8 Chapter 1 Introduction to Network Security

just to keep up. Improper and/or incomplete change control on the network can expose some really ugly policy weaknesses.

If your technical support staff is continually changing, be sure to understand that this can create a security weakness in your policies.

Lax Security Administration

Creating a fabulous corporate security policy, including monitoring and auditing your network’s security, is hard work. It can be upsetting when no one cares about it. “Why implement this? They’ll just tell me to change it next week!” That’s probably true, but somehow you need to try to provide a solid, well-defined security policy that is also well monitored.

Think of this as a policy within the policy, because if no one is monitoring or auditing company resources, those resources can and will certainly be wasted. This has potentially catastrophic implications because that type of lax security administration could easily end up exposing the corporation to legal action!

Installation and Changes That Do Not Follow the Stated Policy

Making sure that all software and hardware installations follow the stated installation policy is part of monitoring that policy. And monitoring these installations is integral to the policy’s integrity. I know this is difficult and tedious, and it seems as if I’m telling you that you don’t get to have a life, but it’s very important—really. If you have no installation or configuration policy to adhere to, then unauthorized changes to the network’s topology or some unapproved application installation can quickly create holes in your network’s security.

No Disaster Recovery Plan

Disasters? Those only happen somewhere else, right? But they might happen, and they can even happen to you. So for your network’s sake, earthquakes, fires, vandalism, hardware failure, vicious cord-eating rats, and even—God forbid—Internet access failure should all be things that you have a strategy for dealing with in your disaster recovery plan. Your gleaming, brilliant disaster recovery plan will describe your every answer to each and every one of these woes. If you don’t do this in times of tranquil peace before you experience a meltdown, you’ll experience sheer chaos, panic, and total confusion when something really does go down. And certain types of people tend to take advantage of situations like that, don’t they? ’Nuf said.

Types of Network Attacks

Okay, you know your enemy and your weaknesses. But what exactly is that enemy up to, and what are they going to do to take advantage of your vulnerabilities? This is extremely important

for you to understand so you can be prepared for what an attacker may throw at you. Most network attacks fall into these three categories:

Reconnaissance attacks Reconnaissance attacks are unauthorized familiarization sessions that a hacker might use to find out what can be attacked on your network. An attacker on reconnaissance is out for discovery—mapping the network and its resources, systems, and vulnerabilities. This is often just a preliminary task. The information gathered will frequently be used to attack the network later.

Access attacks Access attacks are waged against networks or systems to retrieve data, gain access, or escalate their access privilege. This can be as easy as finding network shares with no passwords. It’s not always serious—many access attacks are performed out of curiosity or for the intellectual challenge, but beware. Some access attacks are really done to nick stuff, while other hackers perform access attacks because they want to play with your toys or use you to camouflage their identity in order to make their dirty work look as though it came from your network!

Denial-of-service (DoS) attacks Denial-of-service (DoS) attacks are always nasty. Their sole purpose is to disable or corrupt network services. A DoS attack will usually either crash a system or slow it down to the point where it’s rendered useless. DoS attacks are usually aimed at web servers and are surprisingly easy to perform. (The next section discusses DoS attacks in more detail.)

But there are many ways—most of them fairly common—to gather information about a network and to compromise corporate information, even to cause the destruction of a corporate web server and services. In particular, there are the three network attacks we just discussed that can cause the most trouble in your system.

TCP/IP teams up with your operating system to provide many weak, exploitable spots (if not outright invitations) into a corporation’s network. TCP/IP and operating system weaknesses are probably the two greatest technology-oriented weaknesses facing corporations today.

Here is a list of the most common attacks on your network:

10 Chapter 1 Introduction to Network Security

When protecting your information from these attacks, it’s your job to prevent the theft, destruction, corruption, and introduction of information that can cause irreparable damage to sensitive and confidential data on your network.

Eavesdropping

Eavesdropping, also known in the industry as network snooping and packet sniffing, is the act of a hacker “listening in” to your system. You wouldn’t believe it, but there’s a really cool product called (surprise!) a packet sniffer that enables its user to read packets of information sent across a network. Because a network’s packets are not encrypted by default, they can be processed and understood by the sniffer. You can just imagine how wonderfully helpful this capability is to the network administrator trying to optimize or troubleshoot a network! But it’s not exactly a stretch to visualize an evil hacker—packet sniffer in hand—using it to break into a network to gather sensitive corporate info, now is it?

And gather they can! Did you know that some applications send all information across the network in cleartext? This is especially convenient for the hacker who’s striving to snag some usernames and passwords and use them to gain access to corporate resources. Yes, my friend, all bad guys need to do is jack the right account information, and they’ve got the run of your network. Worse, if a hacker manages to gain admin or root access, they can even create a new user ID to use at any time as a back door into your network and its resources. Then your network belongs to the hacker—kiss it goodbye!

Simple Eavesdropping

Here is an example of simple eavesdropping that I encountered when I was checking my e-mail. This shows how easy it can be to find usernames and passwords!

Notice in this example that the EtherPeek network analyzer I’m using shows that the first packet has the username in cleartext:

This next packet has the password. Everything seen in this packet (an e-mail address and a username/password) can be used to break into the system:

No TCP Options

POP - Post Office Protocol

Line 1: PASS secretpass<CR><LF>

The username is tlammle1 and the password is secretpass—all nice and clear for everyone’s viewing pleasure.