previous  next  Title  Contents  Index        Previous    Next     Top   Detailed TOC 


10. Securing LAN/WAN Networks


Network security is vital. Many applications (IBM 3270 telnet emulation, Telnet, ftp...) send unencrypted passwords across the network. Although a network cannot be completely secured, the weakest links should be protected. It is not realistic to expect the Network to be ever 100% secure. The are two principal tendencies in network security today:

  1. New applications being developed are often designed so that they can transfer data securely across insecure networks. i.e. some type of authentication / encryption is built-in.
  2. IP level encryption (for TCP/IP networks) offers a secure channel between two machines, even over insecure networks. One example is SKIP (see the "Mechanisms" chapter).

Network security could easily be enhanced if Vendors replaced relics such as ftp, telnet and rlogin with more secure alternatives such as ssh (see the "Mechanisms" chapter), if NIS+ and/or Kerberos clients were bundled with all major OSs and a secure email system such as pgp were fully integrated into vendors email clients. But history shows that this is unlikely to happen.....

Centralised network management is important for maintaining network security. The Network (meaning both LAN and WAN) is analysed here in terms of:

11.1 Network Model (OSI)

The Open Systems Interconnect model is the standard for describing the transmission of data across networks. The seven layer model is particularly useful in comparing different architectures. The following diagram should help to understand the relationships between OSI, TCP/IP and communications layers used by Lan Manager.

osi_layers.gif (32196 bytes)

11.2 Network Protocols

11.2.1 Lan Manager / Microsoft Network / NT Domains

NetBEUI: Use only on local subnets.

WINS (Windows Internet Naming Service) allows Netbios name to IP address resolution via a highly automated dynamic database. It reduces the need for LMHOSTS files. See the "Windows NT" chapter.

RAS (Remote Access Service), see the "Windows NT" chapter. 

11.2.2 TCP/IP

11.2.2.1 Weaknesses

TCP/IP was not designed for high security:

However, TCP/IP is reliable, robust and the de-facto standard.

See the Mechanisms chapter for a discussion of new IP level encryption products designed to address many of the above problems. 

11.2.2.4 DNS (Domain Name Service)

11.2.2.5 NIS, NIS + (Network Information Service)

See the chapter "Securing UNIX". 

11.2.2.6 DHCP (Dynamic Host Configuration Protocol)

DHCP is very practical, especially for Laptops and in environments where reorganisations are constant. However, dynamic DHCP makes it difficult to uniquely identify machines, so for class  networks, avoid the use of dynamic IP addressing. Static DHCP may be useful for centralising the management of IP addresses.

11.2.2.7 NFS (Network File System)

See the "Securing UNIX" chapter for a discussion of NFS.

11.3 Physical network types

If confidentiality is a major concern, use fibre optics, they are very difficult to interrupt or sniff.

11.3.1 Ethernet

11.3.2 Leased lines

Copper leased lines should be hardware or software encrypted. 

11.3.3 FDDI

Because FDDI is a fibre optic ring, it is impossible to "listen" by detection of magnetic fields and if someone tries to connect to the ring, they need specialist equipment and the ring would be disturbed - it should not go unnoticed.

11.3.4 ATM

ATM (Asynchronous transfer mode) is a complex suite of protocols with many interesting features, such as bandwidth allocation, virtual networks, high speed... They are useful primarily by telecom providers. The complexity of ATM makes it difficult for hackers to crack, but also difficult to configure correctly.

11.4 Network Devices

Most attacks come from the inside, so:

On critical subnets, it's important correctly configure network devices: only enable needed services, restrict access to configuration services by port/interface/IP address, disable broadcasts, source routing, choose strong (non default) passwords, enable logging, choose carefully who has user/enable/admin access, etc.

11.4.1 Hubs

11.4.2 Bridges

11.4.3 Routers

Routers have become complex and can have almost as many configuration options as a UNIX host...

11.4.4 Modems

A sweep of all Internal telephone lines should be made once a month (during the night) to see how many modems are attached and at what numbers. This can then be checked against a list of registered modems. TBD: example of a product which can do this!

11.5 External connections to WANs

11.5.1 Permission for external connections

For external access (via modem for example) to internal systems or from internal systems to the outside (Internet for example), a user should have the written permission. The user should prove that such an external access is absolutely necessary.

These external connections can be classed as incoming and outgoing: 

11.5.2 Example Incoming connections

11.5.3 Example Outgoing Connections

11.5.4 Simple Internet or Bulletin board access

If Internet access is required for information browsing (e.g. ftp or Web) on a sensitive zone, one solution is to use a simple PC with modem but with absolutely no (internal) network connection.

It is important that these connections be registered with, and audited regularly by centralised security staff. 

11.5.5 Insecure subnets

Where many external connections are required in one building, one possibility is to group together the external connections on an "Insecure Subnet" which has direct outside access, but which is separated from the internal network via a Firewall. This minimises cost (only one firewall) and maximises flexibility, but great care must be taken in the daily usage on these machines on the "Insecure Subnet", as they must be considered as dangerous, penetrated hosts. 

11.6 Network Management / Monitoring

Networks are becoming more important, data speeds and volumes are increasing and networks are becoming more and more heterogeneous. Professional Network monitoring can help to analyse and predict problems (and increase availability). Such monitors can also be used to increase security by two methods:

a) "Strange" network behaviour could be an intrusion, so a monitor should be able to note "strange" (i.e. not "normal") network behaviour.
b) If security policy specifies that certain services are not to be used by certain hosts at specified times, network monitor software could be used to check this. e.g. if the security policy for a network specifies that ftp is not to be used between 00:00 and 06:00, then any ftp traffic on the network at this time should be monitored an reported as a security alert. This kind of monitoring is especially useful for local high security networks.


previous  next  Title  Contents  Index        Previous    Next     Top   Detailed TOC