ABSTRACT: Network security is a specialized field consisting of the provisions and policies to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources as well as ensuring their availability through proper procedures. Many security devices are being developed and deployed to defend against cyber threats and to prevent unintended data breaches. In spite of all these efforts, the ‘golden age’ of cyber crime continues, as organizations around the world continue to suffer data breaches and security attacks. What kinds of threats we are facing today? How these threats are to be dealt with? The goal of this paper is to communicate an updated perspective of network security for organizations, and researchers in the field and present some recommendations to tackle the current situation of security threats.
In the present era, there is an enormous growth of the Internet in terms of its usage and resources. Almost all major commercial organizations, educational institutes, governments and individuals are dependent upon the Internet for providing their services. Most of the commercial organizations exchange information with their collaborators and clients through the Internet. Educational institutes are uploading study materials and research findings over the Internet for the speedy propagation of the information. Governments provide information to the citizens through the Internet. Individuals use the Internet for accessing the information, online shopping and communicating with others through emails and social networking, etc. Thus, the Internet provides a platform to run the services and to store sensitive information of commercial organizations, educational institutes and governments. Internet also caters to the needs of individuals by providing appropriate information and a medium of communication. Therefore, smooth running of the Internet and maintaining integrity, availability and confidentiality of the sensitive information over the Internet are the most important aspects of the growth of the information-based organizations (Kumar, Kumar, & Sachdeva, 2010a Kumar, G., Kumar, K., & Sachdeva, M. (2010a). The use of artificial intelligence based techniques for intrusion detection: A review.
However, presence of configuration errors and vulnerabilities in the most popular softwares provide numerous chances for malicious users to mount a variety of attacks to disrupt services and integrity of sensitive information over the Internet called cyber attacks. A cyber attack is a deliberate exploitation of computer systems, technology-dependent networks and enterprises (Kim, Kim, & Park, 2014 Kim, Y., Kim, I., & Park, N. (2014). Analysis of cyber attacks and security intelligence. In James J. (Jong Hyuk) Park, H. Adeli, N. Park & I. Woungang (Eds.), Mobile, ubiquitous, and intelligent computing, Lecture Notes in Electrical Engineering, Vol. 274 (pp. 489–494). Berlin, Heidelberg: Springer.[Crossref], [Google Scholar]). The cyber attacks use malicious code to alter computer code, logic or data resulting in destructive consequences, that can compromise information security. Zero-day (unknown) vulnerabilities are potentially more harmful, associated with newly published program or web services (Schneider, 2012 Schneider, D. (2012). The state of network security. Network Security, 2012(2), 14–20. doi: 10.1016/S1353-4858(12)70016-8[Crossref], [Google Scholar]). Such vulnerabilities may be visible for days or weeks until patched and offers more chances for attackers to exploit them. For example, most infections today occur through “exploit kits,” “infecting users” computers through a vulnerability without their knowledge. For example, more than 90% of these are through Java vulnerabilities in browsers (PandaLabs, 2013 PandaLabs (2013). Pandalabs quarterly report January – March 2013. Retrieved September 23, 2013, form
[Google Scholar]). The recent attacks on Microsoft, Apple, Facebook and Twitter used Java. Most “Police Virus” infections managed to reach victims’ computers due to outdated versions of Java. Network, server and client mis-configuration offers another avenue for hacking. Network elements, such as routers and home gateways, come with a default administrator password, passwords that often never change. Hackers with access to a router can cause all traffic through it to be sent through their own servers, allowing “man in the middle” attacks. Similarly, misconfigured servers can allow hackers to disable or modify websites, inserting code of their own choosing. Such code is usually intended to steal data from associated databases.
In the present scenario, network security devices consist of one or more security functions, including firewall, intrusion prevention/detection systems (IPS/IDS), data loss prevention (DLP) and content security filtering functions – e.g. anti-spam, antivirus or URL filtering (Schneider, 2012 Schneider, D. (2012). The state of network security. Network Security, 2012(2), 14–20. doi: 10.1016/S1353-4858(12)70016-8[Crossref], [Google Scholar]). Anyone who works in security knows that nothing is 100% secure (PandaLabs, 2013 PandaLabs (2013). Pandalabs quarterly report January – March 2013. Retrieved September 23, 2013, form
[Google Scholar]). No doubt, a number of preventative measures may work well most of the time. Yet there will always be weak points, a new vulnerability, human errors, etc. which may finally facilitate one of the thousands of attacks to which these companies/individuals are constantly subjected.