Chapter 15: Network Security
Objectives
After reading this chapter and completing the exercises students will be able to:
Identify security risks in LANs and WANs
Explain how physical security contributes to network security
Discuss hardware- and software-based security techniques
Use network operating system techniques to provide basic security
Implement enhanced security through specialized software
Describe the elements of an effective security policy
Teaching Tips
Terminology
1. Call students’ attention to the definitions of crackers and hackers on page 758. How does the news media
confuse these terms?
2. Research some recent stories about cracker exploits and relay what you’ve learned to the class. Direct students
to browse http://www.sans.org and http://www.cert.org to find information on security issues with major
operating systems. Which issues seemed to present the most serious security risks?
3. Make sure students understand what the term “root” means and all the privileges that a root account has on a
system.
4. Describe the process of authentication on a typical system and how this pertains to security concerns.
5. Discuss the role of the firewall in network security, and how it is typically configured.
Security Audits
1. Emphasize that a security audit should address the questions, “What will I lose if my system goes down?” and
“How much of the information I store, transmit, and receive is confidential?” Discuss the relationships
between vulnerabilities and security measures used to address them.
2. Refer to the security audit questionnaire in Appendix C and discuss the items that a security audit should
address.
3. Explain why it might be more advantageous for a company to hire an outside consultant to perform their
security audit rather than having their own engineers do the work.
164
Security Risks
1. Give students an overview of the types of security risks that face a network, including those associated with
people, hardware, and software.
2. Begin a discussion of what an organization stands to lose due to security breaches.
3. Compare the potential impact of security risks on a network with the impact of availability risks. How might
tighter security affect users’ access to network resources?
Risks Associated with People
1. Define social engineering and give examples of how someone could talk his or her way into gaining access to
a network. Ask students to consider some of the actions such a person with unauthorized access might take –
how might this affect the network or the organization?
2. Explain that risks associated with people are difficult to pinpoint and protect against. Ask students to consider
what policies or procedures might be effective in this regard.
3. Discuss some examples of intentional and unintentional security breaches that employees may present to an
organization. Point out some errors an administrator may make that could leave his or her network vulnerable
to malicious intruders.
4. Emphasize the need for all employees in an organization to be aware of security concerns, and of the possible
consequences of a security breach.
5. Associate physical security (such as locked computer room doors) with security relating to personnel (for
example, policies that dictate that staff should always close the computer room door behind them).
Risks Associated with Hardware and Network Design
1. Ask students to comment on how hardware and network design risks compare to human risks. How does
physical security relate to hardware and network design risks?
2. Discuss the security inherent in different transmission media. Emphasize that fiber optic cable is the most
secure physical media. Point out that spread-spectrum RF is the most secure of all transmission types.
3. Discuss how using the Internet (or VPNs) presents specific security risks. Explain how a network can be
designed to address these risks.
4. Describe the security risks inherent in broadcast traffic. Discuss how sniffers, strategically placed on a
network, can intercept traffic. Contrast switches and routers for their resistance to sniffer taps.
5. Point out the unique security risks posed by modems attached to servers or workstations on the LAN. What
policy could minimize this risk? Explain that a modem in this environment can be made secure through the
use of callback and modem passwords.
165
Risks Associated with Protocols and Software
1. Discuss the inherent security flaws in one of the most popular network protocols, TCP/IP. Challenge students
to explain why, if it’s so insecure, TCP/IP is still so popular.
2. Explain the possible risks associated with network operating systems. In particular, explain why it is never a
good idea to leave the NOS installation defaults on a server.
3. Expand on the previous topic by explaining the risks that certain applications pose if the installation defaults
are accepted and never changed.
Risks Associated with Internet Access
1. Refer to discussions from the previous chapter on viruses, Trojan Horses, and worms to begin a discussion
about security risks posed by Internet e-mail.
2. Explain what type of information about a user can be obtained while he or she surfs the Web. Further,
describe how this information could be used to compromise the security of the network.
3. Mention the increasingly common trend of companies to put a wealth of information about their organization
on their Web sites. Ask students to think of information that a company might feel is safe which actually puts
their network at risk (for example, “our servers are all named after presidents.”)
