Introduction to VPNs
Long gone is the time when corporate networks were separate isles of local connectivity. Today, most networks are connected to each other by the Internet. Issues of protecting the local networks from Internet-based crime and intrusion are being solved by firewalls, intrusion detection systems, anti-virus software and other security investments. However, business is increasingly often being done across the Internet as a means of efficient and inexpensive communication.
As we all have learned the hard way, not all parts of the Internet can be trusted in our time. Private interests as well as corporate communication requirements necessitate a means for data to be able to travel across the Internet to its intended recipient without allowing anyone else to read or alter it. It is equally important that the recipient can verify that no one is falsifying information, i.e. pretending to be someone else.
VPNs, Virtual Private Networks, provide a very cost efficient means of establishing secure links to parties that one wishes to exchange information with in a secure manner.
VPNs vs Fixed Connections
Using leased lines or other non-public channels to exchange data between organisations is not a new concept. It has been done since the first computers began talking to each other. In the beginning, communication was limited to local area communication links, but in time, people were finding reasons to have their computers exchange information across greater distances.
Fixed connections are usually very reliable as far as uptime and available bandwidth is concerned. They are also fairly secure, as long as no one attacks the telephony infrastructure or digs your optical fibres out of the ground and attach their own equipment to it.
Fixed long-distance connections, provided that suitable security measures are taken, may be considered "Private Networks".
However, fixed channels of communication are just that: fixed. If you hire a fixed connection between company A and B, you only allow communication between companies A and B.
If several organizations would want to communicate with each other in all directions, separate fixed connections between all organisations would be needed. Such situations quickly escalate beyond all manageability and cost efficiency:
Two organizations only require one connection.
Three organizations require three connections.
Five organizations require ten connections.
Seven organizations require twenty-one connections.
Ten organizations require fourty-five connections.
100 organizations require 4 950 connections.
One could argue that maybe some communication could be done by the way of intermediates. If I wish to talk to company B, maybe I can send my data to company C that has a link to company B? That way I don't have to have a link to company B of my own?
In some cases, and in a small scale, this may work. On the other hand, it may not work at all even if it is on a manageable scale. Consider a company that sells a product to ten customers who all compete with each other.
- Would any one of them accept that their orders and delivery confirmations travel through the hands of one of their competitors?
- Hardly.
Another solution is required.
From a connectivity and security perspective, Virtual Private Networks may still be viewed as "fixed connections" in that they do provide connectivity between two or more organizations. This is a fact that does not change even though cryptography is deployed to implement the "Virtual" side of the "Private Network".
Cryptography and Authentication : VPN Basics
Cryptography provides a means to create "Virtual Private Networks" across the Internet with no additional investments in cables, leased lines or other connectivity.
Cryptography is an umbrella expression covering three basic techniques and benefits:
• Confidentiality ?no one but the intended recipients is able to intercept and understand the communication. Confidentiality is accomplished by encryption.
• Authentication and Integrity ?proof for the recipient that the communication was actually sent by the expected sender, and that the data has not been modified in transit. This is accomplished by authentication, often by use of cryptographic keyed hashes.
• Non-repudiation ?proof that the sender actually sent the data; the sender cannot later deny having sent it. Non-repudiation is usually a benign side-effect of authentication.
VPNs are normally only concerned with confidentiality and authentication. Non-repudiation is normally not handled at the network level but rather on a transaction (document-by-document) basis.
The following sections explain how encryption works, how it is used in VPNs to provide confidentiality, and how authentication is used to provide integrity.
Wednesday, July 22, 2009
What are the threats and vulnerabilities ?
threats to computers and networks have been an issue since computers began to be used widely by the general public. Nowadays, any computer or network that is connected to the Internet is at risk. CERT (the Computer Emergency Response Team funded by Carnegie Mellon University) cautions that:
"Intruders form groups and develop scripts that they share with each other on how to maliciously exploit vulnerabilities in systems. Intruders dedicate time to developing programs that exploit vulnerabilities and to sharing information. They have their own publications, and they regularly hold conferences that deal specifically with tools and techniques for defeating security measures in networked computer systems." The CERT/CC and the Internet Community
Breaches in library computer security are normally caused unintentionally by curious and persistent users—and sometimes intentionally by knowledgeable and malicious hackers. These threats are made more possible by software that has been installed improperly, software code that has inherent flaws (bugs), or insecure procedures.
Basic Types of Threats
Basic types of attacks include:
• Probes and scans - attempts to gain access or discover information about remote computers
• Account compromise - discovery of user accounts and their passwords
• Packet sniffing - capturing data that is sent across a network; the data can contain sensitive information like passwords
• Denial of service - flooding a network with requests that can overwhelm it and ultimately make a computer slow down or ultimately crash
• Malicious code - Trojan horses, worms, viruses
• Spoofing - making a computer look like a "trusted computer"
Probes and Scans
A probe is characterized by unusual attempts to gain access to a system or to discover information about the system. One example is an attempt to log in to an unused account. Probing is the electronic equivalent of testing doorknobs to find an unlocked door for easy entry. Probes are sometimes followed by a more serious security event, but they are often the result of curiosity or confusion. A scan is a way of performing multiple probes using an automated tool. The most common kind of scan is a "port scan." This kind of scan queries for listening ports on a remote computer. Scans are often a prelude to a more directed attack on systems that the intruder has found to be vulnerable.
Account Compromise
Account compromise is the discovery of user accounts and their passwords on a system. It allows an unauthorized user to gain access to all resources for which that user account is authorized. An account compromise might expose the victim to serious data loss, data theft, or theft of services. Limiting the amount of user accounts that have root-level access or administrative privileges minimizes potential damage; however, access to a user-level account is often an entry point for greater access to the system.
One kind of compromise better known to UNIX systems is called a root compromise. Traditionally, the administrative account for UNIX systems is called "root." Not only is it a user name, but it refers to the highest level directory on a server. If an account has root level access, it usually has access to the entire system. Intruders who succeed in a root compromise can do just about anything on the victim's system, including run their own programs, change how the system works, and hide traces of their intrusion.
Packet Sniffer
A packet sniffer is a program that captures data from information packets as they travel over the network. That data may include user names, passwords, and proprietary information that travels over the network. If the data captured by a packet sniffer is encrypted (see Importance of Encryption), it is unlikely that someone will be able to reveal any sensitive information. However, if the data is not encrypted, just about any information sent is vulnerable to being compromised. Installing a packet sniffer does not necessarily require privileged access; however, it requires obtaining access to a network card interface somewhere in the line of communication.
Denial of Service
The goal of denial of service attacks is not to gain unauthorized access to machines or data, but to prevent legitimate users of a service from using it. A denial of service attack can come in many forms. Attackers may "flood" a network with large volumes of data or deliberately consume a scarce or limited resource such as process control blocks or pending network connections. They may also disrupt physical components of the network or manipulate data in transit, including encrypted data. The underlying purpose to a denial of service attack is to bog down a system by giving it too much information to process quickly enough.
Malicious Code
Malicious code is a general term for programs that, when executed, can cause undesired results on a system. Users of the system usually are not aware of the program until they discover the damage. Malicious code includes Trojan horses, viruses, and worms. Trojan horses and viruses are usually hidden in legitimate programs or files that attackers have altered to do more than what is expected. Worms are self-replicating programs that spread with no human intervention after they are started. Viruses are also self-replicating programs, but they usually require some action on the part of the user to spread inadvertently to other programs or systems. These sorts of programs can lead to serious data loss, downtime, denial of service, and other types of undesirable effects. See Antivirus Software.
Spoofing
Computers on networks often have trust relationships with one another. For example, before executing some commands, the computer checks a set of files that specify which other computers on the network are permitted to use those commands. If attackers can forge their identity, appearing to be using the trusted computer, they may be able to gain unauthorized access to other computers.
Basic Types of Vulnerabilities
Although there are many, many vulnerabilities in computer systems and networks today, the main vulnerabilities that are likely to cause you harm are:
1. Default software installations
2. Ineffective use of authentication
3. Patches not applied
4. Too many open ports and services running
5. Not analyzing incoming packets
6. Backups not maintained and verified
7. Lack of protection against malicious code
Default Software Installations
A default software installation is where an operating system or application software is installed using all the default settings built in by the programmers. Performing a default software installation on computers with sensitive data is not good practice, especially when the chosen software is likely to be used by many people, such as on a public access computer or web server.
Servers are installed with default user accounts. It is therefore important to:
• Disable guest accounts
• Disable the Everyone group account for Windows NT/2000/XP
• Don't run important daemons as root
• Rename the administrator account
• Set a strong password for the administrator account
Ineffective Use of Authentication
Authentication is the process of proving who you are to a system using one or more authentication methods. Authentication can be based on what you know (such as a password), based on what you have (such as a smart card), or based on who you are (such as biometrics). Most organizations rely on authentication via passwords. Passwords can be a fairly secure form of authentication when they are created properly (and, of course, when default passwords aren't used). It is depressingly easy, however, for people to create poor passwords. For more on how to create good "strong" passwords see Using Passwords Effectively.
Patches Not Applied
All too frequently, patches for known security problems are not applied during a default installation. Granted, as software vendors write increasingly complex code, it becomes harder for them to keep up with making the necessary patches. But server and systems administrators must make the effort to keep their systems patched. For information on where to find system and software patches, see vendor-specific patches.
Too Many Open Ports and Services Running
Ports are labels—ways to identify services that are running on particular machines. Ports have identification numbers which are included with every TCP or UDP packet. Services that are running on a machine are programmed to be on the alert to "listen" for packets that arrive from other computers with matching port numbers. Thus, the types of ports your server has open can give away a lot of information about it. In addition, the more ports your servers have open, the more options there are to connect to that server.
Not Analyzing Incoming Packets
A packet is the smallest unit of information that is transmitted across networks. All information—web pages, email messages, etc.—are broken down into packets before being transmitted. Each packet of a transmission has the service's port number, the sender's IP address, the destination IP address, and a packet number. All of the packets in a transmission are numbered in sequential order. Analyzing incoming packets allows you to weed out packets that don't match the rules that have been built into a network device's table of acceptable traffic, such as spoofed packets or packets utilizing the wrong port for a service. It also allows you to watch for bursts of activity indicating a denial of service attack. Analyzing your network traffic for unacceptable traffic is usually only done when there is a suspected breach of security. Proactively analyzing network traffic as a preemptive function is normally only done on networks with extremely sensitive data.
Backups Not Maintained and Verified
One of the aims of risk assessment is to show how many hours an asset such as a server can be down before it starts to impact the library's mission. If backups are not made daily, or at an interval acceptable to your library, you won't be able to quickly recover from data loss caused by security breaches, other disasters (such as utility problems), or acts of nature (like floods). Backups also should be tested to ensure that data has been backed up properly and that staff has enough familiarity with the recovery procedure. Backups should be maintained offsite along with copies of the hardware specifications and the backup software installation media.
Lack of Protection against Malicious Code: Viruses, Worms, Trojan Horses
A virus is a program that reproduces by attaching to another program. It may damage data directly, or it may degrade system performance by taking over needed system resources which are then not available to authorized users. Worms are independent programs that reproduce by copying themselves from one system to another, usually over a network. Trojan horses are programs that appear to perform a useful function but actually hide another unauthorized program inside them. When an authorized user performs the apparent function, the Trojan horse performs the unauthorized function as well (often usurping the privileges of the user).
All of these threats and vulnerabilities must be anticipated, especially when the threat is due to staff ignorance. They certainly must not be ignored—an ostrich with its head in the sand is only getting its head dirty. Threats and vulnerabilities must be carefully examined to see whether or not they apply to your library's computers and networks, staff and procedures. Then they must be analyzed to devise strategies to counter them.
"Intruders form groups and develop scripts that they share with each other on how to maliciously exploit vulnerabilities in systems. Intruders dedicate time to developing programs that exploit vulnerabilities and to sharing information. They have their own publications, and they regularly hold conferences that deal specifically with tools and techniques for defeating security measures in networked computer systems." The CERT/CC and the Internet Community
Breaches in library computer security are normally caused unintentionally by curious and persistent users—and sometimes intentionally by knowledgeable and malicious hackers. These threats are made more possible by software that has been installed improperly, software code that has inherent flaws (bugs), or insecure procedures.
Basic Types of Threats
Basic types of attacks include:
• Probes and scans - attempts to gain access or discover information about remote computers
• Account compromise - discovery of user accounts and their passwords
• Packet sniffing - capturing data that is sent across a network; the data can contain sensitive information like passwords
• Denial of service - flooding a network with requests that can overwhelm it and ultimately make a computer slow down or ultimately crash
• Malicious code - Trojan horses, worms, viruses
• Spoofing - making a computer look like a "trusted computer"
Probes and Scans
A probe is characterized by unusual attempts to gain access to a system or to discover information about the system. One example is an attempt to log in to an unused account. Probing is the electronic equivalent of testing doorknobs to find an unlocked door for easy entry. Probes are sometimes followed by a more serious security event, but they are often the result of curiosity or confusion. A scan is a way of performing multiple probes using an automated tool. The most common kind of scan is a "port scan." This kind of scan queries for listening ports on a remote computer. Scans are often a prelude to a more directed attack on systems that the intruder has found to be vulnerable.
Account Compromise
Account compromise is the discovery of user accounts and their passwords on a system. It allows an unauthorized user to gain access to all resources for which that user account is authorized. An account compromise might expose the victim to serious data loss, data theft, or theft of services. Limiting the amount of user accounts that have root-level access or administrative privileges minimizes potential damage; however, access to a user-level account is often an entry point for greater access to the system.
One kind of compromise better known to UNIX systems is called a root compromise. Traditionally, the administrative account for UNIX systems is called "root." Not only is it a user name, but it refers to the highest level directory on a server. If an account has root level access, it usually has access to the entire system. Intruders who succeed in a root compromise can do just about anything on the victim's system, including run their own programs, change how the system works, and hide traces of their intrusion.
Packet Sniffer
A packet sniffer is a program that captures data from information packets as they travel over the network. That data may include user names, passwords, and proprietary information that travels over the network. If the data captured by a packet sniffer is encrypted (see Importance of Encryption), it is unlikely that someone will be able to reveal any sensitive information. However, if the data is not encrypted, just about any information sent is vulnerable to being compromised. Installing a packet sniffer does not necessarily require privileged access; however, it requires obtaining access to a network card interface somewhere in the line of communication.
Denial of Service
The goal of denial of service attacks is not to gain unauthorized access to machines or data, but to prevent legitimate users of a service from using it. A denial of service attack can come in many forms. Attackers may "flood" a network with large volumes of data or deliberately consume a scarce or limited resource such as process control blocks or pending network connections. They may also disrupt physical components of the network or manipulate data in transit, including encrypted data. The underlying purpose to a denial of service attack is to bog down a system by giving it too much information to process quickly enough.
Malicious Code
Malicious code is a general term for programs that, when executed, can cause undesired results on a system. Users of the system usually are not aware of the program until they discover the damage. Malicious code includes Trojan horses, viruses, and worms. Trojan horses and viruses are usually hidden in legitimate programs or files that attackers have altered to do more than what is expected. Worms are self-replicating programs that spread with no human intervention after they are started. Viruses are also self-replicating programs, but they usually require some action on the part of the user to spread inadvertently to other programs or systems. These sorts of programs can lead to serious data loss, downtime, denial of service, and other types of undesirable effects. See Antivirus Software.
Spoofing
Computers on networks often have trust relationships with one another. For example, before executing some commands, the computer checks a set of files that specify which other computers on the network are permitted to use those commands. If attackers can forge their identity, appearing to be using the trusted computer, they may be able to gain unauthorized access to other computers.
Basic Types of Vulnerabilities
Although there are many, many vulnerabilities in computer systems and networks today, the main vulnerabilities that are likely to cause you harm are:
1. Default software installations
2. Ineffective use of authentication
3. Patches not applied
4. Too many open ports and services running
5. Not analyzing incoming packets
6. Backups not maintained and verified
7. Lack of protection against malicious code
Default Software Installations
A default software installation is where an operating system or application software is installed using all the default settings built in by the programmers. Performing a default software installation on computers with sensitive data is not good practice, especially when the chosen software is likely to be used by many people, such as on a public access computer or web server.
Servers are installed with default user accounts. It is therefore important to:
• Disable guest accounts
• Disable the Everyone group account for Windows NT/2000/XP
• Don't run important daemons as root
• Rename the administrator account
• Set a strong password for the administrator account
Ineffective Use of Authentication
Authentication is the process of proving who you are to a system using one or more authentication methods. Authentication can be based on what you know (such as a password), based on what you have (such as a smart card), or based on who you are (such as biometrics). Most organizations rely on authentication via passwords. Passwords can be a fairly secure form of authentication when they are created properly (and, of course, when default passwords aren't used). It is depressingly easy, however, for people to create poor passwords. For more on how to create good "strong" passwords see Using Passwords Effectively.
Patches Not Applied
All too frequently, patches for known security problems are not applied during a default installation. Granted, as software vendors write increasingly complex code, it becomes harder for them to keep up with making the necessary patches. But server and systems administrators must make the effort to keep their systems patched. For information on where to find system and software patches, see vendor-specific patches.
Too Many Open Ports and Services Running
Ports are labels—ways to identify services that are running on particular machines. Ports have identification numbers which are included with every TCP or UDP packet. Services that are running on a machine are programmed to be on the alert to "listen" for packets that arrive from other computers with matching port numbers. Thus, the types of ports your server has open can give away a lot of information about it. In addition, the more ports your servers have open, the more options there are to connect to that server.
Not Analyzing Incoming Packets
A packet is the smallest unit of information that is transmitted across networks. All information—web pages, email messages, etc.—are broken down into packets before being transmitted. Each packet of a transmission has the service's port number, the sender's IP address, the destination IP address, and a packet number. All of the packets in a transmission are numbered in sequential order. Analyzing incoming packets allows you to weed out packets that don't match the rules that have been built into a network device's table of acceptable traffic, such as spoofed packets or packets utilizing the wrong port for a service. It also allows you to watch for bursts of activity indicating a denial of service attack. Analyzing your network traffic for unacceptable traffic is usually only done when there is a suspected breach of security. Proactively analyzing network traffic as a preemptive function is normally only done on networks with extremely sensitive data.
Backups Not Maintained and Verified
One of the aims of risk assessment is to show how many hours an asset such as a server can be down before it starts to impact the library's mission. If backups are not made daily, or at an interval acceptable to your library, you won't be able to quickly recover from data loss caused by security breaches, other disasters (such as utility problems), or acts of nature (like floods). Backups also should be tested to ensure that data has been backed up properly and that staff has enough familiarity with the recovery procedure. Backups should be maintained offsite along with copies of the hardware specifications and the backup software installation media.
Lack of Protection against Malicious Code: Viruses, Worms, Trojan Horses
A virus is a program that reproduces by attaching to another program. It may damage data directly, or it may degrade system performance by taking over needed system resources which are then not available to authorized users. Worms are independent programs that reproduce by copying themselves from one system to another, usually over a network. Trojan horses are programs that appear to perform a useful function but actually hide another unauthorized program inside them. When an authorized user performs the apparent function, the Trojan horse performs the unauthorized function as well (often usurping the privileges of the user).
All of these threats and vulnerabilities must be anticipated, especially when the threat is due to staff ignorance. They certainly must not be ignored—an ostrich with its head in the sand is only getting its head dirty. Threats and vulnerabilities must be carefully examined to see whether or not they apply to your library's computers and networks, staff and procedures. Then they must be analyzed to devise strategies to counter them.
What is the need of Securing?
Computer security is required because most organizations can be damaged by hostile software or intruders. There may be several forms of damage which are obviously interrelated. These include:
• Damage or destruction of internal data.
• Damage or destruction of computer system.
• Loss of sensitive information of hostile parties.
• Use of sensitive information to steal items of monitory value.
• Use of sensitive information against the organization’s customers which may result in legal action by customers against the organization and loss of customers.
• Damage to the reputation of an organization
• Monetary damage duet o loss of sensitive information, destruction of data, hostile use of sensitive data, or damage to the organization’s reputation.
The methods used to accomplish these crooked objectives are many and varied depending on the circumstances.
• Damage or destruction of internal data.
• Damage or destruction of computer system.
• Loss of sensitive information of hostile parties.
• Use of sensitive information to steal items of monitory value.
• Use of sensitive information against the organization’s customers which may result in legal action by customers against the organization and loss of customers.
• Damage to the reputation of an organization
• Monetary damage duet o loss of sensitive information, destruction of data, hostile use of sensitive data, or damage to the organization’s reputation.
The methods used to accomplish these crooked objectives are many and varied depending on the circumstances.
What is the need of Securing?
Computer security is required because most organizations can be damaged by hostile software or intruders. There may be several forms of damage which are obviously interrelated. These include:
• Damage or destruction of internal data.
• Damage or destruction of computer system.
• Loss of sensitive information of hostile parties.
• Use of sensitive information to steal items of monitory value.
• Use of sensitive information against the organization’s customers which may result in legal action by customers against the organization and loss of customers.
• Damage to the reputation of an organization
• Monetary damage duet o loss of sensitive information, destruction of data, hostile use of sensitive data, or damage to the organization’s reputation.
The methods used to accomplish these crooked objectives are many and varied depending on the circumstances.
• Damage or destruction of internal data.
• Damage or destruction of computer system.
• Loss of sensitive information of hostile parties.
• Use of sensitive information to steal items of monitory value.
• Use of sensitive information against the organization’s customers which may result in legal action by customers against the organization and loss of customers.
• Damage to the reputation of an organization
• Monetary damage duet o loss of sensitive information, destruction of data, hostile use of sensitive data, or damage to the organization’s reputation.
The methods used to accomplish these crooked objectives are many and varied depending on the circumstances.
Subscribe to:
Posts (Atom)