1.4 Where Is the Network Vulnerable?

Before delving further into the book, it would be a good idea to assess network vulnerabilities. Being aware of some of the more common security problems found in a networking environment makes it easier to spot them on another network. A quick audit based on some common mistakes is a good start. As topics are covered in more detail, it should be easy to pick up other ideas to tighten security even further.

The most common mistake an administrator makes is using clear text passwords. Many administrators will disable telnet access to servers, but leave File Transfer Protocol (FTP) access open , or they will use telnet to login into routers or switches, instead of creating a TACACS+ ^[4] server. If possible, even e-mail login sessions should be done using encrypted usernames and passwords. Of course, encrypted logins have to be combined with a good password policy.

^[4] TACACS is the Terminal Access Controller Access Control System, is documented in RFC 1492, and is an authentication and logging system.

Domain Name System (DNS) servers are another commonly exploited vulnerability. The most popular program installed on DNS servers is the Berkeley Internet Name Domain (BIND). While recent versions of BIND have done a great job of increasing security controls, the vast majority of companies are still running older, less secure, versions of BIND.

Another common mistake network administrators make is to leave network passwords set to their default; this is especially true for the Simple Network Management Protocol (SNMP). The default passwords for reading data and writing to SNMP devices are generally public and private, respectively. Often administrators activate SNMP without thinking about the consequences of an attacker having full control of their routers.

Firewalls can also lead to poor security practices. Many administrators assume because they have a firewall in place their networks are secure. Firewalls do not solve all security problems. In fact, a firewall with poorly implemented rule sets offers little or no protection for a network. A firewall with good rule sets is important, but it is only a small part of a security policy.

Whenever possible, use managed switches instead of hubs. A managed switch offers security features such as VLAN control and MAC address control. These additional security features enable you to control what machines have access to your network, and can even allow you to control traffic within your network.

A wireless LAN (WLAN) is an incredible technology: It frees employees from their offices or cubicles and allows them to connect into the network from anywhere in your building. There is also a host of security concerns that need to be addressed before implementing a WLAN. Some of the security issues inherent in WLAN technology include the ability to easily port sniff other users connected to an access point, easy entry to your network for just about anyone , and of course, the use of an insecure default password.