The protection required for networked systems is much more extensive as physical security measures are totally inadequate. Here is some measures to be taken to provide network security:-

Firewalls
By far the most common security measure these days is a firewall. A lot of confusion surrounds the concept of a firewall, but it can basically be defined as any perimeter device that permits or denies traffic based on a set of rules configured by the administrator. Thus, a firewall may be as simple as a router with access lists or as complex as a set of modules distributed through the network controlled from one central location.

Antivirus systems
Everyone is familiar with the desktop version of anti-virus packages like Norton Antivirus and McAfee. The way these operate is fairly simple -- when researchers find a new virus, they figure out some unique characteristic it has (maybe a registry key it creates or a file it replaces) and out of this they write the virus "signature."

Intrusion-detection systems
There are basically two types of intrusion-detection systems (IDS):

* Host-based IDS
* Network-based IDS

Host-based IDS: These systems are installed on a particular important machine (usually a server or some important target) and are tasked with making sure that the system state matches a particular set baseline.

Network-based IDS: These systems are more popular and quite easy to install. Basically, they consist of a normal network sniffer running in promiscuous mode. (In this mode, the network card picks up all traffic even if it is not meant for it.) The sniffer is attached to a database of known attack signatures, and the IDS analyzes each packet that it picks up to check for known attacks.

Patching and updating
It is embarrassing and sad that this has to be listed as a security measure. Despite being one of the most effective ways to stop an attack, there is a tremendously laid-back attitude to regularly patching systems.

General network tools
As surprising as it might sound, some of the most powerful tools, especially in the beginning stages of an attack, are the regular network tools available with most operating systems.

Port scanners
Most of you will know what port scanners are. Any system that offers TCP or UDP services will have an open port for that service. For example, if you're serving up Web pages, you'll likely have TCP port 80 open. FTP is TCP port 20/21, Telnet is TCP 23, SNMP is UDP port 161 and so on.

Network sniffers
A network sniffer puts the computer's NIC (network interface card or LAN card) into promiscuous mode. In this mode, the NIC picks up all the traffic on its subnet regardless of whether it was meant for it or not.

Vulnerability scanners
A vulnerability scanner is like a port scanner on steroids. Once it has identified which services are running, it checks the system against a large database of known vulnerabilities and then prepares a report on the security holes that are found.


--------------------------------------------------------
Human do error, please email:- webmaster@piyadas-world.com if you find any. Please visit http://www.piyadas-world.com for more resource.

0 comments