Chapter 1: Internet Infrastructure for Security Professionals

"Welcome to the Internet, the largest beta-test network in the world."Anonymous

Overview

While the Internet is a core aspect of many businesses today, it is still an "experimental" network in many ways. Technology rapidly advances each year, and new security threats and countermeasures ensure that the Internet is continually changing in architecture and operation. Now that you have built your business on this network, we think you should know a few things to ensure a secure presence on the Internet.

As Internet growth began to explode in the early 1990s, services offered by ISPs were rather limited. An ISP typically provided only physical connectivity (usually fractional -T1, T1, or DS3), IP routing, and IP address registration/delegation and Domain Name System (DNS) services. The ISP was primarily responsible for the security of the border router and the physical circuit provided to the organization, as well as its DNS and core network infrastructure. The organization was responsible for all other aspects of security related to Internet connectivity.

Today, ISPs offer a wide range of services as part of a standard Internet product offering. If an organization depends on the ISP for these services, the onus of security lies with the ISP. However, if an organization chooses to manage these services, the onus of security lies squarely with the organization. Either way, we want you to be aware of the functions and risks involved with these services, and how attackers can exploit them. This will enable you to make informed decisions with respect to ISP selection, or your own security practices.

In this chapter, we cover several basic functions that may be performed by ISPs, organizations, or both:

  • Basic Internet Services Such as IP address registration/delegation, Autonomous System Number registration, and IP routing

  • Supplementary Internet Services Such as DNS and electronic mail

In addition, we present a brief list of questions at the end of this chapter that you can use to scrutinize a prospective ISP or to audit your own security practices and policies.

Note 

Throughout this chapter, the term organization is generally used to refer to any non-ISP entity such as an enterprise or nonprofit organization.

Simply having an "Internet presence" exposes an organization to a great many security risks. There are many Internet service providers (ISPs) to choose from as well as a wide variety of services offered or managed by those ISPs. An organization may choose to have some, or all, of these services provided by the ISP. There are both economic and security trade-offs between managing these services yourself or outsourcing them to an ISP. Tables 1-1 and 1-2 compare risks and benefits between managing services yourself and outsourcing to an ISP.

Table 1-1: Risks and Benefits of Outsourcing Internet Services to an ISP

Risks of Outsourcing

Benefits of Outsourcing

The ISP is responsible for a significant part of the organization's network security and reliability, and it may have little, if any, control over policy and management.

Smaller technical staff is required.

Problem resolution may take longer, since the organization must contact the ISP to resolve any problems with the service.

The ISP manages around-the-clock network management staff, reducing organization's need to staff outside of business hours.

ISP usually provides network equipment for managed service.

The organization has lower capital expense.

Table 1-2: Risks and Benefits of Self-Managing Internet Services

Risks of Self-Managing

Benefits of Self-Managing

The organization needs more technical staff.

The organization controls/maintains security and reliability based on its own practices and procedures.

The organization may need around-the-clock technical staff.

Problem resolution may be faster utilizing on-site staff.

The organization has higher capital expense for network equipment.

The organization can choose the equipment vendor.



Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net