18
Chapter 2. Attackers and Risks
2.2. Threats To Network Security
By breaking down a network into its basic segments, we can determine the risks and define what is
necessary to prevent unauthorized access.
2.2.1. Insecure Architectures
A misconfigured network is a primary entry point for unauthorized users. Leaving a trust based, open
local network vulnerable to the highly insecure Internet is much like leaving a door ajar in a crime 
ridden neighborhood   nothing may happen for an arbitrary amount of time, but eventually someone
will exploit the opportunity.
2.2.1.1. Broadcast Networks
System administrators often fail to realize the importance of networking hardware in their security
schemas. Simple hardware such as hubs and routers rely on the broadcast or non switched principle;
that is, whenever a node transmits data across the network to a recipient node, the hub or router sends
a broadcast of the data packets until the recipient node receives and processes the data. This method
is the most vulnerable to address resolution protocol (arp) or media access control (MAC) address
spoofing by both outside intruders and unauthorized users on local nodes. For advice on choosing the
right networking hardware and topology, refer to Chapter 8.
2.2.1.2. Centralized Servers
Another potential networking pitfall is the use of centralized computing. A common cost cutting
measure for many businesses is to consolidate all services to a single powerful machine. This can be
convenient because it is easier to manage and costs considerably less than multiple server configu 
rations. However, a centralized server introduces a single point of failure on the network. So if the
central server is compromised, it may render the network completely useless or worse, prone to data
manipulation or theft. In these situations a central server becomes an an open door, allowing access
to the entire network. Refer to Chapter 8 for more information about network segmentation and how
they help you avoid an incident.
2.2.1.3. No Firewall
The least likely, but still common, mistake among administrators and home users is the assumption
that their network is inherently secure and, thus, they forgo the implementation of a firewall or network
packet filtering service. The installation of a dedicated firewall, whether standalone or as part of a
server that will act as a gateway, is crucial to segmenting internal and external network traffic. Leaving
the internal network exposed to the Internet, especially if the connection to the Internet is constant,
is an open invitation to any Internet user that happens to find the network's external IP address. A
cracker can potentially act as a node on your internal network or take over machines on the network to
act as a proxy. Firewalls can help prevent this by using packet filtering, port forwarding, or Network
Address Translation (NAT). They can also act as a proxy between the internal network and the Internet,
further buffering the private network from the Internet. Refusing to implement a firewall or, perhaps
more importantly, setting up a firewall incorrectly, leaves a network completely vulnerable. Refer to
Chapter 7 for more information on configuring a firewall for your network.
2.2.2. Network Encryption
Password protected applications and services are sound means of protecting a network. However,
these passwords should never be passed over public networks unencrypted. This is because crackers
use readably available tools to sniff network traffic for data such as passwords to gain access to






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved