Network Security - Term Paper Example

Network Security Since the advent of computers, there have been numerous developments in the computing filed, many of which have helped improve the use of the machines. One of these developments is networking which has penetrated the day to day activities of individuals and companies in today’s life. The rapid growth of networking has also come with its own challenges, mainly in the area of network security. Maiwald defines security as the “freedom from danger, fear or anxiety: safety” (4). He also defines a network as an interlinked system. Therefore, network security can be defined as the safety of interlinked systems. There are to kinds of networks: synchronous network and data networks. Synchronous network systems are made up of switches, which makes them immune to malicious attacks. However, data network systems contain routers that are computer based, making them susceptible to all kinds of malicious attacks. The internet is perhaps the best known and most widely used data network on the globe today. A few years ago, the computer system was seen as a harmless piece of technology and not many people cared really for computer security. To many people at the time, most computer operations and software were illogical, thus the risk of hackers was quite low (Kaufman, Radia and Speciner 43). However, since the mid 1980s, networked computer workstations became common and with this came the issue of information and network security. More and more people are able to read and understand computer algorithms, meaning that the likelihood of a system being hacked into is very easy. Organizations are forced to share networks with distrustful organizations and individuals. The world of network security is quite hostile since a small percentage of the population can cause untold damage to a global network. This is the situation that makes network security such an important matter in today’s highly networked society. There is need to protect the data and information that companies, institutions and individuals need protected by designing fool-proof network security systems. History of Network Security Widespread interest in network security gained ground in the 1980s when Kevin Mitnick hacked into the systems of several companies and made away with $80 million. This was the biggest computer-related crime by a single person in the history of the United States. The birth of the internet also marked the beginning of the interest in network security. In 1969, internet was developed after the Advanced Research Projects Agency Network (ARPANet) was given the mandate to carry out research in networking. ARPANet was an instant success and before long, email applications had become quite popular (Pardoe and Snyder 223). Th InterNetworking Working Group (IWG) was given the responsibility of governing ARPANet by setting the standards for use. On the 1980s, TCP/IP, which is a common language shared by all computers connected to the internet, was developed. Thus internet was officially born. The mid 1980s saw a boom in the number of personal and commercial computers which led to many companies joining the internet bandwagon. In the early 1990s it was the urn of the public to get access to the internet, and this marked the birth of the World Wide Web (WWW) era. Today the internet is widespread all across the world and many people carry out their daily activities online (Maiwald 60). The actual history of internet security began in 1918 when an enigma machine that could convert plain text to encrypted messages was developed in Poland. 22 years later, Alan Turing broke the enigma code. The word hacker was first coined by students at the Massachusetts Institute of Technology (MIT). The Telnet Protocol developed in the 1970s and this led to data networks being accessed by the public. The 1980s saw the rise of hackers and computer-related crimes. The Computer fraud and Abuse Act was enacted in 1986 to minimize cases of information stealing from military and federal offices (Kaufman, Radia and Speciner 45). Robert Morris, a college student, was arrested for releasing the Morris worm that affected more than 6000 computers. This prompted the creation of the Computer Emergency Response Team (CERT). The duty of this team was to alert the public, government and companies of any network security threats. Today there are more than 950 million internet users, and this number increases everyday. This has presented a huge network security problem as new ways of attacking networks are created almost daily. Eavesdropping, IP Spoofing, viruses Worms, Denial of Service, Phishing and Trojans are some of the common internet security concerns that people using the internet and other shared networks have to deal with everyday (Pardoe and Snyder 223). Future The future of network security is likely to surround the following areas: Web based attacks Mobile attacks Infrastructure attacks Family computer attacks and Cloud attacks Web-based attacks are likely to thrive even into the future. Online commercial transactions, link sharing and social networking are some of the activities that are likely to cause thee attacks in organizations as well in individual systems. Mobile attacks are perhaps the biggest upcoming form of network security issue. The use of mobile manager services and devices with large storage but low profiles is likely to make it easier for the attacks to take place. Most of the mobile devices being designed nowadays do not have ample security controls. This is an easy route for an attacker to use since there lack any mechanism to deal with security problems in mobile devices (Stallings 127). Driving Force for the Technology One of the strongest driving forces for the continued development of network security systems is the need for privacy and safety when dealing with different kinds of networks. The menace of attacks from hackers and destructive software is becoming a reality for many people who use networks for various purposes. The network security industry is continuously developing new mechanisms which are meant to counter many of thee attacks. Nowadays, businesses use networked systems to carry out operations. Individuals are also constantly using networked systems mainly for communication purposes. This puts the number of networks that are at risk of crushing due to external attacks from malware, viruses and hackers very high. Software designers are always on the look out for any activity that might cause harm to or paralyze a computer system (Stallings 132). Standards and Protocols The government