which your company’s NOS is not installed, and that do not possess the appropriate configu-
rations and data necessary to operate in your environment. The twenty-five client machines
stored there might be in a similar state. In addition, you might have a router, a switch, and two
access points at the cold site, but these might also require configuration to operate in your
environment. Finally, the cold site would not necessarily have Internet connectivity, or at least
not the same type as your network used. Supposing you followed good backup practices and
stored your backup media at the cold site, you would then need to restore operating systems,
applications, and data to your servers and clients, reconfigure your connectivity devices, and
arrange with your ISP to have your connectivity restored to the cold site. Even for a small net-
work, this process could take weeks.
A warm site is a place where the computers, devices, and connectivity necessary to rebuild a
network exist, with some appropriately configured, updated, or connected. For example, a ser-
vice provider that specializes in disaster recovery might maintain for you a duplicate of each of
your servers in its data center. You might arrange to have the service provider update those
duplicate servers with your backed-up data on the first of each month, because updating the
servers daily is much more expensive. In that case, if a disaster occurs in the middle of the
month, you would still need to update your duplicate servers with your latest weekly or daily
backups before they could stand in for the downed servers. Recovery from a warm site can take
hours or days, compared to the weeks a cold site might require. Maintaining a warm site costs
more than maintaining a cold site, but not as much as maintaining a hot site.
A hot site is a place where the computers, devices, and connectivity necessary to rebuild a net-
work exist, and all are appropriately configured, updated, and connected to match your net-
work’s current state. For example, you might use server mirroring to maintain identical copies
of your servers at two WAN locations. In a hot site contingency plan, both locations would
also contain identical connectivity devices and configurations, and thus be able to stand in for
the other at a moment’s notice. As you can imagine, hot sites are expensive and potentially time
consuming to maintain. For organizations that cannot tolerate downtime, however, hot sites
provide the best disaster recovery option.
Chapter Summary
◆ Integrity refers to the soundness of your network’s files, systems, and connections. To
ensure their integrity, you must protect them from anything that might render them

unusable, such as corruption, tampering, natural disasters, and viruses. Availability of
a file or system refers to how consistently and reliably it can be accessed by autho-
rized personnel.
◆ Several basic measures can be employed to protect data and systems on a network:
(1) Prevent anyone other than a network administrator from opening or changing
the system files; (2) monitor the network for unauthorized access or changes; (3)
record authorized system changes in a change management system; (4) use redun-
dancy for critical servers, cabling, routers, hubs, gateways, NICs, hard disks, power
602 Chapter 13
ENSURING INTEGRITY AND AVAILABILITY
NET+
3.12
supplies, and other components; (5) perform regular health checks on the network;
(6) monitor system performance, error logs, and the system log book regularly; (7)
keep backups, boot disks, and emergency repair disks current and available; and (8)
implement and enforce security and disaster recovery policies.
◆ A virus is a program that replicates itself so as to infect more computers, either
through network connections or through external storage devices passed among
users. Viruses may damage files or systems, or simply annoy users by flashing mes-
sages or pictures on the screen or by causing the computer to beep.
◆ Any type of virus may have additional characteristics that make it harder to detect and
eliminate. Such viruses may be encrypted, stealth, polymorphic, or time-dependent.
◆ A good antivirus program should be able to detect viruses through signature scan-
ning, integrity checking, and heuristic scanning. It should also be compatible with
your network environment, centrally manageable, easy to use (transparent to users),
and not prone to false alarms.
◆ Antivirus software is merely one piece of the puzzle in protecting your network from
viruses. An antivirus policy is another essential component. It should provide rules
for using antivirus software and policies for installing programs, sharing files, and using
floppy disks.

◆ A failure is a deviation from a specified level of system performance for a given
period of time. A fault, on the other hand, is the malfunction of one component of a
system. A fault can result in a failure. The goal of fault-tolerant systems is to prevent
faults from progressing to failures.
◆ Fault tolerance is a system’s capacity to continue performing despite an unexpected
hardware or software malfunction. It can be achieved in varying degrees. At the
highest level of fault tolerance, a system is unaffected by even a drastic problem,
such as a power failure.
◆ As you consider sophisticated fault-tolerance techniques for servers, routers, and
WAN links, remember to address the environment in which your devices operate.
Protecting your data also involves protecting your network from excessive heat or
moisture, break-ins, and natural disasters.
◆ Networks cannot tolerate power loss or less than optimal power and may suffer downtime
or reduced performance due to blackouts, brownouts (sags), surges, and line noise.
◆ A UPS is a battery power source directly attached to one or more devices and to a
power supply, which prevents undesired features of the power source from harming
the device or interrupting its services. UPSs vary in the type of power aberrations
they can rectify, the length of time they can provide power, and the number of
devices they can support.
◆ A standby UPS provides continuous voltage to a device by switching virtually
instantaneously to the battery when it detects a loss of power from the wall outlet.
Upon restoration of the power, the standby UPS switches the device to use A/C
power again.
Chapter 13 603
CHAPTER SUMMARY
◆ An online UPS uses the A/C power from the wall outlet to continuously charge its bat-
tery, while providing power to a network device through its battery. In other words, a
server connected to an online UPS always relies on the UPS battery for its electricity.
◆ For utmost fault tolerance in power supply, a generator is necessary. Generators can
be powered by diesel, liquid propane gas, natural gas, or steam. They do not provide

