Handbook of Local Area Networks, 1998 Edition:LAN Security Click Here! Search the site:   ITLibrary ITKnowledge EXPERT SEARCH Programming Languages Databases Security Web Services Network Services Middleware Components Operating Systems User Interfaces Groupware & Collaboration Content Management Productivity Applications Hardware Fun & Games EarthWeb sites Crossnodes Datamation Developer.com DICE EarthWeb.com EarthWeb Direct ERP Hub Gamelan GoCertify.com HTMLGoodies Intranet Journal IT Knowledge IT Library JavaGoodies JARS JavaScripts.com open source IT RoadCoders Y2K Info Previous Table of Contents Next 8-8Considerations for LAN and Internet Security GARY C. KESSLER CAROL A. MONAGHAN In an ideal world there would be no need for network or computer security. There would be no threats to your information. No one would be trying to break into any of your systems. There would be no disgruntled employees, competitors would not be trying to steal your secrets, and people with the smarts necessary to break into computer systems and create viruses would be working on more constructive endeavors. Unfortunately, we do not live in an ideal world and, therefore, we do have to be concerned with security, possible break-ins, viruses, attacks from the Internet, and even security breaches from inside our own network. Life today runs on information. As a resource for business, academics, government, personal finance, or leisure activities, up-to-date, correct information is key to any successful endeavor. While this has been true for hundreds of years, it has never as true as in the last half of the 20th century, with the invention of the modern digital computer. In the not so distant past, the most common computing scenario at a corporation or university was to have a single mainframe computer. The system was locked away in a special room in a fairly secure building. Only authorized personnel were allowed to be anywhere near the machine. Computing policies were created centrally by the appropriate administration and implemented by the system administrator. With the advent of minicomputers, individual smaller systems found their way to the departmental level. But even then, they were usually tucked away in a locked room and someone was the designated system manager. In most cases, the minicomputers were not connected to each other nor to the central mainframe. All of this changed with the vast proliferation of microcomputers in the 1980s. Personal computers landed on people’s desktops, providing more efficient computing than central minicomputers and mainframes. At this point we see that every user has, in essence, become a system manager. But PCs are most effective when interconnected, and the late-1980s saw the proliferation of local area networks (LANs). It is very hard to implement centralized policies for every host on a LAN since only the servers are generally administered by the network manager; in a peer-to-peer LAN, central administration may be impossible since every host can be a server. And what most users do not realize — because it is not generally pointed out to them — is that if even a single user violates the security policies, all systems on the network may be put at risk. As the Internet grew in popularity within the commercial arena in the early 1990s, there was explosive growth in the number of LANs connected to the Internet; a new network is connected to the Internet roughly every half-hour. The problem of Internet vulnerability is considerably greater than that of a single organization’s network. First, no one owns the Internet. Second, there is no central Internet authority to create, much less enforce, any particular policies. The Internet is a collection of over 100,000 individual networks, comprising more than 16 million host computers; the compromise of a single one puts all others at risk. The “security” problem, then, is one of protecting our information assets, both private and public. Providing solutions and safeguards is relatively easy. The harder problem is educating users about the risks and consequences if information is stolen, compromised, or lost; their role in a secure environment; and the tools that are available. Many users think that all this fuss about security is the result of paranoia or the system/network manager’s attempt to wield additional power. But not just money and jobs are at stake; in some cases, deliberate information compromise has resulted in loss of life. This chapter will discuss issues related to LAN security. Rather than focusing only on the LAN and/or the Internet, we will provide a broad look at several aspects of security. First, many users and even site administrators think that the only serious security threat is from the outside; while protecting the LAN from external threats is critical, that is only one aspect of a more general site security vision. TCP/IP, the “language” of the Internet, is the source of many potential security vulnerabilities which are discussed. Firewalls are an important tool in protecting a private network connected to the Internet. And passwords, the most common form of “security” today in many environments, is examined. Previous Table of Contents Next Use of this site is subject certain Terms & Conditions. Copyright (c) 1996-1999 EarthWeb, Inc.. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Please read our privacy policy for details.