May 24th, 2003 12:20 AM
Internet Security for the "newbies"
I found an article/website that talks about Internat security (firewalls,Etx). I just wanted to share it with you all. And I found this very helpful.
Quote:/1. Elements of Networking Security: Orange Book Security Levels and Firewalls
While this tutorial will provide a basic understanding of the need for a site security policy and factors to consider in creating a security policy, it will not outline one policy that will fit every company. The reason for this is simple?security is very subjective. Every business has a different threshold of well-being, different assets, a different culture, and a different technology infrastructure. Every business has different requirements for storing, sending, and communicating information in electronic form. Just as a business evolves in changing market conditions, a site security policy must adapt to meet changing technology conditions. This tutorial is based on a publicly available document, request for comment (RFC) 1244.
There are many strong tools available for securing a computer network. By themselves, the software applications and hardware products that secure a business? computer network do not comprise a security policy, yet they are essential elements in the creation of site security. While these technologies are not the focus of this paper, a basic understanding of them will facilitate the creation of a site security policy.
Tools to protect your enterprise network have been evolving for the last two decades, roughly the same amount of time that people have been trying to break into computer networks. These tools can protect a computer network at many levels, and a well-guarded enterprise deploys many different types of security technologies. The most obvious element of security is often times the most easily overlooked: physical security?namely, controlling access to the most sensitive components in your computer network, such as a network administration station or the server room. No amount of planning or expensive equipment will keep your network secure if unauthorized personnel can have access to central administration consoles. Even if a user does not have evil intent, an untrained user may unknowingly provide unauthorized outside access or override certain protective configurations.
The next level of computer security is operating system security (OSS). The U. S. Department of Defense (DOD) established general guidelines for operating system security, and other countries around the world (as well as other federal organizations) have set their standards as well. In the past few years, certified (tested and approved) secure OSS has been introduced in commercial operating systems like UNIX® and Microsoft Windows NT. These are at the C2 level, which provides discretionary access control-file, directory read and write permission, and auditing and authentication controls.
Orange Book Security Levels
The DOD has defined seven levels of computer OSS in the Trusted Computer Standards Evaluation Criteria, otherwise known as the Orange Book. The levels are used to evaluate protection for hardware, software, and stored information. The system is additive?higher ratings include the functionality of the levels below. The definition centers around access control, authentication, auditing, and levels of trust. D1 is the lowest form of security available and states that the system is insecure. A D1 rating is never awarded because this is essentially no security at all. C1 is the lowest level of security. The system has file and directory read and write controls and authentication through user login. However, root is considered an insecure function and auditing (system logging) is not available. C2 features an auditing function to record all security-related events and provides stronger protection on key system files, such as the password file.
A B-rated system supports multilevel security, such as secret, top secret, and mandatory access control, which states that a user cannot change permissions on files or directories. B2 requires that every object and file be labeled according to its security level and that these labels change dynamically depending on what is being used. B3 extends security levels down into the system hardware; for example, terminals can only connect through trusted cable paths and specialized system hardware to ensure that there is no unauthorized access. A1 is the highest level of security validated through the Orange Book. The design must be mathematically verified; all hardware and software must have been protected during shipment to prevent tampering. A word of caution on secure operating systems must be mentioned: the features and capabilities require significant amounts of central processing unit (CPU) processing power and disk space. In low-end servers, enabling the security features may seriously affect the number of users a server can support.
While in theory firewalls allow only authorized communications between the internal and external networks, new ways are always being developed to compromise these systems. However, properly implemented, they are very effective at keeping out unauthorized users and stopping unwanted activities on an internal network. Firewall systems protect and facilitate your network at a number of levels. They allow e-mail and other applications, such as file transfer protocol (FTP) and remote login as desired, to take place while otherwise limiting access to the internal network. Firewall systems provide an authorization mechanism that assures that only specified users or applications can gain access through the firewall. They typically provide a logging and alerting feature, which tracks designated usage and signals at specified events. These systems offer address translation, which masks the actual name and address of any machine communicating through the firewall. For example, all messages for anyone in the technical support department would have his/her address translated to firstname.lastname@example.org, effectively hiding the name of an actual user and network address. Firewall system providers are adding new functionality, such as encryption and virtual private network (VPN) capabilities.
Firewall systems can also be deployed within an enterprise network to compartmentalize different servers and networks, in effect controlling access within the network. For example, an enterprise may want to separate the accounting and payroll server from the rest of the network and only allow certain individuals to access the information. Unfortunately, all firewall systems have some performance degradation. As a system is busy checking or rerouting data communications packets, they do not flow through the system as efficiently as they would if the firewall system were not in place.
Password Aging and Policy Enforcement
Password aging is a feature that requires users to create new passwords every so often. Good password policy dictates that passwords must be a minimum number of characters and a mix of letters and numbers. Smart cards provide extremely secure password protection. Unique passwords, based on a challenge-response scheme, are created on a small credit-card device. The password is then entered as part of the log-on process and validated against a password server, which logs all access to the system. As might be expected, these systems can be expensive to implement.
Single sign-on overcomes what can only be the ultimate irony in system security: as a user gains more passwords, these passwords become less secure, not more, and the system opens itself up for unauthorized access. Many enterprise computer networks are designed to require users to have different passwords to access different parts of the system. As users acquire more passwords?some people have more than 50?they cannot help but write them down or create easy-to-remember passwords. A single sign-on system is essentially a centralized access control list which determines who is authorized to access different areas of the computer network and a mechanism for providing the expected password. A user need only remember a single password to sign onto the system.
Good password procedures include the following:
* Do not use your login name in any form (as is, reversed, capitalized, doubled, etc.).
* Do not use your first, middle, or last name in any form or use your spouse?s or children?s names.
* Do not use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the make of your automobile, the name of the street you live on, etc.
* Do not use a password of all digits or all the same letter.
* Do not use a word contained in English or foreign language dictionaries, spelling lists, or other lists of words.
* Do not use a password shorter than six characters.
* Do use a password with mixed-case alphabetics.
* Do use a password with non-alphabetic characters (digits or punctuation).
* Do use a password that is easy to remember, so you don?t have to write it down.|Quote
I don't "wanna" flood AO with everything so you can find it http://www.iec.org/online/tutorials/int_sec/ here. Thankyou.
Bye, poof, .:|Mymx|:.
May 24th, 2003 01:03 AM
ummmmmmmmmmmmmmmmmm did you happen to notice in the description of the tutorials to be posted it says "Original Tutorials of your own" or something to the effect. that means you dont find someone elses tut and post it here. Neg time.
May 24th, 2003 03:09 AM
Can someone please delete this thread. Thankyou.
May 24th, 2003 08:34 AM
When I was new I posted in the wrong thread once and I was almost banned for it. I've also once been ganged up on with neg AP for months while being stuck in the grey area like you are now. Anyways.... my point is you gotta fend for yourself around here.
Originally posted here by .:|Mymx|:.
Can someone please delete this thread. Thankyou.
Theres lots of info in the FAQs
P.S. Don't be lazy... next time go and delete it yourself if ya need to. Click edit on the first post you've done in this thread then click all the 'delete post' checkboxes and buttons. If your lucky you can redeem yourself like I did.
May 24th, 2003 10:37 AM
**Thread moved from Tutorials to General Chit Chat. Thread closed**