470 likes | 494 Views
Inter/Intra/Extra/Network Connectivity, Security and Administration (Everything you always wanted to know - but were afraid to ask). Solutech, Inc. Craig Ingram Senior Consultant Omaha, NE. The Internet is:. a global network of networks. the purest form of electronic democracy
E N D
Inter/Intra/Extra/Network Connectivity, Security and Administration (Everything you always wanted to know - but were afraid to ask)
Solutech, Inc. Craig Ingram Senior Consultant Omaha, NE.
The Internet is: a global network of networks. the purest form of electronic democracy .... or anarchy. A giant international network of intelligent, informed computer enthusiasts, which are: People without lives!
The Internet is not: A single computer. A single Network. Vendor specific. Run by a single person, group, or organization or government. By default, secure.
The Internet is comprised of: Universities Corporations Governments Government Agencies Service Providers (AOL, etc.) Individuals Every time you tap into the Internet, you become an extension of the it.
A Brief History The Internet is not new - Outcome of the Cold War. 1969: Advanced research Projects Agency Network (ARPANet). Provide redundant connectivity between government, education, and research labs. Funded by DoD. Internet Protocols (TCP/IP) were developed to link disparate hardware and software platforms together. The TCP/IP design allows: For tens of thousands of networks, comprised of millions of computers. Every computer is equal to every other computer. Initial uses were text-based Email and file transfers.
A Network A network is comprised of multiple computers, file server(s), other servers, hubs and routers. Routers are used to interconnect separate networks. They isolate one network from another. Can provide a form of security (via filtering of IP addresses). A message is not forwarded unless the router’s table contains the appropriate link.
TCP/IP Is not a single protocol. A suite of protocols - each providing a specific function. Spans two layers of the OSI model.
OSI Application Messages Flows down through the OSI stack on Host A. Across the network connection. Flows up the OSI stack on Host B. On the transmitting device, each layer appends its own header (containing fields) to the original message. On the receiving device, each layer strips off its corresponding header.
The Internet Protocol Every computer attached to the internet must have a unique address. An IP address is requested from, assigned, and tracked by InterNIC. Each IP address is composed of 32 bits, arranged as 4 8-bit octects. 192.168.1.1 Internet messages can vary in length from several hundred bytes to 65.565 bytes. A long message will be broken into multiple smaller packets. Each packet contains a header reflecting the 32-bit source and 32-bit destination address. IP does not guarantee source or destination address, or that a packet was delivered, delivered only once, or in the correct order. Authentication, sequencing, and security is provided by higher layer protocols.
TCP TCP provides reliable connections to end hosts. The ordering is provided by a sequence number in each packet. Every TCP message is marked as being from a particular host and port number, to a destination host and port number. Hosts “listen” on software ‘ports’ to determine the type of service needed by the packet.
Domain Name Services IP addresses work well for computers - but not for humans. Enter the concept of a Domain name. Example: spacelink.msfc.nasa.gov It is read by the computer from right to left, as follows: The top domain is gov - government. The next domain is nasa - NASA. The next domain is msfc - Marshall Space Flight Center. The last domain is spacelink - a computer running the spacelink program, or it could be the computer’s name. Domain Named Servers communicate domain changes/add/deletes with each other on a regular basis.
EMail The spacelink.msfc.nasa.gov computer may be an Email server. An example of an Email address on this server might be: name@spacelink.msfc.nasa.gov An example for Fred Pfizer on the above computer might be: fpfizer@spacelink.msfc.nasa.gov or it could look like this (up to the Email administrator): Fred.Pfizer@spacelink.msfc.nasa.com
Connectibility Direction connection Normally done through a Local Area Network (LAN) via an Internet Service Provider. Connection is constant (24 hrs/day, 7 days/wk)) Normally provides fastest speed and quickest access. Cable modems are a reality. CAUTION! Dial-In Connection Normally done over a phone line. Slower speed than a LAN or cable modem. Response times are a function of the ISP’s Internet connection as well as your local connection speed.
The World Wide Web Fastest growing part of the Internet. “Surfing” the net Globally connected Operates as a ‘client/server’ You run a web browser on your PC. The browser contacts a Web server and requests information. You have now become an extension of the Internet.
“Home Pages” Identify and personalize an entity on the WWW. They can incorporate text, graphics, sound, etc…. They are connected using the hypertext protocol (http). They are created using a Hypertext Markup Language (HTML). JAVA: mini applications included in HTML as tags that execute on the browser. PEARL is similar.
Internet Tool Examples Gopher Telnet File Transfer Protocol Web Crawlers WHOIS Ping Traceroute A good tool + a good guy = good things. A good tool + a bad guy = bad things.
Hacking Tool Examples Rootkit COPS SATAN PRIEST BackOrifice BackOrifice2K All are available for download from the Internet.
Routing Protocols Routers communicate paths between themselves with routing protocols. This way they always know the shortest path between two hosts (hops) and what paths are available. Let’s say you’re on the INET in Omaha and attach to a server in SF One potential router path might be: Omaha-St Louis-LA-SF Another path might be: Omaha-NYC-Atlanta-SF Yet a third path could be: Omaha-Minneapolis-Atlanta-SF
Routing Concerns Every hop along the way becomes a potential breach of security. Also remember: - a large message will be broken up into multiple packets, with each packet potentially taking a different path to your PC.
Domain Name Servers In the previous example, assume each site had a Domain Name Server. Each DNS contains a listing of other DNS’s in their area. As your search propagated from one DNS to another, the risk of packet interception increases. Imagine the potential for disaster is a DNS were compromised. Imagine if a host site had multiple servers and one of them was compromised. Once compromised, the hacker now has ‘inside’ details on other servers served by that server. And the saga continues through other servers, into other servers, etc.
Security Summary Potential security holes include: Connecting to the Internet Redundancy in connectivity between routers (routing protocols). IP addressing (source and destination) TCP port address (source and destination) DNS table update protocol Network tools Passwords Non-encryption of messages
Firewalls A firewall is a device designed to prevent outsiders from accessing your network. They can also be used internally to isolate one network from another. They allow you to grant or deny access based on many variables (rules). These rules are set in the firewall, based on your Security Policy. Two basic types of firewalls: Network level Application gateway
Selecting a Firewall There are 6 general steps to selecting a Firewall that’s right for your environment. 1) Identify your topology, applications, and protocol needs. 2) Analyze trust relationships within your organization. 3) Develop security policies based on these trust relationships. 4) Identify the right firewall for your specific configuration. 5) Employ the firewall correctly. 6) Test your firewall policies religiously.
Security Policy Development a.k.a. inventing the wheel
A Security Policy is: A set of instructions, that collectively, determines an organization’s posture towards security. They set the limits of acceptable behavior, and what the response to violations will be. Remember …. Whether a security policy is formally spelled out, or not, one always exists. If nothing else is said or implemented, the default policy is: ANYTHING GOES!
Network Security . . . . A Journey, not a destination. View security as a critical business process to address the ever-changing risk environment. It is not be a program, but a process. Use a combinations of Techniques, Tools and Products. If the only tool you’ve got is a hammer, it’s amazing how many problems start looking like nails.
Security Decisions Decide what is, and is not permitted. This process is normally driven by the business or structural needs of the organization, such as: An edict that bars personal use of corporate computers. Restrictions on outgoing traffic (employees exporting valuable data). Not allowing a specific protocol because it cannot be administered securely. Not allowing employees to import software without proper permission (licensing issues, virus’, etc). This philosophy extends to opposite ends of the scale. We’ll run it unless, and until, you Show me it’s both safe and necessary can show me that it’s broken. otherwise we won’t run it at all.
