Gary C. Kessler and N. Todd Pritsky
25.2 POLICY AND PROCEDURE ISSUES
25.4.1 Sniffers and Broadcast LANs
25.4.2 Attacks on the Physical Plant
25.4.3 Modems, Dial-up Servers, and Telephone Lines
25.5 NETWORK OPERATING SYSTEM ISSUES
This chapter discusses generic issues surrounding local area network (LAN) security. Securing the LAN is essential to securing the Internet because LANs are where most of the attackers, victims, clients, servers, firewalls, routers, and other devices reside. Compromised LAN systems on the Internet open other nodes on that local network to attack and put other systems at risk on the Internet as a whole. Many of the general issues mentioned herein are described in more specific terms in other chapters of this Handbook, such as Chapters 15, 22, 23, and 47 in particular.
Twenty years ago, all users had accounts on a shared mainframe or minicomputer. A single system manager was responsible for security, backup, disaster recovery, account management, policies, and all other related issues. Today all users are system managers, and, in many cases, individuals have responsibility for several systems. Since the vulnerability of a single computer can compromise the entire LAN, it is imperative that there be rules in place so that everyone can work together for mutual efficiency and defense. But where polices and procedures can be centralized, they should be, because most users do not take the security procedures seriously enough.
The next list, modified from the Internet Engineering Task Force (IETF) Request for Comment (RFC) 2196, is a rough outline of LAN-related security policies and procedures that should at least be considered.1
Not every issue will apply to all networks, but each LAN is an ever-evolving entity, and the policies guiding its operation also must evolve.
The physical protection of the site is very important but too often overlooked. One reason that site security is often lacking is that some of the policies and procedures can be perceived as messages to employees that they are not trusted. Nevertheless, physical site security includes many aspects of protecting network servers, communications facilities, individual user's systems, and information.
For more information on facilities security, see Chapters 22 and 23 of this Handbook.
The LAN itself has a number of additional vulnerabilities because the systems and media are so widely dispersed. This section discusses securing the LAN infrastructure.
Traditional LAN media access control (MAC) schemes operate assuming a logical, if not physical, broadcast topology. In a broadcast network, every station hears every transmission. When operating in promiscuous mode, a LAN station will read every frame that goes by regardless of whether the frame is addressed to the station or not.
When protocol analysis, or sniffer, software became available in the 1980s, every station on the LAN became a potential network analysis and management tool—or a surreptitious eavesdropper. Since so many of the network's applications—particularly TCP/IP-based applications—transmit passwords and files in plaintext, this type of software is potentially very dangerous.
A number of sources offer very powerful and very flexible commercial packet-sniffing software, such as Network Associates' SnifferPro and Novell's LANalyzer. These packages usually have additional capabilities, such as network monitoring, performance monitoring, and traffic analysis. Prior to 1990, network protocol analysis required a special piece of hardware with a connection to the network. Today, a large number of software packages that do TCP/IP packet sniffing can help an intruder because they can be installed directly on an individual's laptop or desktop computer. Some of these packages include:
Relatively few countermeasures can be taken against these kinds of tools. Fortunately, they are effective only on a broadcast network such as a hubbed LAN. If an Ethernet hub, for example, is replaced with a switch, the only traffic broadcast to all hosts on the network are those frames actually addressed to the LAN's broadcast address. In this case, a station can sniff only that traffic that is going to or coming from the station with the sniffer software. Replacing all hubs with switches may be unreasonable in many environments, but placing all servers on a switch instead of a hub will improve both performance and security.
Other network-based tools that can detect a host with a network interface card (NIC) in promiscuous mode, such as AntiSniff (Windows) and sentinel (UNIX). These tools work by performing a number of tests to detect the promiscuous host; they then check the network host's operating systems, domain name system (DNS) activity, and network and machine latency. An excellent overview of antisniffer tools can be found at www.securitysoftwaretech.com/antisniff/tech-paper.html.
Sniffers can be defeated using cryptography. Use of secure IP (IPsec) and secure shell (SSH) for TCP/IP applications can provide privacy and integrity to all communication and applications. IPsec is available from any of the IPSec Developers Forum members (www.ip-sec.com), and SSH is available from SSH Communications Security (www.ssh.com).
The most common medium employed today on LANs is copper-based, unshielded twisted pair (UTP) cable. All copper media, including UTP and coaxial cable, emanate a magnetic field because of the changing current on the wire. Van Eck monitoring devices can pick up these emanations remotely and reproduce the frames on the wire or keystrokes at a machine. As far-fetched as this might sound, the vulnerability is very real. The U.S. Government and military have a set of standards to reduce and limit electromagnetic radiation (EMR) called TEMPEST, and the National Security Agency (NSA) has a list of products that are TEMPEST-compliant. Indeed, this vulnerability may not be a major problem in most organizational networks, but there is some set of networks where this is a concern. An excellent source of TEMPEST information can be found at www.eskimo.com/~joelm/tempest.htm.
An alternative to encasing workstations in Faraday cages (i.e., copper mesh layers surrounding all components) is to generate random electronic noise that masks meaningful radiated data transmissions.2
One way to reduce or eliminate EMR is to reduce or eliminate the amount of copper media on the network. Optical fiber, for example, has no EMR because there is no electricity on the line. It does not eliminate the EMR at the desktop itself, but it does prevent its entry into all interconnecting fiber cables.
Users also can be the source of some types of denial-of-service (DoS) attacks, either purposely or accidentally. Consider coaxial cable Ethernet networks (10BASE-5 or 10BASE-2) where nodes are attached to a common LAN medium. In both cases, the coaxial cable has a terminating resistor at the end of the wire to eliminate reflection of the signal. If the resistor is removed, it allows extra noise on the wire that can block all traffic on the network. End-of-cable resistors should be beyond the reach of users if at all possible.
Similar DoS attacks may occur whenever users modify the wiring scheme of the network. Removal of terminating resistors is only one action that can cause problems. Hubs in common areas might be unplugged or have network connectors removed. A token ring hub-to-hub connection can be detached, breaking the integrity of the ring and thus preventing LAN hosts from communicating with other hosts and denying service to users.
It is important that the physical network should be secured to the greatest extent possible. LAN managers should educate users to avoid the accidental problems that might occur and even how to recognize nefarious attacks.
Modems any-where on the LAN are a potential danger, particularly those that are connected directly to a user's system, with or without official sanction. Modems can provide a back door into the LAN, possibly bypassing the firewall, strong authentication, proxy server, and any other network security.
In general, all modems should be concentrated at the network's dial-up server. Individual user systems should, in most cases, be banned from having modems on the network. This is a difficult rule to enforce, however, because laptops and an increasing number of desktop systems include preinstalled modems, and a user can always connect an external modem to the serial port of any system. This is an example of why security managers have to integrate policies into the culture of an organization. Otherwise, users will find a way around what they perceive to be prohibitive and onerous policies, and modems are one way to circumvent the corporate firewall.
Modems in auto-answer mode are particularly dangerous. Although most companies do not advertise their dial-in telephone numbers, these numbers do not remain secret for very long from someone who wants to find them. Anyone with a telephone directory can easily start mapping an organization's block of corporate telephone numbers. For example, if the main number is 802-555-3700, attackers have a place to start. When attackers call the main number and ask the receptionist for the organization's fax number, they obtain even more information. Using war-dialer software, attackers can scan an entire block of telephone numbers (e.g., 555–3700 through 555–3799) and obtain a list of which numbers are active, which respond with a tone, and what the tone represents (e.g., fax, modem, etc.). If a user has an auto-answer modem on a computer, attackers may gain access to the user's system without so much as a password. Security managers should work with their local telephone companies to obtain telephone numbers for modem lines that are not in the organization's telephone block.
The dial-up server, then, is the place to concentrate the modems and the authentication of dial-up users. There are several strategies for authentication at the dial-up server, the strongest being some form of two-factor authentication, such as a combination of passwords and a token. Another strong protection mechanism is to implement a dial-back mechanism, so that once a bona fide user logs in, the system hangs up and calls back to a preconfigured telephone number. This is a very effective scheme that works well with fixed-location telecommuters but not with roaming employees. In addition, attackers have been known to tamper with the central switch of a telephone company to call-forward from an assigned number to the attacker's own modem.
When a user requires two separate logons, one to the dial-up server and then one to a domain server, security restrictions should control what the caller is allowed to do after passing the first test. One of the authors of this chapter worked with a company that had a shared secret (an oxymoron) telephone number for its modem bank and then a single shared username and password for all the users to authenticate to the dial-up server. To access files and shared network resources, the user then had to authenticate to the domain controller. But after passing the identification and authentication for the first server, an attacker was on the organization's LAN and had complete, unfettered access to the Internet and an identity that implicated the company in any possible malfeasance.
Some guidelines for securing dial-up servers include:
Wireless LANs (WLANs) have vulnerabilities their wired counterparts do not. The most obvious difference between wired and wireless networks is the medium itself. Although copper-based LANs emit a small amount of radiation that can be intercepted, the entire basis of wireless LANs is transmitting data using relatively strong radiation in some form.
There are WLANs based on infrared signals that cannot penetrate building walls and so achieve some degree of security due to the limited propagation of those signals. Such LANs typically are found in networks requiring high levels of security. However, most WLANs today use radio transmission techniques. In these networks, anyone on a nearby street can use a listening device to intercept data and even capture the network identifiers required to connect to the LAN. The practical range of interception is governed by the inverse-square law for the signal strength (it declines as the square of the distance from the source) and by the sensitivity and signal-to-noise characteristics of the receivers.
Fortunately, there is a certain measure of security within the physical layer itself. IEEE 802.11-based LANs employ either Direct-Sequence Spread Spectrum (DSSS) or Frequency-Hopping Spread Spectrum (FHSS) techniques. As always, depending on range and noise levels, it is possible to eavesdrop. However, interpreting the signals is made more difficult by how DSSS and FHSS work.
To make sense of the transmissions, the receiver must know either the chipping code used in a DSSS network or the frequency-hopping pattern in an FHSS implementation. Without such information, the signal will appear to be nothing more than background noise to the illicit receiver. It is not an insurmountable problem for the would-be eavesdropper, but the work factor is greatly increased when compared to narrowband radio techniques. The spread spectrum approach also offers more reliability in the face of interference from denial of service (i.e., intentional jamming), as the signal is spread over a broad range of frequencies. Some vendor equipment also comes with software components that allow for tuning around interference.
For greater privacy than that provided by the physical layer alone, the 802.11 standard includes an optional encryption method called Wired Equivalent Privacy (WEP). This technique is truly optional so not all vendors support the standard. WEP uses a 40-bit form of the RC4 algorithm by default, although some products support stronger, 128-bit versions. It is a good idea to choose a product that offers more than just the 40-bit version, as a 40-bit keyspace does not provide great security given today's computing power.
Because WEP does not offer strong encryption and does not describe a standard key-exchange mechanism, many vendors have implemented layer three tunneling methods, such as those found in virtual private networks (VPNs), to provide greater privacy. These VPN-based approaches generally employ other encryption processes (e.g., Microsoft Point-to-Point Encryption) as used in the Point-to-Point Tunneling Protocol (PPTP) that use longer keys than WEP and often support Public Key Infrastructure (PKI) or other key-exchange mechanisms. Some implementations also provide authentication through standards such as Remote Access Dial-In User Service (RADIUS) for more flexible client management. The major problem is that these approaches are not all interoperable and are not necessarily multiprotocol capable.
WEP also can be used for authentication to prevent unauthorized access to the WLAN itself. Such authentication adds another layer of protection to the username and password combination employed by typical server software. Before gaining access to information resources on the server, a client first must gain access to the physical medium. Using the shared key scheme, a wireless device must possess the same encryption key as the LAN's access point, the device enabling wireless connectivity to the wired portion of the LAN. Any data transmitted must be encrypted with the key, or the frame will be ignored. Many wireless access products also have the capability to create access control lists based on MAC addresses to filter LAN connections.
In summary, network managers should consider these security items when evaluating wireless network components:
Physical Layer Schemes
Encryption Options
Authentication Methods
In the early 1990s, it was common to find desktop systems running the Windows operating system and the Novell NetWare network operating system (NOS). Desktop applications ran over Windows, and NetWare was used only to move files to and from the shared file space, or to print documents.
