To keep the thief out, you could post security signs all around your house and install a home alarm. He might not know if you really have ABC Surveillance active monitoring— as the signs say—but he might not want to risk it and go away looking for an easier target to hit. In the world of computer security, encryption acts like your home alarm and moni- toring software, alerting you (or your monitoring company) to potential problems when they arise.
The teenagers are just wanting to do damage anywhere, and your house is as good as the next one. Installing motion lights above the doors and around the side of the house is really all you need to make them drive farther down the road. In the world of computer security, good passwords—and policies that are enforced—will keep these would-be intruders out.
The homeless also have no particular affection for your home as opposed to the next. You can keep them out by using locks on your doors and windows and putting a fence around your yard. If they can’t get in the fence, they can’t approach the house, and if they do manage that, they are confronted by the locks. Firewalls serve this purpose in the world of computer security.
The neighbor just made a legitimate error. That happens. I once went into the wrong per- son’s tent when camping because they all look the same. To make yours look different, you can add banners and warnings to the login routines stating, for example, that this is ABC server and you must be an authorized user to access.
This leaves the hit man. He has been paid to do a job, and that job entails gaining access to your home. No matter how good the locks are on your house, no matter how many motion lights you put up, if someone’s sole purpose in life is to gain access to your house, they will find a way to do it. The same is true of your server. You can implement measures to keep everyone else out, but if someone spends their entire existence dedicated to get- ting access to that server, they will do it if it entails putting on a heating and air condition- ing uniform and walking past the receptionist, pointing two dozen computers to hashing routines that will crack your passwords, or driving a tank through the side of the building. Your job is to handle all the reasonable risks that come your way. Some, however, you have to acknowledge have only a very slim chance of ever truly being risks, and some, no matter what precautions you take, will not go away.
Introducing Auditing Processes and Files
Most systems generate security logs and audit files of activity. These files do absolutely no good if they aren’t periodically reviewed for unusual events. Many web servers provide message auditing, as do logon, system, and application servers.
94 Chapter 2 N Identifying Potential Risks
The amount and volume of information these files contain can be overwhelming. You should establish a procedure to review them on a regular basis.
A rule of thumb is to never start auditing by trying to record everything because the sheer volume of the entries will make the data unusable. Approach auditing from the opposite perspective: Begin auditing only a few key things, and then expand the audits as you find you need more data.
Audit files and security logs may also be susceptible to access or modification attacks. The files often contain critical system information, including resource sharing, security status, and so on. An attacker may be able to use this information to gather more detailed data about your network.
In an access attack, these files can be deleted, modified, and scrambled to prevent system administrators from knowing what happened in the system. A logic bomb could, for example, delete these files when it completes. Administrators might know that something happened, but they would get no clues or assistance from the log and audit files.
You should consider periodically inspecting systems to see what software is installed and whether passwords are posted on sticky notes on monitors or keyboards. A good way to do this without attracting attention is to clean all the monitor faces. While you’re cleaning the monitors, you can also verify that physical security is being upheld. If you notice a password on a sticky note, you can “accidentally” forget to put it back. You should also notify that user that this is an unsafe practice and not to continue it.
You should also consider obtaining a vulnerability scanner and running it across your network. A vulnerability scanner is a software application that checks your network for any known security holes; it’s better to run one on your own network before someone outside the organization runs it against you. One of the best-known vulnerability scanners is Nessus.
Summary
This chapter focused on the types of attacks you’ll encounter and your network’s vulnerabilities: Types of attack Û N TCP/IP Û N Malicious code Û N Social engineering Û N
Denial of service, distributed denial of service, back door attacks, spoofing attacks, man-in-the-middle attacks, and replay attacks are all types of attacks you may encounter. Each takes advantage of inherent weaknesses in the network technologies most commonly used today.