Guide to Computer Network Security

The basic ideas in all types of communication are that there must be three ingredients for the communication to be effective. First, there must be two entities, dubbed a sender and a receiver. These two must have something they need to share. Second, there must be a medium through which the sharable item is channeled. This is the transmission medium. Finally, there must be an agreed-on set of communication rules or protocols. These three apply to every category or structure of communication.

In February, 2002, the Internet security watch group CERT Coordination Center first disclosed to the global audience that global networks, including the Internet, phone systems, and the electrical power grid, are vulnerable to attack because of weakness in programming in a small but key network component. The component, an Abstract Syntax Notation One, or ASN.1, is a communication protocol used widely in the Simple Network Management Protocol (SNMP).

System vulnerabilities are weaknesses in the software or hardware on a server or a client that can be exploited by a determined intruder to gain access to or shut down a network. Donald Pipkin defines system vulnerability as a condition, a weakness of or an absence of security procedure, or technical, physical, or other controls that could be exploited by a threat [1].

The greatest threats to the security, privacy, and reliability of computer networks and other related information systems in general are cybercrimes committed by cybercriminals, but most importantly hackers. Judging by the damage caused by past cybercriminal and hacker attacks to computer networks in businesses, governments, and individuals, resulting in inconvenience and loss of productivity and credibility, one cannot fail to see that there is a growing community demand to software and hardware companies to create more secure products that can be used to identify threats and vulnerabilities, to fix problems, and to deliver security solutions.

The rapid growth of the Internet and its ability to offer services have made it the fastest-growing medium of communication today. Today’s and tomorrow’s business transactions involving financial data; product development and marketing; storage of sensitive company information; and the creation, dissemination, sharing, and storing of information are and will continue to be made online, most specifically on the Web. The automation and dynamic growth of an interactive Web has created a huge demand for a new type of Web programming to meet the growing demand of millions of Web services from users around the world. Some services and requests are tedious and others are complex, yet the rate of growth of the number of requests, the amount of services requested in terms of bandwidth, and the quality of information requested warrant a technology to automate the process. Script technology came in timely to the rescue. Scripting is a powerful automation technology on the Internet that makes the Web highly interactive.

The rapid development in both computer and telecommunication technologies has resulted in massive interconnectivity and interoperability of systems. The world is getting more and more interconnected every day. Most major organization systems are interconnected to other systems through networks. The bigger the networks, the bigger the security problems involving the system resources on these networks. Many companies, businesses, and institutions whose systems work in coordination and collaboration with other systems as they share each other’s resources and communicate with each other face a constant security threat to these systems, yet the collaboration must go on.

Webster’s Dictionary defines disaster as a sudden misfortune, a catastrophe that affects society [1]. It is the effect of a hazardous event caused by either man or nature. Man-made disasters are those disasters that involve a human element like intent, error, or negligence. Natural disasters are those caused by the forces of nature like hurricanes, tornados, and tsunamis. Disasters, natural or man-made, may cause great devastation to society and the environment. For example, the 2006 tsunami in Southeast Asia caused both huge human losses and environment destruction. The effects of a disaster may be short lived or long lasting. Most disasters, both man-made and natural, have long-lasting effects. To mitigate disaster effects on society and businesses, disaster management skills are needed.

The rapid growth of the Internet has led to a corresponding growth of both users and activities in cyberspace. Unfortunately, not all these users and their activities are reputable; thus, the Internet has been increasingly, at least to many individuals and businesses, turning into a “bad Internet.” Bad people are plowing the Internet with evil activities that include, among other things, intrusion into company and individual systems looking for company data and individual information that erodes privacy and security. There has, therefore, been a need to protect company systems, and now individual PCs, keeping them out of access from those “bad users” out on the “bad Internet.” As companies build private networks and decide to connect them onto the Internet, network security becomes one of the most important concerns network system administrators face. In fact, these network administrators are facing threats from two fronts: the external Internet and the internal users within the company network. So network system administrators must be able to find ways to restrict access to the company network or sections of the network from both the “bad Internet” outside and from unscrupulous inside users.

The psychology and politics of ownership have historically dictated that individuals and groups tend to protect valuable resources. This grew out of the fact that once a resource has been judged to have value, no matter how much protection given to it, there is always a potential that the security provided for the resource will at some point fail. This notion has driven the concept of system security and defined the disciplines of computer and computer network security. Computer network security is made up of three principles: prevention, detection, and response. Although these three are fundamental ingredients of security, most resources have been devoted to detection and prevention because if we are able to detect all security threats and prevent them, then there is no need for response.

The proliferation of computer technology, including wireless technology and telecommunication, the plummeting prices of these technologies, the miniaturization of computing and telecommunication devices, and the globalization forces have all together contributed to our ever-growing dependence on computer technology. This growing dependence has been a bonanza to computer criminals who have seen this as the best medium to carry out their missions. In fact, Richard Rubin [1] has called this new environment a tempting environment to cybercriminals, and he gives seven compelling reasons that cause such temptations. They are as follows:

As the size of global computer networks expands and the use of the Internet skyrockets, the security issues do manifest themselves not only in the security of computer networks but also in individual user security on individual PCs connected to the Internet either via an organization’s gateway or an Internet service provider (ISP). The security of every user, therefore, is paramount whether the user is a member of an organization network or a user of a home PC via an independent ISP. In either case, the effort is focused on protecting not only the data but also the user.

The rapid growth of information technology (IT), our growing dependence on it, and the corresponding skyrocketing security problems arising from it have all created a high demand for comprehensive security mechanisms, and best practices mitigate these security problems. Solutions on two fronts are sought for. First well-implemented mechanisms and best practices are needed for fundamental security issues like cryptography, authentication, access control, and audit. Second, comprehensive security mechanisms are also needed for all security products so that consumers are assured of products and systems that meet their business security needs. The response to this high demand for security products has been an avalanche of products of all types, capabilities, varying price range, effectiveness, and quality. You name a product and you get a flood from vendors. As the marketplace for security products get saturated, competing product vendors and manufacturers started making all sorts of claims about their products in order to gain a market niche. In this kind of environment then, how can a customer shop for the right secure product, what security measures should be used, and how does one evaluate the security claims made by the vendors? Along the way, making a choice of a good effective security product for your system or business has become a new security problem we want to focus on in this chapter.

The rapid growth of the Internet and corresponding Internet community has fueled a rapid growth of both individual and business communications leading to the growth of e-mail and e-commerce. In fact, studies now show that the majority of the Internet communication content is e-mail content. The direct result of this has been the growing concern and sometimes demand for security and privacy in electronic communication and e-commerce. Security and privacy are essential if individual communication is to continue and e-commerce is to thrive in cyberspace. The call for and desire for security and privacy has led to the advent of several proposals for security protocols and standards. Among these are Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols, secure IP (IPsec), Secure HTTP (S-HTTP), secure e-mail (PGP and S/MIME), DNDSEC, SSH, and others. Before we proceed with the discussion of these and others, we want to warn the reader of the need for a firm understanding of the network protocol stack; otherwise, go back and look over the material in Chap. 1 before continuing. To make sure that the reader understands the security of networks based on protocol stacks, we will consider these protocols in both the ISO and TCP/IP stacks. Figure 17.1 shows the relationships between the ISO and TCP/IP stacks.

It is not feasible to discuss security in wireless networks without a thorough understanding of the working of wireless devices and networks. In fact, as we first set out to teach the computer network infrastructure in Chap. 1 in order to teach network security, we are going, in the first parts of this chapter, to discuss the wireless network infrastructure. As was the case in Chap. 1, it is not easy to discuss a network infrastructure in a few paragraphs and expect a reader to feel comfortable enough to deal with the security issues based on the infrastructure. So, although we are promising the reader to be brief, our discussion of the wireless infrastructure may seem long to some readers and sometimes confusing to others. Bear with us as we dispose of the necessary theory for a good understanding of wireless security.

The rapid development of wireless technology in the last few years has created new interest in low-cost wireless sensor networks. Wireless sensor networks (WSNs) or just sensor networks are grids or networks made of spatially distributed autonomous but cooperating tiny devices called sensors, all of which have sensing capabilities that are used to detect, monitor, and track physical or environmental conditions, such as temperature, sound, vibration, pressure, motion, or pollutants, at different locations [1]. A sensor, similar to that in Fig. 19.1, is a small device that produces a measurable response to a change in a physical condition. Sensor nodes can be independently used to measure a physical quantity and to convert it into a signal that can be read by an observer or by an instrument [1]. The network may consist of just a few or thousands of tiny, mostly immobile, usually, randomly deployed nodes, covering a small or large geographic area. In many cases, sensor networks do not require predetermined positioning when they are randomly deployed making them viable for inaccessible terrains where they can quickly self-organize and form a network on the fly.

The rapid advances in computer technology, the plummeting prices of information processing and indexing devices, and the development of sprawling global networks have all made the generation, collection, processing, indexing, and storage of information easy. Massive information is created, processed, and moved around on a daily basis. The value of information has skyrocketed, and information has all of a sudden become a valuable asset for individuals, businesses, and nations. The security of nations has come to depend on computer networks that very few can defend effectively. Our own individual privacy and security have come to depend on the whims of the kid next door.

Virtualization is a process through which one can create something that is there in effect and performance but in reality not there—that is, virtual. It is a physical abstraction of the company’s computing resources like storage, network servers, memory, and others. VMware.​com, a software developer and a global leader in the virtualization market, defines virtualization as a process in which software creates virtual machines (VMs) including a virtual machine monitor called “hypervisor” that allocates hardware resources dynamically and transparently so that multiple operating systems, called “guest operating systems,” can run concurrently on a single physical computer without even knowing it [1]. For example, using software virtualization, one can, using the existing underlying hardware and software resources like operating systems, create and run several independent virtual operating systems on top of one physical operating system using the existing hardware resources to execute independent system tasks. Hardware virtualization also takes the same concept where several servers or client machines can be created based on one underlying hardware. The virtualization concept has been with us for sometime.

Cloud computing as a technology is difficult to define because it is evolving without a clear start point and no clear prediction of its future course. Even though this is the case, one can say that it is a continuous evolution of a computer network technology going beyond the client-server technology. It is a technology extending the realms of a computer network creating an environment that offers scalability, better utilization of hardware, on-demand applications and storage, and lower costs over the long run through the creation of virtual servers cloned from existing instances each offering near instantaneous increase in performance, allowing companies to react quickly and dynamically to emerging demands. The “cloud” or “cloud solution,” as the technology is commonly referred to, can either be hosted on-site by the company or off-site such as Microsoft’s SkyDrive and Samsung’s S-Cloud.

In the previous two chapters, 18 and 19, we dealt with wireless communication but restricted our discussion to sensor networks, wireless communication networks, and cellular networks. We discussed a good number of communication devices and their communication protocols. We also discussed the security problems and we propose solutions in some cases. What we did not do is actually put all these devices and technologies together to create the current phenomenal mobile communication devices, and the technology is currently driving computing and communication. We are going to do this in this chapter and more. The last two decades have witnessed a revolution of sorts in communication spearheaded by the rapidly evolving technologies in both software and hardware. A mobile communication system consists of two or more of the following devices, running specifically developed software to sustain, for a period of time, a wireless communication link between them: mobile telephone, broadly construed here to include devices based on code division multiple access (CDMA), time division multiple access (TDMA), Global System for Mobile Communications (GSM), and wireless personal digital assistant (WPDA) digital technologies and follow-ons, as well as satellite telephones and e-mail appliances. Mobile communication systems are revolutionizing the world today, shrinking the world to between two or more small handheld mobile devices. The rapid changes in communication technologies, the revolutionary changes in software, and the growth of large powerful communication network technologies all have eased communication and brought it to large swaths of the globe. The high-end competition between the mobile telecommunication operators resulting in plummeting device prices, the quickly developing smartphone technology, and the growing number of undersea cables and cheaper satellite technologies are bringing Internet access to almost every one of the global rural poor faster than many had anticipated.

The Internet of things (IoT). What is it? Why is it exciting so many in the technology and innovation communities? The concept of the Internet of Things (IoT) was initially proposed by Kevin Ashton in 1998 [1], while he was working at P&G to launch a line of cosmetics for Oil of Olay. Because the father of IoT, as many call him, was bothered that this one shade of lipstick in his cosmetic line always seemed to be sold out in all his London, UK, local stores, he wanted to know where his lipstick was and what was happening to it. No one could tell him. When UK retailers experimenting with loyalty cards with a tiny “radio-enabled” chip, later called RFID, showed these to him, it gave him an idea of tracking his lipstick shade. He took the radio microchip out of the credit card and stuck it on his lipstick shade to see if a wireless network could pick up data on a card and tell him what shelf in the store the lipstick was on. By so doing, he started the forces that created the IoT. In about a decade, the simple idea and experiment have been extended to support pervasive connectivity and the integration of a variety of objects big and small creating an ecosystem of interconnected communication network whose devices or communication nodes are everyday electronic objects like mobile devices, entertainment devices in your home, fridges and temperature control devices, garage door openers, cloth and dish washers, and the list goes on and on. When network connectivity is achieved, it allows all these devices to talk to each other by sending and receiving data. This connectivity of things started long ago with the interconnection of computing devices to form the traditional computer network. Upon that a conceptual model of connectivity of all devices that can communicate and receive data forming a far wider communication network, the “Internet of Things,” was born.

As digital technology conquers new territory and there is ubiquitous use of technology, the last frontier has fallen in the digital invasion and the digital activity hub has come home. It is almost a paradox that as more technological activities have come home to make the lives of millions of people easier and more enjoyable, the threat to their core personal security is directly under attack. Since the early 1950s as digital technology become pervious, the main activity and locus of technological activities invaded the workplace first as the need for improvement in production become paramount. Millions of people took on the task of learning the new technologies as a way to prevent job losses as these new technologies entered the workplace to improve production and hence improve profitability. There were cries of “computers invading the workplace and eating jobs.” After a while, we all got used to these new invaders and we became comfortable to work with the job skills they provided. Production skyrocketed and new jobs were created as old olds disappeared and the fear of job losses was overcome and confidence increased among young workers as they entered the workplace with ever-increasing new skills promising enormous fortunes. We saw new technology giants springing up every other day and making millions. With little fanfare and unknowingly, we become members of social networks as we linked up with colleagues and relatives and a million other people we never and we will never know.

This is a special chapter dealing with security projects. We have arranged the projects in four parts. Part 1 consists of current case study projects from two successful National Science Foundation (NSF) funded workshops at the authors university. Part 2 consists of projects that can be done on a weekly or biweekly basis. Part 3 consists of projects that can be done in a group or individually on a semi-semester or on a semester basis. Projects in Part 4 may demand a great deal of work and may require extensive research to be done. Some of the projects in this part may fulfill a master’s or even Ph.D. degree project requirements. We have tried as much as possible throughout these projects to encourage instructors and students to use open source as much as possible. This will decouple the content of the Guide from the rapidly changing proprietary software market.