Today, the distinction among the desktop operating system, server operating system, and NOS is disappearing. Operating systems such as Linux, MacOS, UNIX, and Windows all provide desktop application suites with networking capabilities, including communications protocols such as TCP/IP. There are some general security considerations for all LANs regardless of the specific operating system:
Specific operating system vulnerabilities are beyond the scope of this chapter; entire books and Web sites are devoted to securing some of these individual operating systems. At a minimum, network managers must monitor their operating system vendor's Web site and all other sites that cover the NOS's security. The sections that follow provide some general observations and comments about the various network operating systems.
All of the Windows operating systems (including NT and 2000) support peer-to-peer resource sharing and are vulnerable to exploitation of NetBIOS file and print sharing. In particular, when file and print sharing is enabled, the service is, by default, bound to TCP/IP. Although this does not cause an additional exposure to systems on the local network (since shares can be seen by other nodes on the LAN anyway), it does provide a potential vulnerability for hosts connected to the Internet. File and print sharing can be unbound from TCP/IP using Start, Control Panel, and Network.
Windows 9x (including Windows 95, Windows 98, and Windows ME) systems also have a vulnerability in the way authentication is performed when a user wishes to access a remote share. Windows uses the challenge-handshake authentication protocol (CHAP) for all passwords that need to be sent over the network, so passwords never appear in plaintext on the LAN. However, because Windows 9x uses the same challenge during a given 15-minute period, an intruder with a physical access to the LAN and to a sniffer could effect a replay attack by resending a duplicate authentication request and remapping a share on the Windows 9x system. This example illustrates the critical role of physical security in preventing compromise of LANs.
One of the best-known Trojan horse programs for Windows 9x is Back Orifice (BO). Advertised as a remote Win9x administrator tool, it can be used by a nefarious user to take total control of someone else's system, including the capability to modify the registry, reboot the system, transfer files, view cached passwords, spawn processes, and create shares. NetBus is another tool that can be used to take control of a remote Windows system. Some commercial virus scanners can detect these programs on individual systems, and several workstation firewalls exclude communications characteristic of these Trojans.
Windows 9x has no particular logon security mechanism. Although every user might be forced to log on to a system, any user can log in with any username and any password to get at least basic access. Several password-cracking programs are available through the Internet to break Windows' .PWL password files, which are accessible once a user has access to the network. If a password-protected screen saver is preventing an attacker from logging in, there is an easy way around this as well: Simply reboot the computer. However, third-party security programs include nonbreakable secure logins and secure screen savers; many include bootlock functions that prevent any access whatever unless a valid password is entered. Current examples of such software can be located easily using buyers' guides such as the annual listing from the Computer Security Institute.3
From a security perspective, Windows 2000 Millennium Edition (ME) is not significantly stronger than Windows 9x. Network administrators should periodically scan the network's public shares to ensure that they are appropriate. Windows NT Server, NT Workstation, and 2000 Server editions are built for security, and network services and have the software architecture to support these services. However, a security vulnerability announcement related to these operating systems seems to come out almost weekly. Many of the hacking tools available for Win9x also are available for Windows NT and 2000; Back Orifice 2000 (BO2K), for example, is an NT/2000 version of BO and NetBus also can take control of an NT/2000 host.
Scripting holes in Internet Explorer (IE) and Office 2000 make all Windows systems susceptible to a variety of new virus and worm attacks. Although the early viruses, such as Melissa and I LOVE YOU, required users to open e-mail attachments, that is no longer so. Microsoft Outlook and Outlook Express will execute HTML and script code in the body of an e-mail by default. Several ActiveX components also will execute from an e-mail containing HTML and script code; examples of such controls include Scriplet.typlib (ships with IE 4.x and 5.x) and the UA control (Office 2000). The best protection against these types of vulnerabilities are to define Outlook and Outlook Express to read e-mail in the “Restricted Sites Zone” and disable all Active Scripting and ActiveX related settings inthatzone. This vulnerability affects all Windows systems with Office 2000 or Internet Explorer 4.x/5.x installed, even if IE is not used.
Securing Windows NT/2000 systems is well beyond the scope of this chapter, but some of the precautions, in addition to those listed already, follow.
