Computer Network Security Sachithra Gayan Gunarathne

Sabaragamuwa University Of Sri Lanka

gayan_sac@yahoo.com

P a g e 1 | 4

Abstract

Computer technology has rapidly grown to maturity.

Computer technology becomes familiar with day-to-

day life. However, computer also brings to us a lot of

security risks due to its openness and connectivity.

Users are now faced with a large number of security

threats of domestic and international coverage. Network administrators need to keep up with the

recent advancements in both the hardware and

software fields to prevent their as well as the user’s

data.

Antivirus software, Firewalls, and other technologies

for safeguarding personal data and computer

networks are essential but not sufficient to ensure

security.

Cyber-Ethics, Cyber-Safety, and Cyber-Security

issues should be integrated in the educational process.

Security counter measures help ensure the

confidentiality, availability, and integrity of

information systems by preventing or mitigating asset

losses from Cyber security attacks.

Key words : Cyber-Ethics, Cyber-Safety, Cyber-

Security

Introduction

Current situation of computer network security

The security of computer network, security of

important data in the network system and the

structural completion of computer network. It must

protect users’ data and computer system from nasty

attacks. Computer network security specialists have

set up special researches on the maintaining,

destruction and repairmen of computer network

security. By these research results, specialists built

the PPDRR computer network security model.

Through this model, people can accomplish

monitoring and analyzing computer network security,

specialist can detect the vulnerabilities of computer

network system and react in time to protect computer

network system from leak of information and

economical loss.

Computer network security encompasses a wide

range of specialties. Such as software design of

computer software development, monitoring and

maintenance of software could all use the protection

of computer network security. Therefore computer

network security specialists aspiring to find an

effective method of computer network security. By

the way specialists proposed a new analysis method

of computer network security “attack-tree”. They

integrate past attacking data and use mathematical

formulas to represent them. Although this method

still have some flaws and disagreements in

integrating and explaining the “leaves”. Therefore

some specialists also proposed “privilege graph”

analysis method to improve past computer network

security analysis methods. With the development of

technology, there have been continuous innovations

of computer network security analysis methods.

Influential elements of security of computer

network

Hackers are the great influential element of computer

network security. They sabotage the internet or steal

information. They use collated data to monitor every

computer in the network system to find the

vulnerability of the network to destroy computer

network security system. Most hacked use Trojan

horses and worm virus to attack users’ computers.

Some are write large amount of false programs to

install on users’ computers to control their computers.

Some hackers would also monitor user’s internet data

to steal users’ account numbers, passwords and bank

savings. There would be threats like communication

threat, application treat and system threat in hackers’

attack.

Vulnerability of network and software is the next

influential element of computer network security. It

take account of vulnerability in computer system and

software design, lack of protection of computer

network and software security, illegal users enter to

computer through computer network vulnerability

and computer being controlled by unknown users.

This could severely influence user’s daily use of

computer and normal network communication. It

would cause users’ information cannot spread and

receive. With this vulnerability information could be

stealed any time by any unkown people.

Falsification of personal information and leak of

classified information is the third element of

computer security. In the computer network

communication, information got spread the most is

personal information of users and classified

materials. It refers to falsify and delete the

information to result in the interception. Outflow of

information refers to third party monitor users’

computers remotely and steal information.

The universal use of computer technology has a great

influence on people’s life. Computer network

Computer Network Security Sachithra Gayan Gunarathne

Sabaragamuwa University Of Sri Lanka

gayan_sac@yahoo.com

P a g e 2 | 4

technology has influences on people’s life, economy

and politics. But this kind of influences is two-sided.

There are good influences and bad influences.

Computer network technology brings people’s life

convenience and threat to the security of personal

information. This vulnerability of computer network

security brings a lot problems and cause the users of

computer network great loss.

Research findings

Basic technologies of computer network security

Firewall technology is safety applications to exert

mandatory access on external network by using

predetermined safety facilities between network

systems. Data transfer between two or more networks

should follow certain safety measures to monitor the

performance, determine whether the communication

between the networks is allowed, and monitor the

running of the network.

Data encryption technology can be divided in data

storage, data transfer, data integrity, authentication

and key management techniques. Data encryption is

stored in the memory in order to prevent data loss and

destruction. The transmission process in the

information encrypted is commonly in the form of

circuit encryption and port encryption. Data integrity

identification technology is to protect information

transfer, storage, access, identification and

confidential treatment of people and data. Data are

subject to validation, and encryption enhanced the

protection. Key management is a common encryption

in many cases. Key management techniques include

key generation, distribution, storage, and destruction.

