 |
 |
|
Cisco Network Security Shop - PBM IT Network Security Solutions - Call (888) 233-6471
Call us at (888) 233-6471 for a FREE consultation with a Cisco Solutions Consultant who will review your business data center requirements and recommend next steps.
Featured Solution: Cisco Network Security Design & ImplementationThe Cisco Self-Defending Network is the Cisco long-term strategy to secure business processes by identifying, preventing, and adapting to both internal and external threats. The Cisco Self-Defending Network protects businesses today and adapts to future needs. With Cisco, businesses can protect not only their networks, but also their network investments. The results are improved business processes and substantial savings. A Cisco Self-Defending Network has three unique characteristics: integration, collaboration, and adaptability. First, it integrates security into all elements in the network, ensuring every point in the network can defend itself from both internal and external threats. Second, these network elements work together to exchange information to provide additional protection. Third, the network uses innovative behavioral recognition to adapt to new threats as they arise. The Cisco Secure Network Foundation is a simplified yet comprehensive, cost-effective security solution for small and medium-sized businesses that creates reliable and self-defending networks. The Cisco Intrusion Prevention System (1) Identifies, classifies, and stops malicious traffic, including worms, spyware, adware, viruses, and application abuse, (2) Delivers high-performance, intelligent threat detection and protection over a range of deployment options, (3) Uses reputation filtering and global inspection to give businesses actionable intelligence and prevent threats with confidence, and (4) Promotes business continuity and helps businesses meet compliance needs. Cisco Virtual Office (1) Extends highly secure, rich, and manageable network services to employees working outside the traditional work environment, (2) Is a cost-effectively scales to deployment requirements through standard or express versions, (3) Includes remote site and head-end systems, remote site aggregation, and services from Cisco and approved partners, and (4) Delivers an office-caliber experience to staff wherever they're located with full IP phone, wireless, data, and video services. DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. These are the nastiest, because they're very easy to launch, difficult (sometimes impossible) to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for service. The premise of a DoS attack is simple: send more requests to the machine than it can handle. There are toolkits available in the underground community that make this a simple matter of running a program and telling it which host to blast with requests. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests (hits on the web site running there, for example). Such attacks were fairly common in late 1996 and early 1997, but are now becoming less popular. Some things that can be done to reduce the risk of being stung by a denial of service attack include (1) Not running your visible-to-the-world servers at a level too close to capacity, and (2) Using packet filtering to prevent obviously forged packets from entering into your network address space. Obviously forged packets would include those that claim to come from your own hosts, addresses reserved for private networks as defined in RFC 1918 [4], and the loopback network (127.0.0.0), and (3) Keeping up-to-date on security-related patches for your hosts' operating systems. A passive attack is characterized by the interception of messages without modification. There is no change to the network data or systems. The message itself may be read or its occurrence may simply be logged. Identifying the communicating parties and noting the duration and frequency of messages can be of significant value in itself. From this knowledge certain deductions or inferences may be drawn regarding the likely subject matter, the urgency or the implications of messages being sent. This type of activity is termed traffic analysis. Because there may be no evidence that an attack has taken place, prevention is a priority. Traffic analysis, however, may be a legitimate management activity because of the need to collect data showing usage of services, for instance. Some interception of traffic may also be considered necessary by governments and law enforcement agencies interested in the surveillance of criminal, terrorist and other activities. These agencies may have privileged physical access to sites and computer systems. Make network security testing a routine and integral part of the system and network operations and administration. Organizations should conduct routine tests of systems and verify that systems have been configured correctly with the appropriate security mechanisms and policy. Routine testing prevents many types of incidents from occurring in the first place. The additional costs for performing this testing will be offset by the reduced costs in incident response. Look at the big picture. The results of routine testing may indicate that an organization should readdress its systems security architecture. Some organizations may need to step back and undergo a formal process of identifying the security requirements for many of its systems, and then begin a process of reworking its security architecture accordingly. This process will result in increased security inefficiency of operations with fewer costs incurred from incident response operations. One form of attack on computing systems connected to the Internet is eavesdropping on network connections to obtain login ids and passwords of legitimate users [RFC 1704]. Bellcore's S/KEY(TM) one-time password system was designed to counter this type of attack, called a replay attack [RFC 1760]. Several one-time password implementations compatible with Bellcore's S/KEY (TM) system exist. These implementations are increasingly widely deployed in the Internet to protect against passive attacks. Stop security attacks before they affect business continuity. Cisco ASA 5500 Series Adaptive Security Appliances provide intelligent threat defense and highly secure communications services. These solutions help organizations lower their deployment and operational costs while delivering comprehensive network security for networks of all sizes. Auditors face some challenges when reviewing router and firewall configurations. I'm going to discuss a few of them in this article. My assumption is that there is a device hardening standard in place, which points out the key elements of configuration. I am also assuming configuration review is only small, and not the most important part of audit program (design assessment, change control, access control, etc... have to be done as well). |
