Logical Network Security.

Threats
There are two major threats to network security.


Internal Threats. This would be network misuse and unauthorized access.

External Threats. This would be viruses and social engineering.

The most foolproof way to protect a network from external threats is to sever all connections to public networks. In reality, this is not practical, since many businesses require access for E-commerce. A balance must be struck between these needs:

   1.  Evolving businiess requirements
    2. Freedom of information initiatives
    3. Protection of data: private, personal, and intellectual property
Essentially, the battle is fought over openness vs. security. Often, more security means less openness, and vice versa.


Internal Threats


Cisco states internal threats are the most dangerous, since insiders have the most intimate knowledge of the network. They use this knowledge to achieve security breaches. They often don't need to crack passwords since they have sufficient access.
        Insider attacks render technical security solutions ineffective. This is probably due to the fact that we don't look for breaches of security within our own fortifications. We are so busy looking over the wall that we don't look behind us.
       A best practice for hardening systems from internal (as well as external) threats includes following the systems' vendor recommendations.

External Threats

External attackers lack the insiders knowledge and often rely on technical tools to breach your network security. Technical tools such as Intrusion Prevention System (IPS's), firewalls, and routers with Access Control Lists (ACL's) are usually effective in mitigating an organization's vulnerability to this type of attack.

Other Reasons for Network Insecurity


An alarming trend is that as the sophistication of hacker tools has been on the rise, the technical knowledge required to use them is on the decrease. According to the 2007 CSI/FBI Computer Crime and Security Survey, organizations are suffering a two-fold increase in financial losses but on slightly fewer attacks in the reports four-year period. Financial frauds have overtaken viruses as the greatest cause of loss.
         In the past, hackers have been motivated as much by notoriety and intellectual challenge as for profit. A disturbing recent trend is what Cisco calls "custom" threats, which focus on the application layer of the OSI model. Traditional signature-based intrusion detection systems (IDS's) and IPS products willl not detect this type of attack because the product's signatures match against a database of known vulnerabilities. Making sure you have the latest vendor patches may prove to be ineffective. The applications themselves were probably written by programmers who have little or no knowledge of network security. According to Lanowitz of Gartner Inc., 75% of all attacks today are application layer attacks with three our of four businesses being vulnerable to this type of attack.

The CIA Triad

The three primary purposes of network security are to secure an organization's data confidentiality, integrity, and availability.

   1.  Confidentiality-Ensuring that only authorized users have access to sensitive data
    2.  Integrity-Ensuring that only authorized entities can change sensitive data. May also guarantee origin authentication, meaning an assurance that the data originated from an authorized entity (like an individual)
    3.  Availability-Ensuring that systems and the data that they provide access to remain available for authorized users.
    A security professional must constantly weigh the tradeoffs between threats, their likelihood, the costs to implement security countermeasures, and cost versus benefit. Someone has to pay for securityand there must be a solid business case and return on investment (ROI) for the measures implemented.

Confidentiality

Confidentiality is often discussed as hiding an orgainzation's data with encryption technologies-using a Virtual Private Network (VPN), for example.
Confidentiality means that only authorized users can read sensitive data.
Confidentiality countermeasures provide separation of data from users through the use of:

     1.  Physical separation
     2. Logical separation    
Confidentiality breaches can be minimized by effective enforcement of access control, thereby limiting the following:

      1.  Network resources through the use of VLANs, firewall policies, and physical network separation.
      2.  Files and objects through the use of operating system-based controls, such as Microsoft "Active             Directory" and domain controls and UNIX host security.
      3. Data through use of authenticaiton, authorization, and accounting (AAA) at the application level.

When attackers successfully read sensitive data that they are not authorized to view, a breach has occurred. This is almost impossible to detect because the attacker may have breached the confidentiality of the data by making a copy of the data from the network and using tools offline, leaving no trace. This is why in the context of confidentiality is for preventing the breach in the first place.

Integrity

Daa integrity guarantees that only authorized entities can change sensitive data. It also provides for optional authentication in proving that only authorized entities created the sensitive data. This provides for data authenticity. Hashing functions and digital signatures are two methods that are used as methods to ensure data integrity and authenticity. Integrity services provide for some guarantee that:

    1.  Data cannot be changed except by authorized users.
    2.  Changes made by unauthorized users can be detected.


Availability

This refers to the safegaurds that provide for uninterrupted access to data and other computing resources on a network during either accidental or deliberate network or computer disruptions. Due to the complexity of systems, this means that this is one of the most difficult services to guarantee. Attacks preventing users access to the system are callled Deniall of Service (DoS) attacks.

DoS attacks are usually caused by one of two things:

    1.  A device or an application becomes unresponsive because it is unable to handle and unexpected condition.
    2.  An attack (remember, this can be accidental!) creates a large amouint of data causing a device or application to fail.

DoS attacks are easy to launch, often with tools downloadable offline such as vulnerability assessment tools. A fine line exists between a network probe designed to determine a network's resiliency against various types of attack, and an actual DoS attack. Some of these tools give the user the choice as to whether to enable probes that are known to be dangerous when leveraged against vulnerable networks.