Wednesday, January 29, 2020
Network Security Analysis Essay Example for Free
Network Security Analysis Essay This article is concerned about network security. It mentions about the present situation of network security and an analysis of the reason that lead to unsafe network environment. Then the article introduces two frequently used protocols in network security: HTTP (Hypertext Transport Protocol) and HTTPS (Hypertext Transfer Protocol over Secure Socket Layer), then compare them and give a brief conclusion. On the other side, the article introduces how firewall protects network security in hardware aspects. Keywords: Network; Security; Analysis; Countermeasures 1. Introduction As technology develops, network is getting more and more mature. It is known to all that security is the second step after that a successful network has been deployed. 1.1 Situation of Computer Network Security With the rapid development of the Internet and the widespread application, the number of computer viruses, Trojan horses is explosive growth. According to Jinshan drug gangsters cloud security center monitoring statistics show that in 2008, Jinshan drug gangsters were intercepted more and more new viruses, Trojans, which grew up 40% compared with 2007. The center statistics also show that 90% of the virus infected users, this attachment web pages that humans are enjoying the network information with the great wealth and convenient at the same time, also be the severe beset by problems of network information security. The lure of wealth that hackers attack is no longer a kind of personal interest, but more and more become an organized, interest driven career crime. Its main means has: online professor viruses, Trojan horses production technology and various network attack technology; Online exchange, trafficking and rental viruses, Trojan horses, zombie network; Online customized viruses, Trojan horses; Internet theft behavior (account Numbers game, bank accounts, QQ number, etc.), sell the trumpets; Internet fraud and extortion; Through the network business platform money laundering profit, etc. Attackers need technical level gradually decrease, means more flexible, joint attacks increase rapidly. Trojan viruses, Trojan virus writers, professional hack personnel, sales channels, professional players have been formed complete gray industrial chain. 1.2 Threats to Computer Network Security The threat to computer network security includes attacks by hackers and computer virus. It mostly presents in the following aspects. Firstly, send fake E-mails to users. It is a common way to cheat the account and password by posing as legitimate websites. Secondly, damage caused by viruses is also a common phenomenon. For e.g. when virus gets into computer, it will cover our hard disk with useless data. Thirdly, it’s about unauthorized accessing. This mainly refers to the normal use or oversteps their authority to use the network equipment and information resources. Fourthly, damage the integrity of the database. Fifthly, interfere with the normal running of the systems. Finally, communication lines are tapped and people are not familiar about safety of network security. The first situation doesn’t occur in common. However, awareness of maintain computer network security is really important. In the article, it mainly analyzes several common situations and introduces what the threat is and how it works. 1.3 Countermeasures of Network Security As network security has a lot of loopholes, people create a lot of methods to protect network. On the side of hardware, people begin to use firewall to protect network. On the side of software, a lot of tools and technologies have been used in this area, such as router filtering. The article introduces how firewall works and two similar protocols: HTTP and HTTPS. By comparing these two protocols, we will find the development of technology. 1.4 Importance of the Study of Network Security It’s important for securing ones computer, keeping important data and profile information protected. Careful web surfing habits may keep you from being a victim of virus attacks and malware, however this is an intensely risky activity and very often people may end up with an infected computer. Some good anti-virus programs will help to keep your computer protected and safe, but users must remember to keep this updated regularly for better protection over new viruses. 2. Related Work 2.1 Network Security Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and over seeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password. 2.2 ISO/OSI model The International Standards Organization (ISO) Open Systems Interconnect (OSI) Reference Model defines seven layers of communications types, and the interfaces among them. (See Figure 1.) Each layer depends on the services provided by the layer below it, all the way down to the physical network hardware, such as the computers network interface card, and the wires that connect the cards together. People develop a lot of protocols to each layer. Such as PPTP/L2TP to linked layer, IPSEC to network layer, TLS/SSL to transfer layer. Each protocol includes security information that helps network transfer safer and safer. 2.3 IPV4 protocol The protocol contains a couple aspects which caused problems with its use. These problems do not all relate to security. They are mentioned to gain a comprehensive understanding of the internet protocol and its shortcomings. The causes of problems with the protocol are: 1. Address Space 2. Routing 3. Configuration 4. Security 5. Quality of Service The lack of embedded security within the IPv4 protocol has led to the many attacks seen today. Mechanisms to secure IPv4 do exist, but there are no requirements for their use. IPsec is a specific mechanism used to secure the protocol. IPsec secures the packet payloads by means of cryptography. IPsec provides the services of confidentiality, integrity, and authentication. This form of protection does not account for the skilled hacker who may be able to break the encryption method and obtain the key. 2.4 Types and Sources of Network Threats Denial-of-Service, unauthorized access, executing commands illicitly, confidentiality breaches and destructive behavior are common type of threats to network security. The sources of network threats include 3 aspects. Firstly, the invasion of bad information and pollution. Network is open, even borderless space information network of people in the rich cultural life, but also to the illegal dissemination of information or indecent information provided soil British Middlebury Seck Griffith University, Professor Di Mulai study found that in non-academic information on the Internet, 47% of pornography on These content without restriction for people feel free to browse, not only seriously jeopardize the health of young people, and poison the social atmosphere and hinder the building of a harmonious society in China. In addition, the networks openness and freedom are often some criminals use, or dissemination of endangering national security, to subvert the government, disrupting social order and security of information, or information network organizing rallies and other anti-social activities. Secondly, Internet hackers and computer crime. Hacker wanton rampage information networks, technology and the consequences of its invasion of escalating their use of technical means, or attacks on government sites or military organizations Web site and endanger national security interests, undermine government image; or steal business, financial institutions, business information to profit illegally, endangering the economic order; or steal personal confidential