telecommunication and network security

8/12/2019 Telecommunication and Network Security

1/15

0

Telecommunication and Network Security


2/15

1

Table of Contents

Abstract ........................................................................................................................................................ 2

Telecommunication and network Security ............................................................................................. 4

History ................................................................................................................................................... 4

Common methods of attacking networks...5

Eavesdropping..5

Viruses...6

Worms and Trojans.... 6

Phishing.7 DoS7

Solutions.8

Cryptography.8

Firewalls...8

Intrusion Detection System...9

TLS9

Anti Viruses9

General Precautions.10

Hardware interface improvisation.11

Future of network Security12

References.13


3/15

2

Abstract

This paper focuses on the importance of the security in

telecommunication and networks. The paper not only addresses the

various ways by which a hacker or some unauthorized person can

get access to a computer or a network, but it also tells the ways and

means to improve the security of a system and a network. This

paper addresses the emerging trends in network security and weighs

the possible future aspects as well.


4/15

3

Telecommunication and Network Security

Over the past few decades the world has seen a revolution in Science and

technology. To be a little more specific, the world has been introduced into a new

age of Information Technology. The world has become a global village now. You

dont need to visit a market physically to buy anything. All you have to do is to

search out for that item on the internet and order it. You dont have to worry

about the payment either. All youve got to do is to get in possession of a credit

card or online account. You dont have to go to post office to post your mail. You

can now communicate with your dear ones via e-mail, video conference and

social networking sites.

The list doesnt end here. The technology has played an important role in

facilitating the office environment across the globe. All the computers in an office

can be networked and hence the transfer of the files is now less time consuming

process than ever.

But off course, along with these positive aspects, technology has brought some

risks or hazards as well. Like real life, the thieves exist in the e-world as well. The

hackers try to sneak into your account or network to steal the data of their interest.

Sometimes they do it for their interest. For this purpose the subject of

Telecommunication and network security studies has been taken seriously around


5/15

4

the world. Authors have written books on this subject and well briefly shed light

on this topic in the following lines.

History

Todays internet seems fine to us. High speed browsing and high speed

downloads keep us content. But it wasnt so since ever. The fore runner to this

internet was called APRANET. When APRANET was developed in 70s, people

could connect to each other. In 80s, some minds entered the taboo and started

experimenting with developing applications which could break into computer

networks. Such applications were very small sized and were sometimes installed

inside a file to increase the chances of success. To cut a long story short, cases

started to surface where it was complained that someone broke into the computer

network and modified or stole some data. This raised a question over the

vulnerability of the computer network systems. The IT experts then put their

heads together to sort out ways and means of improving the network security.

Since then, many ways and means of improving network security have been

devised and still being devised but the hackers have continued to resume their

battle with the networks.

Common methods of attacking network

There are many types of network security lapse. One can hack windows or

operating system of a computer. One can hack dial-up, PBX or Voicemail. Thats

not all. Hackers these days have become so advanced that they can hack your


6/15

5

firewall or even network devices. And off course hacking an internet user or a

website is beyond that.

The methods used by hackers to break into the networks are usually of two types.

The attacks may gain access to the personal data or knowledge. Such attacks are

usually made through phishing and eavesdropping. Sometimes the attacks are

purposed to mingle with certain functions of computers. Such attacks are made

through Trojans, viruses, worms etc. These attacks are common in a workgroup.

Well now discuss them in a bit more detail.

Eavesdropping

Eavesdropping is the act of listening or accessing the conversation between

others, without their consent. Such act is considered unethical generally. Security

agencies of some countries have been doing this for a long time. Recently NSA

was heavily criticized for taping the phones of international leaders.

Eavesdropping is of two types. Active and passive. Passive Eavesdropping is that

in which a person just listens or gets access to the networked messages whereas

on the other hand in Active Eavesdropping, the hacker not only gets access to the

message but inserts something in it or affects the quality of the message

deliberately.

Viruses

Viruses are such programs which have ability to replicate and propagate

themselves upon their insertion into a computer system. When such a file is

opened, it becomes active and it may not only copy itself to that computer but to


7/15

6

other computer as well. Whatever area of hard drive is captured by that virus, is

called the infected area. Virus may not only affect the functions of a computer but

may stalk unto your key strokes hence causing a greater probability of your

password being stolen without letting you know that what has happened. Such a

virus is called key-logger.

