Understanding How Security Affects a Network
Given a scenario, predict the impact of a particular security implementation on network functionality (e.g., blocking port numbers, encryption, etc.).
Implementing security measures has an effect on the network. How much of an effect it has depends on which security measures are implemented and the habits of the network users. CompTIA specifies two examples of network security measures (blocking ports and encryption) and asks that you determine what effect the implementation of those measures will have on the network. The following sections help you prepare for this part of the exam.
Blocking Port Numbers
Port blocking is one of the most widely used security methods on networks. Port blocking is associated with firewalls and proxy servers, although in fact it can be implemented on any system that provides a means to manage network data flow, according to data type.
Essentially, when you block a port, you disable the ability for traffic to pass through that port. Port blocking is typically implemented to prevent users on a public network from accessing systems on a private network, although it is equally possible to block internal users from external services by using the same procedure.
Depending on the type of firewall system in use on a network, you might find that all the ports are disabled (blocked) and that the ones you need traffic to flow through must be opened. The benefit of this strategy is that it forces the administrator to choose the ports that should be unblocked rather than specify those that need to be blocked. This ensures that you allow only those services that are absolutely necessary into the network.
What ports remain open largely depends on the needs of the organization. For example, the ports associated with the services listed in Table 12.4 are commonly left open.
| Port Number | Protocol | Purpose |
|---|---|---|
| 80 | HTTP | Web browsing |
| 443 | HTTPS | Secure Web transactions |
| 21 | FTP | File transfers |
| 25 | SMTP | Email sending |
| 110 | POP3 | Email retrieval |
| 53 | DNS | Hostname resolution |
These are, of course, only a few of the services you might need on a network, and allowing other services on a network is as easy as opening the port. Keep in mind that the more ports that are open, the more vulnerable you become to outside attacks. You should never open a port on a firewall unless you are absolutely sure that you need to open it.
Port Blocking and Network Users
Before you implement port blocking, you should have a very good idea of what the port is used for. Although it is true that blocking unused ports does not have any impact on internal network users, if the wrong port is blocked, you can suffer many headaches.
For instance, a network administrator was given the task of reducing the amount a spam emails received by his company. He decided to block port 25. He succeeded in blocking the spam email, but in the process, he also prevented users from sending and receiving email.
Encryption
Encryption is the process of encoding data so that, without the appropriate unlocking code, the encrypted data can't be read. Encryption is increasingly being used as a means of protecting data from unauthorized users. If you have ever used a secure Web site, you have used encryption.
On private networks, encryption is generally not a very big issue. Modern network operating systems often implement encryption so that passwords are not transmitted openly throughout the network. On the other hand, normal network transmissions are not usually encrypted, although they can be if the need arises. A far more common use for encryption is for data that is sent across a public network such as the Internet. In this case, the administrator has little or no control over the path the data takes to get to its destination. During data transmission, there is plenty of opportunity for someone to take the data from the network and then read the contents of the packets. This process is often referred to as packet sniffing.
By sniffing packets from the network and reading their contents, unauthorized users can gain access to private information. But packet sniffing is not possible with encrypted data. Without the necessary code to decrypt the data, the sniffer is able to see only jumbled code. There is a chance that the sniffer might be able to work out what the code is, but the stronger the form of encryption used, the harder it is for the sniffer to work out the code. Therefore, the stronger the encryption method that is used, the better protected the data is.
A number of encryption methods are commonly used. The following sections explain some of the most popular ones:
Internet Protocol Security (IPSec)
IPSec is a set of protocols developed by the Internet Engineering Task Force to establish secure transmission of data packets between computer systems. IPSec is commonly used for transmitting data across public networks, where privacy and security are an ever-present concern. Therefore, IPSec is often used to, among other things, create virtual private networks (VPNs).
IPSec works at the network layer of the OSI model. Therefore, all applications and services that use IP for the transport of data can use IPSec security. In comparison, security mechanisms such as Secure Sockets Layer (SSL), which operate above the network layer, provide security only for applications that can use SSL, such as Web browsers.
Data Encryption Standard (DES)
DES was originally developed by IBM in the mid-1970s, and it became a standard in 1977. DES encrypts and decrypts data in 64-bit chunks, using a 64-bit key. Although the key is 64 bits, the actual encryption key used by DES is a 56-bit key. This is because 1 bit in every byte is reserved for parity, which leaves 56 bits.
For a time, DES was a proven and trusted encryption method. However, over time, attacks against DES encryption methods were successful, and data security was compromised. Quite simply, as faster and less expensive computer systems became available, 56-bit key encryption became inadequate.
Interestingly, DES cracking contests in the late 1990s highlighted DES weaknesses. One system, which was developed for $250,000 and code-named the DES Cracker, shattered DES encryption in less than three days. Today's systems reduce both the cost and time necessary to crack DES encryption.
However, some companies still use the DES encryption method. But for organizations whose data is more sensitive, something stronger is needed.
3DES
Often referred to as “triple DES,” 3DES is an improvement on the DES encryption standard and is much more widely used due to the increased difficulty involved in cracking 3DES encryption. Although 3DES is based on the DES standard, it is a much stronger version, and it is able to provide significantly more security for data than traditional DES.
3DES gets its name from the fact that it performs encryption the same way as regular DES, but it does it three times. Regular DES uses a 64-bit key encryption method, whereas 3DES uses three 64-bit keys, for an overall key length of 192 bits. Like DES, 1 of the bits in each byte is reserved for parity; therefore, the actual key is 168 bits.
Pretty Good Privacy (PGP)
Intended mainly as a mechanism to encrypt email transmission, PGP is a public-key encryption method created by Phil Zimmerman. PGP can be downloaded and used by anyone who wants to add a degree of security to email messages. A detailed discussion of PGP falls outside the scope of the Network+ objectives. For more information and PGP downloads, go to www.pgpi.org.
Auditing
Auditing is an important part of system security. It provides a means to track events that occur on a system. Auditing increases accountability on a network by making it possible to isolate events to certain users. For instance, it is possible to log failed logon attempts that might indicate that someone is trying to gain access to the network by guessing a username or password.
A network administrator might need to audit many different events on a system. Some of these events include failed/successful logons, audit printer access, file and directory access, and remote access. Reviewing the log files generated by auditing allows an administrator to better gauge the potential threats to the network. (Exercise 12.1 at the end of this chapter describes the procedures involved in enabling auditing on a Windows 2000 server.)