Contents:

With the rapid growth of interest in the Internet, network security has become a major concern to companies throughout the world. The fact that the information and tools needed to penetrate the security of corporate networks are widely available has increased that concern.

The word security connotes protection against malicious attack by outsiders. Security also involves controlling the effects of errors and equipment failures. Anything that can protect against a deliberate, intelligent, calculated attack will probably prevent random misfortune as well.

Because of this increased focus on network security, network administrators often spend more effort protecting their networks than on actual network setup and administration. Tools that probe for system vulnerabilities scanning and intrusion detection packages and appliances, assist in these efforts, but these tools only point out areas of weakness and may not provide a means to protect networks from all possible attacks. Thus, as a network administrator, you must constantly try to keep abreast of the large number of security issues confronting you in today's world. This chapter describes many of the security issues that arise when connecting a private network to the Internet.

Security Issues When Connecting to the Internet

When you connect your private network to the Internet, you are physically connecting your network to more than 50,000 unknown networks and all their users. Although such connections open the door to many useful applications and provide great opportunities for information sharing, most private networks contain some information that should not be shared with outside users on the Internet. In addition, not all Internet users are involved in lawful activities. These two statements foreshadow the key questions behind most security issues on the Internet:

Why should One care for security?

When most people talk about security, they mean ensuring that users can only perform tasks they are authorized to do, can only obtain information they are authorized to have, and cannot cause damage to the data, applications, or operating environment of a system.

Types and Sources of Network Threats

Denial-of-Service

DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. These are the nastiest, because they're very easy to launch, difficult (sometimes impossible) to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for service.

The premise of a DoS attack is simple: send more requests to the machine than it can handle. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests (hits on the web site running there, for example).
Such attacks were fairly common in late 1996 and early 1997, but are now becoming less popular.

Password Attacks

Password attacks can be implemented using several different methods, including brute-force attacks, Trojan horse programs, IP spoofing, and packet sniffers. Although packet sniffers and IP spoofing can yield user accounts and passwords, password attacks usually refer to repeated attempts to identify a user account and/or password; these repeated attempts are called brute-force attacks.

Brute-force attack

Brute-force attack is performed using a dictionary program that runs across the network and attempts to log in to a shared resource, such as a server. When an attacker successfully gains access to a resource, that person has the same rights as the user whose account has been compromised to gain access to that resource. If this account has sufficient privileges, the attacker can create a back door for future access.

IP Spoofing

IP spoofing can yield access to user accounts and passwords, and it can also be used in other ways. For example, an attacker can emulate one of your internal users in ways that prove embarrassing for your organization; the attacker could send e-mail messages to business partners that appear to have originated from someone within your organization. Such attacks are easier when an attacker has a user account and password, but they are possible by combining simple spoofing attacks with knowledge of messaging protocols. For example, Telnetting directly to the SMTP port on a system allows the attacker to insert bogus sender information

The TCP SYN Attack

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN ACK before the connection is established. This is referred to as the "TCP three-way handshake."
While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.
There is no easy way to trace the originator of the attack because the IP address of the source is forged.

Man-in-the-Middle Attacks

A "man-in-the-middle" attack requires that the attacker have access to network packets that come across the networks. An example configuration could be someone who is working for your Internet service provider (ISP), who can gain access to all network packets transferred between your network and any other network. Such attacks are often implemented using network packet sniffers and routing and transport protocols. The possible uses of such attacks are theft of information, hijacking an ongoing session to gain access to your internal network resources, traffic analysis to derive information about your network and its users, denial of service, corruption of transmitted data, and
introduction of new information into network sessions.

Application Layer Attacks

Application layer attacks can be implemented using several different methods. One of the most common methods is exploiting well-known weaknesses in software commonly found on servers, such as send mail, PostScript, and FTP. By exploiting these weaknesses, attackers can gain access to a computer with the permissions of the account running the application, which is usually a privileged system-level account.

Trojan horse attacks

Trojan horse attacks are implemented using bogus programs that an attacker substitutes for common programs. These programs may provide all the functionality that the normal application or service provides, but they also include other features that are known to the attacker, such as monitoring login attempts to capture user account and password information. These programs can capture sensitive information and distribute it back to the attacker. They can also modify application functionality, such as applying a blind carbon copy to all e-mail messages so that the attacker can read all of your organization's e-Establishing a Security Perimeter

Where Do They Come From?

