Proactive Network Defence Techniques in Security Attacks

Proactive Network Defence Techniques in Security lash outs1. IntroductionNetwork Security in the ordinal century is one of the critical aspects for the stiff management and protection of the enterprisingness data alongside its sustained operations (Stallings, 20071). This is naturally beca physical exercise of the fact that the threat for earnings security has increased from passive storms to active breach of the security through exploiting the vulnerabilities of the cyberspace and its set-up as argued by McClure et al, 20072. This makes it trim that a explode from the traditional security measures in and organization, it is essential to launch a pro-active near to let on and pr solution attacks on the net income. In this report a critical review on the application of proactive vane defense reaction techniques to protagonist identify and prevent security attacks to enable electronic intercommunicate demurral is presented to the reader.2. What is Proactive Network D efence?The proactive mesh falsification outline as opposed to the traditional meshing security differs mainly in its application within a given net profit. This is beca do of the fact that the proactive lucre defence reaction schema is predominantly involved in the process of analysing incoming colloquy and data transfer within the organizations interlock to identify patterns for virus attack or security breach outside the purview of the virus definitions that be normally directd by anti-virus software theatrical roled. This makes it clear that the application of the pro-active network defence strategy in an organization mainly foc characterd on identifying and preventing new virus patterns, Trojan programs, etc., as opposed to handling the exist virus definitions (Todd and Johnson, 20013). Todd and Johnson (2001) further argues that the network attacks by hackers and other unauthorised handlingrs is mainly through exploiting the vulnerabilities in the existing set- up of a network and the programs use for parley etc., This makes it clear that the use of the proactive network defence strategy is a key requirement to assess the communication infrastructure and the protocols used on a regular pedestal to identify potential vulnerabilities through constant compend in order to help prevent malicious attacks exploiting such vulnerabilities (McClure et al, 2007). Some of the key proactive network defence strategies are discussed with examples in the subsequent sections of this report.The application of proactive network defence can be accomplished through implementing a set of applications that are targeted to perform network data analysis and surgical operation analysis on the network as well as the computers connected to the network. This strategy will help feed the network security definitions with potential threats to the network thus enabling the organization to update the network security policies by an organization. Another critical ciph er associated with the network security and proactive defence approach is the increasing need for sustainability over disaster recovery for uninterrupted operations of the core business processes.This makes it clear that the implementation of proactive network defence strategies through continuously monitoring the network traffic will help gain the desire take of network defence against external attacks.The train of threats faced by a network varies with the extent to which its vulnerabilities are visible to the hackers and the temper of the information being handled.3. yield correlativityThis is deemed to be one of the key elements of proactive network defence as the events leading to the security attack resembling a Denial of Service (DoS) Attack when analysed online can help prevent the attack rather than repair the damage post-recovery of the attack (Hariri et al, 20054). This process is mainly the ability to use the proactive network defence system to analyse the networ k data and the events handled by an application as part of the network communication in order to identify patterns of unusual nature that can affect the network defence as argued by Todd and Johnson (2001).One of the key areas where event correlation online is necessary would be the ICMP attacks and the DoS attacks mentioned above. In these personas the study vulnerability of the network is the ability of the attacker to exploit the basic nature of the protocol architecture and crystal clear conditions that lead to the handshake and subsequent communication among the parties involved. The spoofing and deluge attacks that exploit the network layer protocol communication vulnerabilities associated with the handshake process.The sequence of events that lead to the successful attack are mainly associated with the network throw off or the hub failing to recognise the malicious user in the handshake process resulting in the transfer of data to the unauthorised user. The events corr elation at the network level on the hub will help analyse the series of events in the handshake process raised by the unauthorised user just by identifying the level of communication ports dedicated to the channel for communication thus helping prevent such an attack at the network level.Apart from the case of spoofing and flooding at the network layer protocol attacks, the process of event correlation is one of the critical components of proactive network defence owe to the fact that the communication vulnerabilities is evident at all the communication layers of the TCP/IP model as well as the applications using them for communication as argued by Conway (2004) (2004)5.This is naturally because of the fact that the event correlation is one of the major elements that help identify new Trojan programs that have infiltrated the firewall. Once the events are recorded, a correlation all linear or non-linear would help identify potential threats to the network by identifyingVulnerabilit ies in the networkThe programs that have exploited such vulnerabilitiesThe events leading to the threatUpon identifying the above, a network administrator can successfully prevent the