This article constitutes section 1, part C, chapter 8 and 9 of the CIW Website design manager course briefly covers: Server-Side Network Security Essentials and Enterprise Network Security.
Network Security is quite well covered by the ubiquitous Wikipedia.
Network Security Essentials
Defence and protection are the watch words of network security. The International Organisation for Standardisation (ISO) published ISO 7498, which defines security as a means to reduce, to the greatest extent possible, the vulnerability of data and resources. It further refers to the protection of assets, defining assets as: data, applications, and resources on any computing system.
- Local Resources – is largely about configuring workstations correctly and educating users in the correct operation of their system and the hazards present on the Internet.
- Network Resources – TCP/IP has no inherent protection available, so alternative means are required to prevent unauthorised access to the network.
- Server Resources – Web, e-mail and FTP servers are vulnerable to attack as they need to be visible to the outside world. This can, in turn, provide a route for a hacker into other servers.
- Database and Information Resources – As the likely storage point for company confidential information, these servers are more likely to be targeted, so security is very important.
Essentially there are two kinds of threat to your systems and network:
Accidental Threats – These come from ordinary, innocent users who, through lack of traing or lack of enforced policies, can perform an action which can damage systems or data, or expose sensitive information to unauthorised persons.
Intentional Threats – The Hacker! One who attempts to discover, penetrate and/or control system resources. The Casual Hacker: someone seeking information or simply seeking thrills. The Determined Hacker: Information seeking, perhaps industrial espionage or even an ideological reason.
Types of Attack
Hackers are constantly developing new techniques, tools and methods. But, attacks can usually be categorised by the following types:
- Spoofing Attacks – these occur when an unauthorised host assumes the identity of e legitimate network device.
- Man-in-the-Middle Attacks – these attacks occur when a hacker intercepts packets being sent from one host to another.
- Denial of Service Attacks – these are the most common type of attack. When a host under attack runs out of resources, after being flooded with malicious requests, it cannot perform it’s intended function.
- Insider Attacks – may be a disgruntled employee who has obtained passwords inappropriately.
- Brute Force Attacks – by using software to try every possible password permutation to gain access.
- Trapdoor Attacks – exploiting weaknesses by finding diagnostic or guest logins that have not been disabled.
- Trojan Horse Attacks – a variation of the trapdoor attack. Hiding an unauthorised command within a commonly used function. (One my log-files reveal to be a frequently searched for term)
- Social Engineering Attacks – This involves the hacker attempting to gain the trust, or obtain knowledge about, an employee, in the hope that this will reveal an entry point.
- Viruses – A virus is a malicious program designed to damage network equipment, including stand-alone computers.
- Macros – small programs written in macro code for word processor or spreadsheet applications.
- Executables – viruses that attach themselves to executable programs and activate when that program is launched.
- Boot Sector – These viruses copy themselves to the boot sector of the hard drive(s), allowing themselves to be loaded each time the system starts.
- Stealth – A stealth virus attempts to blocks detection by redirecting hard drive read requests.
- Polymorphic – Changes the manner it runs each time it appears as a different process making it very difficult to detect.
Security Auditing Process
The only way to determine a network’s ability to withstand discovery, penetration and control is to conduct a thorough auditing process. Auditing should be an ongoing activity, and effective security involves both manual and automated analysis. There are three key steps that should be taken when determining the level of security needed for a network:
- Status Quo Analysis – the first step must always be to determine the current level of security at the site in question.
- Risk Analysis – determine potential risks. For example: do the web server use CGI scripts, do the FTP servers have passwords and have the server default directories been changed.
- Threat Analysis – are the most likely attacks going to be from inside or outside the organisation? what might the motivation be for such an attack?
Enterprise Network Security
When communicating and conducting business over long distances, ensuring privacy and determining the true identity of the person with whom you are communicating can be difficult. This chapter will look at authentication, encryption and firewalls when attempting to validate the identity of a communication partner.
Authentication is the ability to determine the true identity of a user. To communicate effectively, users in enterprise networks must ensure that they are actually communicating with the person they want to address. However, IP spoofing, falsified e-mail, social engineering, and other techniques all intervene to defeat the authentication process.
Networks can employ three methods to achieve authentication. You can prove your identity by:
- What you know – this, generally, involves the use of passwords. However, if you give your password to someone else, or allow your password to become known to someone else, then that person can use the password to gain access to the computer as you.
- What you have – this method requires that you have some physical item of proof, such as a key or a swipe card. If the key or the card were to fall into the wrong hands, security is compromised.
- Who you are – this is a more advanced method and uses biometric means such as fingerprint, retinal scans or voice analysis to identify you uniquely.
No one method is entirely fool-proof so it is usual to combine two or more methods to try and prevent any breach of security.
Encryption is the primary means to ensure privacy across the enterprise. This technique is often used to assist authentication efforts, as well. There are, currently, three encryption models:
- Symmetric Key Encryption – In symmetric key, or single key, encryption, one key is used to encrypt and decrypt messages. Even though single key encryption is a simple process, all parties must know and trust one another completely, and have confidential copies of the key.
- Asymmetric Key Encryption – Asymmetric key encryption uses a key pair in the encryption process. A key pair is a mathematically matched key set in which one key encrypts and one key decrypts. Although source and destination have different keys, messages can be encrypted/decrypted in either direction. This type of key is also known as a public key.
- One-way Key Encryption – Also known as hash encryption. This is used to encrypt information and produce a hash code. The information may not be decrypted, but the hash code can be verified to prove the information valid.
Applied Encryption is simply using the above methods in combination.
There are many other aspects to encryption including: network level protocol, VPNs, Kerberos, One-time passwords, SSL and certificates. But, if you want to learn about these, you will need to do the course.
A Firewall is an additional level of network security. A secure computer system placed between a trusted network and an untrusted one, such as the Internet. On one side of the firewall is your company’s production network, which you supervise, the other side faces a public network, over which you have no control.
What can a Firewall do?
A firewall controls access to your network. It can also create secure intranet domains. Furthermore, it is the primary means of enforcing your security policy, greatly simplifying the tasks of determining threats and using countermeasures. A firewall can further enhance privacy by “hiding” your internal systems and information from the public.
Firewalls allow users from a protected network to access a public network while, simultaneously, making selected products and services, of the protected company, available to the public.
Potential functions of a firewall include:
- Filtering packets
- Serving as a circuit-level or application-level gateway
- Detecting intrusions
- Providing enhance password authentication
- Logging and reporting
- Taking evasive actions
- Permitting encrypted access (with VPN)