Network security is defined as “a set of procedures, practices and technologies for protecting network servers, network users and their surrounding organizations” (Oppliger, 2000, Preface). The need for network security is caused by the introduction of distributed systems, networks, and facilities for data communication. Improved network security is required because of the rapid development of communication networks. Network security is achieved by using softwareand hardware-based solutions and tools.
Protection Against Malicious Programs
Malicious software exploits vulnerabilities in computing systems. Malicious program categories are (Bowles & Pelaez, 1992):
Host Program Needed: Trap door, logic bomb, Trojan horse, and virus.
Self-Contained Malicious Program: Bacteria and worm.
Malicious Software Used by an Intruder after Gaining Access to a Computer System: Rootkit.
Threats commonly known as adware and spyware have proliferated over the last few years. Such programs utilize advanced virus technologies for the reason to gather marketing information or display advertisements in order to generate revenue (Chien, 2005).
Modern malicious programs (including adaware and spyware) employ anti-removal and stealth techniques as well as rootkits to hide and to prevent detection. Rootkits conceal running processes, files, or system data. This helps an intruder to maintain system access in a way, which can be extremely difficult to detect with known security administration methods and tools. Rootkits are known to exist for a variety of operating systems such as Linux, Solaris, and versions of Microsoft Windows. A computer with a rootkit on it is called a rooted computer (Hoglund & Butler, 2005; Levine, Grizzard, & Owen, 2006).
The ideal protection is prevention, which still must be combined with detection, identification, and removal of such malicious programs for which prevention fails. Protection software is usually called antivirus software, which is characterized by generations (Stephenson, 1993):
• First Generation: Simple scanners searching files for known virus “signatures” and checking executable files for length changes.
Second Generation: Scanners using heuristic rules and integrity checking to find virus infection.
Third Generation. Memory resident “activity traps” identifying virus actions like opening executable files in write mode, file system scanning, and so forth.
Fourth Generation: Software packages using many different antivirus techniques in conjunction.
Anti-adware/spyware modules are usually integrated in these software packages.
Protection levels of modern antivirus software are:
Gateway Level Protection: Consists of mail server and firewall protection. Viruses are detected and removed before files and scripts reach a local network.
File-Server-Level Protection: Consists of server software. Viruses are detected and removed even before network users access their files/scripts.
End-User-Level Protection: Consists of workstation software. Viruses undetected in outer defense lines are detected and removed. However, this level is the only antivirus protection level for data communication, which is end user encrypted.
Key Terms in this Chapter
Internet Engineering Task Force (IETF): An open international community engaged in Internet architecture evolution ( IETF, 2006 AU33: The citation "IETF, 2006" matches multiple references. Please add letters (e.g. "Smith 2000a"), or additional authors to the citation, to uniquely match references and citations. ). Working Groups in several topical areas develop technical drafts and Internet standards.
Secure Multipurpose Internet Mail Extensions (S/MIME): A secure e-mail standard based on MIME. S/MIME, being further developed by an IETF Security Area Working Group, accomplishes privacy and authentication by using encryption/decryption, digital signatures, and X.509 certificates.
Virus: Malicious code added to an executable file loaded to a computer and executed without the user’s knowledge and consent. Computer viruses often copy and spread themselves to other computers in the same network.
E-Mail Protocols: Simple mail transport protocol (SMTP) is a set of commands for transport of ASCII encoded e-mail messages. Post office protocol (POP3) retrieves new messages from a mailbox to a remote e-mail client. A remote e-mail client can simultaneously access several mailboxes on different mail servers with the Internet message access protocol (IMAP).