8.1 Security Issues in Intranets and the Internet

As discussed in lesson one, an Intranet is a company specific, private network based on Internet technology, and as such, it is a form of local area network (LAN). However, one of the major distinctions between traditional LANs and Intranets is the reliance of the latter on TCP/IP, packet switching, and Internet technologies.
In the case of the Internet, the technology is deployed over a public network, while in the case of Intranets; the technology is deployed within a private network (Morreale and Terplan 2001).
By their very nature, Intranets encourage a free flow of information. This means that it is also very easy for information to flow directly from the Intranet to the desktops of unauthorized users. To guard against this situation, adequate security measures should be in place when the Intranet is deployed (Morreale and Terplan 2001). Various security techniques may be used to protect an Intranet from the unauthorized external and /or internal use.

The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined briefly as follows (Stallings 2005):

Security attack: Any action that compromises the security of information owned by an organization.

Security mechanism: A process (or a device incorporating such a process) that is designed to detect,

prevent, or recover from a security attack.

Security service: A processing or communication service that enhances the security of the data processing

systems and the information transfers of an organization. The services are intended to counter security

attacks, and they make use of one or more security mechanisms to provide the service.

8.1 Security Issues in Intranets and the Internet

To understand security attacks, first we can divide threats to internal or external. An internal threat is one that uses privileged information to gain access from the outside or an attack that starts from an internal, trusted network. An external threat is one that uses an un-trusted access point, such as the Internet, to gain access to the corporate network (Padjen and Lammle 2000). In the following subsections we will discuss common known threats for Internet and Intranet and its solutions.

I. Intranet Security Threats
We will discuss network threats that should be considered when implementing Intranet security policies (Morreale and Terplan 2001).

Source-routed Traffic

Some users can use source routing to gain unauthorized access into a network. If a source-routed packet is modified so that it appears to be from a computer within your network, a router will obediently perform the packet routing instructions, permitting the packet to enter the network.
One way to combat such attacks is simply to direct your firewall to block all source-routed packets. Most commercial routers provide an option to ignore / disable source-routed packets.

Protecting Against ICMP Redirects (Spoofing)

Internet Control Message Protocol (ICMP) defines the rules routers use to exchange routing information. After a router sends a packet to another router, it waits to verify that the packet actually arrived at the specified router. Occasionally, a router may become overloaded or may malfunction.
In such cases, the sending router might receive an ICMP-redirect message that indicates which new path...

8.1 Security Issues in Intranets and the Internet

...the sending router should use for transmission. It is fairly easy for knowledgeable "hackers" to forge ICMP-redirect messages to reroute communication traffic to some other destination. The term spoofing is used to describe the process of tricking a router into rerouting messages in this way. To prevent this type of unauthorized access, it may be necessary to implement a firewall that will screen ICMP traffic.

II. Internet Security Threats
One way to group Internet threats is in terms of passive and active attacks (Stallings 2005).

Passive attacks include eavesdropping on network traffic between browser and server and gaining access to information on a Web site that is supposed to be restricted.

Active attacks include impersonating another user, altering messages in transit between client and server, and altering information on a Web site.

Another way to classify Web security threats is in terms of the location of the threat: Web server, Web browser, and network traffic between browser and server.
It is also possible to classify the Internet security according to protected entity / information (Morreale and Terplan 2001).

Physical Security

Key pieces of network hardware, such as routers, firewalls, and servers, should be stored in a secure room with some sort of access control such as a traditional or electronic lock, card reader, or other means which can limit access to authorized individuals.

8.1 Security Issues in Intranets and the Internet

Modems

Modems present two security threats. First, modems offer a channel for data to leave your premises, circumventing security and auditing measures that may be in place for the rest of the network. A review of services that are accessed by modem should be made, and, if possible, this access should be rerouted over a secure internal network. Second, modems offer a potential method for unauthorized individuals to access your network from the outside.
One possible solution is a system where each user is provided with an electronic card that displays a random number every few minutes. A similar device that performs the same calculation to produce this number is located on the network one wishes to access. Without the card, and the ability to produce this number, the remote user is denied access.

Data Security

On a multi-user system, this concern can be addressed by proper system administration. Users should not be allowed access to directories or files that do not belong to them. Another aspect of data security is to protect the contents of file or network data via encryption. By using encryption, data that falls into the wrong hands will be unusable unless an encryption key or password is also known.

Passwords

Since passwords usually comprise an initial layer of defense against an attack, they should be chosen and implemented with care. Passwords should not be dictionary words, should be as long as possible, contain a series of letters, numbers, and other characters, and be changed on a regular basis.

8.1 Security Issues in Intranets and the Internet

Workstation Security

Unattended workstations could be a great danger to the entire system, and a security system could be completely wasted if an unauthorized person could access someone else's logged-in workstation. For that reason, users need to be aware of this danger and be properly trained how to secure an unattended workstation, either by logging off or by using a screen saver or screen lock which activates after a short amount of inactivity.

TCP/IP Security

IP Spoofing

Spoofing is the act of altering the contents of a TCP or IP packet header in order to trick the remote system into thinking the packet is valid. One trick is to change the source IP address of a packet to an address that is valid on a network behind a firewall or router.

Denial of Service (DoS)

Many DoS attacks take advantage of nuances in the method used to establish a TCP/IP connection. Since connections may take a while to establish, portions of the TCP/IP establishment process include timeouts so that slow equipment or busy networks will not cause a connection attempt to fail. However, a program which intentionally completes only a portion of this negotiation will result in a host waiting for a connection to complete, when it never will. While the host is waiting for the connection attempt to time out, system resources are being used. If enough of these bogus attempts are made, the host will run out of resources, and future connection attempts will be refused.