|Previous ||Table of Contents ||Next |
Network Security & Future Expansion
This section finishes up the book with the crucial topic of how to secure your OSPF network once its in place. In addition, youll also see the continuing developments in OSPF technology and what the future has in store for OSPF. This information is conveyed in the final three chapters of the book:
Chapter 10, Securing Your OSPF Network, covers network security and the various techniques that you can use to protect your OSPF network from outside attackers, including very basic security techniques, more advanced encryption, and filtering.
Chapter 11, The Continuing Evolution of OSPF, covers how to prepare your OSPF network for the future by tracking the IETFs working drafts. These documents are the true measure of how the OSPF Working Group, a section of the IETF, is keeping up with the increasing demands of the internetworking community.
Chapter 12, Future Network Considerations, covers some of the hot, new networking features that are making their presence felt in the industry, including SNMPv2 and v3, Remote Monitoring (RMON), and the dawning of the age of IPv6.
Securing Your OSPF Network
Pride: Pride Is A Personal Commitment. It Is An Attitude Which Separates Excellence From Mediocrity.Successories
This chapter is the first in Part 4 and deals exclusively with network security and the various techniques that you can use to protect your OSPF network from outside attackers. It will cover a broad range of security topics from very basic security techniques to the more advanced forms of encryption and filtering. This chapter consists of four major parts:
- Network Security. This section introduces you to a variety of security threats and concerns that will demonstrate the need for a coordinated network security plan. Some of the more recent attacks against the Cisco IOS and how it has responded will be discussed. This section is not all doom and gloom, as it will also cover a variety of defensive techniques that have been developed to repel the attacks described.
- Golden Rules of Designing a Secure Network. This section covers the Golden Rules you must use to begin the development of a comprehensive network security plan. Many of the Golden Rules are common sense-oriented topics that network designers might forget in their rush to design the network. This chapter will also briefly discuss the need to include a comprehensive security plan in the initial stages of the networks design.
- Securing Your OSPF Network. This section contains the true meat of how to secure your network. This chapter will take a look at the entire range of security implementations you can use in your networkfrom simple configuration commands that should be deployed within your routers to how OSPF can protect the integrity of your routing structure.
- Configuring Traffic Filters. Do you have users travelling inside or outside your network? Is it possible that someone is trying to get into your network? Then this section is for you! This chapter will discuss the various types of filtersalso known as access listsand how to deploy them within your network to enable you to sleep better at night by getting very granular with their place with your security design.
Network security must be an integral part of the design of every aspect of your network.
When most people talk about network security, they mean ensuring that users can only perform tasks they are authorized to do, can only obtain information they are authorized to have, and cannot cause damage to the data, applications, or operating environment of a system.
The word security connotes protection against malicious attack by outsiders. Security also involves controlling the effects of errors and equipment failures. Anything that can protect against a deliberate, intelligent, calculated attack will probably prevent random misfortune.
Network security has probably been one of the least considered aspects of network operation and design. As enterprise networks evolve, it has become an increasingly larger concern of many. Is this concern justified? A resounding yesand the concerns are probably late in coming. Consider recent FBI statistics that estimate businesses in the United States alone lost an estimated $10 billion dollars from computer break-ins in 1997. That number is larger than the gross national product of many nations. When considered this way, you can easily see why people have dedicated their lives to computer theft. Are these security breaches occurring in the wide-area portion of your network as well? Although it might not be happening in your network yet, it is occurring elsewhere. Consider the excerpts in the following sections, which were taken from Ciscos home page (http://www.cisco.com) regarding their recent announcements in the security arena.
Network security is a broad topic that can be addressed at many different levels within the OSI model.
- Data Link layer, or media level. This is where packet sniffing and encryption problems can occur.
- Network or Protocol layer. The point at which Internet Protocol (IP) packets and routing updates are controlled.
- Application layer. This is where, for example, host-level bugs become issues.
Because network security is such a broad topic, this chapter will not delve too deeply into any one area. Everyone concerned with this subject must be aware of how this subject is stretched across every network.
It is important that you realize that every networking equipment manufacturer, network protocol, user, and service provider has security problems. Consider two examples. First, with todays technologies, a cyber thief could put a PC running some type of sniffer software with a cellular telephone and modem on a circuit. This is probably easier than you think if you consider the miles and miles of cabling stretching across the United States that is physically accessible. The second most obvious network protocol example is SNMP. If you had the SNMP community string, every SNMP manageable device would allow the cyber thief read/write access. I recommend dealing with a vendor, such as Cisco, that has an open disclosure policy of identified and corrected security breaches so you can react accordingly. The alternative is a vendor that does not share holes in their equipment and smiles while saying the system is completely protected. That is probably the biggest misconception of many, as you are only protected until a cyber thief decides he wants access.
|Previous ||Table of Contents ||Next |