GeeWiz.com just released a patented remote process watchdog tool that allows you to govern the processes running on any server in your network. Should you find an excuse to buy it?

Not right away. In addition to operational and financial questions, you must determine how this technology complements your current design. Buying security technology in an ad-hoc fashion does not build good systems; focus instead on building predictable systems.

You recently joined a company that uses an IPsec remote access product to allow employees who work from home and on the road to access the campus network. Because the product uses encryption and a one-time-password (OTP) authentication scheme (see Chapter 3) to validate each user's identity at logon, the company feels confident in its design. Should it be?

Although the company has addressed the important issue of providing confidentiality in communications over public infrastructure, it might be ignoring threats that could be unaffected by this technology. Think about the axiom that confidentiality is not security, and make sure considerations about misuse, availability, and integrity are part of the planning process.

Every day you receive nearly a dozen requests to modify the configuration of your firewall to open and close services based on some department's or team's new online requirement. You are concerned that this process is going to lead to disaster someday soon. What should you do?

Although you remember that business priorities come first, it is equally important that feedback must flow from the security team back to corporate planning. It is likely that those making the decisions to conduct business in this fashion do not understand the risk inherent in such an approach.

Your boss returns from a security convention and advises you that it is a good security practice to run all internal web servers on port TCP 8080 rather than TCP 80 to help secure access to them. How do you respond?

Although "Yes, sir" is sometimes a necessary response, a better one is to suggest that security through obscurity is not overly valuable, especially when the effects will have an impact on every employee in the company on a day-to-day basis. It is not overly difficult for an attacker to learn the ports actually usedit's certainly much less effort than that required to maintain such an obscure environment.

Why isn't requiring user authentication for remote access to a network an axiom?

Axioms apply to all areas of the network design and are pervasive in their applicability. This authentication requirement is really a design consideration that is important to keep in mind when focusing on the specific area of remote access.

Should you care about the security implemented by your service provider?

Absolutely. Security is a system, and your networks are directly connected to others that you do not control. How your neighbors have constructed their security systems has a direct effect on the types of attacks you must plan to address. It also affects the reliability of some of the information you collect. For example, some providers guarantee IP spoof mitigation in their private clouds, which means you have a level of assurance as to the source environment from which malicious packets may be coming. Other providers implement various distributed denial of service (DDoS) detection and mitigation techniques within their cloud, and this is important to be aware of because you cannot control the traffic that enters your WAN link from the other end.

Consider two identical hosts connected to the network. Decide which one is better protected and why, based on the list of protections installed between the attacker and the host:

Attacker > Filtering Router > Firewall > Personal Firewall > Host 1

Attacker > Firewall > Host IDS > Host 2

Because network security is a system, host 2 is better protected because, even though there are only two technologies protecting it, these technologies work in different ways (HIDS and firewall; see Chapter 3 for more information). This makes the protection provided somewhat additive, whereas even though you have three protection technologies for host 1, they are all firewall based; thus, if one is circumvented (such as with an application-layer attack, which most firewalls don't see), the attack will likely get through all three firewalls.

After reading the axioms, what do you think is the principal obstacle to deploying network security as an integral component throughout the network?

Often the organizational challenges pose the most problems. Making two groups responsible for different aspects of the same device's configuration can be very problematic. Strategies to deal with this issue are discussed throughout the rest of the book.

In the section on the axiom "Everything is a target," you saw the various ways in which a web server could be compromised. Now run through the exercise yourself and list the potential methods an attacker could use to gain access to your internal LAN.

Many potential attack vectors exist, including the following:

• Gain physical access to the building and connect to an unused port posing as a legitimate employee.
• Gain physical access to the building and install a WLAN AP in an unused port, then leave the building and attack over the air.
• War dial to find an insecure modem at an employee's desk that can provide access to the LAN.
• E-mail employees a Trojan application, which opens a connection to your attack machine and provides remote control.
• Attack remote WLAN teleworker connections and utilize their VPN connection to gain local access.
• Port scan the address range of the internal network (or its NAT equivalent) to learn hosts that might be open to attack.
• Compromise a perimeter system and then exploit the trust that system has with the internal network to gain access.

In the section on the axiom "Everything is a weapon," you saw how a DHCP server could be used as a weapon on the network. What are the potential attacks that could be launched against your company if your Internet edge router is compromised?

Many potential attack vectors exist, including the following:

• Cause traffic destined for key servers on the Internet to be directed to the attacker's machine by using NAT.
• Take advantage of the network diagnosis tools on a router to learn more about the traffic types going through the router to probe for potential weaknesses.
• Cause intermittent connectivity problems to certain servers in the hopes that the administrator will open up the firewall policy in an effort to troubleshoot the problem.
• Inject false routing information into your ISP to attempt to disrupt the ISP's routing tables.
• Change the passwords on the device and shut down the internal interfaces, causing the administrator to go through password recovery. During the process, no Internet connectivity is available.

How can the axiom "Strive for operational simplicity" be applied when securing individual user workstations?

First, it is important to involve the user as little as possible with any security component. As an example, personal firewalls that constantly prompt the user to make a decision, or that notify users of potential attacks, could dramatically increase your help desk calls, lead to users disabling the firewall to stop the annoying messages, or train the user to simply click OK at every popup message. The security you put on each user PC should be consistent and obvious in its application in the overall security system. Knowing the value that antivirus and personal firewalls provides keeps the security predictable.