A Brief History of Network Security and the Need for Adherence to the Software Process Model

Paul Innella

This paper describes the present state of information security with specific concentration on secure networks. Additionally, the history of network development and its dependency on security will be explained thoroughly. The state in which network security finds itself is a result of a number of threats to its integrity. Using a variety of preventative measures, including firewalls and encryption, the degree of network security can be raised considerably. Finally, a discussion of a development strategy, which follows the software engineering life cycle model, will reveal a sound method for properly securing a network.

I. Introduction
Security on the Internet and on Local Area Networks is now at the forefront of computer related issues. The technical jargon of the day is information warfare and network security, and there are valid reasons for their rise in importance. Throughout the evolution of networking and the Internet, the threats to information and networks have risen dramatically. Many of these threats have become cleverly exercised attacks causing damage or committing theft. Consequently, the public has become more conscious of the need for network security and so too has the government. Protective tools and techniques exist to combat security threats; nevertheless, only with the proper implementation will they succeed. Consequently, this paper is a discussion of network security, its history, the threats and responses to those threats, and the method of designing a secure network that follows the process model for software engineering.

II. Information Security

Currently the greatest asset of corporations and governments is information. Information encompasses a wide range of diverse pieces including: computer data, marketing strategies, tax and personnel records, military strategies, financial data, communications, and business plans. Organizations that value their internal information realize that information is a strategic and competitive tool. [ALE96] Our society is so reliant on information that the loss or corruption of the United States information infrastructure would create a situation where the national banking system, electric power grid, transportation systems, food and water supplies, communication systems, medical systems, emergency services, and most businesses [could not] survive. [COH95] In short, information is the backbone of the operations of business and government, and the security of this information is critical. Loss of information can be devastating for a corporation or government. In general, the motivational factor for preventing loss of information is financial. This is reflected in FBI statistics which state that up to five billion dollars is lost each year due to information theft through computer crimes. [COH95] The loss of information integrity exceeds strictly the financial arena and extends much further. Businesses have confidential information stolen and patented by competitors, individuals end up in jail and inmates are released because of disruption in law enforcement computers, IRS computer failures have caused thousands of small companies to be put out of business, corporate telephone switches have regularly had hundreds of thousands of dollars worth of telephone calls stolen through them over a weekend, and the list goes on almost without end. [COH95] One of the best examples of the absolute necessity and importance of information was Operation Desert Storm where the United States was more capable of controlling vital information and disseminating it properly while preventing the Iraqis from obtaining similar information. The United States total control of military information and communications completely devastated the Iraqi troops, and placed the US military in an overwhelmingly superior position. The loss of communications in Iraq, a country that was only moderately reliant on information in 2

comparison to the US, demonstrated further the importance of information since Iraq today is now at or below par with most third-world nations. [COH95] Controlling information and preventing its loss is so essential that information security has become indispensable. Information security is the necessary means by which critical information is controlled and its loss is prevented. Information security deals with those administrative policies and procedures for identifying, controlling, and protecting information from unauthorized manipulation. This protection encompasses how information is processed, distributed, stored, and destroyed. [SHA94] In order for information security to be achieved, several attributes must first be attained. Information that is distributed, whether through a network, on disk, or on paper, must be done so in a secure fashion. Educational training must be given to all individuals involved with specific information and especially to those required to secure that information. Classification and clear demarcation of information into different sensitivity levels is another necessary step in securing information. Information must be monitored and tracked consistently and continuously throughout its existence. Finally, securing a network is the most important piece of information security. Information security is in essence all of the aforementioned measures for securing vital information and network security is the key to doing so; as a result, network security will be discussed in greater detail in the sections that follow.

