Network Security

Network security has probably been one of the least considered aspects of network operation and design. As enterprise networks evolve, it has become an increasingly larger concern. Is this concern justified? The answer is a resounding yes—and the concerns are probably late in coming.

The Computer Security Institute conducts an annual Computer Crime and Security Survey. In 2002, the Institute reported that 90% of the companies polled detected computer security breaches within the last 12 months, and 80% acknowledged financial losses due to these breaches.

These are some staggering statistics. For example, most companies do not acknowledge such breaches unless they have to; it makes stockholders and employees nervous. Furthermore, not all attempts were detected, and for 80% of companies to have incurred some financial loss, the breaches were successful!

Financial losses are now being reported in the tens of billions of dollars, which is larger than the gross national product of many nations. When considered this way, you can easily see why people have dedicated their lives to computer theft. Network security must be an integral part of the design of every aspect of your network from the beginning and always.

When most people talk about network security, they mean ensuring that users can only perform tasks they are authorized to do, can only obtain information they are authorized to have, and cannot cause damage to the data, applications, or operating environment of a system.

The word security connotes protection against malicious attack by outsiders. Security also involves controlling the effects of errors and equipment failures. Anything that can protect against a deliberate, intelligent, calculated attack would probably prevent random misfortune as well. While many people do have a sort of instinctive reaction that security is oriented to keeping out "the bad guys" from outside, there have been several studies that have identified the greater risk as being inside (and probably more often the result of innocent mistakes than malicious actions).

The question that is applicable to this chapter is "Are security breaches occurring in the wide-area portion of your network as well?"

This is possible and becoming more widely publicized. When this book was going to press, you could not download any versions of Cisco IOS Software without seeing a warning about security issues. Visit the following website to see the extensive list of security issues for Cisco equipment as documented by the Cisco Product Security Incident Response Team advisories:

Every networking equipment manufacturer, network protocol, user, and service provider has security problems. Consider the following two examples.

First, with today's technologies, a cyber-thief could put a PC running sniffer software with a cellular telephone and modem on a circuit. This is easier than you think if you consider the miles of accessible physical cabling (copper, fiber, and so on) that stretch across the United States. However, given the upsurge in wireless technology, access can also be gained through wireless connections.

The second most obvious network protocol example is SNMP. If you had the SNMP community string, every SNMP-manageable device would allow the cyber-thief read/write access. You should deal with a reputable vendor, such as Cisco, that has an open disclosure policy of identified and corrected security breaches so that you can react accordingly. The alternative is to use a vendor that does not share the holes in its equipment. You are only protected until a cyber-thief decides that he wants access.

Because network security is such a broad topic, this chapter does not delve too deeply into any single area. Everyone concerned with this subject must be aware of how security must be stretched across every network.

0 0

Post a comment