The impact of active network devices mis-configuration in network security



Similar documents
Troubleshooting and Maintaining Cisco IP Networks Volume 1

Cisco Certified Network Expert (CCNE)

Lab Organizing CCENT Objectives by OSI Layer

Tim Bovles WILEY. Wiley Publishing, Inc.

(d-5273) CCIE Security v3.0 Written Exam Topics

Securing Cisco Network Devices (SND)

IINS Implementing Cisco Network Security 3.0 (IINS)

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Cisco Certified Security Professional (CCSP)

Software-Defined Network Management

Securing end devices

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

8 Steps for Network Security Protection

8 Steps For Network Security Protection

RuggedCom Solutions for

Managing Enterprise Security with Cisco Security Manager

WAN Failover Scenarios Using Digi Wireless WAN Routers

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

CCIE Security Written Exam ( ) version 4.0

Interconnecting Cisco Networking Devices Part 2

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

- Introduction to PIX/ASA Firewalls -

Cisco RV 120W Wireless-N VPN Firewall

Course Contents CCNP (CISco certified network professional)

Configuring the Transparent or Routed Firewall

SSVP SIP School VoIP Professional Certification

Chapter 1 The Principles of Auditing 1

IPv6 Fundamentals, Design, and Deployment

Implementing Cisco IOS Network Security

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Tech-Note Bridges Vs Routers Version /06/2009. Bridges Vs Routers

Managing Enterprise Security with Cisco Security Manager

Securing Networks with PIX and ASA

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $

Cisco RV215W Wireless-N VPN Router

Recommended IP Telephony Architecture

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

EX 3500 ETHERNET SWITCH

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Chapter 1 Personal Computer Hardware hours

Associate in Science Degree in Computer Network Systems Engineering

Configuring IPsec VPN with a FortiGate and a Cisco ASA

: Interconnecting Cisco Networking Devices Part 2 v1.1

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Cisco Networking Professional-6Months Project Based Training

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

ealize Your Potential AR200 Series Enterprise Routers Brochure

SSVVP SIP School VVoIP Professional Certification

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Best Practices for Securing IP Telephony

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

ADTRAN 3120 / 3130 Internet Configuration Guide

Developing Network Security Strategies

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Creating a VPN with overlapping subnets

Cisco RV180 VPN Router

Cisco RV110W Wireless-N VPN Firewall

Using IPsec VPN to provide communication between offices

Cisco Actualtests Exam Questions & Answers

CURSO DE PREPARACION PARA LA CERTIFICACION CCNA (Cisco Certified Network Associate)

ISOM3380 Advanced Network Management. Spring Course Description

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Gigabit Multi-Homing VPN Security Router

MPLS VPN Security BRKSEC-2145

Logical & Physical Security

Both CCNP ROUTE and CCNP SWITCH. Plan and document the most common maintenance functions in complex enterprise networks

Building Secure Network Infrastructure For LANs

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

CompTIA Network+ (Exam N10-005)

Cisco RV220W Network Security Firewall

Computer Network Engineering

Gigabit Content Security Router

CCNA Security v1.0 Scope and Sequence

Security Considerations in IP Telephony Network Configuration

50 Cragwood Rd, Suite 350 South Plainfield, NJ Victoria Commons, 613 Hope Rd Building #5, Eatontown, NJ 07724

Switching in an Enterprise Network

How To Set Up A Cisco Rv110W Wireless N Vpn Network Device With A Wireless Network (Wired) And A Wireless Nvv (Wireless) Network (Wireline) For A Small Business (Small Business) Or Remote Worker

Interconnecting Cisco Networking Devices: Accelerated (CCNAX) 2.0(80 Hs) 1-Interconnecting Cisco Networking Devices Part 1 (40 Hs)

How To Learn Cisco Cisco Ios And Cisco Vlan

Magnum Network Software DX

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Cisco RV110W Wireless-N VPN Firewall

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Contents. Features Major Functions. Detailed Specifications. c SAMSUNG Electronics Co.,Ltd.

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

Network Virtualization Network Admission Control Deployment Guide

Configuring SSH Sentinel VPN client and D-Link DFL-500 Firewall

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

Table of Contents. Introduction

Transcription:

The impact of active network devices mis-configuration in network security Research Design 1. Background: Adversaries take advantage of the fact that network devices may become less securely configured over time as users demand exceptions for specific and temporary business needs, and network administrators honor those exceptions in order to support business operations. Despite these kinds of intentional configurations, network administrators make configuration mistakes when configuring their network devices, as seen in some studies below. Good examples of the network devices which can be mis-configured are firewalls and routers. Firewalls are intended to be security appliances, but they will perform this task only if they are configured properly, while routers, though their main purpose is not security, they can be configured to achieve security goals. Configuring network devices is a complex and error-prone task which require skills, experience, and convenient working environment. Several studies [1,2,3,4] have shown that network devices mis-configurations are common and can have adverse impact to the operations of a network. Mis-configurations can compromise the security of an entire network or even cause global disruptions to Internet connectivity and availability of resources. In his study of firewalls engines, Wool[1] pointed out that complex rule sets are apparently too difficult for administrators to manage effectively. We can also see that Feamster and Balakrishnan[3] found 1000 plus errors in the router configurations of 17 networks. Configuration problem in

network have long been a source of adverse impacts and unforeseen cost for most organizations. The above studies and many others in the area of network security have suggested/implemented engineering solutions to the underlying problem of network devices mis-configurations. The study we are planning to do is intended to follow a scientific approach to solving the problem by first researching and understanding the underlying problem area, then... The study will increase the security of the organizations networks by unveiling the different configuration mistakes performed by network administrators in current 1 active network devices, and the level of severity of the security challenges they can cause to an organization. By knowing these mistakes, it will be easier for administrator to take extra care while configuring the devices in order to avoid repeating the same mistakes. We believe that, currently, the administrators are repeating the same mistakes in configuration because there are no enough studies done in this area and therefore no enough literature. 2. Problem statement Active network devices mis-configurations have long being happening as shown in the researchers above. A number of organization security challenges are a result of poor network devices configurations, and have costed organizations for years. Network equipments such as routers (wired and wireless) and firewalls provide organizations with desired secure computing environment if they are well configured and updated. Unfortunately, what is considered proper configuration of these devices require a lot of skills, experience, and convenient working environment apart from other factors. 1 Available literature on devices mis-configurations is based on researches done more than five years ago. We believe that the advance in technology over past five years have changed the situation; the mis-configuration on the devices five years back might not be the same on current devices.

Several engineering solutions have been proposed for this problem area but still no one has shown existence of a decrease in network devices mis-configuration and therefore calls upon a more scientific approach to solving this problem. 3. Research Objective/Goal The main objective of this research is to enhance network security by minimizing possibilities for network administrators to mis-configure network devices (e.g routers and firewalls). Specific 1. Get to know the details of network administration job position 2. Know typical configurations of different network devices 3. Identify what device configuration actions are likely to cause vulnerabilities in the network 4. Identify common mis-configurations done during the configuration of network devices. 5. Identify which vulnerabilities are caused by which mis-configurations. 6. Categorize the vulnerabilities caused by devices mis-configurations depending on the effects they have in the security of an organization. 4. Research questions 1. What are the details (activities, skills, time etc) involved with network administration job? 2. What configuration actions are performed by network administrators in network devices? 3. What configuration actions are likely to introduce vulnerabilities in the network? 4. What are the common mistakes in these configuration actions?

