Introduction to Network Security
Matt Curtin*
March 1997
Reprinted with the permission of Kent Information Services, Inc.
Abstract
[Network seomity is a complicated subject histonically only tackled by welltrainad and experienced
experts, However, as more and more people became “wired”, an increasing mumber of people nee!
‘to understand the besics of security in a networked world, This document was written with the basic
computer user and information systems manager in mind, explaining the canccpts noeded to read through
‘the bype in the marketplace and understand risks and how to deal with them.
Some history of networking is included, as well as an introduction to TCP/IP ane internetworking.
‘We gp on to consider risk management, network throats, firewalls, and more special-purpose secure
networking devioes,
‘This is not intended to be a Sfreqnently asked questions” reference, nor is it a Shandon” document
ctscrbing how to accomplish specific fmctionality
‘Te hoped that the reader will havea wider perpective on security in general, and better understand
Iw to rednce and manage risk personally, at home, and in the workplace,
This work completed while at Megandft Online, for Kent Infomation Serves
1Contents
1 Introduction to Networking
‘1.1 What isa Network? . 2.2.06
1.2. The ISO/OSI Reference Modal *
13 What are some Popular Networks?
13.1 UUCP... .
13.2 The Internet.
2 TCP/IP: The Language of the Intemet
21 Open Design.
22 DP oveeee
224 “Unlertanding 1?
2.2.2 Attacks Against IP
23 TCP
23.1 "Guaranteed Packet Delivery
24 UDP
24.1 "Lower Overbead than TCP |
3. Risk Management: The Game of Security
4 ‘Types And Sources Of Network Threats
4.1 DeniabofService .. . . .
4.2 Unautharized Aowss . .
42.1 Exeonting Commands Mlicitly
42.2 Confidentiality Breaches «
42.3 Destructive Behavior « « «
43. Whaw Do They Cane Fron
4A Lesons Leamed
44.1. Hope you have backups «
44.2 Don't put data where it docsr’t neod to be’ +
44.3. Avoid systems with single points of failure «
444 Stay current with relevant operating system patches
44.5 Watch for relevant security advisories. :
4.6 Have scmeone on staff be faniliar with Security practices |
5 Firewalls
51 Types of Firewalls... .
5.1L Application Gateways
2 Packet Filtering
5.13 Hybrid Systems. .
5.2 So, what's best for me? .
53 Some Wark of Caution .
53.1 Single Points of Failure
6 Secure Network Devices
6.1 Secure Modems Dial-Back Systems .
6.2. Crypto-Capable Routers .
63. Virtual Private Networks
7 Conclusions 15‘Application
Presentation
Session
Transport
Network
Data Link
Physical
Figure 1: The ISO/OSI Reference Model
1 Introduction to Networking
A basic undastanding of computer networks is requisite in order to understand the principles of network
security. Ih this section, welll cover some of the foundations of computer networking, then move an to an
overview of some popular networks, Following that, we'll take a more in-depth look at TCP /IP, the network
protocd suite that is used to run the Intemet and many intranets.
(Once we've covered this, we'll gp back and discuss some of the threats that managers and administrators
of computer networks need to confront, and then some tools that can be used to rechive the exposure to the
thks of network computing,
1.1 What is a Network?
A “network” has been defined[I] as ‘any’ set of intertinking lines resembling a net, a network of roads [| an
interconnected system, @ network of alliances” This definition suits our purpose well: a computer netweark
4s simply a system of interconnected computers. How they"re connected is inelevant, and as we'll sp0n S00,
there are a number of ways to do this.
1.2. The ISO/OSI Reference Model
‘The International Standanis Organization (ISO) Open Systems Interconnect (OSI) Reference Model defines
seven layers of communications types, and the interfaces among them. (See Figure 1.) Each layer depends
on the services provided by the Tayer bdow it, all the way down to the physical network hardware, such 2
the computer's network interface card, and the wires that comect the cards together.
An easy way to look at this is to compare this modd with something, we tse daily: the telephone. Tn
order for you and T to talk when we're out of earshot, we need a device like a telephone. (In the ISO/OSI
moda, this is at the application layer.) The telephones, of oouse, are uscless unless they have the ability to
translate the sound into electronic pulses that: can be transferred over wire and back again, (These functions
are provided in layers below the application layer.) Finally, we get down to the physical connection: both
must. be plugged into an outlet that is connected to a switch that’s part of the telephone system's netweark
of switebes.
EF Tplace a call to you, I pick up the receiver, and dial your manber, This number specifies which central
office to which to send my request, and then which phone from that, central offie to ring, Once you answer
the phone, we begin talking, and our session has begun, Canceptually, computer networks funetion exactly
the same way
J it important for you to manotize the ISO/OSI Reference Models layers; but it's useful to know
that they exist, and that each layer cannot. work without the services provided by the layer bow it.