This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Understand how a network security model was designed and implemented using routers and firewall and the network security weakness in router and firewall network devices. Indentify the type of threats and responses to overcome those threats, and the method to prevent the attacks and hackers to access the network.
Also the evaluating on a network whether it is adhering to best practices in network security and data confidentiality. The main objective will be the protection of the network from vulnerabilities, threats, attacks, configuration weaknesses and security policy weaknesses.
Security of the internet and LAN (local area network) is now a computer network related issue, since the evolution in networking, distributed system and internet, the threat in network security also rise dramatically. The internet nowadays grows exponentially and become more common and the government, national defense, business, entertainment, financial critical applications become more prevalent on the internet.
However the network-based application and services pose a potential security risk to both the individual and the information and data resource of companies and government. In the aspect of information security and data integrity, information is an asset that must be protected against all cost. Without proper and adequate protection, there is a risk of losing that asset.
The goal of network security is to provide protection, protect confidentiality, maintain integrity, and assure availability. With this goal network security emphasize that all networks must be protected from threat and vulnerabilities in order for a networks to achieve its fullest potential.
Usually the threats to network security are persistent due to vulnerabilities, miss-configured hardware or software, inherent technology weakness, end-user carelessness and much more. For example is the router. A router contains services that are enabled by default and these services are unnecessary and maybe put into used by hacker with certain purpose such as information gathering, or exploitation. With the careful management of router and firewall operations, we not only be able to reduce network downtime and improve security, but also prevent the attacks and hackers, network threats decrease, and aid in the analysis of suspected security breaches.
Network Security and Protection
With the progress and grow of network nowadays, finding the balance between the isolated and open internet application will be critical. With the growth in numbers of LANs and personal computer the internet now is creating untold number of security problem and risks. Hence Firewall which enforce access control policy between two or multi numbers of networks is introduced.
In information security, network security act as the most vital component because of its responsible for secure and protect all information that are being passed through networked computers. Network security include all hardware and software functions, characteristics, features, operational procedures, accountability measures, access controls, administrative and management policy required to provide an acceptable level of protection for hardware, software, and information in a network.
In order to be successful in the prevention of information loss and data leakage, there are 3 fundamental precepts.
A secure network must possess the integrity that the information and data stored there is always correct and protected against corruption and leakage.
A network must be able to provide confidentiality and the ability to share and distribute info and data on the network to those who are intended to receive the info.
The network security must acquire the availability of information to its necessary recipients at the predetermined times without exception.
The Real-world security includes prevention, detection, and response, without detection and response, the prevention mechanisms only have limited value. Detection and response not only more cost effective but also more effective than prevention. On the Internet, this translates to monitoring of network. There many preventative techniques to properly secure network against threats.
The first method is to address the actual physical layer of the network to assure that it is properly equipped. Additionally, firewalls and encryption should be incorporated into a network to heighten its security. Proper authentication is an integral part of the administrative step in securing a network. Firewalls are yet another measure used in increasing the level of security in a network. A firewall is in essence a portal through which information enters and exits.
Three of the major types of firewalls :
Although it is not the best available firewall, a positive step in increasing network security is the use of packetfiltering routers. A packet filtering router enables the network to determine which connections can pass through the router into the local area network and vice versa. The application level gateway is designed specifically as a firewall that authenticates the user for the individual applications. Its main function is to identify and validate the user and provide access to specific applications depending on which one the user is requesting.
Finally, a circuit-level gateway performs all of the packet-filtering that a router does. The primary enhancement is the use of identification and authentication before an insider can gain access to your in-house network.
Weaknesses, Threats and Attacks on Router
Three common terms are used when discussing network security are vulnerability, threat and attack. Vulnerability is a weakness that is inherent in almost every network and devices. There are three primary vulnerabilities or weakness, which are technology weakness, configuration weakness and security policy weakness.
Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol weaknesses, operating system weaknesses, and network equipment weaknesses.
Some common configuration weaknesses are listed in Common Configuration Weakness table.
Security Policy Weaknesses
Security policy weaknesses can create unforeseen security threats. The network may pose security risks to the network if users do not follow the security policy.
Some common Security Policy Weaknesses are listed in table 2.
Threats occur when there are people that are eager, willing, and qualified to take advantage of each security weakness, and they continually search for new exploits and weaknesses. Finally, the threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices.
There are two primary classes of threats to network security :
Internal threats are a major source of strain on the level of security attained by that network. These threats generally stem from either disgruntled or unethical employees.
