Topic 5  Security in Network Environments

In Topic 4 we reviewed the kinds of network we get in organisations that use ICT.  In this topic we are going to look at how we can keep networks secure.  Although it is entirely reasonable that bona fide users should access data, we do have to keep data secure from all sorts of snooping eyes who might make unauthorised modifications, or use the data for criminal activity.  Although there are all sorts of ways of keeping data secure, no system is entirely foolproof.

Security can be maximised by:

• Training users about security - every employee needs to know about the importance of security and what the company security policies are.  Downloading programs can bring in viruses.  All files need to be virus checked before use.  Strangers should not be given access to restricted areas, and computers should be logged off when employees are out of the office.
• Access Privileges - to both software and data.  We know of the different levels of access to data such as read only, read and copy, read and update.  Employees should have just the software that is needed for them to do their jobs.

Access Control

Access control can be based on:

• What you know, for example a password or PIN number.  We know that these are not foolproof because people use obvious words, divulge their password, or write it down.  Sometimes fraudsters pose as people who would seem to be authorised to know it.  The fraudster runs a program that appears to be a login procedure and the employee is asked to supply their password.  (Some fraudsters have been known to send bogus but genuine-looking e-mails to bank customers, to ask for bank details and PINs.  If that happens to you, DO NOT send them details, but let your bank know.  Your bank will never send such an e-mail.)
• What you have, for example an ID card with a barcode or a chip.
• Where you are, using a specified telephone number.  This is a call-back system.  The use dials in and enters an ID and a password.  After checking these, the user is called back on a predetermined phone number.
• Who you are - the computer can check voice-print and/or biometric data.

These become less effective if users leave their computers logged in.  Screen-savers can come on if there is no keyboard activity for, say, ten minutes.  A password may be needed to restore the system.  Or the user can be logged out.

Firewalls

The primary purpose of a firewall is to keep out hackers.  Firewall software can also be configured to control what goes in or out of an organisation.  Placed at the interface between the LAN and the WAN, the firewall products can be:

• A router that examines all packets of data going in and out, checking source or destination addresses.  Packets going to or from unwanted addresses are barred.
• Special software that restricts traffic to a particular application, for example e-mail, or Lotus Notes, software that enables several users to work on the same document at the same time.
• A proxy server that maintains replicated copies of web-pages for easy access to normal or outside users of the site.  Only authorised users can access the more sensitive information.  For example, a college will have web-pages that anyone can access, usually with details of courses, and a message from the principal.  Only staff and students can access the intranet through an ID and a password.

Audit Controls

Audit controls can track all network activity:

• What programs have been used;
• What files have been opened;
• How many reads and writes have been carried out;
• How many times the server has been accessed.

Special monitoring software can produce statistical profiles on the use of the network.  Each individual user can also be monitored, and any abnormal behaviour of users can be detected.

Performance Monitoring

The network performance can be monitored:

• Network availability (i.e. on but not working);
• Response time, e.g. time taken between a query being made and the response being received.
• Usage of hardware resources;
• Usage of software.
• Traffic density.

These will help in the management and planning of a network.  Bottlenecks can be identified and sorted out.  If more copies of software are being used than allowed by the licence, then action can be taken.

Question 1  What action can be taken if illegal use of software is detected?  ANSWER

Question 2  How else is it useful to monitor software usage?  ANSWER

Encryption

Data passing through a wire or as a radio signal are vulnerable to interception.  Such data can be scrambled or encrypted to make sure they are meaningless to everyone else other than the intended recipient.

Encryption is nothing new; the Enigma machine used by the Germans in the Second World War were sophisticated devices.   And it took a sophisticated electro-mechanical computer, Collosus, to crack them.  Collosus was faster at decoding Enigma than a Pentium Processor, so it was a pretty good machine.  (Many historians state that the Germans were good soldiers, but had a blind spot about the value of good intelligence.  The Allies were good at intelligence which won the war.)

There are  different ways of encrypting data based on:

• transposition where characters are moved about;
• substitution where one character stands for another.

Here is a message that we will encrypt:

PHYSICS IS FUN BUT MATHS IS ROCK HARD

Lets translocate the message by transmitting it up-and-down rather than left to right.  First of all we put the message in a 7 × 7 square box:

Notice that we put a star (*) instead of a space.  Reading from left to right along each line you can easily see the message.  But if you transmit it going down and from left to right you get:

P**TRR*HIBHOD*YSUSC**S*T*K**IF*I***CUMSH**SNA*A**

You could transmit the message from right to left and going up, or even diagonally.  If the receiving computer has the correct algorithm (set of instructions) it will decrypt the message in the right way to give us:

PHYSICS IS FUN BUT MATHS IS ROCK HARD

Question 3  Use a 5 x 5 grid to decode ITT*O*E*HRWDNIYA*OS*NITT*  ANSWER

Now let's see what our message is if we substitute a letter that is two letters further along in the alphabet:

 PHYSICS IS FUN BUT MATHS IS ROCK HARD

RJAUKEU*KU*HWP*DWV*OCVJU*KU*TQEM*JCTF

When you do something like this, you forget the order of the alphabet!

The transmitting computer sends a decoding or decryption cipher or key so that the encrypted message can be decoded.  In practice there needs to be quite a complex set of ciphers, so that the code is not broken easily.  Cryptography is important in the security of transmitted data:

• It identifies authentic users;

• It prevents alteration of the message;

• It prevents unauthorised users from reading the message.

Accounting Software

There are organisations that provide other organisations with network services and charge for network use.  The charge depends on:

• Time logged on;

• Processing time;

• Resources used (such as disk space or printer);

• Time of day.

Like auditing software, patterns of usage can be monitored to encourage users to use the system at less busy times of the day.  It can also help administrators to decide whether extra resources are used.

Question 4  While planning to install a network accounting system, a company has become concerned about the security of its local computer network.

(a) Explain two procedures that the company can adopt to discourage breaches of security.

(b) State two reasons for using accounting software on the network.  (AQA Past Question)

ANSWER

Now try the Topic Quiz.