Chapter Summary

There are many issues related to TCP/IP security—among the most prominent is that any system with TCP/IP installed and configured and attached to the Internet becomes a target very quickly. If this system is not secured properly, it has a high risk of being found and compromised by a hacker performing scans of IP addresses for vulnerabilities. It is usually recommended to apply the latest patches and service packs and take any vendor-recommended steps to secure the product in question. Also, disabling any unused services, ports, and software can be a good way to augment a system's security.

All address information directly relating to a packet is contained in the header for a packet of information. This header includes such information as a source IP address, a destination IP address, and contents of the packet. Each header also includes a sequence number, which is applied to each packet that identifies the order in which the packets are to be sent and then reassembled at the receiving computer. Often, packets arrive out of order or some won't make it to the destination at all; by having these sequence numbers, the system can reorganize the information into usable data, or request the missing packet(s) of information from the source as needed.

Hackers can use several methods to take advantage of the header and sequence numbers of a packet, among these attacks the most prominent are Denial-of-Service attacks, packet sniffing, and IP spoofing. These attacks can cause a disruption of service, provide valuable information to a hacker, or hide the source of an attack.

The OSI network model has seven layers, each with its own security considerations. The more common layers to be concerned about are the Physical, Network, Transport, and Application layers. Among these layers, the Application layer is by far the hardest to secure because it is the layer on which software operates, requiring you to ensure that not only the software used by the server, but also the client, is secure to provide the best possible security.

The TCP/IP network model is based on the OSI model and follows the same basic orientation, except there are only four layers rather than seven as in the OSI model. Some layers that are related to each other are combined into one layer for the sake of convenience. Although both models represent the same thing, they are both very worthwhile to keep in mind as you work with TCP/IP security. The four layers of the TCP/IP network model are Applications, TCP & UDP, IP & ICMP, and Data Link & Physical.

You should keep in mind several issues when considering Application layer security, including the major Internet services that you make use of on your servers. Services such as SMTP (email), FTP, and HTTP (Web) all have their own security issues that, although not directly related to the protocols themselves, are more geared toward the server or client software used to provide them. Ensuring that the appropriate steps required to secure them are taken is the best plan of action, and as with any other system, these services should either be secured or disabled entirely before placing the server on the Internet.

Several methods are available for securing TCP/IP authentication and data being sent between connections. Among the most common and reliable choice is IPSec, which is included in some operating systems and is also available from third-party solution providers. SSL can be used to secure Web page transactions and viewing. Other security technologies, such as public-key certificate services, can be used to secure the authentication process, or a combination of all different methods can be used to enhance your entire security scheme.