Presentation is loading. Please wait.

Presentation is loading. Please wait.

TCP/IP Networks Management and Security Presented by: David M. Litton, CPA, CISA, CGFM Deputy Director, Audit and Management Services Virginia Commonwealth.

Similar presentations

Presentation on theme: "TCP/IP Networks Management and Security Presented by: David M. Litton, CPA, CISA, CGFM Deputy Director, Audit and Management Services Virginia Commonwealth."— Presentation transcript:

1 TCP/IP Networks Management and Security Presented by: David M. Litton, CPA, CISA, CGFM Deputy Director, Audit and Management Services Virginia Commonwealth University May 7, 2001

2 5/7/2001TCP/IP Networks Management and Security2

3 5/7/2001TCP/IP Networks Management and Security3 Course Objectives: What is a TCP/IP Network? Common components of a TCP/IP network Network environment: TCP/IP protocol and associated devices functionality General network risks Specific risks and compensating controls for TCP/IP network devices Areas of a TCP/IP Infrastructure Audit

4 5/7/2001TCP/IP Networks Management and Security4 What is a TCP/IP Network? Envelope and post office concept Ethernet Frames Internet Protocol (IP) – Connectionless datagram; tries to send but not sure if it gets there Transmission Control Protocol (TCP) Alternatives to TCP: UDP and ICMP Ports Socket (Combination of port# & IP address) Connection (pair of sockets for a session)





9 5/7/2001TCP/IP Networks Management and Security9






15 OSI Model and TCP/IP Compared

16 5/7/2001TCP/IP Networks Management and Security16

17 5/7/2001TCP/IP Networks Management and Security17 Common components of a TCP/IP network Cat 5 UTP Wiring & fiber optics lower layer 1 Hubs emphasis layer 1 Bridges layer 1 or lower-part of layer 2 (MAC) Switches – some layer 1 & emphasis layer 2 Routers – emphasis layer 3 & some layer 4 Applications/network utilities: layers 5-7; FTP, HTTP, NFS, X-Windows, Telnet… Protocol Stacks: part of server/work station O/S Servers - physical and logical contrasted Specialized IP servers: DHCP, BOOTP, DNS…

18 5/7/2001TCP/IP Networks Management and Security18 Network Environment: TCP/IP Protocol and Associated Devices Functionality

19 LAN/WAN Protocol Example

20 5/7/2001TCP/IP Networks Management and Security20 General network risks Inconsistently applied back-up procedures for Network Equipment and Servers Lack of a test lab and change control procedures Intercepting clear text, log-on identifiers and passwords Staff turn-over Use of unauthenticated services on network hosts and pass through routers Lack of spoofing prevention measures Use of default passwords on network equipment Lack of password change procedures for network equipment Poor O/S controls on network devices

21 5/7/2001TCP/IP Networks Management and Security21 General network risks Improper access to restricted systems (patient information, financial records, payroll, etc.) Release of sensitive information Prolonged outages and inconsistent availability Lack of documentation Non-compartmentalized traffic Trojan Horses Lack of expertise, training, and cross- training Lack of restoration plans or spare parts Ineffective procedures Masquerading as another individual Spying, Sabotage Risk from easy-to-use freeware utilities Stolen Passwords

22 5/7/2001TCP/IP Networks Management and Security22 Specific risks and compensating controls for TCP/IP network devices

23 5/7/2001TCP/IP Networks Management and Security23 Router Risks and Controls Inappropriate addresses or dangerous protocols accessing hosts/servers Access Control Lists – filter through router Inappropriate addresses conducting router maintenance ACLs to restrict IP addresses to router Unauthenticated or trusted services used for maintenance Turn off these services in router configuration, use services with stronger authentication

24 5/7/2001TCP/IP Networks Management and Security24 Router Risks and Controls Damaged router/network device configuration Create backups of the configuration file, store on network, hard copy, and secret backup Failed upgrades or changesDevelopment and maintenance controls & back-out plans Not capturing network eventsTurn on logging, secure the host that the logs are streaming to

25 5/7/2001TCP/IP Networks Management and Security25 Router Risks and Controls Default passwords and clear text passwords transmitted over the network Change passwords periodically with timeouts No console passwordsAdd passwords with timeouts Community strings = PUBLIC, PRIVATE and pass network in clear text Change Community strings and use encrypted SNMP

26 5/7/2001TCP/IP Networks Management and Security26 Router Risks and Controls: Methods of Accessing Routers Console TFTP Telnet TACACS MOP (maintenance operation protocol by DEC for CISCO routers) SNMP R-Shell R-Copy FTP HTTP More being added, check manufacturer documentation

27 5/7/2001TCP/IP Networks Management and Security27 Domain Name Service: Risks and Controls Allowing zone file transfers to unauthorized clients provides MX and HINFO records Use router filters for TCP port 53 (DNS) or control servers that receive DNS zone files Updates require time to propagate usually 24 hours Use strong change control procedures – management review Providing information about internal devices one at a time Configure external name servers to provide info on Internet connected machines Whois CommandWhois returns the DNS IP addresses + sensitive info.