III. Network Security

Network security is the most vital component in information security because it is responsible for securing all information passed through networked computers. Network security refers to all hardware and software functions, characteristics, features, operational procedures, accountability measures, access controls, and administrative and management policy required to provide an acceptable level of protection for hardware, software, and information in a network. [SHA94] Network security, in order for it to be successful in preventing information loss, must follow three fundamental precepts. [ALE96] First, a secure network must have integrity such that all of the information stored therein is always correct and protected against fortuitous data corruption as well as willful alterations. Next, to secure a network there must be confidentiality, or the ability to share information on the network with only those people for whom the viewing is intended. Finally, network security requires availability of information to its necessary recipients at the predetermined times without exception. The three principles that network security must adhere to evolved from years of practice and experimentation that make up network history.

IV. Network History

Securing information across a network had its roots in the late 1960s when networks only existed in the sense of huge mainframes and multiple networked terminals. Hundreds of thousands and millions of dumb terminals were connected via hubs and concentrators to the huge central processing units, spinning tapes, and rotating drives in some distant air-conditioned, properly humidified windowless room. [STA95] Without the presence of client/server network models, time sharing, or multi-user, multi-tasking processors, network security was not yet a real issue. Network security, however, did initially realize its importance as a result of a white-collar crime performed by a programmer for the financial division of a large corporation. He was able to embezzle money from accounts that rounded their financial statements by transferring the money lost through rounding to a separate account. His actions illustrate the initial threats to network security, which were at the time strictly internal. It was not until the end of the 1960s and into the 1970s that the environment for network security did evolve. In 1969, the Defense Advanced Research Projects Agency (DARPA) solicited the efforts of four computer institutions to design a network through which data could be passed and received. UCLA, the University of California at Santa Barbara, the University of Utah, and the SRI collaborated to bring forth the birth of the Internet. [STA95] The network was called ARPAnet, and other academic institutions, defenserelated companies, and government organizations all joined the network. Transmission Control Protocol (TCP) and Internet Protocol (IP) were developed and communications became more stable. During this decade, security issues were still limited to internal problems within an organization because those people who used the ARPAnet were scholars and government employees who were at the time more concerned with discovery than with destruction. The true need for network security emerged in the following decade. The 1980s saw the birth of the Personal Computer followed by the Local Area Network and then NSFNET. All combined, these events laid the foundation for massive network security threats. Apple Computer released the first Personal Computer in the early 1980s, and IBM was soon to follow. Shortly thereafter, hardware cards allowed IBM PCs to emulate dumb terminals and connect to the larger mainframes. Eventually, a smaller company called Novell realized that networks could also exist between PCs, and they designed the first Local Area Networks for PCs. By the late 1980s, the PC market and Local Area Networks were growing larger than had ever been conceived possible. At the same time, the National Science Foundation (NSF), an agency of the U.S. Government . . . created five supercomputer centers in a network called NFSNET. [KRO92] The development of this successor to ARPAnet transferred the Internet from strictly academia and government to anyone who had the hardware and software to access the network. Security over the Internet and over these new Local Area Networks was becoming a very serious concern at this point since an increasing amount of information was traversing many more points of access. The government addressed what they perceived as eminent security issues and took measures to develop security guidelines that they incorporated into the Trusted Computer Security Evaluation Criteria. The book, in actuality, only deals with security problems for stand-alone machines and 4

does not resolve any of the concerns for network security. Nevertheless, this demonstrates the governments awareness of developing security issues. Similar to the immature nature of softwares evolution so too grew networks, the Internet, and network security. Therefore, in the fall of 1988 the world saw evidence of the true threats that existed to network security. The Internet Virus was launched at that time, and all of the 60,000 computers on the Internet were crippled for two entire days. Although the 1980s foreshadowed the networked world to come, and the security issues that would stem from it, it is the ensuing decade in which network security becomes the absolute necessity that it is today. The current decade has seen network and Internet growth that far exceeds the imaginations of their creators. The corporate world designs its business infrastructure around network architectures. Global business requires networks that link the corporate world together. In addition, the Internet has grown to connect easily over two million computers on one massive and primarily uncontrolled network. [COH95] As separate entities, the security issues for the Internet and the global corporate networks are difficult to maintain. Now, however, the corporate networks are merging with the Internet to develop Internet businesses, web-based business transactions, and much more. Consequently, the security matters are incredible. For the first time since the birth of the PC revolution almost two decades ago, security is the top-line item concern. Security is historically an afterthought. Operating systems are generally not considered secure with few notable exceptions. Ethernet-based networks are veritable sieves of information. Plain-text data expose information resources in their most native form. Dial-up access for telecommuters expose the innards of a corporate entity as obviously as if a banks vault were left open and unguarded. The result is that this massive global infrastructure we have constructed has no fundamental security mechanisms built in to protect itself. [STA95] The stage is thus set for unbelievable information sharing on both levels of unimportance and extreme necessity and so the need for network security is paramount to prevent against countless threats.

