Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg

Information Security © 2006 Eric Vanderburg

Information Security

Chapter 5

Securing the Network Infrastructure


Cabling• Cable Plant – Network infrastructure• Cable Characteristics

– Bandwidth Rating– Max Segment Length– Segments per network– Devices per segment– Interference Susceptibility (EMI & RFI)– Connection Hardware– Cable Grade (PVC or Plenum Grade Teflon)– Bend radius– Cost (Material, Installation, & Maintenance)


Coaxial Cable (Coax)• Thicknet (10base5)

– ½ inch thick– RG-11 or RG-8– Vampire tap– AUI (Attachment Unit Interface) - 15 pin DB-15

• Thinnet (10base2)– BNC (British Naval Connector)– 50 ohms impedance – RG-58

• Coax for Broadband (RG-59, 75 Ohm)


Twisted Pair• Twists reduce crosstalk

• UTP (Unshielded Twisted Pair) 10baseT

• STP (Shielded Twisted Pair)– Foil wrapped around wires

• Phone line (RJ-11)

• TP Network cable (RJ-45)

• 100 Meter max length


Twisted Pair Categories • Cat1 – voice only, before 1982• Cat2 – 4 wires, 4Mbps• Cat3 – 4 wires, 10Mbps, 3 twists/foot• Cat4 – 8 wires, 16Mbps• Cat5 – 8 wires, 100Mbps• Cat5e – 8 wires, 1Gbps, full-duplex, 100MHz*• Cat6 – 8 wires, 1Gbps, 250MHz*, larger, more sensitive• Cat7 – 8 wires, shielded, 1Gbps, 600MHz*, individually

shielded pairs• *Easier to detect defects with higher frequencies


Fiber Optic• Signal sent by light• No eavesdropping• No interference• Two cables needed for full duplex• Surrounded by Kevlar• Max length: 2-100 km• 1Gbps & 10Gbps implementations• Difficult to install• Expensive (Cable, Install, Maintenance)


Fiber Optic Connectors

ST (Straight Tip) SC (Straight Connection)

MT-RJtwo cables in one

RJ-45 clone

SMA (Subminiature Type A)

MIC (Medium Interface Connector)

LC (Link Control)


Fiber Optic cable types• Single mode

– Laser based– Spans longer distance– One piece of glass– Core: 2-9 microns

• Multi-mode– LED based– Shorter distance– Multiple pieces of glass– Core: 25-200 microns


Quick Comparison

Type Length Bandwidth Installation Interference Cost

UTP 100 meters 10Mbps-1Gbps Easy High Cheapest

STP 100 meters 16Mbps-1Gbps Moderate Moderate Moderate

Thinnet 185 meters 10Mbps Easy Moderate Cheap

Thicknet 500 meters 10Mbps Hard Low Expensive

Fiber 2-100 kilometers 100Mbps-10Gbps Moderate None Most Expensive


Sniffers• Captures all data packets that travel on a

network.

• Designed for use in network diagnostics

• Hard to trace because it is passive

• Can be used to find passwords or other sensitive information

• Mitigate with switched networks

• Protect the physical environment

• Watch out for comprimised hosts


Removable Media• Optical Media

– CD

– DVD

• Magnetic Media– Floppy disk– Hard drive– Micro drive

– Tape

• Flash Media– USB Stick, CF (non microdrive), SD, MMC,

SmartMedia, Game cartridge, PCMCIA, Rom Chips


Securing Removable Media• Encrypt USB Sticks

• Disable or lock USB ports on the computer

• Physical check that devices are not brought in


Terms• Workstation

• Server

• Terminal


Server Types• Domain Controller• Application Server• File Server• Print Server• Communication Server• Web Server• Mail Server• Name Server


Server Vendors• Microsoft

– Windows NT– Windows 2000– Windows 2003

• Linux (Various Distributions)• Novell Netware• OS/2

Microsoft

Linux BSD MacOSX NetWare 6

UNIX NeXT NetWare v1-5 Mac OS 1-9 OS/2

Operating Systems

• Sun Microsystems – Solaris– Looking Glass

• Apple– Mac OSX Server

• FreeBSD• NeXT


Equipment• Repeater• Hubs

– Active (powered – regenerates signal)– Passive (unpowered)

• Bridge– Translation bridge – translates differing frame types for different

architectures (ATM, Ethernet)

• Router– Reduces the broadcast domain– Looks at packets– Can filter by packets


Equipment• Switches

– Cut-through switching – reads only the first part of the frame to forward it.

