Upgrading and Repairing Networks (5th Edition)

SOME OF THE MAIN TOPICS IN THIS CHAPTER ARE

You've Been Targeted! 853

Computer Viruses, Trojan Horses, and Other Destructive Programs 854

Your Network Under FireCommon Attacks 857

Network Probes 864

Spoofing and Impersonation 864

If It's Too Good to Be True, It Isn't 865

Preventative Measures 865

Staying on Top of Security Issues 869

When all you have to worry about are the computers attached to your local LAN and users you know personally, it's easy to implement security policies and keep the network virtually safe from things such as viruses or other malicious programs. A properly trained user base, along with security guidelines that allow only outside programs approved for use on the network, can go a long way toward keeping a LAN safe. Of course, it still pays to regularly use an up-to-date virus-scanning program to be absolutely sure that you've cleaned up your network.

When you connect to the Internet, however, there are so many different ways that your network can be compromisedeven when using a very well-secured firewall. At a company that this author consults for, a recent virus attack required over 500 man-hours to resolve. And, all of this was done in less than 24 hours by a dedicated team of network professionals. When you consider the number of personnel involved, you can get an idea of the reason why you should take proactive measures as best you can. Yet, in an enterprise network, you should have a staff that can handle such an attack. The only way to ensure that you can take care of this type of situation is not just to hire the most competent persons, but also to set aside some of your budget for ongoing training. Things change; things change even faster on the Internet.

Note

The SQL Slammer worm of January 2003 was illustrative of how fast things change on the Internet. This worm, capable of infecting the entire Internet within 15 minutes, has been called the Internet's first "Warhol" worm, in reference to the popular Andy Warhol quote, "In the future, everyone will be famous for 15 minutes." By most estimates, the SQL Slammer worm infected over 90% of vulnerable systems within 10 minutes of its first detection. Infected systems doubled every 8.5 seconds, and after only 3 minutes in the wild, the virus was scanning 55 million addresses per second looking for vulnerable machines.

Because of this, and other factors you will learn about in this chapter, it's best to learn about the most recent kinds of attacks and then locate resources to help you stay aware of the latest news. One of the most common misconceptions about firewalls is that they offer complete protection. However, studies bear out the following facts:

• Staying on top of the latest developments in enterprise networking, the Internet, and even a SOHO network can be difficult at times. Part of the misconception may stem from the fact that the term firewall has become somewhat of a buzzword, implying that if some type of firewall is in place then all is well. A firewall is not a single technology. Instead, all but the simplest SOHO firewalls are a combination of technologies, some of which are constantly upgraded (such as those that filter specific Web sites or content). Many high-end firewalls must be updated regularly, as new protocol or application loopholes, worms, and viruses are discovered. In a small company, a firewall is a good idea but it is not a panacea. In both SOHO and large networks, a firewall is not a total solution for keeping out viruses. Thus, in addition to a firewall, you should always use a good antivirus program, and keep it up-to-date. In a large company with a staff of technicians maintaining a firewall, you can still never be sure that you are completely safe from intrusions. Be sure to keep in mind the following points concerning firewalls as well.

• A firewall can't protect you from your own internal users. Fired or laid off anyone lately? Do you have an employee who was dissatisfied with his last performance review? Do you have an employee or employees who are not trained on a regular basis about computer security (and by that I mean more than once a year)? You might think that just programmers can open back doors to your network. Yet, perhaps the easiest way into a network is called social engineeringjust try calling up a user and telling him that you are from the help desk and need to use his password to download a software update. You'd be surprised. Or, maybe you wouldn't.

• Many firewalls are difficult to manage. You can never be sure whether you've done all you need to do to block malicious traffic at the perimeter of your network. In an enterprise network, you should consider devoting at least one or more personnel exclusively to maintaining and managing a firewall. For a SOHO network, don't take for granted a software firewall, much less a cable/DSL router that uses NAT. Email attachments, for example, can defeat a firewall easily. For these types of intrusions, use a good antivirus software (as stated previously) that examines emails as well as files on your computers' disk drives. And be sure to use the update software to continuously stay on top of new virus definitions.

Consider a firewall to be only the first line of defense, not the only defense you put up for your network.

This chapter looks at some of the typical problems that can be introduced into your network from the Internet and then at resources you can use to further educate yourself on these topics.