Touch Technologies, Inc.
9988 Hibert Street, Suite 310
San Diego, California 92131
Voice: 619-566-3603
[email protected]
A special report for anyone concerned with network security.
Developed by Touch Technologies Inc.
This copyrighted document may be reproduced without formal consent from Touch Technologies, Inc., provided that each copy includes the copyright page in its entirety. |
Touch Technologies, Inc. (TTI) has prepared this publication for use by TTI personnel, licensees, and customers. This information is protected by copyright. This document may be copied freely as long as this copyright notice is included in all copies.
TTI believes the information described in this publication is accurate and reliable; much care has been taken in its preparation. However, no responsibility, financial or otherwise, is accepted for any consequences arising out of the use of this material.
The information contained herein is subject to change without notice and should not be construed as a commitment by Touch Technologies, Inc.
Revised June 1997
| Contents | Index |
1.1 Your Vulnerable Computer System
Public awareness of the Internet is increasing daily. Every second,
information is being sent and received over the Internet on a local,
national, and global scale. Everybody is connected to everybody else.
With this ease of communication and information exchange come new
risks. Effective network security is now more crucial than ever. How
can you protect your network, and the billions of dollars of
information in it, against hostile break-ins in this challenging and
ever-changing frontier? That's what this booklet is all about.
The term network refers to two or more computers that are connected to each other. The purpose of this booklet is to help you understand how networks work, some of the various methods of protecting them, and where their weak spots are. We will also examine techniques used by people to take advantage of these weak spots. These people are commonly known as hackers, but the correct term is crackers --- people who make their living breaking into computer systems and stealing information from you.
1.2 A Startling Discovery by the Department of Defense
A few years ago, the Department of Defense set up a team of people to
break into 8,972 of their own installations across the country in order
to test their network security systems. Of those 8,972 systems, the
team was able to break into 7,860 of them successfully. Of those 7,860,
only 390 of the system managers even noticed that they were broken
into. And of the 390 that noticed, only 19 system managers actually
reported it.
In other words, out of 7,860 systems broken into, only 19 incidents were reported. This is a good indication that when you hear about an incident of computer crime, you are only hearing about a very small portion of the number of incidents that actually occur. Computer crime is a serious problem!
1.3 The Truth About Networks and the Internet
A Local Area Network (LAN) can be described as a ring of
computers that are directly connected to one another. Let's say that
Jennifer, Bob, and Eric are each on a separate computer system, but
they are all on the same LAN. This type of closed network is called an
intranet.
When two or more LANs are connected together, they form a Wide Area Network (WAN). The Internet is a network of WANs all over the world, all connected together.
Everything on the Internet, all information, is broken down into packets. A packet is the unit that is used to transfer information from one computer system to another. Each packet contains a piece of the data you are sending, an address where the packet is going, and a sequence number to keep the packets in order.
Suppose Jennifer is in New York, and she is connected to a computer system in Minneapolis. She begins to type her name. When she types the letter "J", that "J" gets sent as a packet across the Internet. It gets routed through various computer systems, all the way to Minneapolis. The packet that contains the "J" goes onto the computer system in Minneapolis, and the computer system in Minneapolis decides what it will do with that "J". In this case, it will echo a capital "J", sent as a packet, all the way back to Jennifer's screen in New York.
The sending and receiving of packets on a LAN is similar to the sending and receiving of radio transmissions. Whatever Jennifer types, even if it's only for Bob, also gets transmitted/sent to Eric. But only Bob is "tuned" to receive it. Even though the packet is transmitted/sent to Eric, his computer ignores it because it is not meant for him. When Jennifer is in a computer lab, and she's using a Web browser, entering data, or checking her email, she is sending packets. All the connected computer systems are capable of looking at the packets she is sending and receiving, they simply choose not to.
If Eric were a cracker, he could set his computer system to a mode called promiscuity mode. This mode tells his computer that whatever comes across the network, even if it's not for him, he'd like to see it anyway. Again, this is similar to radio... if Jennifer is calling Bob on a CB radio, Eric can tune in and listen. Bob still gets the message, but neither Jennifer nor Bob knows that Eric is also receiving the transmission.
While in promiscuity mode, Eric-the-cracker can look at everything everywhere on your LAN. This includes user names, passwords, and other secret files and documents. All information being sent on your LAN is available to him. This is one of the primary methods of computer crime.
1.4 The Frightening Reality of Computer Crime
If he wants to, a cracker can set his computer to promiscuity mode,
connect onto the Internet, and watch all the packets going back and
forth. There are a lot of packets going back and forth on the Internet.
