The high-profile threats most often discussed in the media are external threats, such as Internet worms and DoS attacks. But securing an internal local area network (LAN) is just as important as securing the perimeter of a network. Without a secure LAN, users in an organization may not be able to access the network, which can significantly reduce productivity.
Many network administrators develop their security strategy from the perimeter of a network and work toward the LAN. Other administrators develop their network security strategy at the LAN and work toward the perimeter. Regardless of the approach, two specific areas that are vital to secure are the endpoints and the network infrastructure.
The LAN is made up of network endpoints. An endpoint, or host, is an individual computer system or device that acts as a network client. Common endpoints are laptops, desktops, IP phones, and personal digital assistants (PDAs). Servers can also be considered endpoints. The LAN-to-perimeter security strategy is based on the idea that if users are not practicing security in their desktop operations, no amount of security precautions will guarantee a secure network.
The network infrastructure is the other area of focus for securing the LAN. Part of securing a LAN is mitigating attacks. These attacks include MAC address spoofing attacks, STP manipulation attacks, MAC address table overflow attacks, LAN storm attacks, and VLAN attacks. Another element to securing the network infrastructure is securing the non-endpoint LAN devices. These include switches, wireless devices, IP telephony devices, and storage area networking (SAN) devices
Before securing the network infrastructure, the initial focus must be endpoint security. Hosts must be protected from viruses, Trojan Horses, worms, and other security threats. The Cisco strategy for addressing endpoint security is based on three elements:
Cisco Network Admission Control (NAC) – The NAC solution ensures that every endpoint complies with network security policies before being granted access to the network. NAC provides access to compliant devices and ensures that noncompliant devices are denied access, placed in quarantine, or given restricted access to resources.
Endpoint protection – Behavior-based technology is available with Cisco Security Agent (CSA), which protects endpoints against threats that are posed by viruses, Trojan Horses, and worms. IronPort perimeter security appliances complement CSA by focusing on email and web security.
Network infection containment – To address the newest attack methods that can compromise the network, containment focuses on automating key elements of the infection response process. The Cisco Self-Defending Network (SDN) elements of NAC, CSA, and IPS provide this service.
An endpoint security strategy is necessary because software tends to have weaknesses. Secure (trustworthy) software is designed to protect data and withstand attack attempts. Historically, secure software was used only within the military and in critical commercial systems. Generally, this type of software is custom software.
Non-secure software can be made more trusted by hardening it or blocking vulnerabilities. While hardening is often done, it requires documentation of the internal software components, which is not commonly provided by vendors. Additionally, securing software requires securing operating systems and any applications that run inside an operating system.
Operating systems provide basic security services to applications:
Trusted code and trusted path – Ensures that the integrity of the operating system is not violated. Trusted code refers to the assurance that the operating system code is not compromised. An operating system might provide integrity checking of all running code by using hash message authentication codes (HMACs) or digital signatures. Integrity verification of add-on software might be necessary at installation. Digital signatures can also be used. Trusted path refers to a facility that ensures that the user is using a genuine system and not a Trojan Horse. An example of a trusted path is the Ctrl-Alt-Delete key sequence required for logging into Windows Server and Windows XP.
Privileged context of execution – Provides identity authentication and certain privileges based on the identity.
Process memory protection and isolation – Provides separation from other users and their data.
Access control to resources – Ensures confidentiality and integrity of data.
An attacker can undermine all of these services. If either the trusted code or a trusted path is not present or is compromised, the operating system and all applications can easily be subverted by hostile code. An operating system might be made more vulnerable if there is a need to provide support for legacy protocols.
These are a few techniques that help protect an endpoint from operating system vulnerabilities:
Least privilege concept – To better protect an endpoint, a process should never be given more privilege than is necessary to perform a job.
Isolation between processes – Isolation between processes can be virtual or physical. For example, memory protection can be done in hardware. Some trusted operating systems provide isolation using logical execution compartments.
Reference monitor – A reference monitor is an access control concept that refers to a mechanism or process that mediates all access to objects. It provides a central point for all policy decisions, typically implementing auditing functions to keep track of access. In addition to the reference monitor that usually exists in an operating system, CSA functions as a reference monitor.
Small, verifiable pieces of code – For all security functionality, the idea is to have small, easily verifiable pieces of code that are managed and monitored by a reference monitor.
The ultimate target of an attacker is often an application running on a host that processes sensitive data that the attacker wants to obtain. Attacks to applications can be direct or indirect. In a direct attack, the attacker fools the application into performing a task with the application’s privileges. In an indirect attack, the attacker first compromises another subsystem and attacks the application through the compromised subsystem (privilege escalation).
When an attacker has the option of communicating directly with the target application, the application must be suitably protected. For example, an attacker might attempt a DoS attack to a specific application. Another example of a direct attack to a target application is if an attacker uses flaws in the application to bypass its access controls to obtain read or write access to sensitive data.
In another scenario, an attacker indirectly gains access to sensitive data through a chain of compromises of other system components. For example, an attacker first obtains basic user-level access to the system on which the sensitive data resides. Then, by exploiting a flaw in any local application, the attacker attains system administration privileges (privilege escalation). Using those privileges, the attacker might be able to read or write to most objects on the system, including sensitive data of the target application.
If you feel this article helped you to get some learning, please support by clicking below.