4 Network Security 4.0 Chapter Introduction 4.0.1 Chapter Introduction Security has moved to the forefront of network management and implementation. The overall security challenge is to find a balance between two important requirements: the need to open networks to support evolving business opportunities, and the need to protect private, personal, and strategic business information. The application of an effective security policy is the most important step that an organization can take to protect its network. It provides guidelines about the activities to be carried out and the resources to be used to secure an organization's network. Layer 2 security is not discussed in this chapter. For information about Layer 2 LAN security measures, refer to the Exploration: Switching and Wireless course. In this chapter, you will learn to: Identify security threats to enterprise networks Describe methods to mitigate security threats to enterprise networks Configure basic router security Disable unused router services and interfaces Use the Cisco SDM one-step lockdown feature Manage files and software images with the Cisco IOS Integrated File System (IFS) 4.1 Introduction to Network Security 4.1.1 Why is Network Security Important? Why is Network Security Important? Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. To make the situation even more challenging, the types of potential threats to network security are always evolving. As e-business and Internet applications continue to grow, finding the balance between being isolated and open is critical. In addition, the rise of mobile commerce and wireless networks demands that security solutions become seamlessly integrated, more transparent, and more flexible. In this chapter you are going to be taken on a whirlwind tour of the world of network security. You will learn about different types of threats, the development of organizational security policies, mitigation techniques, and Cisco IOS software tools to help secure networks. The chapter ends with a look at managing Cisco IOS
software images. Although this may not seem like a security issue, Cisco IOS software images and configurations can be deleted. Devices compromised in this way pose security risks. The Increasing Threat to Security Over the years, network attack tools and methods have evolved. As shown in the figure, in 1985 an attacker had to have sophisticated computer, programming, and networking knowledge to make use of rudimentary tools and basic attacks. As time went on, and attackers' methods and tools improved, attackers no longer required the same level of sophisticated knowledge. This has effectively lowered the entrylevel requirements for attackers. People who previously would not have participated in computer crime are now able to do so. As the types of threats, attacks, and exploits have evolved, various terms have been coined to describe the individuals involved. Some of the most common terms are as follows: • White hat-An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them. Hacker-A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. Black hat-Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat. Cracker-A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent. Phreaker-An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls. Spammer-An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages. Phisher-Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.
Think Like a Attacker
The attacker's goal is to compromise a network target or an application running within a network. Many attackers use this seven-step process to gain information and state an attack. Step 1. Perform footprint analysis (reconnaissance). A company webpage can lead to information, such as the IP addresses of servers. From there, an attacker can build a picture of the security profile or "footprint" of the company. Step 2. Enumerate information. An attacker can expand on the footprint by monitoring network traffic with a packet sniffer such as Wireshark, finding information such as version numbers of FTP servers and mail servers. A crossreference with vulnerability databases exposes the applications of the company to potential exploits. Step 3. Manipulate users to gain access. Sometimes employees choose passwords that are easily crackable. In other instances, employees can be duped by talented attackers into giving up sensitive access-related information. Step 4. Escalate privileges. After attackers gain basic access, they use their skills to increase their network privileges. Step 5. Gather additional passwords and secrets. With improved access privileges, attackers use their talents to gain access to well-guarded, sensitive information. Step 6. Install backdoors. Backdoors provide the attacker with a way to enter the system without being detected. The most common backdoor is an open listening TCP or UDP port. Step 7. Leverage the compromised system. After a system is compromised, an attacker uses it to stage attacks on other hosts in the network. Types of Computer Crime As security measures have improved over the years, some of the most common types of attacks have diminished in frequency, while new ones have emerged. Conceiving of network security solutions begins with an appreciation of the complete scope of computer crime. These are the most commonly reported acts of computer crime that have network security implications: • • • • • • • • • Insider abuse of network access Virus Mobile device theft Phishing where an organization is fraudulently represented as the sender Instant messaging misuse Denial of service Unauthorized access to information Bots within the organization Theft of customer or employee data
• • • • • • • • • • •
Abuse of wireless network System penetration Financial fraud Password sniffing Key logging Website defacement Misuse of a public web application Theft of proprietary information Exploiting the DNS server of an organization Telecom fraud Sabotage
Note: In certain countries, some of these activities may not be a crime, but are still a problem. Computer crimes that can be mitigated by effective and vigilant network management: • Insider abuse of network access • Denial of service • System penetration • Password sniffing Open versus Closed Networks The overall security challenge facing network administrators is balancing two important needs: keeping networks open to support evolving business requirements and protecting private, personal, and strategic business information. Network security models follow a progressive scale from open-any service is permitted unless it is expressly denied-to restrictive-services are denied by default unless deemed necessary. In the case of the open network, the security risks are self-evident. In the case of the closed network, the rules for what are permitted are defined in the form of a policy by an individual or group in the organization. A change in access policy may be as simple as asking a network administrator to enable a service. Depending on the company, a change could require an amendment to the enterprise security policy before the administrator is allowed to enable the service. For example, a security policy could disallow the use of instant messaging (IM) services, but demand from employees may cause the company to change the policy. An extreme alternative for managing security is to completely close a network from the outside world. A closed network provides connectivity only to trusted known parties and sites. A closed network does not allow a connection to public networks. Because there is no outside connectivity, networks designed in this way are considered safe from outside attacks. However, internal threats still exist. A closed network does little to prevent attacks from within the enterprise.
Permit everything that is not explicitly denied: Easy to configure and administer Easy for end users to access network resources Security costs: least expensive Combination of specific permissions and specific restrictions: More difficult to configure and administer More difficult for end users to access resources Security cost: more expensive That which is not explicitly permitted is denied: Most difficult to configure and administer Most difficult for end users to access resources Security cost: most expensive Developing a Security Policy The first step any organization should take to protect its data and itself from a liability challenge is to develop a security policy. A policy is a set of principles that guide decision-making processes and enable leaders in an organization to distribute authority confidently. RFC2196 states that a "security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide." A security policy can be as simple as a brief Acceptable Use Policy for network resources, or it can be several hundred pages long and detail every element of connectivity and associated policies. A security policy meets these goals: • • • Informs users, staff, and managers of their obligatory requirements for protecting technology and information assets Specifies the mechanisms through which these requirements can be met Provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance with the policy
Assembling a security policy can be daunting if it is undertaken without guidance. For this reason, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have published a security standard document called ISO/IEC 27002. This document refers specifically to information technology and outlines a code of practice for information security management. ISO/IEC 27002 is intended to be a common basis and practical guideline for developing organizational security standards and effective security management practices. The document consists of 12 sections: • • Risk assessment Security policy
• • • • • • • • • •
Organization of information security Asset management Human resources security Physical and environmental security Communications and operations management Access control Information systems acquisition, development, and maintenance Information security incident management Business continuity management Compliance
This chapter focuses on the security policy section. To read about all the sections, visit http://en.wikipedia.org/wiki/ISO/IEC_27002. The development of the network security policy document is discussed in topic 4.1.5 "The Network Security Wheel" and topic 4.1.6 "The Enterprise Security Policy."