Security+ Certification Training Kit (Pro-Certification)

Lesson 3: Intrusion Points

Intrusion points are areas that provide an access point to your company's information. Some of these are obvious, but others are not. For instance, you might realize that you need to install a firewall to protect the internal network and computers from hackers, but if a hacker took a temporary job at your company, the firewall would be of little use. When identifying intrusion points, you must consider internal threats as well as external threats. Some internal and external access points are as follows:

• Internal access points

  • Systems that are not in a secured room

  • Systems that do not have any local security configured

• External access points

  • Network components that connect your company to the Internet

  • Applications that are used to communicate across the Internet

  • Communications protocols

After this lesson, you will be able to

• Identify intrusion points to your network infrastructure

• Understand how Internet-based applications threaten your C-I-A triad

• Understand how communications protocols can threaten your C-I-A triad

Estimated lesson time: 15 minutes

Network Infrastructure

Your network infrastructure is all of the wiring, networking devices, and networking services that provide connectivity between the computers in a network. The network infrastructure also provides a way to connect to the Internet, allows people on the Internet to connect to your network, and provides people who work remotely with methods to connect to your network.

Intrusion points provide a place for someone to penetrate your network communications and gain access to the information you have stored on your computers. Examples of how an intruder might exploit the network infrastructure include the following:

• An external intruder would attack your connection to the Internet using an attack method, such as a DoS attack, or attempting a user name and password that allows them to authenticate.

• An internal intruder might connect to an open network jack and attempt to gain access to a server with shared resources that do not require a password.

Applications Used on the Internet

Almost anyone who has a computer connects to the Internet to visit Web sites, check e-mail, and send instant messages to friends. It is also becoming more common to check credit card accounts and bank accounts across the Internet.

Each of these tasks is accomplished using an application running on your computer that allows you to interact with other computers on the Internet. There is a risk associated with providing this additional functionality. Some of the ways an intruder could exploit the applications for less-than-altruistic reasons include the following:

• An external intruder might place a virus or worm in an e-mail message and send the message to a user on your internal network. When opened, a virus might infect the system or provide the intruder with a way to control the system the e-mail was opened on.

• An internal intruder might use native operating system utilities to connect to other systems on your internal network that do not require a user name or password to gain access. They might also use an application such as a Web browser to access confidential information with limited access security.

Communications Protocols

TCP/IP is the protocol suite used for communications on the Internet. Some attacks work by modifying the structure of the IP packet, but many successful intrusions occur at higher levels in the TCP/IP stack. For instance, an intruder can exploit a Web server using the Hypertext Transfer Protocol (HTTP). Communications protocols provide a common set of rules that computers use when communicating with each other. Some protocols offer no security, whereas others provide varying degrees of security. Intruders use their knowledge of communications protocols to compromise your C-I-A triad. The following are two examples:

• An external intruder might attack your company's presence on the Internet by using a DoS attack to disable your Web server. This would cause the information to be inaccessible to your customers.

• An internal intruder might disable an e-mail server by causing a flood of e-mail messages to be sent. This would disable the e-mail server so users could not retrieve their e-mail.

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson and then try the question again. Answers to the questions can be found in Appendix A, "Questions and Answers."

1. Your company has a high-speed Internet connection that can be used to access the Internet and allows people on the Internet to access your company's Web site. Each user also has a modem that he or she can use for Internet access in case the high-speed connection fails. Users can select the Web browser they want to use and are allowed to manage their own computers. Which of the following are intrusion points for the hacker?

   1. The high-speed connection

   2. The Web browser on each of the client's computers

   3. The modem that each user has

   4. The Web server for your company's Web site

2. When accessing Web sites, an intruder might exploit a Web server using the HTTP protocol. (True or False?)

3. It is always better to have several access points to the Internet so that if a hacker takes one down your company still has access. (True or False?)

Lesson Summary

• Intrusion points are places where your company's information is accessed. Examples of these include the following:

  • Places in your network infrastructure that can be accessed internally or externally

  • Applications that interoperate with other applications remotely, especially on the Internet, such as a Web browser or mail application

  • Communications protocols that are used for communications across the Internet

• External access points connect your company's systems and network to the Internet or provide access to your company's information from external locations. For instance, if your company has a Web server accessed from the Internet, it is an external access point.

• Internal access points provide access to your company's information from internal sources. For instance, a server on your network that does not require a user name or password to access information is considered an internal access point.