Network security- defense in depth

Network security- defense in depth

Name:

Number:

Course:

Lecturer:

The re a number of technologies that are associated with network security defense. Firstly are those technologies that supports wireless sensor network where many features of sensor networks might aid in tackling the challenge of building network that is secure. The unique feature of sensor network might permit fresh defenses that do not actually exist in conventional network. Some of the wireless technologies for network security defense include SPINS, TINYSEC, and LEAP (Singh, Singh & Singh, 2011).

The security protocol for sensor network (SPINS) is a security building block that is optimized for resource limited environments and communication using wireless technology. SPIN consists of two safety building blocks namely sensor network encryption protocol (SNEP) and µTESLA. SNEP is a technology used to offer data confidentiality, data authentication as well as freshness of data. µTESLA offers authenticated broadcast for extremely resource limited surrounding. To attain confidentiality and message authentication code (MAC), SNET employs encryption process which also enables it to obtain two party authentication and data integrity. SNEP offers many benefits like low overhead in communication, semantic security which avoids eavesdroppers from inferring the message content from the encrypted message, protection replay, message freshness as well as data authentication. TESLA authenticates the original information packet using the technology of digital signature. It uses only symmetric mechanisms and discloses the key once per period (Singh, Singh & Singh, 2011).

The TinySec technology is a link layer security design for wireless network which offers the same services as SNEP. The services include message integrity, confidentiality protection of replay and authentication. It offers the fundamental security features of message authentication and integrity by means of MAC, confidentiality of message via encryption, semantic security via initialization vector as well as replay protection. TinySec also supports two distinct security alternatives namely TinySec-AE which is the authenticated encryption and TinySec auth which is authentication only. For the case of TinySec-AE, the cipher block chaining (CBC) mode is employed for data encryption payload where the packets are authenticated using MAC. In TinySec auth mode, the TinySec authenticates the whole packet using MAC although the data payload in not encrypted n this case (Singh, Singh & Singh, 2011).

The localized encryption and authentication protocol (LEAP) technology is a major administration protocol used for sensor networks. It is mainly constructed for the purpose of supporting in-network processing and safe communication across sensor networks. LEAP therefore offers the fundamental security services like confidentiality and authentication. Moreover, LEAP is to meet various security and performance needs that are significantly extra difficult to sensor networks. IT supports the setting up of four types of keys for every sensor node. The keys include individual key to be shared with the base station, cluster key to be shared by several adjacent nodes, group key to be shared by all nodes in the network and pairwise key to be shared with another sensor node. LEAP also supports source authentication with no prevention of in-network processing and passive involvement. IT limits the security effect of node compromise to the immediate neighborhood network of the concession node (Singh, Singh & Singh, 2011).

There are also other technologies such as supervisory control and data acquisition (SCADA), cyber forensics intrusion detection system SIEM among others. Cyber forensics is used as a reactive and post mortem after cyber attack has taken place purposely to try to find out who might have been responsible for the attack within the network. It is actually different from intrusion detection system (IDS) which is used to plan for detection of cyber criminals prior to the attack. SIEM on the other hand is a network data collector used for network traces. Its function is highly dependent on its configuration. The network security approaches can also be adopted from technologies such as those of conventional network, embedded systems or sensor networks (Dacer et al., 2014).

Another related technology is the simulation which involves moving target defense (MTD) which has been hypothesized as the possible game changer in cyber defense plus the defense of computer networks. In MTD, a group of objective analytical models have to exist for prediction of effectiveness of MTD systems to secure computer networks. These analytical models are useful both at design and runtime. The inputs are provided to the simulation model where a group of objective metrics are needed that captures particular information associated with the features of the system. The metrics captures a number of things which include the area that an attacker have to search for the purpose of determining the configuration of the system, the modifiable features of the system and what is to change in the system arrangement including how speedy the arrangement is changing. In this case, the metrics are also related to the effort needed by an attacker to attack the system (Zhuang et al., 2012).

Depending on the arrangement of the network to be defended, the analytical model have to capture the fundamental steps required to attack the system and to determine the efficiency of MTD system to defeat attacks trying to exploit both known and unknown vulnerabilities. The design of the MTD should be based on knowing the present situation which is captured in a group of runtime models. The runtime models permits the system to reason over the present state of the system and generate adaptations in order to confuse and reject possible attackers. The use of MTD is effective for especially enterprise computer networks (Zhuang et al., 2012).

There are also other related technologies like the network address space randomization which permits the use of similar network address space randomization (NASR) scheme in order to prevent worms. The dynamic network address translation (DYNAT) is another technology that is an information assurance program. The main goal is to inhibit the ability of the attacker from mapping the network, thereby making network attack extra difficult. This technique makes it appear as though the network addresses and port numbers used by computers of the network changed dynamically via dynamic network translation (DYNAT). This disguises the host identity information in the transfer control protocol (TCP)/ internet protocol (IP) packets (Zhuang et al., 2012).

The datagram technology, also known as packets is also a way of protecting information that travels across the network. In this case information travels in form of packets that are formatted in particular ways. The packets contain the header information as well as the source and destination addresses. Only the receiver device/computer of the information packets is able to recognize the destination address attached to the message.

The technology of cloud computing and big data also helps in network security and the data that travels across it. The cloud service providers are normally responsible for ensuring that the customer/ client network and systems are free from cyber attacks such as hackers. They do this by setting user privileges at different levels for their customers. By so doing, the cloud service providers play an important role in network security defense for various company clients (Harrington, 2014).

The evaluation of network security can also be done by the help Markov game Model (MGM) which is a technique suitable for improving the awareness of the network security. The Markov model gains a normal data assets vulnerabilities and risks through fusing a number of system security data gathered by multi sensors. It analyzes the propagation rule of every threat and builds a threat propagation network. The use of Game theory to analyze the behavior of threat, users and administrators it sets up Markov Game Model. The MGM can thus evaluate system security in a dynamic way and offer the most excellent reinforcement schema for the administrator. The MGM technique is suitable for real network environment with precise and efficient assessment result in terms of the prevailing network security conditions (ZHANG et al., 2011).

References

Singh, S. K., Singh, M. P., & Singh, D. K. (2011). A survey on network security and attack defense mechanism for wireless sensor networks. Int. J. Comput. Trends Tech, 5-6.

Dacer, M. C., Kargl, F., König, H., & Valdes, A. (2014). Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures (Dagstuhl Seminar 14292).

Zhuang, R., Zhang, S., DeLoach, S. A., Ou, X., &Singhal, A. (2012, June). Simulation-based approaches to studying effectiveness of moving-target network defense. In National Symposium on Moving Target Research.

Harrington, S. L. (2014). Cyber Security Active Defense: Playing with Fire or Sound Risk Management? Rich. JL & Tech., 20, 12-13.

ZHANG, Y., Tan, X. B., Cui, X. L., & XI, H. S. (2011).Network security situation awareness approach based on Markov Game model [J].Journal of Software, 3, 009.