of the United States and several Internet security companies have come up with standards that are designed to ensure that networks are properly guarded against misuse. In 1984, the Computer fraud and Abuse Act (CFAA) was passed in the US (Bragg, Rhodes-Ousley and Strassberg 102). The main aim of this bill was to criminalize any attempt to access any classified or financial information belonging to the federal government without authorization. The bill also prohibited the access without authorization of computers that were still being used by the government. The legislation also offered protection against malicious access of medical records in a computer system (Pardoe and Snyder 223). The Computer Security Act was passed in 1987 to offer guidelines for the fulfillment of the duties of maintaining any computer system that is under federal use and control. The act carried two very important objectives: creation of a security Plan which would outline the operation of government computer systems and identification of those computer systems that contained classified or sensitive information. Evaluation of the functionality of the plan was placed on the hands of the National Security Agency and the National Bureau of Standards. The National Institute of Standards and Technology together with the National Security Agency designed the Common Criteria Evaluation and Validation Scheme whose main objective was to offer a basis for the evaluation of IT products’ security properties. The goals of the scheme were outlined as being to (Joshi 103): Meet government and industry needs for evaluation that was cost effective Encourage the creation of security testing laboratories in the commercial sector as well as the development of security testing industry within the private sector Make sure that consistency is followed when carrying out security evaluations Enhance and improve availability of IT products that had already been evaluated This standardization information is normally disseminated to the general public so that companies and homes that use computer networks maintain a sizable range of different security levels within their specific environments. There are also cyber terrorism laws that are meant to curb the rate at which hacker and other malicious users carry out crimes on the internet. Organizations that use networked systems need to have their own standardization policies which should be implemented by personnel who are well informed about network security software. Organizational policies and procedures which touch on network security are essential as they enable institutions maintain security within their own structures (Kaufman, Radia and Speciner 79). This is to say that an organization with strong and reliable network security can operate comfortably without having to worry about being affected by external attacks from shared networks. In the 1990s, a number of network protocols were established to deal with the escalating levels of insecurity. One of these was Hypertext Transport Protocol (HTTP) which was intended to serve internet servers that are designed to host large quantities of information. The Simple Mail Transfer Protocol (SMTP) was developed for servers that receive and send e-mail. The file Transfer protocol (FTP) was for servers which could allow users to easily upload and/or download data and information. There was also the development of database servers like the Microsoft Sequel (SQL) which was created to serve servers that archive data and also perform other services that are decentralized (Joshi 114). Incorporating Network Security into A Company’s Network Many institutions today use networked systems for their daily operations. It is therefore paramount for companies to incorporate network security into their systems to make their operations safer (Kaufman, Radia and Speciner 128). An evaluation of the past, present and future network security challenges and benefits is one of the first steps that an organization intending to network its system should consider. It is also important that one understands the information infrastructure pertaining to the development of network securities in a company. Another important factor that needs to be taken into consideration is the training of network users and IT professionals so that they know the safety measures that have been put in place. Accessibility is also an important consideration when developing secure networks in organizations. Only authorized users should be given the means and allowed to communicate within a particular network. Confidentiality is also very important as it ensure that information contained in a network stays private. Authentication should be done to ensure that the individuals in the network are exactly who they claim they are. There is also the issue of integrity which should be considered in order to make certain that data is not modified before it reaches its destination. Lastly, there should be a system of non-repudiation that ensures that users do not deny or refute that they have accessed or used the network. In addition the network security plan should also consider potential attackers, the factors that would make the system vulnerable and the level of security need within the system (Maiwald 100). Conclusion The world of network security has developed immensely since internet came to be. However there remains a great challenge on how to manage the various threats and attacks associated with networking. The situation is made worse by the fact that the number of people accessing the internet is rapidly increasing. Individuals and organizations need to take the issue of network security very seriously. They should ensure that their network systems are well protected from hackers and other malicious items that may destroy data and information contained in their networked computers. Works Cited Bragg, Roberta, Mark Rhodes-Ousley and Keith Strassberg. Network Security: The Complete Reference. New York: McGraw-Hill, 2004. Print. Joshi, James. Network Security: Know it All. Burlington, MA: Morgan Kaufmann Publishers, 2008. Print. Kaufman, Charlie, Radia Perlman and Mike Spenciner. Newtwork Security: Private Communication in a Public World. Hoboken, NJ: Prentice Hall PTR, 2002. Print. Maiwald, Eric. Network Security: A Beginner’s Guide. Emeryville, CA: McGraw-Hill/Osborne, 2003. Print. Pardoe, Terry and Gordon, Snyder. Network Security. Clifton Park, NY: Thomson Delmar Learning, 2005. Print. Stallings, William. Network Security Essentials: Applications and Standards. Hoboken, NJ: Prentice Hall, 2007. Print. Read More