Changes

Jump to: navigation, search

IT Infrastructure Security

5,961 bytes added, 16:18, 25 February 2008
DSL and Cable Modems
Both Cable and DSL modems provide continuous broadband connectivity to the internet. This comes with considerable advantages in terms of speed and convenience but also includes the risks inherent in having computers connected to a constantly active internet connection.
 
Most basic cable and DSL modems provided by phone and cable companies do not contain any kind of firewall, and even if they did it is unlikely the cable and phone companies would trust us with configuring them. It is essential, therefore, that any computers connected either directly to a modem, or connected to a network that is, are protected by at least a firewall. This can be achieved either by installing a modem which contains a firewall or, vene better, installing a router containing a firewall between the modem and the internal network.
 
== Remote Access Service (RAS) ==
 
Remote Access Service (RAS) is a feature of Microsoft Windows which provides access over a dial-up connection between a client and a server. Once a remote client has gained access to the server through a serious of authentication and authorization protocols the client has the equivalent functionality of a direct network connection to the server. For added security the RAS configuration can also be configured to only allow access after it has called back to an approved telephone number to complete the connection to the client.
 
RAS servers should be considered to be insecure and ideally placed in a DMZ so that malicious activity via the server can be blocked by the inner DMZ firewall.
 
== Telecom/PBX ==
 
Private Branch Exchanges (PBXs) extend the public telephone network into company office buildings and for somne time have been a popular target for hackers. With the increase of more configurable systems and the growth of Voice Over IP (VoIP) these PBX systems have increasing been integrated into the overall enterprise IT infrastructure making them a potential weak link in the security chain. This threat is best addressed by installing firewalls specifically designed to protect both data and phone based systems.
 
Another common exploit of PBXs involves phone hackers (also known as phreakers) hacking into the system and using it to make expensive international calls at the company's expense. These kinds of attacks may also be blocked using sepcialized firewalls. In fact, such firewalls allows rules to be specified to control such issues as long distance access at certain hours of the day, or to require access codes to be entered by users before making international or long distance calls.
 
== Virtual Private Networks (VPN) ==
 
A virtual private network is a mechanism by which secure remote access is provided between a client and server over a public network (typically the internet). A number of methods can be used to deploy VPN connections and these were covered in detail in the chapter entitled [[Understanding Communications Security]]. VPNs use the concept of encryption to prevent confidential information falling into the wrong hands. Encryption either involves encrypting the data contained in IP packets and sending them to the destination where the data is decrypted, or encrypting the entire packet, wrapping it in another packets and sending that to the destination ( a concept known as ''tunneling'') thereby concealing the identity of the sending and receiving parties.
 
== Intrusion Detection Systems (IDSs) ==
 
Intrusion Detection Systems (IDSs) are designed to analyze network data or host activity in real-time and identify and respond to unauthorized activities when they are detected.
 
The two types of IDS available are ''host-based'' and ''network based'' intrusion detection:
 
* '''Network-based Intrusion Detection''' - This type of IDS monitors the flow of data packets on a network and identifies packets which have slipped through the firewall. Packets are compared against databases of known attack signatures and the communication blocked if a match is found. Network based IDS has a couple of shortcomings. Firstly, an IDS can only monitor one segment of a network, raising the possibility that unauthorized traffic may be missed by the system. To avoid this problem Network based IDSs are typically placed at the point of entry to a network such as just inside or just outside the firewall. A second problem is that an IDS is only has good as the signature database on which it relies. Unfortately, not all threats can be identified by a specific signature leading to the possibility of attacks being missed.
 
* '''Host-based Intrusion Detection''' - Host based intrusion detection involves running agents on all servers on a network which serve to gather usage and performance data such as disk and file access, CPU utilization and user activities. This data is transfered to the IDS where it is gathered and analyzed to identify activity patterns which are known to be associated with unauthorized activity. Such system can also detect when activity deviates considerably from the normal baseline activity levels. When a problem is detected an administrator is alerted so that it may be investigated. Host based IDSs work well on small networks but generally have difficulty scaling up to larger enterprises.
 
== Network Monitoring and Diagnostics ==
 
A wide range of tools are available for the purposes of monitoring networks and diagnosing problems. Such tools include ''ping'', ''traceroute'', ''nslookup'', ''netstat'' and ''ifconfig/ipconfig''. These tools all when to diagnose if a problem exists on a network and, if so, where the problem might exist.
 
== Simple Network Management Protocol (SNMP) ==
 
The Simple Network Management Protocol (SNMP) operates at the Application layer of the OSI model and designed to collect statistics from devices connected to a TCP/IP network. The SNMP infrastructure contains a suite of three components consisting of the ''SNMP managed node'', ''SNMP agent'' and the ''SNMP network management station''.
 
The SNMP agent runs on network devices and transmits data to the management station. SNMP version 1 was considered insecure but later versions (2 and 3) have introduction greater levels of authentication (version 2, for example uses MD5 for authentication).

Navigation menu