Exploring Security Fundamentals
A “secure network” is a moving target. As new vulnerabilities and new methods of attack are discovered, a relatively unsophisticated user can potentially launch a devastating attack against an unprotected network. This section begins by describing the challenges posed by the current security landscape. You will learn about the three primary goals of security:
confidentiality, integrity, and availability.
This section also explains traffic classification and security controls. You will learn how to respond to a security violation and consider the legal and ethical ramifications of network security.
Why Network Security Is a Necessity
Network attacks are evolving in their sophistication and in their ability to evade detection.
Also, attacks are becoming more targeted and have greater financial consequences for their victims.
Types of Threats
Connecting a network to an outside network (for example, the Internet) introduces the possibility that outside attackers will exploit the network, perhaps by stealing network data or by impacting the network’s performance (for example, by introducing viruses).
However, even if a network were disconnected from any external network, security threats (in fact, most of the probable security threats) would still exist.
Specifically, according to the Computer Security Institute (CSI) in San Francisco, California, approximately 60 to 80 percent of network misuse incidents originate from the inside network. Therefore, although network isolation is rarely feasible in today’s e-business environment, even physical isolation from other networks does not ensure network security.
Based on these factors, network administrators must consider both internal and external threats.
Internal Threats
Network security threats originating inside a network tend to be more serious than external threats. Here are some reasons for the severity of internal threats:
¦ Inside users already have knowledge of the network and its available resources.
¦ Inside users typically have some level of access granted to them because of the nature of their job.
¦ Traditional network security mechanisms such as Intrusion prevention Systems (IPS)and firewalls are ineffective against much of the network misuse originating internally.
External Threats
Because external attackers probably do not have intimate knowledge of a network, and because they do not already possess access credentials, their attacks tend to be more technical in nature. For example, an attacker could perform a ping sweep on a network to identify IP addresses that respond to the series of pings. Then, those IP addresses could be subjected to aport scan , in which open services on those hosts are discovered. The attacker could then try to exploit a known vulnerability to compromise one of the discovered services on a host. If the attacker gains control of the host, he could use that as a jumping-off point to attack other systems in the network.
Fortunately, network administrators can mitigate many of the threats posed by external attackers. In fact, the majority of this book is dedicated to explaining security mechanisms that can defeat most external threats.
