Network and Computer Security Tutorial Version 0.4.0 April 16, 2001
This computer security tutorial is written based on my experiences with computer and network security along with my training and information I have read. The field of security is constantly changing so I cannot guarantee that information in this computer security tutorial will be current. This computer security tutorial will define some basic security issues and give insight into what causes security to be a constant issue. This computer security tutorial will help you decide what to protect and provide some basic information about attacks that may be made against your network, computer systems, or data. It will also provide computer and network security recommendations for you or your organization. Although much useful information can be derived from this document without the reader having networking knowledge, to use this document in depth, I recommend that readers of this computer security tutorial have a fundamental knowledge about networking. The information contained in The CTDP Networking Guide contains the networking documentation required to understand this computer security tutorial.
In this computer security tutorial, the terms computer security and network security will be used often. When the term computer security is used, it specifically refers to the security of one computer, although the overall security of each individual computer is required for network security. When the term network security is used, it refers to the security of the network in general. This includes such issues as password security, network sniffing, intrusion detection, firewalls, network structure and so forth.
Security Violation Definition
Computer or network security has been violated when unauthorized access by any party occurs.
Computer security is required because most organizations can be damaged by hostile software or intruders. There may be several forms of damage which are obviously interrelated. These include:
- Damage or destruction of computer systems.
- Damage or destruction of internal data.
- Loss of sensitive information to hostile parties.
- Use of sensitive information to steal items of monitary value.
- Use of sensitive information against the organization's customers which may result in legal action by customers against the organization and loss of customers.
- Damage to the reputation of an organization.
- Monitary damage due to loss of sensitive information, destruction of data, hostile use of sensitie data, or damage to the organization's reputation.
The methods used to accomplish these unscrupulous objectives are many and varied depending on the circumstances. This guide will help administrators understand some of these methods and explain some countermeasures.
Computer security can be very complex and may be very confusing to many people. It can even be a controversial subject. Network administrators like to believe that their network is secure and those who break into networks may like to believe that they can break into any network. I believe that overconfidence plays an important role in allowing networks to be intruded upon. There are many fallacies that network administrators may fall victim to. These fallacies may allow administrators to wrongfully believe that their network is more secure than it really is.
This guide will attempt to clarify many issues related to security by doing the following:
- Help you determine what you are protecting.
- Break computer security into categories.
- Explain security terms and methods.
- Point out some common fallacies that may allow administrators to be overconfident.
- Categorize many common attacks against networks and computers.
- Explain some attack methods.
- Describe tools that can be used to help make a network more secure.
There are many different aspects to computer and network security as you will read in this document. These different areas of computer security are interdependent on each other in order for a network to be secure. If one or more areas of computer security are ignored, then the entire security integrity of the organization's network may be compromised. A clear example of this is in the area of computer virus or worm protection. Computer virus protection programs can only filter known viruses or worms. There are viruses or worms that are not yet recognized as virus programs immediately after their release. The best way to make unrecognized virus or worm programs less effective is by quickly removing the vulneribilities that they use. Some of these vulnerabilities are operating system and application program errors. When security patches are created for software, they should be quickly applied. In this way the vulnerabilty to viruses is minimized but not eliminated. There are other steps which may further reduce this vulnerability, but it can never be completely eliminated.
Security Limitations and Applications
If you are reading this document and are thinking that you can get all the information required to make your network completely secure, then you are sadly mistaken. In many ways, computer security is almost a statistical game. You can reduce but not eliminate the chance that you may be penetrated by an intruder or virus. This is mainly for one reason.
No one can ever know all the software vulnerabilities of all software used on a system.
This is why even those who consider themselves hackers will say that the number one computer security threat is the lack of quality in the applications and operating systems. At this point, I could talk about the various corporate entities that write software and why software lacks the quality that many of us believe that it should possess, but that subject is not only way beyond the scope of this document, but also way beyond the scope of this project.
The bottom line here is that unless you can remove all the application and operating system problems that allow viruses and intruders to penetrate networks, you can never secure your network. Additionally the users on your network are potentially a greater security risk than any programs. Obviously removing all vulnerabilities is impossible and will not secure your network against user errors. I have even considered the possibility that an operating system without a network interface can be completely secure, but even this cannot be guaranteed. Unknown viruses or trojan programs can creep in with applications on CDs or floppies. This has been known to happen. Although an attacker may not be able to get data from the system, they can damage or destroy data.
The fact that complete security is impossible is the reason security experts recommend "layered security". The idea is to have multiple ways of preventing an intrusion to decrease the chance that intrusions will be successful. For example, you should have virus protection on your client computers. To help layer this security you should also filter viruses at your email server. To help even more, you should block the most dangerous types of email attachments to prevent unrecognized viruses and other hostile software from entering your network. Another good defense layer would also include educating your users about viruses, how they spread, and how to avoid them.
There are many documents that attempt to define the term hacker. I believe that the term hacker is a connotative term. This means that it is more defined by people's beliefs rather than by a dictionary. Some believe that a hacker is a very skilled computer person. Others believe that hackers are those that perform unauthorized break ins to computer systems. The media and many sources have caused many uninformed people to believe that a hacker is a threat to computer and network security while this is not the case. A hacker is no more likely to break the law than anyone else. I use the more accurate descriptive term, "intruder" to describe those who intrude into networks or systems without authorization.
This guide will not talk about physical computer security beyond this paragraph. Your organization should be aware how physically secure every aspect of its network is because if an intruder gets physical access, they can get your data. Be sure the your organization properly secures locations and consider the following:
- Servers - Contain your data and information about how to access that data.
- Workstations - Man contain some sensitive data and can be used to attack other computers.
- Routers, switches, bridges, hubs and any other network equipment may be used as an access point to your network.
- Network wiring and media and where they pass through may be used to access your network or place a wireless access point to your network.
- External media which may be used between organizational sites or to other sites the organization does business with.
- Locations of staff who may have information that a hostile party can use.
- Some employees may take data home or may take laptops home or use laptops on the internet from home then bring them to work. Any information on these laptops should be considered to be at risk and these laptops should be secure according to proper policy when connected externally on the network (more on this later).
This paragaph describes some commonly used computer security terms.
- Protocol - Well defined specification allowing computer communication.
- Confidentiality - Information is available only to people with rightful access.
- Integrity - Information can only be changed by authorized personnel. Integrity - The receiver of the message should be able to tell the message was not modified. Requires key exchange.
- Availability - Information is available to only those who need it.
- Verification - nonrepudiation - There is proof that the sender sent the message
- Authentification - The receiver of the message should be able to be sure of the origin of the message. Requires a digital signature (One way hash, public key algorithm, and symmetric algorithm) or a public key algorithm.
- Spyware - A computer program whose purpose is to spy on your internet activities usually for marketing purposes and usually done by a shady corporate entity.
- Malware - A computer program with some evil intent. It may on the surface have a good or useful intent, but may be a trojan (with a hidden purpose) which can be used to gain unauthorized access to your computer.