4. Define and discuss IP spoofing, and denial of service attacks. Direct the class to use the Web to research
how common these types of attacks are and present their findings at the next class meeting Ask students to
focus particularly on ISPs, whose networks must be partially public.
Quick Quiz
1. True or false: A hacker breaks into networks with malicious intent.
Answer: False
2. Since VPNs use _______________ transmission lines, they are more vulnerable to security breaches than
private WANs.
Answer: public
3. When a malicious person attempts to flood your network with so much traffic that legitimate traffic cannot
traverse it, he is launching a ________________________ attack.
Answer: denial of service
4. True or False: TCP/IP is inherently a secure protocol.
Answer: False
5. What is the most secure type of network transmission media?
Answer: fiber optic cable.
166
Addressing Risks Associated with People
1. Introduce this topic by emphasizing that most security breaches happen because people are either negligent or
malicious. Ask students how they would combat risks associated with people.
2. Emphasize that risks associated with people are the most difficult to address. Talk about how and why many
people in a networking department need to have root access to the servers.
An Effective Security Policy
1. Discuss typical goals for a security policy, including preventing damage to systems or data while ensuring that
authorized staff has all the access they need to do their jobs.
2. Describe the benefits of forming a committee to discuss what an organization’s security policy should look
like. Who should be on this committee? What can be done to elicit buy-in?
3. Discuss how a security policy should be introduced to users. What role should technical staff have in creating
and implementing the policy? What role should management have?
4. Ask students to imagine what kind of resistance a network manager might face once he creates a security
policy where one didn’t previously exist. How can this resistance be overcome?
5. Note that a security policy should address both accidental and intentional damage and theft of data, systems,
or networks.
6. Discuss how a network security policy may pertain to or belong to an organization’s overall security policy.
Emphasize that the goals of both property security and network security are similar.
7. Point out that a response policy is just as important as a security policy. Describe the roles of staff members
mentioned in a typical response policy.
Passwords
1. Emphasize how simple can be for passwords to be cracked. Make sure students understand the difference
between effective and ineffective passwords.
2. From your experience, relate an anecdote about co-workers who shared passwords, because they thought they
needed to in order to get their work done. Ask students to suggest a better way of enabling the co-workers to
complete their tasks that kept their passwords secret.
3. Discuss how students can coach users on choosing effective passwords and educate users on why it’s
important.
Physical Security
1. Describe all the points at which a network could be compromised through physical security vulnerabilities
(including telecommunications closets, loading docks, computer rooms, offices, etc.).
2. Discuss some measures that will deter intruders from attempting to break into a network by exploiting
physical vulnerabilities.
167
3. Research the latest bio-recognition security devices and present your findings to the class. Which ones are
currently in favor? Which ones do very secure environments such as the federal government use? Which are
most expensive? Which are most effective?
4. Discuss who, in an organization, should determine which individuals have access to sensitive areas and what
credentials these individuals need to have.
Quick Quiz
1. True or False: A response policy maps out how staff should respond to a suspected security breach.
Answer: True
2. List three physical access points where an intruder could get to a network and potentially steal or damage
data.
Answer: computer room, telecommunications closet, a network manager’s office.
3. A good password includes a combination of ______________, ______________ and ________________
characters.
Answer: alphabetical, numeric, special
4. True or False: Networks are usually compromised due to human error or negligence.
Answer: True
Addressing Risks Associated with Hardware and Design
1. Describe why the best insurance against security might be to remain disconnected from the rest of the world,
however impractical that may be. By extension, how can organizations limit or control their connections to the
outside world?
2. Review the discussion of WAN and remote connectivity from Chapter 7 to remind students what types of
connection points a WAN includes.
Firewalls
1. Explain that firewalls may be hardware- or software-based. Briefly describe the differences between the two
types and compare their benefits and disadvantages.
2. Provide an illustration of a WAN and ask students to place firewalls in appropriate locations.
3. Define a packet filtering firewall and its functions. Give examples of cases in which this type of firewall
would be appropriate.
4. Emphasize that most firewalls will provide little protection unless they are properly configured. Point out that
a popular and unsafe assumption is that simply installing a firewall on a network will protect the network from
intrusion.
