I will be discussing security issues related to the Local Area Networks, which are groups of personal computers connected together to share data and devices.

Personal Computers have a few inherent security features and opening up new channels of access for and between them is very risky proportion. W hen you establish connections between computers either locally or over long distances, you need to take several important security measures.

Normal security problems associated with a computer, which is not connected, are increased when you connect many computers together. You can call this factor of LAN security "Multiplication factor". When you open up communication channels between computer systems and provide access in to a computer through any port, it creates a new security area that can be called "Channel factor". The multiplication and channel factor together create a set of security problems that are called network security.

The security of computers that are connected starts with individual computer security. You can not connect a number of insecure computers and create a secure Local Area Network with them, unless you remove all local storage and processing, which will turn a PC in to a dumb terminal. A good operating system provides good security measures but these are not enough if the individual systems are not secured. If someone have uncontrolled use of your PC and you are connected to a network then that person can easily attack the network. The person might have difficulty logging on from your PC but the network itself can not do anything to protect the PC. This is a serious problem.

Most of the PCs in default state come unlocked and unprotected. Windows 95 is the first system in many years that contains plenty of hooks to which network security features can be attached but it offers no stand alone security.

Following are some precautions that should be taken.

• Each computer that is connected to a LAN must be protected by site-system and file access control.
• It must be supported by suitable power and data backup facilities.
• Watched over by a vigilant operator/administrator.

An ideal approach to stand-alone can be summarised like this

1- Site- controlling who can get near to the system.

2- System- controlling who can get near to the system.

3-File - Controlling who can use specific files.

1- Power- keeping the supply of power clear and constant.

A 2- Back up- Keeping copy of files current.

3- Vigilance- having information about what enters and leaves the system.

This arrangement needs to be expanded when a computer system is connected to a Local Area Network. This creates another area that is called channel protection, which can be divided in to three parts.

• Channel control.
• Channel verification
• Channel support

Channel Control - A connection between many computers is another way for an attacker to steel, delete and corrupt the information and programs. You can prevent this by controlling who can open, use and close a channel.

Channel Verification - For safe communication you need to do the following variation.

• Identity of users
• Identity of data
• Integrity of channel

User of a communication channel should be required to identify themselves. When you are acting as the host for users calling in you need to verify the claimed identity. On a Local Area Network this means each user has an ID number and a password. Both must be entered to log in.

It tells the administrator who suppose to be using the system. In small sites administrator can usually check if the right person is logged on. Verifying the integrity of the channel means making sure listening in or preventing the theft if some one is doing so.

Channel Support - Inter computer communication can be established only when a large number of parameters are properly co-ordinated. Once established the communication needs to be maintained. It means you need to rely on communication hardware and software.

The above-mentioned three security factors channel control, channel variation, channel support must be addressed when defining the goals of LAN security, which add a fourth element authenticity.

• Maintain the confidentiality of data as it is stored, processed or transmitted on a LAN.
• Maintain the integrity of data as it stored, processed or transmitted.
• Maintain the availability of data stored on a LAN.
• Ensure the identity of the sender and receiver of a message.

There might be many threats to a LAN but I will discuss particular threats here.

Unauthorised LAN access - It can occur by exploiting the following types of vulnerabilities.

• Lack of identification and authentication scheme.
• Password sharing, easy guessing-passwords.
• Lack of time out and log of attempts.
• Unprotected modems and poor physical control of network device.

Inappropriate access to LAN resources - Results from an individual gaining access to LAN resources in an unauthorised manner. It is caused by the

• Use of system default permission settings that are too permissive to users.
• Improper use of administrator privileges.
• Data stored without any protection.
• PCs that have no access control on a file level-basis.

Disclosure of Data - The disclosure of software or LAN data occurs when they are accessed, read and released to an individual who is not authorised. Following are the causes

• Improper access control setting, important data and application source-code stored in unencrypted form.
• Data and software back up copies stored in open area.

Unauthorised modification of data and software - Results from an individual modifying, deleting or destroying LAN data and software in an unauthorised or accidental manner. These are the causes

• Write permission granted to users who require read permission.
• Privileges mechanisms that allow unnecessary write permissions.
• Lack of protection and detection tools and undetected changes made to software.

Disclosure of LAN Traffic - It occurs some one who is unauthorised reads or gets information as it moves through LAN. It is caused by

• Inadequate physical protection of LAN device and medium.
• Transmitting plain text data using broadcast protocols and over unencrypted LAN medium.

Spoofing of LAN traffic- Results when message to have been sent from a legitimate name sender, when actually it had not been. It happens when

• LAN traffic is transmitted in plain text, lack of date time stamp and digital signature and real time verification.

Disruption of LAN functions - Results from threats that block LAN resources from being available in a timely manner. (Can not do a job with in set time limit)

These are the causes

• Inability to detect usual traffic patterns, reroute traffic, hardware failures.
• Unauthorised change made to hardware components and improper maintenance and physical security of LAN hard ware.