All NT-based systems have been given the C2 security rating by the National Computer Security Center. At the time of this writing, Windows NT 3.5 and 4.0 and Windows 2000 SQL Server version 8.0 have completed the evaluation process. Windows 2000 Server has been submitted by Microsoft and is expected to be given the C2-level rating. This means that when Windows is installed correctly, it meets evaluation criteria set forth in the NCSC's Orange Book of security specifications. C2 certification is not applied to the operating system itself; rather, it is applied to a particular installation. Microsoft provides tools to audit a site so administrator(s) can deploy the correct hardware and software configurations to achieve this level of security in a network.
Windows 2000 introduced a new feature that administrators might want to employ. Windows NT introduced the ability to compress and decompress files on the fly. Windows 2000 introduces the capability to encrypt and decrypt files on the fly. The Encrypting File System (EFS) uses public key cryptography and the Data Encryption Standard (DES) to encrypt files on the hard drive. EFS includes an optional capability for a recovery mechanism in case of key loss. Organizations using EFS on critical systems should consider employing this mechanism to protect against loss or destruction of the private key.
Windows XP, which has sold well over 400 million copies and still enjoys by far the largest installed base of any Microsoft OS, introduced a number of security-oriented features. The major improvement was the inclusion of a firewall capability in both the Home Edition and Professional versions. Professional goes a couple of steps further by offering EFS file encryption, Kerberos,4 smart card support, and a new software restriction feature allowing administrators to mitigate the impact of viruses and Trojan horses. XP also supports raw sockets, which in itself is not unusual—UNIX and Linux do as well. This feature is intended to increase the functionality of Internet services, but in Microsoft's implementation, it is available to any user, no matter what privilege level. Thus hackers can possibly gain control of a computer running XP and use it to initiate DoS attacks by commanding the OS to generate a flood of traffic.
Although Microsoft's Windows Vista was released with much fanfare—and after a number of delays—it has not been as widely implemented as might have been due to concerns about security and stability of the platform, not to mention a perception that many of the security features create a great deal of inconvenience in the user experience (e.g., User Account Control, to be described, and the Digital Rights Management implementation). Regardless, a prime mover of Vista development was Microsoft's Trustworthy Computing initiative, and as such, a number of new security capabilities were added.
Features include User Account Control (UAC), Bitlocker Drive Encryption, Windows Defender, Data Execution Prevention, Application isolation, Windows Service Hardening, Network Access Protection, and a variety of others. UAC is the most visible from the user perspective, requiring user intervention before allowing any action that requires administrative-level privileges. These include:5
As an interesting historical aside, the National Security Agency assisted Microsoft in the development of Vista. As reported in the Washington Post in January 2007:
For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system—the brains of a computer—to protect it from worms, Trojan horses and other insidious computer attackers….
The NSA declined to comment on its security work with other software firms, but Sager said Microsoft is the only one “with this kind of relationship at this point where there's an acknowledgment publicly.”
The NSA, which provided its service free, said it was Microsoft's idea to acknowledge the spy agency's role….
“I kind of call it a Good Housekeeping seal” of approval, said Michael Cherry, a former Windows program manager who now analyzes the product for Directions on Microsoft, a firm that tracks the software maker.
Cherry says the NSA's involvement can help counter the perception that Windows is not entirely secure and help create a perception that Microsoft has solved the security problems that have plagued it in the past. “Microsoft also wants to make the case that [the new Windows] is more secure than its earlier versions,” he said.6
It is left as an exercise for the reader to decide whether having a spy agency working on a premier OS is a good thing or not.
One of the most important capabilities for the network security manager is to audit the Windows server systems to protect their integrity. These tools are part of the base operating system or the Windows NT Resource Kit:
UNIX is the oldest operating system still in widespread, growing use today. Readers needing guidance for Novell Netware should refer to Chapter 18 in the fourth edition of this Handbook. Originally developed in 1969 at AT&T Bell Laboratories, UNIX became the first operating system to integrate network communications when TCP/IP was bundled into Berkeley Software Development (BSD) 4.2 UNIX in 1984. UNIX had traditionally been reserved for server systems and hardcore computer users. With the development of the X-Windows interface for UNIX and the wide deployment of Linux since the mid-1990s, UNIX and its variants represent the only significant competition to Windows in the desktop and server environment.
Like TCP/IP and the Internet itself, UNIX was developed for functionality and use within a trusted user community. As such, while UNIX has many powerful tools, it does not have a cohesive security architecture, nor is it an inherently secure operating system.