5. List the types of information that a packet-filtering firewall will capture and check. Emphasize that packet-
filtering firewalls cannot distinguish authorized users from unauthorized users because they do not operate at
the higher layers of the OSI Model.
6. Discuss the meaning of the slang phrase “punch a hole in the firewall.” Why is it best to keep holes to a
minimum?
168
7. Point out the role of firewalls in VPN architecture. Also remind students that home users of broadband
Internet access should have firewalls in place. Ask students to research home firewalls. Which ones would
they choose, or which are they currently using?
8. Discuss the purpose of a proxy server in enhancing network security.
9. List the many different features that the most sophisticated firewalls may offer. Do some research on the most
elaborate firewall systems, and present your findings to the class. Provide illustrations if possible.
Remote Access
1. Identify the types of risks inherent in remote access and dial-up networking, and how authentication servers
address these risks.
2. Give examples of some popular remote control software. If possible, demonstrate the use of one of these
programs before the class. Point out the security features that it provides. Discuss whether the software’s
security measures are secure enough.
3. Explain that some remote connectivity devices can be configured to used hardware passwords and callback
authentication. Mention Verisign’s SecurID smart cards, and ask students to conduct research on this product
and present their findings at the next class meeting.
4. Define RADIUS and TACACS and discuss their place in securing dial-up connections.
Addressing Risks Associated with Protocols and Software
1. Discuss how implementation of software-based measures can be fairly easy, compared to hardware/design or
human behavior tactics. Then ask students why perhaps such software measures aren’t taken.
2. Describe the differences between security measures taken at the network operating system, application, utility,
or transport level. Which is most effective in protecting against different types of attempted intrusions?
Network Operating System Authentication
1. Discuss the different types of rights that a network operating system can provide. Emphasize that the
administrator ID controls all these rights.
2. Discuss the types of “public” rights that typically occur as defaults with network operating systems. What
kind of directories require that all users have at least “Read” and “File Access” rights to them?
3. Explain how creating groups can simplify the administration of user rights and therefore make security easier
to maintain.
4. Discuss some less-used, but still important restrictions that administrators can impose on users’ login habits
such as time of day, workstation address, number of unsuccessful login attempts, etc. Point out under what
circumstances each of these is most useful.
169
Encryption
1. Define encryption (most students will know intuitively, but not precisely, what it means).
2. Present different methods of encryption, including key, digital certificate, SSL, and PGP. Discuss when each
is most appropriate.
3. Discuss the impact of encryption on users. If users find it difficult to use and refuse to do so, what can be done
to encourage them to use it?
4. Define key and cipher text. Emphasize that the longer a key, the better the encryption.
5. Define public key, private key, and data encryption standard (DES). Call student’s attention to the
illustrations on pages 782-783, and conduct a walkthrough of transmitting an encrypted message.
6. Explain how Kerberos works, and why it is considered to be so secure. Use an onboard or overhead
illustration to depict how Kerberos functions, and walk through the process of using Kerberos to transmit a
message.
7. Direct students’ attention to http://www.pgpi.org/. Download a copy of PGP for students to experiment with
in your lab, and ask them to comment on its ease of use.
8. Conduct a walkthrough of data transmission using SSL. Point out how HTTPS is used in e-commerce, and
that it can also be used to secure an HTTP session for Webmail (e-mail access to a remote server via dial-up).
9. Discuss IPSec as a solution for the inherent security weaknesses in TCP/IP. Use the board or overhead
projector to illustrate how IPSec functions.
Virtual Private Network (VPN) Security
1. Call students’ attention the Chapter 7’s coverage of PPP. Define PPTP and how it encapsulates protocols.
Remind students that dial-up networking and RAS are pretty much the same thing as regards connectivity –
what additional functions does RAS offer?
2. Discuss why tunneling is necessary to create VPNs.
3. Call students’ attention to Counterpane Labs notes on Microsoft’s PPTP 2 protocol at
http://www.counterpane.com/pptp.html. Direct the class to use the Web to research this issue and present their
findings at the next class meeting. How has Microsoft addressed this issue?
4. Mention the advantages and disadvantages of Layer 2 Forwarding (L2F).
5. Explain how L2TP expands on PPTP and makes up for its weaknesses. Mention that using L2TP rather than
PPTP will better position a network for expansion.
Quick Quiz
1. Packet filtering firewalls operate at the _____________ and _______________ layers of the OSI Model.
Answer: Data Link and Transport
2. True or False: A firewall will offer excellent network protection right out of the box.
Answer: False -- it must be properly configured to offer network protection.
170
3. Proxy servers manage security at the _________________ Layer of the OSI Model.
Answer: Application
4. Name two security provisions that remote control programs might contain.
Answer:
Support for data encryption
Ability to blank out the remote screen
Login ID and password requirement
Ability for the host system to callback
Ability for the host system’s keyboard and mouse to be disabled
Ability to reboot the host system when a remote user disconnects from the system
5. True or False: Successful network security is a combination of hardware, software, and expertise in
configuration.
Answer: True
Class Discussion Topics
1. If you were a network manager who recently instituted a new network security policy and one of your top-
level engineers refused to abide by the policy, how would you handle it? How might you be able to prevent
such a situation before the policy is issued?
2. Why would it be a good idea to assign one network professional as the security engineer for your
organization? What would the person’s job description look like? What would he or she do on a daily basis?
What are the potential perils of assigning this job to one person?
3. If you were an IT manager at a large company who had a very small budget to spend on network security,
what security measures would you take and in what order of priority. Why?
4. As a public relations representative at an online stock trading company, how would you explain a denial of
service attack that took down your network and caused thousands of customers to lose potentially millions of
dollars in lost trading opportunities? What kind of information would you be willing to release about the
incident?
5. What kind of encryption would you recommend for a company to use on its e-commerce Web site so
customers can make online purchases securely?
6. What type of technical and soft skills would be optimal for network security engineers to have?
Additional Projects
1. Invite a network security engineer to visit your class to discuss intrusion attempts that he/she has guarded
against. How were the vulnerabilities addressed? Have students conduct research beforehand for questions
about the most popular types of attacks. Also, ask the professional to discuss how he/she keeps skills current
to ward off new types of attacks. Finally, ask the professional to describe the steps he/she takes to plan the
installation and configuration of a firewall on the network.
2. Have students use the Internet to find information about newsworthy security cracking (for example, the CIA
Web site). Ask them to find out how the breaches were accomplished and how the perpetrators were
discovered on the network.
171
3. Have students use the Internet to research the different types of iris and handprint scanning devices on the
market today. Ask them to find a solution for a company that wants to pay no more than $10,000 on the
system, but needs the utmost security. Ask them to compare the bio-recognition security systems on their
reliability Do either have 100% accuracy? Will either be susceptible to a person’s changing physical
characteristics?
4. Bring a few copies of PCAnywhere to class and install it on at least two machines, with one acting as the host
and one the remote client. Have students experiment with remotely controlling another machine. In particular,
ask them to set a login ID and password on their machine that will prevent unauthorized personnel from
connecting to it and taking it over.
5. Download some password cracking programs from the Web, ask students to choose a password and
demonstrate how easily the programs can crack their passwords.
Further Readings
1. Carnegie Mellon’s CERT Coordination Center, WWW: http://www.cert.org
2. SANS Institute Website, WWW: http://www.sans.org/newlook/home.htm
3. Counterpane Labs, WWW: http://www.counterpane.com
Technical Notes for the Hands-on Projects
The lab setup for the Chapter 15 hands-on projects includes the following elements (see the table):
Windows 98 or Windows 2000 Professional computers with network connectivity, Internet access, and
Web browsers
A Windows 2000 server with network connectivity
Administrative privileges on the Windows 2000 server
HANDS-ON NETWORK WORKSTATION OR OTHER RESOURCES
PROJECT DEVICES SERVER REQUIRED
REQUIRED OPERATING
SYSTEMS
REQUIRED
15-1: Investigate Web Windows 98 or Windows Workstation Internet
resources for network 2000 Professional connectivity; Netscape
vulnerabilities computers Communicator or
Microsoft Internet
Explorer
15-2: Manage user A Windows 2000 server Windows 98 or Windows
account policies to with network 2000 Professional
restrict access connectivity computers with network
connectivity to the
Windows 2000 server
15-3: Assign rights to A Windows 2000 server Windows 98 or Windows
groups of users with network 2000 Professional
connectivity computers with network
connectivity to the
Windows 2000 server
172
Solutions
Review Questions
1. If you have root privileges on a system, you could delete user IDs from that system. True or False?
Answer: True
2. What do you call manipulating people to get them to reveal confidential information, such as their passwords?
Answer: A.
3. Which of the following is the most secure password?
Answer: C.
4. Which of the following would not typically be used for authenticating to a system?
Answer: D and E.
5. Name three different security risks associated with people.
Answer: Any three of the following:
Intruders or attackers may use social engineering or snooping to obtain user passwords
An administrator may incorrectly create or configure user ids, groups, and their associated rights on a
file server, resulting in file and login access vulnerabilities
Network administrators may overlook security flaws in topology or hardware configuration
Network administrators may overlook security flaws in operating system or application configuration
Lack of proper documentation and communication of security policies may lead to deliberate or
inadvertent misuse of files or network access
Dishonest or disgruntled employees may abuse the file and access rights they’ve been given
A computer or terminal left logged into the network while its operator goes away may provide an
entry point for an intruder
Users or even administrators choose passwords that are easy to guess
Authorized staff may leave computer room doors propped open or unlocked, allowing unauthorized
individuals to enter
Staff may discard disks or backup tapes in “public” waste containers
Administrators may neglect to remove access and file rights for employees who have left the
organization
6. What is the most likely way that a network’s security will be compromised?
Answer: A.
7. Which device could a cracker use to intercept and interpret transmissions between one router and another
router on a WAN?
Answer: D.
8. Accepting the default options for security on a server-based application is usually a good policy. True or
False?
Answer: False
9. If someone obtains one of your LAN’s internal IP addresses and uses it to gain access through your firewall
from the Internet, he is using what method of security attack?
Answer: E
10. The UDP protocol is more secure than the TCP protocol. True or False?
Answer: False
173
11. If someone floods your LAN’s router with excessive traffic so that your legitimate traffic cannot go out or
come in, what method of security attack is he or she using?
Answer: C.
12. Which of the following is not typically addressed in a security policy?
Answer: B.
13. What is the primary purpose for establishing a security response team?
Answer: C.
14. What should an organization do to assess its potential security risks?
Answer: A.
15. Name four questions that should be addressed in a security audit.
Answer: Questions to ask as part of a security audit that address your organization’s physical security include:
Which rooms contain critical systems or data and need to be secured?
Through what means might intruders gain access to the facility, computer room, telecommunications
room, wiring closet, or data storage areas?
How and to what extent are authorized personnel given entry?
Are employees instructed to ensure security after entering or leaving secured areas (not to prop open
doors)?
Are authentication methods difficult to forge or circumvent?
Are periodic physical security checks made by supervisors or security personnel?
Are all combinations, codes, or other access means to computer facilities protected at all times, and
are these combinations changed periodically?
Is a plan in place for documenting and responding to physical security breaches?
16. What’s the simplest way to stop a denial of service attack on a server?
Answer: A.
17. Which of the following transmission media is the most secure?
Answer: E.
18. Which of the following encryption methods is most commonly used on a VPN?
Answer: C.
19. Which two of the following do not contribute to a network’s physical security?
Answer: B and E.
20. Which of the following network operating system restrictions is most likely to stop a cracker who is
attempting to discover someone’s password?
Answer: A.
21. Name four different criteria that a packet filtering firewall might use for filtering traffic.
Answer: Any four of the following:
Source and destination IP addresses
Source and destination ports (for example, ports that supply TCP/UDP connections, FTP, Telnet,
SNMP, RealAudio, etc.)
TCP, UDP, or ICMP protocol
Whether a packet is the first packet in a new data stream or a subsequent packet
Whether the packet is inbound or outbound to or from your private network
Whether the packet came from or is destined for an application on your private network.
22. At which two layers of the OSI Model do a packet filtering firewall operate?
Answer: C.
174
23. Before a firewall can effectively filter unwanted traffic, it must be:
Answer: B.
24. Which of the following best describes the function of a proxy server?
Answer: D.
25. Which of the following security risks does using the callback feature on a remote control application address?
Answer: B.
26. If a company wants to save office leasing costs and allow 50 of its employees to work at home, what type of
arrangement would be the most secure, practical, and economical for granting home workers access to the
LAN?
Answer: B.
27. What service does PPTP provide?
Answer: A.
28. If you are entering your account number in a Web page to gain access to your stock portfolio online, which of
the following encryption methods are you most likely using?
Answer: E.
29. In general, the longer the key, the more secure the encryption. True or False?
Answer: True
30. PGP is frequently used for what type of network communication?
Answer: A.
Hands-on Projects
Project 15-1
In this exercise students will have an opportunity to research a fix for a known security flaw in Windows NT. This
patch was current at the time of this book’s writing, but if students cannot find it, simply choose another, similar
fix to investigate. Students will also investigate Novell’s security document and warnings about its NOS. Make
sure students realize that these are not necessarily shortcomings, but inevitable loopholes in very complex
software. Also make them aware that since new security flaws are always being discovered or exploited, as
network managers they must stay apprised of these releases.
Finally, students will get the opportunity to investigate even more security warnings issued by CERT. Make it
known that this is a world-renowned authority on security vulnerabilities and that many network administrators
regularly subscribe to these alerts.
Project 15-2
Account management is a simple, but effective tool for increasing network security. Along with the individual
account settings explored in this exercise, make sure students understand the use of groups (covered in the next
exercise) and templates to ease user account administration. Ask them to imagine how cumbersome this process
could be if you were the network manager for an organization with thousands of users.
Project 15-3
This exercise will familiarize students with creating groups and the effects of the restrictions on those groups.
Make sure they try logging in under the ids they have created as part of the groups and check to see whether their
permissions settings worked.
175
Case Projects
Case Assignment 1
The credit union has a head start on some security measures, such as cameras and secure off-site storage for
backups and a security policy.
Potential security risks include:
RAS server
Firewall (is it configured properly?) and Internet access
Web-based transactions (again, what are the security measures for protecting data via the Internet?)
Security policy (is it effective, current, thorough, and enforced?)
Password and time of day restrictions to server resources
Trusted relationships between UNIX database hosts and other servers
The ISDN link between offices
Windows NT operating system
A checklist for their security audit should include (at least):
List of who has permissions to which directories on what server(s)
Justification for each group and individual permission
Windows NT operating system – e.g., are all the defaults (such as the administrator account) removed?
UNIX operating system check
Review of the corporate security policy to make sure it’s current and thorough and that all users understand its
implications
Description of what happens when security is breached, and assignment of a security response team
Policies for logging into the remote access server (password restrictions, time of day restrictions, number of
concurrent users, resource restrictions, etc.)
Firewall policies (what is filtered on the way in and out?)
Case Assignment 2
Explain to employees how easily non-secure passwords (such as their dog’s or spouse’s name) can be cracked. If
possible, bring a demo of a password-cracking program and ask them to log in while you are running it on their
network. They will be surprised at how easily the password can be guessed. Explain to them why crackers would
want to do this and what access doing this would afford them. Then correlate that access with potential loss or
damage of data, loss of profit and productivity, and the length of time it would take to recover. In addition,
emphasize the risks to the organization’s reputation and customer loyalty.
Case Assignment 3
An expansion of 10 users would probably be best serviced by a VPN solution, since the credit union already has an
Internet connection established. With so few users, it probably doesn’t make sense to lease office space
(depending on what area of the country they’re in, and the cost of office space). In either case, though, security
must be implemented at the point where VPN or remote users connect to the headquarters’ network. With a remote
office, it might be an ISDN line with a remote access server. For a VPN, a similar remote access server could be
used on the other side of their Internet connection. In both cases a RADIUS server might be a good way of
centrally authenticating all remote users. If placed at the headquarters, this RADIUS server could be used for the
east side office as well as home workers. It would provide another layer of security (in addition to the firewall) for
Internet access.
176