STC ON SECURING

A Short Term Course on “Securing Networks through Firewalls, VPN and Intrusion Prevention System” was organized at Dronacharya College of Engineering, Gurgaon through ICT in collaboration with NITTTR Chandigarh from 8th to 12th September 2014. Thirty seven faculty members from all the departments of Dronacharya College of Engineering, Gurgaon participated in the workshop.

The course was coordinated by Mr. Amit Doegar and Mr. Pradeep Bansal from NITTTR Chandigarh. The workshop involved experts Mr. Gauav Kumar, Managing Director, Magma Research and Consultancy Pvt. Ltd. and Mr. Vipin Gupta, CEO, U-Net Solutions, Moga.

The 1st day of the workshop started with the Course Introduction by the Coordinators followed by session on “Introduction to Networks and Security”. This session dealt with basic concepts in secure network communications and computer security. It covered the key concepts of networking, including basic attributes of current direct link networks (Ethernet), how they are connected to form an internetwork using IP, routing in internetworks, and the endpoint protocols used by hosts to exploit internetwork communication. The last session of the day was on “Static and Dynamic Routing and Internals of Packets”. Static routing is performed using a preconfigured routing table which remains in effect indefinitely, unless it is changed manually by the user. This is the most basic form of routing, and it usually requires that all machines have statically configured addresses, and definitely requires that all machines remain on their respective networks.

The 2nd day of the workshop started with discussion on “Firewalls Types and Essentials”. The basics of Firewall were explained to the participants. A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. The discussion highlighted the different types of firewalls like packet filters (stateless), "stateful" filters and application layer. Then the essentials of firewall were discussed. The speaker said that Firewall acts as a filter that incoming or outgoing packets must pass through. These filtering firewall products can take many forms. They may be a replacement TCP / IP stack that is loaded on an existing system, or a software module that exclusively communicates with an existing stack. There are also application - specific firewall products that only offer protection for certain types of Internet connectivity, such as SMTP or HTTP.

All the sessions of Day 3 were taken by expert Dr. Gaurav Kumar, and the first session was on “Network Security Investigation and Traffic Analysis”. He said that security investigations are based on real events, and it is the best practice that is used by many network forensics customers. He described traffic analysis to the participants. Dr. Kumar said It is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence, counter - intelligence, or pattern - of - life analysis, and is a concern in computer security.

The second session discussed on “Intrusion Detection Systems and Intrusion Prevention Systems”. Intrusion Detection Systems or IDS is commonly mistaken for a firewall or as a substitute for a firewall. While they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. The network - based intrusion protection system can also detect malicious packets that are designed to be overlooked by a firewall's simplistic filtering rules.

Dr. Kumar emphasized that an IDS is not a replacement for either a firewall or a good antivirus program. An IDS should be considered a tool to use in conjunction with your standard security products (like anti - virus and a firewall) to increase your system specific or network - wide security.

He then explained the participants Intrusion Prevention Systems or IPS. He said that IPS provides policies and rules for network traffic along with an IDS for alerting system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted. Where IDS informs of a potential attack, an IPS makes attempts to stop it. He further stated that currently, there are two types of IPSs that are similar in nature to IDS. They consist of host - based intrusion prevention systems (HIPS) products and network - based intrusion prevention systems (NIPS).

The first session of Day 4 sessions were taken by Mr. Amit Deogar and he started with “Implementation of Security for Windows Platform”. Mr. Deogar started with the advantages of the common security features in Windows operating systems is the predictability and uniformity of security configuration. He said that the same types of security policies and settings can be used to enforce the same level of security, regardless of the device used. The security capabilities of Windows operating systems provide an advantage over other operating system families, which often have different security implementations for desktops and laptops versus tablets and smartphones. Windows also offers a common operating system distribution for each hardware vendor and device, whereas competing operating systems may be fragmented into many variations. This lack of consistency in operating system distributions can result in security challenges.

The last session of the day was on “Understanding and Implementation of VPN”. Mr. Deogar said that VPN or virtual private network is a network that is constructed by using public wires - usually the Internet - to connect to a private network, such as a company's internal network. There are a number of systems that enables to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. The first step to security is usually a firewall between the client and the host server, requiring the remote user to establish an authenticated connection with the firewall. Encryption is also an important component of a secure VPN. Encryption works by having all data sent from one computer encrypted in such a way that only the computer it is sending to can decrypt the data.

The Day 5 sessions were taken by expert Mr. Vipin Gupta on “Open Source Security Tools”. The expert highlighted on the 10 essential security tools that helps to secure systems and networks. These open source security tools have been given the essential rating due to the fact that they are effective, well supported and easy to start getting value from. These tools are as follows:

1. Nmap -It maps network and ports with the number one port scanning tool.

2. OpenVAS - open source vulnerability scanning suite manage all aspects of a security vulnerability management system from web based dashboards.

3. OSSEC - It is a host based intrusion detection system or HIDS, easy to setup and configure.

4. Security Onion - It is a network security monitoring distribution that can replace expensive commercial grey boxes with blinking lights.

5. Metasploit Framework - It tests all aspects of security with an offensive focus.

6. OpenSSH - It secures all traffic between two points by tunneling insecure protocols through an SSH tunnel.

7. Wireshark - It views traffic in as much detail as the user wants.

8. BackTrack - It is an Ubuntu based Linux distribution that is configured with hundreds of security testing tools and scripts.

9. Nikto - It is a web server testing tool and is used for firing at a web server to find known vulnerable scripts, configuration mistakes and related security problems.

10. Truecrypt - Truecrypt is a strong encryption utility that can encrypt entire volumes or create an encrypted container within a file system.

Finally, the workshop ended with a Feedback session followed by Evaluation of the participants. The participants also got an opportunity to clear their doubts. The course conductors ended the workshop by with a Valedictory Session.

Overall the workshop was very beneficial and brain storming in context with Network Security.