Planning for security is an important element in designing a network. It is far easier to implement a secure network from a plan than it is to recover from data loss. This lesson presents an overview of network security. We examine two primary models for ensuring data security and take a look at how to secure the physical components of a network.
After this lesson, you will be able to:
- List the basic security requirements for a network.
- Describe ways to restrict access to the network by unauthorized users.
- Describe the features of password-protected shares and access permissions.
- Identify the common types of computer viruses and describe ways to protect against them.
Estimated lesson time: 35 minutes
In a networking environment there must be assurance that sensitive data will remain private. Not only is it important to secure sensitive information, it is equally important to protect network operations from deliberate or unintentional damage.
Maintaining network security requires a balance between facilitating easy access to data by authorized users and restricting access to data by unauthorized users. It's the job of the network administrator to create this balance.
Even in networks that handle sensitive and valuable business data, security is sometimes an afterthought. Four major threats to the security of data on a network are:
Despite the seriousness of these threats, data security is not always implemented or supported properly. The administrator's task is to ensure that the network remains reliable and secure, free from those threats.
The extent and level of the network security system required depends on the type of environment in which the network is running. A network that stores data for a major bank, for example, requires more extensive security than a LAN that links the computers in a small community volunteer organization.
Making a network secure requires establishing a set of rules, regulations, and policies so that nothing is left to chance. The first step toward ensuring data security is to implement policies that set the tone and help to guide the administrator and users through changes, both expected and unplanned, in their network's development.
The best way to design data security policies is to take a proactive, preventive approach. When unauthorized access is prevented, the data remains secure. A prevention-based system requires that the administrator understand the tools and methods available with which to keep data safe.
To access a network, a user must enter a valid user name and password. Because passwords are linked to user accounts, a password authentication system is the first line of defense against unauthorized users.
It is important not to let overreliance on this authentication process fool you into a false sense of security. For example, in a peer-to-peer network, almost anyone can log on with a unique name and password. This alone can provide a user with complete access to the network, so that anything that is shared becomes available to that user. Authentication works only in a server-based network in which the user name and password must be authenticated from the security database.
Unintentional errors can lead to security failures. A well-trained network user is less likely than an inexperienced novice to accidentally cause an error and ruin a resource by permanently corrupting or deleting data. Figure 10.1 illustrates such a problem.
Figure 10.1 Training helps reduce costly user errors
The administrator should ensure that everyone who uses the network is familiar with its operating and security procedures. To accomplish this, the administrator can develop a short, clear guide to what users need to know, and require that new users attend appropriate training classes.
The first step in keeping data safe is to provide for the physical security of the network hardware. (Establishing and maintaining an optimal environment for the physical network is discussed in detail in Lesson 2.) The extent of security required depends on:
In a peer-to-peer network, there is sometimes no organized hardware-security policy, and users are responsible for the security of their own computers and data. In a server-based network, security is the responsibility of the network administrator.
Securing the Servers
In a larger, centralized system, in which much individual user and organization data is sensitive, it is important to secure the servers from accidental or deliberate tampering.
It is not uncommon for some individuals to want to demonstrate their technical abilities when the servers have problems. They may or may not know what they are doing. It is best to tactfully prevent these people from "fixing" the server. The simplest solution is to lock the servers in a dedicated computer room with limited access; depending on the size of the company, this might not be workable. Locking the servers in an office or even a large storage closet is often practicable and goes some way toward securing the servers.
Securing the Cables
Copper media, such as coaxial cable, much like a radio emits electronic signals that mimic the information it carries. Information carried in these signals can be monitored with electronic listening equipment. Copper cable can also be tapped into so that information can be stolen directly from the original cable.
Cable runs that handle sensitive data should be accessible only to authorized people. Proper planning can make cable runs inaccessible to unauthorized people. For example, cable can be run inside the building structure, through ceilings, walls, and floors.
After implementing security for the network's physical components, the administrator needs to ensure that the network resources will be safe from both unauthorized access and accidental or deliberate damage. Policies for assigning permissions and rights to network resources are at the heart of securing the network.
Two security models have evolved for keeping data and hardware resources safe:
These models are also called "share-level security" (for password-protected shares) and "user-level security" (for access permissions).
Implementing password-protected shares requires assigning a password to each shared resource. Access to the shared resource is granted when a user enters the correct password.
In many systems, resources can be shared with different types of permissions. To illustrate, we use Windows 95 and 98 as examples. For these operating systems, as described in Chapter 9, "Establishing Network Shares and Accounts," directories can be shared as Read Only, Full, or Depends On Password.
The password-protected share system is a simple security method that allows anyone who knows the password to obtain access to that particular resource.
Access-permission security involves assigning certain rights on a user-by-user basis. A user types a password when logging on to the network. The server validates this user name and password combination and uses it to grant or deny access to shared resources by checking access to the resource against a user- access database on the server.
Access-permission security provides a higher level of control over access rights. It is much easier for one person to give another person a printer password, as in share-level security. It is less likely for that person to give away a personal password.
Because user-level security is more extensive and can determine various levels of security, it is usually the preferred model in larger organizations.
After the user has been authenticated and allowed on the network, the security system gives the user access to the appropriate resources.
Users have passwords, but resources have permissions. In a sense, a security fence guards each resource. The fence has several gates through which users can pass to access the resource. Certain gates allow users to do more to the resource than other gates. Certain gates, in other words, allow the user more privileges with the resource.
The administrator determines which users should be allowed through which gates. One gate grants the user full access to or full control of a resource. Another gate grants the user read-only access.
As shown in Figure 10.2, each shared resource or file is stored with a list of users or groups and their associated permissions (gates).
Figure 10.2 Permissions control the type of access to a resource
Table 10.1 contains common access permissions assigned to shared directories or files.
Different network operating systems (NOSs) give different names to these permissions. The following table shows some of the typical permissions that can be set on Windows NT Server directories.
Table 10.1 Windows NT Server Permissions
|Read||Reads and copies files in the shared directory.|
|Execute||Runs (executes) the files in the directory.|
|Write||Creates new files in the directory.|
|Delete||Deletes files in the directory.|
|No Access||Prevents the user from gaining access to directories, files, or resources.|
The administrator's job includes assigning each user the appropriate permissions to each resource. The most efficient way to accomplish this is through groups, especially in a large organization with many users and resources. As shown in Figure 10.3, Windows NT Server allows users to select the file or folder for which they want to set group permissions.
Figure 10.3 Windows NT Explorer is used to set permissions
Permissions for groups work in the same way as they work for individuals. The administrator reviews which permissions are required by each account and assigns the accounts to the proper groups. This is the preferred method of assigning permissions, rather than assigning each account's permissions individually.
Assigning users to appropriate groups is more convenient than having to assign separate permissions to every user individually. For example, giving the group Everyone full control of the public directory might not be the best choice. Full access would allow anyone to delete or modify the contents of the files in the public directory.
In Figure 10.4, the group Everyone has been granted Read access to the directory public. This allows members of the group Everyone to read, but not delete or modify, the files in the public directory.
Figure 10.4 Modifying group permissions
The administrator could create a group called Reviewers, grant complete access permissions to the student files to that group, and assign staff to the Reviewers group. Another group, called Faculty, would have only Read permissions in the student files. Faculty members assigned to the Faculty group would be able to read the student files, but not change them.
Run the c10dem01 video located in the Demos folder on the CD accompanying this book to view a presentation of share-based and server-based network security.
The network administrator can increase the level of security on a network in several ways. This section explores some of the options.
A firewall is a security system, usually a combination of hardware and software, that is intended to protect an organization's network against external threats coming from another network, including the Internet.
Firewalls prevent an organization's networked computers from communicating directly with computers that are external to the network, and vice versa. Instead, all incoming and outgoing communication is routed through a proxy server outside the organization's network. Firewalls also audit network activity, recording the volume of traffic and providing information about unauthorized attempts to gain access.
A proxy server is a firewall component that manages Internet traffic to and from a local area network (LAN). The proxy server decides whether it is safe to let a particular message or file pass through to the organization's network. It provides access control to the network, filtering and discarding requests that the owner does not consider appropriate, including requests for unauthorized access to proprietary data.
Reviewing records of events in the security log of a server is called auditing. This process tracks network activities by user accounts. Auditing should be a routine element of network security. Audit records list the users that have accessed—or attempted to access—specific resources. Auditing helps administrators identify unauthorized activity. It can also provide usage information for departments that charge a fee for making certain network resources available and need some way to determine the cost of those resources.
Auditing can track functions such as:
Audit records can indicate how the network is being used. The administrator can use the audit records to produce reports that show activities and their date and time ranges. For example, repeated failed logon attempts or efforts to log on at odd hours can indicate that an unauthorized user is attempting to gain access to the network.
Diskless computers, as the name implies, have no floppy-disk drives or hard disks. They can do everything a computer with disk drives can do except store data on a local floppy disk or hard disk. Diskless computers are an ideal choice for maintaining security because users cannot download data and take it away.
Diskless computers do not require boot disks. They communicate with the server and log on by means of a special ROM boot chip installed on the computer's network interface card (NIC). When the diskless computer is turned on, the ROM boot chip signals the server that it is ready to start. The server responds by downloading boot software into the diskless computer's RAM and automatically presents the user with a logon screen as part of the boot process. After the user logs on, the computer is connected to the network.
Although a diskless computer can provide a high level of security, it has shortcomings. Without a local disk available on which to store applications and data, all computer activity must be conducted over the network. Network traffic will increase accordingly, and the network will have to be capable of handling increased demands.
A data-encryption utility scrambles data before it goes onto the network. This makes the data unreadable even by someone who taps the cable and attempts to read the data as it passes over the network. When the data arrives at the proper computer, the code for deciphering encrypted data decodes the bits, translating them into understandable information. Advanced data-encryption schemes automate both encryption and decryption. The best encryption systems are hardware-based and can be expensive.
The traditional standard for encryption is the Data Encryption Standard (DES). Developed by IBM and adopted in 1975 as a specification for encryption by the government of the United States, this system describes how data should be encrypted and provides the specifications for the key to decryption. The U.S. Government continues to use DES. Both the sender and the receiver need to have access to the decryption key. However, the only way to get the key from one location to another is to physically or electronically transmit it, which makes DES vulnerable to unauthorized interception.
Today, the U. S. Government is also using a newer standard, called the Commercial COMSEC Endorsement Program (CCEP), which may eventually replace DES. The National Security Agency (NSA) introduced CCEP and allows vendors with the proper security clearance to join CCEP. Approved vendors are authorized to incorporate classified algorithms into communications systems.
Computer viruses are becoming an all-too-familiar fact of life. It is not uncommon to see a report on a local news channel describing the latest virus and warning about its destructive impact. Computer viruses are bits of computer programming, or code, that hide in computer programs or on the boot sector of storage devices, such as hard-disk drives and floppy-disk drives. The primary purpose of a virus is to reproduce itself as often as possible and thereby disrupt the operation of the infected computer or the program. Once activated, a virus can be a simple annoyance or completely catastrophic in its effect. Viruses are written by people with an intent to do harm.
Viruses are classified into two categories, based on how they propagate themselves. The first type, called a "boot-sector virus," resides in the first sector of a floppy-disk or hard-disk drive. When the computer is booted, the virus executes. This is a common method of transmitting viruses from one floppy disk to another. Each time a new disk is inserted and accessed, the virus replicates itself onto the new drive. The second type of virus is known as a "file infector." Such a virus attaches itself to a file or program and activates any time the file is used. Many subcategories of file infectors exist.
The following list describes a few of the more common file infectors:
Just as computer viruses do not create themselves, neither do they spread through the air unaided. Some kind of exchange between the two computers must take place before transmission can occur. In the early days of computing and viruses, the principal source of infection was through the exchange of data on floppy disks. One infected computer in an organization could easily infect all the computers in the organization, merely by a single user passing around a copy of the latest screensaver program.
The proliferation of LANs and the growth of the Internet have opened many new pathways to rapidly spreading viruses. Now, virtually any computer in the world can be connected to any other computer in the world. As a consequence, the creation of viruses is also on the rise. In fact, some virus creators provide easy-to-use software containing directions for how to create a virus.
A recently emerging method of spreading a virus is through e-mail services. After an e-mail message containing the virus is opened, it attaches itself to the computer and can even send itself to names in the computer's e-mail address book. Usually, the virus is located in an inviting attachment to an e-mail message.
Convincing unsuspecting victims to activate a virus is a goal for virus writers. This is often accomplished by packaging the virus in an enticing cover. Such a virus is known as a "Trojan horse." To attract users, it is presented in the guise of something familiar, safe, or intriguing.
Remember that any means by which computers exchange information provides a potential path for a virus. Methods in common use include:
A virus can cause many kinds of harm to a computer; the creativity of its creator is the only limitation. The following list describes common symptoms of computer virus infection:
The most common symptom of virus infection in a network is one or more misbehaving workstations. A peer-to-peer network is the most vulnerable. As described in Chapter 1, "Introduction to Networking," in a peer-to-peer network all things are shared equally; therefore, any infected computer has direct access to any computer or resource that is shared to the network. Server-based networks have some built-in protection because permission is required to obtain access to some portions of the server and, therefore, the network. In these networks, it is more likely that workstations will be infected than a server, although servers are not immune. The server, as the conduit from one computer to another, participates in the transmission of the virus, even though it might not be affected.
Disastrous viruses are becoming more commonplace and should be taken into account when network security procedures are developed. An effective antivirus strategy is an essential part of a network plan. Good antivirus software is essential. Although no virus protection software can prevent all viruses, it can do some of the following:
Preventing unauthorized access to the network is one of the best ways to avoid a virus. For example, the best way to prevent a virus from infecting a floppy disk is to use write protection. If you cannot write to the floppy disk, you cannot infect it. Because prevention is the key, the network administrator needs to make sure that all standard preventive measures are in place.
The following points summarize the main elements of this lesson: