Network security – how to prevent attacks & secure your server
Swayam Prakasha explains the types of attacks that could happen over a network and their preventive measures. He also takes a look at various means of securing a web server…
Swayam Prakasha has been working in information technology for several years, concentrating on areas such as operating systems, networking, network security, electronic commerce, internet services, LDAP and web servers. Swayam has authored a number of articles for trade publications, and he presents his own papers at industry conferences.
Network and information security refers to the confidence that unauthorised users cannot access the information and services available on a network. Security implies safety. It assumes data integrity, freedom from unauthorised access of resources and freedom from disruption of services. As far as security is concerned, we need to protect both physical and abstract resources, such as information. Protecting the latter is more difficult.
Information security is concerned with three main areas: confidentiality (information should be available only to those who rightfully have access to it), integrity (information should be modified only by those who are authorised to do so) and availability (information should be accessible to those who need it when they need it).
On the internet, where data passes across intermediate routers and networks, source authentication can be easily attacked at one of the intermediate routers. For example, an impostor can gain control of a router, ‘R’, that lies between a valid client and a server. He can then alter the routes in R to direct return traffic to him and generate a request using the authorised client’s address as a source address. The server will, in this case, accept the request and send the reply to the authorized client. When it reaches R, the reply will be forwarded along the incorrect route to the impostor.
The above example illustrates the need for the server and client to not communicate with impostors. One way of ensuring this is to use the authentication mechanism (also known as IP address authentication). This is a simple security mechanism to verify identification. Here, a server is configured with a list of valid IP source addresses. And when a request arrives, the server makes sure that it’s from a valid client by matching the client’s IP address with the ones in the configured list. Only if the client is authorised does the server grant it the service requested for.
Another method is the public-key encryption mechanism. In this case, we will be using a pair of keys: a public key and a private key. The sender using the public key of the receiver will encrypt the message and when the receiver receives it, he decrypts it using his private key (which only he knows). Thus the sender can make sure that only the intended receiver will receive the message. The public key encryption can be used for authentication, confidentiality and integrity of the messages.
1. Default installations of operating system and applications
2. Accounts with no password or weak password
3. Non-existent or incomplete backup
4. A large number of open ports
5. Not filtering packets for correct incoming and outgoing addresses
6. Non-existent or incomplete logging
7. Vulnerable CGI programs
8. Sendmail vulnerabilities
9. BIND weaknesses