Network Security

Dan Hobson
CIS344
 Today’s computing environment has changed dramatically the way we do

business. Email and instant messaging have become a larger and larger part of today’s

work environment and the Internet has become not just and frill for many companies, but

their sole method of doing business. The amount of data being stored by companies has

also grown. Terabyte hard drives and huge NAS arrays, companies are keeping more and

more data about customers and business partners, much of it sensitive data that needs to

be protected.

We will be looking at a few different ways that companies can help safe guard

their networks including physical security, email security, and wireless.

One of the most often overlooked aspects of network security is physical security.

Controlling access to the network does not just involve setting up firewalls and assigning

user names and passwords. Preventing unauthorized access to the network also involves

physically securing access to computers attached to the network. If I wanted to break into

a network it is far easier to do if I have access to a computer attached directly to that

network. You must also look at the physical access to the network cabling. Being able to

hack into a network by splicing into the cabling itself may seem more Hollywood than

real life, but it is possible. For instance “The EMR (Electromagnetic radiation) emissions

from CRT monitors can be picked up and display what is on that monitor on another

monitor from up to half a mile away.” (Nelson 2006 p155)

While most companies won’t be subject to that kind of attack, it shows you just

how important physical security can be.

Physical security should start at the exterior of the building. For government

facilities and companies working with highly sensitive projects it should begin with
access to the parking lot, but we will assume we are talking about more general

businesses. Preventing unauthorized access to the building can be as simple as a lock and

key to sophisticated biometric scanners and security guards posted at all entrances and

exits. Most large businesses make use of ID badges and card readers for access to the

building. This system also creates a log of who entered the building, when they entered

and what door they came in.

Controlling access to the PC’s can be done with user names and passwords,

biometric scanners such as finger print readers or by using smart cards. Servers should

always be placed in rooms where access can be strictly controlled and no one but the

administrators should be able to access the server directly. Securing the cabling for most

institutions is as simple as running conduit and placing the network cables inside walls.

Drop ceilings do not provide any security other than to hide the cabling from view.

Email security is another problem for most businesses. Email has become

essential to most companies day to day business operations. It has even replaced the

telephone in many instances as the preferred form of communication and as such has

become a larger and larger target for criminals attempting to steal company information

or identity thieves trying to steal personal information such as credit card numbers and

social security numbers.

Defense in depth is the way one needs to approach email security. One form of

defense is no longer enough to provide much safety. Defense starts at the perimeter,

email servers should be placed on a separate network in front of your internal network;

antivirus and anti-spam should also be installed on the email server or the better option is

to use a separate email gateway that handles the entire virus scanning and spam filtering.
This takes the load off the email server and provides one more layer of protection

between you and the outside world. Digital certificates are also another way of securing

email. “A digital certificate is like a passport. The certificate actually contains different

parts, most importantly a private key and a public key.” (Richardson, Tim 2004)

Certificates can be used to verify that the author of the email is actually the person whose

address appears in the from line. Spoofing an email address takes almost no time and

most users seeing an email from “the big boss” will open it and click on any attachment

inside without questioning if the email is legitimate. Here is where user training comes in.

Educating your users on email security should be a part of any security policy. Email

spoofing, spam, phishing and other nasties are floating around the Internet and an

unwitting user can infect your entire network with one click.

Encryption is another way of securing email, like digital certificates it uses keys and the

most popular and easiest method is the public/private key exchange. PGP, which stands

for Pretty Good Privacy, is a popular and very easy to use program that encrypts the

entire email. Even if the email is intercepted in transit to the recipient it cannot be read

with out the decryption key. GnuPG is a free program that uses the same setup as PGP, it

is not as easy to use, but it is free.

Wireless security is another aspect of network security that has become more and

more prevalent as businesses have embraced the technology. Since security is never the

first thing anybody thinks about when designing or installing a network wireless has

grown by leaps and bounds over the past few years.

 Wireless access has its benefits, no need to have a cable drop at every location

reduces expense. Being able to work from just about anywhere in the building means you

can carry your laptop to where you need to be and are saving time not having to run back

and forth. It has also added an entire layer of complexity to network security that we poor

administrators have had to deal with.

Jon Udell with Infoworld has a link http://weblog.infoworld.com/udell/2005/06/08.html

in a small article he wrote about cracking WEP security. It shows how to crack a WEP

secured wireless access point in 10 min. “Cracking WEP today still requires specialized

tools and high motivation, but it's just a matter of time until somebody packages up the

procedure into a simple application that anybody can use.” (Udell 2007) So someone

sitting in your parking lot with a wireless signal can have access to your network in 10

min. This article alone should be enough to make most administrators cringe.

The first step in securing wireless access is placement of the access points. You

want to be able to get the signal where you need it without broadcasting it to your

neighbors or the thief across the street. A wireless signal finder can be used to check just

how far the signal reaches. The information above should also show you that at a

minimum you are going to want to use WPA encryption or better yet WPA2 both are far

more secure than WEP and are much harder to crack.

Changing the default password on your wireless access point may seem like a

silly thing to say, but there have be many instances of such things happening. Always

change the default password of you access points and routers. This will be the first thing

many hackers try.

 This covers just a few of the ways to secure your network, there are many others

and I could write an entire book, many have been actually, on network security.

The landscape of network security has gotten more and more complex over the

years and will probably not change anytime soon. The fact that you cannot be 100%

secure against an attack from a knowledgeable and dedicated attacker to me speaks more

of security needing to be built into networks and applications from the ground up.

Security should always be a first priority when designing a network as it is much easier to

build into the network from the start than to try and patch it up later on.
 Works Cited
Nelson, B. et al . (2006) Computer Forensics and Investigations.

Canada: Thomson Learning, Inc.

Richrdson, T. (2004) Simple Notes on Internet Security and Email.

Tim-Richardson.net, Oct. 21, 2007,

http://www.tim-richardson.net/misc/security.html

Udell, J. (2007) Infoworld.

Oct. 21,2007,

http://weblog.infoworld.com/udell/2005/06/08.html