Chapter 2

NETWORK AND SERVERSECURITY

Content

• Network Protocols Review• Securing Servers• Border Security

Network Protocols Review

• Protocol: is a formal set of rules that describe how computers transmit data and communicate across a network.

• Protocols are arranged in a stack of layers in which data is passed from the highest layer to the lowest layer to send a transmission(network stack).

Network stack and data encapsulation

OSI Seven-Layer Model

The Functions of Layer• Session Layer:

– Establishing the connection.– Transferring data.– Releasing the connection.

• Network Layer:– Switching and routing– Forwarding– Addressing– Error detection– Node traffic control

• Data Link Layer:– Media Access layer:

• Supports the network computer’s access to packet data.• Controls the network computer’s permission to transmit packet data.

– Logical Link layer:• Sets up the communication link between entities on a physical channel.• Converts data to be sent into bits for transmission.• Formats the data to be transmitted into frames.• Adds a header to the data that indicates the source and destination IP addresses.• Defines the network access protocol for data transmission and reception.• Controls error checking and frame synchronization.• Supports Ethernet and token-ring operations.

Protocols associated with each layer

• Application layer:– File Transfer Protocol (FTP)– Trivial File Transfer Protocol (TFTP)– Domain name system (DNS)– Simple Mail Transfer Protocol (SMTP)– Secure File Transfer Protocol (SFTP)– Shell (SSH) or SSH-2– Remote login (Rlogin)– Simple Network Management Protocol (SNMP)– BootP– Multipurpose Internet Mail Extensions (MIME)

• Presentation Layer– Hypertext Transfer Protocol (HTTP)– Moving Picture Experts Group (MPEG)– Joint Photographic Experts Group (JPEG)

Protocols associated with each layer

• Session Layer:– AppleTalk Session Protocol (ASP)– Network File System (NFS)– Remote procedure call (RPC)

• Transport Layer:– Transmission Control Protocol (TCP)– Stream Control Transmission Protocol (SCTP)– User Datagram Protocol (UDP)– Sequenced Packet Exchange (SPX)

• Network Layer:– Internet Protocol (IP)– Open Shortest Path First (OSPF)– Internet Control Message Protocol (ICMP)– Routing Information Protocol (RIP)– IP security (IPsec)– Address Resolution Protocol (ARP)– Reverse Address Resolution Protocol (RARP)

• Data Link Layer:– Serial Line Internet Protocol (SLIP)– Point-to-Point Protocol (PPP)

The TCP/IP Model Layers

The TCP/IP Model Layers

TCP/IP encapsulation

TCP/IP Ports

Best Practices for Network Security

• Three basic guidelines for securing the servers on your network:– Designing applications with security in

mind(Security by Design)– Maintaining a security mindset– Defense–in-depth

Security by Design• Some of the factors affecting security in the design phase of a development

effort are as follows:– The software developers and security professionals (network engineers)

historically came from different communities. This is still an issue today, although more software developers are attending security training and security conferences.

– The security threat was not well publicized. Security has made the front page more often in recent years.

– In many cases, the software developers are building an application that they have never coded before. However, a network engineer who designs a network has probably designed dozens of networks in the past.

– Until recently, software developers could not justify time spent on security features, because security features did not seem to affect the bottom line from management’s perspective.

– In the highly competitive marketplace for software, there has been a natural rush-to-market approach to beat the competition.

Maintaining a Security Mindset• The following are some approaches to developing a mindset that

will help you secure the servers on your network:– Base security decisions on the risk. Security can be like insurance; the

risk must be known to determine the coverage needed.– Use defense-in-depth. Many security controls are preferable to a single

point of protection.– Keep things simple. Simplicity and clarity will support a more secure

environment.– Respect the adversary. Do not underestimate the interest and

determination of the threat.– Work on security awareness. Security training is needed at all levels of

an organization.– Be paranoid and expect the worst.

Securing Servers

• To operate the server securely, an organization must establish a plan with associated procedures. These procedures should include the following key aspects:– Control the server configuration: The server must be

configured to minimize exposure to an attack.– Control users and access: A need-to-know and need-to-

access environment should be established regarding the server’s data and access.

– Monitoring, auditing, and logging: Security does not stop with deployment of the server.

Controlling the Server Configuration

• The following are three important considerations when securing the host system:– Physical Security of the System:

• Provide an uninterruptible power supply (UPS) unit with surge protection.

• Provide fire protection to minimize the loss of data and equipment.

• Provide adequate cooling and ventilation.• Provide adequate lighting and work space for maintaining and

upgrading the system.• Restrict physical access to the server(server space should be

locked, alarmed, and recorded for later evaluation).

Controlling the Server Configuration

• Minimizing Services– The following list shows typical services that should be disabled from a host if

not needed:• Telnet: The secure alternative, SSH, should be used instead, if needed.• SMTP: Mail server applications are frequent targets of attacks.• FTP: FTP is used to upload files to and download files from a central repository. FTP has a

number of vulnerabilities and must be properly configured to be safe.• TFTP: TFTP is used to transfer small files and can be used to upload a malicious file to a

computer.• Finger: Finger allows you to determine the name associated with an email address and

the last time the user logged on.• Netstat: Netstat is a Windows troubleshooting tool that allows you to see which ports a

computer is listening on, as well as other information about the network.• Systat: Systat is a Unix® troubleshooting tool.• Chargen and Echo: These services can be used to launch data-driven attacks and denial-

of-service (DoS) attacks.• DNS: This service requires frequent patches and upgrades to be secure.• RPC: Unless the server application explicitly uses RPC to communicate with other

systems, this should be disabled.

Managing Windows Services• Windows 2000 (and later) has three built-in accounts that

are typically used to run services, but you can also create a special user account and assign it the necessary rights and permissions.

• The three built-in accounts are as follows:– Local System: This account has permission to perform any task on

the computer and permission to access resources on the network.– Local Service: This account has very limited permissions on the

computer and cannot access other computers across the network.– Network Service: This account has the same local permissions as

Local Service, but can also access computers across the network.• You change the security context for a service through the

Log On tab of the service’s properties.

Managing Windows Services

Blocking Ports and Limiting Input and Output Devices

• Blocking Ports: You can block traffic to a specific port by configuring a firewall or IPSec.

• Some physical entry points you might consider removing include the following:– Modems– Network adapters– CD-ROM and DVD drives– Floppy drives– Universal Serial Bus (USB) ports– Monitor

Border Security• Segmenting a Network: Network segments can be theoretically classified

into the following:– Public networks: allow accessibility to everyone(unsecured Network)– Semi-private networks: sit between public networks and private

networks(exclusive subnets of large public networks).– Private networks: are organizational networks that handle confidential and

proprietary data and are the most common type of network.• The boundaries of such network segments are established by devices

capable of regulating and controlling the flow of packets into and out of the segment, including the following:– Routers– Switches– Bridges– Multi-homed gateways

Perimeter Defense

Firewalls• The reasons for an organization to employ firewalls to secure

their networks from other insecure networks:– Poor authentication– Poor authentication– Spoofing– Scanners and crackers

• Type of Firewall:– Packet-Filtering Firewalls– Stateful packet-filtering– Application Proxy Firewalls: working at Layer 7 of OSI

• Disadvantages of Firewalls– The cost involved in installation.

A web server in a DMZ

Network Address Translation• Feature of NAT:

– It is used to translate private addresses to public address.– hosts from inside the protected networks (with a private address) are

able to communicate with the outside world, but systems that are located outside the protected network have to go through the NAT system to reach internal networks.

– The main feature in NAT is the translation table(A single public IP address might be mapped to more than one private IP address).

• Translation tables are built using two methods:– Static: In this configuration, the relationships among the public and

private IP addresses are fixed.– 2. Dynamic outbound packets: In this mode, the translation tables get

updated automatically as outbound packets are processed from the private network.

The NAT methodology