A large university can be responsible for 100 million packets per day.
How does the cracker sift and sort through all these packets just to
see what you are doing? He uses a computer to do it. Your computer has
an IP address. This is a number that uniquely identifies the
computer you are on. All the cracker needs to do is program his
computer to look only for the packets originating from your specific IP
address. He then reconstructs everything that you are doing. Passwords,
credit card information, personal information, anything you type, the
cracker will see.
1.5 The Firewall
To try to keep a cracker out, your network might set up a
firewall. A firewall sits at the junction of the LAN and the
Internet, and only lets people with the "proper" IP addresses into the
network. If someone is trying to get onto the LAN, and they don't have
the right IP address, the firewall doesn't let them through.
Unfortunately, the cracker can get around this quite easily by doing
something called IP spoofing. IP spoofing is where the cracker
programs his computer to look like it has a proper IP address ---
perhaps your IP address. When the cracker tries to get onto the
network, the firewall sees that he has your IP address, and it lets him
through.
But how does the cracker get your IP address? It is almost too easy. To obtain your IP address, he can send you an email saying something like, "Hey, is this Tony Banks? I'm looking for my friend Tony Banks. Tony, is this you?" You will almost certainly respond to his email, saying that no you are not Tony Banks. When you send email, you send it as a stream of packets. And your IP address is included in those packets. You have just sent your IP address directly to the cracker!
Once the cracker has your IP address, first he will set his computer to promiscuity mode in order to learn all of your passwords and user names. Then he will program his computer to change its IP address to look like your IP address. Now, when the cracker comes into your network through the Internet, the firewall sees that he has your IP address, so it lets him in.
1.6 Hardware Tokens---The Secure ID Card
To protect against IP spoofing, you can employ the use of a
hardware token card type of product, such as the Secure ID
Card. A Secure ID Card looks like a little card-calculator. It is
synchronized to an identical card on the firewall. Your Secure ID Card
also has a password that only you know. When you connect to the LAN,
the firewall spits out a string of 10 letters and numbers as a
challenge to you. "Prove you're really who you say you are," it is
telling you. Because this challenge is determined by the time of day
and other information, it is different from minute to minute. You then
take your Secure ID Card, type in your password, and enter the string
of letters and numbers that the firewall gave you. Your Secure ID Card
displays a new string of letters and numbers as the correct "answer" to
the challenge. You then type that exact string of letters and numbers
into your computer, which is sent back to the firewall. When the
firewall receives this correct answer, it lets you through. Even if the
cracker steals your card, he still needs to know your Secure ID Card
password in order to use it.
1.7 Hijacking
How does the cracker break into a network that is "protected" by a
Secure ID Card system?
He does something called hijacking. Hijacking only started a few years ago, because computers with the degree of sophistication needed to accomplish it used to be extremely expensive and rare. Now they are affordable and commonplace. The cracker will connect physically to the network with a clamp. This will enable him to receive and transmit packets.
Suppose you are going to do some work on the payroll computer. You come onto the system, encounter the firewall, the firewall issues the challenge, you respond, and the firewall lets you through. You enter all the appropriate passwords and user names, and now you're in the payroll computer. All the while, the cracker watches.
Every time you make a keystroke, those keystrokes are converted to packets with sequence numbers. A sequence number is used to determine the "validity" of a particular packet. It is determined according to how much data is being sent. When a packet is sent from your computer to the payroll computer, your computer sends a sequence number along with it. The payroll computer is expecting a certain sequence number, and knows whether or not a given sequence number is correct. If a packet sent by your computer has the correct sequence number, then the payroll computer will accept it. If the packet has the wrong sequence number, the payroll computer will reject it. When the payroll computer sends back its packet, it includes the sequence number for the next packet, which your computer either accepts or ignores, depending on its validity. The two computers use sequence numbers to make sure things don't get out of order.
The cracker watches these sequence numbers and does something called sequence number prediction. He waits for a lull in your keystrokes. During your lull, he sends a single packet to the payroll computer. It is a packet that he has constructed to look like it came from you. The packet has the right sequence number for the next packet that's supposed to go out. The payroll computer determines that the packet must be from you, because it is a legitimate packet.
When the payroll computer responds, the response gets sent to both you and to the cracker. Your computer rejects it, however, because it is now out of sequence. If you send any packets to the payroll computer, the payroll computer will reject them because YOUR packets are now out of sequence.
But you never even get to see that happen, because the cracker will also send a single packet to your computer that looks like it came from the payroll computer. The packet that the cracker sends you will tell your computer to disconnect. Since it has the correct sequence number, your computer will accept it as a legitimate packet. And your computer will happily disconnect as told.
Now, with you neatly out of the way, the only computers left to carry on your session are the payroll computer and the cracker! And since your session has already been validated by the firewall and by the payroll computer, the cracker is free to write himself some big, fat checks on the payroll computer!!
As you can see, just because you have a Secure ID Card and a firewall does not mean your network is secure. It only means that your network is less susceptible to amateur attacks. Professional crackers infiltrate networks like yours all the time. And there's big money in it. Your money.
1.8 The VPN Solution
The defense against these hijacker-crackers lies in the Virtual Private
Network (VPN). With a VPN in place, every packet that leaves your PC is
encrypted. The data remains encrypted until it reaches the firewall of
the system you are trying to access. The firewall, itself, then
decrypts the data. The cracker can still program his computer for
promiscuity mode and read your packets, but all he will see is garbage.
In order for the cracker to hijack your session, he would first have to
supply the appropriately encrypted data. But the cracker is not able to
do this, because he doesn't have the proper encryption key. And the key
to decrypt the data changes quite frequently, often every second.
The drawbacks for encryption are small. One consideration has been that encryption uses more CPU power. But with the speed and efficiency of today's computers, this is no longer a valid concern. Another consideration is that encryption software must first be loaded onto your computer and onto the firewall. Again, this is hardly a valid concern, as the benefits of a VPN far outweigh the cost of the software.
1.9 Trojan Horses
Industrial espionage is big business. By now you should be gaining a
better understanding of just how easy it is for crackers to break into
your network and steal valuable information from you. But there are
other methods used by bad people on the Internet to gain access to
information on your computer system. One of these methods is called the
trojan horse method. A trojan horse is a program that
masquerades as a game, but it is actually up to something completely
different. The program will have a tantalizing name, such as "Celebrity
Strip Poker" or "Best Arcade Game Ever", to get you to download it.
Once the game is on your system, it allows you to play it, just as you
would a normal game. But it's not a normal game. While you're busy
playing your new game, the program itself snoops around your system,
secretly transmitting file information back across the Internet ---
user names, passwords, hard disk imagery --- it sends a complete
profile of your computer to the cracker who programmed the game. The
cracker can also have the game lodge a program on your computer that
enables him to continuously monitor your system from that point on.
The best way to lower your chances of accidentally downloading a trojan horse is to download only from "safe" sources-- sources that you know and trust.
1.10 Surveillance: Your Own Secret Agent
The Internet is a dangerous place. The very fact that you are connected
puts you and your computer at risk. The truth is, crackers have more
expertise than the security people. A cracker spends his day figuring
out how to get past all the new security tricks. Security people just
don't have the time to keep up with the crackers. You may have
firewalls in place --- and your Internet provider may have firewalls in
place --- but the key to any decent network security system is
surveillance.
Think about it. Surveillance is everywhere, protecting the valuable assets of your businesses:
A department store fitting room has signs posted all around: THIS AREA UNDER SURVEILLANCE.
At a bank, the doors are locked in order to keep people out after hours. But as soon as you walk inside, you notice cameras and security personnel posted throughout the room. Surveillance is a critical part of the bank's security.
Go to an all-night convenience store. Security cameras line the aisles, keeping track of everyone that comes and goes. The cameras watch everybody --- including the employees.
Can you imagine a bank without any security guards or cameras? Can you imagine a military base without any form of surveillance? How about a casino without anyone watching what you and others are doing?
A corporation's most important assets are on their computer systems. To enter a "secured" corporate network, someone first has to get past the firewall (like the locked doors of a bank or store). As we have seen, this is not too difficult for the professional cracker. And once they get inside, where are the "cameras"? Where is the surveillance? Who is watching the store!!?
Enter INTOUCH INSA - Network Security Agent. INTOUCH INSA provides the critical security surveillance for networks that has been missing all these years. And, even better than the familiar security camera, INTOUCH INSA can be told to automatically detect suspicious activities and respond accordingly!
No system is completely secure. Personal computers are becoming more powerful, opening the door for more advanced break-in techniques by more people than ever before. Remember that over 80% of all computer crime originates from within your own network.
It is clear that surveillance is a necessary component to any effective network security package. And INTOUCH INSA - Network Security Agent is there, unyielding and uncompromising. A steady, watchful eye protecting the valuable assets of your business.
For more information, contact:
Touch Technologies, Inc.
9988 Hibert Street, Suite 310
San Diego, California 92131
Voice: 619-566-3603
[email protected]
| Next | Contents | Index |