network
Click on the red underlined text to get to the source
...
This document provides guidance to system and network administrators
on how to address security issues ...
...
The audience for this document are system and network administrators,
and decision makers (typically "middle management") at sites. For
...
... brevity, we will use the term "administrator" throughout this
document to refer to system and network administrators.
...
...
For the purposes of this guide, a "site" is any organization that
owns computers or network-related resources. These resources may
include host computers that users use, routers ...
... Internet services or a service provider such as a mid-
level network. However, most of the focus of this guide is on those
end users of Internet services. We assume that the site has the
...
...
The "Internet" is a collection of thousands of networks linked by a
common set of technical protocols which make it possible for users of
any one of the networks ...
... networks linked by a
common set of technical protocols which make it possible for users of
any one of the networks to communicate with, or use the services
located on, any of the other networks ...
... networks to communicate with, or use the services
located on, any of the other networks (FYI4, RFC 1594(-> 2664fyi4)).
...
... The term "administrator" is used to cover all those people who are
responsible for the day-to-day operation of system and network
resources. This may be a number of individuals or an organization.
...
... security-related decisions you make, or fail to make, as
administrator largely determines how secure or insecure your network
is, how much functionality your network offers, and how easy your
...
... administrator largely determines how secure or insecure your network
is, how much functionality your network offers, and how easy your
network is to use. However, you cannot make good decisions about
...
... is, how much functionality your network offers, and how easy your
network is to use. However, you cannot make good decisions about
security without first determining what your security goals ...
... loss of service (e.g., the filling of data storage space, usage
of computational resources, and denial of network access). Each
type of cost must be weighed against each type of loss.
...
... requirements can be met. Another purpose is to
provide a baseline from which to acquire, configure and audit
computer systems and networks for compliance with the policy.
Therefore an attempt to use a set of security tools ...
... various components of the system, including the type of traffic
allowed on the networks. The AUP should be as explicit as possible
to avoid ambiguity or misunderstanding. For example, an AUP might
list any prohibited USENET ...
... should provide guidelines for external connections, data
communications, connecting devices to a network, and adding new
software to systems. It should also specify any required
notification messages ...
... recovery issues, as well as specify operating hours and
maintenance down-time periods. It should also include contact
information for reporting system and network failures.
...
... An Information Technology System & Network Maintenance Policy
which describes how both internal and external maintenance
people are allowed to handle and access technology. One
...
...
A security plan should define: the list of network services that will
be provided; which areas of the organization will provide the
services ...
... services on a case by case basis as they are needed. This can
be done at the host or network level as appropriate. This model,
which will here after be referred to as the "deny all" model, is
generally more secure than the other model described in the next
...
... default at the host level, and allow all protocols to travel across
network boundaries, usually the default at the router level. As
security holes ...
... security holes become apparent, they are restricted or patched at
either the host or network level.
...
... internal users can be trusted. Once the outer shell (firewall) is
breached, subverting the internal network is trivial.
...
... UDP services), thus
providing more openings to the internal network. Services provided
on the same machine can interact in catastrophic ways. For example,
...
... network administrators go to great lengths to protect the hosts
on their networks. Few administrators make any effort to protect the
networks ...
... networks. Few administrators make any effort to protect the
networks themselves. There is some rationale to this. For example,
it is far easier to protect a host than a network ...
... networks themselves. There is some rationale to this. For example,
it is far easier to protect a host than a network. Also, intruders
are likely to be after data on the hosts; damaging the network ...
... network. Also, intruders
are likely to be after data on the hosts; damaging the network would
not serve their purposes. That said, there are still reasons to
protect the networks ...
... network would
not serve their purposes. That said, there are still reasons to
protect the networks. For example, an intruder might divert network
traffic through an outside host in order to examine the data (i.e.,
...
... not serve their purposes. That said, there are still reasons to
protect the networks. For example, an intruder might divert network
traffic through an outside host in order to examine the data (i.e.,
to search ...
... search for passwords). Also, infrastructure includes more than
the networks and the routers which interconnect them. Infrastructure
also includes network management ...
... networks and the routers which interconnect them. Infrastructure
also includes network management (e.g., SNMP), services (e.g., DNS ...
... therefore be limited. However, if a router is misconfigured, all
users who require the network will be affected. Obviously, this is a
far larger number of users than those depending on any one host.
...
... Protecting the Network ...
...
There are several problems to which networks are vulnerable. The
classic problem is a "denial of service" attack ...
... denial of service" attack. In this case, the
network is brought to a state in which it can no longer carry
legitimate users' data. There are two common ways this can be done:
...
... by attacking the routers and by flooding the network with extraneous
traffic. Please note that the term "router ...
... as an example of a larger class of active network interconnection
components that also includes components like firewalls, proxy ...
... attack would be
the injection of a single packet which exploits some known flaw in
the network nodes and causes them to retransmit the packet, or
generate error packets, each of which is picked up and repeated by
...
... router unusable; a state which will be quickly
detected by network users. In spoofing, the spurious route will
...
... protection against intruders who do not have direct access to the
physical networks. Passwords also offer some protection against
...
... protect against the injection of spurious packets, even if the
intruder has direct access to the physical network. Combined with a
sequence number, or other unique identifier ...
... This prevents an intruder from determining the topology of the
network. The disadvantage to encryption is the overhead involved in
...
... router which is flooding the
network. Fortunately, this type of attack is obvious when it occurs
and can usually be terminated relatively simply.
...
... host computer. In fact, many sites go so far
as to have one set of subnets (or even different networks) which are
accessible from the outside and another set which may be accessed
only within the site. Of course, there is usually a firewall ...
... would need its own supporting system, separated from both external
and internal services and networks.
...
... DNS) to perform address
resolution for host and network names. The Network Information
Service (NIS) and NIS ...
... address
resolution for host and network names. The Network Information
Service (NIS) and NIS+ are not used on the global Internet ...
... DNS server. Name-to-address
resolution is critical to the secure operation of any network. An
attacker who can successfully control or impersonate a DNS server ...
... read-write, etc.). Filesystems should
not be exported to any hosts outside the local network since this
will require that the NFS service ...
... level of
protection and are, in general, a way of implementing security policy
at the network level. The level of security that a firewall provides
...
... A firewall is any one of several mechanisms used to control and watch
access to and from a network for the purpose of protecting it. A
firewall acts as a gateway ...
... gateway through which all traffic to and from the
protected network and/or systems passes. Firewalls help to place
limitations on the amount and type of communication that takes place
...
... Firewalls help to place
limitations on the amount and type of communication that takes place
between the protected network and the another network (e.g., the
Internet ...
... limitations on the amount and type of communication that takes place
between the protected network and the another network (e.g., the
Internet, or another piece of the site's network ...
... A firewall is generally a way to build a wall between one part of a
network, a company's internal network, for example, and another part,
...
... network, a company's internal network, for example, and another part,
the global Internet, for example. The unique feature about this wall
...
... firewall. A router moves data back and forth between two (or more)
different networks. A "normal" router takes a packet from network A
...
... different networks. A "normal" router takes a packet from network A
and "routes" it to its destination on network ...
... host, the bastion host. It is only
possible to access the other network via this bastion host. As only
this host ...
... conferences, etc. Access to the Internet is often available but may
be through an untrusted machine or network. A correctly configured
proxy server can allow the correct users into the site while still
...
... combination of a pair of screening routers with one or more proxy
servers on a network between the two routers. This setup allows the
external router ...
... Most firewalls provide logging which can be tuned to make security
administration of the network more convenient. Logging may be
centralized and the system may be configured to send out alerts for
...
... authenticate
themselves to a central computer. At the time, there were no
networks (internally or externally), so the risk of disclosure of the
clear text password was minimal. Today, systems are connected
...
... clear text password was minimal. Today, systems are connected
together through local networks, and these local networks are further
connected together and to the Internet ...
... password was minimal. Today, systems are connected
together through local networks, and these local networks are further
connected together and to the Internet. Users are logging in from
...
... all over the globe; their reusable passwords are often transmitted
across those same networks in clear text, ripe for anyone in-between
to capture. And indeed, the CERT ...
