Network Security and Cryptography
In the 21st Century, communications become almost without the embracing of technology. The introduction of internet has made it more effective, efficient and reliable. The rate of growth today is dramatically increasing with the daily invention of new communication tools such as computers, smartphones, smart watches among others . To the pros, we have fast access to information, quick response, reliable and credible news, expositions, entertainment, communication, sending and receiving virtual information. The world can be explored via the internet. The adverse effects are very vast. Personal and government data are likely to be exposed. These are the hectic pain that we need to curb. Credible information that can course the destruction of progression can be displayed to unauthorized personal due to week firewalls. These can be accomplished by breaking through the IDS.
Individuals, corporations, and governments all share in the increasing risks associated with this expanding problem. Individuals are at risk, as criminals are actively engaged in the collection of valuable personal information, such as social security numbers, credit card numbers, bank account information, usernames, passwords, and any other confidential information that is deemed of value to the multitude in question. Corporations are in jeopardy as well, as the typical organization has a database of valuable private information. These might include customer information, trade secrets, and research and development data. Also, companies may be targeted for interventions such as a denial-of-service (DoS), which, when active, may have an immediate contrary, financial impact on the society and individuals that do the exchange with said company. States run the risk of having their protection breached.
Intrusion defense system (IDS) expansion has been mostly reactionary. These are primarily troubling given that botnets are capable of compromising and controlling thousands of computers before security experts develop a mitigation technique. As new exploits created, new mitigation techniques are invented to identify viri and, where permissible, remove them. This thesis rifts from this fable of reacting to malware. Preferably, it looks at possible malicious software models by analyzing existing defense controls for exploitable weaknesses. The focus is first; conjecture how IDS works. Understand the configurations, access the protocol, and reconfigure the system to a stable data line. These should be done to restrict various aspects of security measures while using your machine to avoid tracebacks, cyber-attacks, network traffics and other malicious inventions through the firmware.
The study focuses on the understanding of new botnet that is prone to current network intrusion detection mechanism. The idea is to localize botnet communication to create a virtualized testbed environment that enables a portion of the compromised systems to hide from existing detection techniques without a significant increase in network monitoring points. The study expands on the prototype of an IDS that exposes the weakness in the current IDS. Thus the importance of getting the detailed understanding of the right botnet configuration and securing it.
The following is to done:
First, Configuration of the network topology perimeter with a penetrable firewall, DMZ. These should be achieved by data encryption and use of secure system passwords as the testbed. Securing VMs is one critical and essential step.
Second, getting to understand the running of a botnet is very necessary. Operational Analyzation is very essential. These would include bot agent and Botnet control, network scanning activity, monitoring the events on the internet that provides for communications, looking for system loopholes for malicious attracts within the system and checking for bugs.
Third, securing the system is of great importance, an automated detection system created. These would mainly monitor the botnet agent and controller using an IDS sensor.
Lastly, prevent future bug intrusions by creating a closed perimeter, firewall policy configuration. These will ensure effective and secure data line communication and allow valid traffic, specific to various end users communication channels.
These rest is done by allowing the bot controller to communicate with both via the network when all traffic is permitted to penetrates through the firewall from the external interface to the internal system. A new virus comes out, this helps in the detection and developing of a new method for mitigation, over and over as the cycle goes on. Each malicious software operates on acreate-and-release or create-and-wait paradigm Thus, and they have limited usage. This mode of operation has become somewhat antiquated; what good is it to have all these infected hosts if they are not controllable? The malicious software created with a specific task in mind, keylogging, DDoS, spamming, phishing, etc., and typically the function cannot change post-host-infection. A network configuration was done and an implementation of the prototype using a Snort sensor on the internal of Linux system. The firewall solutions, based on the topology are now very secure as they are tested, configured and Secure with various encryptions.
Outline Network Security Perimeter Policy:
Getting to understand various network protection policies. These are done by multiple approached methods that would include getting feedbacks on:
- Acceptable Use Policy
- Password Policy
- Backup Policy
- Network Access Policy
- Incident Response Policy
- Remote Access Policy
- Email Policy
- Guest Access Policy
- Wireless Policy
- Third Party Connection Policy
- Network Security Policy
- Encryption Policy
- Confidential Data Policy
- Data Classification Policy
- Mobile Device Policy
- Retention Policy
- Outsourcing Policy
- Physical Security Policy
- Virtual Private Network (VPN) Policy
These would base on
Firewall configuration using a robustfirewall system interposed between the internet and business network. The settings allow the internet traffic to pass to the outside and inside and the other way round must first pass through the firewall implementation.
Host-based security will be the primary method of protecting the system. It's the responsibility of the users, system managers, administrators and owners to protect sensitive data and systems
DMZ the previous policy is to limit data and order from the internet. It will be implemented via a use of a Demilitarized Zone (DMZ) which is part of the firewall architecture
Network Information Dissemination- Information regarding access to, or configuration of, computer and communication systems, such as dial-up modem phone numbers or network diagrams, are considered confidential. This information must not be posted on electronic bulletin boards, listed in telephone directories, placed on business cards, or made available to third parties without the written permission of the Security Work Group (SWG).
Intrusion Detection -Normal logging processes will be enabled on all host and server systems. Alarm and alert functions, as well as logging, of any firewalls and other operations, are limited from bypassing the firewall operations, and other critical data will be permitted.
Yen, Ting-Fang, et al. "Beehive: Large-scale log analysis for disclosing vital activity in entrepreneurs networks." Experiments of the 29th Annual Computer Security Applications Conference. ACM, 2013.
Shin, Seungwon, Raymond Lin, and Guofei Gu. "Cross-analysis of botnet victims: New insights and implications." International Workshop on Recent Advances in Intrusion Detection. Springer, Berlin, Heidelberg, 2011.
Gu, Guofei, et al. "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation." USENIX Security Symposium. Vol. 7. 2007.
Puri, Ramneek. "Bots & botnet: An overview." SANS Institute3 (2003): 58