V. Network Threats
The history of network security has been delineated, leading now into some of the numerous potential threats to information on a network. Threats to network security range from harmless pranks to devastating crimes of destruction and theft. Breaches in network security occur internally by employees and externally by hackers. In a recent attack on the Texas A&M University computer complex, which consists of 12,000 interconnected PCs, workstations, minicomputers, mainframes, and servers, a wellorganized team of hackers was able to take virtual control of the complex. [STA95] Penetrations into a network can occur through password sniffers, IP snooping, and EMail attacks. Further damage can be accomplished through the use of viruses, worms, Trojan horses, and logic bombs. These are only a few of the countless techniques and devices used by people who are motivated by monetary gain, malicious intent, or simply the challenge. The following sections will describe these threats to network security and give some examples of actual occurrences as well as their effects on a network. 5

Internal threats to a network are a major source of strain on the level of security attained by that network. These threats generally stem from either disgruntled or unethical employees. Disgruntled employees are generally not content with their salary, position, or working environment. As a result, they intend to seek compensation for their current state of affairs by doing harm to a corporations network. A couple of years ago, for example, at General Dynamics Corp.s space division in San Diego, a programmer, unhappy with the size of his paycheck, planted a logic bomb a computerized equivalent of a real bomb designed to wipe out a program to track Atlas missile parts. [ALE96] Dishonest employees are those who intend to profit from the manipulation of data stored on a network. These people are interested in altering accounting or financial data to embezzle and increase their monetary gains. AT&T discovered that some of their employees were dishonest because they had purchased a pay-per-minute telephone number. They then programmed AT&T telephones to call that number repeatedly and thus reaped the rewards at AT&Ts expense. Other methods of breaching network security internally include reading other peoples E-Mail, using EMail as a means of anonymously harassing other people, placing a virus on the network with the intent of doing harm, delivering proprietary information to outside sources, physical hardware and software theft, violating software license agreements, and using network resources for outside business. Whatever method used, internal threats to a network are serious concerns for the integrity of that networks security. External threats to network security, generally referred to as hackers, can be equally and sometimes more dangerous than internal threats. To obtain entry into a network or view sensitive information, hackers must use password sniffers, IP snooping, and E-Mail attacks. Password sniffers actually work with the execution of a packet sniffer that monitors traffic on a network passing through the machine on which the sniffer resides. The sniffer acquires the password and log-on name used when the source machine attempts to connect to other machines and saves this information in a separate file later obtained by the hacker. IP spoofing involves the capturing of the information in an Information Packet (IP) to obtain the necessary address name of a machine that has a trusted relationship with yet another machine. In doing so, a hacker can then act as one of the machines and use the trusted relationship to gain entry into the other machine where any number of actions can be performed. Finally, E-Mail is extremely vulnerable and quite susceptible to a number of different attacks. Once a letter is sent, before the letter leaves your computer, it sits in a temporary area of the disk, called a spool area, waiting to be sent. While it sits there, it is possible for your system administrator to read the letter. If the mail software is improperly set up, anybody can read your letter. [BAR96] As the letter travels from gateway to router to destination server, it can be read at almost any point along the way. Regardless of the method used to gain entry onto a network or view communications therein, hackers can truly jeopardize a networks security and potentially do severe damage to the data and systems within. There is certainly a great deal to be aware of with regard to network security. There are internal threats from employees who have access to the network. There are additional threats from external sources that do not have access to the network, but use different methods to obtain entry. Regardless of whether the threat is from within or from outside of the network, there are many different tools available to both entities, 6

making them more dangerous still. In the ensuing paragraphs, some of the means used by potential threats to network security will be discussed. The Virus is potentially one of the most dangerous threats to network security. Viruses can corrupt or destroy data, alter files, and possibly bring a network to a halt. Fred Cohen, author of Protection and Security on the Information Superhighway, has been credited with developing the first virus for what he contends was a means of testing computer security. Cohen defines a virus as a program that can infect other programs by modifying them to include a, possibly evolved, version of itself. [ALE96] There are two kinds of viruses, those that operate with the use of executable files and others that infect the boot sector of a disk. In either case, the virus attaches itself to any files that it comes in contact with while the infected file is being executed or while the virus code in the boot sector is loaded into memory. The virus is then launched depending on how it was designed. Certain viruses launch at a given date while others instantiate themselves after the file they have attached themselves to is executed a specific number of times. Once the virus is launched, a multitude of possible scenarios can occur. Each virus is written to perform different functions ranging from the humorous to the malicious such as destroying all of the data on a computers hard drive. The virus is a dangerous threat to network security, and it can exist in many different forms as will be discussed shortly. Two types of viruses, Stealth viruses and Polymorphic viruses, are amongst the most threatening kinds because they have been developed to outsmart anti-virus scanners. Stealth viruses are designed to perform their intended function while remaining undetected by anti-virus software. One method of accomplishing this task is by completely disabling the anti-virus softwares scanning mechanism. Since anti-virus scanners many times look to detect changes in file sizes, certain Stealth viruses can send back the original size to the scanner yet still change the actual file size. One last version of the Stealth viruses will alter the boot sector while maintaining a copy of the original to which it refers the anti-virus scanner. Polymorphic viruses are labelled as such because they disguise themselves in several different fashions. One method is for the virus to reproduce itself by modifying itself each time so as not to make any identical copies. Certain polymorphic viruses will scramble their internal code to remain undetected, and yet others still create additional unnecessary bits of code internally to differ it from previous copies. Anti-virus scanners cannot possibly trace each instance of the virus because they all differ, so some will remain undetected while others are removed. These two viruses are quite dangerous, and although there are many different types, only these two will be described in detail. Several famous viruses have occurred since 1988 when Fred Cohen stumbled on the first of its kind, two of which will be discussed: the Friday the Thirteenth virus and the Michelangelo virus. The Friday the Thirteenth virus was discovered in the computer systems at Hebrew University in Jerusalem. The virus had been programmed to be activated on May 13, 1988, with a time bomb set to delete all files on all systems infected. The virus also included instructions to explode every Friday the thirteenth after May 13, 1988. May 13, 1988 was selected because it happened to be the fortieth anniversary of the last day of the existence of the nation of Palestine, as ruled by Great Britain under the Balfour Mandate. [SHA94] The Friday the Thirteenth virus was of the 7

