Till a few years ago all networks were
islands. No-body worried about security, at least not on the same scale as they do now.
With organizations having a need to connect to the outside world the issue of security
started cropping up. The fact that a leased-line travels from the office to the ISP (even
if it is just for email), creates a possible break-in point. IT managers around the world
have to now prepare themselves for all kinds of security threats.
In order to prepare yourself, you need to
be aware of the possible security loopholes and tools and methodologies to counter them.
There are three commonly tried entry points into your network for unauthorized users.
Weak Passwords
One of the most common security flaws lies directly within the organization. It is weak
password. Many users tend to take it easy with their passwords and choose simple
dictionary words or common passwords like names, car numbers etc. Some one trying to break
into a system first exploits this weakness and most often is able to break-in without too
much trouble. One needs to define a strong system policy and enforce passwords to be more
than eight characters with a few special characters as well. The other problem of
passwords is that for default accounts. Most operating systems create default accounts
which have no passwords or documented passwords. These need to be changed at the earliest.
Finally, reusability of passwords. A good system policy will keep track of a history of
passwords and will not let them be reused in a hurry.
Vulnerabilities In Software
As software improvements take place so does the ability to break into it. One has to
constantly be aware of security alert bulletins to keep track of known issues. As patches
or updates are announced, one needs to get hold of these and apply them as soon as
possible. Several IT managers tend to ignore this issue and leave their systems completely
open to attack.
Protocols And Services
There are several protocols and services that need not be made available to the outside
world. One should decide what services are required and then disable the rest, reducing
the chances of an attack. This basically covers the main routes of an attack, the ways to
get around this are also easy. There are several software tools that help you document and
monitor your network and then there are hardware tools as well.
Network Monitoring Tools
There are several packages available for this. Essentially, these are programs that
capture data and provide network level auditing. Protocol analysis, intruder detection
etc. are some of the features that these programs provide. Some of the commonly-used
Network monitoring tools are ARGUS and Swatch (Simple Watcher).
Authentication And Password Tools
Many system administrators run crack programs on their systems to determine and notify
those users who have 'crackable' passwords. One such program easily available is crack
(Error! Bookmark not defined.). If you use a Unix system, then you may also want to shift
to Shadow passwords. This does protect your system to a great extent. The normal password
file no longer contains encrypted passwords. The real passwords are then hidden in a
different file which is not readable by the world.
Service Filtering Tools
A TCP/IP wrapper program provides additional network logging information and gives a
system administrator the ability to deny or allow access from certain systems or domains
to the host on which the program is installed. These kind of programs do not require much
modification and are easy and effective.
SATAN
(Security Administrator Tool for Analysing Networks) SATAN is a testing and reporting tool
that collects a variety of information about networked hosts. It has in the recent past
become an essential tool of most system administrators.
Finally, a word about firewalls. A firewall
is essentially a barrier between networks. It controls the flow of traffic. The safest
firewall would of course be one that blocks all the traffic. But then that does not
achieve very much. The best level of security is provided at the application level for
each type of network protocol, eg. FTP, HTTP etc. This is where a proxy server comes in. A
Proxy server is a component of a firewall that controls how internal users access the
outside world and how the outside world accesses the internal network. In many cases, a
proxy server is effectively used to block everything from the outside and allow internal
users access to certain protocols only.
Although any device that controls network
traffic for security reasons is classified as a firewall, there are three different types
of firewalls. At the lowest level is the basic packet filtering device that is commonly
known as a screening router, then at the application level the proxy servers and finally
what are now known as stateful inspection techniques. Here the contents of the packets and
the bit stream is compared to packets that are already known and trusted.
Finally, remember that even one intruder
attack means that your system has been compromised and that all security measures that you
took have not been enough. The only way to overcome this is with a combination of software
tools and a good security policy.