CHAPTER ONE

1.0 INTRODUCTION

Several recent proposals have argued for giving third parties and end-users

control over routing in the network infrastructure. Some examples of such

routing architectures include TRIAD [6] i3 [30] NIRA [39] Data Router [33]

and Network Pointers [34]. While exposing control over routing to third-parties

departs from conventional network architecture these proposals have shown

that such control significantly increases the flexibility and extensibility of these

networks.

Using such control hosts can achieve many functions that are difficult to

achieve in the Internet today. Examples of such functions include mobility

multicast content routing and service composition. Another somewhat

surprising application is that such control can be used by hosts to protect

themselves from packet-level denial-of-service (DOS) attacks [18] since at the

extreme these hosts can remove the forwarding state that malicious hosts use to

forward packets to the hosts. While each of these specific functions can be

achieved using a specific mechanism—for example mobile IP allows host

mobility— we believe that these forwarding infrastructures (FIs) provide

architectural simplicity and uniformity in providing several functions that makes

them worth exploring. Forwarding infrastructures typically provide user control

by either allowing source-routing (such as [6] [30] [39]) or allowing users to

insert forwarding state in the infrastructure (such as [30] [33] [34]). Allowing

forwarding entries enables functions like mobility and multicast that are hard to

achieve using source-routing alone.

While there seems to be a general agreement over the potential benefits of user-

controlled routing architectures the security vulnerabilities that they introduce

has been one of the important concerns that has been not addressed fully. The

flexibility that the FIs provide allows malicious entities to attack both the FI as

well as hosts connected to the FI.

For instance consider i3 [30] an indirection-based FI which allows hosts to

insert forwarding entries of the form (idR) so that all packets addressed to id

are forwarded to R. An attacker A can eavesdrop or subvert the traffic directed

to a victim V by inserting a forwarding entry (idV A); the attacker can

eavesdrop even when it does not have access to the physical links carrying the

victim’s traffic. Alternatively consider an FI that provides multicast; an attacker

can use such an FI to amplify a flooding attack by replicating a packet several

times and directing all the replicas to a victim. These vulnerabilities should

come as no surprise; in general the greater the flexibility of the infrastructure

the harder it is to make it secure.

In this project we improve the security that flexible communication

infrastructures which provide a diverse set of operations (such as packet

replication) allow. Our main goal in this project is to show that FIs are no more

vulnerable than traditional communication networks (such as IP networks) that

do not export control on forwarding. To this end we present several

mechanisms that make these FIs achieve certain specific security properties yet

retain the essential features and efficiency of their original design. Our main

defense technique which is based on light-weight cryptographic constraints on

forwarding entries prevents several attacks including eavesdropping loops and

traffic amplification. From earlier work we leverage some techniques such as

challenge-responses and erasure-coding to thwart other attacks.

NETWORK SECURITY

(NS) is an important aspect of any system. NETWORK SECURITY is the act

of ensuring that an authenticated user accesses only what they are authorized to

and no more. The bad news is that security is rarely at the top of people's lists

although mention terms such as data confidentiality sensitivity and ownership

and they quickly become interested. The good news is that there is a wide range

of techniques that you can apply to help secure access to your system. The bad

news is that as Mitnick and Simon (2002) point out ―...the human factor is the

weakest link. Security is too often merely an illusion an illusion sometimes

made even worse when gullibility naivette or ignorance come into play.‖ The

go on to say that ―security is not a technology problem – it’s a people and

management problem.‖ Having said that my experience is that the ―technology

factor‖ and the ―people factor‖ go hand in hand; you need to address both issues

to succeed.

Access control is the ability to permit or deny the use of a particular resource by

a particular entity. Access control mechanisms can be used in managing

physical resources (such as a movie theater to which only ticket holders should

be admitted) logical resources (a bank account with a limited number of people

authorized to make a withdrawal) or digital resources (for example a private

text document on a computer which only certain users should be able to read).

Banks are secured financial institutions. They are often housed in large

buildings that are located in a commercial or residential area. Banks store

money and other financial information and goods.

Money and valuables have been stored in banks since ancient times. As a result

of the long history that banks have enjoyed bank security has also been

important for a long time. Some of the oldest banks in the world have the best

security available. These banks include the Bank of Sweden the Bank or

England Bank of America and Swiss Banking.

Bank security usually includes a staff of security guards a security system and

one or more vaults. Security guards are uniformed personnel that maintain high

visibility and watch cameras and alarms. Cameras and alarms are usually top of

the line systems in banks and other financial buildings. But these security

elements are not exclusive to banks. Some of these elements can be found in

other commercial buildings and even residential homes.

Basic security starts with the locks. For a high level of security windows and

doors will need the best locks. After high quality locks are installed many

property owners opt for a security system or even security cameras.

Security cameras are often a small part of a larger security system. Systems

often include motion detectors alarms sensors and cameras. Cameras are

arguably the most important because they allow the property owner to see and

record everything that happens in and around their building or property.

Cameras can be installed by a professional or by a property owner. For a large

and elaborate system it may be best for a professional to do the work. But for a

smaller and easy layout a property owner should have no problem installing a

system by following the manufactures instructions. If he does than there is

usually a local installer that can be called to help finish the job.

1.1 STATEMENT OF THE PROBLEM

Owing to:

1. Fraudulent act of some customer/workers

2. Accessing the organizational data/information unauthorized

3. Sensitive nature of bank data/information

4. Valuable or costly items in bank

5. Increase in crime in our society

The need arise for the development of computerized NETWORK SECURITY

to eliminate such problems.

1.2 PURPOSE OF STUDY

The main purpose of this project is to design a NETWORK SECURITY that

will assist UBA in the area of ensuring effective security measures.

1.3 AIMS AND OBJECTIVES

This project will have the following aims and objectives:

Detecting security violations

Re-creating security incidents

To disallow unauthorized users

To safeguard the organizational data/information

To computerized the organizational security

To enhance the organizational security

To eliminate all forms of mistakes associated with security control

1.4 SCOPE OF STUDY

This research work will access the design and implementation of NETWORK

SECURITY in UBA Enugu. It will look into the operations of this bank in the

aspect of computerizing their security control system.

1.5 CONSTRAINTS

This project will be limited to the data available at hand data outside the

researcher will not be made use of.

The limitations militating against this research are financial constraints time

factor and other circumstances.

1.6 ASSUMPTIONS

Accuracy efficiency and reliability is associated with Network Security.

For the purpose of this research my assumptions can be stated as follows:

1. The application of computer related garget for security control

2. A computerized Network Security is effective and dependable

1.7 DEFINITION OF TERMS

Administration is an aspect of running the organization by devising systems

which will run smoothly.

2. Client: This any process that request specific services from server

processes.

3. Computer: This is an electrons machine that can accept; handle and

manipulate data by performing arithmetic and logic operations without

human intervention usually under the control of programmes.

4. Data: This is fore runner of information. It is unprocessed fact.

5. Database is a collection of information that is related to a particular

subject or purpose.

6. Hardware: This is the electromechanical part of computer system.

7. Information: This is data that have been processed interpreted and

understood by the recipient of the message or report.

8. Internet is a collection of computer networks that operate to common

standards and enable the computes and the program they run to

communicate directly.

9. Server: This is a process that provides requested services for clients.

10. Software: This is a logically written program that hardware uses to

perform it’s operation.

11. System is the collection of hardware software data information

procedures and people.

12. Website is a space or location customized by a company organization or

an individual which is locatable within an address on the internet.