October 30, 1999
Jukka Paajanen
Markku Multamäki
Tuotantotalouden osasto
Teknillinen korkeakoulu
Jukka.paajanen@hut.fi
Markku.multamaki@hut.fi
Although not all people may realize it, the Internet as of now is very insecure place and several types of threats affect the people connected. The threats can be divided into three groups: Confidentiality, integrity, and availability threats. The only way to protect realistically is to separate from all external connections, but as this is not usually feasible, there are ways to control the risk of attacks. The two main ways to technically protect a network is by either reconfiguring the router or by using a firewall. Firewalls can be divided into four categories, filtering gateways, circuit gateways, application gateways, and hybrid firewalls. However, how perfect the technical solution ever, the two most important parts of the security system are the people in it and the security policy.
As more and more computers are connected to the Internet, the security issues become more relevant day by day. When the origin of the Internet, Apranet and its successors, were being developed, issues such as fault-tolerance and simple functionality were several orders of magnitude more important than security. Back in the 60s the only people connected to the net were researchers or other people associated with the development project and hence had a great sense of togetherness – one the best preventive forces against security breaches. However, since then commercial operators have become active in the field and more computers are connected.
There are several ways in which the computers connected to the Internet are in great danger. They can be classified into three categories,
[Gollman, p.5]
Threats to confidentiality mean threats by which someone could extract information not meant to be seen by him. There are a lot of ways this can be done technically. It can be either by sniffing (eavesdropping) or by break-in into computer not properly protected or even by using information basically but accidentally available to oneself in a computer system. One simple but very effective way is also by going through the ready printouts pile or paper recycle bins.
Integrity means that the files are intact and in the form and state they were left by the authorized person. Integrity breaches can be caused by either technical flaws (e.g. hardware malfunction), automatic systems (e.g. viruses or other malicious code), or by other people deliberately modifying the information. The integrity can be broken either completely. In this form all of the information is lost, or the file removed. It is a lot easier to notice and perhaps take countermeasure actions than against slow or minor modifications. The latter, however mild it might sound, is actually extremely dangerous as the contents of the document may change completely without anyone ever noticing it.
Availability basically means that all the services and information is available when needed. It is broken if for example the server or line to it is down or if a specific service has crashed. There are several DoS (Denial of Service) attacks against all types of machines mostly attempting to exploit a feature or bug in the code.
A very interesting, although completely unverified case for security, is the BASS project [Liraz]. The basic idea behind it was to scan the entire Internet against certain very known loopholes in standard software. The claimed results were astonishing, although completely within limits of possibility. Although all of the scanned holes were rather old and well known and there is a fix for each of them, the scan found 730000 of the holes in 450000 hosts in use [Liraz]. The article can’t be easily verifies, but the level technical details and knowledge incorporated in the article shows that it is a possible project to complete. For readers interested in interesting stories how to break into systems, the same article is recommendable.
An important notion that slips a lot of the people is that "If you can reach them, they can reach you" [Dutcher]. This means specifically that all the computers connected to the Internet can see your computer and attempt to access it if no preventive precaution has been taken.
Roughly only way to be completely secure against most breaches, then, is to isolate yourself completely from the outside world. This can still leave you vulnerable for some possible problems such as hardware malfunctions causing at least DoS and Integrity issues.
A lot of people and some experts tend to think that the only way to achieve partial isolation or achieving a status where the connections between a private network or a host and the external Internet are limited, is by using firewall. However, the same functionality can in some cases be achieved by using properly configured router [Ranum]. These both ways can limit the traffic or connections between the networks for example so that only certain incoming connections to public servers are allowed, whereas all outgoing connections are OK.
The firewalls can be divided into four categories: packet filters, circuit gateways (or dual-homed hosts), application gateways or proxies, and hybrid firewalls. The packet filters can be implemented by reconfiguring a router or, if more complex functionality is desired, bought from the many commercial vendors. Basically the idea is either to carry or drop packets according to some predetermined rules using information related to the packet, e.g. source / destination addresses, port numbers, state of the connection, and possible encryption / user authentication status. The packets that are allowed will reach the secured destination hosts directly.
Dual-homed hosts or circuit gateways accept certain connections from either the outside or inside network and translate the connection as if it was made from the gateway. Using this functionality the same packet will not travel in both networks and the network addresses of the screened hosts are never revealed to the outside world. Otherwise the connection acceptance is defined using similar metrics as in the packet filters.
Application gateways will take the isolation one step further. They will not allow any packets or data be transferred, but rather content. Idea is that they accept a connection for some specific protocol and establish similar connection on the other side (if accepted connection) and mediate the data between the two hosts. This way the content can be screened and a simple change of the application ports will no longer work. Typically also the gateway will act as a proxy server in this configuration.
The hybrid firewall basically combines two or more of the aforementioned functionality into one machine. This is what most of the commercially available firewalls are like nowadays.
Although a firewall or properly configured router is a good way of technically controlling certain risks, especially those of foreign attacks, it is never sufficient. First of, every organization handling anything should have an explicit security policy. This policy should state what should be available and to whom. It shouldn’t consider technical issues such as addresses or port numbers, but the services and information as the people see them and can use them. This security policy, when implemented, will convert also into the technical details, but also to a lot more.
Very important issue always to take into consideration when dealing with security issues is the people using the systems. Most damage to any organization is achieved by people inside the organization either deliberately or out of ignorance performing acts that compromise the security. Educating the people to avoid certain dangerous issues is extremely important. Quite a few employees will actually reveal very confidential information either on a phone or when met personally. Even more damage is done by using unencrypted connections from other location, including sending plain text e-mail to other organization. More often than not it can be read by other, possibly malicious people.
| [1] | Dutcher William, If you can reach them, they can reach you, 19.6.1995
[referred 19.9.1999] <http://www.zdnet.com/pcweek/sr/0619/tfire.html> |
| [2] | Gollman, Dieter, Computer Security, John Wiley & Sons Ltd, England, 1999, 320 p. |
| [3] | Ranum Marcus J, Internet Firewalls Frequently Asked Questions,
26.5.1998 [referred 19.9.1999] <http://www.clark.net/pub/mjr/pubs/fwfaq/> |
| [4] | Siri Liraz, The Internet Auditing Project, 11.8.1999 [referred
19.9.1999] <http://www.securityfocus.com/templates/forum_message.html?forum=2&head=32&id=32> |