Why Defending Networks Is Difficult

Why Defending Networks Is Difficult

In traditional combat, defenders enjoy a distinct advantage over their attackers. However, in information technology, several factors give attackers the advantage:

  • Attackers have unlimited resources.

  • Attackers need to master only one attack.

  • Defenders cannot take the offensive.

  • Defenders must serve business goals.

  • Defenders must win all the time.

Attackers Have Unlimited Resources

At any given time, defenders must protect their network against both attackers around the globe and their own employees. This accumulation of attackers, as a group, limits a defender s resources. Many attackers can spend all day systematically attempting to break into your network. Attackers can collaborate to develop new and more sophisticated attacks. As a network administrator, you have other duties besides defending the network, and unlike attackers, you go home at night, take sick days, and go on vacations. Over time, some attackers will cease attempting to break into your network, but new ones will take their place. Defending networks against unrelenting hoards of attackers with much more time than you gives attackers an advantage.

Attackers Need to Master Only One Attack

As a network administrator, you have to secure many servers and applications. You must learn how all your operating systems, applications, and network devices work, as well as how to secure and manage them. You must determine the threats to each component of your network and keep current with newly reported vulnerabilities. Attackers, on the other hand, need to master attacking only a single application or operating system feature in order to compromise it and break into your network.

Defenders Cannot Take the Offensive

Although attackers can attack networks with a certain amount of impunity, defenders can retaliate only through litigation, which is expensive and time-consuming. Attacking an attacker is not only illegal in most countries, it is impractical. This is because attackers often use previously compromised third-party computers, called zombie systems, or many zombie systems acting in unison to attack networks. By using zombie systems to carry out or amplify an attack, an attacker can protect her identity. Frequently attackers use the networks of colleges and universities as an attack vector because of their openness, computing power, and bandwidth. An attack can also originate from another legitimate organization whose employee has attacked your network, or whose network has already been compromised by an intruder. In any of these cases, retaliating against an intruder can result in your organization illegally attacking an unwitting individual, company, or organization. Thus, legally and practically, you cannot retaliate against attackers.

Defenders Must Serve Business Goals

Although network administrators are responsible for securing their organizations networks, they also must install and configure operating systems and applications that help employees meet the goals of the business. In some situations the pursuit of company business goals conflicts with maintaining the security of the network.

For example, company executives might travel with laptops that contain sensitive information about the company. The executives might be unwilling to comply with security policies that require long and complex passwords. Knowing this, a network administrator might supply the executives with smart cards that they must use to access their laptops. This security measure will better protect the information on the laptop, but it also introduces other potential problems, such as the loss or misplacement of smart cards. To mitigate this situation, a network administrator might decide to create a second account for local computer users that could be used without the protection of a smart card, granting certain trusted employees the new account password, which could result in a serious security vulnerability. Another situation in which the pursuit of business goals can interfere with the protection of the network occurs when your organization has a business rule that conflicts with the security of the network. For example, your organization might have a business rule that requires network traffic to the payroll server to be encrypted. This security measure will make data transmission of employee compensation secure, but makes it impossible for you to monitor network traffic to determine whether traffic is legitimate or illegitimate. It also prevents you from using any type of network intrusion detection software. In both scenarios, having to serve business goals jeopardizes your ability to protect the network.

Defenders Must Win All the Time

An attacker needs only one successful attack to comprise a network, while a network administrator must prevent all attacks to succeed in his role. These are ominous odds for ill-equipped or under-resourced network administrators. Given all the other problems defenders of networks face, it is inevitable that the security of your network will be compromised at some point. As a network administrator, you must ensure that these compromises are detected early and happen infrequently.

Is defending a network impossible? Not at all. But one thing is certain: it is impossible to defend a network without trained, skilled, and knowledgeable network administrators. By applying the key principles of security outlined in Chapter 1 to the information this book presents on securing computers running Windows 2000 and Windows XP, you can build a strong foundation for defending your networks.



Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net