“Nothing more than the whim of a 13 year old hacker is required to knock any user, site or server right off the Internet” Steve Gibson, Gibson Research CorporationAs small businesses move with the Internet revolution - from dial-up connections to broadband 24 x 7 Internet, the security threats to the network increase dramatically. Now PCs and networks are visible on the Internet constantly, giving hackers more time and opportunity than ever to wreak havoc on the businesses of the world.
With over 700,000 small businesses in the United States alone with a broadband Internet connection, it is obvious there are a huge number of business that have opened themselves up to the Internet. With recent high profile hacker attacks against such large corporations as Amazon, E-Bay, NASA and Microsoft; Internet and network security is at the forefront of media attention, but are small businesses at risk? How can businesses enjoy the huge benefits that the Internet brings while protecting themselves against the threats that come with it?
Benefits of Shared Internet Access
Internet access is almost essential for any business hoping to succeed today. But the cost of getting many PCs connected through individual accounts can be very costly. However, sharing one Internet connection between multiple computers can save money and make employees more productive. By giving every PC on your network Internet access, employees are within easy reach of information that they need to do their job more effectively – and all at no extra cost. Using a gateway or Network Address Translation (NAT) device, many computers can be connected through one Internet connection.
Broadband Internet
The introduction of affordable broadband technologies such as Digital Subscriber Line (DSL) and cable has meant that the Internet has turned from a useful tool to a business essential, allowing 24 x 7 access and higher data rates allowing faster access to information. The ability to do more in less time can mean that employee productivity has increased. Remote users can access the LAN at a speed that allows them to work as if they were in the office rather than through a painfully slow analogue link. Large emails can be sent quickly and easily instead of waiting for minutes for the PC to send the mail and be able to carry on with other work. With all these benefits, however, come added security threats – PCs and networks are visible on the Internet 24 hours a day. Network security has to be an essential part of the network – preventing the many threats from damaging your network and business.
Is Anyone Safe?
According to IDC, the average new broadband connection experiences three attempted attacks in the first 48 hours of operation. Hackers do not know whether a visible device on the Internet is a large network that is hidden, a home network or just an individual computer – so everyone on the Internet is a target for attack. Within the last few years many large enterprises, including the CIA and NASA have had their web sites attacked. As well as this, companies such as Amazon, eBay, CNN and Yahoo were attacked, causing their systems to overload and shut down with resulting losses of around $1.2 billion. Meanwhile, a Gartner Group survey shows that hackers will attack more than 50% of small and medium businesses using the Internet – so everyone on the Internet, large or small, is a target for attack.
Attacks and Security Threats
There are a number of different types of attack that can be used by a hacker to gain access to your network or to cause damage. The two main types of attack are; Denial of Service – this is where a hacker will attempt to bring down part of or your entire network by causing devices to crash or rendering them inoperable. Intrusion – this is where a hacker enters the network and tries to gain information (such as passwords or access to data). This might be done without the owner of the network even knowing that anyone has gained unauthorised access to the network.
Denial of Service (DoS) Attacks
DoS attacks have become increasingly widespread, with high profile targets hit as mentioned earlier. DoS attacks are not aimed at stealing information or data, but instead at crashing or disabling devices and networks so that they are unusable. Common attacks include Ping of Death, SYN Flood and LAND Attack.
Distributed Denial of Service (DDoS) Attacks can also wreak havoc on computers, web sites and networks. Using a complex system of “Zombie” computers to attack a chosen target. The users of computers that have the zombie Trojan installed do not even know that their computer is infected and possibly attacking targets all over the world! These Trojans can give full access to the computer, including access to file systems and even real-time keystrokes.
Trojans are destructive programs that masquerade as normal applications. Once on a computer, a Trojan can be used to attack your computer or to take part in an attack on a remote computer – the only way to ensure that your computer is safe is to prevent Trojans from being planted. By the installation of good network security, it can prevent the installation of these Zombie Trojans.
Intrusion Attacks
Intrusion attacks are used to gain unauthorised access to a device or network. Once inside, the hacker can steal data or passwords, or can vandalise the system by destroying valuable data. The first step in an intrusion attack is to gather information about the network that is to be attacked. This is done by probing the target network to try and find any weaknesses or security holes that can be exploited. A tool such as a Port Scanner can be used to easily scan every port on a range of network addresses searching for any vulnerable ports. If any port connections are made, these are reported to the hacker and in this way a picture of the network is built up.
Once the hacker has gained as much information as possible, they will then try to breach the security of the network using one of the vulnerable ports discovered. A good network security product will block port scanners, denying the hacker the ability to gather information about the network.
Security Technologies
Different Types of Firewall. Firewalls and security are available in a number of different forms, hardware or software, or security software incorporated into another device such as a router.
Hardware Vs Software. Dedicated software security is usually a complex application that requires a UNIX or Windows NT/2000 Server to run on. These products are well suited to businesses that already have UNIX or NT/2000 Servers and the technical support required to configure and maintain them.
Hardware firewalls, or gateway products that include security are normally based on ease of use and maintenance offering a plug and play solution. Preconfiguration is built into the product so that the user configuration is as easy as possible. As a result of this, gateway type devices are suitable for small and medium sized businesses with little or no in-house technical support and networking knowledge.
Routers that have additional security software upgrades can offer a good level of security. This solution is normally more expensive than the other options and can lack the performance needed as the security upgrade can extensively slow down the performance of the router as it is not optimised to carry out this function.
Network Address Translation (NAT), Stateful Packet Inspection (SPI) & DoS detection
There is a difference in the level of security offered by NAT and SPI. NAT hides the local area network (LAN) behind it by making it look like there is only one PC sending data out onto the Internet. It does this by changing the private network addresses of PCs on the LAN to a public network address given by the Internet Service Provider. In this way, it looks like all data from the network is actually originating from one device. Therefore hackers that might be monitoring Internet traffic will only see one device. Stateful Packet Inspection monitors every packet entering or leaving the LAN and applies a series of firewall rules to decide whether to allow the packet to enter the network or not. It is called a stateful packet inspection because it examines the contents of the packet to determine what the state of the communication is - i.e. it ensures that the stated destination computer has previously requested the current communication. This is a way of ensuring that all communications are initiated by the recipient computer and are taking place only with sources that are known and trusted from previous interactions.
In addition to being more rigorous in their inspection of packets, stateful inspection firewalls also close off ports until connection to the specific port is requested. This allows an added layer of protection from the threat of port scanning. Denial of Service Attack Detection monitors traffic outside the protected network and looks for patterns of data that match known denial of service attack patterns. If a known pattern is detected then the connection is dropped, ensuring that the attack fails, therefore keeping the network secure and the details of the attack are logged for future reference.
Choosing your technology
The choice of which network security technology to use comes down to two things. How much money you are prepared to invest and how secure you want your network to be. A combination of at least two of the technologies will ensure the best security. For example – NAT and DoS prevention will provide a good level of security that will stop hackers from entering your network and from breaking your network through attacks. If more security is required then SPI can be used as well – this gives a fully comprehensive security system for your network.
To ensure that the level of security is of the highest standard, it is a good guideline to ensure that the product is certified by an external independent security organisation (e.g. ICSA). This will make sure that all the claims made about the product are true.
Virtual Private Networks (VPNs)
A VPN is a secure method of accessing a private network using the public Internet. Encryption is used to ensure that any data sent is secure from those who might choose to snoop on the Internet. This can result in significant cost savings when compared to the cost of leased lines or dial-up costs for remote users to connect to a central network. Instead of having to pay for very expensive leased line links between sites or making, what could be, long distance calls to connect to a central network, VPNs can allow a remote site or user to connect to their local ISP and then connect to the central site securely, all at the cost of a local call.
It is vitally important that a firewall be able to pass through VPN traffic. This will allow PCs on the LAN to initiate a VPN tunnel to a remote site (e.g. a central office) to allow secure data transfer. It can also be possible for a gateway to initiate and terminate VPN tunnels itself. This allows multiple PCs on the LAN to share the same VPN tunnel and can also speed up the performance of the VPN tunnel if the gateway uses hardware to encrypt the data rather than software. There are a number of different VPN technologies that are available today. The main protocols are Point-to-Point Tunnel Protocol (PPTP), Secure Internet Protocol (IPSec) and Layer 2 Tunnel Protocol (L2TP). A further, indepth explanation of these is given in “Virtual Private Networks: Internetbased VPNs”.