UNIX has most of the basic operating system protections: passwords, access control lists, groups, user privilege levels, and so on. But UNIX also comes with a large variety of services (daemons) enabled by default, including FTP, Telnet, finger, echo, chargen, daytime, RPC, BIND, and more. In addition, nearly every UNIX daemon has had some sort of security vulnerability reported at one time or another, with buffer overflows being quite prevalent.
There are many things that an administrator should consider when securing a UNIX/Linux system. In addition to the general steps just listed, the security manager might also:
One of the most important capabilities for the network/security manager is to audit the Windows server systems to protect their integrity. These tools are part of the base operating system or the Windows NT Resource Kit:
Although the Macintosh operating systems have mostly given way to Windows and UNIX, at least for server systems, they are still worth mentioning. The Macintosh was the first desktop operating system that included networking and resource sharing as integral elements. But like UNIX and TCP/IP before it, the MacOS is designed for convenience and usability but not for security.
Because of its peer-to-peer nature, MacOS has a number of potential exposures. Although Windows and UNIX also can operate in a peer-to-peer mode, a novice user generally will not know how to share resources and thereby may not inadvertently open holes. On the Mac, however, every user is a system administrator and can accidentally open holes to the system. Consider, for example, that a user can share individual files, folders, or disk volumes. Unlike Windows, where a directory is marked as not shared, read, or full, Mac file sharing is more complex and allows the user to establish a set of trusts that require a fair amount of cooperation and knowledge by the users. Network communication is via the proprietary AppleTalk protocol, but this sharing capability is also available over TCP/IP in MacOS.
A nefarious Mac network user can quickly see what servers and shares are available on the network by using the Chooser accessory. Network administrators are advised periodically to scan the network in order to ensure that no users have accidentally enabled more “Guest” access than they intended. However, such guest access is a potentially gaping hole if using TCP/IP. Personal file sharing should be disabled, but if file sharing is required, administrators should establish a central file server, with security provisions.
In desktop use, Macs have relatively little security. Password protection is provided by default only with some laptop systems, and not even a password-protected screen saver comes standard with the system. In short, there is very little standing between a determined attacker and a Mac computer. Third-party software is required to provide password protection against access to the system and files, or for data protection with disk encryption.
Mac-based viruses and worms are much less prevalent than their Windows counter-parts, but Macs are not totally immune. First, those viruses that depend on Microsoft Office Suite software will work because the Mac versions of Word and Excel employ macros. Second, Internet-based attacks aimed at TCP/IP—such as the Ping-of-Death, Teardrop, and SMURF—can still affect a Mac server. There are a few third-party antivirus packages specific for the Mac, for example, Norton Antivirus.
Increased security can, indeed, be added to individual Mac systems, using such tools as:
Any system that can employ passwords will also have password crackers, and the Mac is no exception. Password crackers abound for the Mac but they do not target the MacOS itself, since the operating system does not have passwords. Instead, the crackers attack passwords associated with certain MacOS applications. For example:
It is just as important to keep the version of MacOS up to date as the other operating systems. Macs running System 7.1 and 7.8, for example, are known to crash if they are subject to a large volume of port scans. Many schools and businesses use FoolProof to limit user access to files and other resources; it also appears to store passwords in memory in plaintext so that any user with a memory editor can access password lists. And the installation of System 8.0 on top of earlier versions of MacOS (on a PowerBook) can disable the Password Control Panel and any password protection. These examples demonstrate the need to stay abreast of security warnings and patches.
A number of Mac administrative tools can be used to improve security. Among these are:
There are fewer MacOS security incidents reported because the greater popularity of Windows NT and UNIX servers make it easier to learn about them, because there are more potential targets, and because one single attack can affect more systems. Put another way, there are fewer attacks on Macs because the hacker community is not as familiar with them, and there are fewer attractive targets.
A good administrator can secure almost any NOS, although no NOS is secure initially. The network administrator needs continuous vigilance and monitoring, while recognizing that the operating system is only a part of the overall security plan for the LAN and network services. Most network administrators, due to the nature of their job and training, focus exclusively on the computers attached to the LAN and to the LAN's operating system and software. Unfortunately, this approach is too narrow in its scope. Personal firewall software also might be employed to protect individual systems against attack, but almost all of these products are oriented toward IP-based attacks and miss attacks that employ the NOS's native operating system.
Routers, network firewalls, and proxy servers are essential for protecting LAN systems from attack by an external source. The network administrator also must provide tools to protect servers and workstations from other users on the LAN.
This section lists some books, articles, and Web sites that cover the issues addressed in this chapter. Administrators should monitor vendor, operating system, and security Web sites that will have up-to-date, timely additional information.
Brenton, C. Mastering Network Security. San Francisco: SYBEX, 1999.
Edwards, M. J. Internet Security with Windows NT. Loveland, CO: Duke Press, 1998.
Fraser, B., ed. “Site Security Handbook.” RFC 2196/FYI 8, September 1997; ftp://ftp.isi.edu/in-notes/rfc2196.txt (accessed November 24, 2000).
Garfinkel, S., and G. Spafford. Practical Unix and Internet Security. Sebastopol, CA: O'Reilly & Associates, 1996.
IEEE Working Group for WLAN Standards; grouper.ieee.org/groups/802/11/.
Landau, T. Sad Macs, Bombs, and Other Disasters, 4th ed. Berkeley, CA: Peachpit Press, 2000.
L0pht. “Overview of AntiSniff,” November 24, 2000. www.securitysoftwaretech.com/antisniff/tech-paper.html.
Mann, S., and E. L. Mitchell. Linux System Security: The Administrator's Guide to Open Source Security Tools. Englewood Cliffs, NJ: Prentice-Hall, 2000.
Maximum Security, 2nd ed. Indianapolis: SAMS, 1998.
McNamara, J. “The Complete, Unofficial TEMPEST Information Page,” October 2, 2000; www.eskimo.com/~joelm/tempest.html (November 21, 2000).
National Computer Security Center. “Commercial Product Evaluations,” www.radium.ncsc.mil/tpep.
Payne, W. H., T. Sheldon, and B. Payne. The Complete Reference to Netware 5. New York: McGraw-Hill, 1999.
Rizzo, J., and K. D. Clark. How Macs Work, Millennium ed. Indianapolis: Que, 2001.
SANS Institute. “How to Eliminate the Ten Most Critical Internet Security Threats: The Experts' Consensus,” V1.32, January 18, 2001; www.sans.org/topten.htm (accessed March 6, 2001).
SANS Institute. “Securing Linux Step-by-Step Guide,” V1.0. www.sansstore.org (November 23, 2000).
SANS Institute. “Securing Windows NT Step-by-Step Guide,” V2.15, July 30, 1999; www.sansstore.org (accessed November 23, 2000).
SANS Institute. “Top 20 List.” www.sans.org/top20/.
Scambray, J., S. McClure, and G. Kurtz. Hacking Exposed, 2nd ed. Berkeley, CA: Osborne/McGraw-Hill, 2001.
Schmidt, J., T. Hadden, T. Davis, D. Bixler, and A. Kachur. Microsoft Windows 2000 Security Handbook. Indianapolis: Que, 2001.
Steen, W., ed. Netware Security. Indianapolis: New Riders Publishing, 1996.
University of Toronto. “Local Area Network Security Guidelines,” November 21, 2000; www.utoronto.ca/security/LAN.htm.
Wireless Ethernet Compatibility Alliance, www.wirelessethernet.org.
Wireless LAN Association, www.wlana.org
1. See www.ietf.org/rfc/rfc2196.txt.
2. For details of software-based TEMPEST, see Markus G. Kuhn and Ross J. Anderson, “Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations,” 1998; www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf.
3. See NTP: www.gocsi.com/forms/order/publications.html for the latest CSI Buyers Guide of Computer Security Products and Services CD-ROM.
4. Microsoft came under fire for its original implementation of Kerberos in Windows 2000. Microsoft's version used a piece of proprietary data in the authentication process, making it impossible for third-party Kerberos servers to work with Windows. The company has since released interoperability information.
5. Ed Bott, “What Triggers User Account Control Prompts?” February 2, 2007; www.edbott.com/weblog/?p=1602.
6. Alec Klein and Ellen Nakashima, “For Windows Vista Security, Microsoft Called in Pros,” Washington Post, January 9, 2007; www.washingtonpost.com/wp-dyn/content/article/2007/01/08/AR2007010801352.html.
13.58.41.42