NETWORK SECURITY

6.1 Introduction

This chapter discusses security issues regarding TCP/IP networks and provides an overview
of solutions to resolve security problems before they can occur. The field of network security
in general and of TCP/IP security in particular is too wide to be dealt with in an all
encompassing way in this manual, so the focus of this chapter is on the most common security
exposures and measures to counteract them.
Because many, if not all, security solutions are based on cryptographic algorithms, we
also provide a brief overview of this topic for the better understanding of concepts
presented throughout this chapter.

6.2 Security Issues

This section gives an overview of some of the most common attacks on computer
security, and it presents viable solutions to those exposures and lists actual implementations.

6.1.1 Common Attacks

For thousands of years, people have been guarding the gates to where they store their
treasures and assets. Failure to do so usually resulted in being robbed, neglected by society or
even killed. Though things are usually not as dramatic anymore, they can still become very
bad. Modern day I/T managers have realized that it is equally important to protect their
communications networks against intruders and saboteurs from both inside and outside. We
do not have to be overly paranoid to find some good reasons why this is the case:

 Wire tapping: listening a link to get access to cleartext data and passwords
 Impersonation: to get unauthorized access to data or to create unauthorized e-mails,
orders, etc.
 Denial-of-service: to render network resources non-functional
 Replay of messages: to get access to and change information in transit
 Guessing of passwords: to get access to information and services that would
normally be denied (dictionary attack)
 Guessing of keys: to get access to encrypted data and passwords (brute-force attack,
chosen ciphertext attack, chosen plaintext attack)
 Viruses, trojan horses and logic bombs: to destroy data
Though these attacks are not exclusively specific to TCP/IP networks, they should be
considered potential threats to anyone who is going to base his/her network on TCP/IP, which
is what the majority of enterprises, organizations and small businesses around the world are
doing today. Hackers (more precisely, crackers) do likewise and hence find easy prey.

6.1.2 Observing the Basics

Before even thinking about implementing advanced security techniques, you should make
sure that basic security rules are in place:
Passwords: Make sure that passwords are enforced to be of a minimum length (typically six
to eight characters), to contain at least one numeric character, to be different from the user ID
to which they belong, and to be changed at least once every two months.
User IDs: Make sure that every user has a password and that users are locked out after several
logon attempts with wrong passwords (typically five attempts). Keep the passwords to
superuser accounts (root, supervisor,administrator, maint, etc.) among a very limited circle of
trusted system,network and security administrators.
System defaults: Make sure that default user IDs are either disabled or have passwords that
adhere to the minimum requirements stated above. Likewise, make sure that only those
services are enabled that are required for a system to fulfill its designated role.
Physical access: Make sure that access to the locations where your systems and users
physically reside is controlled appropriately. Information security begins at the receptionist,
not at the corporate firewall.
Help desk: Make sure that callers are properly identified by help desk representatives or
system administrators before they give out "forgotten" passwords or user IDs. Social
engineering is often the first step to attack a computer network.

6.2 Solutions to Security Issues

With the same zealousness that intruders search for a way to get into someone's computer
network, the owners of such networks should, and most likely will, try to protect themselves.
Taking on the exposures mentioned earlier, here are some solutions to effectively defend
yourself against an attack. It has to be noted that any of those solutions solve only a single or
just a very limited number of security problems.
Therefore, a combination of several such solutions should be considered in order to guarantee
a certain level of safety and security.
Encryption: to protect data and passwords
Authentication and authorization: to prevent improper access
Integrity checking and message authentication codes (MACs): to protect
against the improper alteration of messages
Non-repudiation: to make sure that an action cannot be denied by the person
who performed it
Digital signatures and certificates: to ascertain a party's identity
Frequent key refresh, strong keys and prevention of deriving future keys: to
protect against breaking of keys (crypto-analysis)
Address concealment: to protect against denial-of-service attacks
Content inspection: to check application-level data for malicious content
before delivering it into the secure network

Summary Security Exposures and Protections

Problem / Exposure Remedy Available Technologies
How to make break-ins into my Install a combination of Firewalls (IP filtering + proxy
network as difficult as possible? security technologies for servers + SOCKS + IPSec,
networks as well as for etc.). Antivirus + content
applications. inspection + intrusion
detection
software. No system defaults
+
enforced password policies.
Passwords for every user and
every service/application +
ACLs. Extensive logging +
alerting + frequent log
audits/analysis. No
unauthorized dial-in +
callback

How to protect against viruses, Restrict access to outside IBM/Norton AntiVirus, etc.
trojan horses, logic bombs, etc.? sources. Run antivirus Content Technologies'
software MIMESweeper and
 on every server and WebSweeper, etc. Finjan
workstation. Run Surfingate, etc.
content-screening software
on
your gateways for application
data (mail, files, Web pages,
etc.) and mobile code (Java,
ActiveX, etc.). Update that
software frequently.

How to prevent the improper Use a multi-layer access Application security (DBMS,
use of services by otherwise control model based on Web servers, Lotus Notes,
properly authenticated users? ACLs. etc.).
Server file systems
(UNIX, NTFS, NetWare,
HPFS-386, etc.). System
security services (RACF, DCE,
UNIX, NT, etc.).
How to obtain information on Observe security directives [Link]
possible security exposures? by organizations such as
CERT and your hardware and
software vendors

How to make sure that only Use access control at link RADIUS (optionally using
those people, that you want dial establishment by virtue of Kerberos, RACF, etc.),
into your network? central authentication TACACS. Security
services, two-factor Dynamics'
authentication, etc. SecureID ACE/Server, etc.
How do you know that your Use extensive logging and Application/Service access
system has been broken into? examine logs frequently. Use logs
intrusion detection programs. (Lotus Notes, DB2/UDB,
Web

5
 servers, etc.). System logs
(UNIX, Windows NT,
AS/400,
etc.). Firewall logs and
alerting
(IBM firewalls, etc.). Systems
management and alerting
(Tivoli, etc.)
How to prevent wire tappers Encrypt messages, typically SET, SSL, IPSec, Kerberos,
from reading messages? using a shared secret key. PPP
Secret keys offer a
tremendous performance
advantage over public/private
keys.)

6.3 The Need for a Security Policy

It is important to point out that you cannot implement security if you have not decided what
needs to be protected and from whom. You need a security policy, a list of what you consider
allowable and what you do not consider allowable, upon which to base any decisions
regarding security.
The policy should also determine your response to security violations. An organization's
overall security policy must be determined according to security analysis and business
requirements analysis. Since a firewall, for instance, relates to network security only, a
firewall has little value unless the overall security policy is properly defined. The following
questions should provide some general guidelines:
 Exactly who do you want to guard against?
 Do remote users need access to your networks and systems?
 How do you classify confidential or sensitive information?
 Do the systems contain confidential or sensitive information?
 What will the consequences be if this information is leaked to your competitors or
other outsiders?

5
 Will passwords or encryption provide enough protection?
 How much access do you want to allow to your systems from the Internet
and/or users outside your network (business partners, suppliers, corporate
affiliates, etc.)?
 What action will you take if you discover a breach in your security?
 Who in your organization will enforce and supervise this policy?

This list is short, and your policy will probably encompass a lot more before it is complete.
Perhaps the very first thing you need to assess is the depth of your paranoia. Any security
policy is based on how much you trust people, both inside and outside your organization. The
policy must, however, provide a balance between allowing your users reasonable access to the
information they require to do their jobs, and totally disallowing access to your information.
The point where this line is drawn will determine your policy.

6.4 Incorporating Security into Your Network Design

You have seen throughout previous chapters that the design of an IP network is sometimes
exposed to environmental and circumstantial influences that dictate certain topologies or
strongly favor one design approach over another. One such influential topic is IP security.

6.4.1 Expecting the Worst, Planning for the Worst

In general, network administrators tend to either overemphasize or neglect security aspects
when designing their networks. It is very important that you do not follow either of those
cases but take great care that the security measures you need to implement in your network
match those specified in your overall security policy. Once a security policy is in place,
adequate technologies and their impact on the network design can be discussed.
However, if in doubt, expect the worst and add one more layer of security. You can remove it
later if a thorough investigation reveals that it is not required. Do not trade in security for
availability or performance unless you can really justify it. It helps to divide your network
into three major zones in order to define a more detailed security policy and the designs
required to implement them at the right points within the network. Those zones are described
below:
Core Network: This is the network where your business-critical applications and their
supporting systems are located. This part of the network requires maximum protection from

6
the outside and is usually also kept apart from internal users as an additional layer of
protection.
Perimeter Network: This is the network where your public resources are located.
These include Web and FTP servers but also application gateways and systems that provide
specialized security functions, such as content inspection, virus protection and intrusion
detection. This part of the network is typically secured from the outside as well as the inside
to provide maximum isolation of the traffic in this network. This part of the network may also
contain internal users.
Access Network: This is the network, whether private, public or virtual, leased or
dial-up, that is used by the outside to access your network and its services and applications.
This network is typically secured to the outside only.