design and implementation of network security

Description

ABSTRACT

Network Security is essential to any organization. This has been previously done by manual method. But this project is aimed at computerized Network Security to make the work easier. This is possible because of the advance improvement in information technology as pertaining programming language; because this is achieved by the help of visual basic programming language and other programming language. For the first few decades of their existence, computer\ networks were primarily used by university researchers for sending e-mail and by corporate employees for sharing printers. Under these conditions, security did not get a lot of attention. But now, as millions of ordinary citizens are using networks for banking, shopping, and filing their tax returns, network security is looming on the horizon as a potentially massive problem. The requirements of information security within an organization have undergone two major changes in the last several decades before the widespread use of data processing equipment the security of information felt to be valuable to an organization was provided primarily by physical and administrative means with the introduction of computer the need for automated tools for protecting files and other information stored on the computer became an evident .this is especially the case for a shared system such as time sharing system and the need is even more acute for systems that can be accessed for a public telephone or a data network the generic name for the collection of tools to protect data and to thwart hackers is ―computer security‖. Network Security is a broad topic and covers a multitude of sins. In its simplest form, it is concerned with making sure that nosy people cannot read, or worse yet, secretly modify messages intended for other recipients. It is concerned with people trying to access remote services that they are not authorized to use. Most security problems are intentionally caused by malicious people trying to gain some benefit, get attention, or to harm someone. Network security problems can be divided roughly into four closely intertwined areas: secrecy, authentication, non repudiation, and integrity control. Secrecy, also called confidentiality, has to do with keeping information out of the hands of unauthorized users. This is what usually comes to mind when people think about network security. Authentication deals with determining whom you are talking to before revealing sensitive information or entering into a business deal. Non repudiation deals with signatures.

	TABLE OF CONTENT
Title page		i
Approval page		ii
Certification		iii
Dedication		iv
Acknowledgement		v
Abstract		vi
Table of content		vii
CHAPTER ONE
1.0	Introduction	1
1.1	Statement of the problem	5
1.2	Purpose of study	6
1.3	Aims and objective of the study	6
1.4	Scope of study	7
1.5	Limitations	7
1.6	Assumptions	7
1.7	Definition of terms	8
CHAPTER TWO
2.0	Literature review	10
CHAPTER THREE
3.0	Description and analysis of the existing system	16
3.1	Fact Finding Method Used	16
3.2	Objective of the existing system	17
3.3	Organizational chart	18
3.4	Input/process/output analysis	19
3.5	Information flow diagram	20

 

CHAPTER FOUR
4.0	Design of new system	21
4.1	Output specification and design	21
4.2	Input specification and design	22
4.3	File design	23
4.4	Procedure chat	23
4.5	System flowchart	24
CHAPTER FIVE
5.0	Implementation	26
5.1	Program design	26
5.2	Program flowcharts	28
5.3	Documentation	29
5.4	Recommendation	30
5.5	Conclusion	30
5.6	Summary	32
	Reference	35
	Appendix I	36
	Appendix II	37

CHAPTER ONE

• INTRODUCTION

Several recent proposals have argued for giving third parties and end-users control over routing in the network infrastructure. Some examples of such routing architectures include TRIAD [6], i3 [30], NIRA [39], Data Router [33], and Network Pointers [34]. While exposing control over routing to third-parties departs from conventional network architecture, these proposals have shown that such control significantly increases the flexibility and extensibility of these networks.

Using such control, hosts can achieve many functions that are difficult to achieve in the Internet today. Examples of such functions include mobility, multicast, content routing, and service composition. Another somewhat surprising application is that such control can be used by hosts to protect themselves from packet-level denial-of-service (DOS) attacks [18], since, at the extreme, these hosts can remove the forwarding state that malicious hosts use to forward packets to the hosts. While each of these specific functions can be achieved using a specific mechanism—for example, mobile IP allows host mobility— we believe that these forwarding infrastructures (FIs) provide architectural simplicity and uniformity in providing several functions that makes them worth exploring. Forwarding infrastructures typically provide user control by either allowing source-routing (such as [6], [30], [39]) or allowing users to insert forwarding state in the infrastructure (such as [30], [33], [34]). Allowing forwarding entries enables functions like mobility and multicast that are hard to achieve using source-routing alone.

While there seems to be a general agreement over the potential benefits of user-controlled routing architectures, the security vulnerabilities that they introduce has been one of the important concerns that has been not addressed fully. The flexibility that the FIs provide allows malicious entities to attack both the FI as well as hosts connected to the FI.

For instance, consider i3 [30], an indirection-based FI which allows hosts to insert forwarding entries of the form (id,R), so that all packets addressed to id are forwarded to R. An attacker A can eavesdrop or subvert the traffic directed to a victim V by inserting a forwarding entry (idV ,A); the attacker can eavesdrop even when it does not have access to the physical links carrying the victim’s traffic. Alternatively, consider an FI that provides multicast; an attacker can use such an FI to amplify a flooding attack by replicating a packet several times and directing all the replicas to a victim. These vulnerabilities should come as no surprise; in general, the greater the flexibility of the infrastructure, the harder it is to make it secure.

In this project, we improve the security that flexible communication infrastructures which provide a diverse set of operations (such as packet replication) allow. Our main goal in this project is to show that FIs are no more vulnerable than traditional communication networks (such as IP networks) that do not export control on forwarding. To this end, we present several mechanisms that make these FIs achieve certain specific security properties, yet retain the essential features and efficiency of their original design. Our main defense technique, which is based on light-weight cryptographic constraints on forwarding entries, prevents several attacks including eavesdropping, loops, and traffic amplification. From earlier work, we leverage some techniques, such as challenge-responses and erasure-coding, to thwart other attacks.

NETWORK SECURITY

(NS) is an important aspect of any system. NETWORK SECURITY is the act of ensuring that an authenticated user accesses only what they are authorized to and no more. The bad news is that security is rarely at the top of people’s lists, although mention terms such as data confidentiality, sensitivity, and ownership and they quickly become interested. The good news is that there is a wide range of techniques that you can apply to help secure access to your system. The bad news is that as Mitnick and Simon (2002) point out ―…the human factor is the weakest link. Security is too often merely an illusion, an illusion sometimes made even worse when gullibility, naivette, or ignorance come into play.‖ The go on to say that ―security is not a technology problem – it’s a people and management problem.‖ Having said that, my experience is that the ―technology factor‖ and the ―people factor‖ go hand in hand; you need to address both issues to succeed.

Access control is the ability to permit or deny the use of a particular resource by a particular entity. Access control mechanisms can be used in managing physical resources (such as a movie theater, to which only ticket holders should be admitted), logical resources (a bank account, with a limited number of people authorized to make a withdrawal), or digital resources (for example, a private text document on a computer, which only certain users should be able to read).

Banks are secured financial institutions. They are often housed in large buildings that are located in a commercial or residential area. Banks store money and other financial information and goods.

Money and valuables have been stored in banks since ancient times. As a result of the long history that banks have enjoyed, bank security has also been important for a long time. Some of the oldest banks in the world have the best security available. These banks include the Bank of Sweden, the Bank or England, Bank of America, and Swiss Banking.

Bank security usually includes a staff of security guards, a security system, and one or more vaults. Security guards are uniformed personnel that maintain high visibility and watch cameras and alarms. Cameras and alarms are usually top of the line systems in banks and other financial buildings. But these security elements are not exclusive to banks. Some of these elements can be found in other commercial buildings and even residential homes.

Basic security starts with the locks. For a high level of security, windows and doors will need the best locks. After high quality locks are installed many property owners opt for a security system or even security cameras.

Security cameras are often a small part of a larger security system. Systems often include motion detectors, alarms, sensors, and cameras. Cameras are arguably the most important because they allow the property owner to see and record everything that happens in and around their building or property.

Cameras can be installed by a professional or by a property owner. For a large and elaborate system it may be best for a professional to do the work. But for a smaller and easy layout, a property owner should have no problem installing a system by following the manufactures instructions. If he does than there is usually a local installer that can be called to help finish the job.

• STATEMENT OF THE PROBLEM

Owing to:

1. Fraudulent act of some customer/workers
2. Accessing the organizational data/information unauthorized
3. Sensitive nature of bank data/information
4. Valuable or costly items in bank
5. Increase in crime in our society

The need arise for the development of computerized NETWORK SECURITY to eliminate such problems.

• PURPOSE OF STUDY

The main purpose of this project is to design a NETWORK SECURITY that will assist UBA in the area of ensuring effective security measures.

• AIMS AND OBJECTIVES

This project will have the following aims and objectives:

Detecting security violations

Re-creating security incidents

To disallow unauthorized users

To safeguard the organizational data/information

To computerized the organizational security

To enhance the organizational security

To eliminate all forms of mistakes associated with security control

• SCOPE OF STUDY

This research work will access the design and implementation of NETWORK SECURITY in UBA Enugu. It will look into the operations of this bank in the aspect of computerizing their security control system.

• CONSTRAINTS

This project will be limited to the data available at hand, data outside the researcher will not be made use of The limitations militating against this research are financial constraints, time factor and other circumstances.

