Expected Threats

The principal threat in teleworker connections is the lack of physical or network controls. Today's home user LAN can look like the one shown in Figure 15-1.

Figure 15-1. Typical Home Network

Likely, the only piece of equipment controlled, partly, by your organization is the teleworker system. In this design, for example, all traffic sent by the teleworker system can be seen by the other systems connected to the hub. Anyone connecting to the (likely insecure) wireless LAN (WLAN) access point (AP) can send traffic to the teleworker directly. If the teleworker system uses the WLAN AP for most of its connectivity (not uncommon), all packets sent from the teleworker system can be viewed by anyone with access to the WLAN traffic.

Although the home LAN is hardly secure, it is nothing compared to the connectivity a teleworker might use at an airport. Here, competitors, attackers, and other curious individuals can be directly connected to one another.

The likely attacks encountered by the teleworker are oriented around attackers attempting to get direct access to the system, use the system as a launch pad to access the corporate network, or infect the system with a virus that later might infect the corporate network. Table 15-1 shows the threat list from Chapter 3, "Secure Networking Threats," tuned to represent likely attacks for teleworkers.

Table 15-1. Teleworker Threats

 

Detection Difficulty

Ease of Use

Frequency

Impact

Overall

Direct access

3

5

5

3

40

Virus/worm/Trojan horse

3

4

5

3

38

Remote control software

5

3

3

4

36

Probe/scan

4

5

5

1

33

Identity spoofing

4

3

1

5

33

War dialing/driving

5

3

2

4

33

Sniffer

5

3

3

3

32

Buffer overflow

4

3

3

3

31

Rogue devices

3

1

2

5

31

Rootkit

4

2

2

4

30

TCP spoofing

5

1

1

5

30

Distributed denial of service (DDoS)

3

2

2

4

29

Man-in-the-middle (MITM)

4

1

1

5

29

Transport redirection

4

3

2

3

28

Smurf

3

4

1

3

26

ARP redirection/spoofing

3

2

1

4

26

Application flooding

4

5

1

2

25

Web application

3

3

1

3

24

TCP SYN flood

3

5

1

2

24

Network manipulation

2

3

1

3

23

IP redirection

2

1

1

4

23

MAC spoofing

3

1

2

3

23

UDP spoofing

5

3

1

2

22

Data scavenging

5

4

1

1

20

IP spoofing

2

4

2

1

20

MAC flooding

3

1

1

3

20

STP redirection

3

1

1

2

16

In the list, direct access is the most common attack because a teleworker PC often is not protected by any form of network infrastructure. This allows an attacker to communicate with the PC on any port or protocol with only the local application security to protect the device. As with the previous two chapters, virus/worms/Trojan horses are always present, making host protections, such as antivirus, essential. Also, if you've ever run a firewall on a home connection, you know that your IP addresses are frequently scanned by any number of locations all around the Internet. If your host is adequately hardened and protected, you have nothing to worry about because would-be attackers will find plenty of other easy targets in their scans. Similarly, remote control software can be installed by using many different mechanisms, including direct access or virusthe number one and number two attacks.

Identity spoofing is a common form of attack in teleworker PCs that have some resource shared with the network. Windows shares, a Secure Shell (SSH) daemon, and other accessible services frequently are attacked by using default or weak passwords in an attempt to gain access to the system. A deliberate attacker targeting a specific resource is likely to be much more diligent. Finally, war driving is an increasingly common attack now that many broadband-connected homes have 802.11 WLAN access. Because the majority of this access is secured poorly, if at all, this gives attackers free Internet access at best and direct access to your users' data at worst.

NOTE

As I've said before, the weightings on these attacks are a potential answer but not necessarily the answer based on your own requirements. These values are subjective and should be freely tuned to more accurately reflect your own network and policies.


Part I. Network Security Foundations

Network Security Axioms

Security Policy and Operations Life Cycle

Secure Networking Threats

Network Security Technologies

Part II. Designing Secure Networks

Device Hardening

General Design Considerations

Network Security Platform Options and Best Deployment Practices

Common Application Design Considerations

Identity Design Considerations

IPsec VPN Design Considerations

Supporting-Technology Design Considerations

Designing Your Security System

Part III. Secure Network Designs

Edge Security Design

Campus Security Design

Teleworker Security Design

Part IV. Network Management, Case Studies, and Conclusions

Secure Network Management and Network Security Management

Case Studies

Conclusions

References

Appendix A. Glossary of Terms

Appendix B. Answers to Applied Knowledge Questions

Appendix C. Sample Security Policies

INFOSEC Acceptable Use Policy

Password Policy

Guidelines on Antivirus Process

Index



Network Security Architectures
Network Security Architectures
ISBN: 158705115X
EAN: 2147483647
Year: 2006
Pages: 249
Authors: Sean Convery

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net