External threats generally referred to as hackers, can be equally and sometimes more dangerous than internal threats.
To obtain entry into a network or to obtain sensitive information, hackers must use some tools in order to do so. Some examples of hacking tools are as below.
Password sniffers actually work with the execution of a packet sniffer that monitors traffic on a network passing through the machine on which the sniffer resides. The sniffer acquires the password and log-on name used when the source machine attempts to connect to other machines and saves this information in a separate file later obtained by the hacker.
IP spoofing involves the capturing of the information in an Information Packet (IP) to obtain the necessary address name of a workstation that has a trusted relationship with yet another workstation. In doing so, a hacker can then act as one of the workstation and use the trusted relationship to gain entry into the other workstation where any number of actions can be performed.
E-Mail is extremely vulnerable and quite susceptible to a number of different attacks.
Regardless of the method, hackers can truly jeopardize a network and do severe damage to the data and systems within. Additional forms of malicious software such as Trojan horses, worms, and logical bombs exist as threats to network security.
The general threats on router or firewall network device :
Denial of service (DoS).
While Attack techniques include:
Simple network management protocol (SNMP) attacks.
IP fragmentation attacks - to bypass filtering,.
Redirect (address) attacks.
Circular redirect - for denial of service.
Action Of Attacks
The session replay attacks use a sequence of packets or application commands that can be recorded, possibly manipulated, and then replayed to cause an unauthorized action or gain access.
Rerouting attacks can include manipulating router updates to cause traffic to flow to unauthorized destinations
Asquerade attacks occur when an attacker manipulates IP packets to falsify IP addresses. Masquerades can be used to gain unauthorized access or to inject bogus data into a network.
Session hijacking attack, this attack may be occur if an attacker can insert falsified IP packets after session establishment via IP spoofing, sequence number prediction and alteration, or other methods.
Land attack, the land attack involves sending a packet to the router with the same IP address in the source and destination address fields, and with the same port number in the source port and destination port fields.
TCP SYN Attack, the TCP SYN attack involves transmitting a volume of connections that cannot be completed at the destination.
Smurf Attack : this attack involves sending a large amount of ICMP echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet. If a router is positioned to forward broadcast requests to other routers on the protected network, then the router should be configured to prevent this forwarding from occurring.
Distributed Denial of Service (DDoS) Attacks, while routers and firewall, cannot prevent DDoS attacks in general, it is usually sound security practice to discourage the activities of specific DDoS agents by adding access list rules that block their particular ports.
Router and Firewall Security Policy
Routers perform many different jobs in modern networks which include forwards traffic between two or more local networks within an organization or enterprise routes. Backbone routers direct the traffic between the different networks that make up the Internet.
Backbone routers are designed and configured to forward traffic, without imposing any restrictions on it. The primary security goals for a backbone router is to ensure that the management and operation of the router are conducted only by authorized parties, and to protect the integrity of the routing information it uses to forward traffic, hence configuring backbone routers is a very specialized task.
The border router forwards traffic between an enterprise and exterior networks. The key aspect of a border router is that it forms part of the boundary between the trusted internal networks of an enterprise, and untrusted external networks.
Security policy is the definition of security function against a network intrusion. Security engine provides security functions of a packet filtering, an authentication, an access control, an intrusion analysis and an audit trail in the kernel region of router.
Router is a key component of the Internet, and an important part of networks that controls a data packet flow in a network and determines an optimal path to reach a destination, and their security is a vital part of the overall security for the networks they serve. An error of the router or an attack against the router can damage an entire network.
Secure router technology has security functions, such as intrusion detection, IPsec and access control, are applied to legacy router for secure networking. Filtering can be a very important function of routers because it allows them to help protect computers and other network components. Modern routers do not only perform relaying functions, but also filtering, separation, encryption and monitoring of data streams.
All these functions potentially affect the availability, integrity, and confidentiality of data connections, thus making routers highly security-critical network components.
A firewall can protect a network from external attacks by examining all packets of a message attempting to pass through the network and rejecting the packets that do not meet the security restrictions but it does not protect the data as it is transmitted from one network to another.
Data transmitted from one network to another via the Internet is susceptible to access at many points between the source and destination.
General security services for routers and firewall
CDP, the Cisco Discovery Protocol - proprietary protocol that Cisco routers use to identify each other on a LAN segment.
TCP and UDP Small Servers - protocol standards include a recommended list of simple services that hosts should provide.
Finger Server, the IOS finger server supports the Unix 'finger' protocol, which is used for querying a host about its logged in users.