Intrusion detection technology is to ensure the safety

of the design and the rational allocation. Intrusion

detection technology can quickly find anomalies in

the system and the authorized condition in the report.

It can address and resolve system vulnerabilities in a

timely manner.

Anti-virus technology not simply refers to anti-virus

software technology. It can be classified into network

anti-virus software and stand-alone anti-virus

software. Online anti-virus software focuses on

network connection against viruses. Once the virus

has invaded the network or diffused to other network

data, it will be promptly detected by online virus

software, be killed and deleted.

Hacker and hacker programs are safety hazard.

Hacker illegally attacks to the computer system.

Hackers are heaped in groups sometimes. Hacker

causes great harms, including theft and fraud in

financial and economic fields. They also spread false

advertisings to scam money, steal military,

commercial and political secrets, attack other people's

copyrights, and manufacture new virus software to

spread yellow information. According to the research

of FBI, the losses of network security register $ 7.6

billion in USA.

Measures to improve network security

Computer network virus prevention is difficult and

complex. It is hard to monitor the prevention work

online. It is only limited to every client computer, so

that every user needs to install anti-virus software and

on machine.

The invasion can be divided into subjective and

objective security issues. Subjectivity security issue

mainly refers to errors made by network management

personnel. Objectivity security issue mainly refers to

loopholes in computers and the network where

hackers exploit these vulnerabilities to conduct

various forms of attack.

Network management personnel identify these

problems in a timely manner and install the patch.

Network managers take the advantage of scanning

tools and learn about the weakness links take

appropriate preventive and repair measures.

Firewall technology is to prevent others from

accessing your network. There are three types of

firewall technology, namely, packet filtering

technology, agent technology, and status monitoring

technology. Packet filtering technology is to verify

the IP address by setting it. Those IP addresses that

do not match those settings will be filtered by the

firewall. Agent technology is to verify the legitimacy

of requests sent by accept client of proxy server to.

This technology also involves with user

authentication, login, simplified filtering criteria and

shielding the internal IP addresses. Status monitoring

technology is the third generation of network security

technologies, which is effective for all levels of

network monitoring.

For a large-scale regional computer network, that the

switch should be connected to a network or in a

separate network, so that the switch can form a

separate management network. This will effectively

reduce the number of network switches and narrow

the scope of failure. By using search and location, it

is also convenient for network managers to quickly

handle remote network accidents.

Computer Network Security Sachithra Gayan Gunarathne

Sabaragamuwa University Of Sri Lanka

gayan_sac@yahoo.com

P a g e 3 | 4

Methodologies

There are four main computer security attributes

which are restated for convenience and emphasis.

Those are confidentiality, integrity, privacy, and

availability. Confidentiality and integrity still hold to

the same definition. Availability means the computer

assets can be accessed by authorized people. Privacy

is the right to protect personal secrets. Attack

methods are relate to these attributes.

Internet Attack Methods

Internet attacks methods are broken into categories.

Eavesdropping and phishing attacks gain system

knowledge or personal information. Viruses attacks

can also interfere with the system’s intended

function. There’s another form of attack. When the

system’s resources are consumes uselessly, these can

be caused by denial of service (DoS) attack. Other

forms of network intrusions also exist, such as land

attacks, smurf attacks, and teardrop attacks.

a) Eavesdropping

Eavesdropping is interception of communications by

an unauthorized party. When the person only secretly

listens to the networked messages is passive

eavesdropping. Active eavesdropping is when the

intruder listens and inserts something into the

communication stream. This can lead to the messages

being distorted. Sensitive information can be stolen

this way.

b) Phishing

Phishing is an attempt to obtain confidential

information from an individual, group, or

organization. Phishers trick users into disclosing

personal data, such as credit card numbers, online

banking credentials, and other sensitive information.

c) IP Spoofing Attacks

To have the address of the computer mirror the

address of a trusted computer in order to gain access

to other computers. The identity of the intruder is

hidden by different means making detection and

prevention difficult. With the current IP protocol

technology, IPspoofed packets cannot be eliminated.

d) Denial of Service

Denial of Service is an attack when the system

receiving too many requests cannot return

communication with the requestors. The system then

consumes resources waiting for the handshake to

complete. The system cannot respond to any more

requests rendering it without service.

e) Viruses, Worms, Trojans

Viruses are use files to infect and propagate. These

are self‐replication programs.

A worm also self‐replicating, but the worm does not

require a file to allow it to propagate. There are two

categories of worms, mass‐mailing worms and

network-aware worms. Mass mailing worms use

email to infect other computers. A network‐aware

worm selects a target and once the worm accesses the

target host.

