Network Infrastructure Security 2012

Network Infrastructure Security

Presented By, Rahul Sharma, Associate Auditor, ANB Consulting Co. Pvt. Ltd.,
ANB Consulting Co.Pvt.Ltd. Page 1

Network Infrastructure Security 2012

Table of Content:A) Introduction:-Network Infrastructure Security ..3 B) Internal Network Security.. 4 i) Internal LAN Security. 4 1.1 LAN Risk and Issues...4 1.1.1 1.1.2 1.1.3 Inappropriate Access to LAN Resources... 5 Disclosure of Data... 5 Unauthorized Modification of Data and Software.. 5

1.2 Good Practices to Avoid LAN risk and issues.6 ii) Network Connection Control.6 iii) Administrative Services.7 iv) Physical Access Control..7 C) External Network Security..8 i) Third party access to internal Network.8 ii) User Authentication for External Connections...8 D) Network Devices Guidelines..9 i) Firewall9 ii) LAN-Switches...9 iii) Network Intrusion Detection/Intrusion Prevention System .10 iv) Antivirus.10 v) Content Filters10 vi) Web Proxy Servers..11 E) References. ..11

ANB Consulting Co.Pvt.Ltd. Page 2

Network Infrastructure Security 2012

A) Introduction: - Network Infrastructure Security

Network Security consists of the provisions and policies adopted by the system administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network accessible resources. It covers a verity of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among business, government agencies and individual. Network infrastructure is an essential component of ensuring that potential threat to overall information and communication technology security of a Business. Devices connected to the network or a program comes into communication network. Controls can be implemented through a terminal or some softwares. Lack of controls over network will affect CIA (Confidentiality, Integrity, and Availability) of an organization which include Confidentiality: - Protection of secure data which transmitted over network from unauthorized user/Party. Unauthorized access of data, which stored on server due to weak controls, can affect the confidentiality of data. Integrity: - Ensures that Information is accurate and complete in storage. It can be modified while transmitted between networks .It will provide wrong or inaccurate information to the actual users. Availability: - Availability of information to the authorized user in proper form. Monitoring, reviewing logs, checking security incident and system performance in timely manner can be preventative control to ensure availability of information over network. Key Requirements for Network Infrastructure Security
1. Network devices should be configured securely and accessed in a secure

environment. 2. Secure protocols should be used for networks.

3. Securely configured firewalls and Routers should be used.

4. Remote access to internal networks should be securely managed.

5. Anti-Virus and Malware should be installed in machines. 6. Fire extinguishers for fire-sensitive areas like server rooms and security rooms. 7. Implement physical security management like closed circuit television for entry

areas and restricted zones.

ANB Consulting Co.Pvt.Ltd. Page 3

Network Infrastructure Security 2012

8. Security guards can help to maximize security.

B) Internal Network Security

i) Internal LAN Security:-

LAN provides the storage and retrieval of programs and data used by a group of users.LAN software also provide security to these programs or data but these provide low level security. Here are the risks associated with use of LAN:1. Inadequate LAN management and security policies.
2. Unauthorized changes cause loss of data and integrity.

3. Lack of training for proper LAN usage and security. 4. Inadequate protection mechanisms in the workstation environment 5. Inadequate protection during transmission.

1.1 LAN Risks and Issues:-

Unauthorized LAN access results from an unauthorized individual gaining access to the LAN.LAN provide file sharing, printer sharing, file storage sharing etc. As resources are shared and not been used by individuals so there should be control of the resources and accountability of resources. Three common methods used to gain unauthorized access are password sharing, password guessing and password capturing. In this password sharing is common in some organization. It allows an unauthorized user to have the LAN access and privileges of specific user .sometime unavailability of specific user will affect a part of organization/department, due to repel this password has been provided to other to work on the place of specific user.
ANB Consulting Co.Pvt.Ltd. Page 4

Network Infrastructure Security 2012 Password guessing is generally not a means of unauthorized access. While password capturing is a process in which a legitimate user unknowingly reveals the users ID and password. Trojan horse program is used to capture password that appear to the user as legitimate login program.

Here are the vulnerabilities which are caused by unauthorized access:a) Lack of or insufficient, identification and authorization scheme, b) Password sharing c) Poor password or easy to guess passwords d) Single user PCs that are not password protected at boot time e) Unprotected modems
f) Lack of time-out for login time and logs of attempts.

g) Poor physical controls of network devices.

h) Lack of last successful login date/time and unsuccessful login attempts

notifications and log.

1.1.1 Inappropriate Access to LAN Resources:-

Many resources are easily available to many users rather than giving them dedicated resources. As many resources like file stores, application, and printers easily available to users. So to lesser the risk of security of resources, permission is given only those who are authorize to access them. Unauthorized access occurs when a user access a resource that the user is not permitted to use. It happens because access rights given to users are not clear or specified. So to control the risk of accessing the resources access control matrix has to be implemented in an organization.

Here are the vulnerabilities which are caused by unauthorized access of resources:a) Use of system default permission setting that are to permissive to users,
ANB Consulting Co.Pvt.Ltd. Page 5

Network Infrastructure Security 2012

b) Improper use of administrative or LAN manager privileges,

c) Data that is stored with an inadequate level or no protection assigned d) Improper use of privilege mechanism for users, e) PCs that utilize no access control on a file level basis.

1.1.2 Disclosure of Data:As data stored and process through LAN, so it requires some level of confidentiality. The disclosure of LAN data or software occurs when the data and software is accessed, read and released to an individual who is not authorized for that data. This is due to gaining access of information by someone that is not encrypted or by viewing monitors or printout of the information Here are the vulnerabilities which are caused by unauthorized access of LAN data:a) Improper access control setting, b) Sensitive data stored in unencrypted form, c) Application source code stored in unencrypted form, d) Monitor viewable in high traffic areas, e) Printer placed in high traffic areas.

1.1.3 Unauthorized Modification of Data and Software:Applications and Data are shared through LAN changes to them should be controlled. Unauthorized modification of data or software occurs when unauthorized changes are made to a file or program. If undetected data modifications are present for long time, the modified data may be spread through LAN possibly corrupting database, spreadsheet calculation and other various application data. This can damage the integrity of most application information. When unauthorized changes can be made in simple command programs, in utility programs used on multiuser system, in major application programs, or any other type of software. They can be made by unauthorized outsider or those who have authorize to make changes. These changes can divert information to other destinations, corrupt the data or harm the availability of system or LAN services.
ANB Consulting Co.Pvt.Ltd. Page 6

Network Infrastructure Security 2012

Here are the vulnerabilities which are caused by unauthorized modification of Data and Software:a) Privilege mechanism that allow unnecessary write permission b) Lack of virus protection and detection tools, c) Undetected changes made to software, including the addition of code to create Trojan horse program

1.2 Good Practices to Avoid LAN risk and issues The following are the good practices to avoid LAN risk and issues:a) First Virus protection should be necessary to avoid virus or malware attack, so

antivirus should be installed in main server and should be updated on daily basis for new patches. b) Access control list should be maintained. It will provide limited access to users. Provision of access control lists for data shall be made in the system to protect data from unauthorized access. c) AD (active directory) in Domain controller should be managed by authorized person like IT manager, which can control the access of users in the system/application.
d) System force user for strong password with proper security requirements. Force

user to change temporary password at the time of first log-on .For transactions like in bank E-tokens should be implemented for it, through which only authorized users can pass the transactions. e) End user system shall be configured to lock out in case of inactivity. At the time of standby, it should automatically lock.
f) User activity logs should be maintained by the IT manager and reviewed on

regular basis.

ii) Network Connection Control

ANB Consulting Co.Pvt.Ltd. Page 7

Network Infrastructure Security 2012

For an organization it is recommended that they should maintain a policy that user access to network is restricted through techniques such as limiting network access in certain time, allowing only one way file transfer so that user are not able to upload malicious to the network and using VLAN(concept of partitioning a physical network) to facilitate separation of network devices and hosts(workstation and servers) so that uniform filtering policies can be applied so that organizational workstation can only be able to access network services they require for business purpose. Good filtering policies include:a) A conspicuous rule is added to ensure that all workstations and servers cannot

connect directly to the internet. Connection to the internet should take place through the use of proxy server.
b) Ensure that workstations are connected to appropriate servers for proper

functionality like print, application, E-mail servers c) Ensure that all workstations within a network segment can connect using appropriate network ports to the relevant proxy server.
d) Ensure

that all workstation connected to network segments that require authentication can connect to the systems hosting authentication services (as active directory) in order to authenticate user.

iii) Administrative Services

It is recommended that the availability of administrative services of organization systems and devices is restricted to authorized internal IP addresses. Authorized IP address could be given to higher authority like IT managers, system, and network and data administrator.

iv) Physical Access Control

ANB Consulting Co.Pvt.Ltd. Page 8

Network Infrastructure Security 2012 For the security of servers access card system should be implemented outside the data center, so it will allow only authorized personal to access the servers. No Visitors should be allowed in the data center without permission. Data center should have Visitors register .Other than authorized user will make entry into the register.

C) External Network Security

i) Third party access to internal Network

A policy is maintained in which access of organizational internal networks like internet, VPNs or dial up access or internal application is not granted to third access party unless higher authorities like IT manager, HOD within the organization determines that there is legitimated need for such access. According to the need of 3rd party, access can be given into a timeframe according to the use to accomplish their approved task.

ii) User Authentication for External Connections

ANB Consulting Co.Pvt.Ltd. Page 9

Network Infrastructure Security 2012 Sometime user use application, services, and data through external connection. These external connections may become harmful for these services, application, data which will create problem for an organization. So to allow user to use these connections some policy should be maintained by the organization. Only those users should be permitted if it has been identified or permitted by the authorized user. The strength of the user authentication mechanism depends upon the sensitivity of the information or data which is used by user through external connection. Few authentication mechanism are given below E-Tokens Cryptographic Technique Challenge-response protocol

ANB Consulting Co.Pvt.Ltd. Page 10

Network Infrastructure Security 2012

D) Network Devices Guidelines

i) Firewall

It is recommended that Firewalls should be configured according to security policies measures for the network of the organization. Few best practices are given below:a) Device management only access authorized internal IP addresses. b) Changes in firewall can be done only by authorized personnel like IT manager.
c) Ensure all passwords should be in encrypted form when stored in device.

d) Ensure that password should meet specific requirement :1) Minimum of 8 character

2) Combination of lower case and upper case character, numbers, symbols. e) No generic userid shall be created for administrative purpose on firewall.
f) All firewall logs shall be stored in logging server for storage and analysis

purpose.

Firewall configuration shall not be changed without permission of proper authority like IT manager. Testing of firewall shall be performed and reviewed on regular basis. All administrative changes shall be made through the central authentication server.

ii) LAN-Switches

The following good practices controls are adhered to layers of data center:a) Ensure that password should meet specific requirement :1) Minimum of 8 character 2) Combination of upper and lower case character, numbers or symbols.
ANB Consulting Co.Pvt.Ltd. Page 11

Network Infrastructure Security 2012

b) Device management only access authorized internal IP addresses. c)

Ensure all passwords should be in encrypted form when stored in device

d) Ensure all unused switch ports are configured into a shutdown state.

All switch logs shall be stored in logging server for storage and analysis purpose.
g)

e) All network ports listed in the switch configuration are to be configured with a description of the device connected.
f)

All administrative configurations to the device are to be performed via a central authentication server.

g) A VLAN should be implemented on the network switches to support administrative functions.

iii) Network Intrusion Detection/Intrusion Prevention System

If an organization hosts web server or any other server, he has to implement network intrusion detection or prevention system to discover unauthorized access to computer network. Following good practices are required:a) Device management only access authorized internal IP addresses. b) All communication between the management console and the device to be encrypted. c) The network interface being used for monitoring and network traffic collection should not be configured with an IP address. d) Ensure that password should meet specific requirement :1) Minimum of 8 character 2) Combination of upper and lower case character, numbers or symbols.
ANB Consulting Co.Pvt.Ltd. Page 12

Network Infrastructure Security 2012 e) Signature must be updated on daily Basis.

f) Devices are to be patched and maintained in response to operating system and

product alerts issued by the respective vendor.

iv) Antivirus

It is the gateway to monitor to check the existence of virus or malware for incoming and outgoing web and email traffic. Antivirus detects and prevents the action of malware or virus like adware, fraudtools, and keyloggers. It should be updated on daily basis for updating and new patches to detect new viruses.

v) Content Filters

Content filtering is used for blocking or controlling irrelevant material for the user in organization especially used to restrict material delivered over internet via email, web or other means. Content filtering software is used to determine what content will be making available or what content will be blocked. Content filtering may be used to block access to pornography, games, shopping, advertising, email/chat, or file transfers, or to Websites that provide information about hatred/intolerance, weapons, drugs, gambling, etc. Some good practices for content filtering are given below:a) Content filter should be patched and maintained according to vendor security advisories. b) Signature of content filter should be updated on daily basis. c) A report on content filters activity should be checked and reviewed by higher authority like IT managers.

vi) Web Proxy Servers

ANB Consulting Co.Pvt.Ltd. Page 13

Network Infrastructure Security 2012 Policy should be maintained for web proxy servers. Good practices are given below:a) Allow proxy server management access to only authorized internal IP address. b) Each proxy should only be configured to permit the flow of traffic in a single direction. c) Proxies are patched and maintained in response to product alerts issued by the operating system and proxy software vendor. d) All proxy should be forced to authenticate before access to internet and other related services are permitted.

E) References:-

1) http://www.lanenforcer.cn/global/pdf/white_papers/Best_Practices_LAN_Security_and_ NAC_rev1.pdf

2) http://www.cgiar.org/www-archive/www.cgiar.org/pdf/iau/gpn_Network %20Infrastructure%20Security.pdf

3) https://security.tennessee.edu/pdfs/SNIBP.pdf

4) http://en.wikipedia.org/wiki/Network_security

5) Policy: - RBI, Uninor.

ANB Consulting Co.Pvt.Ltd. Page 14