This Video Only On Information! Best Hacking Books Free Download In PDF 2018|| Hindi|| HACKING.
Matt Curtin
March 1997
Reprinted with the permission of Kent Information Services, Inc.
(Also available in Postscript and PDF formats for those who prefer, and nicer hardcopy.)
Abstract:
Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired', an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.
Some history of networking is included, as well as an introduction to TCP/IP and internetworking . We go on to consider risk management, network threats, firewalls, and more special-purpose secure networking devices.
This is not intended to be a ``frequently asked questions' reference, nor is it a ``hands-on' document describing how to accomplish specific functionality.
It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally, at home, and in the workplace.
Contents
- Introduction to Networking
- What are some Popular Networks?
- TCP/IP: The Language of the Internet
- IP
- TCP
- UDP
- Types And Sources Of Network Threats
- Unauthorized Access
- Lessons Learned
- Firewalls
- Types of Firewalls
- Some Words of Caution
- Secure Network Devices
A basic understanding of computer networks is requisite in order tounderstand the principles of network security. In this section, we'llcover some of the foundations of computer networking, then move on toan overview of some popular networks. Following that, we'll take amore in-depth look at TCP/IP, the network protocol suite that is usedto run the Internet and many intranets.
Once we've covered this, we'll go back and discuss some of the threatsthat managers and administrators of computer networks need toconfront, and then some tools that can be used to reduce the exposureto the risks of network computing.
What is a Network?
A ``network' has been defined[1] as ``any set ofinterlinking lines resembling a net, a network of roads ||an interconnected system, a network of alliances.' Thisdefinition suits our purpose well: a computer network is simply asystem of interconnected computers. How they're connected isirrelevant, and as we'll soon see, there are a number of ways to dothis.The ISO/OSI Reference Model
The International Standards Organization (ISO) OpenSystems Interconnect (OSI) Reference Model defines seven layers ofcommunications types, and the interfaces among them. (SeeFigure 1.) Each layer depends on the services provided bythe layer below it, all the way down to the physical networkhardware, such as the computer's network interface card, and the wiresthat connect the cards together.An easy way to look at this is to compare this model with something weuse daily: the telephone. In order for you and I to talk when we'reout of earshot, we need a device like a telephone. (In the ISO/OSImodel, this is at the application layer.) The telephones, of course,are useless unless they have the ability to translate the sound intoelectronic pulses that can be transferred over wire and back again.(These functions are provided in layers below the application layer.)Finally, we get down to the physical connection: both must be pluggedinto an outlet that is connected to a switch that's part of thetelephone system's network of switches.
If I place a call to you, I pick up the receiver, and dial yournumber. This number specifies which central office to which to sendmy request, and then which phone from that central office to ring.Once you answer the phone, we begin talking, and our session hasbegun. Conceptually, computer networks function exactly the sameway.
It isn't important for you to memorize the ISO/OSI Reference Model'slayers; but it's useful to know that they exist, and that each layercannot work without the services provided by the layer below it.
What are some Popular Networks?
Over the last 25 years or so, a number of networks and networkprotocols have been defined and used. We're going to look at two ofthese networks, both of which are ``public' networks. Anyone canconnect to either of these networks, or they can use types of networksto connect their own hosts (computers) together, withoutconnecting to the public networks. Each type takes a very differentapproach to providing network services.UUCP
UUCP (Unix-to-Unix CoPy) was originally developed to connectUnix (surprise!) hosts together. UUCP has since been ported tomany different architectures, including PCs, Macs, Amigas, Apple IIs,VMS hosts, everything else you can name, and even some things youcan't. Additionally, a number of systems have been developed aroundthe same principles as UUCP.Batch-Oriented Processing.
UUCP and similar systems arebatch-oriented systems: everything that they have to do isadded to a queue, and then at some specified time, everything in thequeue is processed.Implementation Environment.
UUCP networks are commonlybuilt using dial-up (modem) connections. This doesn't have tobe the case though: UUCP can be used over any sort of connectionbetween two computers, including an Internet connection.Building a UUCP network is a simple matter of configuring two hoststo recognize each other, and know how to get in touch with each other.Adding on to the network is simple; if hosts called A andB have a UUCP network between them, and C would like tojoin the network, then it must be configured to talk to Aand/or B. Naturally, anything that C talks to must bemade aware of C's existence before any connections will work.Now, to connect D to the network, a connection must beestablished with at least one of the hosts on the network, and soon. Figure 2 shows a sample UUCP network.
In a UUCP network, users are identified in the formathost!userid. The ``!' character (pronounced ``bang' innetworking circles) is used to separate hosts and users. Abangpath is a string of host(s) and a userid likeA!cmcurtin or C!B!A!cmcurtin.If I am a user on host A and you are a user on hostE, I might be known as A!cmcurtin and you asE!you. Because there is no direct link between your host(E) and mine (A), in order for us to communicate, weneed to do so through a host (or hosts!) that has connectivityto both E and A. In our sample network, C hasthe connectivity we need. So, to send me a file, or piece of email,you would address it to C!A!cmcurtin. Or, if you feel liketaking the long way around, you can address me asC!B!A!cmcurtin.
The ``public' UUCP network is simply a huge worldwide network ofhosts connected to each other.
Popularity.
The public UUCP network has been shrinkingin size over the years, with the rise of the availability ofinexpensive Internet connections. Additionally, since UUCPconnections are typically made hourly, daily, or weekly, there is afair bit of delay in getting data from one user on a UUCP network to auser on the other end of the network. UUCP isn't very flexible, asit's used for simply copying files (which can be netnews, email,documents, etc.) Interactive protocols (that make applications suchas the World Wide Web possible) have become much more the norm, andare preferred in most cases.However, there are still many people whose needs for email and netnewsare served quite well by UUCP, and its integration into the Internethas greatly reduced the amount of cumbersome addressing that had to beaccomplished in times past.
Security.
UUCP, like any other application, has securitytradeoffs. Some strong points for its security is that it is fairlylimited in what it can do, and it's therefore more difficult to trickinto doing something it shouldn't; it's been around a long time, and most its bugs have been discovered, analyzed, and fixed; andbecause UUCP networks are made up of occasional connections to otherhosts, it isn't possible for someone on host E to directly makecontact with host B, and take advantage of that connection to dosomething naughty.On the other hand, UUCP typically works by having a system-wide UUCPuser account and password. Any system that has a UUCP connection withanother must know the appropriate password for the uucp ornuucp account. Identifying a host beyond that point hastraditionally been little more than a matter of trusting that thehost is who it claims to be, and that a connection is allowed atthat time. More recently, there has been an additional layer ofauthentication, whereby both hosts must have the same sequencenumber , that is a number that is incremented each time a connectionis made.
Hence, if I run host B, I know the uucp password onhost A. If, though, I want to impersonate host C, I'llneed to connect, identify myself as C, hope that I've done soat a time that A will allow it, and try to guess the correctsequence number for the session. While this might not be a trivialattack, it isn't considered very secure.
The Internet
Internet: This is a word that I've heard way too often in thelast few years. Movies, books, newspapers, magazines, televisionprograms, and practically every other sort of media imaginable hasdealt with the Internet recently.What is the Internet?
The Internet is the world's largest network of networks . Whenyou want to access the resources offered by the Internet, you don'treally connect to the Internet; you connect to a network thatis eventually connected to the Internet backbone , a network ofextremely fast (and incredibly overloaded!) network components. Thisis an important point: the Internet is a network ofnetworks -- not a network of hosts.A simple network can be constructed using the same protocols and suchthat the Internet uses without actually connecting it toanything else. Such a basic network is shown in Figure 3.
I might be allowed to put one of my hosts on one of my employer'snetworks. We have a number of networks, which are all connectedtogether on a backbone , that is a network of our networks. Ourbackbone is then connected to other networks, one of which is to an Internet Service Provider (ISP) whose backbone is connected toother networks, one of which is the Internet backbone.
If you have a connection ``to the Internet' through a local ISP, youare actually connecting your computer to one of their networks, whichis connected to another, and so on. To use a service from my host,such as a web server, you would tell your web browser to connect to myhost. Underlying services and protocols would send packets (small datagrams) with your query to your ISP's network, and then anetwork they're connected to, and so on, until it found a path to myemployer's backbone, and to the exact network my host is on. My host would then respond appropriately, and the same would happen inreverse: packets would traverse all of the connections until theyfound their way back to your computer, and you were looking at my webpage.
In Figure 4, the network shown in Figure 3is designated ``LAN 1' and shown in the bottom-right of the picture.This shows how the hosts on that network are provided connectivity toother hosts on the same LAN, within the same company, outside of thecompany, but in the same ISP cloud , and then from another ISPsomewhere on the Internet.
The Internet is made up of a wide variety of hosts, fromsupercomputers to personal computers, including every imaginable typeof hardware and software. How do all of these computers understandeach other and work together?
