Network Security: It is a process, not a product Suyog Dixit and Pankaj Kumar Jha B.E.

. Computer Science, Third year, SD Bansal College of Technology, Indore (M.P. ) B.E Computer Science, Second year, SD Bansal College of Technology, Indore (M. P.) a Em il: pankajjha@suyogdixit.com ABSTRACT W ith the explosion of the public Internet and e-commerce, private computers and c omputer networks, if not adequately secured are increasingly vulnerable to damag ing attacks. Hackers, viruses, vindictive employees and even human error all rep resent clear and present dangers to networks. And all computer users from the mo st casual Internet surfers to large enterprises could be affected by network sec urity breaches. However, security breaches can often be easily prevented. How? T his white paper provides you an overview of the most common network security thr eats and its solution which protects you and your organization from threats, hac kers and ensures that the data traveling across your networks is safe. Some hist ory of networking is included, as well as an introduction to TCP/IP and internet working. We go on to consider risk management, network threats, firewalls, and m ore special-purpose secure networking devices. INDEX TERMS: Security, Audit, Coupled stages. INTRODUCTION Computer and network security is a new and fast moving Technology and as such, i s still being defined and most probably will always be still defined. Security inc idents are rising at an alarming rate every year [Figure - 1]. As the complexity of the threats increases, so do the security measures required to protect netwo rks. Data center operators, network administrators, and other data center profes sionals need to comprehend the basics of security in order to safely deploy and manage networks today. Securing the modern business network and IT infrastructur e demands an end-to-end approach and a firm grasp of vulnerabilities and associa ted protective measures. While such knowledge cannot thwart all attempts at netw ork incursion or system attack, it can empower network engineers to eliminate ce rtain general problems, greatly reduce potential damages, and quickly detect bre aches. With the ever-increasing number and complexity of attacks, vigilant appro aches to security in both large and small enterprises are a must Network security originally focused on algorithmic aspect s such as encryption and hashing techniques. While these concepts rarely change, these skills alone are insufficient to protect computer networks. As crackers h acked away at networks and systems, security courses arose that emphasized the l atest attacks. There is always fault management, fault software, abuse of resour ces connecting to computer networks. These are the main reasons which cause secu rity problems for a Network. Today, security problem becomes one of the main pro blems for computer network and internet developing. However, there is no simple way to establish a secure computer network. In fact, we cannot find a network in the world, which does not have any security holes nowadays. The infrastructures of cyberspace are vulnerable due to three kinds of failure: complexity, acciden t, and hostile intent. Hundreds of millions of people now appreciate a cyber con text for terms like viruses, deni l of service, priv cy, worms, fr ud, and crime lly. Attacks so far have been limited. While in some network attacks the value o f losses is in the hundreds of millions, damage so far is seen as tolerable. Whi le preventing attack is largely based on government authority and responsibility , the detailed knowledge needed to thwart an attack on a cyber system to prevent

damage rests primarily with its owner. Protecting infrastructure systems arguab ly involves five coupled stages. First, it is necessary to attempt to deter pote ntial attackers. Second, if attacked, the need is to thwart the attack and to pr event damage. Third, since success cannot be guaranteed in either preventing or thwarting an attack, the next stage is to limit the damage as much as possible. Fourth, having sustained some level of damage from an attack, the Defender must reconstitute the preattack state of affairs. Finally, since changing technology and incentives to attack influence both offence and defense, the final step is f or the defender to learn from failure in order to improve performance, just as a ttackers will learn from their failures. The more specific defenses to be discus sed may be usefully partitioned into two forms: passive and active. Passive defe nse essentially consists in target hardening. Active defense, in contrast, impos es some risk or penalty on the attacker. Risk or penalty may include identificat ion and exposure, investigation and prosecution, or pre-emptive or counter attac ks of various sorts. Armageddon08 April 01, 2008 Computer Society of India (CSI) [1] Warfare: Paper Presentation

FOCUS ON SECURITY The Network Security program emphasizes to secure a network. The following backg round information in security helps in making correct decisions. Some areas are concept-oriented: Attack Recognition: Recognize common attacks, such as spoofing , man-in-the-middle, (distributed) denial of service, buffer overflow, etc. Encr yption techniques: Understand techniques to ensure confidentiality, authenticity , integrity, and no repudiation of data transfer. These must be understood at a protocol and at least partially at a mathematics or algorithmic level, in order to select and implement the algorithm matching the organizations needs. Network S ecurity Architecture: Configure a network with security appliances and software, such as placement of firewalls, Intrusion Detection Systems, and log management . To secure a network, certain skills must also be practiced: Protocol analysis: Recognize normal from abnormal protocol sequences, using sniffers. Protocols mi nimally include: IP, ARP, ICMP, TCP, UDP, HTTP, and encryption protocols: SSH, S SL, IPSec. Access Control Lists (ACLs): Configure and audit routers and firewall s to filter packets accurately and efficiently, by dropping, passing, or protect ing (via VPN) packets based upon their IP and/or port addresses, and state. Intru sion Detection/Prevention Systems (IDS/IPS): Set and test rules to recognize and report attacks in a timely manner. Vulnerability Testing: Test all nodes (route rs, servers, clients) to determine active applications, via scanning or other vu lnerability test tools and interpret results. Application Software Protection: Program and test secure software to avoid backd oor entry via SQL injection, buffer overflow, etc. Incident response: Respond to an attack by escalating attention, collecting evidence, and performing computer forensics. The last three skills incorporate computer systems security, since t hey are required to counteract internet hacking. Network security applies busine ss decisions in a technical manner. Business requirements drive security Impleme ntations. Business-related skills include: Security Evaluation: Use risk analysi s to determine what should be protected and at what cost. Security Planning: Pre pare a security plan, including security policies and procedures. Audit: Prepare an Audit Plan and Report. Legal response: Understanding and interpreting the la w regarding responding to computer/network attacks, corporate responsibility (e. g., Sarbanes-Oxley), and computer forensics. THE TCP/IP PROTOCOL: The attacks which are discussed in this paper are all utilizing weaknesses in th e implementation of the TCP/IP protocols to make the attacked computer or networ k stop working as intended. To understand the attacks one has to have a basic kn owledge of how these protocols are intended to function. TCP/IP is the acronym o f Transmission Control Protocol/Internet Protocol and is one of several network protocols developed by the United States Department of Defense (DoD) at the end of the 1970s. The reason why such a protocol was designed was the need to build a network of computers being able to connect to other networks of the same kind (routing). This network was named ARPANET (Advanced Research Project Agency Inte rnetwork), and is the predecessor of what we call Internet these days. Armageddon08 April 01, 2008 Computer Society of India (CSI) [2] Warfare: Paper Presentation

TCP/IP is a protocol suite which is used to transfer data through networks. Actu ally TCP/IP consists of several protocols. The most important are: IP Internet Protocol This protocol mainly takes care of specifying where to send the data. To do that , each IP packet has sender and receiver information. The most common DoS attack s at the IP level exploit the IP packet format. generally have lower volumes of data. Unless some exploits exist at the victim h osts, which have not been fixed, a DoS attack should not pose a real threat to h igh-end services on todays Internet. SOME SOLUTIONS TO DOS ATTACKS: The way DoS and DDoS attacks are perpetrated, by exploiting limitations of proto cols and applications, is one of the main factors why they are continuously evol ving, and because of that presenting new challenges on how to combat or limit th eir effects. Even if all of these attacks cannot be completely avoided, some bas ic rules can be followed to protect the network against some, and to limit the e xtent of the attack: Make sure the network has a firewall up that aggressively k eeps everything out except legal traffic. Implement router filters. This will le ssen the exposure to certain denial-of-service attacks. Additionally, it will ai d in preventing users on network from effectively launching certain denial-of-se rvice attacks. Install patches to guard against TCP/IP attacks. This will substa ntially reduce the exposure to these attacks but may not eliminate the risk enti rely. Observe the system performance and establish baselines for ordinary activi ty. Use the baseline to gauge unusual levels of disk activity, CPU usage, or net work traffic. TCP Transmission Control Protocol This protocol handles the secure delivery of data to the address specified in th e IP protocol. Most of the TCP level attacks exploit weaknesses present in the i mplementations of the TCP finite state machine. By attacking specific weaknesses in applications and implementations of TCP, it is possible for an attacker to m ake services or systems crash, refuses service, or otherwise become unstable. A communication through a network using TCP/IP or UDP/IP will typically use severa l packets. Each of the packets will have a sending and a receiving address, some data and some additional control information. Particularly, the address informa tion is part of the IP protocol being the other data in the TCP or the UDP part of the packet. ICMP has no separate TCP part all the necessary information is in the ICMP packet. In addition to the recipient s address all TCP/IP and UDP/IP c ommunication uses a special port number which it connects to. These port numbers determine the kind of service the sender wants to communicate to the receiver o f information. CYBERSPACE IS VULNERABLE: The infrastructures of cyberspace are vulnerable due to three kinds of failure: complexity, accident, and hostile intent. Very little of it was designed or impl emented with assurance or security as primary considerations. Bad things can be done either via the network infrastructures or to the infrastructures themselves . These bad things can be characterized by a lot of D words: destroy damage, deny, delay, deceive, disrupt, distort, degrade, disable, divulge, disconnect, and di sguise. We lack a comprehensive understanding of these vulnerabilities largely b ecause of the extraordinary Complexities of many of the problems, and perhaps fr om too little effort to acquire this understanding. But there is ample evidence that vulnerabilities are there: examples of all three kinds of failure abound, a nd vulnerabilities are found almost every time people seriously look for them (e .g. via Red Teams). Under the circumstances, it is remarkable that we have had so few extended and crippling failures so far. Threats to network infrastructures a re potentially extensive not only as their value increases in terms of the Infra structures themselves, the value of hosted services, and the value of what is lo

cated on them, but also because of their widespread and low-cost access. The con nectivity of the networks gives rise to a form of long, nonlinear reach for all kinds of attackers that is not present for more traditional forms of infrastruct ure attacks, e.g. bombs against physical transportation systems. Dependence on s ome of the IT-based infrastructures in DOS ATTACKS: DoS attacks today are part of every Internet users life. They are happening all t he time, and all the Internet users, as a community, have some part in creating them, suffering from them or even loosing time and money because of them. DoS at tacks do not have anything to do with breaking into computers, taking control ov er remote hosts on the Internet or stealing privileged information like credit c ard numbers. Using the Internet way of speaking DoS is neither a Hack nor a Crac k. The sole purpose of DoS attacks is to disrupt the services offered by the vic tim. While the attack is in place, and no action has been taken to fix the probl em, the victim would not be able to provide its services on the Internet. DoS at tacks are really a form of vandalism against Internet services. DoS attacks take advantage of weaknesses in the IP protocol stack in order to disrupt Internet s ervicesDoS attacks can take several forms and can be categorized according to se veral parameters. Particularly, in this study we differentiate denial of service attacks based on where is the origin of the attack being generated at.Norm l DoS attacks are being generated by a single host (or small number of hosts at the sa me location). The only real way for DoS attacks to impose a real threat is to ex ploit some software or design flaw. Such flaws can include, for example, wrong i mplementations of the IP stack, which crash the whole host when receiving a nonstandard IP packet (for example ping-of-death). Such an attack would Armageddon08 April 01, 2008 Computer Society of India (CSI) [3] Warfare: Paper Presentation

