Unit 14: Network Security




          The security levels contain the security-related problems in the component or modular form.  Notes
          Each level contains the specific security problem, which is broken down into different divisions.
          Each of the divisions or classifications provides a representation of a security level defined in
          terms of the following general categories:

               User identification and authentication
               The capability to monitor and audit system activity
               Provision of discretionary access
               Control of the reuse of resources

               Identifying specific areas of possible attack
               Provision of suitable countermeasures
               The level of system trusts, including systems architecture, design, implementation,
               transport, and trust of other hosts.

          14.2 Data Security


          Data security concerns with the protection of data contained in a file or many files in a computer
          either as a standalone or on a network from unauthorized interception by providing some sort
          of security.
          In case of postal system, a postcard as a carrier of information is open to all. It does not have any
          sort of security measures. An envelope is used to hide information from other people. It means
          that envelope here acts as a mean for security. Therefore, postcard and envelope has different
          purpose with respect to security issue. These two particular cases initiated similar actions to
          solve the security-related issues in case of data communication. Emails are open to all as post
          cards. Following the envelope example in postal system will enable users to secure at least some
          of their data.
          The access protection provided by logon passwords are not a full proof system and these may
          easily be bypassed. The bypassed methods include booting from a diskette or connecting the
          stolen hard drive as a secondary one to another computer. In this manner, any vital data might
          easily be accessed. Consequently, encryption of the information seems to be the only effective
          way to protect data from going or intercepting by unauthorized persons. The encryption must
          be developed with the philosophy to ensure reliable data security and almost impossible to
          decrypt data without the right password or right user. The main drawback of the password-
          based encryption includes the loss of password or registration of wrong password due to wrong
          spelling or some other human mistakes. In this case, it becomes absolutely impossible to restore
          the data. There are other rules to avoid such situations.

          14.3 Security Threats

          The invalid access to the host can be prevented to a certain extent in case of conventional host to
          terminal as there is number of terminals connected is limited. The situation is entirely different
          in case of Internet where Internet allows access from any terminal connecting on a network.
          Therefore this requires proper security measures. Below is the list of some of the threats happening
          frequently in the network:
          1.   Viruses and Worms: The term virus refers specifically to malware inserting malicious
               code into existing documents or programs. It spreads itself by various means. Still viruses
               are considered the most common type of network security threat. Almost 90 percent of





                                           LOVELY PROFESSIONAL UNIVERSITY                                   211