Side 1Security Technologies19.02.2007 15:23:13http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/security.htm
Table Of Contents
Chapter Goals
SecurityTechnologies
Security Issues When Connecting to the InternetProtectingConfidential InformationProtectingYour Network: Maintaining Internal Network System IntegrityTrusted, Untrusted,and Unknown NetworksTrusted NetworksUntrusted NetworksUnknown NetworksEstablishing a Security PerimeterPerimeter NetworksDeveloping Your Security DesignSummaryReview QuestionsFor More Information
Chapter Goals
• Understandthe types of attacks that may beused by hackersto undermine network security.• Understandthe types of vulnerabilities that may bepresentinyour network.• Learn to classify the different types of networks and users that may interact with your own, and evaluate theirrisk factors.• Learn to evaluate yournetwork topology and requirements, and develop a suitable security policy forimplementation.• Become familiar with the tools available for protecting confidential information and yournetwork.
SecurityTechnologies
With the rapid growth of interest inthe Internet,network security has become a major concern to companiesthroughout the world.The fact that the information and tools needed to penetrate the security of corporate networksarewidelyavailable has increasedthat concern.Because of this increasedfocus onnetwork security,network administrators often spend more effort protecting theirnetworks than onactualnetwork setup and administration. Toolsthat probe for system vulnerabilities,such as theSecurity Administrator Tool for Analyzing Networks (SATAN), and some of the newly available scanningandintrusion detection packages and appliances, assist inthese efforts, but these tools only point out areas ofweakness and may not provide a means to protect networks from all possibleattacks. Thus,as a networkadministrator,you must constantlytryto keep abreastof the large number of security issuesconfronting youintoday's world. This chapter describes manyof the security issues that arise when connecting a private network tothe Internet.
Security Issues When Connecting to the Internet
When youconnect yourprivate network to the Internet,you arephysicallyconnecting yournetwork to more than50,000 unknown networks and all their users. Although such connections open the door to manyuseful applicationsand provide great opportunities for information sharing, most private networks contain some information that shouldnot beshared with outside users onthe Internet. In addition, not all Internet users areinvolved inlawful activities.Thesetwo statements foreshadowthe key questions behindmost security issuesonthe Internet:• How doyou protect confidential information from those who donot explicitlyneed to access it?• How doyou protect yournetwork and its resources from malicious users and accidents that originateoutsideyour network?
Protecting Confidential Information
Side 2Security Technologies19.02.2007 15:23:13http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/security.htm
Confidential information can reside intwo states ona network.It can reside onphysical storage media, such as ahard drive or memory,or it can reside intransit across the physical network wire inthe form of packets. Thesetwoinformation states presentmultiple opportunities for attacksfrom users onyour internal network,as well as thoseusers onthe Internet.We areprimarily concernedwith the second state,which involves network security issues.The following arefive commonmethods of attack that present opportunities to compromise the information onyournetwork:• Network packet sniffers• IPspoofing• Password attacks• Distributionof sensitive internal information to external sources• Man-in-the-middle attacksWhen protecting yourinformation from these attacks,your concern is to prevent the theft, destruction, corruption,and introduction of information that can cause irreparable damage to sensitive and confidential data. This sectiondescribes these commonmethods of attack and provides examples of how yourinformation can becompromised.
Network Packet Sniffers
Because networked computerscommunicate serially (one information piece is sent after another), large informationpieces arebroken into smaller pieces.(The information stream wouldbebroken into smaller pieces even if networkscommunicated inparallel. The overriding reason for breakingstreams into network packets is that computershavelimited intermediate buffers.) Thesesmaller pieces arecalled
network packets
. Several network applicationsdistribute network packets in
clear text
—that is,the information sent across the network is not encrypted.(Encryption is the transformation, or scrambling, of a message into anunreadableformat by using a mathematicalalgorithm.) Because the network packets arenot encrypted, they can beprocessed and understoodby anyapplication that can pick them upoffthe network and processthem.A
network protocol
specifies how packets areidentifiedand labeled,which enablesa computerto determinewhether a packet is intendedfor it.Because the specifications for network protocols,such as TCP/IP,arewidelypublished, a third party can easily interpretthe network packets and develop a packet sniffer. (The real threat todayresults from the numerous freeware and shareware packet sniffers that areavailable,which donot require the userto understandanything about the underlying protocols.) A
packet sniffer
is a softwareapplication that uses anetwork adapter card inpromiscuous mode (a mode inwhich the network adapter card sendsall packets receivedonthe physical network wire to anapplication for processing) to capture all network packets that aresent across alocal-area network.Because several network applications distribute network packets inclear text,a packet sniffer can provide its userwith meaningful and often sensitive information, such as user accountnames and passwords. If you use networkeddatabases, a packet sniffer can provide anattacker with information that is queried from the database, as well asthe user accountnames and passwords used to access the database. One serious problem with acquiring useraccountnames and passwords is that users often reuse their login names and passwords across multipleapplications.In addition,manynetwork administrators use packet sniffers to diagnose and fix network-related problems. Becauseinthe course of their usual and necessary duties these network administrators (such as those inthe PayrollDepartment) work during regular employee hours, they can potentiallyexaminesensitive information distributedacross the network.Many users employ a single password for access to all accountsand applications.If anapplication is runinclient/ servermode and authentication information is sent across the network inclear text,this same authenticationinformation likely can beused to gain access to other corporate resources. Because attackers know and use humancharacteristics(attack methodsknown collectivelyas
social engineering attacks
), such as using a single passwordfor multiple accounts,they areoften successful ingaining access to sensitive information.
IP Spoofing and Denial-of-Service Attacks
An
IPspoofing attack
occurs when anattacker outside yournetwork pretends to bea trusted computer. This isfacilitated either by using anIPaddress that is within the range of IPaddresses for your network, or by using anauthorized external IP address that you trust and to which youwant to provide access to specified resources onyournetwork.Normally, anIPspoofing attack is limited to the injectionof data or commands into anexisting stream of datapassed betweena client and serverapplication or a peer-to-peer network connection. To enable bidirectionalcommunication, the attacker must change all routing tables to point to the spoofed IP address.
Side 3Security Technologies19.02.2007 15:23:13http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/security.htm
However,if anattacker manages to change the routing tables to point to the spoofed IP address,hecan receive allthe network packets that areaddressedto the spoofed address and can reply just as anytrusted user can.Another approach that the attacker could take is to not worry about receiving anyresponse from the targeted host.This is called a
denial-of-service (DOS) attack
.The denial of service occurs because the system receiving therequestsbecomes busytryingto establish a return communications path with the initiator (which may or may not beusing a valid IPaddress).In more technical terms,the targeted host receives a TCP SYNand returns a SYN-ACK. Itthen remains ina wait state, anticipating the completion of the TCP handshake that never happens. Each wait stateuses system resources until eventually, the host cannot respond to other legitimate requests.Like packet sniffers,IP spoofing and DOS attacksarenot restricted to people who areexternal to the network.
Password Attacks
Password attackscan beimplemented using several different methods,including brute-force attacks, Trojan horseprograms (discussed later inthe chapter),IP spoofing, and packet sniffers.Although packet sniffers and IP spoofingcan yield user accountsand passwords,password attacksusually refer to repeated attempts to identifya useraccountand/or password;these repeated attemptsarecalled brute-force attacks.Often, a brute-force attack is performed using a dictionary program that runs across the network and attemptsto loginto a shared resource,such as a server. When anattacker successfullygains access to a resource,that personhas the same rights as the user whose accounthas been compromised to gain access to that resource.If thisaccounthas sufficient privileges,the attacker can create a back door for future access, without concern for anystatus and password changes to the compromised user account.
Distribution of Sensitive Information
Controlling the distribution of sensitive information is at the core of a network security policy. Although such anattack may not seem obvious to you,the majority of computerbreak-ins that organizations suffer areat the hands ofdisgruntled presentor former employees.At the core of these security breaches is the distribution of sensitiveinformation to competitors or others that will use it to your disadvantage.An outside intruder can use password andIP spoofing attacksto copyinformation, and aninternal user can easily place sensitive information onanexternalcomputeror share a drive onthe network with other users.For example,aninternal user could place a file onanexternal FTP serverwithout ever leaving his or herdesk.Theuser could also e-mail anattachment that contains sensitive information to anexternal user.
Man-in-the-Middle Attacks
A
man-in-the-middle attack
requires that the attacker have access to network packets that come across thenetworks. An exampleof such a configuration could besomeone who is workingfor yourInternet service provider(ISP),who can gain access to all network packets transferredbetweenyournetwork and anyother network. Suchattacksareoften implemented using network packet sniffers and routing and transport protocols.The possibleusesof such attacksaretheft of information,hijacking of anongoing session to gain access to yourinternal networkresources, traffic analysis to derive information about your network and its users,denial of service,corruption oftransmitted data,and introduction of new information into network sessions.
Protecting Your Network: Maintaining Internal Network System Integrity
Although protecting yourinformation may beyourhighest priority,protecting the integrityof yournetwork is critical inyour ability to protect the information it contains.A breach inthe integrityof your network can beextremely costly intime and effort, and it can open multiple avenues for continuedattacks. This sectioncovers the five methodsofattack that arecommonly used to compromise the integrityof your network:• Network packet sniffers• IPspoofing• Password attacks• Denial-of-service attacks• Application layer attacksWhen considering what to protect within yournetwork,you areconcernedwith maintaining the integrityof thephysical network, yournetwork software,anyother network resources, and your reputation. This integrity involvesthe verifiable identityof computersand users, proper operation of the services that your network provides,andoptimal network performance;all these concerns areimportant inmaintaining a productive network environment.
Search History:
Result 00 of 00
00 results for result for
p.
Notes
Load more
