Secure Network Analysis Essentials Overview with Case Studies

If a network is to provide security services, the infrastructure of that network itself needs to be secure. This concept borrows directly from operating system security, where the term Trusted Computing Base is used to specify an operating system that properly enforces its security policy only if it is itself resistant to attacks. This is a simple rule, which is valid with any security system and is therefore of paramount importance in network security. Though specialized security devices, such as firewalls, might be designed to be resistant to attacks, many network devices are not. Moreover, most common network devices come preconfigured with settings that might not be desirable when a certain level of network security needs to be provided.

Overview
To provide security services, the network infrastructure needs to be secure itself.
This point is analogous to the concept of Trusted Computing Base in operating system security.

Network devices must have these qualities:

Resistant to device-focused attacks Provide baseline security features to traffic (controlled routing, antispoofing, etc.) Securely managed (operationally and technically)

Pr ese nt atio n_ ID

2 00 6 C isco Syst em s, Inc . All rig ht s r ese rve d.

Ci sco Con fid en tial

In general, the design of a secure network infrastructure revolves around three areas, which should provide a Network Trusted Computing Base to an organization.

Making devices resistant to attacks that are targeting devices themselves as hosts: This is commonly called network device hardening, and it applies guidelines from host security to network devices. Providing at least baseline security features to traffic, controlled by those devices: In environments with high security requirements, devices might be configured with extremely tight traffic handling policies, which might be unmanageable in a classic commercial environment. Managing the devices securely: This are involves secure operational procedures, such as change control, and consistent provisioning and technical aspects, such as secure management protocols or out-of-band management networks.

Secure Network Analysis Essentials Overview with Case Studies

2008 Cisco Systems, Inc.

Guidelines
Assess risks when you have a complete picture of the network.
Too many variables are interdependent.

Mapping tools are fine (black box), but not enough.

Human input, configurations, and statistics.

Focus on management operational practices. Implement recommendations in stages.

Critical recommendations come first.

Pr ese nt atio n_ ID

2 00 6 C isco Syst em s, Inc . All rig ht s r ese rve d.

Ci sco Con fid en tial

Several general guidelines apply to any network infrastructure security analysis.

Assess risks when the complete picture of the network has been established. There are too many examples where the lack of proper inventory-keeping has caused grave consequences for network security. Mapping tools are useful, but they encourage a black-box approach, where the mapper does not necessarily know whether the mapping has reached every device of the network. A combination of discovery techniques, including human knowledge and physical inspection, is necessary. When analyzing network management, do not focus only on the technology. The practices of the management personnel might negate the use of security technology. It is hard to implement infrastructure security in a single pass across a large network. Divide the process in several stagesbegin by addressing the most important issues and proceed according to the implementation plan.

Secure Network Analysis Essentials Overview with Case Studies

2008 Cisco Systems, Inc.

Case Study #1
The LAN switches in the computer classrooms of a university stopped forwarding traffic, and an anonymous student claimed responsibility.
The school needed to identify the cause of the denial-ofservice attack and prevent it from happening again (requirements analysis).

A network audit showed that there was no port-level security configured in the LAN switches, which enabled workstations to send any traffic (including BPDU) into the Layer 2 network.
This finding was pinpointed as the most probable cause for problems, and proper switch settings were configured.
Pr ese nt atio n_ ID 2 00 6 C isco Syst em s, Inc . All rig ht s r ese rve d. Ci sco Con fid en tial

Case Study #1
This case study illustrates a specific problem that needed to be solved in an open university environment. The LAN administrators noticed several failures of the access layer in their switched LAN, which might have been caused by a station attacking network devices. An anonymous student claimed responsibility, and the administrators decided to review their device security policies. A network audit has shown that the access layer ports were configured without any special security settings, enabling any station to send raw frames of any kind to adjacent switches. As this was most likely the cause of the problem, port-level security settings were implemented (PortFast, root guard, and so on.)

Secure Network Analysis Essentials Overview with Case Studies

2008 Cisco Systems, Inc.

Case Study #2
A large business is concerned about its growing WAN/VPN network.
Router configurations are inconsistent. Router deployment is often done by outsourced partners.

The requirement is to provide consistent device security across the entire network. Analysis of configurations, topology, and applications provided the necessary input.
Templates were created and used when provisioning new devices. The network management team was trained on best practices for secure management.
Pr ese nt atio n_ ID 2 00 6 C isco Syst em s, Inc . All rig ht s r ese rve d. Ci sco Con fid en tial

Case Study #2
This case study illustrates a common case of configuration control. A large business is concerned about the consistency of its network device configurations, as outsourced partners did most of the deployment. From the security perspective, there was no documented procedure to deploy routers securely, which has resulted in very different initial configurations across the WAN devices. The requirement of secure initial settings was identified, and the analysis of the network provided input to decide on the level of security and required services on network devices. As a result, templates were created, and their use was enforced at new device deployment. Also, the network management team was trained on best practices for secure management.

Secure Network Analysis Essentials Overview with Case Studies

2008 Cisco Systems, Inc.

Summary
This whitepaper presented these key points:
Device security is paramount to establish a trusted network infrastructure. A complete network inventory is required for proper risk assessment. Interdevice trust should be analyzed to identify logical connections from a security perspective. Some hardening techniques significantly decrease network manageability. Network management plays a central role in a securityhardened infrastructure.

Pr ese nt atio n_ ID

2 00 6 C isco Syst em s, Inc . All rig ht s r ese rve d.

Ci sco Con fid en tial

Secure Network Analysis Essentials Overview with Case Studies

2008 Cisco Systems, Inc.