IP networks are susceptible to unsecured intruders using a variety of different methods to gain entry. Through the campus, by dialup, and through the Internet, an intruder can view IP data and attack vulnerable network devices.
IP networks must provide network security for the following reasons:
■ Inherent technology weaknesses—All network devices and operating systems have inherent vulnerabilities.
■ Configuration weaknesses—Common configuration mistakes can be exploited to open up protocol weaknesses.
■ Network policy vulnerabilities—The lack of a network policy or an incomplete network policy can lead to vulnerabilities, such as poor password security.
■ Outside/inside intruders—Unfortunately, you must assume that there are internal and external people who want to exploit your network resources and retrieve sensitive data.
Every IP network architecture should be based on a sound security policy that is designed to address all of these weaknesses and threats. This sound security policy must be in place before remote access to the network is allowed. Network vulnerabilities must be constantly sought out, found, and addressed, because they define points in the network that are potential security weak points (or loopholes) that can be exploited by intruders or hackers.
Technologies such as TCP/IP, which is an open and defined standard, allow intruders to devise programs that send IP packets looking for responses and intruders can act on them. Counter-measures can be designed and deployed to secure and protect a network.
Intruders are typically individuals who have a broad skill set. Intruders may be skilled in coding programs in Java, UNIX, DOS, C, and C++. Their knowledge of TCP/IP may be exceptional, and they may be have extensive experience in using the Internet to search for security loopholes. Sometimes, the biggest security threat comes from within an organization, particularly disgruntled former employees who may have access to usernames and passwords.
An intruder's motivation may be based on any number of reasons, which makes any network a possible target:
■ Cyber terrorism
■ Challenge, to gain prestige or notoriety
■ Curiosity, to gain experience, or to learn the tools of trade
■ Hacktivism, to gain an advantage or notoriety for an organization's ideology
Countermeasures against protocol or application vulnerabilities ensure that a policy, procedure, or specific technology is implemented so that networks are not fully exploited. A countermeasure against any particular vulnerability ensures that that vulnerability is not exploited.
The ever-changing nature of attacks is another major challenge facing network administrators. Intruders today are well organized and trained, and Internet sites are easy targets and offer low risk to intruders. The tools used by intruders (see "Vulnerabilities, Attacks, and Common Exploits," later in this chapter) are increasingly sophisticated, easy to use, and designed for large-scale attacks.
Now that you are aware of some of the reasons a network must have a sound security policy and some of the motives intruders (hackers) may have to exploit a poorly designed network, consider some of the standards bodies that are designed to help network administrators fend off intruders.
Was this article helpful?