Lesson 3: Intrusion Points
Intrusion points are areas that provide an access point to your company's information. Some of these are obvious, but others are not. For instance, you might realize that you need to install a firewall to protect the internal network and computers from hackers, but if a hacker took a temporary job at your company, the firewall would be of little use. When identifying intrusion points, you must consider internal threats as well as external threats. Some internal and external access points are as follows:
Internal access points
Systems that are not in a secured room
Systems that do not have any local security configured
External access points
Network components that connect your company to the Internet
Applications that are used to communicate across the Internet
Communications protocols
Identify intrusion points to your network infrastructure
Understand how Internet-based applications threaten your C-I-A triad
Understand how communications protocols can threaten your C-I-A triad
Network Infrastructure
Your network infrastructure is all of the wiring, networking devices, and networking services that provide connectivity between the computers in a network. The network infrastructure also provides a way to connect to the Internet, allows people on the Internet to connect to your network, and provides people who work remotely with methods to connect to your network.
Intrusion points provide a place for someone to penetrate your network communications and gain access to the information you have stored on your computers. Examples of how an intruder might exploit the network infrastructure include the following:
An external intruder would attack your connection to the Internet using an attack method, such as a DoS attack, or attempting a user name and password that allows them to authenticate.
An internal intruder might connect to an open network jack and attempt to gain access to a server with shared resources that do not require a password.
Applications Used on the Internet
Almost anyone who has a computer connects to the Internet to visit Web sites, check e-mail, and send instant messages to friends. It is also becoming more common to check credit card accounts and bank accounts across the Internet.
Each of these tasks is accomplished using an application running on your computer that allows you to interact with other computers on the Internet. There is a risk associated with providing this additional functionality. Some of the ways an intruder could exploit the applications for less-than-altruistic reasons include the following:
An external intruder might place a virus or worm in an e-mail message and send the message to a user on your internal network. When opened, a virus might infect the system or provide the intruder with a way to control the system the e-mail was opened on.
An internal intruder might use native operating system utilities to connect to other systems on your internal network that do not require a user name or password to gain access. They might also use an application such as a Web browser to access confidential information with limited access security.
Communications Protocols
TCP/IP is the protocol suite used for communications on the Internet. Some attacks work by modifying the structure of the IP packet, but many successful intrusions occur at higher levels in the TCP/IP stack. For instance, an intruder can exploit a Web server using the Hypertext Transfer Protocol (HTTP). Communications protocols provide a common set of rules that computers use when communicating with each other. Some protocols offer no security, whereas others provide varying degrees of security. Intruders use their knowledge of communications protocols to compromise your C-I-A triad. The following are two examples:
An external intruder might attack your company's presence on the Internet by using a DoS attack to disable your Web server. This would cause the information to be inaccessible to your customers.
An internal intruder might disable an e-mail server by causing a flood of e-mail messages to be sent. This would disable the e-mail server so users could not retrieve their e-mail.
The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson and then try the question again. Answers to the questions can be found in Appendix A, "Questions and Answers."
Your company has a high-speed Internet connection that can be used to access the Internet and allows people on the Internet to access your company's Web site. Each user also has a modem that he or she can use for Internet access in case the high-speed connection fails. Users can select the Web browser they want to use and are allowed to manage their own computers. Which of the following are intrusion points for the hacker?
The high-speed connection
The Web browser on each of the client's computers
The modem that each user has
The Web server for your company's Web site
When accessing Web sites, an intruder might exploit a Web server using the HTTP protocol. (True or False?)
It is always better to have several access points to the Internet so that if a hacker takes one down your company still has access. (True or False?)
Lesson Summary
Intrusion points are places where your company's information is accessed. Examples of these include the following:
Places in your network infrastructure that can be accessed internally or externally
Applications that interoperate with other applications remotely, especially on the Internet, such as a Web browser or mail application
Communications protocols that are used for communications across the Internet
External access points connect your company's systems and network to the Internet or provide access to your company's information from external locations. For instance, if your company has a Web server accessed from the Internet, it is an external access point.
Internal access points provide access to your company's information from internal sources. For instance, a server on your network that does not require a user name or password to access information is considered an internal access point.