TCPIP Networks Management and Security

1
TCP/IP Networks Management and Security

• Presented by
• David M. Litton, CPA, CISA, CGFM
• Deputy Director, Audit and Management Services
• Virginia Commonwealth University
• May 7, 2001

2
(No Transcript)
3
Course Objectives

• What is a TCP/IP Network?
• Common components of a TCP/IP network
• Network environment TCP/IP protocol and
  associated devices functionality
• General network risks
• Specific risks and compensating controls for
  TCP/IP network devices
• Areas of a TCP/IP Infrastructure Audit

4
What is a TCP/IP Network?

• Envelope and post office concept
• Ethernet Frames
• Internet Protocol (IP) Connectionless datagram
  tries to send but not sure if it gets there
• Transmission Control Protocol (TCP)
• Alternatives to TCP UDP and ICMP
• Ports
• Socket (Combination of port IP address)
• Connection (pair of sockets for a session)

5
(No Transcript)
6
(No Transcript)
7
(No Transcript)
8
(No Transcript)
9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
(No Transcript)
15
OSI Model and TCP/IP Compared
16
(No Transcript)
17
Common components of a TCP/IP network

• Cat 5 UTP Wiring fiber optics lower layer 1
• Hubs emphasis layer 1
• Bridges layer 1 or lower-part of layer 2 (MAC)
• Switches some layer 1 emphasis layer 2
• Routers emphasis layer 3 some layer 4
• Applications/network utilities layers 5-7 FTP,
  HTTP, NFS, X-Windows, Telnet
• Protocol Stacks part of server/work station O/S
• Servers - physical and logical contrasted
• Specialized IP servers DHCP, BOOTP, DNS

18
Network Environment TCP/IP Protocol and
Associated Devices Functionality
19
LAN/WAN Protocol Example
20
General network risks

• Inconsistently applied back-up procedures for
  Network Equipment and Servers
• Lack of a test lab and change control procedures
• Intercepting clear text, log-on identifiers and
  passwords
• Staff turn-over

• Use of unauthenticated services on network hosts
  and pass through routers
• Lack of spoofing prevention measures
• Use of default passwords on network equipment
• Lack of password change procedures for network
  equipment
• Poor O/S controls on network devices

21
General network risks

• Improper access to restricted systems (patient
  information, financial records, payroll, etc.)
• Release of sensitive information
• Prolonged outages and inconsistent availability
• Lack of documentation
• Non-compartmentalized traffic
• Trojan Horses

• Lack of expertise, training, and cross-training
• Lack of restoration plans or spare parts
• Ineffective procedures
• Masquerading as another individual
• Spying, Sabotage
• Risk from easy-to-use freeware utilities
• Stolen Passwords

22
Specific risks and compensating controls for
TCP/IP network devices
23
Router Risks and Controls
24
Router Risks and Controls
25
Router Risks and Controls
26
Router Risks and ControlsMethods of Accessing
Routers

• Console
• TFTP
• Telnet
• TACACS
• MOP (maintenance operation protocol by DEC for
  CISCO routers)

• SNMP
• R-Shell
• R-Copy
• FTP
• HTTP
• More being added, check manufacturer documentation

27
Domain Name ServiceRisks and
Controls
28
Network Address Translation
29
TCP/IP Environment Example
30
Wiring/Hubs Risks and Controls
31
Additional Server Risks and
Controls
32
Dangerous Services to be Restricted
33
Work Stations Risks and Controls
34
Encryption

• Examine Encryption Practices
• Determine where the traffic is the most exposed
  going out on the Internet, between business
  partners
• Look for controls like compartmentalization
  VLANs to reduce internal exposure
• Use Encrypted methods like SNMP V.2 and CHAP V.2
  to communicate to network devices
• Consider testing encryption controls with a
  sniffer

35
Sniffed PPP Connection in Clear Text
36
Areas of a TCP/IP Infrastructure Audit Why
Examine Network Infrastructure

• Rarely examined
• Large investment
• Basis for most technology - the common
  denominator
• Connects to the World
• Lost Revenue on E-Commerce
• Susceptible to Denial of Service Attacks

37
Areas of a TCP/IP Infrastructure Audit
Recommended Objectives

• Continuity (consistent reliability and
  availability of system -- back-up and ability to
  recover)
• Management and Maintenance (additions, change
  procedures, upgrades, and documentation)
• Security (appropriate physical and logical access
  to network devices and hosts)

38
Auditing TCP/IP Infrastructure

• Review network policies and procedures
• Review network diagrams (layer 1 2), design,
  and walk-through, list of network equipment and
  IP address list
• Verify diagrams with Ping and Trace Route
• Review utilization, trouble reports helpdesk
  procedures
• Probe systems (Netscan tools and Portscanner)
• Interview network vendors, users, and network
  technicians
• Review software settings on network equipment
• Inspect computer room and network locations
• Evaluate back-up and operational procedures

39
Conclusion

• Identify the paths and equipment used to navigate
  the network
• Identify TCP/IP infrastructure areas of concern
• Break into manageable pieces
• Every network is different and the components and
  risks must be fully understood
• Identify risks and prioritize
• Dedicate more upfront planning
• RELAX !! Its not that bad !

40
Additional Information

• Presentation located on line at URL
• http//www.vcu.edu/iaweb/iam_welc.html
• Contact information
• dmlitton_at_vcu.edu
• (804) 828-9248