-
Need for network security -
Business and personal data are exposed via the Internet. -
Hackers constantly create new threats, due to the ubiquity of the Internet, allowing them to share information and tools globally. -
New threats are also due to the pervasiveness of easy-to-use operating systems and development environments, reducing the knowledge and skill level required to become a hacker. -
Network attack taxonomy (types of attacks) -
Packet sniffers Can capture addresses, hostnames, usernames, and passwords. Mitigated by authentication, a switched infrastructure, antisniffer tools, and cryptography. -
IP spoofing Involves a hacker gaining access by pretending to belong to the network. Mitigated by access control and RFC 2827 filtering. -
Denial of service (DoS) Consuming so much of a limited resource (bandwidth, buffers, CPU cycles) that others cannot use it. Mitigated by antispoofing measures, rate limiting upstream, and half- open connection limits. -
Password attacks Involve attempts to learn or crack passwords to gain access. Mitigated by strong passwords (minimum of eight characters and mix of uppercase and lowercase letters , numbers , and special characters), OTP, and encrypting password transmission. -
Man-in-the-middle attacks Involve a hacker interposing himself between two parties exchanging data. Mitigated by encrypting data exchange. -
Application-layer attacks Involve a hacker taking advantage of known vulnerabilities in applications. Mitigated by keeping the OS and all applications fully patched and using IDS (primarily HIDS, but also NIDS). -
Network reconnaissance Involves a hacker learning the network topology and characteristics (naming, addressing, device information). Mitigated by HIDS and NIDS, and protocol filtering. -
Trust exploitation Involves taking advantage of established operating relationships, in which systems must accept information and inputs from other systems. Mitigated by restrictive trust model, strong access control, and private VLANs. -
Port redirection Causing traffic that enters a host on one port to be sent to another port, thereby leading it to be acted on by another process. Mitigated by restrictive trust models and HIDS. -
Unauthorized access Involves obtaining illegitimate access to restricted resources. Mitigated by protocol filtering at the firewall and strong access control. -
Virus and trojan horse attacks Involve inserting malware into unprotected hosts to exploit them. Mitigated by maintaining currency of OS and applications and antivirus software. -
Network security policy -
SAFE Blueprints assume that a policy is already present. -
A security policy provides management endorsement of security, various usage policies, audit provisions to assess compliance, and incident-response plans. -
Management protocols and functions -
SSH and SSL for encrypted device access instead of Telnet, which is cleartext (including passwords). -
Syslog for device logging and alarm transmittal to servers. -
TFTP for device image and configuration file transfer. -
SNMP for device management (rw community) and information (ro community). Use SNMP v3 to have encryption and authentication. -
NTP for clock synchronization. Use NTP v3 for secure authentication of time data from upstream servers. |