attack by updating the security policies and virus definitions of the networks anti-virus program.Another example for the case above will be the Pine e-mail program in UNIX and Linux Machines that generated temporary file a user was editing an e-mail message (Howard and Whittaker, 20056). The event correlation process can help identify the sequence of events associated with the glide slope of the temporary files by unauthorised users. The above example in like manner justifies that the communication level security vulnerability is not the solitary(prenominal) issue but also the actual software application that is utilising the communication protocol (Conway, 2004).4. Real-time Analysis and Event loggingThe process of real-time analysis is deemed to be one of the key aspects of proactive network def ence. This is necessary because both the software application vulnerability and the network vulnerability. The real-time analysis as argued by Hariri et al (2005) is mainly performed as a listener service that is dedicated to capture the events as they occur whilst analysing them against the logged events from any a database-based application or the event logs that are generated by the operating system. This is the process that can help control the network attacks as the comparison with the past events is one of the key aspects associated with identifying planned attacks on a network as argued by Hariri et al (2005). The use of the real-time analysis of the events along with using the existing set of events is indeed a memory rich and processor demanding process. Hence the implementation of this procedure across a wide network would require effective configuration of the available resources in order to optimize the network performance for running the enterprise applications.The im plementation of the real-time analysis strategy as part of the proactive network defence is deemed to be an advanced level of security implementation purely due to the fact that the resources consumed and the nature of the requirement to prevent the slightest attack on the network. This makes it clear that the real-time analysis with correlation to the archive events in either the event logs or database is not an option for small and medium enterprises whilst the real-time analysis in itself is a powerful tool that can help fend the network attacks effectively in a proactive manner.One of the major areas where the real-time analysis is applicable is the case of spyware (Luo, 20067). The case of spyware is predominantly dependant on the ability to mask the events and listen into the target computer/network without the familiarity of the user. The use of the real-time analysis of the events will help identify patterns that can be assessed in order to identify potential spyware that a re running in the computer. The use of real-time analysis as part of the proactive network defence will also help identify critical issues associated with the network performance as the primary aim of attackers is the de-stabilise the network. The use of the real-time analysis to review the network performance will help prevent the infiltration of hackers through the use of listeners programs on the transport layer and network layer protocols either through opening an additional communication port or through flooding the communication ports with malicious handshake requests.Attacks like Tiny Fragment Attack which is targeted on the TCP protocol through exploiting the filtering rules of the protocol algorithm can be determine effectively using the real-time analysis. The use of appropriate conditions on identifying the filtering rules manipulation in the real-time analysis will help achieve the desired level of network defence whilst preventing the exploitation of the TCP protocol r ules.Spyware related attacks that threaten the corporate environment heavily as argued by Lou (2006) can be identify and prevented effectively using the proactive network defence strategies. The real-time analysis strategy of proactive network defence will help accomplish the desired level of network defence whilst continuously analysing the data transferred across the network.5. Access Control and Network ImmunityThe use of the access control and network electric resistance in a network defence strategy is one of the major areas where the network security can be maintained whilst preventing the unauthorised access to the network/network resources as argued by Hariri et al (2005). The proactive network defence strategy in an organization though event correlation and real-time analysis can be achieved effectively through enabling a robust access control policy across the network as argued by Conway (2004). This owing to the fact that the code hacking targeted on the TLS and SET prot ocols of the TCP/IOP protocol stack can be place through analysis through the effective use of the access control policies as argued by Conway (2004). This is plausible by integrating the real-time analysis with the access control policies of the network thus providing the ability to handle exceptions and violations to the network access for a given user registered with the network.It is further critical to appreciate the fact that the major vulnerability within a network is the access control which when not implemented effectively will provide room for the registered users to exploit their network access rights. Role-Based Access control that is deemed to be a logical and proactive measure to prevent the malicious access to the information whilst enabling robust access control policy is one of the strategies that can help achieve proactive network defence. The combined use of the real-time analysis and the Role-Based Access Control methodology will help accomplish proactive networ k defence against external as well as internal attacks on the network.Application penetration as argued by Howard and Whittaker (2005) is one of the major areas where the network immunity strategy can help achieve proactive network defence against malicious attacks on the network. As the inherent weaknesses of the application when identified by the hacker to use for his/her benefit