Network Security
...n of how various network-security tool categories can be mapped onto the network information security services. Network Security Services In order to effectively audit and assess the network security needs of an organization, some systematic way of defining the security requirements is needed. In addition, the approaches to be followed in order to satisfy these requirements must be identified. One such approach is to consider the network security services. The concept `network security' does not only cover the safeguarding of electronic data in transit. It also involves the safeguarding of any information or data transmitted over a network. For any organization, the network security objective is achieved with the incorporation of the following services: Identification and authentication (Access control): Ensuring that the origin of information can be correctly identified over a network, with the necessary assurance that the identity is not false. Authorization: Making information available over a network only to those who have a right to access it. Confidentiality: Making sure that information sent across a network can only be accessed/opened by those for whom the information is intended. Integrity: Ensuring that information be protected against unauthorized modification whilst in transit. Availability: Ensuring that information be made available and accessible over a network if and when required. Non-repudiation: Ensuring that neither the sender nor the receiver of the information is able to deny the transmission over the network. What, then, is a service? A service enhances the security of networks and information systems. There is, however, still another revolutionary service that originates as a result of modern networks and state-of-the-art network security referred to as `network security health checking'. Health checking: Ensuring that security-enabling technologies, such as firewalls and security software, are frequently checked for their competence by means of network-monitoring and security-auditing and assessment tools. These tools use certain health-checking techniques that probe the network or try to penetrate the network's current security-enabling technologies and services by compromising the network security in an ethical manner in a bid to identify weak spots in the network's security structure. If such weak spots could be identified by means of health checking, it is reported to the responsible people and/or processes in order to `patch' or correct the security weak spot. Health checking relates closely to ethical hacking. The difference between ethical hacking and health checking, however, is that ethical hacking is a manual process supported by tools that is carried out by an ethical hacker, which is a person that is normally hired to audit and assess the state of security in an organization. Ethical hacking, thus, is a subset of health checking. Health checking does not only include the tasks of an ethical hacker, but it also includes automatic processes to audit and assess network security at appropriate time intervals. Therefore it is important to realize that health checking has become an integral part of network security management and is a part of the day-to-day operational network activities. It is for this reason that health checking is identified as a service, particularly in the field of network security. These are the services identified to audit and assess network security. Now that the security services have been identified, how and where do they fit into the network security framework? Hackers can attack these services, but how do they go about it doing so? What tools can be used as countermeasures to minimize the onslaughts of hackers? The answers to these questions will be answered in the next two sections. Hacking Hackers do not always have privy to exceptional digital tools in order to break into important systems. They often target the workforce in the hope to find gullible employees. Untrained employees do not realize that they could become targets for hackers just because of the data to which they have access. Some of the ways in which these hackers go about hacking are as follows: They look for weaknesses in security policies. They look for signs of slack physical security, for example, switching network cables in a hub that has not been physically locked by a network administrator. They launch advanced network-analysis tools (for example, SATAN (Security Analysis Tool for Analyzing Networks)) on the network in an attempt to intercept the passwords that would enable them to gain access to private sections of networks. Training employees against the onslaughts of hackers often takes up too much time and effort. An organization could have the most extensive and well-defined network security policy, but if it is not followed or implemented, it means nothing! Network security policies can often be huge documents ¨C¨C very few employees actually read them. There is no guarantee that all employees in an organization read and practice their network security policy. One approach that proved to be a relatively successful solution the past few years around this problem, is the use of anti-hacking tools. These tools provide many ways that network administrators can use to prevent hackers from gaining unauthorized access to an organization's network and resources. Examples of such tools are briefly discussed in the following section. Hacking and Anti-Hacking Tools Hackers use various kinds of tools to infiltrate organizations' networks and data. The realm of such tools involves the exploitation of weak spots and `backdoors' in network-security systems. In addition, the realm of such tools has become two-fold. Hackers use such tools to infiltrate a network in an unethical manner while network security administrators use such tools ethically to try and hack into their own networks to identify weak spots in the network security structure. In some cases, however, some of the tools tend to be used more specifically by either the hackers or the network security administrators. Hacking and anti-hacking tools can be categorized into network monitoring, sniffing, network analysis, scanning, anti-scanning and password cracking applications. Examples of such applications for each category will be discussed later in this section. The various categories of these hacking and anti-hacking tools are placed into perspective in Figure 1. There are many such applications available on the Internet. Figure 1. Specifying categories for network security tools and their usage frequency. Figure 1 illustrates two concepts. It divides hacking and anti-hacking tools into various categories as already mentioned. Each of these categories will be discussed in the following paragraphs. Figure 1 also gives an indication on the usage of the various categories of tools by hackers, users and network security administrators. The next few sections will elaborate on specific hacking and anti-hacking tools found in the five tool categories listed in Figure 1. The reason why these specific tools were chosen as examples arises from the fact that most of these tools are widely available on the Internet either on a free trial basis for a certain period or as public domain software. The number of such tools that can be found on the Internet is, in fact, plentiful. Another reason why these specific tools are discussed was encouraged by their popularity under most network security administrators. Monitoring and intrusion detection tools Network monitoring can also be referred to as network intrusion detection. To monitor a network means to use certain tools to watch and capture the status of the network. Intrusion detection, in the same sense, means to monitor the network to find out when some irregularities in the network behaviour are occurring. Network monitoring tools are often combined with network scanning. Examples of network monitoring/intrusion detection tools are: RealSecure Internet Security Scanner (ISS): ISS is an automated, real-time intrusion detection and response system which unobtrusively analyzes activity in two-fold, namely across networks and computer systems. When monitoring networks, ISS monitors traffic on the LAN that ISS resides on as well as the traffic designated for the computer that ISS resides on. In addition, it provides the earliest possible warning of unauthorized activity here and can often terminate the attack before damage is done. When monitoring computer systems, ISS provides a complementary view of unauthorized activity by monitoring data that resides on the computer. In this way ISS can tell you whether an intrusion was successful and can provide some indication of intruder activity on the specific computer. ISS is also a scanner tool (refer to network scanner tools). NTManage: NTManage is a Microsoft Windows NT management tool that can, amongst other NT management tasks, monitor TCP/IP-based services for hacker activity. Sniffer tools Network sniffing tools are used to intercept network traffic (TCP/IP packets) to retrieve either the content (for example a password) of a TCP/IP packet or information about the TCP/IP packet that may benefit a hacker. Examples are: Sniffer Pro (Windows NT/98/95-based). Fergie (DOS-based). Gobbler (DOS-based). NetXray (Windows NT-based). Analysis tools Network analysis tools are used to perform network security assessment and auditing tasks. In doing so, they enable the network security administrator to identify weak spots, `back doors' and other network security vulnerabilities. Examples of such tools are: Kane Security Analyst (Windows NT-based): Some of the most common tasks that the Kane Security Analyst performs are to assess password strength on a Windows NT machine. In addition, it gives and assesses account policy information about every Windows NT machine on the network. It also has a very good reporting facility. SAFEsuite: SAFEsuite is a network assessment tool that helps to close the security gap between security policy and security practice by providing the necessary visibility into network security vulnerabilities. Scanning and probing tools Network scanning tool...