Introduction To Network Security – Part 1

As more and more people and businesses have begun to use computer networks and the Internet, the need for a secure computing environment has never been greater. Right now, information security professionals are in great demand and the importance of the field is growing every day. All the industry leaders have been placing their bets on security in the last few years.

All IT venodors agree today that secure computing is no longer an optional component, it is something that should be integrated into every system rather than being thrown in as an afterthought. Usually programmers would concentrate on getting a program working, and then (if there was time) try and weed out possible security holes.

Now, applications must be coded from the ground up with security in mind, as these applications will be used by people who expect the security and privacy of their data to be maintained.

This article intends to serve as a very brief introduction to information security with an emphasis on networking.

The reasons for this are twofold:

Firstly, in case you did not notice.. this is a networking website,

Secondly, the time a system is most vulnerable is when it is connected to the Internet.

For an understanding of what lies in the following pages, you should have decent knowledge of how the Internet works. You don’t need to know the ins and outs of every protocol under the sun, but a basic understanding of network (and obviously computer) fundamentals is essential.

If you’re a complete newbie however, do not despair. We would recommend you look under the Networking menu at the top of the site…where you will find our accolade winning material on pretty much everything in networking.

There is a very well worn out arguement against using the incorrect use of the word ‘hacker’ to denote a computer criminal — the correct term is a ‘cracker’ or when referring to people who have automated tools and very little real knowledge, ‘script kiddie’. Hackers are actually just very adept programmers (the term came from ‘hacking the code’ where a programmer would quickly program fixes to problems he faced).

While many feel that this distinction has been lost due to the media portraying hackers as computer criminals, we will stick to the original definitions through these articles more than anything to avoid the inevitable flame mail we will get if we don’t !

This introduction is broadly broken down into the following parts :

• The Threat to Home Users
• The Threat to the Enterprise
• Common Security Measures Explained
• Intrusion Detection Systems
• Tools an Attacker Uses
• What is Penetration-Testing?
• A Brief Walk-through of an Attack
• Where Can I Find More Information?
• Conclusion

Many people underestimate the threat they face when they use the Internet. The prevalent mindset is “who would bother to attack me or my computer?”, while this is true — it may be unlikely that an attacker would individually target you, as to him, you are just one more system on the Internet.

Many script kiddies simply unleash an automated tool that will scan large ranges of IP addresses looking for vulnerable systems, when it finds one, this tool will automatically exploit the vulnerability and take control of this machine.

The script kiddie can later use this vast collection of ‘owned’ systems to launch a denial of service (DoS) attacks, or just cover his tracks by hopping from one system to another in order to hide his real IP address.

This technique of proxying attacks through many systems is quite common, as it makes it very difficult for law enforcement to back trace the route of the attack, especially if the attacker relays it through systems in different geographic locations.

It is very feasible — in fact quite likely — that your machine will be in the target range of such a scan, and if you haven’t taken adequate precautions, it will be owned.

The other threat comes from computer worms that have recently been the subject of a lot of media attention. Essentially a worm is just an exploit with a propagation mechanism. It works in a manner similar to how the script kiddie’s automated tool works — it scans ranges of IP addresses, infects vulnerable machines, and then uses those to scan further.

Thus the rate of infection increases geometrically as each infected system starts looking for new victims. In theory a worm could be written with such a refined scanning algorithm, that it could infect 100% of all vulnerable machines within ten minutes. This leaves hardly any time for response.

Another threat comes in the form of viruses, most often these may be propagated by email and use some crude form of social engineering (such as using the subject line “I love you” or “Re: The documents you asked for”) to trick people into opening them. No form of network level protection can guard against these attacks.

The effects of the virus may be mundane (simply spreading to people in your address book) to devastating (deleting critical system files). A couple of years ago there was an email virus that emailed confidential documents from the popular Windows “My Documents” folder to everyone in the victims address book.

So while you per se may not be high profile enough to warrant a systematic attack, you are what I like to call a bystander victim.. someone who got attacked simply because you could be attacked, and you were there to be attacked.

As broadband and always-on Internet connections become commonplace, even hackers are targetting the IP ranges where they know they will find cable modem customers. They do this because they know they will find unprotected always-on systems here that can be used as a base for launching other attacks.

Most businesses have conceded that having an Internet presence is critical to keep up with the competition, and most of them have realised the need to secure that online presence.

Gone are the days when firewalls were an option and employees were given unrestricted Internet access. These days most medium sized corporations implement firewalls, content monitoring and intrusion detection systems as part of the basic network infrastructure.

For the enterprise, security is very important — the threats include:

• Corporate espionage by competitors,
• Attacks from disgruntled ex-employees
• Attacks from outsiders who are looking to obtain private data and steal the company’s crown jewels (be it a database of credit cards, information on a new product, financial data, source code to programs, etc.)
• Attacks from outsiders who just want to use your company’s resources to store pornography, illegal pirated software, movies and music, so that others can download and your company ends up paying the bandwidth bill and in some countries can be held liable for the copyright violations on movies and music.

As far as securing the enterprise goes, it is not enough to merely install a firewall or intrustion detection system and assume that you are covered against all threats. The company must have a complete security policy and basic training must be imparted to all employees telling them things they should and should not do, as well as who to contact in the event of an incident. Larger companies may even have an incident response or security team to deal specifically with these issues.

One has to understand that security in the enterprise is a 24/7 problem. There is a famous saying, “A chain is only as strong as its weakest link”, the same rule applies to security.

After the security measures are put in place, someone has to take the trouble to read the logs, occasionally test the security, follow mailing-lists of the latest vulnerabilities to make sure software and hardware is up-to-date etc. In other words, if your organisation is serious about security, there should be someone who handles security issues.

Related articles

• Cyberterrorism threat shouldn’t be underestimated, some security experts say (networkworld.com)
• ICS-CERT: Exploit Tool Releases for ICS Devices Advisory (portadiferro2.blogspot.com)
• Juniper buys Mykonos to beat off web app attacks (go.theregister.com)
• 3 Ways For SMBs To Plug IPv6 Security Holes (informationweek.com)
• Hacking breach made us stronger says RSA (go.theregister.com)
• Adobe patches Flash Player for second time in 20 days (infoworld.com)
• Don’t underestimate cyber terrorism threat, security experts say (infoworld.com)
• 80 Percent of GSM Handsets Vulnerable To Hackers (toptechnews.com)
• Microsoft code not the security sieve sysadmins should be worried about (go.theregister.com)
• Hackers winning security war (echlinm.wordpress.com)