is described in more detail below.
Keys
USB keys are commonly used in the software licensing process to unlock software features, but they can also be seen as a way to prevent unauthorized access to a computer or other device. The key creates a secure encrypted tunnel between it and the software application. The principle is that the encryption scheme used (for example, AdvancedEncryptionStandard (AES)), provides a higher degree of information security in computer networks, since it is more difficult to crack and replicate the key than just copy your own software to another machine and use it.
Another use for such keys is to use them to access web content such as cloud software or virtual private networks (VPNs). In addition, the USB key can be configured to lock or unlock the computer.
Protected Devices
Trusted Platform Secure Devices (TPMs) integrate cryptographic capabilities into access devices using microprocessors or so-called computers on a chip. Used in conjunction with server-side software, TPMs offer an ingenious way to discover and authenticate hardware devices and prevent unauthorized network and data access.
Computer intrusion detection is carried out by means of a push-button switch, which is activated when the machine case is opened. The firmware or BIOS is programmed to notify the user when the device is next turned on.
blocking
The security of computer networks and the security of information systems can also be achieved by blocking disks. These are, in fact, software tools for encrypting hard drives, making them inaccessible to unauthorized users. Some specialized tools are designed specifically for encrypting external drives.
Disabling USB ports is another common security setting to prevent unauthorized and malicious access to a protected computer. Infected USB keys connected to the network from a device inside a firewall are considered as the most common threat to a computer network.
Cellular enabled mobile devices are becoming more and more popular due to the ubiquity of cell phones. Built-in capabilities such as Bluetooth, the latest low frequency communication (LE), near field communication (NFC) led to the search for tools aimed at eliminating vulnerabilities. Today, both biometric verification (reading a thumb print) and QR code reader software designed for mobile devices are actively used. All this offers new, secure ways to connect mobile phones to access control systems. This provides computer security and can also be used to control access to protected data.
Capabilities and Access Control Lists
Features of information security in computer networks are based on the separation of privileges and the degree of access. Two such models that are widely used are access control lists (ACLs) and capability-based security.
Using ACLs to restrict programs from running has proven to be unsafe in many situations. For example, the host computer can be tricked into allowing access to a restricted file indirectly. It was also shown that the promise of an ACL to grant access to an object to only one user can never be guaranteed in practice. Thus, there are practical flaws in all ACL-based systems today, but developers are actively trying to fix them.
Capability-based security is mostly used in research operating systems, while commercial operating systems still use ACLs. However, the features can only be implemented at the language level, resulting in a specific programming style that is essentially a refinement of the standard object-oriented design.