... security and integrity of
their systems and networks consider moving away from standard,
reusable passwords. There have been many incidents involving Trojan
...
... reusable passwords. There have been many incidents involving Trojan
network programs (e.g., telnet and rlogin) and network packet
...
... network programs (e.g., telnet and rlogin) and network packet
sniffing programs. These programs capture clear text
...
... over (hence the term "reusable"), and 2) the password passes across
the network in clear text.
...
...
Kerberos is a distributed network security system which provides for
authentication across unsecured networks ...
... network security system which provides for
authentication across unsecured networks. If requested by the
application, integrity and encryption can also be provided. Kerberos ...
... terminals dedicated to
special tasks), and individual microcomputers and workstations,
especially those connected to your network. Make sure people's work
areas mesh well with access restrictions; otherwise they will find
ways to circumvent your physical ...
... Other areas where physical access should be restricted is the wiring
closets and important network elements like file servers, name server
hosts ...
... Walk-up Network Connections ...
...
By "walk-up" connections, we mean network connection points located
to provide a convenient way for users to connect a portable host to
...
... that it allows any user to attach an unauthorized host to your
network. This increases the risk of attacks via techniques such as
IP address ...
... host should be authenticated before its user is permitted
to access resources on your network. As an alternative, it may be
possible to control physical access. For example, if the service ...
...
If you are providing walk-up access for visitors to connect back to
their home networks (e.g., to read e-mail, etc.) in your facility,
consider using a separate subnet that has no connectivity to the
...
...
Keep an eye on any area that contains unmonitored access to the
network, such as vacant offices. It may be sensible to disconnect
such areas at the wiring closet, and consider using secure hubs and
monitoring attempts to connect unauthorized hosts ...
... Other Network Technologies ...
... Crackers are certainly interested in telephone switches as well as in
data networks!
...
... username and password check should be completed before a user can
access anything on your network. Normal password security
considerations are particularly important (see section 4.1.1).
...
...
This section covers the procedures for collecting data generated by
network activity, which may be useful in analyzing the security of a
network ...
... network activity, which may be useful in analyzing the security of a
network and responding to security incidents.
...
... security
level by any person, process, or other entity in the network. This
includes login and logout, super user access ...
... point-to-point cable. Since that is
usually impractical, the path should pass through the minimum number
of networks and routers. Even if logs can be blocked, spoofing can
...
... security incident occurs on a host,
network, site, or multi-site environment. The operative philosophy
in the event of a breach of computer security is to react according
...
...
Due to the world-wide network most incidents are not restricted to a
single site. Operating systems vulnerabilities ...
... to several millions of systems, and many vulnerabilities are
exploited within the network itself. Therefore, it is vital that all
sites with involved parties be informed as soon as possible.
...
... held responsible because one of their nodes was used to launch a
network attack. In a similar vein, people who develop patches or
workarounds may be sued if the patches or workarounds are
...
... Priority two -- protect classified and/or sensitive
data. Prevent exploitation of classified and/or
sensitive systems, networks or sites. Inform affected
classified and/or sensitive systems, networks or sites
...
... sensitive systems, networks or sites. Inform affected
classified and/or sensitive systems, networks or sites
about already occurred penetrations.
(Be aware of regulations by your site or by government)
...
... because loss of data is costly in terms of resources.
Prevent exploitations of other systems, networks or
sites and inform already affected systems, networks or
...
... Prevent exploitations of other systems, networks or
sites and inform already affected systems, networks or
sites about successful penetrations.
...
... Priority five -- minimize disruption of computing
resources (including processes). It is better in many
cases to shut a system down or disconnect from a network
than to risk damage to data or systems. Sites will have
to evaluate the trade-offs between shutting down and
...
...
Another important concern is the effect on others, beyond the systems
and networks where the incident occurs. Within the limits imposed by
government regulations it is always important to inform affected
parties as soon as possible. Due to the legal implications of this
...
...
A similar consideration is using a secure means of communication.
Because many network attackers can easily re-route electronic mail ...
... lines (the phones normally used in the business world) are also
frequent targets for tapping by network intruders, so be careful!
...
... incident when the local government becomes involved. Normally (in
the U.S.), except by legal order, no agency can force you to monitor,
to disconnect from the network, to avoid telephone contact with the
suspected attackers ...
... helpful to obtain and use any detection software which may be
available. Audit information is also extremely useful, especially in
determining whether there is a network attack. It is extremely
important to obtain a system snapshot as soon as one suspects that
...
... affected systems and to limit the impact and damage. In the worst
case scenario, shutting down the system, or disconnecting the system
from the network, may the only practical solution.
...
... attack. An
essential part of containment is decision making (e.g., determining
whether to shut a system down, disconnect from a network, monitor
system or network activity, set traps ...
... whether to shut a system down, disconnect from a network, monitor
system or network activity, set traps, disable functions such as
remote file transfer ...
... re-customize the system. To facilitate this worst case scenario, a
record of the original system setup and each customization change
should be maintained. In the case of a network-based attack, it is
important to install patches for each operating system ...
...
It is one thing to protect one's own network, but quite another to
assume that one should protect other networks. During the handling
...
... It is one thing to protect one's own network, but quite another to
assume that one should protect other networks. During the handling
of an incident, certain system vulnerabilities of one's own systems
...
... this point and know that you were finished with the job of security.
Unfortunately, that isn't possible. Your systems and networks are
not a static environment, so you will need to review policies and
procedures on a regular basis. There are a number of steps you can
...
... This Reference Index contains a list of links to information
sources on Network and Computer Security. There is no implied
fitness to the Tools ...
... R. Bates, "Disaster Recovery Planning: Networks, Telecommunications and Data Communications", McGraw-Hill, 1992. ...
... Virus and the Vulnerability of National Telecommunications Networks to Computer Viruses", GAO/T-IMTEC-89-10, Washington, DC, 20 July 1989. ...
... Defense Data Network, "BSD 4.2 and 4.3 Software Problem Resolution", DDN MGT Bulletin #43, DDN Network Information Center, 3 November 1988. ...
... Defense Data Network, "BSD 4.2 and 4.3 Software Problem Resolution", DDN MGT Bulletin #43, DDN Network Information Center, 3 November 1988. ...
... D. Hess, D. Safford, and U. Pooch, "A Unix Network Protocol Security Study: Network Information Service", Texas A&M University. ...
... D. Hess, D. Safford, and U. Pooch, "A Unix Network Protocol Security Study: Network Information Service", Texas A&M University. ...
... C. Kaufman, R. Perlman, and M. Speciner, "Network Security: PRIVATE Communication in a PUBLIC World", Prentice Hall, Englewood Cliffs, NJ, 1995. ...
... W. Lu and M. Sundareshan, "A Model for Multilevel Security in Computer Networks", IEEE Transactions on Software Engineering, Vol. 16, No. 6, Page 647, 1 June 1990. ...
... National Computer Security Center, "Trusted Network Interpretation", NCSC-TG-005, NCSC, 31 July 1987. ...
... Congress of the United States, Office of Technology Assessment, "Information Security and Privacy in Network Environments", OTA-TCT-606, September 1994. ...
... J. Quarterman, J., "The Matrix: Computer Networks and Conferencing Systems Worldwide", Digital Press, Bedford, MA, 1990. ...
... M. Ranum, "A Network Firewall", Digital Equipment Corporation Washington Open Systems Resource Center, June 12, 1992. ...
... R. Reinhardt, "An Architectural Overview of UNIX Network Security" ...
... R. Reinhardt, "An Architectural Overview of UNIX Network Security", ARINC Research Corporation, February 18, 1993. ...
... R. Shirey, "Defense Data Network Security Architecture", Computer Communication Review, Vol. 20, No. 2, Page 66, 1 April 1990. ...
... W. Venema, "TCP WRAPPER: Network monitoring, access control, and booby traps", Mathematics and Computing Science, Eindhoven University of Technology, The Netherlands. ...
... L. Wrobel, "Writing Disaster Recovery Plans for Telecommunications Networks and LANS", Artech House, 1993. ...