Network security

Security has moved to the forefront of network management and implementation. The overall security challenge is to find a balance between two important requirements: the need to open networks to support evolving business opportunities, and the need to protect private, personal, and strategic business information.
The application of an effective security policy is the most important step that an organization can take to protect its network. It provides guidelines about the activities to be carried out and the resources to be used to secure an organization's network.
Layer 2 security is not discussed in this chapter. For information about Layer 2 LAN security measures, refer to the Exploration: Switching and Wireless course.
Why is Network Security Important?
Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. To make the situation even more challenging, the types of potential threats to network security are always evolving.
As e-business and Internet applications continue to grow, finding the balance between being isolated and open is critical. In addition, the rise of mobile commerce and wireless networks demands that security solutions become seamlessly integrated, more transparent, and more flexible.
In this chapter you are going to be taken on a whirlwind tour of the world of network security. You will learn about different types of threats, the development of organizational security policies, mitigation techniques, and Cisco IOS software tools to help secure networks. The chapter ends with a look at managing Cisco IOS software images. Although this may not seem like a security issue, Cisco IOS software images and configurations can be deleted. Devices compromised in this way pose security risks.
The Increasing Threat to Security
Over the years, network attack tools and methods have evolved. As shown in the figure, in 1985 an attacker had to have sophisticated computer, programming, and networking knowledge to make use of rudimentary tools and basic attacks. As time went on, and attackers' methods and tools improved, attackers no longer required the same level of sophisticated knowledge. This has effectively lowered the entry-level requirements for attackers. People who previously would not have participated in computer crime are now able to do so.
As the types of threats, attacks, and exploits have evolved, various terms have been coined to describe the individuals involved. Some of the most common terms are as follows:
White hat-An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them.
Hacker-A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.
Black hat-Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat.
Cracker-A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent.
Phreaker-An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls.
Spammer-An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages.
Phisher-Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.
Think Like a Attacker
The attacker's goal is to compromise a network target or an application running within a network. Many attackers use this seven-step process to gain information and state an attack.
Step 1. Perform footprint analysis (reconnaissance). A company webpage can lead to information, such as the IP addresses of servers. From there, an attacker can build a picture of the security profile or "footprint" of the company.
Step 2. Enumerate information. An attacker can expand on the footprint by monitoring network traffic with a packet sniffer such as Wireshark, finding information such as version numbers of FTP servers and mail servers. A cross-reference with vulnerability databases exposes the applications of the company to potential exploits.
Step 3. Manipulate users to gain access. Sometimes employees choose passwords that are easily crackable. In other instances, employees can be duped by talented attackers into giving up sensitive access-related information.
Step 4. Escalate privileges. After attackers gain basic access, they use their skills to increase their network privileges.
Step 5. Gather additional passwords and secrets. With improved access privileges, attackers use their talents to gain access to well-guarded, sensitive information.
Step 6. Install backdoors. Backdoors provide the attacker with a way to enter the system without being detected. The most common backdoor is an open listening TCP or UDP port.
Step 7. Leverage the compromised system. After a system is compromised, an attacker uses it to stage attacks on other hosts in the network.
Types of Computer Crime
As security measures have improved over the years, some of the most common types of attacks have diminished in frequency, while new ones have emerged. Conceiving of network security solutions begins with an appreciation of the complete scope of computer crime. These are the most commonly reported acts of computer crime that have network security implications:
Insider abuse of network access
Mobile device theft
Phishing where an organization is fraudulently represented as the sender
Instant messaging misuse
Denial of service
Unauthorized access to information
Bots within the organization
Theft of customer or employee data
Abuse of wireless network
System penetration
Financial fraud
Password sniffing
Key logging
Website defacement
Misuse of a public web application
Theft of proprietary information
Exploiting the DNS server of an organization
Telecom fraud
Note: In certain countries, some of these activities may not be a crime, but are still a problem.
Open versus Closed Networks
The overall security challenge facing network administrators is balancing two important needs: keeping networks open to support evolving business requirements and protecting private, personal, and strategic business information.
Network security models follow a progressive scale from open-any service is permitted unless it is expressly denied-to restrictive-services are denied by default unless deemed necessary. In the case of the open network, the security risks are self-evident. In the case of the closed network, the rules for what are permitted are defined in the form of a policy by an individual or group in the organization.
A change in access policy may be as simple as asking a network administrator to enable a service. Depending on the company, a change could require an amendment to the enterprise security policy before the administrator is allowed to enable the service. For example, a security policy could disallow the use of instant messaging (IM) services, but demand from employees may cause the company to change the policy.
An extreme alternative for managing security is to completely close a network from the outside world. A closed network provides connectivity only to trusted known parties and sites. A closed network does not allow a connection to public networks. Because there is no outside connectivity, networks designed in this way are considered safe from outside attacks. However, internal threats still exist. A closed network does little to prevent attacks from within the enterprise.
Developing a Security Policy
The first step any organization should take to protect its data and itself from a liability challenge is to develop a security policy. A policy is a set of principles that guide decision-making processes and enable leaders in an organization to distribute authority confidently. RFC2196 states that a "security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide." A security policy can be as simple as a brief Acceptable Use Policy for network resources, or it can be several hundred pages long and detail every element of connectivity and associated policies.
A security policy meets these goals:
Informs users, staff, and managers of their obligatory requirements for protecting technology and information assets
Specifies the mechanisms through which these requirements can be met
Provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance with the policy
Assembling a security policy can be daunting if it is undertaken without guidance. For this reason, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have published a security standard document called ISO/IEC 27002. This document refers specifically to information technology and outlines a code of practice for information security management.
ISO/IEC 27002 is intended to be a common basis and practical guideline for developing organizational security standards and effective security management practices. The document consists of 12 sections:
Risk assessment
Security policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
Access control
Information systems acquisition, development, and maintenance
Information security incident management
Business continuity management
This chapter focuses on the security policy section. To read about all the sections, visit The development of the network security policy document is discussed in topic 4.1.5 "The Network Security Wheel" and topic 4.1.6 "The Enterprise Security Policy."


Post a Comment


NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog