8.1. What Makes Communication Secure? Communications security protects information while it's being transmitted over unsecured networks, which would be any network that you do not control, whether owned by you or by a service provider. Secure communication enforces the security principles introduced in earlier chapters.
Secrecy or confidentiality Secure communication keeps information from being transmitted to anyone not authorized to receive it. Secrecy means that intruders can't tap into communications lines and messages will go to their intended recipients, without being viewed by others. In highly secure systems, secrecy might also mean that information can't be passedeither deliberately or because of delivery errorsto systems or networks not cleared to process that level of information.
Accuracy or integrity Secure communication keeps information from being lost, changed, or repeated during transmission. The information is delivered exactly as sent.
Authenticity Secure communication keeps users on either side of a transmission from being able to forge a message.
Nonrepudiation Secure communication means that a receiver is certain that the message sender is who it is expected to be. Security also means that a message sender will be unable to later on deny having sent a given message.
Availability Secure communication keeps the network working efficiently. Availability is a particularly important concept for networks, where even a minor slowdown in service can have a reverberating effect on an entire network. "Denial of service," described later in this chapter, is a particularly virulent problem for network security. Think of availability as having to do with robustness, and the ability to resist attacks which could slow down or compromise the communications process. How can you make a communication secure? Here are the main approaches:
Keep the communication from being intercepted Protect your communications equipment (so an intruder can't attack a network switch or any other equipment), and choose the most secure communications medium (so an intruder can't tap the line).
Encrypt the data you're sending If you're concerned primarily about protecting the secrecy of a communication, encryption (described in Chapter 7) is an excellent solution, regardless of whether the medium and the equipment are physically secure. Certain encryption techniques can also ensure the accuracy and authenticity of a communication. A powerful method of automatically encrypting data during communications is the Virtual Private Network. Using VPNs, workers at home can have secure access to the same resources they would be able to access at the corporate site. Corporate VPNs are used in point-to-point links.
Control access to your systems and to your networks Proper authentication of users helps ensure that only authorized users can enter the network and that once in, they can access only approved resources. Configure your network for security. For complete protection from the outside, set up an airwall: no external connections, no floppy drives, no USB-port memory sticks. Just the computer on your network, nothing more. To protect your own trusted local area network without completely cutting off communication to the outside world, set up a gateway computer sometimes called a firewall to isolate your local users. A firewall looks at each transmission and decides if it originates from or is destined to an Internet address that is listed as desirable to receive (i.e., a friend or a foe).
Within the security perimeter of a local network, users may be able to communicate freely It is possible that an eavesdropping attack could take place within the secured area. An intrusion detection system (IDS) can monitor the internal traffic and look for packets that seem malicious or are sourced from known trouble spots. Appropriate Technology I'll discuss some of the most important methods for message security in this chapter, but there are other approaches as well. Consider one of the methods used to protect radio communications in the Pacific during World War II, as reported by David Kahn in The Codebreakers (Scribner). The Marines protected against eavesdroppers by having native Navahos on either side of the communication speak to each other in their own language. Because so few people speak Navaho, and because Navaho is an extremely difficult language to learn, particularly as an adult, there was virtually no chance that communications between "codetalkers" could be understood or counterfeited by the enemy. As with operating-system security, you'll have to decide on the best method, or combination of methods, for your own equipment, environment, and assessment of the importance of your information. |
8.1.1. Communications Vulnerabilities There are many points of vulnerability when information is being communicated. The media itself (e.g., the telephone line, the cabling, or the radio transmission) may be vulnerable. Different types of media vary significantly in how easy they are to tap. Simple cordless telephones can be intercepted very easily, and conventional telephone taps are both easy and inexpensive to implement. Cellular phones vary in complexity. Coaxial cable is somewhat more difficult to tap. Fiber-optic cable is probably the most secure medium. The IEEE 802.11x wireless standard (Wi-Fi) has gone through several iterations of security in order to keep it safe from prying eyes, although in the eyes of some, the effort has not succeeded. The 802.11i standard addresses security directly. (See the section "Network Media" later in this chapter.) Communications equipment (e.g., switching systems, routers, signaling equipment, or testing equipment) is another point of vulnerability. The nodes where communications lines meet are very vulnerable to attack. It's extremely important to keep unauthorized people away from all communications equipment, starting with card-key access to the premises and continuing on through putting a lock on every telecommunications room door. Damage to a switching system can have a disastrous effect on a network. Communications equipment is also vulnerable to natural disasters (e.g., power problems) and to error (e.g., noise on the line). Telephone and network connections are very vulnerable to attack. It's often easier to break into a system over a network than it is onsite. Physical controls obviously aren't effective against remote access. Using telephone and network connections, an attacker can spend a lot more time trying to break into a system remotely than would be possible onsiteand can usually stay anonymous as well. 8.1.2. Communications Threats There are a number of special terms commonly used to describe communications threats.
Masquerade Occurs when someone (an imposter) pretends to be an authorized user.
Playback or replay Occurs when someone records a legitimate message (perhaps a funds transfer), and later sends it again.
Repudiation Occurs when someone denies that she sent or received a message.
Denial of service Occurs when someone or something dominates system resources, stopping or slowing down system or network performance.
Distributed denial of service A coordinated denial of service attack that originates from many sources at once. Denial of service is a problem for operating systems as well as networks. If someone shuts off power, fills up a storage device or disk, or creates more processes than the system can support, no one will be able to get any work done. If server resources aren't available on an equitable basis, some users will be very unhappy. One example of a network denial of service attack is message flooding, in which someone sends so many requests (perhaps meaningless messages) to a system that the system's resources are overloaded, and the system may crash as a result. Communications interceptions, or taps, are another special network concern. There are two basic types of taps:
Passive taps Threaten the secrecy of the information that's being transmitted. Taps of this kind usually involve wiretapping or radio interception of transmitted data. Through electronic eavesdropping or monitoring, the intruder intercepts the information but doesn't attempt to modify it. It's very easy to tap telephone lines and lines connecting terminals, especially in telecommunications rooms where connections are plentiful, and splice points abound. A single splice, or an induction loop around a terminal wire, can successfully intercept many different types of communications.
Active taps Threaten the authenticity of the information that's being transmitted. Active taps usually involve breaking into a communications line and deliberately modifying information. In addition to tampering directly with the contents of the information, the intruder might threaten the transmission by tampering with its routing or authenticityby changing the apparent origin of a message, by rerouting it to another destination, by replaying a previous message (to create a false message), or by falsifying an acknowledgment of a genuine message. |