28 5/7/2001TCP/IP Networks Management and Security28 Network Address Translation Static translation does not hide the device from the Internet Port translation is needed to get the full benefit for security. Reduced router performance and can interfere with authentication schemes that verify integrity of the entire packet Must weigh these costs when reviewing NAT

29 TCP/IP Environment Example

30 5/7/2001TCP/IP Networks Management and Security30 Wiring/Hubs: Risks and Controls Inability to track wiring problems Diagrams, labeling Sniffing equipment, theft, inappropriate access to equipment Secure wiring concentrations (closets) No redundant paths for backbone/WAN connections Redundant Layer 1 path Power surgesSurge protectors or UPSs Heat and water damageDesign of locations that house equipment

31 5/7/2001TCP/IP Networks Management and Security31 Additional Server Risks and Controls Legitimate network access can cause security problems. Example: Sun Telnet hack, Microsoft IIS hacks Install up to date patches, Backup (OS, applications & database), password controls, file permissions, restrict privileges, logging, disable unnecessary services Differences in server configurations Use consistent setup checklists and/or scripts for servers and user profiles

32 5/7/2001TCP/IP Networks Management and Security32 Dangerous Services to be Restricted Zone Transfers UDP&TCP 53 Link TCP 87 LPD TCP 515 BOOTP UDP 67 RPC TCP & UDP 111 NFS UDP 2049 TFTP UDP 69 SNMP UDP 161,162 X-Windows TCP 6000+ Finger UDP 79 Berkley R-Commands TCP 512-514 Windows Sharing TCP 135-139,445 Chargen,Discard,Echo TCP/UDP 9,19,7 Block ICMP redirects*Internal address from outside the network

33 5/7/2001TCP/IP Networks Management and Security33 Work Stations Risks and Controls Trojan Horses: key capture, sniffers, remote control BOClean, up to date virus software (for detection) VirusesVirus software up to date Modem Lines exposuresPolicy, inventory, standardization, dial-in servers, Unique id & complex passwords, Wardial company #s

34 5/7/2001TCP/IP Networks Management and Security34 Encryption Examine Encryption Practices Determine where the traffic is the most exposed – going out on the Internet, between business partners… Look for controls like compartmentalization & VLANs to reduce internal exposure Use Encrypted methods like SNMP V.2 and CHAP V.2 to communicate to network devices Consider testing encryption controls with a sniffer

35 5/7/2001TCP/IP Networks Management and Security35 Sniffed PPP Connection in Clear Text

36 5/7/2001TCP/IP Networks Management and Security36 Areas of a TCP/IP Infrastructure Audit: Why Examine Network Infrastructure Rarely examined Large investment Basis for most technology - the common denominator Connects to the World Lost Revenue on E-Commerce Susceptible to Denial of Service Attacks

37 5/7/2001TCP/IP Networks Management and Security37 Areas of a TCP/IP Infrastructure Audit: Recommended Objectives Continuity (consistent reliability and availability of system -- back-up and ability to recover) Management and Maintenance (additions, change procedures, upgrades, and documentation) Security (appropriate physical and logical access to network devices and hosts)

38 5/7/2001TCP/IP Networks Management and Security38 Auditing TCP/IP Infrastructure Review network policies and procedures Review network diagrams (layer 1 & 2), design, and walk- through, list of network equipment and IP address list Verify diagrams with Ping and Trace Route Review utilization, trouble reports & helpdesk procedures Probe systems (Netscan tools and Portscanner) Interview network vendors, users, and network technicians Review software settings on network equipment Inspect computer room and network locations Evaluate back-up and operational procedures

39 5/7/2001TCP/IP Networks Management and Security39 Conclusion Identify the paths and equipment used to navigate the network Identify TCP/IP infrastructure areas of concern Break into manageable pieces Every network is different and the components and risks must be fully understood Identify risks and prioritize Dedicate more upfront planning RELAX !! Its not that bad !

40 5/7/2001TCP/IP Networks Management and Security40 Additional Information Presentation located on line at URL: Contact information: (804) 828-9248

Download ppt "TCP/IP Networks Management and Security Presented by: David M. Litton, CPA, CISA, CGFM Deputy Director, Audit and Management Services Virginia Commonwealth."

Similar presentations

Ads by Google