Both of these services can provide authentication services with a centralized repository of passwords and permissions. The following output is from a TACACS+ configuration file—note how two groups, operator and operator_plus (members of the default service, permit, are given all commands) are established to restrict the commands available to the user:

Numerous texts provide the details of these protocols and the features, including port numbers and encryption, available to the designer. Yet at this point, designers should be concerned only with the availability of both protocols and the knowledge that both freeware and licensed versions exist. Cisco offers their CiscoSecure product as one possible solution, and each product (including freeware, alternative vendors, and Cisco) has advantages and disadvantages. The benefit of each is that a single system can provide access control for all network devices, and the password information is not stored on the network components themselves. This design provides a slight degree of added security for the architect and greatly simplifies ongoing administration.

Accounting

It is beyond the scope of this book to address all of the components necessary for designing a secure network, even if the scope is limited to the network systems themselves. Various controls on the workstation, server, databases, and other systems are all required to make a system more secure.

However, all security solutions require the presence of an accounting function. This may be part of a TACACS+ or RADIUS solution, or it may appear in the form of log files and audit trails.

The general security guidelines for accounting must include at least two components—sufficient information to reconstruct the events during the period and, ideally, a method for quickly parsing out significant events. It is extremely inefficient for administrators to manually examine the log files looking for problems. This is one of the areas in which firewalls are strong— the good ones provide real-time alerts of suspicious activity and highlight and summarize general activity.

Accounting also has a benefit outside of the security arena. Designers may be asked to look at accounting to provide charge-back mechanisms and other revenue-generating services. In fact, it is likely that vendors will migrate to usage-based billing for Internet connections before 2005—a move that may yield greater revenue than the current flat-rate contracts.

Virtual Private Networks

At present, virtual private networks (VPNs) are not included in the CID exam objectives. However, this relatively new functionality can greatly reduce costs and management issues in the network and should be considered with care by designers. Most VPN deployments build upon the basic concepts of tunneling and add security to the offering. At its simplest definition, a VPN is a tunnel between two points across an untrusted or public network. The contents of the tunnel are typically encrypted, reducing the risk that a session would be intercepted and the data compromised.

The biggest benefit of VPNs, their low cost, is the result of local points-ofpresence—users dial a local number rather than an 800 number or a long-distance one. There is little doubt that low access costs will make VPNs a common service in the network. However, many corporations are having difficulty deploying the service for technical and political reasons. Most frequently, the political reasons involve a lack of trust regarding the security of VPNs and the reliability of using the public network for business-critical data. Many vendors now offer guaranteed service levels for VPN traffic that remains within their network.

Another advantage to VPN technology is the flexibility afforded the designer. The typical remote-access solution, which VPN is designed to replace, requires the designer and administrator to order circuits at both the local and remote ends. These circuits are usually user-specific—user A might use ISDN and user B might use analog dial-up. Even with discounts and 800 numbers, the costs for these services quickly grow and significantly add to the burdens of the support organization. It is not unheard of for users to generate monthly ISDN charges of thousands of dollars. In addition, users are limited to the remote technology deployed for them.

VPN technology simplifies this model substantially as a single point (foregoing redundancy) that can provide connectivity for an array of access methods, including cable modems, DSL, dial-up, ISDN, and Frame Relay. A wide array of protocols and methods, including the Point-to-Point Tunneling Protocol (PPTP), L2F (Layer 2 Forwarding), L2TP (Layer 2 Tunneling Protocol), and IPSec (IP Security), are available to encrypt data and provide secure “virtual” connections between the access points. Each technology provides different standards and benefits, including support for multiple protocols, NAT, and multicasts.

However, the landscape is changing very quickly, and readers are advised to examine vendor materials and standards documents before selecting a technology. Note that at present, though IPSec appears to be the likely VPN solution, Cisco strongly supports L2TP or a combination of L2TP and IPSec, which can provide most services except NAT. Microsoft’s Windows 2000 product will also support these specifications. It is important to note that IPSec supports only IP and was initially designed to provide only encryption, authentication, and key-management services.

One challenge with most of these connection technologies is key distribution. For example, a remote user wishes to activate the VPN client on his home computer and connect to the corporate VPN server. This requires a key on the client that authenticates to the server. How does that key get transmitted securely? To answer this question, designers looking at VPN technologies need to ask a few preliminary questions, including: