Basics

Network Security: The Basics

New to network security? Before you get lost in the bits and bytes, Stephen Northcutt of SANS provides a look at the essential concepts.

By Stephen Northcutt

Page 2

Cryptography
When defense in depth fails, the only remaining protection for the data is cryptography. Cryptography is very strong: if your organization is using a modern algorithm, the encrypted information is so powerfully protected, the encrypted data cannot be attacked. However, the processes we use to manage the crypto keys can be attacked, so strong processes related to key management are a must. As an example, many organizations have purchased full disk encryption for their laptops. There is no way to reverse that encryption without the key. However researchers at Princeton recently demonstrated ways to capture the key from memory defeating the protection with many vendors products.[5] There are three types of cryptography algorithms: secret key, public key, and hash functions. Unlike secret key and public key algorithms, hash functions, also called message digests or one-way encryption, have no key. Instead, a fixed-length hash value is computed based on the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. The primary application of hash functions in cryptography is message integrity. The hash value provides a digital fingerprint of a message's contents, which ensures that the message has not been altered by an intruder, virus, or by other means. Hash algorithms are effective because of the extremely low probability that two different plaintext messages will yield the same hash value.[6]

Access, Authentication, Authorization
Sometimes called Triple A or AAA, these are the keys to implementing security in the organization. Access process should ensure the correct person is accessing your organizations computing and networking resources. Since passwords can be shared, many organizations use a physical token in addition to a password during the authentication process. Once authenticated, controls should be in place to make sure individuals only access the resources they are authorized to access.

Separation of Duties, Separation of Services
Separation of duties is a common policy when people are handling money so that fraud requires collusion of two or more parties. This greatly reduces the likelihood of crime. Information should be handled in the same way since it can be bought and sold easily. If your system administrators claim that their duties cannot be broken up, it is important to understand well run organizations do just that.[7] A long time ago, servers were so expensive that a single server would run multiple services. One of the lessons we learned from the first worm (malicious software that spreads by breaking into systems) was that if a server crashed with multiple services running on it we would lose the ability to supply all of those services. For the next ten years, it was considered good practice to have one service per machine; a mail server, a file server, and so forth. Today, with virtual machines and service oriented web architecture, we are moving back to multiple services, in fact far more services than before. This is fine as long as we factor in how to keep operating if something bad happens to that machine. There are fields of study called continuity of operations, disaster recovery and business impact that provide insight into these fields of study.

network security

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors