The need for security in computer
networks is as fundamental as the need for the networks themselves.
But how much and what kind of security is needed? There needs to be
some sort of cohesive effort that spans many different areas and
In general, it is reasonable to start
dealing with security issues by considering the three following aspects.
- What is the type of activity engaged in by the
organization developing the network?
- is it the nature of the business/information to
- legal profession
- health profession
- financial institutions
- law enforcement
- personnel records
- defense related developments
- highly competitive industries
- organizations connected to the Internet
- What is the nature of the data stored on the
- the data itself almost always needs to be
alterable by a very few
- even if data is accessible for viewing, how is
- payroll records
- personal information
- accounting information
- tax data
- trade secrets
- What is the overall management philosophy of the
- degrees of openness and/or closedness
- extent of interaction between organization
- who gets to know what
Assessing Security Threats.
After developing an understanding of certain basic issues related to the
functioning of the organization, it is important to assess what are the
likeliest threats to the network. Unfortunately, it is fairly easy
to lack appropriate awareness and/or lose one's sense of proportion when
doing these assessments. But regardless, security threats can be
reasonably classified into the two following categories.
- external threats
- unauthorized use of passwords and keys
- DoS - denial of service attacks
- IP spoofing
- viruses and worms
- trojan horses
- internal threats
- corporate espionage
- internal politics
- disgruntled employees
- accidental breaches
- rebellious users
We will now work through the above list and discuss
First we will survey several of the more common external threats.
Unauthorized Use of Passwords
and Keys. First, some definitions and distinctions.
- password -
a sequence of characters used by a user to verify they really have
- key - a
number or cipher used to verify the integrity of a communication
Passwords and keys are security measures designed to
help keep unauthorized persons from accessing particular resources or
information. But they are effective only if they are kept secret.
Hackers aren't usually as sophisticated as they are
portrayed in the popular media. They are more likely to gain
access through someone else's error. For example, if they know
someone working for an organization and get their password, or know
someone that knows someone and the same sort of thing happens.
It can also be the case that many users create
passwords that are easy to guess because they wanted to have a password
that is easy to remember. They might end up writing their password
down in someplace that isn't as protected as they should want it to be.
Hackers also sometimes pose as technical support
personnel or law enforcement personnel in order to gain access to a few
salient pieces of information. This sort of effort is often called
a social engineering approach.
It is important for all users to be able to verify who they are
interacting with before disclosing any information.
Hackers may also obtain passwords by
brute force, exhaustive efforts.
They may find a way to go through a huge number of possible passwords
undetected by the security system.
Truly technical hackers can find out passwords by
intercepting packets of information on the network. This isn't as
hard a one might hope in far too many settings.
DoS - Denial of Service.
Denial of Service attacks are
currently getting a fair amount of publicity. This is in part due
to the fact that if a popular website goes down, others are going to
notice. DoS attacks are usually orchestrated to overwhelm the
resources of a particular network in order to cause it to fail.
This failure can be aimed at a network or at particular servers.
Some of the most common forms of DoS are the
- Ping/ICMP - Internet Control Message Protocol
- this involves a flood of packets that
overwhelm the system
- Smurf Attack
- this is an ICMP flood that is so widespread
it affects the entire network for a service provider
- Ping of Death
- this is a more sophisticated variant of the
earlier that sends packets that are also large enough to require
the systems to break them apart in addition to other handling
- SYN Attacks
- the attackers make use of TCP synchronization
messages involved in the
three way handshake
to disrupt communications
In order to attain a volume that is sufficient to be
adequately disruptive these attacks can be quite large and orchestrated.
Another way that hackers sometimes work is to take control of a powerful
server someplace on the network and use it's processing capabilities to
attack other sites.
IP spoofing involves modifying the packet headers of messages being
sent. This makes it seem that the messages are coming from a
different source. This can end up being the basis of gaining not
truly traceable access to resources on a network or Internet.
Computer Viruses and Worms.
Computer viruses are programs that
can replicate themselves and spread from one computer to another without
each user's consent. Unfortunately, these programs are usually
malicious to the operation of host computers when present.
Several of the most recent viruses have taken
advantage of certain types of automatic processing on Microsoft clients
and servers to cause themselves to be sent to every user in particular
address books. Then these receivers send the virus on and so on.
This sort of effort can bring networks and e-mail servers to a
propagate in somewhat similar fashions, but they are usually more
oriented towards damaging source files on host computers.
Trojan Horse Programs.
A trojan horse is a program that
misrepresents itself in order to obtain particular information or
access. For example, there are trojan horse programs that emulate
login screens in order to obtain user's login information.
Many security measures focus purely on external threats. This sort
of self protection through denial of some of the most real threats is
not particularly intelligent or effective. For example, it is
usually much more likely for a retail firm's own employees to engage in
theft than it is for external customers to be capable of stealing from a
There are many motives for such internal efforts.
Corporate espionage is usually the most sophisticated of efforts to
intrude where one shouldn't be.
Employees can be approached by competitors or other
firms and be offered considerable rewards for disclosing particular
There are also freelance corporate spies who engage in
such efforts for personal financial gain.
These spies are usually intelligent and quite aware of
what they are doing. They can also be some of the most difficult
Computer networks can be particularly vulnerable to
I think of the recent hirings by the Homeland Security
agencies in their efforts to thwart future 9-11 sorts of efforts.
I considered the mass hirings to have been some of the silliest
attempts. These agencies were demonstrating almost no capability
to gain inside information on appropriate organizations in the past.
Their own infrastructures should be highly suspect in many ways for
these and other reasons. They clearly have had very little at
least recent history of working very well within other cultures or
employing people they trusted to gain such information. Then they
see themselves as being able to mass hire to solve these kinds of
issues! Who are they hiring? What are their selection
processes? It seemed to me to also be an opportunity for mass
infiltration by outside groups.
Well, I can go on about internal security efforts in a
large number of organizations ...
Another difficult source of internal security breaches can come from
internal politics. Sometimes these breaches can be traced back to
an employee willing to do just about anything to advance themselves.
They may try to gain access to particularly important information or to
sabotage another's efforts. Some can use computing to unfairly
scrutinize or setup other people. They might even go so far as to
plant incriminating evidence if they have sufficient expertise.
Fortunately in most instances, because these
perpetrators aren't likely to be all that computer network savvy, they
can be thwarted and/or diminished through fairly standard network
Employees or ex-employees with grudges against the company
can also be a source of problems for computer security. They might
work to destroy data sources or disrupt basic communication processes.
This can be particularly troublesome if a technically capable employee
has become disgruntled.
In particular, for terminated employees, it is
important for their access rights to be quickly terminated. It may
also be the case that their physical access needs to be curtailed.
It is often the case that internal security problems are caused by
inadvertent errors or lack of training. Sometimes operating
systems software can be destroyed by someone doing things in
inappropriate places. Some users may actually be trying to help
when their efforts end in a mess up.
This can develop in a variety of ways. For example , it may be
that a particular user wants to implement particular software.
They may do this after purchasing appropriate software or not.
Company policy needs to be intelligent and
appropriate. Some policies can actually be overly restrictive and
truly diminish the capability of employees to do their assigned tasks.
On the other hand, some policies can be too lax. There are far too
many possibilities to discuss in such a brief survey.