Network and Computer Security Tutorial Version 0.4.0 April 16, 2001

Background


This computer security tutorial is written based on my experiences with computer and network security along with my training and information I have read. The field of security is constantly changing so I cannot guarantee that information in this computer security tutorial will be current. This computer security tutorial will define some basic security issues and give insight into what causes security to be a constant issue. This computer security tutorial will help you decide what to protect and provide some basic information about attacks that may be made against your network, computer systems, or data. It will also provide computer and network security recommendations for you or your organization. Although much useful information can be derived from this document without the reader having networking knowledge, to use this document in depth, I recommend that readers of this computer security tutorial have a fundamental knowledge about networking. The information contained in The CTDP Networking Guide contains the networking documentation required to understand this computer security tutorial.

Introduction

In this computer security tutorial, the terms computer security and network security will be used often. When the term computer security is used, it specifically refers to the security of one computer, although the overall security of each individual computer is required for network security. When the term network security is used, it refers to the security of the network in general. This includes such issues as password security, network sniffing, intrusion detection, firewalls, network structure and so forth.

Security Violation Definition

Computer or network security has been violated when unauthorized access by any party occurs.

Why Security?

Computer security is required because most organizations can be damaged by hostile software or intruders. There may be several forms of damage which are obviously interrelated. These include:

  • Damage or destruction of computer systems.
  • Damage or destruction of internal data.
  • Loss of sensitive information to hostile parties.
  • Use of sensitive information to steal items of monitary value.
  • Use of sensitive information against the organization's customers which may result in legal action by customers against the organization and loss of customers.
  • Damage to the reputation of an organization.
  • Monitary damage due to loss of sensitive information, destruction of data, hostile use of sensitie data, or damage to the organization's reputation.

The methods used to accomplish these unscrupulous objectives are many and varied depending on the circumstances. This guide will help administrators understand some of these methods and explain some countermeasures.

Security Issues

Computer security can be very complex and may be very confusing to many people. It can even be a controversial subject. Network administrators like to believe that their network is secure and those who break into networks may like to believe that they can break into any network. I believe that overconfidence plays an important role in allowing networks to be intruded upon. There are many fallacies that network administrators may fall victim to. These fallacies may allow administrators to wrongfully believe that their network is more secure than it really is.

This guide will attempt to clarify many issues related to security by doing the following:

Security Interdependence

There are many different aspects to computer and network security as you will read in this document. These different areas of computer security are interdependent on each other in order for a network to be secure. If one or more areas of computer security are ignored, then the entire security integrity of the organization's network may be compromised. A clear example of this is in the area of computer virus or worm protection. Computer virus protection programs can only filter known viruses or worms. There are viruses or worms that are not yet recognized as virus programs immediately after their release. The best way to make unrecognized virus or worm programs less effective is by quickly removing the vulneribilities that they use. Some of these vulnerabilities are operating system and application program errors. When security patches are created for software, they should be quickly applied. In this way the vulnerabilty to viruses is minimized but not eliminated. There are other steps which may further reduce this vulnerability, but it can never be completely eliminated.

Security Limitations and Applications

If you are reading this document and are thinking that you can get all the information required to make your network completely secure, then you are sadly mistaken. In many ways, computer security is almost a statistical game. You can reduce but not eliminate the chance that you may be penetrated by an intruder or virus. This is mainly for one reason.

No one can ever know all the software vulnerabilities of all software used on a system.

This is why even those who consider themselves hackers will say that the number one computer security threat is the lack of quality in the applications and operating systems. At this point, I could talk about the various corporate entities that write software and why software lacks the quality that many of us believe that it should possess, but that subject is not only way beyond the scope of this document, but also way beyond the scope of this project.

The bottom line here is that unless you can remove all the application and operating system problems that allow viruses and intruders to penetrate networks, you can never secure your network. Additionally the users on your network are potentially a greater security risk than any programs. Obviously removing all vulnerabilities is impossible and will not secure your network against user errors. I have even considered the possibility that an operating system without a network interface can be completely secure, but even this cannot be guaranteed. Unknown viruses or trojan programs can creep in with applications on CDs or floppies. This has been known to happen. Although an attacker may not be able to get data from the system, they can damage or destroy data.

Layered Security

The fact that complete security is impossible is the reason security experts recommend "layered security". The idea is to have multiple ways of preventing an intrusion to decrease the chance that intrusions will be successful. For example, you should have virus protection on your client computers. To help layer this security you should also filter viruses at your email server. To help even more, you should block the most dangerous types of email attachments to prevent unrecognized viruses and other hostile software from entering your network. Another good defense layer would also include educating your users about viruses, how they spread, and how to avoid them.

Hackers

There are many documents that attempt to define the term hacker. I believe that the term hacker is a connotative term. This means that it is more defined by people's beliefs rather than by a dictionary. Some believe that a hacker is a very skilled computer person. Others believe that hackers are those that perform unauthorized break ins to computer systems. The media and many sources have caused many uninformed people to believe that a hacker is a threat to computer and network security while this is not the case. A hacker is no more likely to break the law than anyone else. I use the more accurate descriptive term, "intruder" to describe those who intrude into networks or systems without authorization.

Physical Security

This guide will not talk about physical computer security beyond this paragraph. Your organization should be aware how physically secure every aspect of its network is because if an intruder gets physical access, they can get your data. Be sure the your organization properly secures locations and consider the following:

Some Terms

This paragaph describes some commonly used computer security terms.