This section explores networking fundamentals and various network-related vulnerabilities and mechanisms provided for securing networks like firewalls, IDS/IPS, and Virtual Private Networks.
Chapter 9, “Understanding Networks and Network Security,” introduces networking fundamentals, including the components of basic communication and computer communication. A network connects two or more computers to communicate with each other or for the exchange of information among the systems. Networking is the sharing of resources within the network. Data communication and computer networking go hand in hand. Data communication is the exchange of information across a medium, and networking is the connecting of two devices to facilitate the exchange of information from one system to another. When computer devices are connected in a network for communication, it consists of the following components: Message, Host, Receiver, Medium, and Protocol.
Then we discuss various network topologies, such as bus topology, ring topology, star or Y topology. We also discuss local area networks, wide area networks, metropolitan area networks, and the concept of internetworking. We then elaborate upon the OSI Seven Layer Model in detail, including the functions and working of various layers viz. Layer 7: Application Layer, Layer 6: Presentation Layer, Layer 5: Session Layer, Layer 4: Transport Layer, Layer 3: Network Layer, Layer 2: Data Link Layer, Layer 1: Physical Layer and the protocols used/supported by each layer. We then explore the TCP/IP Model with the functions and protocols of each layer (i.e., Application Layer, Transmission Control Protocol (TCP) Layer, Internet Protocol (IP) Layer, and Network Access Layer). We then discuss the differences between the OSI and TCP/IP Models. We then explore the network vulnerabilities and threats under three categories: Security Policy Weaknesses, Technology Weaknesses, and Configuration Weaknesses. We then describe each network-related attack, including Denial of Service (DoS) and Distributed Denial of Service (DDoS) and under that Ping of Death, TCP SYN Flood Attack, e-mail Bombs, Tear Drop, and Smurf Attacks. Then we look into other network attacks like Masquerade/Spoofing Attacks, HTTP Tunneling, SSH Tunneling, Session Hijacking, and Attacks on Network Equipment. Then we discuss the ways in which we can counter the network attacks.
Chapter 10, “Firewalls,” first defines firewall in the real world as a means to build protection from fire with the intention to slow the spread of the fire through a structure. Next, we apply the same concept to a network. A network firewall is intended to stop unauthorized users from accessing the network and services from other outside networks. The most common deployment of firewalls is between an organization’s trusted network and an untrusted network, typically the Internet. The Internet Service Provider (ISP) connection usually terminates at a border router and then connects to a firewall.
We describe basic firewall functions like packet filtering and application level proxy. We then explain that packet filters usually permit or deny network traffic based on the following criteria: source and destination IP addresses; protocol, such as TCP, UDP, or ICMP; source and destination TCP or UDP port addresses; flags in the TCP header – ACK, CLOSE, and SYNC; IP fragmentation flag; direction of the packet – inbound or outbound; and physical interface. We then explain the packet filtering firewalls. A packet filter firewall is
configured with a set of rules which define when to accept or deny a packet. When the firewall receives a packet, the filter checks the rules defined against IP address, port number, protocol, and so on. If the rule matches, then the packet is accepted or rejected in the network, depending on the rule.
We then discuss the advantages and disadvantages of packet filtering firewalls and Stateful Packet Filtering. We then explain how Application Level Gateways (ALG) inspect packets all the way up to the application layer and determine whether a packet is allowed or denied. It gives higher security than packet filtering, as the inspection is done all the way up to the application. However, this takes more CPU processing time and requires knowledge of application protocol. An Application Level Gateway runs independently, copies and forwards information across the gateway, and functions as proxy server. It prevents a direct connection between a trusted server or client and an untrusted host. The proxies are application specific. Any new application that comes to the market needs to be informed to the application proxy; otherwise rules may not get executed on this application. It sits between a network firewall and trusted host. It can filter packets at the application layer. We then describe best practices for firewalls and how firewalls can be audited to understand their effectiveness.
Chapter 11, “Intrusion Detection and Prevention Systems,” defines Intrusion in layman’s language as, “Unwanted or unauthorized interference.” As it is unwanted or unauthorized, it is normally carried out with bad intentions. The intention of such intrusions is to collect information related to the organization, such as the structure of the internal networks, operating systems, tools/utilities, and software applications used by the organization, and initiate connections to the internal network to carry out the attacks. Intrusions are normally perpetrated by outsiders, but intrusions by internal authorized persons carrying out attacks by the misuse of their authorization, or by internal authorized persons by going beyond the official parameters of their authorizations, are also possible and need to be protected against.
An Intrusion Detection System (IDS) is a hardware/software combination that detects intrusions into a system or network. An Intrusion Detection System (IDS) complements firewalls by providing thorough inspection of packets’ headers and their contents, thus protecting against attacks that a firewall might otherwise perceive as benign network traffic. An Intrusion Detection System (IDS) inspects each and every packet’s content traversing the network to detect any malicious activity. Every packet is peeled all the way to the “data content” component, and its data content is inspected for malicious activity; if it is found to be harmless, it is reassembled and sent. This makes IDS very process intensive when compared to firewall. We then describe the four important aspects of the results of IDS monitoring: false positives, false negatives, true positives, and true negatives.
We then cover the two types of IDS–host-based and network-based–and the pros and cons of both. Intrusion Detection and Prevention Systems detect intrusions through the following mechanisms: signature-based detection, anomaly-based detection, or stateful protocol analysis. We then explain how each of these mechanisms works and discuss the architecture of IDS/IPS and describe each of its components: a hardware appliance, management console, a database, and connectivity to network management consoles, including signature update server. We then discuss the types of attacks IDPS are able to detect and prevent. We then explore the typical responses by IDPS, like Block or Deny the packet, Reset connection, Dropping the packet, and Reconfigure firewall. We then describe various modes, like passive mode and active mode, in which the IDPS can be deployed.
Chapter 12, “Virtual Private Networks,” starts with a discussion of the business case for using Virtual Private Networks (VPNs). A VPN is a private network (similar to a leased line), but uses the public network (Internet) to connect to remote sites. VPN creates a “virtual” tunnel connection routed through the Internet from the company’s trusted network to the remote office or to a mobile work force. With VPN, you can send data via a public network that emulates a private link between two parties or two networks. Then we discuss the advantages of VPN like cost savings, smooth and seamless integration, secure remote access, extranet connections, and low maintenance. We then describe types of VPNs based on the types of communications supported, namely, Remote Access (Host to site) and Site to site. Within site to site VPNs, we again explore two more types: intranet based VPNs and extranet based VPNs.
We also explain Host to Host VPNs. We then explore the characteristics VPN protocol architecture should support including viz. tunneling, data authentication and data integrity, anti-replay services, and data encryption. We then list various protocols which support VPNs. We then explain in detail each of the following protocols: PPTP, L2TPv3, GRE, and IPSec.
Chapter 13, “Data Backups and Cloud Computing,” introduces the idea “availability” as one of the important aspects of information security. Data Backups are the first line of defense against system crashes, corruption of data, exploits leading to data integrity issues, accidental loss of data, or loss of data due to mistakes. Data Backups stem from the fact that the disks on which the data is stored are prone to failures and can lead to a single point of failure. Data Backups provide for continued operation by effective restoration of data and assured continued availability of the systems. Cloud computing has brought in new avenues of hope for low cost usage of applications, to low cost application development and deployment possibilities, to low cost infrastructure acquisition. The cloud computing phenomenon has also elevated issues related to security and privacy. We then explore the need for Data Backups by citing some of the examples which show how data backups protect us from availability and integrity issues. We then explore types of backups, such as online backups, near-line backups, offline backups, full backups, incremental backups, differential backups, onsite-backups, offsite backups, highly automated backups, scheduled and automated backups, and manual backups. Then we looked into various RAID levels.
We then explore other fault tolerance mechanisms like Server Clustering, Electronic Vaulting, Remote Journaling, and Server Mirroring. We then describe the role of storage area networks in providing backups and disaster recovery. Then we discuss how cloud infrastructure helps in backup strategy and database backups. We then explore various backup and restoration strategies. We then list some of the security considerations related to backups and then explore some inherent issues related to backups and restoration, as well as best practices related to backups and restoration.
Cloud computing allows the use of third party applications, platforms, and infrastructure under a pay as you use model. This affords the flexibility to increase or decrease usage depending on organizational necessities. Outright benefits are that you need not make a huge upfront investment to build infrastructure or purchase development applications or tools. The beauty of cloud computing is that the users can access services from the cloud using their web browsers or thin clients or even equipment like smartphones and tablets.
Most corporations who fight their competition for better market share, who have lots of confidential proprietary or intellectual property rights information or are highly innovative, for whom the integrity of data is of prime importance cannot accept cloud computing in its current form. The risks related to security and privacy issues–including confidentiality, integrity, authenticity, authorization, privacy, and availability–need to be weighed against the benefits cautiously. Exposure of cloud infrastructure, platforms, and applications to different current and potential threats has to be analyzed and weighed against the benefits. Then we explain three service models: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
We then explain the four deployment models: Private Cloud, Public Cloud, Community Cloud, and Hybrid Cloud. Then we explore the benefits of cloud computing like Upfront Capital Expenditure (CAPEX) versus Pay as you use Operational Expenditure (OPEX); Elasticity or Flexibility, Reduced need for specialized resources and maintenance services; On Demand Self-Service Mode versus Well Planned Time Consuming Ramp Up; Redundancy and Resilience versus Single Points of Failure; Cost of traditional DRP & BCP versus the DRP & BCP through the Cloud Environment; Ease of use on the Cloud Environment. Then we look into the important enablers of cloud computing like the Internet, Network Bandwidth and Reliability, Server Virtualization, cheaper and more reliable equipment, Standardization, and Advancement in Technology.
We then explore the main security and privacy concerns in the cloud computing, namely Compliance, Lack of Segregation of Duties, Complexity of Cloud Computing Environment, Shared Multi-tenant Environment, Internet and Internet Facing Applications, Control of the Cloud Consumer on the Cloud
Environment, Types of Agreements related to Service Levels, Privacy etc. with the Cloud Provider, Data Management and Data Protection, Insider Threats, Security Issues on account of multiple levels, Physical security issues related to Cloud Computing environment, Cloud Applications Security, Threats on account of Virtual Environment, and Encryption and Key Management. We then describe some of the mechanisms that can address security and privacy concerns in a cloud computing environment, like Understand the Cloud Computing environment and protect yourself, Understand the Technical Competence and segregation of duties of the Cloud Provider, Protection against Technical Vulnerabilities and Malicious Attacks, Regular Hardening and Appropriate Configurations of the Cloud Computing Environment, Data Protection, Encryption, Good Governance Mechanisms, Compliance, Logging and Auditing, Patching/ Updating, Application Design & Development, Physical Security, Strong Access Controls, Backups, and Third Party Certifications/Auditing.