5. Which vulnerabilities are results of which devices mis-configurations? 6. Which vulnerabilities (and why) are critical to network security, and which are not? 5. Hypotheses 6.1. Null Hypothesis (Ho): Improper configuration of network devices has no impact on the network security of an organization. 6.2 Alternative Hypothesis (H1): Improper configuration of network devices has impact on the network security of an organization. 6. Methodology 6.1. Population and sample The sample will be non-probability in phase I and probability in phase II. In phase I a group of experts in three organizations in U.S.A (as mentioned below) will be selected; and in phase II the sample will be selected randomly from a population of large sized (more than 3000 employees) organizations in Tanzania and U.S.A. The subjects of this study will be network administrators/engineers in the selected organizations. The specific organizations to be explored are: Phase I will involve experts from organizations in U.S.A, that is Cisco, Internet2 and NCSU; in this sample we expect to get expert insights of the network administration. Phase II will involve organizations in both countries (Tanzania and U.S.A), that is in Tanzania the organizations will be Tanzania Education and Research Network (TERNET), Tanzania E-governance Agency (EGA), Open University of Tanzania(OUT), Tanzania People Defense Force(TPDF) and Seacom. In U.S.A the organizations will be Google,. The selection of these organizations is partly based on availability of social connections and therefore easy of getting access to interviewees and information; and partly based on the extent of security required in these organizations.

6.2. Instruments and Procedures Data about the details of network administration job will be collected from previous publications and in-depth interviews with experts (phase I). Then, in order to understand the details of network device configuration and their effects in network security, self-administered questionnaire and interviews research methods will be used, where questionnaire will be given to the subjects, and interviews will follow thereafter to ensure that we correctly captured all the aspects of the subject s responses. The questionnaire and the interviews will focus on the configuration of active network devices (routers, switches and firewalls). Areas of main focus Device Configurations Details Routers Basic configurations 1. Global parameters 2. WAN and LAN interfaces 3. Static and dynamic routes 4. IGRP and EGRP 5. DHCP and VLANs 6. Dial backup and Remote management 7. Command line access Security configurations 1. Authentication, Authorization, Accounting 2. Security server protocols 3. NAT and 4. VPN, IPsec tunnel, and IKE

5. Public Key Infrastructure 6. Secure Infrastructure (Autosecure, login block, IP source tracker etc) Switches 1. Authentication, Authorization, Accounting 2. Port security and 3. VLANs (management, voice, and normal traffic separation), secure VTP 4. Logging and debugging 5. Spanning tree 6. MACsec encryption 7. Trustsec 8. ARP inspection 9. DoS inspection 10. DHCP snooping 11. IP source guard 12. Traffic storm control 13. Network Admission control 14. Discovery protocol 15. SPAN and RSPAN 16. RMON 17. Network security with ACLs

18. QoS 19. Multicast routing 20. Online diagnostics Firewalls 1. Service policies 2. Access Control Policies and Lists 3. Inspection rules (applications) 4. Connection settings and QoS 5. Advanced Network Protection(cloud web security, botnet traffic filter, threat detection etc) 6.3. Analyzing the data After collecting the data, coding will be done, and SPSS will be used to analyze the data. It is preferred that an external person be used to code the data, but there is difficulties involved in this option due to the studentship environment, therefore the researcher herself will code the data. Raw data will be made available for replication purposes 6.4. Reporting the findings The findings from this research will be reported in form of a research report which will be presented to the committee of my CSC 890-Doctorial Preliminary Exam. From this report a paper will be written to be presented to one of security related conferences, and form one of the NCSU Science of Security Lablet publications.

Among the many sections of the report, there will be a section where findings will be reported without interpretation in order to avoid influencing reader s interpretations of the findings; and then the interpretation section will follow where researcher s interpretations from the findings will be reported. 7. References 1. A. Wool, A quantitative study of firewall configuration errors, IEEE Computer, vol. 37, no. 6, pp. 62 67, Jun. 2004. 2. F. Le, S. Lee, T. Wong, H. Kim, and D Newcomb, Detecting Network-Wide and Router-Specific Misconfigurations through Data Mining IEEE/ACM transactions on networking, VOL. 17, NO. 1, Feb. 2009 3. N. Feamster and H. Balakrishnan, Detecting BGP configuration faults with static analysis in Proc. NSDI, Boston, MA, May 2005, online. 4. R. Mahajan, D. Wetherall, and T. Anderson, Understanding BGP Misconfiguration, in Proc. ACM SIGCOMM 2002, ACM Press, pp. 3-16, 2002

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information