Introduction CHAPTER 1—Why Secure Your Network? Thinking like an Attacker Attacker vs. Hacker Why Would Someone Want to Ruin My Day? Attacks from Within External Attacks Chapter Worksheet Summary CHAPTER 2—How Much Security Do You Need? Performing a Risk Analysis What Assets Do I Need to Protect? From What Sources Am I Trying to Protect These Assets? Who May Wish to Compromise Our Network? What Is the Likelihood of an Attack? What Is the Immediate Cost? What Are the Long-Term Recovery Costs? How Can I Protect My Assets Cost-Effectively? Am I Governed by a Regulatory Body? Budgeting Your Security Precautions Documenting Your Findings Developing a Security Policy Security Policy Basics What Makes a Good Security Usage Policy? Accessibility Defining Security Goals Defining Each Issue Your Organization’s Position Justifying the Policy When Does the Issue Apply? Roles and Responsibilities Consequences of Noncompliance For More Information Level of Privacy Issues Not Specifically Defined Example of a Good Policy Statement Summary CHAPTER 3—Understanding How Network Systems Communicate The Anatomy of a Frame of Data Ethernet Frames The Frame Header Section A Protocol’s Job The OSI Model Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer How the OSI Model Works More on the Network Layer Routers Routing Tables Static Routing Distance Vector Routing Link State Routing Connectionless and Connection-Oriented Communications Connection-Oriented Communications Network Services File Transfer Protocol (FTP): The Special Case Other IP Services Boot Protocol (bootp) and Dynamic Host Configuration Protocol (DHCP) Domain Name Services (DNS) Gopher Hypertext Transfer Protocol (HTTP) Post Office Protocol (POP) Internet Message Access Protocol, Version 4 (IMAP4) Network File System (NFS) Network News Transfer Protocol (NNTP) NetBIOS over IP Simple Mail Transfer Protocol (SMTP) Simple Network Management Protocol (SNMP) Telnet WHOIS Upper Layer Communications Summary CHAPTER 4—Topology Security Understanding Network Transmissions Digital Communications Electromagnetic Interference (EMI) Fiber Optic Cable Bound and Unbound Transmissions Choosing a Transmission Medium Topology Security Ethernet Communications Wide Area Network Topologies Private Circuit Topologies Frame Relay and X.25 Basic Networking Hardware Repeaters Hubs Bridges Switches VLAN Technology Routers A Comparison of Bridging/Switching and Routing Layer 3 Switching Summary CHAPTER 5—Firewalls Defining an Access Control Policy Definition of a Firewall When Is a Firewall Required? Firewall Types Static Packet Filtering Dynamic Packet Filtering Proxies What Type of Firewall Should I Use? Should I Run My Firewall on UNIX or NT? UNIX versus NT NT versus UNIX You Decide… Additional Firewall Considerations Address Translation Firewall Logging Firewall Deployment Summary CHAPTER 6—Configuring Cisco Access Lists Cisco Routers Where to Begin Basic Security Tips Non-privilege Mode Privilege Mode Routing Access Control Lists Access List Basics Standard Access Lists Extended Access Lists Creating a Set of Access Lists Reflexive Access Lists Additional Security Precautions Blocking Smurf at the Source Blocking Smurf at the Bounce Site Blocking Smurf at the Target Site Summary CHAPTER 7—Check Point’s FireWall-1 FireWall-1 Overview FireWall-1 Support Choosing a Platform Prepping NT for Firewall Installation Pre-install Flight Check Installing FireWall-1 The FireWall-1 Configuration Utility FireWall-1 Security Management Creating an Object for the Firewall Working with NAT Working with the FireWall-1 Rules Modifying the Firewall Properties Working with Security Servers Installing the Rules Summary CHAPTER 8—Intrusion Detection Systems The FAQs about IDS IDS Limitations Teardrop Attacks Launching a Teardrop Attack Other Known IDS Limitations IDS Countermeasures Host-Based IDS IDS Setup Before You Begin RealSecure Installation Configuring RealSecure Monitoring Events Reporting Summary CHAPTER 9—Authentication and Encryption The Need for Improved Security Clear Text Transmissions Passively Monitoring Clear Text Clear Text Protocols Good Authentication Required Session Hijacking Verifying the Destination Encryption 101 Methods of Encryption Encryption Weaknesses Government Intervention Good Encryption Required Solutions Data Encryption Standard (DES) Digital Certificate Servers IP Security (IPSEC) Kerberos Point-to-Point Tunneling Protocol Remote Access Dial-In User Service (RADIUS) RSA Encryption Secure Shell (SSH) Secure Sockets Layer (SSL) Security Tokens Simple Key Management for Internet Protocols (SKIP) Summary CHAPTER 10—Virtual Private Networking VPN Basics VPN Usage Selecting a VPN Product VPN Product Options VPN Alternatives Setting up a VPN Preparing the Firewall Our VPN Diagram Configuring Required Network Objects Exchanging Keys Modifying the Security Policy Testing the VPN Summary CHAPTER 11—Viruses, Trojans, and Worms: Oh My! Viruses: The Statistics Financial Repercussions What Is a Virus? Replication Concealment Bomb Social Engineering Viruses Worms Trojan Horses Preventive Measures Access Control Checksum Verification Process Monitoring Virus Scanners Heuristic Scanners Application-Level Virus Scanners Deploying Virus Protection Protecting the Desktop Systems Protecting the NT and NetWare Servers Protecting the UNIX System Summary CHAPTER 12—Disaster Prevention and Recovery Disaster Categories Network Disasters Cabling Thinnet and Thicknet Twisted Pair Fiber Cabling Excessive Cable Lengths Topology Single Points of Failure Saving Configuration Files Server Disasters Uninterruptible Power Supply (UPS) RAID Redundant Servers Clustering Tape Backup Server Recovery Simulating Disasters Nondestructive Testing Document Your Procedures OctopusHA+ for NT Server An Octopus Example Installing Octopus Configuring Octopus Testing Octopus Summary CHAPTER 13—NetWare NetWare Core OS C2 Certification NetWare Directory Services NDS Design Account Management Identification Logon Restrictions Password Restrictions Login Time Restrictions Network Address Restriction Intruder Lockout Rights to Files and Directories Group Membership Security Equal To File System Inherited Rights Mask Logging and Auditing Auditcon Network Security Packet Signature Setting Packet Signature Filtcfg Tweaking NetWare Security The SECURE.NCF Script Secure Console Securing Remote Console Access Summary CHAPTER 14—NT Server NT Overview NT Domain Structure Storing Domain Information Domain Trusts Designing a Trust Architecture User Accounts Working with SIDs The Security Account Manager Configuring User Manager Policies Policies and Profiles File System Permissions Logging Configuring Event Viewer Reviewing the Event Viewer Logs Auditing System Events Security Patches Available IP Services Computer Browser DHCP Relay Agent Microsoft DHCP Server Microsoft DNS Server Microsoft Internet Information Server (IIS) 2.0 Microsoft TCP/IP Printing Network Monitor Agent RIP for Internet Protocol RPC Configuration Simple TCP/IP Services SNMP Service Windows Internet Name Service (WINS) Packet Filtering with Windows NT Enabling Packet Filtering Configuring Packet Filtering A Final Word on NT Ports Securing DCOM Selecting the DCOM Transport Limiting the Ports Used by DCOM DCOM and NAT Ports Used by Windows Services Additional Registry Key Changes Logon Banner Hiding the Last Logon Name Securing the Registry on Windows NT Workstation Cleaning the Page File The Future of Windows NT Summary CHAPTER 15—UNIX UNIX History UNIX File System Understanding UID and GID File Permissions Account Administration The Password File The Group File Limit Root Logon to the Local Console Optimizing the UNIX Kernel Running Make Changing the Network Driver Settings IP Service Administration IP Services inetd Working with Other Services Summary CHAPTER 16—The Anatomy of an Attack Collecting Information The whois Command The nslookup Command Search Engines Probing the Network The traceroute Command Host and Service Scanning Passive Monitoring Checking for Vulnerabilities Launching the Attack Hidden Accounts Man in the Middle Buffer Overflows SYN Attack Teardrop Attacks Smurf Brute Force Attacks Physical Access Attacks Summary CHAPTER 17—Staying Ahead of Attacks Information from the Vendor 3COM Cisco Linux Microsoft Novell Sun Microsystems Third-Party Channels Vulnerability Databases Web Sites Mailing Lists Auditing Your Environment Kane Security Analyst Putting the Results to Use Summary Appendix A Appendix B Index Copyright © Sybex, Inc. [...]... level of potential threat to you network Chapter 2 introduces risk analysis and security policies The purpose of a risk analysis is to quantify the level of security your network environment requires A security policy defines your organization’s approach to maintaining a secure environment These two documents create the foundation you will use when selecting and implementing security precautions In Chapter... good handle on networking and the servers they are expected to manage, but who need to find out what they can do to avoid being victimized by a security breach Network security would be a far easier task if we could all afford to bring in a $350-per-hour security wizard to audit and fix our computer environment For most of us, however, this is well beyond our budget constraints A strong security posture... deal—you cannot focus on one single aspect of your network and expect your environment to remain secure This book provides the system and network administrators with the information they will need to run a network with multiple layers of security protection What This Book Covers Chapter 1 starts you off with a look at why someone might attack an organization’s network resources You will learn about the different... are no clear statistics on how many security incidents go undocumented My own experience suggests that most, in fact, are not documented Clearly, security breaches are on the rise, and every network needs strategies to prevent attack You can report security intrusions to the Computer Emergency Response Team (CERT) Coordination Center at cert@cert.org CERT issues security bulletins and can also facilitate... a fiveuser architectural firm with no remote access to hire a full-time security expert Likewise, it would be unthinkable for a bank to allow outside network access without regard to any form of security measures or policies Most of us, however, fall somewhere in between these two networking examples—so we face some difficult security choices Is packet filtering sufficient for protecting my Internet... maintain a good security posture The first problem is where to begin Should you purchase a book on firewalls or on securing your network servers? Maybe you need to learn more about network communications in order to be able to understand how these vulnerabilities can even exist Should you be worried about running backups or redundant servers? This book can help to answer these questions and more Security. .. questions will help you evaluate potential threats to your network Rate each question on a scale of 1 to 5 A 1 signifies that the question does not apply to your organization’s networking environment; a 5 means the question is directly applicable 1 Is your network physically accessible to the public, such as a library or government office? 2 Is your network accessible by users not employed by your organization,... should take steps to secure your internal network If your organization scored above 12, you should lock down your internal environment just as aggressively as you would secure your network s parameter For questions 6–11, if your score was between 7 and 10, it may be most cost effective to utilize only a minimal amount of security around the parameter of your network If your score was between 11 and... beyond the physical limits of your network Once data leaves the confines of your network, it is that much more difficult to insure that it is not compromised In later chapters we’ll examine in detail the technology required by each of the above situations This checklist is designed to give you an early feel for how security conscious you should be when securing your networking environment Keep in mind... a guide; each network has its own individual nuances Your mileage may vary Summary In this chapter, we saw that the number of security incidents are increasing and that most of these go undocumented We looked at the differences between a hacker and an attacker and covered the benefits of discussing security vulnerability in a public forum We also explored who might try to attack your network and why, . Budgeting Your Security Precautions Documenting Your Findings Developing a Security Policy Security Policy Basics What Makes a Good Security Usage Policy? Accessibility Defining Security Goals. threat to you network. Chapter 2 introduces risk analysis and security policies. The purpose of a risk analysis is to quantify the level of security your network environment requires. A security. can do to avoid being victimized by a security breach. Network security would be a far easier task if we could all afford to bring in a $350-per-hour security wizard to audit and fix our computer