143
Chapter 11:
Securing Your Network
Internal users accessing systems to carry out criminal activities, such as
embezzling funds.
Internal users compromising the security of the network, such as by
accidentally (or deliberately) introducing viruses to the network. (Viruses are
discussed in their own section later in this chapter.)
Internal users "sniffing" packets on the network to discover user accounts and
passwords.
To deal with threats such as these, you need to manage the network's security
diligently. You should assume that, in the population of internal users, at least some
exist who have the requisite sophistication to explore security holes in the network
and that at least a few of those might, at some point, try to do so.
NOTE
One of the more unpleasant parts of managing security is that you need to expect the
worst of people, and then you must take steps to prevent those actions you expect. In other words,
a certain amount of paranoia is required. It's not a pleasant mindset, but it is required to do a good
job in the security arena. Remember, too, that you're likely to get better results if you hire an outside
firm to help manage the network's security. Not only should the outside firm have a higher skill level
in this area, but its workers will be used to thinking as security people, and they will have invaluable
experience gained from solving security problems at other companies. Perhaps even more
important, using an external firm doesn't put employees in the position of being in an adversarial
relationship with other employees.
Account Security
Account security refers to the process of managing the user accounts enabled on the
network. A number of tasks are required to manage user accounts properly, and the
accounts should be periodically audited (preferably by a different person than the one
who manages them daily) to ensure that no holes exist. Following are a number of
general steps you should take to manage general account security:
Most network operating systems start up with a user account called Guest.
You should remove this account immediately, because it is the frequent target
of crackers (a hacker is a person who likes to explore and understand systems,
while a cracker is a person who breaks into systems with malicious intent). You
should also avoid creating accounts that are obviously for testing purposes,
such as Test, Generic, and so forth.
Most network operating systems start up with a default name for the
administrative account. Under Windows server operating systems, the account
is called Administrator; under NetWare, it is called either Supervisor or Admin
(depending on which version you are using). You should immediately rename
this account to avoid directed attacks against the account. (Under NetWare 3.x,
you cannot rename the Supervisor account.)