Powerpoint Document

because things change

Inter/Intra/Extra/Network

Connectivity, Security and Administration

(Everything you always wanted to know -

but were afraid to ask)


Solutech, Inc.

Craig IngramSenior Consultant

Omaha, NE.


The Internet is:

– a global network of networks.– the purest form of electronic democracy

.... or anarchy.

– A giant international network of intelligent, informed computer enthusiasts, which are:

People without lives!


The Internet is not:

• A single computer.• A single Network.• Vendor specific.• Run by a single person, group, or organization or government.•By default, secure.

because things changeThe Internet is comprised

of:• Universities• Corporations• Governments• Government Agencies• Service Providers (AOL, etc.)• Individuals

Every time you tap into the Internet,

you become an extension of the it.

because things changeA Brief History

• The Internet is not new - Outcome of the Cold War.• 1969: Advanced research Projects Agency Network (ARPANet).• Provide redundant connectivity between government, education, and research labs.• Funded by DoD.• Internet Protocols (TCP/IP) were developed to link disparate hardware and software platforms together.• The TCP/IP design allows:

– For tens of thousands of networks, comprised of millions of computers.– Every computer is equal to every other computer.

• Initial uses were text-based Email and file transfers.


A Technology Overview


A Network• A network is comprised of multiple computers, file server(s), other servers, hubs and routers.

• Routers are used to interconnect separate networks.– They isolate one network from another.– Can provide a form of security (via filtering of IP addresses). A

message is not forwarded unless the router’s table contains the appropriate link.

because things changeThe OSI Model

Application

Presentation

Session

Transport (TCP)

Network (IP)

Data Link

PhysicalEstablishes electrical and timing specifications (hardware)

Transmits a bit stream over the physical medium.

Defines physical address and protocol.Transmits information as groups of bits.

Defines routes for messages.Switches and routes information.

Provides note-to-node logical connections.End-to-end data integrity.

Manages node-to-node communications.Session svcs: checkpointing, activity mgmt, etc.

Ensures message standardization.Provides data representation.

Provides standard user functions and network interfaces.Application-specific services.

Wiring Plant

End user's screen

Netscapeor

InternetExplorer

OtherApplications

Repeater

Firewall

Router

Bridge


TCP/IP• Is not a single protocol.• A suite of protocols - each providing a specific function.• Spans two layers of the OSI model.

Physical

Data Link

Network

Transport

Session

Presentation

Application

OSI Model

Transmission ControlProtocol

Internet Protocol

File

Tra

nsfe

r P

roto

col

TelN

et

Net

wor

k Fi

le S

yste

m

Net

wor

k In

form

atio

n S

vc

Rem

ote

Pro

cedu

re C

all

Sim

ple

Mai

l Tra

nspo

rt P

roto

col Netscape

orInternetExplorer

OtherApplications

because things changeOSI Application Messages

• Flows down through the OSI stack on Host A.

• Across the network connection.• Flows up the OSI stack on Host B.• On the transmitting device, each layer appends its own header (containing fields) to the original message.• On the receiving device, each layer strips off its corresponding header.

Data

Data

Data

Data

Data

Data

Data

Physical

Data Link

Network

Transport

Session

Presentation

Application

Host A(Atlanta)

Data

Physical

Data Link

Network

Transport

Session

Presentation

Application

Host B(Omaha)

Data


The Internet Protocol• Every computer attached to the internet must have a unique address.• An IP address is requested from, assigned, and tracked by InterNIC.

– Each IP address is composed of 32 bits, arranged as 4 8-bit octects.

192.168.1.1

– Internet messages can vary in length from several hundred bytes to 65.565 bytes.– A long message will be broken into multiple smaller packets.– Each packet contains a header reflecting the 32-bit source and 32-bit destination address.

– IP does not guarantee source or destination address, or that a packet was delivered, delivered only once, or in the correct order.

– Authentication, sequencing, and security is provided by higher layer protocols.


IP AddressingThe Internet in 1969

ThePentagon

(Unisys)

MIT(DEC)

Lockheed(IBM)

ARPANET

Georgia Tech(HP)

TCP/IP

TCP/IP

TCP/IP

TCP/IP

100.100. 010 .001 100. 200 .030 .001

100.100. 030 .001 100.100.010. 123

because things changeTCP

TCP provides reliable connections to end hosts.– The ordering is provided by a sequence number in each packet.– Every TCP message is marked as being from a particular host and port number, to a destination host and port number.– Hosts “listen” on software ‘ports’ to determine the type of service needed by the packet.

Source Address Destination Address DataProtocol-related

Fields

SourcePort

DestinationPort

Seq# Data

because things changeDomain Name Services

• IP addresses work well for computers - but not for humans.• Enter the concept of a Domain name. Example:

spacelink.msfc.nasa.gov• It is read by the computer from right to left, as follows:

– The top domain is gov - government.– The next domain is nasa - NASA.– The next domain is msfc - Marshall Space Flight Center.– The last domain is spacelink - a computer running the spacelink program, or it could be the computer’s name.– Domain Named Servers communicate domain changes/add/deletes with each other on a regular basis.

because things changeEMail

The spacelink.msfc.nasa.gov computer may be an Email server. An example of an Email address on this server might be:

[email protected]

An example for Fred Pfizer on the above computer might be:[email protected]

or it could look like this (up to the Email administrator):[email protected]


Connectibility•Direction connection

– Normally done through a Local Area Network (LAN) via an Internet Service Provider.– Connection is constant (24 hrs/day, 7 days/wk))– Normally provides fastest speed and quickest access.– Cable modems are a reality. CAUTION!

• Dial-In Connection– Normally done over a phone line. – Slower speed than a LAN or cable modem.

Response times are a function of the ISP’s Internet connection as well as your local connection speed.

because things changeThe World Wide Web

• Fastest growing part of the Internet.• “Surfing” the net• Globally connected• Operates as a ‘client/server’

– You run a web browser on your PC.– The browser contacts a Web server and requests information.

You have now become an extension of the Internet.


“Home Pages”• Identify and personalize an entity on the WWW.• They can incorporate text, graphics, sound, etc….• They are connected using the hypertext protocol (http).• They are created using a Hypertext Markup Language (HTML).• JAVA: mini applications included in HTML as tags that execute on the browser.• PEARL is similar.

Application

Presentation

Session

End user's screen

Netscapeor

InternetExplorer

OtherApplications

because things changeInternet Tool Examples

• Gopher• Telnet• File Transfer Protocol• Web Crawlers• WHOIS• Ping• Traceroute

A good tool + a good guy = good things.A good tool + a bad guy = bad things.


Hacking Tool Examples• Rootkit• COPS• SATAN• PRIEST• BackOrifice• BackOrifice2K

All are available for download from the Internet.

because things changeThe OSI Model

Application

Presentation

Session

Transport (TCP)

Network (IP)

Data Link

PhysicalEstablishes electrical and timing specifications (hardware)

Transmits a bit stream over the physical medium.

Defines physical address and protocol.Transmits information as groups of bits.

Defines routes for messages.Switches and routes information.

Provides note-to-node logical connections.End-to-end data integrity.

Manages node-to-node communications.Session svcs: checkpointing, activity mgmt, etc.

Ensures message standardization.Provides data representation.

Provides standard user functions and network interfaces.Application-specific services.

Wiring Plant

End user's screen

Netscapeor

InternetExplorer

OtherApplications

Repeater

Firewall

Router

Bridge


Routing

Router

Network 1

Example of two networks interconnected by a router. One network can only see transmissions from the other network if therouter allows it.

Network 2


Routing ProtocolsRouters communicate paths between themselves with routing protocols.This way they always know the shortest path between two hosts (hops) and what paths are available.

Let’s say you’re on the INET in Omaha and attach to a server in SF

One potential router path might be: Omaha-St Louis-LA-SF

Another path might be: Omaha-NYC-Atlanta-SF

Yet a third path could be: Omaha-Minneapolis-Atlanta-SF

Omaha St. Louis

N.Y.C.

Minneapolis L.A.Atlanta

San Francisco

Workstationin Omaha

because things changeRouting Concerns

Every hop along the way becomes a potential breach of security.

Also remember:

- a large message will be broken up into multiple packets, with each packet

potentially taking a different path to your PC.

S.F.

L.A.

Minneapolis

Chicago

St.Louis

Omaha

Dallas

N.Y.C.

Atlanta

because things changeDomain Name Servers

• In the previous example, assume each site had a Domain Name Server.

– Each DNS contains a listing of other DNS’s in their area.– As your search propagated from one DNS to another, the risk of packet interception increases.

– Imagine the potential for disaster is a DNS were compromised.• Imagine if a host site had multiple servers and one of them was compromised.

– Once compromised, the hacker now has ‘inside’ details on other servers served by that server.– And the saga continues through other servers, into other servers, etc.

because things changeSecurity Summary

Potential security holes include:– Connecting to the Internet– Redundancy in connectivity between routers (routing protocols).– IP addressing (source and destination)– TCP port address (source and destination)– DNS table update protocol– Network tools– Passwords– Non-encryption of messages


Firewalls• A firewall is a device designed to prevent outsiders from accessing your network. They can also be used internally to isolate one network from another.

• They allow you to grant or deny access based on many variables (rules). These rules are set in the firewall, based on your Security Policy.

• Two basic types of firewalls:– Network level– Application gateway


Selecting a FirewallThere are 6 general steps to selecting a Firewall that’s right for your environment.

1) Identify your topology, applications, and protocol needs. 2) Analyze trust relationships within your organization. 3) Develop security policies based on these trust relationships. 4) Identify the right firewall for your specific configuration. 5) Employ the firewall correctly. 6) Test your firewall policies religiously.

because things changeSecurity Policy

Development

a.k.a. inventing the wheel


A Security Policy is:A set of instructions, that collectively, determines an organization’s posture towards security. They set the limits of acceptable behavior, and what the response to violations will be.

Remember ….

Whether a security policy is formally spelled out, or not, one always exists.

If nothing else is said or implemented, the default policy is:

ANYTHING GOES!


Network Security . . . . A Journey, not a destination.

View security as a critical business process to address the ever-changing risk environment.

It is not be a program, but a process.

Use a combinations of Techniques, Tools and Products.

If the only tool you’ve got is a hammer,it’s amazing how many problemsstart looking like nails.


Security DecisionsDecide what is, and is not permitted.

This process is normally driven by the business or structural needs of the organization, such as:

– An edict that bars personal use of corporate computers.– Restrictions on outgoing traffic (employees exporting valuable data).– Not allowing a specific protocol because it cannot be administered securely.– Not allowing employees to import software without proper permission (licensing issues, virus’, etc). This philosophy extends to opposite ends of the scale.

We’ll run it unless, and until, you Show me it’s both safe and necessary can show me that it’s broken. otherwise we won’t run it at all.


Fundamental PremiseAnyone can break into anything if they have the sufficient:

Motivation - They have to want to do it. Skill - They have to be good enough to

understand and pierce the defenses. Opportunity - They have to have enough access to the

defenses for long enough to penetrate them.

because things changeIdentify Resources

• It’s difficult to protect something you don’t know you have - or know what its worth.

• Identify all resources to be protected, such as:– Mainframes– Servers and Workstations (including laptops)– Interconnection devices (gateways, routers, bridges, hubs, etc.)– Terminal servers– Network and applications software– Network cables– Information in files and databases

because things changeAsk Yourself

• What resources are you trying to protect, and why?• Which people do you need to protect the resources from?

– Internal threats– External threats (Perimeter security)

• How likely are the threats?• How important is the resource?• What measures can you take to protect your assets in a cost-effective and timely manner.• Periodically examine your network security policy to see if your objectives and network circumstances have changes.

Understand the Bad Guy!!

because things changeIdentify the Threats

An understanding of the technology is important, but common sense is equally valuable in stopping potential security threats.

– Define Authorized Access• Physical access to computing facilities.• Access to computers.• “Borrowing” another user’s account/password (Training and Policy issues).

– Identify the Risk of Information Disclosure• Determine the value or sensitivity of the information stored on your computers.• Encrypt password files.• Use minimum 8 characters passwords (mixed alpha/numeric, upper/lower case).

– Change passwords on a regular basis.

• Don’t forget laptops.

because things changeNetwork Use &

Responsibilities• Who is allowed to use the network?• What are the proper use of network resources?• Who is authorized to grant access an approve usage?• Who has system administrative privileges?• What the user’s rights and responsibilities? (In WRITING?)• What are the rights and responsibilities of the system administrator vs. those of the users? (In WRITING).• What do you do with sensitive information?

• Outdated IP listings and network drawings?• Crashed hard drives?• Network documentation?• Off site storage of backups and their transportation?

because things changePlan of Action

• Develop a plan of action when a security policy is violated.– Response to security violations from the ‘outside’.

– Response to security violations by local users (from the inside).

– Response strategies.

– Define the responsibilities of being a good citizen on the Internet.

– Contacts and responsibilities to external organization (CERT, etc).

because things changeIdentify and Prevent Security

Problems• Access points.

• Improperly configured systems.

• Software bugs and patches.

• Insider threats.

• Physical security.

• Confidentiality.

because things changePublicize the Policy

• How to ‘Get the Word Out’:– Committee input for policy creation.

– Training.

– User Mailing lists.

– Committee review of the policy on a regular basis.

– Signed policy commitment by all employees.• Keep on file.


Additional Administration• Understand firewall and router functions and limitations.• Understand your needs and what your trying to protect.• Have your firewall and routers professionally installed. Initially configured for minimum passthrough.• Monitor all Firewall and UNIX/NT logs, and router tables.• Implement automatic corrective action - where possible.• Continuous ‘real time’ monitoring of all network devices, applications, and databases.• Immediate installation of patches and other software updates.


Disaster PlanningWhat would you do if your drove in the parking lot tomorrow and the building was gone?

An interesting fact:

Of the 350 firms that had Corporate offices in the World Trade Center,150 were out of business 8 months after the terrorist bombing.

It wasn’t that they lost information - they had no redundancy (disaster plan)

that allowed them to run their business from another location.

because things changeSecurity = Disaster

PlanningThe same information derived from your security assessment can be used for disaster planning and business recovery.

– Identify key hardware, software, and information.– Identify key personnel.– Identify a backup location and keep backups off-site.– Document all configuration, including:

• hardware installation parameters• software installation parameters• file server and workstation boot files• file/print/FAX/communications server parameters (phone line rollover?)• application settings and installation parameters• user access rights• backup and virus parameters


Who’s in charge?

Any plan must include staffing.It should also include standardization.

because things changeReading Materials

Maximum Security (2nd Edition)Author: Anonymous

Publisher: SAMSISBN: 0-672-31341-3

Firewalls and Internet Security - Repelling the Wily Hacker

Authors: W. Cheswick and S. Bellovin

Publisher: Addison-WesleyISBN: 0-201-6337-4

Internet Firewalls and Network SecurityAuthors: K. Siyan and C. Hare

Publisher: New Riders PublishingISBN: 1-56205-437-6


Powerpoint Document

Documents