TCP/IP (Transport Control Protocol/Internet Protocol) is the``language' of the Internet. Anything that can learn to ``speakTCP/IP' can play on the Internet. This is functionality that occursat the Network (IP) and Transport (TCP) layers in the ISO/OSIReference Model. Consequently, a host that has TCP/IPfunctionality (such as Unix, OS/2, MacOS, or Windows NT) can easilysupport applications (such as Netscape's Navigator) that uses thenetwork.
Open Design
One of the most important features of TCP/IP isn't a technologicalone: The protocol is an ``open' protocol, and anyone who wishes toimplement it may do so freely. Engineers and scientists from all overthe world participate in the IETF (Internet Engineering TaskForce) working groups that design the protocols that make the Internetwork. Their time is typically donated by their companies, and theresult is work that benefits everyone.IP
As noted, IP is a ``network layer' protocol. This is the layer thatallows the hosts to actually ``talk' to each other. Such things ascarrying datagrams, mapping the Internet address (such as 10.2.3.4) toa physical network address (such as 08:00:69:0a:ca:8f), and routing,which takes care of making sure that all of the devices that haveInternet connectivity can find the way to each other.Understanding IP
IP has a number of very important features which make it an extremelyrobust and flexible protocol. For our purposes, though, we're goingto focus on the security of IP, or more specifically, the lackthereof.Attacks Against IP
A number of attacks against IP are possible. Typically, these exploitthe fact that IP does not perform a robust mechanism forauthentication , which is proving that a packet came from whereit claims it did. A packet simply claims to originate from a givenaddress, and there isn't a way to be sure that the host that sent thepacket is telling the truth. This isn't necessarily a weakness,per se , but it is an important point, because it means that thefacility of host authentication has to be provided at a higher layeron the ISO/OSI Reference Model. Today, applications that requirestrong host authentication (such as cryptographic applications) dothis at the application layer.IP Spoofing.
This is where one host claims to have theIP address of another. Since many systems (such as router accesscontrol lists) define which packets may and which packets may not passbased on the sender's IP address, this is a useful technique to anattacker: he can send packets to a host, perhaps causing it to takesome sort of action.Additionally, some applications allow login based on the IP address ofthe person making the request (such as the Berkeleyr-commands )[2]. These are both good exampleshow trusting untrustable layers can provide security that is -- atbest -- weak.
IP Session Hijacking.
This is a relatively sophisticated attack, first described by SteveBellovin [3]. This is very dangerous, however,because there are now toolkits available in the underground communitythat allow otherwise unskilled bad-guy-wannabes to perpetrate thisattack. IP Session Hijacking is an attack whereby a user's session istaken over, being in the control of the attacker. If the user was inthe middle of email, the attacker is looking at the email, and thencan execute any commands he wishes as the attacked user. The attackeduser simply sees his session dropped, and may simply login again,perhaps not even noticing that the attacker is still logged in anddoing things.For the description of the attack, let's return to our large networkof networks in Figure 4. In this attack, a user onhost A is carrying on a session with host G. Perhapsthis is a telnet session, where the user is reading his email,or using a Unix shell account from home. Somewhere in the networkbetween A and G sits host H which is run by anaughty person. The naughty person on host H watches thetraffic between A and G, and runs a tool which starts toimpersonate A to G, and at the same time tells Ato shut up, perhaps trying to convince it that G is no longeron the net (which might happen in the event of a crash, or majornetwork outage). After a few seconds of this, if the attack issuccessful, naughty person has ``hijacked' the session of our user.Anything that the user can do legitimately can now be done by theattacker, illegitimately. As far as G knows, nothing hashappened.
This can be solved by replacing standard telnet-typeapplications with encrypted versions of the same thing. In this case,the attacker can still take over the session, but he'll see only``gibberish' because the session is encrypted. The attacker will nothave the needed cryptographic key(s) to decrypt the data stream fromG, and will, therefore, be unable to do anything with thesession.
TCP
TCP is a transport-layer protocol. It needs to sit on top of anetwork-layer protocol, and was designed to ride atop IP. (Just as IPwas designed to carry, among other things, TCP packets.) Because TCPand IP were designed together and wherever you have one, you typicallyhave the other, the entire suite of Internet protocols are knowncollectively as ``TCP/IP.' TCP itself has a number of importantfeatures that we'll cover briefly.Guaranteed Packet Delivery
Probably the most important is guaranteed packet delivery. HostA sending packets to host B expects to getacknowledgments back for each packet. If B does not send anacknowledgment within a specified amount of time, A willresend the packet.![Security Security](http://www.freetechbooks.com/uploads/1476296596-basic-internet-security-rs.jpg)
Applications on host B will expect a data stream from a TCPsession to be complete, and in order. As noted, if a packet ismissing, it will be resent by A, and if packets arrive out oforder, B will arrange them in proper order before passing thedata to the requesting application.
This is suited well toward a number of applications, such as atelnet session. A user wants to be sure every keystroke isreceived by the remote host, and that it gets every packet sent back,even if this means occasional slight delays in responsiveness while alost packet is resent, or while out-of-order packets are rearranged.
It is not suited well toward other applications, such as streamingaudio or video, however. In these, it doesn't really matter if apacket is lost (a lost packet in a stream of 100 won't bedistinguishable) but it does matter if they arrive late (i.e.,because of a host resending a packet presumed lost), since the datastream will be paused while the lost packet is being resent. Once thelost packet is received, it will be put in the proper slot in the datastream, and then passed up to the application.
UDP
UDP (User Datagram Protocol) is a simple transport-layerprotocol. It does not provide the same features as TCP, and is thusconsidered ``unreliable.' Again, although this is unsuitable forsome applications, it does have much more applicability in otherapplications than the more reliable and robust TCP.Lower Overhead than TCP
One of the things that makes UDP nice is its simplicity. Because itdoesn't need to keep track of the sequence of packets, whether theyever made it to their destination, etc., it has lower overhead thanTCP. This is another reason why it's more suited to streaming-dataapplications: there's less screwing around that needs to be done withmaking sure all the packets are there, in the right order, and thatsort of thing.It's very important to understand that in security, one simply cannotsay ``what's the best firewall?' There are two extremes: absolutesecurity and absolute access. The closest we can get to an absolutelysecure machine is one unplugged from the network, power supply, lockedin a safe, and thrown at the bottom of the ocean. Unfortunately, itisn't terribly useful in this state. A machine with absolute accessis extremely convenient to use: it's simply there, and will dowhatever you tell it, without questions, authorization, passwords, orany other mechanism. Unfortunately, this isn't terribly practical,either: the Internet is a bad neighborhood now, and it isn't longbefore some bonehead will tell the computer to do something likeself-destruct, after which, it isn't terribly useful to you.
This is no different from our daily lives. We constantly makedecisions about what risks we're willing to accept. When we get in acar and drive to work, there's a certain risk that we're taking. It'spossible that something completely out of control will cause us tobecome part of an accident on the highway. When we get on anairplane, we're accepting the level of risk involved as the price ofconvenience. However, most people have a mental picture of what anacceptable risk is, and won't go beyond that in most circumstances.If I happen to be upstairs at home, and want to leave for work, I'mnot going to jump out the window. Yes, it would be more convenient,but the risk of injury outweighs the advantage of convenience.
Every organization needs to decide for itself where between the twoextremes of total security and total access they need to be. A policyneeds to articulate this, and then define how that will beenforced with practices and such. Everything that is done in the nameof security, then, must enforce that policy uniformly.
Now, we've covered enough background information on networking that wecan actually get into the security aspects of all of this. First ofall, we'll get into the types of threats there are against networkedcomputers, and then some things that can be done to protect yourselfagainst various threats.
Denial-of-Service
DoS (Denial-of-Service) attacks are probably the nastiest, andmost difficult to address. These are the nastiest, because they'revery easy to launch, difficult (sometimes impossible) to track, and itisn't easy to refuse the requests of the attacker, without alsorefusing legitimate requests for service.The premise of a DoS attack is simple: send more requests to themachine than it can handle. There are toolkits available in theunderground community that make this a simple matter of running aprogram and telling it which host to blast with requests. Theattacker's program simply makes a connection on some service port,perhaps forging the packet's header information that says where thepacket came from, and then dropping the connection. If the host isable to answer 20 requests per second, and the attacker is sending 50per second, obviously the host will be unable to service all of theattacker's requests, much less any legitimate requests (hits on theweb site running there, for example).
Such attacks were fairly common in late 1996 and early 1997, but arenow becoming less popular.
Some things that can be done to reduce the risk of being stung by adenial of service attack include
- Not running your visible-to-the-world servers at a level too close to capacity
- Using packet filtering to prevent obviously forged packets from entering into your network address space.Obviously forged packets would include those that claim to come from your own hosts, addresses reserved for private networks as defined in RFC 1918 [4], and the loopback network (127.0.0.0).
