2
Chap. 7
Security in Networks
you read the daily newspapers, you are likely to find a story about a network-based
attack at least every month. The coverage itself evokes a sense of evil, using terms such
as hijacking, distributed denial of service, and our familiar friends viruses, worms, and
Trojan horses. Because any large-scale attack is likely to put thousands of computing
systems at risk, with potential losses well into the millions of dollars, network attacks
make good copy.
The media coverage is more than hype; the fact is that network attacks are serious.
Fortunately, your bank, your electric company, and even your Internet service provider
take network security very seriously. Because they do, they are vigilant about applying the
most current and most effective controls to their systems. Of equal importance, these orga-
nizations continually assess their risks and learn about the latest attack types and defense
mechanisms, so that they can maintain the protection of their networks.
In this chapter we describe what makes a network similar to and different from an
application program or an operating system, which you have studied in earlier chapters. In
investigating networks, you will learn how the concepts of confidentiality, integrity, and
availability apply in networked settings. You will see also that the basic notions of identifi-
cation and authentication, access control, accountability, and assurance are the basis for
network security, just as they have been in other settings.
Networking is growing and changing perhaps even faster than other computing dis-
ciplines. Consequently, this chapter is unlikely to present you with the most current
technology, the latest attack, or the newest defense mechanism; you can read about
those in daily newspapers and at web sites. But the novelty and change build on what we
know today: the fundamental concepts, threats, and controls for networks. By develop-
ing an understanding of the basics, you can absorb the most current news quickly and
easily. More importantly, your understanding can assist you in building, protecting, and
using networks.
7.1
Network Concepts
To study network threats and controls, we first must review some of the relevant network-
ing terms and concepts. In earlier chapters our study of security has focused on the indi-
vidual pieces of a computing system, such as a single application, an operating system, or
a database. Networks involve not only the pieces but also--importantly--the connections
between them.
Networks are both fragile and strong. To see why, think about the power, cable televi-
sion, telephone, or water network that serves your home. If a falling tree branch breaks the
power line to your home, you are without electricity until that line is repaired; you are vul-
nerable to what is called a
single point of failure
. Similarly, there may be one telephone
trunk line or water main that serves your home and those nearby; a failure can leave your
building, street, or neighborhood without service. If we trace back through the network
from your home to the source of what flows through it, we are likely to see that the main
distribution lines support an entire city or campus using redundancy. That is, there is more
than one way to get from the source to your neighborhood, enabling engineers to redirect
the flow along alternate paths. It is the redundancy that makes it uncommon for an entire