Section X: Network Security and Backup Systems

Networking Is A Risky Business

Networks seriously increase access to your information, and with access comes the responsibility of restriction and control. In addition to the usual sources of security breachespeople taping passwords to their monitors and using scanners to electronically eavesdropnetworks invite a whole host of other vulnerabilities. It's easy enough to drop another workstation or server on the network or add another application. Add the ability to dial into the network system, and you pose an even greater risk.

There is no simple formula for calculating your security needs. The amount of security depends upon the threat you perceive. In some cases, the need for security is clear: banks, airlines, credit card companies, the Department of Defense, and insurance companies. In other cases, the risks may be less obvious. Allowing any worker to examine the payroll file makes for disgruntled employees . Your personal calendar indicates when you are out of town. The following are some of the more common risks to network security.

• Your network can be a danger to itself. Being made of mechanical components , a network can do itself damage when disk heads crash, servers fail, and power supplies blow. Tape and disk platters get old and go bad. Bugs, such as in an out-of-control operating system process or one with a faulty memory mapping, destroy data. Monitor mechanical equipment for wear. For critical components, keep spares onsite or, if warranted, online.

• Your network is physically vulnerable. Thieves and other intruders can physically break into your building, wiring closet, or server room and steal or vandalize equipment and data. When a file is erased, very often it physically remains on disk or tapeonly the entry to the directory structure is removed. Sensitive documents may be printed out and left lying around the office, waiting for prying eyes or thieving hands.

Your first line of defense is the simplest: Use locks, guards , and alarms to protect against these physical vulnerabilities. Lock servers in a room and lock wiring closets, permitting access to only those with a key. Sensitive data must be completely wiped off the media when deleted. Shred all sensitive printouts. Bolt expensive equipment to the floor or to a desk. A slew of products exist to prevent intruders from physically taking equipment. Most involve locking equipment with metal bars, in steel cabinets , or with large chains. Others sound loud alarms to deter the thief . These products can help to keep your equipment from being physically stolen (it also makes them difficult to move from one station to another). If your security needs are extreme, you might employ biometric devices. Biometric devices use a physical aspect of people, such as their fingerprints , to verify their identity.

The next step is to secure the cable. Copper cable gives off electromagnetic radiation, which can be picked up with listening devices, with or without tapping into the cable. One solution is to switch to fiber- optic cable, which does not emit electromagnetic signals and is more difficult to tap without detection.

Diskless PCs are a popular security measure. A diskless PC lacks floppy and fixed drives. Users must boot the computers off the file server. With no drives , no way to remove data physically exists. However, be aware that diskless PCs with serial and parallel ports and expansion slots are insecure . A user can insert a removable disk into an expansion slot and remove data. Or the user can attach a printer.

Another step is to physically limit access to data sources. Use the keyboard lock on PCs and file servers. Lock file servers in closets or computer rooms, thus preventing direct access and forcing intruders to circumvent network security. Rooms with doors and locks are good places for printers and other output devices since printed data may be as sensitive as electronic data.

• Viruses are potentially one of the most dangerous and costly types of intrusion. Although they are relatively rare to a well-kept network, the penalties inflicted by a virus can be severe. Your network is vulnerable at any point it contacts the outside world, from floppy drives to bridges to modem servers. At these external contacts, your network's messages can be intercepted or misrouted. Workers take notebooks on the road and may come into contact with a virus-infected computer. Users may take work home, where their home computers are infected. Demonstration programs, bulletin boards , and even shrink-wrapped software may have viruses.

  Protecting your network against a computer virus is much the same as protecting it from unauthorized access. If intruders can't access the network, they can't unleash a virus. However, many viruses are introduced by unwitting authorized users. Any new software should be suspected of having viruses. Although programs from bulletin boards may sometimes be infected, several software companies have shipped shrink-wrapped software that was infected with a virus. While specialized programs can look out for viruses and limit the havoc they wreak, no program can prevent a virus. It can only deal with the symptoms.

• Intentional threats are also potentially damaging . Employees and outsiders pose intentional threats. Outsidersterrorists, criminals, industrial spies, and crackerspose the more newsworthy threats, but insiders have the decided advantage of being familiar with the network. Disgruntled employees may try to steal information, but they may also seek revenge by discrediting an employee or sabotaging a project. Employees may sell proprietary information or illegally transfer funds. Employees and outsiders may team up to penetrate the system's security and gain access to sensitive information.

• Workstation file systems present a threat to the network. DOS is easy to circumvent. Intruders can use the many available programs to get at a hard disk and remove data, even if security programs are at work. For this reason, high security installations may want to use a different operating system, one with a different file system. Unix has sophisticated file security, and additional programs are available for even more protection.

• Your network radiates electromagnetic signals. With an inexpensive scanner, experienced electronic eavesdroppers can listen in on your network traffic and decode it. Shielded cable, such as coax and shielded twisted pair, radiates less energy than unshielded cable, such as telephone wire. Fiber-optic cable radiates no electromagnetic energy at allsince it uses light instead of electrical signals to transmitand it's relatively easy to detect taps into a fiber cable, since these decrease the light level of the cable. If your installation demands maximum security, Tempest-certified equipment shields electromagnetic emissions.

• By far the most common network intrusion is unauthorized access to data, which can take many forms. The first line of defense against unauthorized access should be the workstation interface. Login passwords are a must. Nearly all network operating systems will not give workstation users access to network resources without the correct password. To make passwords more effective, the administrator should assign them and change them at random intervals. Don't let users post their passwords on their monitors or desk blotters. Use mnemonic passwords to help users remember.

Software is available to blank a user's screen or lock the keyboard after a certain definable period of inactivity. Other software will automatically log a user out of the network. In either case, a password is required to renew activity. This prevents the casual snooper, but not a determined one.

A more secure method to stop unauthorized access is an add-in card for each workstation. This card forces the workstation to boot up from a particular drive every time. It can also enforce some kind of user validation, like a password. If the card is removed, the workstation is automatically disabled.

• Your network administrators present yet another risk. If you give them free rein over the applications and data, you're exposing your network to unnecessary risks. Your network administrators manage the network, not the data on it. Administrators should not have access to payroll information, for example. Similarly, don't fall victim to the fallacy that the department heads should have complete access to the network and its information just because they are in charge.

• Finally, your network is subject to the whims of nature. Earthquakes, fires, floods, lightning, and power outages can wreak havoc on your servers and other network devices. While the effects of lightning and power outages can be minimized by using uninterruptible power supplies, you'll need to store backups of important data (and perhaps even equipment) offsite to deal with large-scale disasters.

Three Forms Of Data Security

Information security entails making sure the right people have access to the right information, that the information is correct, and that the system is available. These aspects are referred to as confidentiality, integrity, and availability.

Information stored on a network often needs to be confidential, and a secure network does not allow anyone access to confidential information unless they are authorized. The network should require users to prove their identities by providing something they know, such as a password, or by providing something they possess, such as a card key. Most network operating systems and many applications packages use passwords.

In government circles, this aspect of security hinges on secrecy ; access to information is granted according to security clearance. In commercial circles, this aspect of security comes more from confidentiality, where only users who need to know the private information have access.

Guarding access to information is one aspect of security; the security system must also guarantee the information itself is accurate, referred to as data integrity. In providing data integrity, for example, a network ensures that a $14,000 bank account balance isn't really supposed to be $14 million. The system must verify the origin of data and when it was sent and received. Network operating systems grant users access to files and directories on a read, write, create, open , and delete basis. Word processors lock files so more than one user cannot modify the same file at the same time. Databases use record locking to provide a finer granularity of access control.

The third aspect of security is network availability. Although not commonly thought of as part of security, a secure network must also ensure that users can access its information. The network must continue to work, and when a failure occurs, the network devices must recover quickly.

Solving Security Problems

Whatever type of security you implement, diligent watchfulness is important to its success. To help, network operating systems include audit trails that track all network activity, including which workstation has tried to log in to a file server three times unsuccessfully or which files have been changed when they should not have been altered .

Some audit trails can sound alarms when certain events take place. For example, the system manager may want to know when certain files are open, or when unusual traffic takes place. Audit trails will also keep a running log of all that takes place, so the network manager may be able to detect a pattern of intrusion.

Protecting against internal threats requires you to control access to files and applications on a need-to-know basis. Only grant access if users present valid reasons to access the application or data. Use the network operating system's security features to restrict access. Keep audit trails of who accesses what files and when. Enforce the use of passwords.

Such access privileges may be assigned by file, by user or a combination of both. For example, users with a certain security level may read and write to certain files. Those with lower security levels might be restricted to reading these files.

The network manager should create a profile of access privileges for each user. This profile, which is executed when the user logs on, restricts the user to authorized data and devices. Profiles may also be set up for data and devices, limiting their access to only authorized users. Profiles make managing security easier since they provide a consistent method of assigning and maintaining network privileges.

Once a user has workstation and network access, other security barriers can be put in place. Most network operating systems have many levels of access control that limit what resources are available, which data can be accessed, and what operations can be performed. These include restricting who can read and write to certain files, directories, applications, servers, and printers.

To reduce the risk, limit connections to the outside world. When you must make connections, use call-back modems, encryption, and virus-detection software. With call-back modems, users must dial into the system, verify their identity, then the modem calls the user back at a predetermined telephone number to establish the connection. Encryption scrambles data into an unreadable format so even if the packets are intercepted, the message remains nonsensical . Upon receipt of the message, only the people who know the private code, or key, can unscramble the data. Virus-detection software will identify many viruses and disable them if possible.

Biometric devices are a rather drastic security measure. Biometric devices use a person's physical characteristics to verify an identity. The verifying physical characteristic varies. Some use fingerprints, others use voice recognition, others scan a person's retina . Biometric devices are quite costly and are for highly secure environments.

Encryption

Passwords, locks, access privileges, and even biometric devices do not always deter the determined intruder. A common tool like a protocol analyzer can be hooked up to the network and the intruder can watch all data, including passwords, pass by. Data encryption is the answer.

With encryption, data is scrambled before transmission, making it unreadable as it passes over the wire, even if it is intercepted. To scramble or encrypt this data, its bits must be transformed according to an algorithm. The data is transmitted, and at the receiving end, a system of keys is used to decode the bits into intelligible information. Keys are necessary for encoding and decoding.

Encryption usually requires extra hardware because of the processing power required. Hardware-based encryption schemes are more difficult to crack than software-based methods .

A common data encryption standard specified by the U.S. government is Data Encryption Standard (DES).

DES defines how the data should be encrypted and the specifications for an electronic key. It uses one 64-bit key for encryption and decryption. This can cause problems because the key must be in the hands of the sender and receiver. The only way to get it from place to place is to transmit it. Transmitting the key introduces a security threat. The Public Key System, with matched public and private keys, is a solution.

Encryption may be done before data is stored or transmitted. Some networks only encrypt data when it is sent, which makes wire tapping more difficult but does not keep intruders from taking data from a disk. Other networks also encrypt data on the hard disk. Data is encrypted as it is written and decrypted as it is read from the disk. Having encryption working in both places keeps network data much more secure. Encrypting passwords, as NetWare 386 does, is sometimes sufficient to deter the casual data thief.

To further enhance encryption's effectiveness, keys should be changed at random intervals. This prevents intruders from discovering either the key or the time the key is changed. Alternative keys should be available, too, in case the original set is compromised.

The best network encryption schemes hide much of the encryption hassle from end users by taking care of key management and encryption automatically.

Develop A Security Plan

Make a planned attack to secure your network. Once your network has been hit by a virus or a data thief, it's too late to start thinkingyou should already be acting. Start the planning process by naming a security administrator, who may or may not be the same person as the network administrator. The security administrator works with the network administrators and department heads to develop a security plan.

You must evaluate the dangers to your network. You need to examine its vulnerabilities, the points at which it is susceptible to attack. Then you must identify the threats, or possible dangers to the system, such as a person, an object, or a natural disaster. Vulnerabilities take several forms, including physical, natural, mechanical, communications, and human.

Unintentional, intentional, and natural threats exist in your network, but the majority are unintentional. Users and system administrators commit errorsthey delete the wrong file, they disable access to a directory, they corrupt a data file, they never change their passwords, or they write them on their desk blotters. To counter unintentional errors, train your users and administrators about the network and its applications. Keep regular backups of the applications and data, for after a virus infection or data loss, restoring the damaged or lost files may be your only choice.

Reinforce the need to not write their passwords next to their computer or give them to anyone else. They should use passwords that are fairly difficult to guess. For example, users' passwords should not be their first names or spouses' names . Passwords that include numbers are much more difficult to guess. Users shouldn't type their passwords while someone is watching. Users and administrators should change their passwords frequently. Administrators shouldn't use supervisor logons as their "usual" logons .

Don't over-secure the network. Security procedures generally limit freedom to access the network, so implement them carefully. If you restrict access to certain directories, users may not be able to cut and paste freely from one document to another. Users will balk at elaborate security procedures that interfere with their jobs. They will find ways to circumvent the network security procedures, such as storing data on their local hard drives, not on the server, where it would be protected and backed up. Carefully balance the need for security with the security procedure.

For any security plan to work, the employees must take it seriously. The most effective action you can take is to educate your users and administrators on why your security plan is important. When people understand why controls are necessary, they are more likely to cooperate. Make it clear to prospective and current employees that everyone is expected to cooperate. Establish clear consequences for failure to cooperate. Be specific about policies and procedures. Write them down and give everyone a copy. Make sure each individual knows what to do. Don't overdo it. Insofar as possible, make it easy to cooperate. Enlisting the support of employees is probably the single most cost-effective security precaution a company can take.

Finally, natural threats, such as power failures, earthquakes, and other such disasters are a rare but real part of life. Develop a disaster recovery plan to deal with natural disasters and follow it. Archive important data and emergency backup hardware offsite in a secure facility. Keep enough in the archive for you to get your business up and running (and relatively current) should your primary facility get flattenedit could happen!

This tutorial, number 44, by Patricia Schnaidt, was originally published in the March 1992 issue of LAN Magazine/Network Magazine.