several countries is such that serious national consequences could result from t he exploitation of their vulnerabilities. Thus it is not surprising that these i nfrastructures are attracting a wide range of malevolent activity ranging from a great deal of long range vandalism, to many forms of more serious crimes, to pr ospective forms of terrorism, to nationversus-nation conflict. Attacks may be di rected at parts of the information infrastructure itself or through the networks against other targets that have a presence in this medium. Criminals and terror ists may also value the networks as assets to support their own activities, e.g. for inexpensive, effective communications or as a source for intelligence gathe ring. Virtually every connected country can serve as a base for any number of at tackers, who are motivated, and who can readily acquire access and technical Cap abilities to cause harm to others. Attacks so far have been limited. While in so me network attacks the value of losses is in the hundreds of millions, damage so far is seen as tolerable. Many believe that it is only a matter of time before all sorts of malevolent people are going to find those network vulnerabilities a nd exploit them through prolonged, multifaceted, coordinated attacks producing s erious consequences. Thus, prudence dictates better protection against accidents and attacks before things get much worse. Is this a domain where stitch in tim e may save nine, and one where government and industry can get out ahead of a pro blem before it becomes insufferable? However, since one unprotected system rende rs the entire network vulnerable, cooperation between all governments and their constituents is required for a safer network environment. And, all realizations of visions of the information society are going to be severely limited if the peop le in that society do not trust or feel secure with the underlying infrastructur es. Strategic defense options Security is a process, not a product. Faced with the technical possibility of disruption of critical infrastructures in ways that co uld have serious consequences to their economies and potentially result in loss of life, governments should be expected to plan and implement prudent defenses. Policies directed to protecting infrastructures will, in the majority of countri es, require that there be a clear logic relating the perceived states of infrast ructure vulnerability to the desired endpoints such defensive policies are inten ded to achieve. This will require that each country identify those infrastructur es, and their interdependencies that are critical to its survival and to its soc ial and economic well-being. Absolute defense against cyber attack has rarely, i f ever, been achieved in a large complex, geographically distributed, network. T he complexities of such systems and modes of attack are such that we do not know precisely how to assess how secure they are, and this lack of understanding for ces defenders to protect themselves in overlapping ways and in multiple stages. Risk or penalty may include identification and exposure, investigation and prose cution, or pre-emptive or counter attacks of various sorts. There will be trade-offs between the various courses of action suggested by this conceptual structure. Preventing or thwarting attacks can be costly. This activity may als o incur losses through reduced system performance. However, the greater the succ ess in limiting damage, the less will be the amount of damage to be repaired. If limiting damage is difficult, it is better to invest in efforts to assist in re constitution. Damage limitation can be viewed on two time scales. Plans can be m ade to limit the damage from a single attack, or to minimize losses from multipl e attacks over time. There will be other trade-offs, e.g. between detailed and p otentially costly scrutiny of individual transactions and that of waiting to ide ntify and punish attackers over the longer term. Since an infrastructure system is typically a mix of public and private ownership, the various owners are likel y to have different views of investing in protection. Private owners, faced with loss of revenue and loss of confidence by customers, regulators, investors, and insurers will seek to restore revenues and confidence in their stewardship. Gov ernments will pursue policies that focus on longer term aspects of protection, s eeking to reduce cumulative losses, protecting economies and national security, and maintaining law and order. PARTITIONING AND PROTECTING NETWORK BOUNDARIES WITH FIREWALLS:

A firewall is a mechanism by which a controlled barrier is used to control netwo rk traffic into AND out of an organizational intranet. Firewalls are basically a pplication specific routers. They run on dedicated embedded systems such as an i nternet appliance or they can be software programs running on a general server p latform. In most cases these systems will have two network interfaces, one for t he external network such as the Internet and one for the internal intranet side. The firewall process can tightly control what is allowed to traverse from one s ide to the other. Firewalls can range from being fairly simple to very complex. As with most aspects of security, deciding what type of firewall to use will dep end upon factors such as traffic levels, services needing protection and the com plexity of rules required. The greater the number of services that must be able to traverse the firewall the more complex the requirement becomes. The difficult y for firewalls is distinguishing between legitimate and illegitimate traffic. W hat do firewalls protect against and what protection do they not provide? Firewa lls are like a lot of things; if configured correctly they can be a reasonable f orm of protection from external threats including some denial of service (DOS) a ttacks. If not configured correctly they can be major security holes in an organ ization. The most basic protection a firewall provides is the ability to block n etwork traffic to certain destinations. This includes both IP addresses and part icular network service ports. A site that wishes to provide external access to a web server can restrict all traffic to port 80 (the standard http port). Usuall y this Armageddon08 April 01, 2008 Computer Society of India (CSI) [4] Warfare: Paper Presentation

restriction will only be applied for traffic originating from the un-trusted sid e. Traffic from the trusted side is not restricted. All other traffic such as ma il traffic, ftp, snmp, etc. would not be allowed across the firewall and into th e intranet. An example of a simple firewall is shown in [Figure 2] Figure 2 An even simpler case is a firewall often used by people with home or sm all business cable or DSL routers. Typically these firewalls are setup to restri ct ALL external access and only allow services originating from the inside. A ca reful reader might realize that in neither of these cases is the firewall actual ly blocking all traffic from the outside. If that were the case how could one su rf the web and retrieve web pages? What the firewall is doing is restricting con nection requests from the outside. In the first case all connection requests fro m the inside are passed to the outside as well as all subsequent data transfer o n that connection. From the exterior, only a connection request to the web serve r is allowed to complete and pass data, all others are blocked. The second case is more stringent as connections can only be made from the interior to the exter ior. More complex firewall rules can utilize what is called st teful inspection te chniques. This approach adds to the basic port blocking approach by looking at t raffic behaviors and sequences to detect spoof attacks and denial of service att acks. Deterring criminal actions requires some amount of international legal machinery such as common definitions of criminal actions, standards for the collection of forensic evidence, extradition agreements, and the like. Deterring State attack ers requires less in the way of legal procedures, but requires the defender to h ave a national policy that recognizes information attacks as attacks under the U nited Nations Charter that justify self-defense and constitute threats to peace. Costs of deterrence as seen by Government will differ from those seen by a priv ate system owner in magnitude and cost-benefit expectations. National expenditur es for a prompt capability to respond to attacks on the State include the correl ation of intrusion events, the collection and dissemination of attack profiles a nd warnings, and the costs of participation in international organizations and j oint responses. A second way to prevent an attack is through establishing cyber attacks as unacceptable behavior among the community of nations. This can be thr ough formal arms control agreement, or it can be based on domestic laws and inte rnational agreements designed to protect privacy, property rights, and other gen erally accepted areas of mutual interest. Again, there is the implication that v iolators can be subject to sanctions including social disapproval, civil or crim inal penalties, or revocation of rights of access and use, a cyber equivalent of exile. A third way to prevent an attack is to pre-empt the attacker in a way th at results in abandoning the attack. This implies a great deal by way of nationa l surveillance capability to be able to provide strategic warning. So stealthy a re cyber attacks, so widespread is the ability to plan and launch them, so inexp ensive are the tools of attack, and so lacking are the indicators of cyber attac ks that pre-emption would not appear to be a practical option at this point. But should responsible norms of behavior in cyberspace become better Established, t he detection and identification of abnormal behavior may become easier. THWARTING AN ATTACK While preventing attack is largely based on government authority and responsibil ity, the detailed knowledge needed to thwart an attack on a cyber system to prev ent damage rests primarily with its owner. The least complicated case is where t he system owner acts individually. Not only must the owner be concerned with def ense from outsiders, but also needs to recognize that not all authorized users o f the system may have the owners interests at heart. There are many ways of defen ding systems against cyber attack, and some minimal number must probably be empl oyed for the owner to demonstrate due diligence. Thus, techniques such as requir ing authorization to enter, monitoring and recording the use of the system to de tect unauthorized activities, periodic checking on the integrity of critical sof tware, and establishing and enforcing policies governing system security and res

ponses to unexpected event will be necessary. Owners can limit unauthorized acti vities through compartmenting information within the PREVENTING AN ATTACK There are at least three ways to prevent an attack, and all three are ultimately forms of active defense. One is to deter the attacker by having a demonstrated capability to punish the attacker. This implies that the attacker understands th e risk of being identified and located; that the defender is seen as credible in a resolve to punish, and that the cost of punishing is acceptable to the defender . A simple situation is when the attacker suffers a large front end loss through d iscovery during the probe phase and the defender can accomplish that discovery c heaply. When the cost to the defender to punish is less than the loss that can b e caused by the attacker, there will clearly be an incentive to develop ways of discovering attackers. But the more common situation is when the relatively high costs of legal Prosecution of a single attacker are returned in reduced losses over the longer term. Armageddon08 April 01, 2008 Computer Society of India (CSI) [5] Warfare: Paper Presentation

system and maintaining need-to-know discipline. Owners can provide themselves su bstantially more rights to monitor inside users by covering access through contr actual terms with employees and vendors. LIMITING DAMAGE DURING A SUCCESSFUL ATTACK The central idea of this strategic objective is to limit damage in the trans-att ack period by constructing an incident management system. The premised technical c apability is the ability of the defender to audit system operation, to be able t o detect an attack underway, and to take steps in realtime to limit the extent o f the damage. Defender can apply to the company level, the industry level, or the national level. Damage limitation implies, beyond having attack templ tes to enabl e recognition that an attack is under way, the linking of system operation cente rs to higher-level analysis centers for situation awareness and attack assessmen t. This also implies having pre-established response options at the company, ind ustry, or national level. Several kinds of responses are possible. Adaptive defe nse allows a defender to increase levels of defense, Such as calling for re-auth entication of all users, or those currently undertaking critical functions or ac cessing critical information, putting critical transactions in qu r ntine until th ey can be more thoroughly scrutinized, backing-up system status, providing realtime warning to other systems, and increasing the collection of forensic evidenc e In this regard, system design must have an explicitly defensive aspect, where mo dels of attackers and their strategies and tactics are established and where too ls for the collection of forensic data are provided. An analogy is the design of a military combat system. Not only must a system meet its functional objectives , but its defense in the face of hostile action is addressed at the beginning of the design process, not, as is often the case in commercial systems, the end of the process or even reactively. Information about the defense of the system sho uld be concealed from potential attackers and the system should be designed to g ive unsuccessful attackers as little information as possible on which to develop improved attacks. As a second response toward improving effectiveness, during t he development process, and after deployment, systems should be subject to indep endent penetration testing. Post-attack analysis of intrusion attempts, whether the attack was successful or not, is critical for a learning organization. While failure analysis is normal in areas such as transportation, power, and structur al failure, it is less common in the case of information systems where failures are more difficult to diagnose and where forensic evidence is more difficult to collect. Such data as are collected must be analyzed, not only to assess damage, but also to thwart a recurrence of that attack and to address possible inadequa cies in forensic data collection. While this may smack of locking the barn door after the horse has been stolen, if successful, the same attacker or others may repeat attacks, and hence there is ample opportunity for learning in the large. RECONSTITUTING AFTER AN ATTACK Short-term reconstitution is the set of first steps taken to meet the most urgen t threats to life and property. They include assessing damage and implementing a n appropriate recovery plan. Systems are restored from backups where possible, a nd residual resources may have to be rationed. It is possible that additional ca pacity can be generated as facilities that are idle or in maintenance are brough t on line. Online status reporting, dispatching of emergency personnel and repai r equipment, notification of users of possibly lost transactions, an ability to adjust plans in near-real time, and procedures for secure emergency communicatio n will be required. HALTING CYBER ATTACKS IN PROGRESS Along with the sharing of information, system administrators also need procedure s they can use to assist in ending attacks already under way. This need is parti cularly evident in DoS attacks, which can be of extended duration and which can shut down business operations while they occur. To aid in ending an attack, syst

em administrators would profit by working with infrastructure operators to trace the attack to its source and then to block the attacker. Methods for halting at tacks in progress as well as those for investigating attacks are constrained by the inability to easily identify and locate attackers. In the case of the Intern et, because packet source addresses are easily forged, the only way to identify an attacker with confidence is to trace the path taken by the packet through the routing infrastructure. This tracing is a manual process and essentially requir es the cooperation of every network operator between the attacker and his target . The inability to automatically trace the source of an attack in real-time sign ificantly impairs the ability of targets and law enforcement agencies to respond to incidents. IMPROVING DEFENDER PERFORMANCE A current management paradigm asserts that organizations must learn from experie nce. Even under the best of circumstances, events often unfold unpredictably. So cial and technological change may also diminish an organizations present effectiv eness. Recognizing this, there are two responses. The first response is to recog nize the possibility that the network system could fail in several ways. Initial design of new systems, or upgrades of existing systems, should include thorough analysis to identify potential flaws an attacker could exploit. Armageddon08 April 01, 2008 Computer Society of India (CSI) [6] Warfare: Paper Presentation

PROVIDING NATIONS ASSISTANCE TO DEVELOPING Developing nations face particularly severe shortages of resources and trained p ersonnel that both decrease their own security posture and prevent them from eff ectively providing assistance in such transnational efforts as investigation pro cedures. Developing nations need an awareness of the problem, as well as laws to address it that are compatible with the needs of the international community; b ut they also need more. All countries need the capability to assist each other i n developing skills in the pursuit of secure networks. CONCLUSION: The security issues in our networked systems as described in this paper identify some of the work that needs to be done, and the urgency with which concerns nee d to be addressed. Dependence on some of the IT-based infrastructures in several countries is such that serious national consequences could result from the expl oitation of their vulnerabilities. And as the density of networks increases, the necessity for transnational participation in improving network security increas es. The changing technologies and the potential for changing threats is taxing o ur understanding of the threats and how to deal with them. Due to the complexity and entanglement among networks and communities internationally, any increases in network security must involve the concerted efforts of as many nations as pos sible. We have to understand that a great deal can be accomplished through such mechanisms, but not without taking note of their earlier trouble spots. We must learn from prior unexpected consequences in international cooperation, just as i n the battle to secure networked systems, and be ever more cautious as we move f orward toward some type of international action. But move forward quickly we mus t if the benefits from the use of our networked systems are to be realized in th e myriad ways that they have been and are hoped for in the future. Nations must cooperate fully within their capability in order to contain the actions of those who threaten our networks, and to realize the positive vision that we have for our societies. 4. Batista, E., IDC: Tech Bucks, Hack Threats Up, Wired News, 23 December 2002: http://www.wired.com/news/infostructure/0,1377,56902,00. html. 5. Brush, C., Sur charge for Insecurity. Information Security Magazine, July 2001: http://www.info securitymag.com/articles/july01/departments _news.shtml. CERT/CC, CERT/CC Statis tics 1988-2002, 5 April 2002: http://www.cert.org/stats/cert_stats.html. 6. Cogl ianese, C., Globalization and the Design of International Institutions, In J. S. J. Nye, and John D. Donahue (Ed.), Governance in a Globalizing World, Washingto n D.C., Brookings Institution Press, 2002. Conry-Murray, A.Kerberos, Computer Se curity s Hellhound, Network Magazine, 5 July 2002, http://www.commweb.com/articl e/NMG20010620S0008/1. 7. Council of Europe, Convention on Cyber crime ETS no.: 1 85 - Explanatory Report (Article II, Section II) 23 November 2001: http://conven tions.coe.int/Treaty/en/Reports/Html/185.htm. REFERENCES: 1. Google Query-Serving Architecture at National Conference sponsored by NACC (Nat ional Assessment and Accreditation Council) By Suyog Dixit & Dr. R. K. Dixit (HO D of Computer Science, Indore) 2. Intrusion Controls in Computer Networks: How Ef fective Are They and What a Computer Engineer Can Do?, Published in National Semi nar, sponsored by Higher Education of M.P.) By Suyog Dixit & Dr. R. K. Dixit (HO D of Computer Science, Indore) 3. American Bar Association. International Cyber Crime Project of the ABA Privacy and Computer Crime Committee: http://www.abanet .org/scitech/computercrime/cybercrimepr oject.html.

Armageddon08 April 01, 2008 Computer Society of India (CSI) [7] Warfare: Paper Presentation