The purposes of developing such programs are various. Back in 70s and 80s,

people used to do it to make some profit. There were cases where people made

viruses, dropped them into computers via network and then advised the user to get

their computer alright from so and so computer shop. A law was made then

according to which hacking was declared an international crime. Although the

hacking for profit didnt stop since then but people started hacking for stealing

important data and leaving political messages as well.

Worms and Trojans

Worms and Trojans are much like viruses but not exactly the same. A worm is

often referred as a sub-class of viruses. A worm is much more difficult than a

virus since it can become active without any click on any file and can replicate

through your system. It can make hundreds of copies and send them to other

computers. Worm transfers through file exchange, usually through

e-mail.

Trojan or Trojan horse has a very interesting background. It derives its name from

its mythological Trojan Horse tale. As Trojan Horse was used to get into the city,

similarly Trojan in IT is a manipulated program or application which appears to


8/15

7

be a useful application at first and tempts the user to click it. Once clicked, it

becomes active and may do harm to the computer much like a virus.

Phishing

Phishing usually aims to hit at the confidential information of the individuals such

as dates of birth, passwords, user names, credit card numbers etc. This is usually

done through e-mails. Such e-mails may include content which may potentially

tempt the reader to share his information with the sender or a link to a website

which includes malware. Whatever mean is opted the end result is the loss of the

user. The word has been inspired from fishing, probably because the victim is

trapped through a bait, though an emotional one. Phishing is done not only by e-

mails but through phones as well. Phishing through phones involve some sort of a

fake number. The user is tempted to dial that number to get some prize (imaginary

though). Once the user dials that number, his balance starts decreasing or he

suffers some other sort of loss. Recently another interesting technique has been

opted which is referred as Evil Twins. This technique actually employs the

establishment of a fake wireless network , when a user connects onto that and

starts using it the hackers try to capture the passwords and credit card pins.

DoS

DoS stands for Denial of Service. In such kind of attack, so many requests are

sent to the host system to let join that the ability of system to answer those

requests fails and the system cant respond to the requests. The system has to go

offline i.e. without offering service for quite some time.


9/15

8

Solutions

The threats to the telecommunication and network security have been a major

concern for the world and will remain. Many techniques have been devised to

deal with these threats, in the following lines well discuss a few of those

techniques which have been somewhat successful in dealing with these threats

and concerns.

Cryptography

Cryptography is an ancient art. It was used to convey messages secretly by coding

them. The idea is intelligibly employed in network security where the sender

sends a message, it is coded by the network or some other service provider and

decoded into the spoken language at the receivers end. The only main drawback

with this system is that it is useful as long as the pattern or system of encryption

remains hidden or unknown to the hacker. Once the hacker gets to know it, it

becomes prone to decryption by the hacker.

Firewalls

Like Trojans, firewalls too have a reason behind their name. Firewalls are used in

construction. A brick wall is usually built between too structures with the purpose

to keep the fire from spreading. And thats how Firewalls of e-world work. They

provide protection to both incoming data and outgoing data of an organization or

an individual or between different components of a network, to be precise.

Firewall can revoke access to spoofed IPs etc. The settings of a firewall can be

customized according to your own requirements.


10/15

9

There are various types of firewalls. The main one being the Network layer or

Packet filter. These firewalls operate at a low level and do not allow the packets to

pass unless they match the established requirements. The admin, user or

moderator can define his own set of requirements. If he doesnt define any,

default instructions/rules/ requirements, the default set becomes active. The other

type of firewalls is application-layer firewall. Such firewall allows all the packets

to travel (traffic) to and from a particular application. Such firewalls block

packets from all other sources. The latency of data being transmitted depends

upon the inspection criteria of the firewall. There is another type of firewall,

which is not exactly firewall by its very nature but can behave so and that is a

Proxy. A proxy server can behave as an application firewall by inspecting all the

incoming packets of data and blocking other packets.

Intrusion detection systems

An intrusion detection system consists of a device or a software which monitors a

system or network for malicious or suspicious activities as well as policy

violations and then forms reports. Although it sounds much similar to firewall, it

is a bit different from firewalls. Firewalls are purposed to block unauthentic

traffic whereas intrusion system primarily notice intrusion attempts and just report

them. Thats the difference between the two.

There are some limitations of the intrusion detection system, however. Noise in

the packets can reduce the efficiency of an I.D.S. By noise, we mean bad packets

here. Such packets may generate a false alarm. Since attack-patterns are called


11/15

10

signatures and they keep updating rapidly, a signature based IDS needs to be

updated regularly. An outdated IDS may leave the system exposed to newer

patterns of attacks.

TLS

TLS is the abbreviation of Transport Layer Security. It is a suite of protocols

which ensures a good level of security. Such protocol is usually used by web

browsers to make the conversation between web and the user more secure than

ever. Internet Explorer and Netscape use this protocol. This protocol usually

makes use of cryptography and is used on those webs where passwords or credit

card no. etc. are required. Both TLS and its predecessor SSL use asymmetric

cryptography, which make them quite safer since symmetric encryption is more

vulnerable.

Anti-viruses

Anti-viruses are applications which detect Trojans, viruses or worms as well as

infections. They primarily work to stop attacks from external data storage sources

such as an external hard drive, floppy, CD, DVD or flash drive etc. Anti-viruses

are usually designed for individual computers but these days anti-viruses are

being developed which have the ability to stop and counter the threats and attacks

on a network as well. To protect a network through the use of an anti-virus the

anti-viruss signature definitions need to remain updated all the time. There are

many methods to do that.


12/15

11

The easiest method of updating anti-virus however is the bi-directional updating

of anti-virus. he method includes receiving a new antivirus file at one of the

user computerand the central service computerand updating the

computer'santivirusdatabase.

General precautions

Having discussed these methods well now discuss a few general pre-cautions

which can be done to secure a system or a network. On the top of the list is setting

up a password to the system or the network. While setting the password it should

be ensured that the password is not a common one. The more complex the

password, the better security it ensures. Passwords more than 10 characters long,

with at least one number and one punctuation sign are generally considered strong

enough. Passwords should be changed periodically. However one problem with

the passwords is that they are only good as long as you are able to keep them in

your mind. Once you forget them, you may suffer heavy loss.

While installing a firewall, make sure that you audit your firewalls regularly. Do

not connect with strangers on social networking sites unnecessarily. Do not click

on suspicious links shared by them, especially suspicious pictorial or video links

shared by them. While checking your e-mails, do not open those mails which

appear totally irrelevant or suspicious to you. At least dont do so on your own PC

or a PC which is the part of the network.


13/15

12

Hardware Interface improvisation

Big organizations and institutions cant just rely on software protection. The

advancements in technology are being focused to make the security of computer

networks as well as real life networks i.e. work places, offices more secure and

fool proof. One such step taken is the introduction of smart cards, RFID cards etc.

But the drawback of these cards is that once they get snatched or lost i.e. the

person loses the possession, the card may go into the wrong hands which may

then break into the network by just swiping it.

Some organization, especially those related with defense projects or projects of

national security have recently employed the methods of Biometric verification.

The most commonly used methods for Biometric verification are retina scan,

thumb print verification, voice recognition etc.

Recently, hackers have started using methods which may steal your data without

letting you know. These methods include use of some external hardware source,

plugged into USB port of your computer. The hardware appears to be harmless,

but when plugged, may ask to install drivers and that driver file is actually a

corrupt one. As soon as you click to install the driver file, you open up a door to

troubles. Sometimes, these external devices dont need a river file to be clicked.

Their interface has some hidden corrupt file which may infect your computer

without any action of yours.

Different OS have a set of hardware interfaces, yet there is no accepted standard

of interface to system software. Different groups, both on industrial level as well


14/15

13

as students are trying to develop a set of idealized high-level interfaces for

tailored devices. Such sets of interfaces will try to detect the suspicious devices

and their corrupt interfaces as well as the corrupt drivers for the external devices.

Future of network security

Although developments are being made both in hardware and software to protect

the networks around the globe, yet the future of network security lies in the

improvisation of software primarily. The future of network system lies in the

establishment of a successful immune system which not only fights the attacks

and threats but makes itself able to fight tougher attacks.


15/15

14

References

Peake, T. M. (2005). Eavesdropping in communication networks.Animal

communication networks. Cambridge University Press, Cambridge, 13-37.

Fraser, K., Hand, S., Neugebauer, R., Pratt, I., Warfield, A., & Williamson, M.

(2004, October). Safe hardware access with the Xen virtual machine monitor.

In1st Workshop on Operating System and Architectural Support for the on

demand IT InfraStructure (OASIS).

Elgamal, T., & Hickman, K. E. (1997). U.S. Patent No. 5,657,390. Washington,

DC: U.S. Patent and Trademark Office.s

Daya, B. Network security: History, importance, and future. University of Florida

Department of Electrical and Computer Engineering.

telecommunication and network security

Documents