After completing this chapter, you will be able to perform the following
• Understand network security
• Understand VPN technologies
• Use the Cisco Security Wheel
• Understand the basics of the IPSec protocol framework
This opening chapter provides an overview of network security and looks at the Cisco Architecture for Voice, Video, and Integrated Data (AVVID) and the SAFE blueprint. It also covers the IP Security (IPSec) framework and identifies the main encryption and algorithm protocols. Then it looks at how IPSec works before finishing with the five steps of IPSec operation. These five steps are very important to remember and also are very useful for implementing and troubleshooting any IPSec-based virtual private network (VPN), whether firewall-, router-, or VPN
Network Security Overview
Network security is essential because the Internet is a network of interconnected networks without a boundary. Because of this fact, the organizational network becomes accessible from and vulnerable to any other computer in the world. As companies become Internet businesses, new threats arise because people no longer require physical access to a company's computer assets: They can access everything over the public
In a recent survey conducted by the Computer Security Institute (CSI, http://www.gocsi.com), 70 percent of the organizations polled stated that their network security defenses had been breached and that 60 percent of the incidents came from within the organizations themselves.
Network security faces four primary threats:
• Unstructured threats
• Structured threats
• External threats
• Internal threats
Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools from the Internet. Some of the people in this category are motivated by malicious intent, but most are motivated by the intellectual challenge and are commonly called script kiddies. They are not the most talented or experienced hackers, but they have the motivation, which is all that
Structured threats come from hackers who are more highly motivated and technically competent. They usually understand network system designs and vulnerabilities, and they can understand as well as create hacking scripts to penetrate those network
External threats are individuals or organizations working outside your company who do not have authorized access to your computer systems or network. They work their way into a network mainly from the Internet or dialup access
Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the wire. They are typically disgruntled former or current employees or contractors.
The three types of network attacks are
• Reconnaissance attacks
• Access attacks
• Denial of service (DoS) attacks
Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also called information gathering. In most cases, it precedes an actual access or DoS attack. The malicious intruder typically ping-sweeps the target network first to determine what IP addresses are alive. After this is accomplished, the intruder determines what services or ports are active on the live IP addresses. From this information, the intruder queries the ports to determine the application type and version as well as the type and version of the operating system running on the target
Reconnaissance is somewhat analogous to a thief scoping out a neighborhood for vulnerable homes he can break into, such as an unoccupied residence, an easy-to-open door or window, and so on. In many cases, an intruder goes as far as "rattling the door handle"—not to go in immediately if it is open, but to discover vulnerable services he can exploit later when there is less likelihood that anyone is
Access is an all-encompassing term that refers to unauthorized data manipulation, system access, or privilege escalation. Unauthorized data retrieval is simply reading, writing, copying, or moving files that are not intended to be accessible to the intruder. Sometimes this is as easy as finding shared folders in Windows 9x or NT, or NFS exported directories in UNIX systems with read or read-write access to everyone. The intruder has no problem getting to the files. More often than not, the easily accessible information is highly confidential and completely unprotected from prying eyes, especially if the attacker is already an internal
System access is an intruder's ability to gain access to a machine that he is not allowed access to (such as when the intruder does not have an account or password). Entering or accessing systems that you don't have access to usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being
Another form of access attacks involves privilege escalation. This is done by legitimate users who have a lower level of access privileges or intruders who have gained lower-privileged access. The intent is to get information or execute procedures that are unauthorized at the user's current level of access. In many cases this involves gaining root access in a UNIX system to install a sniffer to record network traffic, such as usernames and passwords, that can be used to access another
In some cases, intruders only want to gain access, not steal information—especially when the motive is intellectual challenge, curiosity, or
DoS is when an attacker disables or corrupts networks, systems, or services with the intent to deny the service to intended users. It usually involves either crashing the system or slowing it down to the point where it is unusable. But DoS can also be as simple as wiping out or corrupting information necessary for business. In most cases, performing the attack simply involves running a hack, script, or tool. The attacker does not need prior access to the target, because usually all that is required is a way to get to it. For these reasons and because of the great damaging potential, DoS attacks are the most feared—especially by e-commerce website operators
The need for VPNs
The introduction of a VPN into your corporate network infrastructure can provide many
• Reduced costs—Businesses vastly reduce their costs by using the Internet to provide the site-to-site and remote-access infrastructure. Before VPNs, businesses connected using expensive leased lines and telephone systems.
• Improved communications—With a VPN, remote-access and home-based users can connect to the central office network from anywhere at any time.
• Flexibility and scalability—The introduction of a VPN simplifies and centralizes network administration. The VPN infrastructure can be easily adapted to the company's changing needs, both now and in the future.
• Security and reliability—Security is inherent within a VPN, provided through tunneling protocols and encryption software. The reduced number of entry points and the inherent resilience of the Internet mean that the solution is considerably more reliable.
• Wireless networking—VPN technology is increasingly combined with wireless connectivity to ensure complete privacy of the data transmitted in environments where data privacy is mandated, such as financial institutions. This ensures that an organization is not vulnerable to inherently weak standard wireless security
It is important to note that VPNs can also bring you increased business benefits. They let you develop trust relationships with your suppliers and partners and give your employees round-the-clock access to vital information. Any intranets and extranets that are developed can promote knowledge sharing among partners and employees, and the ease with which information can be accessed and communicated can boost employee morale. These types of benefits cannot be easily measured but can add real value to how you do business and ultimately have a positive impact on turnover and
Implementing a VPN can bring you the benefits outlined here and are a cost-effective, flexible, secure method of managing your digital communications. However, it is important that you work with a partner who ensures that the technology is implemented effectively and forms part of a competent security infrastructure. Many organizations undermine their technical investments, because a lack of detailed knowledge during implementation can leave gaps in security infrastructures that can be exploited and give open access to business-critical information