HTTP Server, most router and firewall support web-based remote administration using the HTTP protocol.
Bootp Server - Bootp is a datagram protocol that is used by some hosts to load their operating system over the network.
Configuration Auto-Loading, some routers such as Cisco routers and Linksys routers, are capable of loading their startup configuration from local memory or from the network.
IP source routing, source routing is a feature of IP whereby individual packets can specify routes. This feature is used in several kinds of attacks. Cisco routers normally accept and process source routes. Unless a network depends on source routing, it should be disabled on all the net's routers.
Proxy ARP, network hosts use the Address Resolution Protocol (ARP) to translate network addresses into media addresses.
IP Directed Broadcast, directed broadcasts permit a host on one LAN segment to initiate a physical broadcast on a different LAN segment.
IP Unreachable, Redirects, and Mask Replies: the Internet Control Message Protocol (ICMP) supports IP traffic by relaying information about paths, routes, and network conditions.
SNMP Services, the Simple Network Management Protocol (SNMP)
Creating and Implementing a Security Policy.
Below are some setups that ware use in configuration mode for the router and firewall in the network to achieve the best security and to protect against the mentioned types of vulnerabilities, threats and attacks on the network.
The first is to build physical security by creating security policy, considered who is authorized to install, de-install, move both the router and firewall, and to change the physical configuration or physical connections to the router or firewall.
Designates who is authorized to log in to the router remotely (Telnet, SSH) and limits on use of automated remote management and monitoring facilities (e.g. SNMP).
Configure and enable secret password for console, auxiliary port, and VTY ports on each network device. This will prevent unauthorized from access direct to any network devices.
Encrypting all passwords by using service password-encryption command to prevent the attacks and hacker from recovery the secret password.
Set the minimum character length for all routers, firewall passwords. This provides enhanced security access to the router by allowing you to specify a minimum password length.
Controlling the virtual terminal lines (VTYs), any VTY should be configured to accept connections only with the protocols actually needed.
Enabling Transmission Control Protocol (TCP) keep lives on incoming connections, this can help guard against both malicious attacks and orphaned sessions caused by remote system crashes.
Disabling all non-IP-based remote access protocols, and using SSH, SSL, or IP Security (IPSec) encryption for all remote connections to the router instead of TELNET, this can provide complete VTYs protection.
Disable unneeded features and services on route such as: CDP, http server, bootp server, IP directed broadcasts, TCP small services, UDP small services, IP source routing.
Disable unused interfaces on all routers and firewall, this helps discourage unauthorized use of extra interfaces, and enforces the need for router administration privileges when adding new network connections to a router.
Set up usernames and passwords for all administrators. Or one can use AAA (authentication, authorization, and accounting).
Applied access control lists, to filtering the malicious traffic packets, and to rate limiting, this filtering can usually be done based on two criteria - the source and destination IP addresses of the traffic and the type of traffic.
It is important to allow only local access because during remote access, all telnet passwords or SNMP community strings are sent in the clear to the router. However, there are some options if remote access is required.
Establish a dedicated management network. The management network should include only identified administration hosts and a spare interface on each router. Another method is to encrypt all traffic between the administrator's computer and the router, by setting up IPSec encryption or SSH encryption
No local user accounts are configured on the router. Routers must use Terminal Access Controller Access Control System Plus (TACACS+) or Remote Authentication Dial In User service (RADIUS) protocols for all user authentications.
Configure local AAA (Authentication, Authorization and Account) on router and firewall, the local data base, and Authentication using AAA, additionally configure Authentication proxy. This is Cisco's new access control facility for controlling access, privileges, and logging of user activities on a router.
Using NAT, a router can hide the structure of the trusted network, by transparently translating all IP addresses and coalescing distinct IP addresses into a single one.
Using Cisco IOS firewall Intrusion Detection System (IDS) is a real-time IDS designed to enhance border router security by detecting, reporting, and terminating unauthorized activity.
A poor router filtering configuration can reduce the overall security of an network, expose internal network components to scans and attacks, and make it easier for attackers to avoid detection. Careful router configuration can help prevent a (compromised) site from being used as part of a distributed denial of service (DDoS) attack, by blocking spoofed source addresses.
Apply port security on the switch to mitigate CAM table overflow attacks. once can apply port security in three ways: Static secure MAC addresses, Dynamic secure MAC addresses and Sticky secure MAC addresses.
Using PacketShaper, it is a traffic management appliance that monitors and controls IP network traffic going over wide-area networks (WAN) links. It keeps critical traffic moving at an appropriate pace through bandwidth bottlenecks and prevents any single type of traffic from monopolizing the link. Also PacketShaper identifies and analyzes inbound and outbound WAN traffic up to and including the OSI Application Layer (Layer 7).
Test Bed and Performance Testing
The following test bed was used by a Iraq researcher in order to test the security and the performance of the suggested network model. The test bed consisted of two Cisco router 2811, Cisco firewall (PIX) 516E, Cisco switch 2960, AAA server with TACACA+ protocol and two workstation as attacker and hacker.
And the following procedures were used by the researcher to test and examine the network operation and network security robustness against different types of attackers.
Ethereal program was used to simulate real reconnaissance network attacks on the target network. This program used to see what is on the network (as the hacker does before his attack). This program is an effective "sniffer" to detect threat.
Super Scanner program used to simulate a real access attacks to find which the IP address is active or which port is active and open in the network, the purpose to obtain the network IP address of a workstation or IP address of a network device, port scanner to discover which port is used and open.
Nmap program which is used to scan for open TCP and UDP ports on a router and firewall interface ports. The attack and hacker use a port scanner tools to estimate the network map ,this action was prevented and denies by the disable unneeded features and services on route and firewall.
Nessus program, this program used to search the vulnerabilities in the network. This action was prevented by disable unused interfaces on all routers and firewall, Disable unneeded features and services.
Used Dsniff programs to simulate a DoS attacks , this action was stopped and prevented by applied access control lists on router and firewall to filtering the malicious traffic packets, and reject all traffic from the internal networks that bears a source IP address which does not belong to the internal networks.
Unauthorized attempts to access to the network resources and devices, this action was detected and prevented by AAA server and firewall network, because the firewall and AAA server and screen both incoming and outgoing traffic in the network.
Kiwi Syslog program, which is used to capture and preserve log messages from Cisco routers and many other network devices, this action prevented by Disabling some protocols on the network devices, to prevent attacks and hackers used it, but without affects on the performance of the networks.
Used Macof tools program to do MAC spoofing and CAM table overflow attacks. This action was prevented by apply port security on the switch in three ways: static secure MAC addresses, dynamic secure MAC addresses and sticky secure MAC addresses.
Common Configuration Weakness
How the weakness is exploited
Unsecured user accounts
User account information may be transmitted insecurely across the network, exposing the usernames and password.
System accounts with easily guessed passwords
This common problem is the result of poorly selected and easily guessed user password.
Misconfigured Internet services
Unsecured default settings within products
Many products have default settings that enable security holes.
Misconfigured network equiment
Misconfigurations of the equipment itself can cause significant security protocols, or SNMP community strings can open up large security holes.
Common security policy weaknesses
How the weakness is exploited
Lack of written security policy
An unwritten policy cannot be consistently or enforced.
Political battles and turf wars can make it difficult to implement a consistent security.
Lack of continuity
Frequent replacement of personnel can lead to an erratic approach to security.
Logic access controls not applied
Poorly chosen, easily cracked, or default passwords can allow unauthorized access to the network.
Software and hardware installation and changes do not follow policy
Unauthorized changes to the network topology or installation of unapproved application create security holes.
Disaster recovery plan is nonexistent
The lack of a disaster recovery plan allows chaos, panic, and confusion to occur when someone attacks the enterprise.
Identify the threats
E-mail with virus
External origination, internal use
Could infect system reading email and subsequently spread throughout entire organization.
Could enter through unprotected ports, compromise whole network.
Web based virus
Internal browsing to external site
Could cause compromise on system doing browsing and subsequently affect other internal systems.
Web server attack
External to web servers
If web server is compromised hacker could gain access to other systems internal to network
Denial of service attack
External services such as web, email and ftp could become unusable. If router is attacked, whole network could go down
Network User Attack
Internal to anywhere
Traditional border firewalls do nothing for this attack. Internal segmentation firewalls can help contain damage.
From this assignment I learn some use full information on the security weakness in router and firewall configuration system and risks when connected to the Internet .I also obtain the tips and recommendations to achieve a best security and to protect the network from vulnerabilities, threats, and attacks by applying the security configurations on router and firewall.
I can also use the security policy above as a checklist to use in evaluating whether a unit is adhering to best practices in computer security and data confidentiality.
At the end of I make a simple conclusion that using a firewall and a router together can offer better security than either one alone. A poor router filtering configuration can reduce the overall security of a network, expose internal network components to scans and attacks.