– Store & forward switching• Reads entire frame before forwarding. Also does error checking

using the CRC field, discards if errors. • Saves bandwidth because bad frames are not forwarded. Requires

faster switches• Fragment free switching – reads enough to know it is not a

malformed or damaged frame– Reduces the collision domain– Looks at frames– VLANs (Virtual LAN)– Core switch – central to the network. Other switches connect

into it– Workgroup switch – connects to network nodes


Network Management• SNMP (Simple Network Management

Protocol)– Agents– MIB (Management Information Base)– Ports 161 & 162 UDP– SNMP enabled devices are called managed

devices


Securing Network Devices• Create a custom logon prompt to remove

any info about the device• Disable HTTP or SNMP access if they are

not used– If used, try SSL instead of HTTP– Use SNMP version 3

• Limit access to certain machines or subnets

• Log activity• Encrypt management communications


Communication Devices• Modem (Modulator / Demodulator)• DSL (Digital Subscriber Line) – uses phone lines

on a much higher frequency. Dedicated line. • Cable Modem – faster max speed but a shared

medium• Central Office (CO) or Head in – local

connection point where a neighborhood of connections terminate and are connected into the ISP’s network.

• Always-on connections can be tempting for attackers. Firewalls are a must.


Remote Access

• RAS (Remote Access Server) – A computer that allows others to connect into it. – Modem– VPN

• Protect using– Authentication– Privileges– Account lockout policies– Firewalls & ACL


File Browsing

• UNC (Universal Naming Convention)– Windows shares are named

\\computername\sharename

smb://computername/sharename


Telcos

• PBX (Private Branch Exchange) – private switching station for voice and data services

• PBX attacks– Data modification– Denial of service– Information disclosure– Traffic analysis – where calls go to and from,

frequency, time– Theft of service


Network Security Devices

• Firewalls – filters packets based on criteria such as an ACL or a rule base

• Routers can serve this purpose but they are not as efficient as a dedicated device

• Personal firewall (host based)• Enterprise software firewall – designed to

run on a powerful machine that analyzes all network traffic running through it.

• Hardware firewall – engineered to be able to process packets quickly and efficiently.


Firewalls

• Packet filtering– Stateless – allows or denies packets based on rules

– Stateful – keeps a state table of outgoing connections and allows corresponding incoming connections.

• Advanced firewalls– Antivirus scanning– Content filtering – looks at web sites and such. Could

use a database from another vendor which is updated regularly. Enable and disable types of content

– Application layer firewall – looks at many packets together to determine whether to let them in.


Firewalls

• DMZ (Demilitarized Zone) – area that is closer to the untrusted network than the rest of the LAN. Used for services made available to the Internet.

• These servers may reside there:– Web server– Email server– RAS server– FTP server– Proxy server


IDS (Intrusion Detection System)• Monitors the packets on the network for

signatures. – Network based - Looks at the overall flow. Positioned

where a lot of traffic flows– Host based – resides on one machine and monitors

the data coming to that machine. It may communicate with a central device. (Agent based)

– Active IDS – can take action when an attack happens.

– Passive IDS – alerts the administrator when there is an attack.

– Anomaly based IDS or IPS (Intrusion Prevention System) – looks at behavior rather than signatures. May result in more positives.


Other concepts

• Intranet

• Extranet

• NAT (Network Address Translation)

• Honeypot


Acronyms• CD-ROM, Compact Disk Read Only Memory• CD-R, Compact Disk Recordable• CD-RW, Compact Disk Rewritable• DMZ, Demilitarized Zone• DSL, Digital Subscriber Line• DVD, Digital Versatile Disk• DVD-R, Digital Versatile Disk Recordable• DVD-RAM, Digital Versatile Disk Random

Access Memory• DVD-RW, Digital Versatile Disk Rewritable• IDS, Intrusion Detection System


Acronyms

• MIB, Management Information base• NAT, Network Address Translation• PAT, Port Address Translation• PBX, Private Branch Exchange• RAS, Remote Access Server• STP, Shielded Twisted Pair• SNMP, Simple Network Management Protocol• UNC, Universal Naming Convention• UTP, Unshielded Twisted pair• VLAN, Virtual Local Area Network

Technology

Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg