Handbook of Local Area Networks, 1998 Edition:LAN Security
Click Here!
Search the site:
ITLibrary
ITKnowledge
EXPERT SEARCH
Programming Languages
Databases
Security
Web Services
Network Services
Middleware
Components
Operating Systems
User Interfaces
Groupware & Collaboration
Content Management
Productivity Applications
Hardware
Fun & Games
EarthWeb sites
Crossnodes
Datamation
Developer.com
DICE
EarthWeb.com
EarthWeb Direct
ERP Hub
Gamelan
GoCertify.com
HTMLGoodies
Intranet Journal
IT Knowledge
IT Library
JavaGoodies
JARS
JavaScripts.com
open source IT
RoadCoders
Y2K Info
Previous
Table of Contents
Next
LAN BACKGROUND
Traditional Token-Ring and Ethernet networks are known as shared media or broadcast networks. These networks operate by sending information in units known as frames (referenced in level two of the OSI model). Each frame contains information, including the senders address and the destination address. In simple terms, at any given time there will be a maximum of one successful sender on the network. This sender is broadcasting a frame (like the way a television station broadcasts a TV signal). Every receiver can see the broadcasted message, but only the one with the correct destination address (i.e., the one with that matches the destination address specified within the frame) is interested in the data contents of the broadcasted message. Some time later, another computer becomes the broadcaster and the cycle continues. There is also a special case on most broadcast networks that are used to facilitate true broadcast messages (called a broadcast frame). These messages tend to be things like service advertisements and routing information. A broadcast frame should not be confused with a the nature of the broadcast network.
In a perfect world, only the machine whose address matches the destination field of the frame would read the data. Unfortunately, this is not a perfect world. Most modern network interface cards (NICs) can be configured to behave in promiscuous mode. This means that the card reads not only the frames destined for it, but all frames that it can see. A program designed just for this purpose is called a sniffer. Sniffers have been built so that network managers can gather network statistics and analyze traffic. They have also been written by computer hackers to illicitly grab information off of the network. There are several methods for defending against this sort of attack.
Frames can be sniffed within networks they traverse. The traditional devices for partitioning subnets include routers that connect different subnets (OSI level three) and bridges that are used to partition a subnet (OSI level two). If important information (e.g., a password) is being exchanged with machines in other networks, a sniffer in any of the incidental networks can also illegally grab information. In Exhibit 8-1-3, there are three networks. The users computer is sitting on Network A, communicating with a server on Network C. Network B is an intermediate network that sits between Network A and Network C. All traffic between Networks A and C must traverse B. Therefore, security on both A and C can be compromised by a breach of B.
Exhibit 8-1-3. Sniffing on Transient Networks
Solutions to Sniffing
There are four solutions to sniffing: limited access, secure hubs, switched LANs, and end-to-end encryption. Each of these are discussed in detail in the following sections.
Limited Access
Obviously, if hackers cannot access a network, they cannot sniff frames off a LAN. However, it is not always possible to limit a LAN too severely. For example, some hotels now offer Ethernet connectivity to their guests rooms. In this case, it is difficult to know who the hackers are.
Secure Hubs
Hub manufacturers have recently designed hubs (e.g., MAUs) that have the ability to sense the MAC address of the attached station. In addition, the administrator can configure the hub so that only one particular MAC address may be attached to a particular port. If the hub senses that an incorrect MAC address is attached to a secure port, that port is deactivated. Therefore, the nature of the protocol is not changed.
This method has some drawbacks. A user on a trusted station can still successfully run sniffer software. Second, the network administrators will experience more overhead involved with moving network devices. In some areas, this would not work well, for example, a conference room where many users present information on their laptops.
Switched LANs
Recent advances in networking technologies have introduced the switched versions of Token Ring and Ethernet. In a completely switched environment, each user has his or her own port on the switch. For each frame sent, the switch establishes a virtual connection to the destination port. Because the switch will not send the frame to a port that does not match the destination address, the chances of useful information being successfully sniffed is substantially reduced. However, switches are expensive and completely switched environments are rare. In addition, the switch only remembers the MAC address-to-port mapping for a short period of time. After this is forgotten, the switch acts as a shared medium while it relocates the port. While in this shared mode, it is possible (although unlikely) for useful information to be sniffed.
End-to-End Encryption
The best way to avoid sniffing problems is to make the information being sniffed useless. Data encryption can provide such a solution. In effective encryption environments, the client and the server agree on an encryption scheme. This scheme is usually based on a key and then perturbed by additional information (e.g., the time). The key itself is never sent over any network. Such a system is completely immune to sniffing.
Previous
Table of Contents
Next
Use of this site is subject certain Terms & Conditions.
Copyright (c) 1996-1999 EarthWeb, Inc.. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of EarthWeb is prohibited.
Please read our privacy policy for details.
Wyszukiwarka
Podobne podstrony:
698,17,artykul698 25www mediweb pl sex wyswietl vad php id=703703 Wpusty żeliwne698 14698 13701 703695 698www mediweb pl?ta print php id=698KODA AV 703698 15więcej podobnych podstron