2.3 Analyze the technology being used


2.3 Analyze the technology being used

Next, you need to review your current use of technology. This review will include your "trusted network." A trusted network is the network that a company uses to conduct internal business. In many cases, the trusted network is by default defined in the organization as "secure." The trusted network typically supports the backend systems, internal-only-based web pages, data processing, messaging, and, in some cases, internal instant messaging. In many companies, the trusted network allows direct interaction between systems without encryption. Also, various protocols will exist within the trusted network without any type of filtering or even virus scanning.

The problem with this definition is that many assumptions are being made at these companies. A trusted network is not always a secure network. In fact, in many cases the trusted network cannot be trusted, because an internal network is composed of many different networks. These include new acquisitions, old acquisitions, international access points, and even several access point to the outside world.

A common practice is to define the trusted network as the network that internal employees use when at the office or via a secure, controlled dial-in mechanism. A single access point is established to the outside world via a mechanism called the DMZ (demilitarized zone). A DMZ is an isolated network placed as a buffer area between a company's trusted network and the nontrusted network. The DMZ prevents outside users from gaining direct access to the Trusted Network. There are several methods to set up/ configure a DMZ. [3]

For most of our discussion in this book, we will use the following example.

Example: 

Our DMZ will have flanking routers on either side of a firewall to shield us from unwanted traffic. The firewall's job is to work within the DMZ to filter all network packets to determine whether to forward them to another server or to a computer workstation.

Firewalls will be covered in detail in a later chapter. Let's focus on the DMZ for now, as seen in Figure 2.2.

click to expand
Figure 2.2

A DMZ is similar to a set of steel bars set up between the bank tellers and the bank customers. That way a person cannot just reach in, grab some money, and run off. The "bad dudes" will need to jump over the steel bars to get to the money. In the same way, DMZs are configured to keep some-one from directly accessing the trusted network. Sets of DMZ rules are enabled in the DMZ. These rules are controlled by the policies and implemented via the procedures for your organization. One of the most common rules is that a single protocol cannot transverse the DMZ. So if you are entering into the DMZ via http on port 80, you cannot continue into the trusted network on the same port and protocol. This is what the DMZ does: It keeps "untrusted" traffic from entering the trusted network. It is the job of the DMZ to filter the traffic and limit access to the trusted network via filtering and authentication and even to completely block traffic as needed.

What can a DMZ do for inbound traffic?

  • Filter and manage Denial-of-Service attacks

  • Scan e-mail messages for virus, content, and size

  • Provide passive eavesdropping/packet sniffing

  • Prevent application-layer attack

  • Provide port scans

  • Limit access to the trusted network via a single protocol

  • Provide IP address spoofing

The following example is used for discussion only. We cannot make a recommendation on DMZ configurations for all cases.

Note 

Some companies will make a partial copy of the data that is in the trusted network and then place it (or replicate it) onto servers in the DMZ. This is a good idea, unless the company has stated, "No business data is to be placed into the DMZ." Okay, now what do we do? A complex application needs to be created to intercept requests, possibly authenticate the users, and then forward the requests into servers in the trusted network. As you can see, one size does not fit all.

So far, we have discussed using the DMZ to control inbound traffic, but the DMZ is also used to control outbound traffic. It is also used to hide (mask) the design and configuration of the trusted network. The DMZ can be designed to limit access to the Internet via proxy servers and filter servers. These servers, as regulated by the limits set in the policy documents, can do the following.

  • Control e-mail messages based on destination

  • Control e-mail messages based on size and even content

  • Scan for viruses going out of the DMZ

  • Limit access to unauthorized access sites

  • Monitor access to unauthorized web sites

Why should we care about messages that might have a virus going out of the company? This will be covered in detail in a later chapter, but for now, imagine these headlines: "Dimwitted User at the Company Sends Out Virus to Their Competitor Via a R sum !" We are all responsible for controlling viruses. You can do your part by checking for viruses before you send out a message.

Make a list of your network configuration. Identify the access points to the Internet. Determine if you are using a trusted network. In the process, you will determine if you have any unauthorized access points.

Example: 

Someone uses a PC connection product to check his or her work e-mail by dialing into his or her computer from home. This is a common technique and may be authorized by your company. But without proper controls and procedures, this can be an access point for a hacker to access your trusted network.

Mergers and acquisitions are the norm of the business world, but with each merger there is some of type of change to a network. Many businesses will merge the trusted networks between the companies. This may seem like good business, but it may not be good security sense. If you have a "new" network that has been created by combining previous networks, review the following.

  1. Access points to the Internet

  2. The number of DMZs each company involved has in the merger. Why?

  3. The protocols being used on each network

  4. Directories being used to authenticate users

  5. Is there an authoritative directory?

  6. The type of remote access available to the new combined network

Now for the opposite scenario. Your corporation has just sold a company or division. Review the same points in reverse. You may need to completely isolate the networks.

  1. What access points to the Internet are/were in common?

  2. How many DMZs does each company created from the split have?

  3. What protocols are being used on each network?

  4. What directories are being used to authenticate users?

  5. Was there an authoritative directory?

  6. What type of remote access is available to the new network?

So far in the discussion we have talked about a trusted network as a single entity in a company. This is not always true. In a large enterprise or multinational company, there can be many trusted networks, and each network does not necessarily trust each other. Due to individual country laws and requirements you may need to isolate your trusted network, and you may even separate your networks via mini-DMZs. The common term for this is "zones and perimeters." Security zones define the areas that need to be protected. Each zone may have different security requirements. The zones may be within a perimeter area that protects all zones or specific zones.

Now you may be saying, "I don't have a DMZ or a trusted network." No problem all that means is that we have a lot of work ahead of us. So let's move on to the next phase: initial risk analysis and the determination of whether you need a DMZ or a trusted network.

[3]Access this URL at Cisco for several examples. http://www.cisco.com/warp/public/cc/cisco/mkt/security/iosfw/tech/firew_wp.htm




Internet Security(c) A Jumpstart for Systems Administrators and IT Managers
Internet Security: A Jumpstart for Systems Administrators and IT Managers
ISBN: 1555582982
EAN: 2147483647
Year: 2003
Pages: 103
Authors: Tim Speed, Juanita Ellis
BUY ON AMAZON

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net