information, violation of privacy or stolen cash. These acts seriously impede the normal operation of information networks. In addition to outside hackers the use of the Internet, the rampant crime and tort. The use of computer information network system to implement theft, fraud or corruption, embezzlement and other crimes than the traditional criminal methods and tools more subtle complexity, and violation of trade secrets with the network, electronic communications freedoms, civil Privacy and damage the reputation of others and other events are also frequent. Online pyramid schemes, online fraud, etc. These crimes have been on the network posed a serious threat to network security. Thirdly, the existence of their own network security vulnerabilities and risks. Freedom to share and open spirit of the Internet, but also the charm of the Internet The Internet is based on TCP / IP protocol, network devices, operating systems with networking capabilities and openness about the existence inherent vulnerability In addition, the software in the design, it is inevitable there are some defects or flaws, which has become a prime target for hackers, while software programmers deliberately left the back door has become a major network security risks network These weaknesses of their own existence, to bring the work of anti-hacker considerable difficulty: on the one hand difficult for scientists to develop a common and effective network security for the protection of technical means on the other hand the lack of implementation of these measures sufficient to protect the social environment. 3. Methods 3.1 Analysis of Network Security System and network technology is a key technology for a wide variety of applications. Security is crucial to networks and applications. Although, network security is a critical requirement in emerging networks, there is a significant lack of security methods that can be easily implemented. There exists a â€Å"communication gap†between the developers of security technology and developers of networks. Network design is a well-developed process that is based on the Open Systems Interface (OSI) model. The OSI model has several advantages when designing networks. It offers modularity, flexibility, ease-of-use, and standardization of protocols. The protocols of different layers can be easily combined to create stacks which allow modular development. The implementation of individual layers can be changed later without making other adjustments, allowing flexibility in development. In contrast to network design, secure network design is not a well-developed process. There isn’t a methodology to manage the complexity of security requirements. Secure network design does not contain the same advantages as network design. When considering network security, it must be emphasized that the whole network is secure. Network security does not only concern the security in the computers at each end of the communication chain. When transmitting data the communication channel should not be vulnerable to attack. A possible hacker could target the communication channel, obtain the data, decrypt it and re-insert a false message. Securing the network is just as important as securing the computers and encrypting the message. When developing a secure network, the following need to be considered: 1. Access – authorized users are provided the means to communicate to and from a particular network. 2. Confidentiality – Information in the network remains private. 3. Authentication – Ensure the users of the network are who they say they are 4. Integrity – Ensure the message has not been modified in transit 5. Non-repudiation – Ensure the user does not refute that he used the network Here we mainly discuss fake websites. Fake websites means phishing. Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Once a victim visits the phishing website, the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL. An attacker can even use flaws in a trusted websites own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or services own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal. A Universal Man-in-the-middle (MITM) Phishing Kit, discovered in 2007, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site. To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites. These look much like the real website, but hide the text in a multimedia object. 3.2 Firewall’s Protection A firewall can either be software-based or hardware-based and is used to help keep a network secure. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A networks firewall builds a brigade between an internal network that is assumed to be secure and trusted, and another network, usually an external (inter)network, such as the Internet, that is not assumed to be secure and trusted. In general, some functions that can be done by the firewall are: 1. Doing a packet filter firewall can make the decision whether to accept or reject the incoming data packets. 2. Hiding Network Address (NAT) IP addresses can be used on the internet is a public IP. So to create a client that uses private IP can be translated into public IP. These functions are performed by a firewall, known as NAT. 3. Monitoring and Logging to improve network security and logging on the terms monitoring by a firewall. 3.3 Protocols of Network Security Network security protocols are used to protect computer data and communication in transit. The primary tool used to protect information as it travels across a network is cryptography. Cryptography uses algorithms to encrypt data so that it is not readable by unauthorized users. Generally, cryptography works with a set of procedures or protocols that manage the exchange of data between devices and networks. Together, these cryptographic protocols enhance secure data transfer. Without cryptographic network security protocols, Internet functions such as e-commerce would not be possible. Secure communication is necessary because attackers try to eavesdrop on communications, modify messages in transit, and hijack exchanges between systems. Some of the tasks networks security protocols are commonly used to protect are file transfers, Web communication, and Virtual Private Networks (VPN). The most common method of transferring files is using File Transfer Protocol (FTP). A problem with FTP is that the files are sent in clear text, meaning that they are sent unencrypted and therefore able to be compromised. For example, many webmasters update their sites using FTP; an attacker using a packet sniffer and the website’s IP address can intercept all communications between the webmaster and the site’s server. Here we mainly discuss two similar protocols: HTTP and HTTPS. The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. Hypertext is a multi-linear set of objects, building a network by using logical links (the so called hyperlinks) between the nodes (e.g. text or words). HTTP is the protocol to exchange or transfer hypertext. The standards development of HTTP was coordinated by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), culminating in the publication of a series of Requests for Comments (RFCs), most notably RFC 2616 (June 1999), which defines HTTP/1.1, the version of HTTP in common use. Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol (HTTP) with the SSL/TLS protocol. It provides encrypted communication to prevent eavesdropping and to securely identify the web server with which you are actually communicating. Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems. In the late 2000s and early 2010s, HTTPS began to see widespread use for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and browsing history private.