type that attached itself to files, and in this case, it would attach itself to executable DOS files. Every times it propagated, it would grow the successive file by 1,800 bytes. Once an infected executable was launched via the DOS execution program, the virus would infect any other program run with that utility. One of the most famous viruses to date was the Michelangelo virus. This virus acquired its name because it was to be launched on March 6, 1992, Michelangelos 517th birthday. The virus was accidentally shipped with a certain hardware vendors PC software. Michelangelo was supposed to completely wipe the hard drive on any PC that was infected on what was being referred to by the media as Doomsday of the PC. [SHA94] At the conclusion of this disastrous day for PCs, there was minimal damage indeed. The benefits, however, were the incredible attention that was now being placed on this particular threat and network security as a whole. Viruses are indeed a serious threat to network security, but there are many others as well. Additional forms of malicious software, such as Trojan horses, worms, and logic bombs exist as threats to network security. A Trojan horse is a software package that maintains the image of functionality, but in fact carries a hidden virus or time bomb or allows for intrusion. An example of the Trojan horse, was the AIDS Information Introductory Disk, Version 2.0, that accompanied a periodical sold in Great Britain. The purpose of the software was to perform a risk assessment test on a persons personality and report their likelihood of contracting the AIDS virus. The program succeeded in its marketed task, but it also launched a virus. Another piece of harmful software is a worm that is not like viruses in that a worm is actually a program that is executing while it performs its function. Worms tend to travel networks, like the Internet, and are sophisticated enough to try different password combinations and to look for loopholes in programs that are running on the targeted system. They dont infect other programs, although they may carry a virus that does. [ALE96] Finally, logic bombs and time bombs are designed within an existing piece of software to be executed either as a result of a certain event occurring or at a particular time, respectively. For example, a software engineer developed a database for a company and was not certain that he was going to receive his due payment. When his doubts were confirmed, he telephoned the company and instructed them to open a particular file four times in a row. Upon doing so, the database erased all of the data within its tables. The time bomb would behave in a similar fashion, but at a specified time. These three programs are yet additional threats to the integrity of a secure network.

VI. Network Protection

Although the previous sections described a great number of threats to a networks security, there are fortunately many preventative techniques to properly secure a network against those threats. The first method of protection is to address the actual physical layer of the network to assure that it is properly equipped. Next, three network administrative guidelines should be adhered to. Additionally, firewalls and encryption should be incorporated into a network to heighten its security. Finally, several other 8

techniques can be implemented at the network software level. The proper combination of these methods will provide a good deal of protection against most of the sources that threaten network security. Physical Security is an initial concern when designing a secure network. The easiest and best means of protecting important machines like servers is to secure them under lock and key. Next, make sure to use wiring that is the least susceptible to eavesdropping and snooping. Copper wiring can be connected to with greater ease than other types of cable, and is thus more vulnerable. Fiber cabling is somewhat more secure and is recommended over copper. In either case, the cabling should be run such that it cannot easily be connected to without the network administrators knowledge. These protective steps in the physical layer are not nearly enough to design a completely secure network, but they are certainly necessary and should be used in conjunction with the remaining preventative measures. The next step in taking precautionary measures against network security threats is to adhere to the following three fundamental axioms of network administration: Track the activities of [network] users and spot attempts to breach security. Restrict the access of each user to specific files and applications. [Finally,] identify and authenticate people who log into the [network]. [ALE96] The first two of these actions are relatively straightforward. Monitor the integrity of the network and ensure that all known attempts to compromise it are resolved. Additionally, thoroughly set file and directory permissions such that only those users who require access to particular files and directories will have rights or attributes to do so. The final step in administering a secure network is proper authentication. This issue deserves a little more discussion than the previous two. Authentication is the process through which users gain access to local and remote machines on a network by identification and validation. For the most part, authentication involves the processing of a user id and password, and many networks require different passwords for each software package. One solution to the use of multiple passwords for different programs is the single sign-on solution where each user is only required to remember one password and the remaining passwords are referenced from a database. This solution prevents the writing down of multiple passwords by users, which poses a natural threat to network security. Additionally, the use of single sign-on reduces network administration tasks thus allowing more time to prevent breaches in network security. Another important item to remember is to disable a users id and password when the user is no longer a part of the network. Finally, the password itself requires a certain amount of attention since it is the key with which many hackers open up doors to a network. When designing a password, there are several guidelines for passwords that should not be used including your name or any close variation of your name, a password of fewer than eight characters, your car make or serial number, your medicare number, your user ID, your bank account number, any part of your address, your initials, a date or time, a password that contains nothing but numbers or nothing but letters, or a word spelled backwards. [PFA97] In order to create a good password, it is recommended to take the first letter of each word in a phrase, including a number. A good example of this would be four score and seven years ago our forefathers, which would yield the 9

password: 4s&7yaof. Variations of capital and small letters further increase the strength of a password. Proper authentication is an integral part of the administrative step in securing a network. Firewalls are yet another measure used in increasing the level of security in a network. A firewall is in essence a portal through which information enters and exits. On one side of the portal is the internal network that must remain secure, and on the other is the information needed from the outside world combined with the undesirable threats of external networks. Heres how a firewall works. The White Knight rides up to the castle and yells out Hail to the King, or something equally friendly, and the watchguards lower the drawbridge. The knight reaches the other side of the drawbridge and the guards raise the gate. But then the guards make the White Knight get off his horse and take off his armor so that they can get a close look at him. For good measure, they also rummage through his bags for anything that looks out of place. [ALE96] Firewalls are added protection against unwanted intrusion. Three of the major types of firewalls, listed in order of increasing quality and price, are packet-filtering routers, application-level gateways, and circuit-level gateways. Although it is not the best available firewall, a positive step in increasing network security is the use of packet-filtering routers. A packet filtering router allows the network to determine which connections can pass through the router into the local area network and which connections will be denied. The application-level gateway is designed specifically as a firewall that authenticates the user for individual applications. Its primary function is to identify and validate the user and then provide access to specific applications such as E-Mail or file browsers depending on which one the user is requesting. Finally, a circuit-level gateway performs all of the packet-filtering that a router does and a bit more. The primary enhancement is the use of identification and authentication before an insider can access your in-house network. That I&A can be based on remote users using a password generator, for example. [ALE96] There are still, however, holes in firewalls that can be exploited. It is the combination of many preventative techniques and network security strategies that will be discussed later which enable a network to be secure. Encryption is another method by which network security is heightened. An encrypted document cant be read by anyone who does not possess the key, or the formula thats used to translate the original text into ciphertext (the encrypted text). [PFA97] Two methods of encryption, Cryptext and Kerberos, are tools that can be used to increase network security by encrypting documents on the network. Cryptext is a 160bit key encryption package that is virtually impossible to decipher. Most encryption tools use 40-bit keys because of strict United States laws that prohibit the export of software that uses encryption with keys greater than 40 bits. Kerberos was originally developed at MIT to secure its campus-wide network of computers. To simplify the Kerberos protocol significantly, each client on the network requesting access to an application or file server must first obtain a ticket from the Kerberos server. The ticket is provided to the client, but it is encrypted with the key that resides only on the application or file server. Additionally, a session key is included such that communication can exist between the client and the server. The client then takes the ticket combined with an authenticator, 10

which is a timestamp and certain other unique identifiers, and sends its request to the application server. The application server finally decrypts the ticket and returns yet another encrypted acceptance reply to the client, completing the Kerberos cycle. Both forms of encryption add an additional layer of security to the network. Several other miscellaneous techniques can be applied to enhance network security. Anti-virus software, such as McAfees VirusScan, must be installed on any machine that is resident on the network. In addition, the files that the anti-virus software relies on must be updated periodically due to the constant development of new viruses. Another important technique for securing a network is disabling cookies from Internet browsers. Cookies are text files that Web servers write to your hard disk transparently as technical people like to say that is, without your knowing. These files are used to store information, such as preference choices, your user ID and password, or a list of the advertisements you have viewed. The next time you access the site, your browser uploads any cookies that this Web site might have left behind previously. [PFA97] Finally, networks that provide E-Mail should also require authentication with a software package such as PGP to prevent against E-Mail spoofing. These are the remainder of the techniques that are listed herein to secure against threats to a network, but this list is only a portion of the possible measures that can be taken to prevent against network security breaches. Used properly, and in combination, these techniques do provide a concrete foundation for a secure network.

VII. A Secure Network Development Process

Having discussed techniques for preventing network security threats from becoming a reality leads into the description of a strategy for designing a secure network. There are multiple principles in designing a secure network that will be outlined before discussing an actual strategy or method for network security design. The design of a secure network will follow many of the steps that are inclusive and required of the software process model, including the definition, development, and maintenance phases. Sound principles are the backbone of a secure network. Furthermore, cleverly derived evaluations for network security design complete the framework for the network. The three network security precepts that were mentioned previously when network security was first defined are also very important in the design of a secure network. A secure network will be developed with these three axioms of integrity, confidentiality, and availability constantly being appreciated. Additionally, certain preliminary steps must be taken in order to assess the need for and overall level of network security. First, an appraisal of the dependency on information within the network must be performed to surmise the level of security necessary to protect that information. Next, measurements must be taken of any foreseeable weaknesses in the current network structure as well as the design for future network security. In addition, it must be realized that security is a continuous task. Network security is not purchased once; instead it must be continually monitored and managed. Finally, network security should be an evolutionary process whereby its progression and subsequent protection occurs in stages. These ideals and 11

notions are the foundation for the process of network security design that follows shortly hereafter. In order to completely design and develop a secure network, it is recommended that the software process model be adhered to and simulated. Network security should be initiated at the beginning of a network design and development processes and be managed throughout the life cycle. [SHA94] The three generic phases of the software engineering process are definition, development and maintenance. These stages can be further broken down into eight different steps that complete the software process model. The eight levels of the software process model will all together be the framework for the creation of a secure network. These eight steps are system requirements, concept formulation, systems definition, engineering design, design verification, production and installation, operations, and retirement. Each of these phases will be described further along with the network securitys role within each stage. The preliminary stage, the systems requirements phase, is necessary in developing the initial list of aims and intended outcomes because of a defined necessity. In other words, the need for network security will be assessed and the result or effect of addressing that need predicted. This phase will be the initial persuasive stage for making the transition towards securing the network. The choice to be made here will be whether the need for an increased level of network security exists and is practical. The application of network security policies, procedures, and countermeasures should be driven by defined and quantifiable needs. [SHA94] Recognition of the need for network security and the definition of its intended effects lead to the next phase of concept formulation. During the concept formulation phase in the software engineering process, different methods of attaining the goals derived in the systems requirements phase are considered. The positive and negative aspects of each of these plans of attack are then observed and noted. Furthermore, other options for these methods are equally debated. While designing and developing network security, this phase would entail an analysis of different network security solution such as the OSI/ISO approach. Finally, a plan would have to be developed during this stage dependent on which approach was chosen to provide security across the network. The strategy produced at this time would detail how the remaining phases would unfold. While the preceding two phases are occurring, another task, risk analysis, is simultaneously taking place. As with the software engineering process model, network security design and development requires proper risk analysis before the completion of the network security design. Performing a comprehensive risk analysis with technically qualified security engineers is the most important network security activity. [SHA94] Risk analysis is divided into three different stages of assessment composed of sensitivity assessment, risk assessment, and economic assessment. Sensitivity assessment attempts to perform those actions that are necessary to define the need used in the systems requirement phase. Essentially, the level of importance of the network data is determined and the need is based upon the results of that assessment. Risk assessment is the most significant activity of the overall risk analysis. It is used to define threats against a 12

network, vulnerability of the network, and the risk levels that result from the postulated exploitation of network vulnerabilities by the defined threats against the network. [SHA94] Certain simple questions help to facilitate the assessment of a networks susceptibility to a risk becoming a reality. Networks that do not have some sort of backup system are at risk, and those that do should backup every day. Another risk is not having a disaster recovery plan, anti-virus software, or access control software or hardware. Networks are more prone to risk if they do not adhere to the password practices that were outlined earlier. The lack of encryption is yet another risk for network security. Finally, economic assessment is the expected value of loss given that risks become a reality. Risk analysis is a necessary step that occurs during the initial phases of the process model revealing important information that will be assimilated into the design of the secure network. The next phase in the process model for software engineering is systems definition. During this stage, actual system specifications are created detailing exactly the operation of the system. Tailored to meet the needs of developing a secure network, this phase would explain the behavior of the network in any foreseeable situation. It would further attempt to predict its actions in an unforeseeable scenario, using the information gathered from risk analysis. The outcome of this phase would be the choice to proceed or discontinue the network security development based upon the information gathered and the system specifications designed. Having decided to continue in the software engineering process, the next stage encountered is the engineering design phase. At this point, the specifications produced in the previous phase are used to develop a design that explains in great detail the means by which each of those specifications will be realized. The engineering design, for example, would detail how the network would repel a hacker attempting an IP spoof by utilizing cicruit-level gateways; this threat would have been described in the specifications from the systems definition phase. Depending on which paradigm of the software engineering model is in use, prototypes are developed at this phase. This phase is yet another essential stage in the overall development of a secure network. Before continuing to the next phase, the determination must be made as to whether or not the design should be transformed into a product. After the design has been completed, it must be substantiated in the design verification phase. This phase is essentially the period of testing, scrutinizing in particular the systems usability, security, and sustainability. Using the previous example of the hacker attempting an IP spoof, this stage would test the feasibility of that hacker circumventing the circuit-level gateway. At the conclusion of this phase, the decision must be made to discontinue the process or proceed and fully develop the designed secure network. The production and installation phase will facilitate the completion of the designed system, in this case the secure networks development. The fully verified secure network will have measured up to the standards detailed in the design. Additionally, the network will have been tested to see that it meets all of the goals laid out in the systems requirements phase. During this phase, the secure network is installed 13

and operational. Provided the previous phases were completed thoroughly and with due diligence, this phase will be the rewarding stage in which the design and development becomes a reality and security on the network is the result. Nevertheless, the process of securing a network is evolutionary and thus the need for the following phase. The operations phase is considered the stage for management of the system with the focus on discovering need for improvement. During this phase, the network security will be challenged continuously to find loopholes. With this information, updates to the network are performed, and the process continues. Due to the increasing number of new threats to network security, this process must be continual and evolving as long as the network security system is still effective. Eventually, many systems reach the final stage of the process model, the retirement phase. Systems that can no longer receive gain by modifying or enhancing their design must be retired. The network, for example, that cannot be improved to prevent against external threats must be resigned. So concludes the process model for software engineering, and the model by which a secure network should be designed and developed. The process model for software engineering is sound and effective. The creation of a secure network emulates this process model in the hopes of attaining an equally concrete method for the design and development of network security.

VIII. Summary
In summary, networks must be secure in order to prevent against threats to their integrity, otherwise the loss or misuse of information can be catastrophic. This paper set upon defining the role of network security, and hoped to explain further how to achieve that role with the help of certain fundamental software engineering precepts. This solution presents some of the basic tenets to fighting network security threats, but a vast assortment of alternative tools and methods were not discussed. The changing strategy for developing a secure network coincides with the creation of new threats; therefore, it is an evolutionary process constantly changing to meet new requirements. In conclusion, computers and software are a part of a world-wide network, no longer existing in limited constraints, making them more susceptible to information abuse and more in need of network security.

14

References
[ALE96] [BAR96] [COH95] [KRO92] [PFA97] [SHA94] [STA95] [UDE98] Alexander, Michael, The Underground Guide to Computer Security, Addison-Wesley Publishing Company, 1996. Barrett, Daniel J., Bandits on the Information Superhighway, OReilly & Associates, Inc., 1996. Cohen, Frederick B., Protection and Security on the Information Superhighway, Johen Wiley & Sons, Inc., 1995. Krol, Ed, The Whole Internet, OReilly & Associates, Inc., 1992. Pfaffenberger, Bryan, Protect Your Privacy on the Internet, Johen Wiley & Sons, Inc., 1997. Shaffer, Steven L., and Alan R. Simon, Network Security, Academic Press, 1994. Stallings, William, Internet Security Handbook, IDG Books Worldwide, Inc., 1995. Udell, J., In Search of SSL Spidering, BYTE, February 1998, pp. 97100.

15