Protecting a Network from Outside Attack

Another security risk for your network involves direct attack. Connecting your network to the Internet provides a nice wide conduit for folks who want to try to crack your network security and gain access to valuable network resources.

Direct network attacks can take different forms, and many of them are possible because of the way the TCP/IP protocol stack operates. Each protocol in the TCP/IP stack communicates on a particular channel, called a well-known port number (port numbers are discussed in Chapter 12, "TCP/IP Network Administration"). For example, HTTP operates on port 80, and FTP operates on port 21. There are, in fact, more than 1,000 well-known port numbers , and each of these ports is a potential path for an attack on your network. Firewalls provide a strategy for blocking these ports, and we will discuss firewalls later in the chapter.

Another way that direct attacks are engineered involves important information such as login names and passwords being discerned by a cracker using snooping software such as protocol sniffers, which are discussed in Chapter 19. A cracker can sit outside your network on the Internet and intercept data transmissions that can provide enough information for a direct attack on the internal network.

Note

All the ins and outs of network security, particularly those associated with outside attacks, could fill an entire bookand have actually filled a number of books. Companies lose a lot of money and time dealing with network attacks, both on the intranet (the private network) and on the Internet. For some big-picture information on network security, check out The Concise Guide to Enterprise Internetworking and Security , published by Que.

A number of different kinds of attacks can be made on an IP network. A brief description of each follows :

• Eavesdropping . Also known as sniffing or snooping , eavesdropping is the ability to monitor network traffic because it is in an unsecured format. The eavesdropper basically listens in using some kind of network-monitoring software.

• Password attacks . These attacks are typically a result of eavesdropping. Once a snooper is able to find a valid account (because this information is not always protected on the internal network), the attacker is able to gain access to the network and discern information such as valid users, computer names, and resource locations. This can lead to the modification, deletion, or rerouting of network data.

• IP address spoofing . An attacker is able to assume a legal IP address and gain access to the network.

• Man-in-the-middle attacks . The attacker is able to monitor, capture, and control data between the sending and receiving devices.

• Denial-of-service attacks . The attacker gains access to the network and then sends invalid data to network services and applications, which causes these network services to operate erratically or to terminate. This type of attack can also materialize as a flood of data directed at a particular service or computer, which results in overload and shutdown. This type of attack has been used repeatedly to take down Web sites on the Internet.

Network administrators use all sorts of strategies to prevent these types of attacks. Secure routers provide one way to protect the internal network, and so do firewalls (discussed in the next section). Another method involves implementing Internet Protocol Security (IPSec) , which is a suite of cryptography-based protection services and security protocols that can be used to secure internal networks, networks that use WAN solutions for connectivity, and networks that take advantage of remote access solutions (such as Virtual Private Networking, which we discuss in Chapter 17).

Note

IPSec uses all sorts of protection methods to secure network data. Cryptography is the coding or encrypting of data into an unreadable format. IPSec can also use certificates to protect data, where the data can only be read by a receiver with the appropriate certificate credentials. Obviously, implementing IPSec requires a very good understanding of the TCP/IP protocol stack and IPSec itself. For information on IPSec in relation to Windows Server 2003, check out Sams Teach Yourself Windows Server 2003 in 24 Hours .

Securing a network of any size will probably require more than one strategy. This means you need to create a security plan for your network. Once you have a plan, you can implement it with the appropriate hardware or software security tools. Network security is certainly a very hot topic and a very important aspect of any network administrator's job. Securing a network isn't easy, however. Even the big boys, such as Yahoo! and Microsoft, get hammered occasionally by network attacks. Let's end our discussion of network security on a high point with the discussion of a truly marvelous invention: the firewall.