• ASSUMPTIONS

Accuracy, efficiency and reliability is associated with Network Security. For the purpose of this research, my assumptions can be stated as follows:

1. The application of computer related garget for security control
2. A computerized Network Security is effective and dependable

• DEFINITION OF TERMS

Administration is an aspect of running the organization by devising systems which will run smoothly.

2. Client: This any process that request specific services from server
3. Computer: This is an electrons machine that can accept; handle and manipulate data by performing arithmetic and logic operations without human intervention usually under the control of programmes.

4. Data: This is fore runner of information. It is unprocessed fact.
5. Database is a collection of information that is related to a particular subject or purpose.
6. Hardware: This is the electromechanical part of computer system.
7. Information: This is data that have been processed, interpreted and understood by the recipient of the message or report.
8. Internet is a collection of computer networks that operate to common standards and enable the computes and the program they run to communicate directly.
9. Server: This is a process that provides requested services for clients.
10. Software: This is a logically written program that hardware uses to perform it’s operation.
11. System is the collection of hardware, software, data information, procedures and people.
12. Website is a space or location customized by a company, organization or an individual which is locatable within an address on the internet.

• RECOMMENDATION & CONCLUSION

• RECOMMENDATION

This great research is recommended to individuals who are involved in one business transaction or the other, that they continue to fulfill their motives by making profit through NETWORK SECURITY.

• CONCLUSION

In computer security, access control includes authentication, authorization and audit. It also includes measures such as physical devices, including biometric scans and metal locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by humans and automated systems.

In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects (see also Access Control Matrix). Subjects and objects should both be considered as software entities, rather than as human users: any human user can only have an effect on the system via the software entities that they control. Although some systems equate subjects with user IDs, so that all processes started by a user by default have the same authority, this level of control is not fine-grained enough to satisfy the Principle of least privilege, and arguably is responsible for the prevalence of malware in such systems (see computer insecurity).

In some models, for example the object-capability model, any software entity can potentially act as both a subject and object.

Access control models used by current systems tend to fall into one of two classes: those based on capabilities and those based on access control lists (ACLs). In a capability-based model, holding an unforgivable reference or capability to an object provides access to the object (roughly analogous to how possession of your house key grants you access to your house); access is conveyed to another party by transmitting such a capability over a secure channel. In an ACL-based model, a subject’s access to an object depends on whether its identity is on a list associated with the object (roughly analogous to how a bouncer at a private party would check your ID to see if your name is on the guest list); access is conveyed by editing the list. (Different ACL systems have a variety of different conventions regarding who or what is responsible for editing the list and how it is edited.)

Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject).

Access control systems provide the essential services of identification and authentication (I&A), authorization, and accountability where:

identification and authentication determine who can log on to a system, and the association of users with the software subjects that they are able to control as a result of logging in;

authorization determines what a subject can do; Accountability identifies what a subject (or all subjects associated with a user) did.

• SUMMARY

Routing is one of the most important parts of the infrastructure that keeps a network running, and as such, it is absolutely critical to take the necessary measures to secure it. There are different ways routing can be compromised, from the injection of illegitimate updates to DOS specially designed to disrupt routing. Attacks may target the router devices, the peering sessions, and/or the routing information. Fortunately, protocols like BGP, IS-IS, OSPF, EIGRP and RIPv2 provide a set of tools that help secure the routing infrastructure. This section provides the guidelines for using such tools.

The router’s primary functions are to learn and propagate route information, and ultimately to forward packets via the most appropriate paths. Successful attacks against routers are those able affect or disrupt one or more of those primary functions by compromising the router itself, its peering sessions, and/or the routing information.

Routers are subject to the same sort of attacks designed to compromise hosts and servers, such as password cracking, privilege escalation, buffer overflows, and even social engineering. Most of the best practices in this document help mitigate and even prevent some of those threats.

Peering relationships are also target of attacks. For most routing protocols routers cannot exchange route information unless they establish a peering relationship, also called neighbor adjacency. Some attacks attempt to break established sessions by sending the router malformed packets, resetting TCP connections, consuming the router resources, etc. Attacks may also prevent neighbor adjacencies from being formed by saturating queues, memory, CPU and other router resources. This section of the document presents a series of best practices to protect neighbor adjacencies from those threats.

Finally, routing can also be compromised by the injection of false route information, and by the modification or removal of legitimate route information. Route information can be injected or altered by many means, ranging from the insertion of individual false route updates to the installation of bogus routers into the routing infrastructure. Potential denial of service conditions may result from intentional loops or black-holes for particular destinations. Attackers may also attempt to redirect traffic along insecure paths to intercept and modify user’s data, or simply to circumvent security controls. This section also includes a collection of best practices designed to prevent the compromising of routing information.