will result in the network being attacked from the core through the application, it is necessary to implement strategies like the aforementioned in order to enable reliable network security. This process is also evident in the case of throughput-based attacks on the communication protocols like the Blind-Throughput reduction attack which can be used by the attacker to reduce the amount of data transferred on purpose when using ICMP protocols. The use of the network immunity through real-time analysis and the use of access control strategies will help draft a better appreciation of the issue faced by the n etwork and the cause for the performance reduction. This when identified can be integrated to the existing security policies of the network in order to prevent abuse of the vulnerabilities within the network.The case of through reduction attacks also accompany the threat of forcing the master of ceremonies computer to re-send the same message multiple times with reduction in the packet size owing to the inability of the savoir-faire to receive the packet. This strategy popularly known as the performance degradation attack by the hackers can have serious impact on the server performance due to the lack of the server to cater for more number of users can be identified through the use of proactive network defence strategies like real-time analysis and network immunity to ensure that the performance of the network as well as the computers connected to the network are not affected.The use of event correlation and real-time analysis strategies will help identify the critical issues asso ciated with the communication port related attacks on server computers like the TCP port 80 attacks can be identified and prevented effectively. As the port 80 is one of the key communication ports for TCP protocol in external communication, the exploitation of this vulnerability will affect the overall performance of the server computer being attacked thus resulting in performance degradation. The use of the proactive monitoring methods for network defence can help overcome these issues by identifying patterns through running correlation (linear or non-linear) to prevent new attacks targeted on such communication ports. The HTTP protocol which is a critical element in the Web-based applications for electronic commerce is another key application layer protocol that is targeted by hackers on specific communication ports of the computers involved in the communication.6. Applied Proactive Network Defence and Protocol Attacks countermeasuresThe countermeasures for protocol attacks speci fic to the vulnerability in each network communication protocols used for communication over the Internet are mainly responsive in nature. This is because of the fact that the countermeasures Port Randomization for Blind Connection limit Attack etc., were set in place following an attack but not prevented through assessing the network communication architecture beforehand. In case of the use of the proactive network defence strategy, the key advantage is to use specific software algorithms to assess the existing network and perform a vulnerability suit in order to identify the key areas where there will be potential external attacks. This approach will help prevent new attacks through enabling new virus definitions that handle exceptions raised through these attacks.The employ proactive network defence strategy is deemed to be a continuously evolving strategy that can help identify and handle vulnerabilities in the network as well as the applications used in the network. This mak es it clear that the effective use of the applied proactive network defence strategies will help realize the desired network security at an on-going basis as opposed to the traditional countermeasures approach which is mainly reactive in nature.7. ConclusionFrom the discussion presented above it is clear that the proactive network defence when applied across a given enterprise network will help achieve a dynamic network security management. However, the key element that must be appreciated is the fact that the network security must be enabled for the existing security threats using the security definitions and policies defined by the organization alongside the commercial software used for the network security. The continuous update of the virus definitions alongside the firewall configuration and security updates from the security software vendor is critical for the network security. The major advantage of the use of the proactive network defence strategy is the ability to identify patterns that may have been missed by the definitions from the security software vendor. The configuration of proactive network defence system to the security requirements specific to the organizations network will help implement a layer of security over the otherwise reactive network security strategy. It is also critical to appreciate that the proactive network defence in an organization will help address not only the security related aspects of the network but provide a comprehensive support strategy by analysing the performance of the network and the server/nodes comprising the network. The applied proactive network defence strategy is thus a layer of security that can help effectively use the security software and network resources in an integrated fashion.Footnotes1 Stallings, W. (2007), Cryptography and Network Security 4th Edition, Prentice Hall2 McClure, S. Kurtz, G. and Scambray, J. (2005), Hacking Exposed 5th Edition, McGraw-Hill3 Todd, C. and Johnson, N. L. (2001), Hack Proofing Windows 2000 Server Security, Syngress Publishing4 Hariri, S. Guangzhi Qu Modukuri, R. Huoping Chen and Yousif, M. (2005), Quality-of-protection (QoP)-an online monitoring and self-defence mechanism, Selected Areas in Communications, IEEE Journal on Volume 23, Issue 105 Conway, R. (2004), Code Hacking A Developers Guide to Network Security, Charles River Media6 Howard, M. and Whittaker, J. A. (2005), Application Penetration Testing, IEEE COMPUTER SOCIETY, 1540-7993/05/$20.007 Luo, X. (2006), A holistic Approach for Managing Spyware, E D P A C S, VOL. XXXIII, NO. 11