DESIGN AND IMPLEMENTATION OF NETWORK SECURITY (A CASE STUDY OF UBA ENUGU)

Postgraduate

ABSTRACT

Network Security is essential to any organization. This has been previously done by manual method. But this project is aimed at computerized Network Security to make the work easier. This is possible because of the advance improvement in information technology as pertaining programming language; because this is achieved by the help of visual basic programming language and other programming language. For the first few decades of their existence, computer\ networks were primarily used by university researchers for sending e-mail and by corporate employees for sharing printers. Under these conditions, security did not get a lot of attention. But now, as millions of ordinary citizens are using networks for banking, shopping, and filing their tax returns, network security is looming on the horizon as a potentially massive problem. The requirements of information security within an organization have undergone two major changes in the last several decades before the widespread use of data processing equipment the security of information felt to be valuable to an organization was provided primarily by physical and administrative means with the introduction of computer the need for automated tools for protecting files and other information stored on the computer became an evident .this is especially the case for a shared system such as time sharing system and the need is even more acute for systems that can be accessed for a public telephone or a data network the generic name for the collection of tools to protect data and to thwart hackers is ―computer security. Network Security is a broad topic and covers a multitude of sins. In its simplest form, it is concerned with making sure that nosy people cannot read, or worse yet, secretly modify messages intended for other recipients. It is concerned with people trying to access remote services that they are not authorized to use. Most security problems are intentionally caused by malicious people trying to gain some benefit, get attention, or to harm someone. Network security problems can be divided roughly into four closely intertwined areas: secrecy, authentication, nonrepudiation, and integrity control. Secrecy, also called confidentiality, has to do with keeping information out of the hands of unauthorized users. This is what usually comes to mind when people think about network security. Authentication deals with determining whom you are talking to before revealing sensitive information or entering into a business deal. Non repudiation deals with signatures.

INTRODUCTION

Several recent proposals have argued for giving third parties and end-users control over routing in the network infrastructure. Some examples of such routing architectures include TRIAD, i3, NIRA, Data Router, and Network Pointers. While exposing control over routing to third-parties departs from conventional network architecture, these proposals have shown that such control significantly increases the flexibility and extensibility of these networks.

Using such control, hosts can achieve many functions that are difficult to achieve in the Internet today. Examples of such functions include mobility, multicast, content routing, and service composition. Another somewhat surprising application is that such control can be used by hosts to protect themselves from packet-level denial-of-service (DOS) attacks, since, at the extreme, these hosts can remove the forwarding state that malicious hosts use to forward packets to the hosts. While each of these specific functions can be achieved using a specific mechanism—for example, mobile IP allows host mobility— we believe that these forwarding infrastructures (FIs) provide architectural simplicity and uniformity in providing several functions that makes them worth exploring. Forwarding infrastructures typically provide user control by either allowing source-routing  or allowing users to insert forwarding state in the infrastructure. Allowing forwarding entries enables functions like mobility and multicast that are hard to achieve using source-routing alone.
While there seems to be a general agreement over the potential benefits of user-controlled routing architectures, the security vulnerabilities that they introduce has been one of the important concerns that has been not addressed fully. The flexibility that the FIs provide allows malicious entities to attack both the FI as well as hosts connected to the FI.

For instance, consider i3 [30], an indirection-based FI which allows hosts to insert forwarding entries of the form (id,R), so that all packets addressed to id are forwarded to R. An attacker A can eavesdrop or subvert the traffic directed to a victim V by inserting a forwarding entry (idV, A); the attacker can eavesdrop even when it does not have access to the physical links carrying the victim’s traffic. Alternatively, consider an FI that provides multicast; an attacker can use such an FI to amplify a flooding attack by replicating a packet several times and directing all the replicas to a victim. These vulnerabilities should come as no surprise; in general, the greater the flexibility of the infrastructure, the harder it is to make it secure.

In this project, we improve the security that flexible communication infrastructures which provide a diverse set of operations (such as packet replication) allow. Our main goal in this project is to show that FIs are no more vulnerable than traditional communication networks (such as IP networks) that do not export control on forwarding. To this end, we present several mechanisms that make these FIs achieve certain specific security properties, yet retain the essential features and efficiency of their original design. Our main defense technique, which is based on light-weight cryptographic constraints on forwarding entries, prevents several attacks including eavesdropping, loops, and traffic amplification. From earlier work, we leverage some techniques, such as challenge-responses and erasure-coding, to thwart other attacks.