Remote access networking is a necessity for any company that wants to remain competitive. However, it poses a security threat because it creates an openness that leaves valuable corporate resources vulnerable to attacks from unexpected directions. These attacks are launched for several reasons such as intellectual challenge, revenge, and greed. Regardless of the reason, an attack can sometimes be very costly to the company. For example, the intruder can gain access to company confidential files, corrupt company records, inject computer viruses into the network, or reconfigure the network. For these reasons, remote access network security is mandatory for companies with remote login facilities. A corporate network that provides remote access must provide enough security to authenticate users and protect the network resources from unauthorized access.
This article presents an overview of the security mechanisms used in remote access networks. The article discusses the types of attack that a network can be vulnerable to and the security services that are provided in a network. The first step in providing these services is to render data unintelligible to an unauthorized user through the process of encryption. The authorized user recovers the original data from the encrypted data through the inverse process of decryption. The article also covers Web security.
The network security market has become a major segment of the networking market. The information presented in this article is only an overview, but it attempts to provide an extensive and fairly comprehensive discussion on the subject.
Security Issues in Remote Access Networks
A network that can be accessed from remote locations is vulnerable to different types of attacks. The goal of network security is to prevent these attacks, which can be launched in a network in the following ways:
Network Packet Sniffing
This is an attack in which a program monitors the traffic on a network in order to gather user login names and passwords used to access the network. Sniffing can be foiled by scrambling user names and passwords. The process is called encryption and will be discussed later in this article.
IP Spoofing
IP spoofing is an attack in which an intruder is able to fake an IP address so that data sent over the Internet appears to be generated by an authorized user inside the network. The intent may be, for example, to conduct unauthorized business with a company’s clients. IP spoofing is particularly useful to an intruder in source routing. In source routing, the route taken by a packet from its source to its destination is specified in the packet’s header. In a network that supports source routing, the intruder can specify the source route and the receiver can send a reply under the pretense that the intruder is a legitimate user.
Brute Force Attack
This is an attack in which an intruder tries to crack passwords by trying every possible combination of characters until a match is found.
Man-in-the-Middle Attack
This is an attack in which an intruder places himself or herself between two communicating parties who believe they are interacting with each other. Unfortunately, the intruder is snooping and relaying information from one user to the other.
Denial-of-Service Attack
This attack is not aimed at gaining access to a corporate network. Instead, it focuses on making network service unavailable by crashing, jamming, or flooding the network. It is an attack that is difficult to prevent because as long as a network is connected to the Internet anyone can disrupt it.
Trojan Horse Attack
This is an attack in which software that appears to be harmless attaches itself to an authorized program. However, the software can monitor login user names and passwords and pass the information to the intruder. It can also generate viruses that damage data in host machines.
Social Engineering Attack
This is an attack in which the intruder poses as an employee, such as the network administrator, in order to gain unauthorized access to the network. For example, a remote access caller may contact the help desk late at night to request a password to access the network. In this case, the intruder is inadvertently given the password.
Basic Security Services
A good security system should provide services that help simplify the task of managing the security of corporate information assets. These services include authentication, data integrity, confidentiality, access control, and non-repudiation.
Authentication
Authentication verifies that a user is exactly who he or she claims to be. It provides the basis for access control in networks and other computer systems. Different authentication schemes are used for onsite and remote users. The most common authentication scheme for onsite users is the combination of user ID and password. For remote access users, the more common authentication schemes include restricted address, incoming call ID, callback, PAP, Challenge Handshake Authentication Protocol (CHAP), and Remote Authentication Dial-In User Service (RADIUS).
Restricted Address
In this service, a list of remote network addresses is stored in a database located in the corporate network. When a user dials into the network, the network address originating the call is checked against the list. If it is on the list, the call is allowed; otherwise, it is denied.
This scheme prevents unauthorized users from accessing sensitive resources, but it has some drawbacks. It validates the equipment rather than the user, meaning that any stolen equipment can be used to gain access to the network. In addition, it assumes that network addresses are statically assigned. Therefore, it cannot be used in environments where network addresses are dynamically issued by a DHCP server because an equipment’s IP address may change each time it requests an IP address.
No comments:
Post a Comment