Fundamental Premise Anyone can break into anything if they have the sufficient: Motivation - They have to want to do it. Skill - They have to be good enough to understand and pierce the defenses. Opportunity - They have to have enough access to the defenses for long enough to penetrate them.
Identify Resources It’s difficult to protect something you don’t know you have - or know what its worth. Identify all resources to be protected, such as: Mainframes Servers and Workstations (including laptops) Interconnection devices (gateways, routers, bridges, hubs, etc.) Terminal servers Network and applications software Network cables Information in files and databases
Ask Yourself What resources are you trying to protect, and why? Which people do you need to protect the resources from? Internal threats External threats (Perimeter security) How likely are the threats? How important is the resource? What measures can you take to protect your assets in a cost-effective and timely manner. Periodically examine your network security policy to see if your objectives and network circumstances have changes. Understand the Bad Guy!!
Identify the Threats An understanding of the technology is important, but common sense is equally valuable in stopping potential security threats. Define Authorized Access Physical access to computing facilities. Access to computers. “Borrowing” another user’s account/password (Training and Policy issues). Identify the Risk of Information Disclosure Determine the value or sensitivity of the information stored on your computers. Encrypt password files. Use minimum 8 characters passwords (mixed alpha/numeric, upper/lower case). Change passwords on a regular basis. Don’t forget laptops.
Network Use & Responsibilities Who is allowed to use the network? What are the proper use of network resources? Who is authorized to grant access an approve usage? Who has system administrative privileges? What the user’s rights and responsibilities? (In WRITING?) What are the rights and responsibilities of the system administrator vs. those of the users? (In WRITING). What do you do with sensitive information? Outdated IP listings and network drawings? Crashed hard drives? Network documentation? Off site storage of backups and their transportation?
Plan of Action Develop a plan of action when a security policy is violated. Response to security violations from the ‘outside’. Response to security violations by local users (from the inside). Response strategies. Define the responsibilities of being a good citizen on the Internet. Contacts and responsibilities to external organization (CERT, etc).
Identify and Prevent Security Problems Access points. Improperly configured systems. Software bugs and patches. Insider threats. Physical security. Confidentiality.
Publicize the Policy How to ‘Get the Word Out’: Committee input for policy creation. Training. User Mailing lists. Committee review of the policy on a regular basis. Signed policy commitment by all employees. Keep on file.
Additional Administration Understand firewall and router functions and limitations. Understand your needs and what your trying to protect. Have your firewall and routers professionally installed. Initially configured for minimum passthrough. Monitor all Firewall and UNIX/NT logs, and router tables. Implement automatic corrective action - where possible. Continuous ‘real time’ monitoring of all network devices, applications, and databases. Immediate installation of patches and other software updates.
Disaster Planning What would you do if your drove in the parking lot tomorrow and the building was gone? An interesting fact: Of the 350 firms that had Corporate offices in the World Trade Center, 150 were out of business 8 months after the terrorist bombing. It wasn’t that they lost information - they had no redundancy (disaster plan) that allowed them to run their business from another location.
Security = Disaster Planning The same information derived from your security assessment can be used for disaster planning and business recovery. Identify key hardware, software, and information. Identify key personnel. Identify a backup location and keep backups off-site. Document all configuration, including: hardware installation parameters software installation parameters file server and workstation boot files file/print/FAX/communications server parameters (phone line rollover?) application settings and installation parameters user access rights backup and virus parameters
Who’s in charge? Any plan must include staffing. It should also include standardization.
Reading Materials Maximum Security (2nd Edition) Author: Anonymous Publisher: SAMS ISBN: 0-672-31341-3 Firewalls and Internet Security - Repelling the Wily Hacker Authors: W. Cheswick and S. Bellovin Publisher: Addison-Wesley ISBN: 0-201-6337-4 Internet Firewalls and Network Security Authors: K. Siyan and C. Hare Publisher: New Riders Publishing ISBN: 1-56205-437-6