400 likes | 504 Views
TCP/IP Networks Management and Security. Presented by: David M. Litton, CPA, CISA, CGFM Deputy Director, Audit and Management Services Virginia Commonwealth University May 7, 2001. Course Objectives:. What is a TCP/IP Network? Common components of a TCP/IP network
E N D
TCP/IP Networks Management and Security Presented by: David M. Litton, CPA, CISA, CGFM Deputy Director, Audit and Management Services Virginia Commonwealth University May 7, 2001
Course Objectives: • What is a TCP/IP Network? • Common components of a TCP/IP network • Network environment: TCP/IP protocol and associated devices functionality • General network risks • Specific risks and compensating controls for TCP/IP network devices • Areas of a TCP/IP Infrastructure Audit TCP/IP Networks Management and Security
What is a TCP/IP Network? • Envelope and post office concept • Ethernet Frames • Internet Protocol (IP) – Connectionless datagram; tries to send but not sure if it gets there • Transmission Control Protocol (TCP) • Alternatives to TCP: UDP and ICMP • Ports • Socket (Combination of port# & IP address) • Connection (pair of sockets for a session) TCP/IP Networks Management and Security
Common components of a TCP/IP network • Cat 5 UTP Wiring & fiber optics lower layer 1 • Hubs emphasis layer 1 • Bridges layer 1 or lower-part of layer 2 (MAC) • Switches – some layer 1 & emphasis layer 2 • Routers – emphasis layer 3 & some layer 4 • Applications/network utilities: layers 5-7; FTP, HTTP, NFS, X-Windows, Telnet… • Protocol Stacks: part of server/work station O/S • Servers - physical and logical contrasted • Specialized IP servers: DHCP, BOOTP, DNS… TCP/IP Networks Management and Security
Network Environment: TCP/IP Protocol and Associated Devices Functionality TCP/IP Networks Management and Security
Inconsistently applied back-up procedures for Network Equipment and Servers Lack of a test lab and change control procedures Intercepting clear text, log-on identifiers and passwords Staff turn-over Use of unauthenticated services on network hosts and pass through routers Lack of spoofing prevention measures Use of default passwords on network equipment Lack of password change procedures for network equipment Poor O/S controls on network devices General network risks TCP/IP Networks Management and Security
Improper access to restricted systems (patient information, financial records, payroll, etc.) Release of sensitive information Prolonged outages and inconsistent availability Lack of documentation Non-compartmentalized traffic Trojan Horses Lack of expertise, training, and cross-training Lack of restoration plans or spare parts Ineffective procedures Masquerading as another individual Spying, Sabotage Risk from easy-to-use freeware utilities Stolen Passwords General network risks TCP/IP Networks Management and Security
Specific risks and compensating controls for TCP/IP network devices TCP/IP Networks Management and Security
Router Risks and Controls TCP/IP Networks Management and Security
Router Risks and Controls TCP/IP Networks Management and Security
Router Risks and Controls TCP/IP Networks Management and Security
Console TFTP Telnet TACACS MOP (maintenance operation protocol by DEC for CISCO routers) SNMP R-Shell R-Copy FTP HTTP More being added, check manufacturer documentation Router Risks and Controls:Methods of Accessing Routers TCP/IP Networks Management and Security
Domain Name Service:Risks and Controls TCP/IP Networks Management and Security
Network Address Translation TCP/IP Networks Management and Security
Wiring/Hubs: Risks and Controls TCP/IP Networks Management and Security
Additional Server Risks and Controls TCP/IP Networks Management and Security
Dangerous Services to be Restricted TCP/IP Networks Management and Security
Work Stations Risks and Controls TCP/IP Networks Management and Security
Encryption • Examine Encryption Practices • Determine where the traffic is the most exposed – going out on the Internet, between business partners… • Look for controls like compartmentalization & VLANs to reduce internal exposure • Use Encrypted methods like SNMP V.2 and CHAP V.2 to communicate to network devices • Consider testing encryption controls with a sniffer TCP/IP Networks Management and Security
Sniffed PPP Connection in Clear Text TCP/IP Networks Management and Security
Areas of a TCP/IP Infrastructure Audit:Why Examine Network Infrastructure • Rarely examined • Large investment • Basis for most technology - the “common denominator” • Connects to the World • Lost Revenue on E-Commerce • Susceptible to Denial of Service Attacks TCP/IP Networks Management and Security
Areas of a TCP/IP Infrastructure Audit: Recommended Objectives • Continuity(consistent reliability and availability of system -- back-up and ability to recover) • Management and Maintenance (additions, change procedures, upgrades, and documentation) • Security(appropriate physical and logical access to network devices and hosts) TCP/IP Networks Management and Security
Auditing TCP/IP Infrastructure • Review network policies and procedures • Review network diagrams (layer 1 & 2), design, and walk-through, list of network equipment and IP address list • Verify diagrams with Ping and Trace Route • Review utilization, trouble reports & helpdesk procedures • Probe systems (Netscan tools and Portscanner) • Interview network vendors, users, and network technicians • Review software settings on network equipment • Inspect computer room and network locations • Evaluate back-up and operational procedures TCP/IP Networks Management and Security
Conclusion • Identify the paths and equipment used to navigate the network • Identify TCP/IP infrastructure areas of concern • Break into manageable pieces • Every network is different and the components and risks must be fully understood • Identify risks and prioritize • Dedicate more upfront planning • RELAX !! It’s not that bad ! TCP/IP Networks Management and Security
Additional Information • Presentation located on line at URL: http://www.vcu.edu/iaweb/iam_welc.html • Contact information: dmlitton@vcu.edu (804) 828-9248 TCP/IP Networks Management and Security