Previous Table of Contents Next

This recent trend in data security provides two benefits. First, the hacker thinks he’s successful when in fact the live data is still protected. Second, detailed information regarding the attack hacker is obtained for authorities. This information may include:

  Traceroute and ping information regarding the attacker
  DNS information regarding the attacker’s host
  Detailed logs of every command and application used in the attack
  Time and date of the attack
  Real-time notification of the attack
  Finger, whois, and other information regarding the attacker

Unfortunately, for the average designer/administrator, little may come from documenting an attack, especially if the attack is launched from another country. The U.S. legal system is just now starting to discover the limitations of local laws in international events, and the majority of the written laws fail to address computing and networking at all. In fact, a California district attorney recently used a horse-trading law from over 100 years ago to charge a man who allegedly ran fraudulent auctions on the Internet—no other regulation was relevant.

Another problem that honey pots do not address is that some software still focuses on port scans from a single IP address to trigger an attack warning. Many hackers have gotten together to launch large-scale attacks with scans originating from hundreds of machines, fooling the software into thinking that there are a lot of “dumb users” out there. This type of attack should be considered in feature evaluations when selecting a firewall vendor.

Network Design in the Real World: Social Engineering Attacks

If it wasn’t clear from the first chapter, I will state here and now that I enjoy the humanistic side of business and computing as much as the technical. In fact, I think that I’d be bored if I only built networks and couldn’t deal with the human issues.

So now you’re saying, “Who cares?” Fine, but let me explain anyway. I note the dual-faceted nature of my career as an introduction to the social engineering attack—an attack methodology that can defeat even the best firewalls. I love it because it is simple and proves once again that mice can become smarter than the mousetrap. Different social engineering attacks work in different ways, but my two favorites are the fake circuit and the CEO support attacks.

The fake circuit attack actually occurs with the installation of a real circuit (despite its misleading name); it typically hits small, remote offices with little or no on-site support. The attack succeeds because most corporations fail to work with the staff in these locations when it comes to networking. Generally, attackers using this technique pose as telephone company employees and pretend to install a new T1 for an “upgrade project.” In reality, the circuit is simply a short connection that connects to a cheap piece of hardware installed by the hacker. Wireless technology has made this technique even easier, but the net gain from the attack is internal access to the corporate data system.

The CEO support attack is a work of wonder. As with the fake circuit attack, it operates on the premise that most people want to be helpful. The attacker selects a victim and calls the secretary of the CEO or other executive who likely has a high level of access to the company systems. The cover story is that the CEO reported a problem with an application on their machine, and the attacker, posing as a member of technical support, wishes to test the modifications on the server to make sure the problem was resolved correctly. Once given the password, the hacker can then use another access method, perhaps a dial-in line, to gain access to the company’s information. This attack works best if the attacker appears to be calling from an internal number. However, it works in many cases because the secretary wants to help and the administrator could always get to the files anyway—the presumption being that server administrators can access all files on the server, regardless of ownership or rights.

You may be asking what good a system password is if the hacker does not have access to the system. Good point. Ask yourself what happens if the remote access system uses the bindery/NDS or NT directory for authentication—the attacker gets in through the same system designed to prevent such an attack. Again, even the best firewalls will fail to flag this type of scenario, and ultimately some data may be compromised.

Security Design Failures

In general, most security designs fail for at least one of the following reasons:

  The solution or issue is misunderstood.
  Securing against the threat is too complex.
  Securing against the threat is too costly.
  The design poses a threat to other corporate structures.
  Data security is superseded by other objectives within the organization.

Most corporations have very detailed security plans that are signed by every employee under threats of termination and prosecution for violators. Unfortunately, more often than not, these documents are unenforced. Note that these documents are different from a security policy statement.

Consider the following corporate security issues as they relate to three specific categories.

  Corruption of data, typically in the form of introducing erroneous information
  Destruction of data, typically in the form of deleting files
  Theft of data
  Leakage of proprietary information
  Theft/destruction of computing resources
  Abuse of data/access
  Employee access abuse
  Unauthorized access by outsiders
  Access abuse by non-employee authorized users
  Hacking of phone/PBX/VM. The PBX, or public branch exchange, and the voice mail (VM) system can provide the attacker with free phone access or a means to tarnish the corporate image—consider the impact if everyone’s voice mail announced to callers that the company went bankrupt.

At first glance, there would appear to be little a network designer could do to thwart all of the above items other than understand the corporate culture and assist in the education of both management and workers. In fact, most network administrators and designers hold to the premise that the network is not a security device, and to a certain degree an argument in favor of this position can be made. However, as with most other problems, a solution that involves various components can frequently address the issue better than a single option. In this vein, designs may incorporate services or options that each address a part of the problem.

For example, consider the first security issue—corruption of data. Clearly, a good backup strategy is the best solution to this problem, because an off-site, near real-time copy of the data counteracts the damage done by fires, floods, and user errors (including the inevitable deletion of that critical sales file). However, this solution does not offer a prevention phase—a chance to prevent the problem from occurring. The network designer may choose a firewall/proxy product that incorporates virus scanning of all files that are accessed from the Internet, yet this solution will fail to address all virus infections—a floppy brought in by an employee could quickly circumvent all detection efforts at the firewall.

Previous Table of Contents Next