- Keeping up-to-date on security-related patches for your hosts' operating systems.
Unauthorized Access
``Unauthorized access' is a very high-level term that can refer to anumber of different sorts of attacks. The goal of these attacks is toaccess some resource that your machine should not provide theattacker. For example, a host might be a web server, and shouldprovide anyone with requested web pages. However, that host shouldnot provide command shell access without being sure that the personmaking such a request is someone who should get it, such as a localadministrator.Executing Commands Illicitly
It's obviously undesirable for an unknown and untrusted person to beable to execute commands on your server machines. There are two mainclassifications of the severity of this problem: normal user access,and administrator access. A normal user can do a number of things ona system (such as read files, mail them to other people, etc.) thatan attacker should not be able to do. This might, then, be all theaccess that an attacker needs. On the other hand, an attacker mightwish to make configuration changes to a host (perhaps changing its IPaddress, putting a start-up script in place to cause the machine toshut down every time it's started, or something similar). In thiscase, the attacker will need to gain administrator privileges on thehost.Confidentiality Breaches
We need to examine the threat model: what is it that you're trying toprotect yourself against? There is certain information that could bequite damaging if it fell into the hands of a competitor, an enemy, orthe public. In these cases, it's possible that compromise of a normaluser's account on the machine can be enough to cause damage (perhapsin the form of PR, or obtaining information that can be used againstthe company, etc.)While many of the perpetrators of these sorts of break-ins are merelythrill-seekers interested in nothing more than to see a shell promptfor your computer on their screen, there are those who are moremalicious, as we'll consider next. (Additionally, keep in mind thatit's possible that someone who is normally interested in nothing morethan the thrill could be persuaded to do more: perhaps an unscrupulouscompetitor is willing to hire such a person to hurt you.)
Destructive Behavior
Among the destructive sorts of break-ins and attacks, there are twomajor categories.Data Diddling.
The data diddler is likely the worst sort, since the fact of abreak-in might not be immediately obvious. Perhaps he's toying withthe numbers in your spreadsheets, or changing the dates in yourprojections and plans. Maybe he's changing the account numbers forthe auto-deposit of certain paychecks. In any case, rare is the casewhen you'll come in to work one day, and simply know that something iswrong. An accounting procedure might turn up a discrepancy in thebooks three or four months after the fact. Trying to track theproblem down will certainly be difficult, and once that problemis discovered, how can any of your numbers from that time period betrusted? How far back do you have to go before you think that yourdata is safe?Data Destruction.
Some of those perpetrate attacks are simply twisted jerks who like todelete things. In these cases, the impact on your computingcapability -- and consequently your business -- can be nothing lessthan if a fire or other disaster caused your computing equipment to becompletely destroyed.Where Do They Come From?
How, though, does an attacker gain access to your equipment?Through any connection that you have to the outside world. This includes Internet connections, dial-up modems, and even physicalaccess. (How do you know that one of the temps that you've brought into help with the data entry isn't really a system cracker looking forpasswords, data phone numbers, vulnerabilities and anything else thatcan get him access to your equipment?)In order to be able to adequately address security, all possibleavenues of entry must be identified and evaluated. The security ofthat entry point must be consistent with your stated policy onacceptable risk levels.
Lessons Learned
From looking at the sorts of attacks that are common, we can divine arelatively short list of high-level practices that can help preventsecurity disasters, and to help control the damage in the event thatpreventative measures were unsuccessful in warding off an attack.Hope you have backups
This isn't just a good idea from a security point of view.Operational requirements should dictate the backup policy, and thisshould be closely coordinated with a disaster recovery plan, such thatif an airplane crashes into your building one night, you'll be able tocarry on your business from another location. Similarly, these can beuseful in recovering your data in the event of an electronic disaster:a hardware failure, or a breakin that changes or otherwise damagesyour data.Don't put data where it doesn't need to be
Although this should go without saying, this doesn't occur tolots of folks. As a result, information that doesn't need to beaccessible from the outside world sometimes is, and this canneedlessly increase the severity of a break-in dramatically.Avoid systems with single points of failure
Any security system that can be broken by breaking through any onecomponent isn't really very strong. In security, a degree ofredundancy is good, and can help you protect your organization from aminor security breach becoming a catastrophe.Stay current with relevant operating system patches
Be sure that someone who knows what you've got is watching thevendors' security advisories. Exploiting old bugs is still one of themost common (and most effective!) means of breaking into systems.Watch for relevant security advisories
In addition to watching what the vendors are saying, keep a closewatch on groups like CERT and CIAC.Make sure that at least one person (preferably more) is subscribed tothese mailing listsHave someone on staff be familiar with security practices
Having at least one person who is charged with keeping abreast ofsecurity developments is a good idea. This need not be a technicalwizard, but could be someone who is simply able to read advisoriesissued by various incident response teams, and keep track of variousproblems that arise. Such a person would then be a wise one toconsult with on security related issues, as he'll be the one who knowsif web server software version such-and-such has any known problems,etc.This person should also know the ``dos' and ``don'ts' of security,from reading such things as the ``Site SecurityHandbook.'[5]
As we've seen in our discussion of the Internet and similar networks,connecting an organization to the Internet provides a two-way flow oftraffic. This is clearly undesirable in many organizations, asproprietary information is often displayed freely within a corporateintranet (that is, a TCP/IP network, modeled after the Internetthat only works within the organization).
In order to provide some level of separation between an organization'sintranet and the Internet, firewalls have been employed. Afirewall is simply a group of components that collectively form abarrier between two networks.
A number of terms specific to firewalls and networking are going to beused throughout this section, so let's introduce them all together.
- Bastion host.
- A general-purpose computer used to controlaccess between the internal (private) network (intranet) and the Internet (or any other untrusted network). Typically, these are hosts running a flavor of the Unix operating system that has been customized in order to reduce its functionality to only what is necessary in order to support its functions. Many of the general-purpose features have been turned off, and in many cases, completely removed, in order to improve the security of the machine.
- Router.
- A special purpose computer for connecting networks together. Routers also handle certain functions, such as routing , or managing the traffic on the networks they connect.
- Access Control List (ACL).
- Many routers now have the ability to selectively perform their duties, based on a number of facts about a packet that comes to it. This includes things like origination address, destination address, destination service port, and so on. These can be employed to limit the sorts of packets that are allowed to come in and go out of a given network.
- Demilitarized Zone (DMZ).
- The DMZ is a critical part of a firewall: it is a network that is neither part of the untrusted network, nor part of the trusted network. But, this is a network that connects the untrusted to the trusted. The importance of a DMZ is tremendous: someone who breaks into your network from the Internet should have to get through several layers in order to successfully do so. Those layers are provided by various components within the DMZ.
- Proxy.
- This is the process of having one host act in behalf of another. A host that has the ability to fetch documents from the Internet might be configured as a proxy server , and host on the intranet might be configured to be proxy clients . In this situation, when a host on the intranet wishes to fetch the <http://www.interhack.net/> web page, for example, the browser will make a connection to the proxy server, and request the given URL. The proxy server will fetch the document, and return the result to the client. In this way, all hosts on the intranet are able to access resources on the Internet without having the ability to direct talk to the Internet.
Types of Firewalls
There are three basic types of firewalls, and we'll consider each ofthem.Application Gateways
The first firewalls were application gateways, and are sometimes knownas proxy gateways. These are made up of bastion hosts that runspecial software to act as a proxy server. This software runs at theApplication Layer of our old friend the ISO/OSI ReferenceModel, hence the name. Clients behind the firewall must beproxitized (that is, must know how to use the proxy, and beconfigured to do so) in order to use Internet services.Traditionally, these have been the most secure, because they don'tallow anything to pass by default, but need to have the programswritten and turned on in order to begin passing traffic.These are also typically the slowest, because more processes need tobe started in order to have a request serviced. Figure 5shows a application gateway.
Packet Filtering
Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on. By default, a router will pass alltraffic sent it, and will do so without any sort of restrictions.Employing ACLs is a method for enforcing your security policy withregard to what sorts of access you allow the outside world to have toyour internal network, and vice versa.There is less overhead in packet filtering than with an applicationgateway, because the feature of access control is performed at a lowerISO/OSI layer (typically, the transport or session layer). Due to thelower overhead and the fact that packet filtering is done withrouters, which are specialized computers optimized for tasks relatedto networking, a packet filtering gateway is often much faster thanits application layer cousins. Figure 6 shows a packetfiltering gateway.
Because we're working at a lower level, supporting new applicationseither comes automatically, or is a simple matter of allowing aspecific packet type to pass through the gateway. (Not that thepossibility of something automatically makes it a good idea;opening things up this way might very well compromise your level ofsecurity below what your policy allows.)
