Network Security

Three types of vulnerability
  • Technology vulnerability. vulnerability at the design of the technology (HTTP, FTP, ICMP vulnerability)
  • Configuration vulnerability. easy guessed password, misconfiguration, lack of security default setting
  • Policy vulnerability. lack of written policy, bad logical access control

Types of network attacks
  • Reconnaissance. information gathering. precedes another type of attack.Internet Queries (nslookup, whois), ping sweeps (fscan, gscan), port scans (nmap, superscan), packet sniffers (wireshark)
  • Access, getting access. usually involve running a hack, script, tool that exploits vulnerability. Password attacks, brute forcing (cain, l0phtcrack) Trust exploitation, compromise another system by a mean to compromise other system.Port redirection, a type of trust exploitation. using a software to alter traffic to access another system through a system that has been compromised (netcat) Man-in-the-middle,
  • Denial of service. corrupt system, service with the purpose of crashing the system to deny user request. Syn-flood. TCP threeway handshake, attacker floods a server with syn TCP message, the server replies with a SYN-ACK message for each SYN message. the server will provides resources for each request. while the attacker never finish the threeway handshake mechanism, running out the resources of the server DDoS (SMURF, MyDoom, Trible flood network)
  • Malicious scripts/softwares. worms, viruses, trojan horses.  damaging hosts / corrupting a system and replicate itself.

Physical security
  • Hardware. lock access to physical equipment, disallow unauthorized access.
  • Environment. temperature control, humidity
  • Electrical. install UPS and generator in condition of power loss. avoid voltage spikes
  • Maintenance. neat cabling and labeling.

Security should be the main concern whenever designing a network. a firewall alone is not enough. an integrated approach involving firewall, intrusion prevention and VPN.
the PIX has evolved to what is called Cisco Adaptive Security Appliance (ASA). Cisco ASA integrates firewall, void security, SSL and IPsec VPN, IPS and content security services.

Network Security Wheel
Step 1.  Secure
Create the security policy. some concerns:
  • threat defense
  • stateful inspection and packet filtering
  • intrusion prevention system
  • vulnerability patching
  • disable unnecessary services
  • VPN
  • truns and identity, systems on the outside of the firewall should never be absolutely trusted by systems on the inside of a firewall.
  • autehtication
  • policy enforcement, ensure that users and end devices are in compliance with the corporate policy.

step 2. Monitor
active monitor by auditing log files even to the host level (some OS includes auditing functionality). passive monitor by using IDS devices, this requires less attention from network administrator.

step 3. Test
actively test the network. try to penetrate the network, using some tools (Nessus, Nmap).

step 4Improve
analyze the data colected during the monitoring and testing phases. and augment necessary improvement.

to keep the network as secure as possible, the cycle of the security wheel must be continually repeated.