Design and Implementation of Network Security (a Case Study of UBA Enugu)
Chapter One
PURPOSE OF STUDY
The main purpose of this project is to design a NETWORK SECURITY that will assist UBA in ensuring effective security measures.
AIMS AND OBJECTIVES
This project will have the following aims and objectives:
- Detecting security violations
- Re-creating security incidents
- To disallow unauthorized users
- To safeguard the organizational data/information
- To computerized the organizational security
- To enhance the organizational security
- To eliminate all forms of mistakes associated with security control
CHAPTER TWO
LITERATURE REVIEW
According to John J. Murphy, Technical Analysis of the Financial Markets Authentication is the act of determining the identity of a user and of the host that they are using. The goal of authentication is to first verify that the user, either a person or system, which is attempting to interact with your system is allowed to do so. The second goal of authentication is to gather information regarding the way that the user is accessing your system. For example, a stock broker should not be able to make financial transactions during off hours from an Internet café, although they should be able to do so from their secured workstation at their office. Therefore gathering basic host information, such as its location and security aspects of its connection (is it encrypted, is it via a physical line, is the connection private, …), is critical. There are several strategies that you can follow to identify a client: User id and password. This is the most common, and typically the simplest, approach to identifying someone because it is fully software based.
Physical security device. A physical device, such as a bank card, a smart card, or a computer chip (such as the ―Speed Pass‖ key chains used by gas stations) is used to identify a person. Sometimes a password or personal identification number (PIN) is also required to ensure that it is the right person.
Biometric identification. Biometrics is the science of identifying someone from physical characteristics. This includes technologies such as voice verification, a retinal scan, palm identification, and thumbprints.
According to McKay, Peter A, A , Authorization is the act of determining the level of access that an authorized user has to behavior and data. This section explores the issues surrounding authorization, there is often more to it than meets the eye, and then explores various database and object-oriented implementation strategies and their implications.
Issues.
Fundamentally, to set an effective approach to authorization the first question that you need to address is ―what will we control access to?‖ My experience is that you can secure access to both data and functionality, such as access to quarterly sales figures and the ability to fire another employee respectively. Your stakeholders’ requirements will drive the answer to this question.
However, the granularity of access, and your ability to implement it effectively, is a significant constraint. For example, although you may be asked to control access to specific columns of specific rows within a database based on complex business rules you may not be able to implement this in a cost effective manner that also conforms to performance constraints.
The second question that you need to answer is ―what rules are applicable?‖ The answer to this question is also driven by your stakeholders’ requirements; although you may need to explore various security factors that they may not be aware of (they’re not security experts after all). These factors, which are often combined, include: Connection type.
Update access.
Time of day.
Existence.
Cascading authorization.
Global permissions.
Combination of privileges.
CHAPTER THREE
DESCRPTION AND ANALYSIS OF THE EXISTING SYSTEM
The existing system of Network Security maintained by UBA Enugu is a manual system. There have been a lot of lapses concerning the operations involved in the computerized Network Security.
One of the primary roles of Network Security is to satisfy the needs of customers and the organization thereby maximizing profit.
FACT FINDING METHOD USED
The researcher used the following method of data collection in writing the project.
Interview method: People that deal on computerized Network Security where interviewed to share their opinion concerning the manual method.
Written Document: A lot of documents concerning computerized Network Security where studied from which I gather useful information for the project.
Observation: Observation method was also used to get information concerning the project.
CHAPTER FOUR
DESIGN OF A NEW SYSTEM
The design of the new system is born out of the report from the analysis of the existing system. The new system is automatic in operation and its features are represented in computer coding formats under this chapter.
CHAPTER FIVE
IMPLEMENTATION
The computer needs to understand the design of the new system for its effective operations and use. The design has to be coded in computer understandable formats. The structures are designed under this chapter.
PROGRAM DESIGN
The programming is made under modules which are:
FILE ORGANIZATION MODULE
This module handles data entry and storage. It consists of data entry screen which is the medium through which data is entered into the computer system.
The data received is stored automatically by commanding the computer to save.
INFORMATION UPDATA MODLE
The information update module makes it possible for modification to be effected on already maintained record. This module makes the system to be flexible and reliable.
INFORMATION REQUIREMENT MODULE
Accurate report generation is made possible through this module, the comprehensive report of the system under this module. The particular report generator depends on the user’s request.
PROCESSING MODLE
This module carries out action on the supplied data in order to achieve the best desired result.
EXIT MODULE
This module terminates the running of the program.
CONCLUSION
In computer security, access control includes authentication, authorization and audit. It also includes measures such as physical devices, including biometric scans and metal locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by humans and automated systems.
In any access control model, the entities that can perform actions in the system re called subjects, and the entities representing resources to which access may need to be controlled are called objects (see also Access Control Matrix).
Subjects and objects should both be considered as software entities, rather than as human users: any human user can only have an effect on the system via the software entities that they control. Although some systems equate subjects with user IDs, so that all processes started by a user by default have the same authority, this level of control is not fine-grained enough to satisfy the Principle of least privilege, and arguably is responsible for the prevalence of malware in such systems (see computer insecurity).38
In some models, for example the object-capability model, any software entity can potentially act as both a subject and object.
Access control models used by current systems tend to fall into one of two classes: those based on capabilities and those based on access control lists (ACLs). In a capability-based model, holding an unforgivable reference or
capability to an object provides access to the object (roughly analogous to how possession of your house key grants you access to your house); access is conveyed to another party by transmitting such a capability over a secure channel. In an ACL-based model, a subject’s access to an object depends on whether its identity is on a list associated with the object (roughly analogous to how a bouncer at a private party would check your ID to see if your name is on the guest list); access is conveyed by editing the list. (Different ACL systems have a variety of different conventions regarding who or what is responsible for editing the list and how it is edited.)
Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject). Access control systems provide the essential services of identification and authentication (I&A), authorization, and accountability where: identification and authentication determine who can log on to a system, and the association of users with the software subjects that they are able to control as a result of logging in; authorization determines what a subject can do; Accountability identifies what a subject (or all subjects associated with a user) did.
SUMMARY
Routing is one of the most important parts of the infrastructure that keeps a network running, and as such, it is absolutely critical to take the necessary measures to secure it. There are different ways routing can be compromised, from the injection of illegitimate updates to DOS specially designed to disrupt routing. Attacks may target the router devices, the peering sessions, and/or the routing information. Fortunately, protocols like BGP, IS-IS, OSPF, EIGRP and RIPv2 provide a set of tools that help secure the routing infrastructure. This section provides the guidelines for using such tools.
The router’s primary functions are to learn and propagate route information, and ultimately to forward packets via the most appropriate paths. Successful attacks against routers are those able affect or disrupt one or more of those primary functions by compromising the router itself, its peering sessions, and/or the routing information.
Routers are subject to the same sort of attacks designed to compromise hosts and servers, such as password cracking, privilege escalation, buffer overflows, and even social engineering. Most of the best practices in this document help mitigate and even prevent some of those threats.
Peering relationships are also target of attacks. For most routing protocols routers cannot exchange route information unless they establish a peering relationship, also called neighbor adjacency. Some attacks attempt to break
established sessions by sending the router malformed packets, resetting TCP connections, consuming the router resources, etc. Attacks may also prevent neighbor adjacencies from being formed by saturating queues, memory, CPU and other router resources. This section of the document presents a series of best practices to protect neighbor adjacencies from those threats.
Finally, routing can also be compromised by the injection of false route information, and by the modification or removal of legitimate route information.
Route information can be injected or altered by many means, ranging from the insertion of individual false route updates to the installation of bogus routers into the routing infrastructure. Potential denial of service conditions may result from intentional loops or black-holes for particular destinations. Attackers may also attempt to redirect traffic along insecure paths to intercept and modify user’s data, or simply to circumvent security controls. This section also includes a collection of best practices designed to prevent the compromising of routing information.
REFERENCES
- Anderson, A.C. (2006). Cryptography and network security. New York: A Bantam Press.
- Applied cryptography. (2001). Computer security. U.S.A: CRC Press.
- Apostolou, B. (2000). Internal fraud Investigation. Louis Avenue: Institute of Internal Auditor’s Publication.
- A.C.F.E. (2002). Report on fraud Occurrence. http: www.wikipedia.com
- Boyle, L., & Panko, H. (2009). Corporate Computer Security. America: Bank of Settlement.
- Bishop, A.A. (2011). Threats Security. France: Art and Science.
- Bytes (2011). Security tool. http://www. Securebytes.com
- Chukwu, L.C. (2010). Securing and Investigation. Owerri: BensonN Publication.
- Casey, E. (2010). Handbook of Investigation. U.S.A: Academic Press Publication.
- Chandelle, V. (2001). Anomaly detection. India: University of Minnesota Publication.