There are problems with this method, though. Remember, TCP/IP hasabsolutely no means of guaranteeing that the source address is reallywhat it claims to be. As a result, we have to use layers of packetfilters in order to localize the traffic. We can't get all the waydown to the actual host, but with two layers of packet filters, we candifferentiate between a packet that came from the Internet and onethat came from our internal network. We can identify which networkthe packet came from with certainty, but we can't get more specificthan that.
Hybrid Systems
In an attempt to marry the security of the application layer gatewayswith the flexibility and speed of packet filtering, some vendors havecreated systems that use the principles of both.In some of these systems, new connections must be authenticated andapproved at the application layer. Once this has been done, theremainder of the connection is passed down to the session layer, wherepacket filters watch the connection to ensure that only packets thatare part of an ongoing (already authenticated and approved)conversation are being passed.
Other possibilities include using both packet filtering andapplication layer proxies. The benefits here include providing ameasure of protection against your machines that provide services tothe Internet (such as a public web server), as well as provide thesecurity of an application layer gateway to the internal network.Additionally, using this method, an attacker, in order to get toservices on the internal network, will have to break through theaccess router, the bastion host, and the choke router.
So, what's best for me?
Lots of options are available, and it makes sense to spend some timewith an expert, either in-house, or an experienced consultant who cantake the time to understand your organization's security policy, andcan design and build a firewall architecture that best implementsthat policy. Other issues like services required, convenience, andscalability might factor in to the final design.Some Words of Caution
The business of building firewalls is in the process of becoming acommodity market. Along with commodity markets come lots of folks whoare looking for a way to make a buck without necessarily knowing whatthey're doing. Additionally, vendors compete with each other to tryand claim the greatest security, the easiest to administer, and theleast visible to end users. In order to try to quantify the potentialsecurity of firewalls, some organizations have taken to firewallcertifications. The certification of a firewall means nothing morethan the fact that it can be configured in such a way that itcan pass a series of tests. Similarly, claims about meeting orexceeding U.S. Department of Defense ``Orange Book' standards,C-2, B-1, and such all simply mean that an organizationwas able to configure a machine to pass a series of tests. Thisdoesn't mean that it was loaded with the vendor's software at thetime, or that the machine was even usable. In fact, one vendor hasbeen claiming their operating system is ``C-2 Certified'didn't make mention of the fact that their operating system onlypassed the C-2 tests without being connected to any sort ofnetwork devices.Such gauges as market share, certification, and the like are noguarantees of security or quality. Taking a little bit of time totalk to some knowledgeable folks can go a long way in providing you acomfortable level of security between your private network and thebig, bad Internet.
Additionally, it's important to note that many consultants these dayshave become much less the advocate of their clients, and more of anextension of the vendor. Ask any consultants you talk to about theirvendor affiliations, certifications, and whatnot. Ask what differenceit makes to them whether you choose one product over another, and viceversa. And then ask yourself if a consultant who is certified intechnology XYZ is going to provide you with competing technology ABC,even if ABC best fits your needs.
Single Points of Failure
Many ``firewalls' are sold as a single component: a bastion host, orsome other black box that you plug your networks into and get awarm-fuzzy, feeling safe and secure. The term ``firewall'refers to a number of components that collectively provide thesecurity of the system. Any time there is only one component payingattention to what's going on between the internal and externalnetworks, an attacker has only one thing to break (or fool!) in orderto gain complete access to your internal networks.See the Internet Firewalls FAQ for moredetails on building and maintaining firewalls.It's important to remember that the firewall is only one entry point toyour network. Modems, if you allow them to answer incoming calls, canprovide an easy means for an attacker to sneak around (ratherthan through ) your front door (or, firewall). Just as castlesweren't built with moats only in the front, your network needs to beprotected at all of its entry points.
Secure Modems; Dial-Back Systems
If modem access is to be provided, this should be guarded carefully.The terminal server , or network device that provides dial-upaccess to your network needs to be actively administered, and its logsneed to be examined for strange behavior. Its passwords need to bestrong -- not ones that can be guessed. Accounts that aren'tactively used should be disabled. In short, it's the easiest way toget into your network from remote: guard it carefully.There are some remote access systems that have the feature of atwo-part procedure to establish a connection. The first part is theremote user dialing into the system, and providing the correct useridand password. The system will then drop the connection, and call theauthenticated user back at a known telephone number. Once the remoteuser's system answers that call, the connection is established, andthe user is on the network. This works well for folks working athome, but can be problematic for users wishing to dial in from hotelrooms and such when on business trips.
Other possibilities include one-time password schemes, where the userenters his userid, and is presented with a ``challenge,' a string ofbetween six and eight numbers. He types this challenge into a smalldevice that he carries with him that looks like a calculator. He thenpresses enter, and a ``response' is displayed on the LCD screen. Theuser types the response, and if all is correct, he login willproceed. These are useful devices for solving the problem of goodpasswords, without requiring dial-back access. However, these havetheir own problems, as they require the user to carry them, and theymust be tracked, much like building and office keys.
No doubt many other schemes exist. Take a look at your options, andfind out how what the vendors have to offer will help youenforce your security policy effectively.
Crypto-Capable Routers
A feature that is being built into some routers is the ability touse session encryption between specified routers. Because traffictraveling across the Internet can be seen by people in the middle whohave the resources (and time) to snoop around, these are advantageousfor providing connectivity between two sites, such that there can besecure routes.See the Snake Oil FAQ [6] for a descriptionof cryptography, ideas for evaluating cryptographic products, and howto determine which will most likely meet your needs.
Virtual Private Networks
Given the ubiquity of the Internet, and the considerable expense inprivate leased lines, many organizations have been buildingVPNs (Virtual Private Networks). Traditionally, for anorganization to provide connectivity between a main office and asatellite one, an expensive data line had to be leased in order toprovide direct connectivity between the two offices. Now, a solutionthat is often more economical is to provide both offices connectivityto the Internet. Then, using the Internet as the medium, the twooffices can communicate.The danger in doing this, of course, is that there is no privacy onthis channel, and it's difficult to provide the other office access to``internal' resources without providing those resources to everyoneon the Internet.
VPNs provide the ability for two offices to communicate with eachother in such a way that it looks like they're directly connected overa private leased line. The session between them, although going overthe Internet, is private (because the link is encrypted), and the linkis convenient, because each can see each others' internal resourceswithout showing them off to the entire world.
A number of firewall vendors are including the ability to build VPNsin their offerings, either directly with their base product, or as anadd-on. If you have need to connect several offices together, thismight very well be the best way to do it.
Security is a very difficult topic. Everyone has a different idea ofwhat ``security' is, and what levels of risk are acceptable. The keyfor building a secure network is to define what security meansto your organization . Once that has been defined, everything thatgoes on with the network can be evaluated with respect to thatpolicy. Projects and systems can then be broken down into theircomponents, and it becomes much simpler to decide whether what isproposed will conflict with your security policies and practices.
![Network Security Hindi Book Pdf Network Security Hindi Book Pdf](http://www.vikaspublishing.com/uploads/bookimages/vikas-books/9789325956704.jpg)
Many people pay great amounts of lip service to security, but do notwant to be bothered with it when it gets in their way. It's importantto build systems and networks in such a way that the user is notconstantly reminded of the security system around him. Users who findsecurity policies and systems too restrictive will find ways aroundthem. It's important to get their feedback to understand what can beimproved, and it's important to let them know why what's beendone has been, the sorts of risks that are deemed unacceptable, andwhat has been done to minimize the organization's exposure to them.
Security is everybody's business, and only with everyone'scooperation, an intelligent policy, and consistent practices, will itbe achievable.
References
- New York: Lexicon.
- 2
- R.T. Morris, 1985. A Weakness in the 4.2BSD Unix TCP/IP Software. Computing Science Technical Report No. 117, AT&T Bell Laboratories, Murray Hill, New Jersey.
- 3
- S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.
- 4
- Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear, ``Address Allocation for Private Internets.' RFC 1918.
- 5
- J.P. Holbrook, J.K. Reynolds. ``Site Security Handbook.' RFC 1244.
- 6
- M. Curtin, ``Snake Oil Warning Signs: Encryption Software to Avoid.' USENET <sci.crypt> Frequently Asked Questions File.
This document was generated using theLaTeX2HTML translator Version 97.1 (release) (July 13th, 1997)
Copyright © 1993, 1994, 1995, 1996, 1997,Nikos Drakos, Computer Based Learning Unit, University of Leeds.
The command line arguments were:
latex2html-split 0 network-security.tex.
latex2html-split 0 network-security.tex.
The translation was initiated by Matt Curtin on 7/16/1998
Footnotes
- ...Curtin
- This work completed while at Megasoft Online, for Kent Information Services.
7/16/1998