The ABCs of Network Security
With the explosive growth in online applications such as e-commerce, e-government and remote access, companies are able to achieve great efficiency with streamlined processes and lower operating cost. Today’s data networking contains many different types of hardware, software and protocols that are interrelated and integrated. A network security professional must have the ability to look more in depth to fully understand where network vulnerabilities can arise in order to prevent exploits from happening.
As mission-critical networks enable more applications and are available to more users, they become ever more vulnerable to a wider range of security threats. Networks are vulnerable to unauthorized, destructive intrusions, from virus to denial-of-service attacks. Network professionals are under increasing pressure to design and manage complex networks that are secure from unauthorized access and information corruption or theft. The threats can come from many different venues. Security has changed from a wrongfully regarded luxury to well-recognized necessity. There is a vast number of online resources on documented security vulnerabilities.
The Goal of Network Security
Generally, the purpose of information security is to provide authorized users access to the right information and to ensure that the information is correct and that the system is available. These aspects are referred to as confidentiality, integrity and availability (CIA). As a critical part of information security, network security is the protection of the data network from unauthorized access. Restricting access to network services and performing network traffic and bandwidth management and data encryption are common security methods.
First, let’s look at the architecture of a typical network. Then we will discuss its potential vulnerabilities and technologies and practices in use to overcome these potential threats.
An Architectural View of Today’s Network
It is critical to have a solid understanding of today’s network architecture. One must look at the data flow in and out of a network and how the network devices, software and appliances interact with one another to achieve specific business or operational goals.
The standard model for networking protocols and distributed applications is the International Standard Organization’s Open System Interconnect (ISO/OSI) model. Understanding the OSI model is instrumental in understanding how the many different protocols fit into the networking jigsaw puzzle. As we will see later, the majority of the network attacks can be attributed to one or more of the seven layers in the OSI model.
- Layer 1 Physical: The physical layer defines the electrical, mechanical, procedural and functional specifications for activating and maintaining the physical link between communicating network systems. Physical layer specifications define characteristics such as voltage levels, physical data rates and physical connectors.
- Layer 2 Data Link: The data-link layer provides synchronization, error control and flow control for data across the physical link, including physical and logical connections to the packet’s destination, typically using a network interface card (NIC). This layer contains two sub-layers: Media Access Control (MAC) and Logical Link Control (LLC). Some of the protocols that work at this layer are the Point-to-Point Protocol (PPP), Layer 2 Tunneling Protocol (L2TP) and Fiber Distributed Data Interface (FDDI).
- Layer 3 Network: The network layer defines the network address and handles the routing and forwarding of the data. Some of the protocols that work at this layer are the Internet Protocol (IP), Internet Control Message Protocol (ICMP) and Routing Information Protocol (RIP).
- Layer 4 Transport: The transport layer manages the end-to-end control, including error checking and flow control. It accepts data from the session layer and segments the data for transport across the network. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) sit at the transport layer. TCP keeps track of the connection state, like packet delivery order and the packets that must be present. UDP, on the other hand, is connectionless and stateless.
- Layer 5 Session: The session layer establishes, manages and terminates communication sessions. Communication sessions consist of service requests and service responses that occur between applications located in different network devices. These requests and responses are coordinated by protocols implemented at the session layer. Some of the protocols that work at this layer are the Secure Socket Layer (SSL), Remote Procedure Call (RPC) and the AppleTalk Protocol.
- Layer 6 Presentation: The presentation layer formats the data to be presented to the application layer. It can be viewed as the translator for the network (like bit ordering). This layer may translate data from a format used by the application layer into a common format at the sending and receiving station. Some well-known graphic image formats working at this layer are Graphics Interchange Format (GIF) and Joint Photographic Experts Group (JPEG). This layer also handles data compression and encryption.
- Layer 7 Application: The application layer functions typically include identifying communication partners, determining resource availability and synchronizing communication. The layer does not include the actual application, but includes the protocols that support the applications. Some examples of the protocols that work at this layer are Simple Mail Transfer Protocol (SMTP), Hypertext Transfer Protocol (HTTP) Telnet and FTP.
Information being transferred from a software application in one computer system to a software application in another must pass through the different OSI layers. The application program in the sending host will pass its information to the application layer and downward until it reaches the physical layer. At the physical layer, the information is placed on the physical medium and is sent across the medium to the receiving host. The physical layer of the receiving host retrieves the information from the physical medium, and then its physical layer passes the information upward until it reaches the application layer for processing.
Vulnerabilities by Layers
With a basic understanding of how networks are structured and how data communication is done, let’s look at some concrete network vulnerabilities and possible attacks. There are a variety of ways to classify security vulnerabilities and attacks. It is worthwhile to briefly examine them by OSI layers. We will look at vulnerabilities from different angles in next section.
The vast majority of vulnerabilities exhibit themselves as application-layer vulnerabilities, which are the closest to the user application. Telnet and FTP are such examples. These applications send user passwords in such a way that anyone who can sniff the network traffic will get the user’s login and password to gain unauthorized access. On the presentation layer, there are various attacks against data encryption. On the session layer, Remote Procedure Call (RPC) is one of the top computer system vulnerabilities according to SANS. On the transport layer, there are exploitations using SYN flooding and TCP hijacking. Port scanning is common technique used by hackers to identify vulnerable systems. IP spoofing is a very common network-layer attack. Frequent traffic sniffing and wiretapping are common Layer 1 and Layer 2 attacks. Wireless networking has opened new possibilities to hackers.
Network Vulnerabilities and Threats
With virtually all network layers exposed with vulnerabilities, malicious hackers have plenty of means at their disposal to launch various attacks. Without proper protection, any