Handbook of Local Area Networks, 1998 Edition:LAN Security










Profit and
Value from Information Technology





Ecommerce & Extranets :
Client Systems :

Enterprise Applications :
Application Development









Search the site:   ITLibrary ITKnowledge EXPERT SEARCH Programming Languages Databases Security Web Services Network Services Middleware Components Operating Systems User Interfaces Groupware & Collaboration Content Management Productivity Applications Hardware Fun & Games EarthWeb sites Crossnodes Datamation Developer.com DICE EarthWeb.com EarthWeb Direct ERP Hub Gamelan GoCertify.com HTMLGoodies Intranet Journal IT Knowledge IT Library JavaGoodies JARS JavaScripts.com open source IT RoadCoders Y2K Info Previous Table of Contents Next Section 8LAN Security As has been shown throughout the Handbook, local area networks based on industry standards are highly effective at promoting connectivity between equipment of different types, allowing the development of high-performance, value added networks. With accessibility, connectivity, distributed control, and increased traffic volume, however, comes vulnerability. Systems that allow or encourage open communications are, by design, open to connection by unauthorized users, and there are other security concerns as well. How does a LAN manager address this apparent paradox? Is it possible to continue to promote openness and at the same time protect those elements of the LAN that need protecting? The answers to these and many similar security-related questions are the subject of this final section of the Handbook. Chapter 8-1, “Network Security,” provides an overview of some typical security problems one might encounter. It describes how to provide protection — both technically and legally, and gives the reader enough background to take some immediate actions. At the end of the chapter, a case study in which the chapter’s author was personally involved is presented. One aspect of communications security that is often overlooked is that, no matter how many tools one applies, and no matter how sophisticated or simple those tools, communications security is, first and foremost, a matter of policy. Encryption, dial-back mechanisms, authentication systems, and access control lists are all simply instruments of that policy. Chapter 8-2, “Writing a Network Security Policy,” provides a comprehensive assessment of the elements of security policy that every LAN security manager should consider. Specific examples of threats are provided, as are concrete recommendations for an appropriate policy to combat these threats. With the increasing emphasis on global interconnectivity, LAN security has become a concern to nearly every organization, even to the highest ranks of corporate management. Fortunately, there are solutions. One such solution, known generically as a firewall, protects the point of interconnection to the rest of the world, and is the subject of discussion in Chapter 8-3, “Network Firewalls.” As discussed, current firewall technology can be quite effective at providing protection from many different threats, simply by keeping certain types of traffic out. But what about types of traffic that firewalls are designed to let in? Chapter 8-4, “Applets and Network Security,” discusses the security implications of one such type of traffic, the applet, a piece of code often embedded in web pages. Similarly, viruses, while not designed to be let in, are difficult — if not impossible — to stop with firewall technology. Chapter 8-5, “Assessing and Eliminating Virus Threats in Distributed Networks,” discusses numerous implications of the virus threat, and offers practical advice on how to combat the threat in the increasingly connected environment of the corporate network. When the topic of network security is mentioned, the first concept that comes to mind for many people is encryption, the technology that allows a message to be scrambled in a manner that renders it meaningless to any unintended recipients, yet interpretable by anyone possessing the right key. One problem that has plagued security managers in charge of encryption since the earliest days of cryptography is that of key management. To transmit an encrypted signal, it has always been necessary for someone at the sending end and someone at the receiving end to know the key being used for encrypting the transmitted signal. The secure transportation of the key and the correct identification of the proper key whenever it is changed have always been problematic and the source of potential compromise. Roughly twenty years ago, a new method of encryption was invented that solves this problem. The system is based on a mathematical relationship between two keys that allows one to be used to encrypt the signal and the other to decrypt it. Some interesting relationships between the keys exist, allowing several significant problems to be solved. The applicability of this technology has only become economically feasible in recent years, yet its applicability to the world of globally interconnected LANs is especially promising. Chapter 8-6, “RSA Public Key Cipher, Public Key Certificates, and E-Mail Privacy Protocols,” discusses this technology and how it is used to solve a variety of problems. Applications of this technology in various products are also presented. One of the more promising uses for public key encryption is for the protection of electronic mail messages. Chapter 8-7, “E-mail Security Using Pretty Good Privacy,” provides an in-depth examination of an implementation of public key technology that allows users to send messages that are secure from eavesdropping and guaranteed to be authentic. Although many threats to network security come from external sources, protecting networks from internal attacks is just as critical. Our final chapter of this edition of the Handbook, Chapter 8-8, “Considerations for LAN and Internet Security” discusses how TCP/IP, the “language” of the Internet is the source of many potential security vulnerabilities. Firewalls and passwords, among many other elements of an overall network security plan, are examined in this chapter. 8-1Network Security RICHARD RAUSCHER Computer and data network security is a broadly defined subject. Network security can be thought of as a range of accessibility with two endpoints: completely accessible and open and completely inaccessible and closed. The network administrator and the company must decide where on that line is comfortable. These are not easy decisions. It is important to know and inform administrators that there are no completely secure computer systems, there are only systems that attain a certain level of security. This chapter provides an overview of some typical security problems. It describes not only how to protect a company technically, but also legally. It is certainly not comprehensive, but it gives the reader enough background to take some immediate actions. Previous Table of Contents Next Use of this site is subject certain Terms & Conditions. Copyright (c) 1996-1999 EarthWeb, Inc.. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Please read our privacy policy for details.