Unleash Your Potential - Namagunga Girls Coding Club
Computer Network Security
1. Computer Network Security
Sachithra Gayan Gunarathne
Sabaragamuwa University Of Sri Lanka
gayan_sac@yahoo.com
P a g e 1 | 4
Abstract
Computer technology has rapidly grown to maturity.
Computer technology becomes familiar with day-to-
day life. However, computer also brings to us a lot of
security risks due to its openness and connectivity.
Users are now faced with a large number of security
threats of domestic and international coverage.
Network administrators need to keep up with the
recent advancements in both the hardware and
software fields to prevent their as well as the user’s
data.
Antivirus software, Firewalls, and other technologies
for safeguarding personal data and computer
networks are essential but not sufficient to ensure
security.
Cyber-Ethics, Cyber-Safety, and Cyber-Security
issues should be integrated in the educational process.
Security counter measures help ensure the
confidentiality, availability, and integrity of
information systems by preventing or mitigating asset
losses from Cyber security attacks.
Key words : Cyber-Ethics, Cyber-Safety, Cyber-
Security
Introduction
Current situation of computer network security
The security of computer network, security of
important data in the network system and the
structural completion of computer network. It must
protect users’ data and computer system from nasty
attacks. Computer network security specialists have
set up special researches on the maintaining,
destruction and repairmen of computer network
security. By these research results, specialists built
the PPDRR computer network security model.
Through this model, people can accomplish
monitoring and analyzing computer network security,
specialist can detect the vulnerabilities of computer
network system and react in time to protect computer
network system from leak of information and
economical loss.
Computer network security encompasses a wide
range of specialties. Such as software design of
computer software development, monitoring and
maintenance of software could all use the protection
of computer network security. Therefore computer
network security specialists aspiring to find an
effective method of computer network security. By
the way specialists proposed a new analysis method
of computer network security “attack-tree”. They
integrate past attacking data and use mathematical
formulas to represent them. Although this method
still have some flaws and disagreements in
integrating and explaining the “leaves”. Therefore
some specialists also proposed “privilege graph”
analysis method to improve past computer network
security analysis methods. With the development of
technology, there have been continuous innovations
of computer network security analysis methods.
Influential elements of security of computer
network
Hackers are the great influential element of computer
network security. They sabotage the internet or steal
information. They use collated data to monitor every
computer in the network system to find the
vulnerability of the network to destroy computer
network security system. Most hacked use Trojan
horses and worm virus to attack users’ computers.
Some are write large amount of false programs to
install on users’ computers to control their computers.
Some hackers would also monitor user’s internet data
to steal users’ account numbers, passwords and bank
savings. There would be threats like communication
threat, application treat and system threat in hackers’
attack.
Vulnerability of network and software is the next
influential element of computer network security. It
take account of vulnerability in computer system and
software design, lack of protection of computer
network and software security, illegal users enter to
computer through computer network vulnerability
and computer being controlled by unknown users.
This could severely influence user’s daily use of
computer and normal network communication. It
would cause users’ information cannot spread and
receive. With this vulnerability information could be
stealed any time by any unkown people.
Falsification of personal information and leak of
classified information is the third element of
computer security. In the computer network
communication, information got spread the most is
personal information of users and classified
materials. It refers to falsify and delete the
information to result in the interception. Outflow of
information refers to third party monitor users’
computers remotely and steal information.
The universal use of computer technology has a great
influence on people’s life. Computer network
2. Computer Network Security
Sachithra Gayan Gunarathne
Sabaragamuwa University Of Sri Lanka
gayan_sac@yahoo.com
P a g e 2 | 4
technology has influences on people’s life, economy
and politics. But this kind of influences is two-sided.
There are good influences and bad influences.
Computer network technology brings people’s life
convenience and threat to the security of personal
information. This vulnerability of computer network
security brings a lot problems and cause the users of
computer network great loss.
Research findings
Basic technologies of computer network security
Firewall technology is safety applications to exert
mandatory access on external network by using
predetermined safety facilities between network
systems. Data transfer between two or more networks
should follow certain safety measures to monitor the
performance, determine whether the communication
between the networks is allowed, and monitor the
running of the network.
Data encryption technology can be divided in data
storage, data transfer, data integrity, authentication
and key management techniques. Data encryption is
stored in the memory in order to prevent data loss and
destruction. The transmission process in the
information encrypted is commonly in the form of
circuit encryption and port encryption. Data integrity
identification technology is to protect information
transfer, storage, access, identification and
confidential treatment of people and data. Data are
subject to validation, and encryption enhanced the
protection. Key management is a common encryption
in many cases. Key management techniques include
key generation, distribution, storage, and destruction.
Intrusion detection technology is to ensure the safety
of the design and the rational allocation. Intrusion
detection technology can quickly find anomalies in
the system and the authorized condition in the report.
It can address and resolve system vulnerabilities in a
timely manner.
Anti-virus technology not simply refers to anti-virus
software technology. It can be classified into network
anti-virus software and stand-alone anti-virus
software. Online anti-virus software focuses on
network connection against viruses. Once the virus
has invaded the network or diffused to other network
data, it will be promptly detected by online virus
software, be killed and deleted.
Hacker and hacker programs are safety hazard.
Hacker illegally attacks to the computer system.
Hackers are heaped in groups sometimes. Hacker
causes great harms, including theft and fraud in
financial and economic fields. They also spread false
advertisings to scam money, steal military,
commercial and political secrets, attack other people's
copyrights, and manufacture new virus software to
spread yellow information. According to the research
of FBI, the losses of network security register $ 7.6
billion in USA.
Measures to improve network security
Computer network virus prevention is difficult and
complex. It is hard to monitor the prevention work
online. It is only limited to every client computer, so
that every user needs to install anti-virus software and
on machine.
The invasion can be divided into subjective and
objective security issues. Subjectivity security issue
mainly refers to errors made by network management
personnel. Objectivity security issue mainly refers to
loopholes in computers and the network where
hackers exploit these vulnerabilities to conduct
various forms of attack.
Network management personnel identify these
problems in a timely manner and install the patch.
Network managers take the advantage of scanning
tools and learn about the weakness links take
appropriate preventive and repair measures.
Firewall technology is to prevent others from
accessing your network. There are three types of
firewall technology, namely, packet filtering
technology, agent technology, and status monitoring
technology. Packet filtering technology is to verify
the IP address by setting it. Those IP addresses that
do not match those settings will be filtered by the
firewall. Agent technology is to verify the legitimacy
of requests sent by accept client of proxy server to.
This technology also involves with user
authentication, login, simplified filtering criteria and
shielding the internal IP addresses. Status monitoring
technology is the third generation of network security
technologies, which is effective for all levels of
network monitoring.
For a large-scale regional computer network, that the
switch should be connected to a network or in a
separate network, so that the switch can form a
separate management network. This will effectively
reduce the number of network switches and narrow
the scope of failure. By using search and location, it
is also convenient for network managers to quickly
handle remote network accidents.
3. Computer Network Security
Sachithra Gayan Gunarathne
Sabaragamuwa University Of Sri Lanka
gayan_sac@yahoo.com
P a g e 3 | 4
Methodologies
There are four main computer security attributes
which are restated for convenience and emphasis.
Those are confidentiality, integrity, privacy, and
availability. Confidentiality and integrity still hold to
the same definition. Availability means the computer
assets can be accessed by authorized people. Privacy
is the right to protect personal secrets. Attack
methods are relate to these attributes.
Internet Attack Methods
Internet attacks methods are broken into categories.
Eavesdropping and phishing attacks gain system
knowledge or personal information. Viruses attacks
can also interfere with the system’s intended
function. There’s another form of attack. When the
system’s resources are consumes uselessly, these can
be caused by denial of service (DoS) attack. Other
forms of network intrusions also exist, such as land
attacks, smurf attacks, and teardrop attacks.
a) Eavesdropping
Eavesdropping is interception of communications by
an unauthorized party. When the person only secretly
listens to the networked messages is passive
eavesdropping. Active eavesdropping is when the
intruder listens and inserts something into the
communication stream. This can lead to the messages
being distorted. Sensitive information can be stolen
this way.
b) Phishing
Phishing is an attempt to obtain confidential
information from an individual, group, or
organization. Phishers trick users into disclosing
personal data, such as credit card numbers, online
banking credentials, and other sensitive information.
c) IP Spoofing Attacks
To have the address of the computer mirror the
address of a trusted computer in order to gain access
to other computers. The identity of the intruder is
hidden by different means making detection and
prevention difficult. With the current IP protocol
technology, IPspoofed packets cannot be eliminated.
d) Denial of Service
Denial of Service is an attack when the system
receiving too many requests cannot return
communication with the requestors. The system then
consumes resources waiting for the handshake to
complete. The system cannot respond to any more
requests rendering it without service.
e) Viruses, Worms, Trojans
Viruses are use files to infect and propagate. These
are self‐replication programs.
A worm also self‐replicating, but the worm does not
require a file to allow it to propagate. There are two
categories of worms, mass‐mailing worms and
network-aware worms. Mass mailing worms use
email to infect other computers. A network‐aware
worm selects a target and once the worm accesses the
target host.
Trojans appear to be benign programs to the user, but
will actually have some malicious purpose. Trojans
usually carry some payload such as a virus.
Internet Security Methods
Internet threats are major issue in the global world
provided that information is accessible and
transferred across the Internet. There are different
defense and detection mechanisms were developed to
contend with these attacks.
a) Cryptographic systems
Cryptography is a useful and widely used tool in
security engineering. It involved the use of codes and
ciphers to transform information into unintelligible
data.
b) Firewall
This is a typical border control mechanism or
perimeter defense. The purpose of a firewall is to
block traffic from the outside, but it could also be
used to block traffic from the inside. A firewall is the
front line defense mechanism against intruders. It is a
system designed to prevent unauthorized access to or
from a private network. Firewalls can be
implemented in both hardware and software, or a
combination of both.
c) Intrusion Detection Systems
An Intrusion Detection System (IDS) is an additional
protection measure. It helps deflect computer
intrusions. IDS systems can be software and
hardware devices used to detect an attack. IDS are
used to monitor connection in determining whether
attacks are been launched.
4. Computer Network Security
Sachithra Gayan Gunarathne
Sabaragamuwa University Of Sri Lanka
gayan_sac@yahoo.com
P a g e 4 | 4
d) Anti‐Malware Software and scanners
Anti‐Malware tools are used to detect them and cure
an infected system. Viruses, worms and Trojans are
examples of malicious software
e) Secure Socket Layer (SSL)
The Secure Socket Layer (SSL) is a collection of
protocols which is a standard way to achieve a good
level of security between a web browser and a
website. SSL is designed to create a secure channel,
or tunnel, between a web browser and the web server.
SSL provides authentication of clients to server
through the use of certificates.
Conclusion
Nowadays use amalgamations of firewalls,
encryption, and authentication mechanisms to create
“intranets” that are connected to the World Wide
Web, but protected. Intranet is a private computer
network that uses internet protocols. This is differ
from "Extranets" restricted to employees of the
organization while can be accessed by customers,
suppliers, or other approved parties. It does not
necessarily have to be any access from the
organization's internal network to the Internet itself.
When such access is provided it is usually through a
gateway with a firewall, along with user
authentication, encryption of messages, and often
makes use of virtual private networks (VPNs).
Although intranets can be set up quickly to share data
in a controlled environment, that data is still at risk
unless there is tight security. The disadvantage of a
closed intranet is that vital data might not get into the
hands of those who need it. Intranets have a place
within agencies.
Hardware developments also should be developing
rapidly. Biometric systems and smart cards are the
only new hardware technologies are extensively
impacting security. The obvious use of biometrics is
for secure workstation. Hardware device built in
thumbprint readers would be the next step up. These
devices would be more expensive.
Smart card itself is designed to store encryption keys
and other information used in authentication and
other identification processes. This use to provide
undeniable proof of a user’s identity. There are safety
features built into smart cards to prevent someone
from using a stolen card. It requires to enter a
personal identification number (PIN) before they’ll
be granted any level of access into the system.
Software aspect of network security is very vast. The
improvement of the standard security software still
remains the same. When new viruses emerge, the
antivirus is updated to be able to guard against those
threats. This process is the same for firewalls and
intrusion detection systems. Present-day research is
being performed on security software using neural
networks. The objective of the research is to use
neural networks for the facial recognition software.
Most of the current security algorithms are
computational intensive and require substantial
processing power. Therefore, there is a need for
designing light‐weight security algorithms.
The future will possibly be that the security is similar
to an immune system. The immune system fights off
attacks and builds itself to fight tougher enemies.
Similarly, the network security will be able to
function as an immune system.
References
I. M. M. B. W. Pikoulas J, “Software Agents
and Computer Network Security,” Napier
University, Scotland, UK.
II. Daya , “Network Security: History,
Importance, and Future ,”University of
Florida Department of Electrical and
Computer Engineering, 2013.
III. Huang Zhilong. Research on computer
network security analysis model [J].
Research on computer network security
analysis model, 2014(05).
IV. Zhang Baoshi. Research on computer
network security analysis model [J].
Electronic technology and software
engineering, 2014(04).
V. Hong Yaling. Research on computer
network security analysis model [J].
Computer CD Software and Applications,
2013(z):1-152.
VI. Adeyinka, O., "Internet Attack Methods and
Internet Security Technology," Modeling &
Simulation, 2008. AICMS 08. Second Asia
International Conference on, vol., no.,
pp.77‐82, 13‐15 May 2008