Tải bản đầy đủ - 0 (trang)
Chapter 44. Security Issues for Wide Area Networks

Chapter 44. Security Issues for Wide Area Networks

Tải bản đầy đủ - 0trang

differentwaysthatyournetworkcanbecompromisedeven

whenusingaverywell-securedfirewall.Atacompanythatthis

authorconsultsfor,arecentvirusattackrequiredover500

man-hourstoresolve.And,allofthiswasdoneinlessthan24

hoursbyadedicatedteamofnetworkprofessionals.Whenyou

considerthenumberofpersonnelinvolved,youcangetanidea

ofthereasonwhyyoushouldtakeproactivemeasuresasbest

youcan.Yet,inanenterprisenetwork,youshouldhaveastaff

thatcanhandlesuchanattack.Theonlywaytoensurethat

youcantakecareofthistypeofsituationisnotjusttohirethe

mostcompetentpersons,butalsotosetasidesomeofyour

budgetforongoingtraining.Thingschange;thingschangeeven

fasterontheInternet.



Note

TheSQLSlammerwormofJanuary2003was

illustrativeofhowfastthingschangeonthe

Internet.Thisworm,capableofinfectingtheentire

Internetwithin15minutes,hasbeencalledthe

Internet'sfirst"Warhol"worm,inreferencetothe

popularAndyWarholquote,"Inthefuture,everyone

willbefamousfor15minutes."Bymostestimates,

theSQLSlammerworminfectedover90%of

vulnerablesystemswithin10minutesofitsfirst

detection.Infectedsystemsdoubledevery8.5

seconds,andafteronly3minutesinthewild,the

viruswasscanning55millionaddressespersecond

lookingforvulnerablemachines.



Becauseofthis,andotherfactorsyouwilllearnaboutinthis

chapter,it'sbesttolearnaboutthemostrecentkindsofattacks

andthenlocateresourcestohelpyoustayawareofthelatest



news.Oneofthemostcommonmisconceptionsaboutfirewalls

isthattheyoffercompleteprotection.However,studiesbear

outthefollowingfacts:

Stayingontopofthelatestdevelopmentsinenterprise

networking,theInternet,andevenaSOHOnetworkcanbe

difficultattimes.Partofthemisconceptionmaystemfrom

thefactthatthetermfirewallhasbecomesomewhatofa

buzzword,implyingthatifsometypeoffirewallisinplace

thenalliswell.Afirewallisnotasingletechnology.

Instead,allbutthesimplestSOHOfirewallsarea

combinationoftechnologies,someofwhichareconstantly

upgraded(suchasthosethatfilterspecificWebsitesor

content).Manyhigh-endfirewallsmustbeupdated

regularly,asnewprotocolorapplicationloopholes,worms,

andvirusesarediscovered.Inasmallcompany,afirewallis

agoodideabutitisnotapanacea.InbothSOHOandlarge

networks,afirewallisnotatotalsolutionforkeepingout

viruses.Thus,inadditiontoafirewall,youshouldalways

useagoodantivirusprogram,andkeepitup-to-date.Ina

largecompanywithastaffoftechniciansmaintaininga

firewall,youcanstillneverbesurethatyouarecompletely

safefromintrusions.Besuretokeepinmindthefollowing

pointsconcerningfirewallsaswell.

Afirewallcan'tprotectyoufromyourowninternalusers.

Firedorlaidoffanyonelately?Doyouhaveanemployee

whowasdissatisfiedwithhislastperformancereview?Do

youhaveanemployeeoremployeeswhoarenottrainedon

aregularbasisaboutcomputersecurity(andbythatI

meanmorethanonceayear)?Youmightthinkthatjust

programmerscanopenbackdoorstoyournetwork.Yet,

perhapstheeasiestwayintoanetworkiscalledsocial

engineeringjusttrycallingupauserandtellinghimthat

youarefromthehelpdeskandneedtousehispasswordto

downloadasoftwareupdate.You'dbesurprised.Or,maybe



youwouldn't.

Manyfirewallsaredifficulttomanage.Youcanneverbe

surewhetheryou'vedoneallyouneedtodotoblock

malicioustrafficattheperimeterofyournetwork.Inan

enterprisenetwork,youshouldconsiderdevotingatleast

oneormorepersonnelexclusivelytomaintainingand

managingafirewall.ForaSOHOnetwork,don'ttakefor

grantedasoftwarefirewall,muchlessacable/DSLrouter

thatusesNAT.Emailattachments,forexample,candefeat

afirewalleasily.Forthesetypesofintrusions,useagood

antivirussoftware(asstatedpreviously)thatexamines

emailsaswellasfilesonyourcomputers'diskdrives.And

besuretousetheupdatesoftwaretocontinuouslystayon

topofnewvirusdefinitions.

Considerafirewalltobeonlythefirstlineofdefense,notthe

onlydefenseyouputupforyournetwork.

Thischapterlooksatsomeofthetypicalproblemsthatcanbe

introducedintoyournetworkfromtheInternetandthenat

resourcesyoucanusetofurthereducateyourselfonthese

topics.







You'veBeenTargeted!

Toooftenyouaretemptedtoputinaquickfixandconsidera

problemsolved.However,inthecomplexmatterofnetwork

security,you'llfindtherearenoquickfixes.Becauseanetwork

iscomposedofmanycomponents,hackers,crackers,and

detractorshavealargenumberofdevicestheycantarget,such

asthese:

RoutersThesedevicesstandattheperimeterofyour

networkandsometimesperformfirewallfunctions.The

mainthingaroutercandoistoblockcertainIPaddresses

orports.Thisisthebasicfunctionperformedbyafirewall.

Routers,though,areeasytargetsformanyreasons.First,a

routerisyournetwork'sconnectiontotheInternet,soit's

directlyexposedtothewholeworld.Second,routing

protocolscanbeabusedwhenhackersdamagetherouting

tableonyourrouter.Whatgoodisarouterifitdoesn't

knowwheretorelaynetworktraffictoandfrom?Youlearn

thisinmoredetaillaterinthischapterwhenyoureadabout

ICMPredirects.Althoughthereisn'talotyoucandoto

protectarouterfromanattackovertheInternet,youcan

takesomestepstomakeitmoredifficultforpotential

intruders.You'lllearnaboutthatsubjectlater,inthesection

titled"ProtectingRouters."Andanotherthingtoconsideris

denial-of-serviceattacks.Becauseyourrouter(s)standat

theperipheryofyournetwork,aconstantstreamof

networktrafficcanbeusedtooverwhelmarouterand

preventyoufromreceivingincomingdata,muchless

sendingdataoutontothenetwork.

HostcomputersServersonyournetworkaresupposedto

providedata,print,email,orotherimportantservicesto

yourusers.Afterahostcomputerhasbeeninfiltrated,

however,theseservicescanbecorruptedormade



unavailable.Ifahackergetspasttherouterorfirewall,the

hostcomputersonyournetworkareusuallythenext

target.Thisisonegoodreasontouseaprivateaddress

spaceontheinternalLANandsaveyourregisteredIP

addressesforusebytheroutersandfirewalldevicesthat

actuallyneedavalidaddressontheInternet.This

techniqueisknownasNetworkAddressTranslation(NAT).

Iftheintruderdoesnotknowtheaddressesofcomputers

onyournetwork,theintruderwillhavemoredifficulty

connectingtothemandcausingtrouble.Asageneralrule,

it'sbesttoalwayshideinformationabouttheconfiguration

ofallcomputersonyourinternalLAN.Ifyoumustcreatea

WebpresenceontheInternet,considerusinga

demilitarizedzone(DMZ)tosegmentpartofyournetwork

thatinterfaceswiththeInternetfromtheinsidenetwork.