Tuesday, January 21, 2020
systems analysis :: essays research papers
Overview. The process is designed to handle the interaction with customers and suppliers, and also deals with stock control. Invoice and payment data is recorded. For clarity I have noted down the following: †¢Ã‚     Head Office consists of               -     Product Management                     Finance                     Sales †¢Ã‚     A Local Branch consists of     -     A Local Office                     Warehouse                     Distribution Preliminary List of Entities. In my top-down analysis of the Metropolitan Pharmaceuticals scenario, I have first attempted to produce a preliminary list of candidate entities. These are as follows: †¢Ã‚     Customer †¢Ã‚     Customer Order †¢Ã‚     Customer Invoice †¢Ã‚     Sales                    -     Occurs only once so isn’t included †¢Ã‚     Product †¢Ã‚     Product Order †¢Ã‚     Supplier †¢Ã‚     Supplier Invoice          †¢Ã‚     Finance               -     Occurs only once so isn’t included †¢Ã‚     Local Branch †¢Ã‚     Local Office               -     Is part of Local Branch so isn’t included †¢Ã‚     Distribution               -     Is part of Local Branch so isn’t included †¢Ã‚     Warehouse               -     Is part of Local Branch so isn’t included †¢Ã‚     Stock The following page shows my list of probable entities: List of Probable Entities. †¢Ã‚     Customer †¢Ã‚     Customer Order †¢Ã‚     Customer Invoice †¢Ã‚     Product †¢Ã‚     Product Order †¢Ã‚     Supplier †¢Ã‚     Supplier Invoice          †¢Ã‚     Local Branch †¢Ã‚     Stock Descriptions and expected essential attributes for the above entities: Since the system analysis is focused on dealing with customers, suppliers and handling products, I have included all entities which I believe participate in these activities. †¢Ã‚     Customer Description:     Retail chemist shops or pharmacies associated with shops, hospitals or medical practices. All require a supply of products from the Metropolitan Pharmaceuticals system. Attributes:          Customer ID               -     Identifying attribute Name                Address                Telephone Number                Fax Number                e-mail                Contact Name                Delivery Address                Credit Rating †¢Ã‚     Customer Order Description:     An order placed by the Customer requesting the delivery of product. Attributes:          Order Number          -     Identifying attribute                Customer ID Product ID Quantity †¢Ã‚     Customer Invoice Description:     An invoice sent to the Customer from the Finance department, requesting payment for the delivered goods. Attributes:          Invoice Number          -     Identifying attribute Order ID Date Amount to be paid †¢Ã‚     Product Description:     An item that is supplied by the Metropolitan Pharmaceuticals system. Attributes:          Product ID               -     Identifying attribute Name                Description                Category               -     (A,B,C or D)                Stock Item               -     (Yes or No) †¢Ã‚     Product Order Description:     An order that is sent to either the Supplier (if it is a non-stock item) or a Local Branch (if it is a stocked item), requesting the delivery of a product to a customer. Attributes:          Order Number          -      Identifying attribute Date Product Customer ID                Quantity †¢Ã‚     Supplier Description:     A company that is able to supply a range of products to Metropolitan Pharmaceuticals. Metropolitan Pharmaceuticals does not manufacture any of its products, but instead, uses suppliers who either produce or procure the products. Attributes:          Supplier ID               -     Identifying attribute Name Address Telephone Number                Fax Number                e-mail               †¢Ã‚     Supplier Invoice Description:     An invoice that is sent by the supplier to Metropolitan Pharmaceuticals requesting payment for the product it has provided. Attributes:          Invoice Number          -     Identifying attribute Date                Amount to be paid †¢Ã‚     Local Branch Description:     A local outlet that contains a Local Office, a Warehouse and a Distribution Center. Attributes:          Branch ID               -     Identifying attribute                Name                Address Telephone Number †¢Ã‚     Stock Description:     A full inventory of products that are held in stock at the local branch. Attributes:          Stock ID               -     Identifying attribute                Product ID Location               -     eg. Shelf number                Quantity                Re-Order level Entity Links or Dependencies. Now to identify which pairs of entities have an association between themselves. †¢Ã‚     Customer is related to Customer Order: Justification:     Customer places Customer Order Customer Order is placed by Customer
Sunday, January 12, 2020
Class
In Maya Angelou’s excerpt, â€Å"What’s So Funny? †she pointed out that vulgarity and crudeness happens to be the direction in which comedians, entertainers, and people take their jokes. She explains that behind the obscene profanities, are people who are just as vulgar as their jokes. By us laughing with them, we are not only stooping down to their level, we are also taking part in the humiliation. I agree with Maya Angelou’s point. For example, laughing when someone makes a joke towards someone else who suffers from obesity not only humiliates that person, but makes them feel disgusted with themselves.The person laughing is applauding the comedian. What’s the humor in that? There’s a difference between being funny and being disrespectful. A lot of us tend to be confused as to where to draw the line. While others simply like to cross it. It’s almost like a form of bullying, but not a lot of us see it like that. Ms. Angelou believes t hat there are other ways to make jokes and start conversation without having to stoop low and belittle someone. Our generation has grown to become more shallow and vain through the years.When entertainers, comedians, and people use vulgarity and crudeness to express their thoughts and use it in their jokes to make an audience laugh, it paves a path for the audience to chime in and think that it is okay to behave that way. Perhaps the person making the joke is hiding behind the shallowness in order to prevent exposing their own insecurities? Maybe they’re using obscenities and humiliation as a self-defense mechanism. I never even thought about the bigger picture until now. Ms.Angelou is right. Nothing should stop us from saying â€Å"that’s wrong. †We don’t have to laugh at someone else’s mean joke just because it’s meant to be funny. Maybe the cold shoulder to a rude joke would be the bigger reaction. Either way one as an individual needs t o realize when someone has crossed the line. I feel that Maya Angelou’s â€Å"What’s so funny? †has definitely opened up my eyes and made look at things from different perspective because I’d be lying if I said I wasn’t one of those audience members.
Saturday, January 4, 2020
What Is Torrential Rain and How Forceful Is it
Torrential rain, or a torrential downpour, is any amount of rain that is considered especially heavy. It isnt a technical weather term as there is no formal definition of torrential rains as recognized by the National Weather Service (NWS), but NWS does define heavy rainfall as rain that accumulates at a rate of 3 tenths of an inch (0.3 inches), or more, per hour. While the word may sound like another severe weather typeâ€â€tornadoesâ€â€this isnt where the name comes from. A torrent, rather, is a sudden, violent outpouring of something (in this case, rain). Causes of Heavy Rain Rain occurs when the water vapor held in warm, moist air condenses into liquid water and falls. For heavy rain, the amount of moisture in the air mass must be disproportionately large compared to its size. There are several weather events where this is typical, such as in cold fronts, tropical storms, hurricanes, and monsoons. Rainy weather patterns like El Nià ±o and the Pacific coasts Pineapple Express are also moisture trains. Global warming, too, is thought to contribute to heavier precipitation events, since in a warmer world, the air will be able to hold more moisture to feed soaking rains. The Dangers of Torrential Rain Heavy rain can trigger any one or more of the following deadly events: Runoff: If heavy rains arrive more quickly than the ground can absorb water, you get runoffâ€â€stormwater that runs off the land instead of seeping into the ground. Runoff can carry pollutants (like pesticides, oil, and yard waste) into nearby creeks, rivers, and lakes.Flooding: If enough rain falls into rivers and other bodies of water it can cause their water levels to rise and overflow onto normally dry land.Mudslides: If rain is record-breaking (typically more rain in a few days than is normal over a month or year) the ground and soil can liquify and carry unsecured objects, people, and even buildings away in debris flows. This is exacerbated along hillsides and slopes since the ground there is more easily eroded away. Here in the U.S., mudslides are common in Southern California. Theyre also common in Europe and Asia, especially India, Bangladesh, and Pakistan where they often lead to death tolls in the thousands. Torrential Rain on Weather Radar Radar images are color-coded to indicate precipitation intensity. When looking at the weather radar, you can easily spot the heaviest rain by the red, purple, and white colors that symbolize the heaviest precipitation. Edited by Tiffany Means
Subscribe to:
Posts (Atom)