How, though, does an attacker gain access to your equipment? Through any connection that you have to the outside world. This includes Internet connections, dial-up modems, and even physical access.
In order to be able to adequately address security, all possible avenues of entry must be identified and evaluated. The security of that entry point must be consistent with your stated policy on acceptable risk levels.

Lessons Learned

Have someone in staff be familiar with security practices
Having at least one person who is charged with keeping abreast of security developments is a good idea. This need not be a technical wizard, but could be someone who is simply able to read advisories issued by various incident response teams, and keep track of various problems that arise. Such a person would then be a wise one to consult with on security related issues, as he'll be the one who knows if web server software version such-and-such has any known problems, etc.

What the Real World Thinks about Network Security

Eighty-seven per cent of network managers and managing directors think the security threat to corporate networks will grow exponentially during the next couple of years, according to a report commissioned by Siemens Network Systems.

When asked if they thought threats to network security were likely to change, 57 per cent said they will increase significantly and 30 per cent said they will increase by some extent.

Siemens said that the current practice of extending the network to suppliers, customers and partners' means that security must be given the highest priority, as any weaknesses affect external relationships.

Peter Halls, managing director of Siemens Network Systems, said that without a complete understanding of potential threats, no amount of investment in products and resources will secure a company's electronic assets.

"In ecommerce, the security of a company's network must have top priority as no network will mean no-business. Security is an ongoing process - it cannot be done once and then forgotten. This survey suggests that companies need to take a serious look at their network security arrangements," he said.
Halls said that the survey's conclusions were borne out by recent high-profile security breaches.

Khalda Parveen, an analyst at Gartner, said that the problem came from a lack of knowledge from those in the boardroom. "In many cases these CEOs are failing to attribute sufficient budget to the issue of securing their businesses, mainly due to their lack of awareness of the scope of the problem," she said.
Only 30 per cent of the directors questioned believed that the majority of UK & USA companies pay enough attention to security.

The survey was conducted by the David Lewis Consultancy and was based on a worldwide survey of about 3000 senior network managers and managing directors from firms with more than 500 staff.

Security is the process of preventing and detecting unauthorized use of your network. Prevention measures help the network management to stop unauthorized users (also known as "intruders") from accessing any part of your computer network system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.

How to Secure Networks?

A critical part of an overall security solution is a network firewall, which monitors traffic crossing network perimeters and imposes restrictions according to security policy. Perimeter routers are found at any network boundary, such as between private networks, intranets, extranets, or the Internet. Firewalls most commonly separate internal (private) and external (public) networks.

A network security policy focuses on controlling the network traffic and usage. It identifies a network's resources and threats, defines network use and responsibilities, and details action plans for when the security policy is violated.
The above discussion has given us sufficient information regarding the threats to our Network. Securing and protecting our network is really the job at our hands now. We are aware that vulnerability in our network may destroy our organization. Now, the question remains as to how to protect the Network. The answer lies in just three letters: CSS (Cisco Security Specialist. It is the latest certification announced by CISCO to cater an organization's need to measure the security threats and protect the network against these threats.

What is Certification?

What motivates people to get certified and what we provide for them is an opportunity. It is really a calling card that say, "Here, I have done this. I have these skills, I can prove it."

What is Cisco Security Specialist 1(CSS1)

As Organizations accelerate their interest in Internet Business solutions, they need qualified professionals who possess the skills necessary to ensure the security of all network-based transactions. Cisco Security Specialist 1 track has been designed and structured to provide the industry with the professionals possessing the skills to cop up the biggest threat of Hacking to the existing networks.

Why to earn CSS 1 Certification?

Candidates for the Cisco Security Specialist 1 designation are most likely to be actively involved in developing business solutions and designing and delivering multiple levels of security for the underlying network architectures. They may work in IT departments, security departments, or as system integrators or consultants. They can enhance their skills and prepare for the required exams via a suite of courses offered at Times Tech.

Benefits of Cisco Qualified Specialist Designation

Cisco Qualified Specialist designations validate competency in specific technologies, so they increase the holder's professional credibility by ensuring high standards of technical expertise.

In particular, the Cisco Security Specialist 1 designation indicates significant knowledge about network security procedures, processes, and devices. This designation is tailored to the needs of organizations embarking on Internet business projects or working to increase the level of their network security.
A Cisco Security Specialist 1 can do the following for Internet business projects:

Why to attend the course at Times Tech?