FormoreinformationonfirewallsingeneralandusingDMZs,see

Chapter45,"Firewalls."



ApplicationsandservicesThereisagreatdebateonthe

Internetaboutopensourcecode.Onesideofthedebateis

this:Iftheactualcodeforparticularapplicationsisknown,

it'seasierforpatchesormodificationstobemadewhen

somehackerdetectsaloopholeintheapplicationor

service.Theoppositeargumentgoeslikethis:Thebadguys

alsohaveacopyofthecodeandcanspendallthetime

theyneedlookingforvulnerablepartsofthecodethatcan

beusedtotheiradvantage.Whenyouareconsidering

installingmission-criticalsoftwareonaserver,whichshould

youuse?Ican'treallyofferanopiniononthisbecauseboth

sideshavegoodarguments.Ifyouuseaproprietary

programpurchasedfromavendor,canyoudependonthe

technicalsupportstaffofthevendortohelpyouifthe



applicationbecomesatarget?Microsoftandothervendors

regularlypostsecuritywarningsandpatches.Doyouinstall

them?

Youmustpickyourvendorscarefullyforexample,whatis

theresponsetimewhenyouplaceaservicecallforaminor

issue?Canyoucountonvendorsupportinanemergency,

orwouldyouratherhavetheopensourcecodesothatyour

ownstaff(andothersaroundtheworldwhousethesame

code)canimmediatelybegintryingtoplugtheloophole?

FirewallsYes,becausemostcommercialfirewallproducts

arewelldocumented,theycanbecompromisedby

someonewhostudieswhattheyprotect,andhowthe

firewalldoesit.Notallfirewallsusethesametechniques.

Nosinglefirewallwilleverprotectyoufromeverythreat

fromtheInternet.Askilledstaffofprofessionals,however,

canhelpyoumitigatethethreatsthatdogetpastyour

firewall.

YournetworkIfyou'rethesortofpersonwhoenjoys

causingproblemsforotherpeople,attackingtheentire

networkisprobablygoingtogiveyoumorepleasurethan

goingafteronlyafewhostcomputersorapplications.Think

ofhowexpensiveitistoalargecompanysuchaseBay,

CNN,orMicrosoftwhentheirnetworksaretakenofflinedue

toanattack.Ifahackercandisableyourentirenetwork,

thedamagedonecanbecomequiteexpensive.

Usually,anattackisnotasclearlydefinedasindicatedhere.

Instead,manyattacksaresophisticatedcombinationsofseveral

ofthepreviouslydescribedvarieties.







ComputerViruses,TrojanHorses,andOther

DestructivePrograms

Computerviruseshavebeenaroundforalongtime.Theseare

programsthattravelfromonecomputertoanother,using

variousmethods,suchasprogramsthatarenotwhatthey

appeartobe.SharewaredownloadedfromtheInternetisa

popularmethodforspreadingviruscode.Youreallyshould

seriouslyenforceapolicyforanyprogramsthatareinstalledon

anycomputerinyournetwork.Evensoftwareapplicationsfrom

aknownvendorshouldbetestedvigorouslyinalaboratory

settingbeforebeingdeployedonhostcomputersinthe

network.Shareware,ofcourse,shouldbeevaluatedmuchmore

closely.Regardlessofanypolicyyoudecidetoimplement,it

shouldbeclearthatvirusesareparticularlydangerousand

sometimestrickytoavoid.Theuseofantivirussoftwareisa

mustandshouldberequiredprotectiononanysizenetwork

whereinfiltrationanddatadestructionisundesirableandthat

includesjustabouteverynetwork,doesn'tit?



Note

Thetermvirusisusedlooselyinmanypublications,

aswellaswithinthisbook,andismeanttoinclude

Trojanhorses,worms,andothersoftwarethatcan

damageyournetworkordata.However,thereare

somedistinctionsthatwillbedetailedinthe

followingsections.Keepinmindthattheuseof

antivirussoftwareappliestoalltypesofmalicious

codeandmustberegularlyupdatedduetothewide

varietyofoffendingprogramsandtheregularitywith

whichtheyarecreatedandspread.



Trojanhorsesareprogramsthatanintruderplantsononeor

moreserversinyournetwork.Ifyouhavethesetypesof

programs,theycanbedifficulttodetect,becausemanyusethe

samefilenameasafilethatisalreadypartofyouroperating

systemorapplicationsoftware.TheTrojanhorseprogramis

activatedbysomespecificevent,suchasthearrivalofacertain

date,orbyauserrunningaprogramthathasbeenreplacedby

theTrojanhorse.Thislattertacticisverypopular.Some

programsarenotwhattheyappeartobe.

Wormsareusuallyconsideredtobeself-propagatingprograms

thattravelthroughemailaswellasbyothermeans.Aworm

willreplicateitselfbysendingcopiesofthesoftwaretoallor

mostoftheaddressesinyouremailaddressbook.Aworm

travelsthroughtheInternetveryquicklybecauseofthisaspect

ofitsreplication.Thesolution?Don'topenemailattachments

unlessyouhaveagoodantivirusprogram(whichyouhavekept

up-to-date).Afteryouopenanemailthatcontainsaworm

virus,allheckcanbreakloose,andthefriendsinyouraddress

bookwillnotbeinclinedtothinkverywellofyou!

Othertypesofdestructiveprogramscanattackyournetwork.

Thisisthecaseinadenial-of-serviceattack.Theperpetrators

neverhavetointrudeintoyournetwork.Instead,theyuseone

ofseveralmethods(whichwe'lltalkaboutinjustaminute)to

sendmassiveamountsofnetworktraffictoyournetworkrouter

orserver.Theserverorrouterbecomesoverwhelmedandcan

nolongeroperateefficiently.Otherdenial-of-serviceattacks

targetspecificresources,suchasserversorapplications.



TrojanHorsePrograms

Trojanhorsesareprogramsthatareplantedsomewhereinyour

networktowaitforasignalbeforespringingintoaction.After



hackershavegainedentrytoaserverinyournetwork,theycan

easilyplantaprogramandthenruntheprogram,atatime

theychoose.Theprogramcanlistenonaselectedportwaiting

forasignal.Theprogramcanwaituntilacertaintimehas

passed.Manymethodsareusedtotriggersuchaprogram.

Whenthesignalortimecomes,theTrojanhorsedoesits

destructivechores.Oneofthemostcommontechniquesfor

hidingtheseprogramsistogivethemthesamenameassome

othercommonprogramonthecomputer.Indeed,someTrojan

horsesarenothingmorethanmodifiedversionsofastandard

operating-systemfile.Sowhatappearstobeonethingmight

besomethingentirelydifferent.Asmentionedearlier,aTrojan

horseprogramalsocanbeactivatedbyothermeans.Themain

differencebetweenaTrojanhorseprogram(oraworm)anda

computervirusisthatthevirusisusuallyactivated,doesits

damage,andthenattemptstoreplicateitselfbysomemeans,

suchasmailingitselftoeveryoneinyouraddressbook.Trojan

horsesaremorelikebombswaitingtogooff.



ComputerViruses

Computervirusescomeinallsortsofvariations.Theyhave

beenwreakinghavoconcomputersevenbeforetheInternet

becamecommercial.BeforetheInternetexplodedintothelarge

networkitistoday,bulletinboardserviceswereapopular

methodforexchangingfiles,suchassharewareprograms.

Avirusprogramusuallyisdistinguishedbytwofeatures.First,

thevirusreplicatesitselfsothatitcanbespreadtoother

computers.Themethodoftransportcanbeafloppydiskthat

hashaditsbootsectorcodemodified,oritcanbeamacrovirus

thatcomesaspartofanemailattachmentthatusesthe

Internetemailsystemtomoveabout.Second,avirususuallyis

createdtodosomethingdestructive,suchaswipingoutthe

contentsofaharddiskordamagingsomeothersystem



resource.However,thissecondfeatureisnotalwayspresentin

acomputervirus.Somevirusessimplydisplayasillymessage

onthescreentolettheuserknowhe'sbeenhit,andthenthey

donofurtherdamage.

Anotherthingtokeepinmindisthatavirushastwofunctions.

First,itneedstobetransportedtoanothercomputertoinfect.

Second,itrequiresamechanismtoaffectthesystem.Inmany

casestheseareimplementedastwoseparatefunctions.The

transportmechanismdoesjustwhatitsays:Itfindsamethod

(suchasemail)togettheentireviruspackagetoanother

system(suchasbyusingyouraddressbooktoemailitselfto

others).Thenanotherpartofthevirusperformssomeactionon

yourcomputer.Thiscanrangefromamaliciousaction,suchas

deletingfiles,toaninnocuousone,suchassimplypresentinga

funnymessageonyourscreen.Theimportantthingto

rememberisthatvirusesarebecomingsimilartoworms,in

thattheyprovideamechanismtopropagatethemselves,as

wellastocauseharmtoyourcomputerornetwork.

Nowitseemsthatmostvirusesaredestructive,soyoushould

alwaysuseantivirussoftwareoncomputersinyournetwork.

Althoughdeployinganantivirusapplicationonseveralhundred

orseveralthousandcomputerscanbeexpensive,especially

whenyouconsiderthatyoualsomustpayforupdatesfromthe

vendor,theamountofdamagevirusescancauseifyoudoget

hitgreatlyjustifiesthiscost.Inanenterpriseenvironmentyou

canusuallygetalargediscountforantivirussoftware.Forsome

packages,youcansimplypurchaseonecopyforasmall

network,andthencreatefilesharesforeachdiskona

computerandconfiguretheantivirussoftwaretocheckalldisks

aswellasfileshares.

Manysmallnetworkoperatorsinstallagoodantivirussoftware

packageandschedulethesoftwaretorunonaninfrequent

basis,suchasonceweekly.Ifyouareusingthesoftwarefora

homeenvironmentwherethelossofdataisinsignificant,that

mightbeagoodsolution,especiallyifyouhaveaslowInternet



connection.However,ifyouareoperatingabusinessfromhome

(SOHO),Isuggestthatyouruntheantivirussoftwaredaily.You

canschedulemostproductstorunatnightwhenyouarenot

usingthenetwork.Ialsorecommendthatyouuseanyupdate

softwareonthesamedailybasis.Virusesarenotpickythey

don'tappearontheInternetonjustaweeklybasis.Theycan

findtheirwayintoyournetworkanytimeevenonadailybasis.

Ifyouschedulesoftwareupdatesandvirusscanstorunatoffpeakhoursforyournetwork,youmightjustfindthatyouhave

avoidedthelatest,greatestnewvirus.



Tip

Can'tdecidewhichantivirussoftwaretobuy?Visit

www.symantec.comandclickonDownload.Thereare

severalproductsyoucandownloadandusefora15daytrialperiod.You'llfindhereatrialversionof

Nortonantivirussoftware.Youcanalsodownloada

trialversionofMcAfee'sVirusScansoftwareat

www.mcafee.com.ClickonDownload,andthenthe

Evaluatebuttonnexttotheproductversionyou

wanttoevaluate.Thesearethetwomostpopular

productssoldincomputerstorestoday.Aquick

searchoftheInternetwillbringupmanymore

antivirussoftwarepackages.Twoimportantfactors

formostsoftwareapplicationsareease-of-useand

support.Considersupporttobethemostimportant

factorwhenchoosinganantivirusproduct.The

companyshouldbeoneyoucancontactviathe

telephoneshouldanemergencyarise,andone

whoseproductenablesyoutodownloadupdates

frequently.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 44. Security Issues for Wide Area Networks

Tải bản đầy đủ ngay(0 tr)

×