To understand how to manage network

To understand how to manage network security, you first need to know how to recognize
threats that your network could suffer. And to do that, you must be familiar with the
terms coined by network security experts. A hacker, in the original sense of the word, is
someone who masters the inner workings of computer hardware and software in an effort
to better understand them. To be called a hacker used to be a compliment, reflecting
extraordinary computer skills. Today, hackeris used more generally to describe individuals who gain unauthorized access to systems or networks with or without malicious
intent.
A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access is known as a vulnerability. The means of taking advantage of
a vulnerability is known as anexploit. For example, in Chapter 8 you learned about the
possibility for unauthorized, or rogue, access points to make themselves available to wireless clients. Once unsuspecting clients associate with such access points, the hacker can
steal data in transit or access information on the client’s system. When the rogue access
point masquerades as a valid access point, using the same SSID (service set identifier) and
potentially other identical settings, the exploit is known as theevil twin. This exploit takes
advantage of a vulnerability inherent in wireless communications in which SSIDs are openly
broadcast and Wi-Fi clients scan for connections.
Azero-day exploit is one that takes advantage of a software vulnerability that hasn’tyet
become public, and is known only to the hacker who discovered it. Zero-day exploits are
particularly dangerous because the vulnerability is exploited before the software developer has
the opportunity to provide a solution for it. Most vulnerabilities, however, are well known.
Throughout this chapter, you will learn about several kinds of exploits and how to prevent or
counteract security threats.
As you read about each vulnerability, think about how it could be prevented, whether it
applies to your network (and if so, how damaging it might be), and how it relates to
other security threats. Keep in mind that malicious and determined intruders may use one
technique, which then allows them to use a second technique, which then allows them
to use a third technique, and so on. For example, a hacker might discover someone’s
username by watching her log on to thenetwork; the hacker might then use a passwordcracking program to access the network, where he might plant a program that generates
an extraordinary volume of traffic that essentially disables the network’s connectivity
devices.
Risks Associated with People
By some estimates, human errors, ignorance, and omissions cause more than half of all security breaches sustained by networks. One of the most common methods by which an intruder
gains access to a network is to simply ask users for their passwords. For example, the
intruder might pose as a technical support analyst who needs to know the password to troubleshoot a problem. This strategy is commonly calledsocial engineering because it involves
manipulating social relationships to gain access. A related practice isphishing, in which a
person attempts to glean access or authentication information by posing as someone who
needs that information. For example, a hacker might send an e-mail asking you to submit
your user ID and password to a Web site whose link is provided in the message, claimingthat it’s necessary to verify your account with a particular online retailer. Following are some
additional risks associated with people:
● Intruders or attackers using social engineering or snooping to obtain user passwords
● An administrator incorrectly creating or configuring user IDs, groups, and their
associated rights on a file server, resulting in file and logon access vulnerabilities
● Network administrators overlooking security flaws in topology or hardware
configuration
● Network administrators overlooking security flaws in the operating system or
application configuration
● Lack of proper documentation and communication of security policies, leading to
deliberate or inadvertent misuse of files or network access
● Dishonest or disgruntled employees abusing their file and access rights
● An unused computer or terminal being left logged on to the network, thereby
providing an entry point for an intruder
● Users or administrators choosing easy-to-guess passwords
● Authorized staff leaving computer room doors open or unlocked, allowing
unauthorized individuals to enter
● Staff discarding disks or backup tapes in public waste containers
● Administrators neglecting to remove access and file rights for employees who have left
the organization
● Vendors or business partners who are granted temporary access to private networks
● Users writing their passwords on paper, then placing the paper in an easily accessible
place (for example, taping it to a monitor or keyboard)
Human errors account for so many security breaches because taking advantage of them is
often an easy way to circumvent network security.
Risks Associated with Transmission and Hardware
This section describes security risks inherent in the Physical, Data Link, and Network layers of
the OSI model. Recall that the transmission media, NICs, network access methods (for example, Ethernet), switches, routers, access points, and gateways reside at these layers. At these
levels, security breaches require more technical sophistication than those that take advantage
of human errors. For instance, to eavesdrop on transmissions passing through a switch, an
intruder must use a device such as a protocol analyzer, connected to one of the switch’s ports.
In the middle layers of the OSI model, it is somewhat difficult to distinguish between hardware
and software techniques. For example, because a router acts to connect one type of network to
another, an intruder might take advantage of the router’s security flaws by sending a flood of
TCP/IP transmissions to the router, thereby disabling it from carrying legitimate traffic.
The following risks are inherent in network hardware and design:
● Transmissions can be intercepted. One type of attack that relies on intercepted
transmissions is known as a man-in-the-middle attack. It can take one of several
forms, but in all cases a person redirects or captures secure transmissions as theyoccur. For example, in the case of an evil twin attack, a hacker could intercept
transmissions between clients and the rogue access point, and, for instance, learn
users’ passwords or even supply users with a phony Web site that looks valid but
presents clickable options capable of harming their systems.
● Networks that use leased public lines, such as T1 or DSL connections to the Internet,
are vulnerable to eavesdropping at a building’s demarc (demarcation point), at a
remote switching facility, or in a central office.
● Repeating devices broadcast traffic over the entire segment, thus making transmissions
more widely vulnerable to sniffing. By contrast, switches provide logical pointto-point communications, which limit the availability of data transmissions to the
sending and receiving nodes. Still, intruders could physically connect to a switch or
router and intercept the traffic it receives and forwards.
● Unused switch, router, or server ports can be exploited and accessed by hackers if
they are not disabled. A router’s configuration port, accessible by Telnet, might not be
adequately secured. Network administrators can test how vulnerable their servers,
routers, switches, and other devices are by using aport scanner, or software that
searches the node for open ports. The network administrator can then secure those
ports revealed by the scan to be vulnerable. Later in this chapter, you’ll learn about
port scanning tools.
● If routers are not properly configured to mask internal subnets, users on outside
networks (such as the Internet) can read the private addresses.
● If routers aren’t configured to drop packets that match certain, suspicious
characteristics, they are more vulnerable to attack.
● Access servers used by remote users might not be carefully secured and monitored.
● Computers hosting very sensitive data might coexist on the same subnet with
computers open to the general public.
● Passwords for switches, routers, and other devices might not be sufficiently difficult to
guess, changed frequently, or worse, might be left at their default value.
Imagine that a hacker wants to bring a library’s database and mail servers to a halt. Suppose
also that the library’s database is public and can be searched by anyone on the Web. The
hacker might begin by scanning ports on the database server to determine which ones have
no protection. If she found an open port on the database server, the hacker might connect
to the system and deposit a program that would, a few days later, damage operating system
files. Or, she could launch a heavy stream of traffic that overwhelms the database server and
prevents it from functioning. She might also use her newly discovered access to determine the
root password on the system, gain access to other systems, and launch a similar attack on the
library’s mail server, which is attached to the database server. In this way, even a single mistake on one server (not protecting an open port) can open vulnerabilities on multiple systems.
Risks Associated with Protocols and Software
Like hardware, networked software is only as secure as you configure it to be. This section
describes risks inherent in the higher layers of the OSI model, such as the Transport, Session,
Presentation, and Application layers. As noted earlier, the distinctions between hardware
and software risks are somewhat blurry because protocols and hardware operate in tandem.
For example, if a router is improperly configured, a hacker could exploit the openness of
TCP/IP to gain access to