Introduction | The Practice of Network Security: Deployment Strategies for Production Environments

As I am writing this introduction an alert has just come in about a newly discovered vulnerability in Cisco's CatOS. The vulnerability, a buffer overflow in the CatOS HTTP daemon, is one that is commonly found on devices that have stripped down HTTP daemons used for management purposes.

A couple of years ago this vulnerability would not have raised too many eyebrows . After all, how often is a device within the network infrastructure attacked ? Attacks are targeted toward servers, and insecure workstations not routers, switches, firewalls, or other network infrastructure, right? That's not the case any more. As networks have become more complex so have the attackers that try to infiltrate them. Network security is no longer simply about protecting servers and workstations. Network security now requires a holistic understanding of the network, and an awareness of vulnerabilities both at the edge and in the core .

As attackers have become more sophisticated, so have the tools they use to infiltrate networks. These tools, most freely available, have filtered down to chat rooms and "warez" web sites, making it easier for less knowledgeable users to launch an attack against a network, or multiple networks. Attacks against networks are now routinely launched by disgruntled teens, angry customers, ex- employees , or someone who just wants to see if it can be done.

All these changes have combined to make the job of security and network professionals much more difficult. The number of devices that must be protected has increased, while the security budget has remained the same or shrunk. ^[1] Security administrators must now spend time determining whether an attack is orchestrated by someone who knows what they are doing and is trying to gain access to confidential information, or some kid who wants to test out the last Denial of Service (DoS) tool.

^[1] Of course.

In addition to these problems there is often a blending of the roles that security, network and server administrators play in protecting the network. Separating the responsibilities of different groups, while ensuring that communication between the groups still occurs is an important responsibility.