Search our
entire site
Enter your search
terms below, or visit
our search page

Search case
studies only
Enter your search
terms below:

For the table
of contents and
hyperlinks to
general topics
proceed to toc

Integrated Network Security Made Simple

Your greatest threat comes from inside the company. Is the superuser your weak link?

The majority of security threats to corporate information and computing resources come from inside the company. Mission-critical intellectual property, trade secrets, customer lists, and strategic plans are all vulnerable when accessed from inside the firewall.

The latest industry studies (reported by Broadview Associates in December 1997) show that 75% to 84% of breaches originate internally. According to a recent Broadview and Associates report, the competitive landscape for security-software vendors in 1998 includes a "recognized need for internal security solutions." This spurs the search for a cost-effective solution for simplifying and toughening security from inside the company.

Organizations increasingly rely on mission-critical client/server programs and systems to remain competitive. Distributed-computing environments are known for their openness, flexibility, and scalability. On the other hand, numerous diversified UNIX and NT platforms make it difficult to implement consistent security policies, leading to management difficulties and a reduction in system security. This article discusses the key to simplifying cross-platform security--eliminating the superuser threat caused by the root account in UNIX and the Administrator account in NT.

Once the superuser threat is addressed, it is significantly easier to deploy an integrated access-control solution for UNIX and NT that works between the OS and applications.

The Goal: A Complete Access-Control Solution

Having an integrated multiplatform security solution promotes consistent security policies in the organization and simplifies security management. One security tool can control access to networks, hosts (systems), files, programs, and operator commands. In addition, centralized password management is necessary for network and system access control.

Policy-based security solutions should be scalable to any size organization and work effectively and transparently across a range of UNIX and NT hardware platforms. The cornerstone of a complete internal-security solution is granular resource-access control. This enables the enforcement of security policies regarding who has access to what (resources), when (time and day), where (from which hosts), and how (using which commands). See Figure 1 for an illustration of this principle. A resource is defined here as a network, host, file, application program, or operator command.

The security solution protects computing resources by ensuring that all access is validated against access rules (security policies), and that all attempts, successful or unsuccessful, are monitored and logged in real time. For example, Web servers, file servers, and database servers can be protected by an access-control policy. In addition, access to sensitive files and mission-critical programs can be controlled and monitored.

Access Control Between The OS And Applications

The architecture of an acces-control security solution must be portable and nonintrusive to the UNIX and NT kernels. While this technique is more difficult to design, it leads to greater compatibility. Software-interception techniques are now used to provide the following benefits:

• Reliable and secure protection
• Nonintrusive to system maintenance and software upgrades

Two techniques accomplish this capability: system-call interception and application-command interception. The system-call-interception technique intercepts operating-system events to monitor and control resource access. Application-command interception controls interactive command access (for example, login and telnet), which is normally difficult to track and control at the system level. (Note: while using interception mechanisms is not new, some security vendors' techniques are patent-pending.)

Why UNIX And NT Security Is Complex

UNIX and NT present unique security challenges because all resources on the network are vulnerable to the potential misuse or compromise by an all-powerful user account. All standard system protections can be overridden by the root or Administrator accounts. Not only are files vulnerable to the superuser threat (see Figure 2), but programs, operator commands, and system and network services are vulnerable.

The security solution must explicitly control access to all resources on the system because all resources are open to the superuser threat.

To secure the enterprise, explicit access-control rules are necessary to protect every resource on the system. This huge and complex task requires, in many cases, extensive configuration resulting in high implementation costs. In addition, ongoing security administration is costly and subject to human error, because the addition of new resources and users must be monitored continually to ensure that no new vulnerabilities are created.

The Key To Simplifying Security

The ideal access-control solution lets you start with a least-privilege environment. This means that all users access resources on a need-to-know basis (to do a job or perform a function). This way, any damage from a malicious attack is minimized and contained to the maximum privileges allowed. The implementation of least privilege for UNIX and NT cannot occur (in the true sense) unless the superuser, with all privileges, is eliminated. If a least-privilege environment is achieved, the problem of access control for UNIX and NT is greatly reduced because only shared sensitive resources need to be explicitly protected as illustrated in Figure 3.

The security solution needs to control access only to the shared sensitive resources on the system rather than all resources because the superuser threat no longer exists.

Why Have A Superuser?

The superuser concept was created in the early stages of UNIX development. At that time, most systems were stand-alone and required a simple way to facilitate system administration in a multiuser environment. An easy solution was to create an account called root that had the privilege to do everything on the system. As both the number of applications and the need to connect machines with networks grew, the superuser power extended far beyond what it originally was meant to be.

Another way to gain access to superuser privileges in UNIX is by running a program with the setuid permission. The setuid mechanism was created so certain system programs run by regular users could obtain root account privileges in order to access protected files or resources.

The presence of root access in UNIX and the Administrator account in NT results in the following security problems:

• The superuser power overrides system protections. As root in UNIX, one can view files owned by anyone, modify system configurations, disrupt network connections, copy hard-disk or database files, and circumvent system security by introducing viruses or Trojan horses into the operating system. A miscreant with the NT Administrator account can wipe out all user and group accounts, stop sharing of resources on any NT server, or delete active workstation sessions at any NT server.
• There is no way to establish accountability for important system administration functions. A generic username is used for the superuser in both UNIX and NT. There is no way to identify who has logged in as the superuser using these accounts.
• There is no secure way to delegate administrative privileges. The root account must be given to all system administrators who perform UNIX administrative tasks. In large organizations, there can be many systems administrators, increasing the probability that the account will be misused or compromised. Windows NT offers privilege-delegation capabilities on a domain-by-domain basis with predefined Account Operator and Server Operator roles. While this is good for smaller NT domains, it is insufficient for large or multiple NT domains needing to develop centralized security controls and delegate more-limited administrative privileges.

There are additional challenges caused by the presence of programmatic root access (or setuid) access in UNIX. Progrelvetica">Generation X

High-speed Access for ISPs: An Overview of HDSL Applications

Introduction

As the popularity of the Internet grows, more businesses and telecommuters are looking to Internet service providers (ISPs) for increased bandwidth at less expensive rates. Businesses are increasing their use of the Internet for all types of communications, from e-mail and file transfers to Web service and electronic commerce. Yet these applications are hampered by access technologies.

For the past several years, ISDN technology has delivered a partial solution to the Internet access problem. ISDN circuits link businesses, branch offices, home offices, and telecommuters to the Internet over a 64 or 128 Kbps line. However, ISDN service is difficult to set up and still not widely available. And given the bandwidth-hungry nature of multimedia and the World Wide Web (WWW), ISDN cannot deliver acceptable performance.

Fortunately, high-bit-rate digital subscriber line (HDSL) technology offers an attractive alternative. HDSL equipment sends data digitally over ordinary phone lines at speeds many times faster than ISDN or voice-band modems. Its robust transmission scheme enables data to be sent over a single twisted-pair copper wire at speeds up to 768 Kbps in both directions. With a throughput rate six times higher than that of ISDN, this mature, stable technology is ideal for high-bandwidth applications.

Using HDSL, ISPs can offer their existing and prospective customers fast and economical Internet access that meets the needs of bandwidth-intensive applications. This helps ISPs to differentiate themselves from other providers, including the giant Inter-Exchange Carriers (IXCs) and Local Exchange Carriers (LECs). And most significantly, ISPs can deliver this higher-speed access at a cost equivalent to ISDN.

High-speed Internet Access Fuels HDSL Demand

According to International Data Corporation, the number of people using the Internet is expected to quintuple in just five years, from approximately 40 million in 1995 to nearly 200 million by the year 1999. The number of WWW users is expected to increase by 15 times during the same period. (Source: PC World, October 1996.)

Telephone companies and other service providers around the world will spend nearly $5.3 billion in 1998 to install new Internet equipment designed to handle burgeoning Internet use by businesses, according to Infonetics Research, a San Jose, Calif.-based research firm. (See figure below. Source: CommunicationsWeek, October 28, 1996.)

Given the unprecedented boom in Internet use and frustrations with slow access in the local loop, high-speed remote access to the Internet is one of the most promising applications for HDSL. Though larger companies use T1 or T3 lines to connect to Internet Service Providers (ISPs) or directly to the Internet backbone, branch office connections and remote users typically use voice-band or ISDN modems to gain access over the public switched telephone network.

Remote users thus are dismayed to notice a discouraging difference when logging onto corporate networks or the Internet from home versus the office. File transfers and graphics-rich Web searches are slowed to a crawl. Today's fastest analog modems can transmit data at speeds of only 56.6 kbps, far below the throughput rates taken for granted at the corporate office. Even bonded 128 kbps ISDN is not up to the demands of applications such as real-time multimedia and videoconferencing. (At 128 kbps, ISDN provides barely one percent of Ethernet’s 10 Mbps rate.)

On the other hand, HDSL devices can connect remote users to the Internet at speeds up to 768 kbps. HDSL connections bring real-time motion to video, clarity to audio, and quickness to large file transfers. And because HDSL creates a permanent connection, it enables ISPs to offer value-added, continuous customized services like stock quotes, newscasts, software revisions, and weather reports.

Data Privacy Ensured

Data privacy is another key advantage HDSL. Because HDSL transmissions use existing phone lines, there is a unique, point-to-point connection between each user and the network. As a result, one user cannot see another user’s data, either accidentally or intentionally. This secure dedicated line also ensures that the quality of service for HDSL-based access networks is constant for each user and will not degrade based on the number of active users or the amount of traffic on the access network.

Low Financial Investment

HDSL modems are attractively priced when compared to other DSL solutions.

TABLE OF CONTENTS