Trojans appear to be benign programs to the user, but

will actually have some malicious purpose. Trojans

usually carry some payload such as a virus.

Internet Security Methods

Internet threats are major issue in the global world

provided that information is accessible and

transferred across the Internet. There are different

defense and detection mechanisms were developed to

contend with these attacks.

a) Cryptographic systems

Cryptography is a useful and widely used tool in

security engineering. It involved the use of codes and

ciphers to transform information into unintelligible

data.

b) Firewall

This is a typical border control mechanism or

perimeter defense. The purpose of a firewall is to

block traffic from the outside, but it could also be

used to block traffic from the inside. A firewall is the

front line defense mechanism against intruders. It is a

system designed to prevent unauthorized access to or

from a private network. Firewalls can be

implemented in both hardware and software, or a

combination of both.

c) Intrusion Detection Systems

An Intrusion Detection System (IDS) is an additional

protection measure. It helps deflect computer

intrusions. IDS systems can be software and

hardware devices used to detect an attack. IDS are

used to monitor connection in determining whether

attacks are been launched.

Computer Network Security Sachithra Gayan Gunarathne

Sabaragamuwa University Of Sri Lanka

gayan_sac@yahoo.com

P a g e 4 | 4

d) Anti‐Malware Software and scanners

Anti‐Malware tools are used to detect them and cure

an infected system. Viruses, worms and Trojans are

examples of malicious software

e) Secure Socket Layer (SSL)

The Secure Socket Layer (SSL) is a collection of

protocols which is a standard way to achieve a good

level of security between a web browser and a

website. SSL is designed to create a secure channel,

or tunnel, between a web browser and the web server.

SSL provides authentication of clients to server

through the use of certificates.

Conclusion

Nowadays use amalgamations of firewalls,

encryption, and authentication mechanisms to create

“intranets” that are connected to the World Wide

Web, but protected. Intranet is a private computer

network that uses internet protocols. This is differ

from "Extranets" restricted to employees of the

organization while can be accessed by customers,

suppliers, or other approved parties. It does not

necessarily have to be any access from the

organization's internal network to the Internet itself.

When such access is provided it is usually through a

gateway with a firewall, along with user

authentication, encryption of messages, and often

makes use of virtual private networks (VPNs).

Although intranets can be set up quickly to share data

in a controlled environment, that data is still at risk

unless there is tight security. The disadvantage of a

closed intranet is that vital data might not get into the

hands of those who need it. Intranets have a place

within agencies.

Hardware developments also should be developing

rapidly. Biometric systems and smart cards are the

only new hardware technologies are extensively

impacting security. The obvious use of biometrics is

for secure workstation. Hardware device built in

thumbprint readers would be the next step up. These

devices would be more expensive.

Smart card itself is designed to store encryption keys

and other information used in authentication and

other identification processes. This use to provide

undeniable proof of a user’s identity. There are safety

features built into smart cards to prevent someone

from using a stolen card. It requires to enter a

personal identification number (PIN) before they’ll

be granted any level of access into the system.

Software aspect of network security is very vast. The

improvement of the standard security software still

remains the same. When new viruses emerge, the

antivirus is updated to be able to guard against those

threats. This process is the same for firewalls and

intrusion detection systems. Present-day research is

being performed on security software using neural

networks. The objective of the research is to use

neural networks for the facial recognition software.

Most of the current security algorithms are

computational intensive and require substantial

processing power. Therefore, there is a need for

designing light‐weight security algorithms.

The future will possibly be that the security is similar

to an immune system. The immune system fights off

attacks and builds itself to fight tougher enemies.

Similarly, the network security will be able to

function as an immune system.

References

I. M. M. B. W. Pikoulas J, “Software Agents

and Computer Network Security,” Napier

University, Scotland, UK.

II. Daya , “Network Security: History,

Importance, and Future ,”University of

Florida Department of Electrical and

Computer Engineering, 2013.

III. Huang Zhilong. Research on computer

network security analysis model [J].

Research on computer network security

analysis model, 2014(05).

IV. Zhang Baoshi. Research on computer

network security analysis model [J].

Electronic technology and software

engineering, 2014(04).

V. Hong Yaling. Research on computer

network security analysis model [J].

Computer CD Software and Applications,

2013(z):1-152.

VI. Adeyinka, O., "Internet Attack Methods and

Internet Security Technology," Modeling &

Simulation, 2008. AICMS 08. Second Asia

International Conference on, vol., no.,

pp.77‐82, 13‐15 May 2008