surge protection, but they do provide noise-free electricity.
◆ Network topologies such as a full mesh WAN or a star-based LAN with a parallel
backbone offer the greatest fault tolerance. A SONET ring also offers high fault tol-
erance, because of its dual-ring topology.
◆ When components are hot swappable, they have identical functions and can automatically
assume the functions of their counterpart if it suffers a fault. They can be changed (or
swapped) while a machine is still running (hot). Hot swappable components are some-
times called hot spares.
◆ Critical servers often contain redundant NICs, processors, and/or hard disks to pro-
vide better fault tolerance. These redundant components provide assurance that if
one fails, the whole system won’t fail, and they enable load balancing.
◆ A fault-tolerance technique that involves utilizing a second, identical server to dupli-
cate the transactions and data storage of one server is called server mirroring. Mir-
roring can take place between servers that are either side by side or geographically
distant. Mirroring requires not only a link between the servers, but also software
running on both servers to enable the servers to continually synchronize their
actions and to permit one to take over in case the other fails.
◆ Clustering is a fault-tolerance technique that links multiple servers together to act as a
single server. In this configuration, clustered servers share processing duties and appear as
a single server to users. If one server in the cluster fails, the other servers in the cluster
automatically take over its data transaction and storage responsibilities.
◆ An important storage redundancy feature is a RAID (Redundant Array of Indepen-
dent (or Inexpensive) Disks). All types of RAID use shared, multiple physical or
logical hard disks to ensure data integrity and availability; some designs also increase
storage capacity and improve performance. RAID is either hardware- or software-
based. Software RAID can be implemented through operating system utilities.
◆ RAID Level 0 is a simple version of RAID in which data is written in 64-KB
blocks equally across all of the disks in the array, a technique known as disk striping.
Disk striping is not a fault-tolerant method, because if one disk fails, the data con-
tained in it will be inaccessible.

◆ RAID Level 1 provides redundancy through a process called disk mirroring, in
which data from one disk is automatically copied to another disk as the information
is written. This option is considered a dynamic data backup. If one disk in the array
fails, the disk array controller automatically switches to the disk that was mirroring
the failed disk.
604 Chapter 13
ENSURING INTEGRITY AND AVAILABILITY
◆ RAID Level 3 involves disk striping with parity error correction code. Parity refers
to the integrity of the data as expressed in the number of 1s contained in each group
of correctly transmitted bits. In RAID Level 3, parity error checking takes place
when the data is written across the disk array.
◆ RAID Level 5 is the most popular fault-tolerant data storage technique in use today.
In RAID Level 5, data is written in small blocks across several disks; parity error
checking information is also distributed among the disks.
◆ NAS (network attached storage) is a dedicated storage device attached to a
client/server network. It uses its own file system but relies on a traditional network trans-
mission method such as Ethernet to interact with the rest of the client/server network.
◆ A SAN (storage area network) is a distinct network of multiple storage devices and
servers that provides fast, highly available, and highly fault-tolerant access to large
quantities of data for a client/server network. A SAN uses a proprietary network
transmission method (such as Fibre Channel) rather than Ethernet.
◆ A backup is a copy of data or program files created for archiving or safekeeping. If you do
not back up your data, you risk losing everything through a hard disk fault, fire, flood, or
malicious or accidental erasure or corruption. Backups should be stored on separate media
(other than the backed-up server), and these media should be stored off-site.
◆ Backups can be saved to optical media (such as CDs and DVDs), tapes, external
disk drives, or to another location on a network. Of these, tape backups remain pop-
ular because of their reliability, storage capacity, and speed. Tape backups require a
tape drive connected to the network, software to manage and perform backups, and
backup media.

◆ A full backup copies all data on all servers to a storage medium, regardless of
whether the data is new or changed. An incremental backup copies only data that
has changed since the last full or incremental backup, and unchecks the archive bit
for files it backs up. A differential backup copies only data that has changed since
the last full or incremental backup, but does not uncheck the archive bit for files it
backs up.
◆ The aim of a good backup rotation scheme is to provide excellent data reliability but
not to overtax your network or require much intervention. The most popular backup
rotation scheme is called “grandfather-father-son.” This scheme combines daily
(son), weekly (father), and monthly (grandfather) backup sets.
◆ Disaster recovery is the process of restoring your critical functionality and data after
an enterprise-wide outage that affects more than a single system or a limited group
of users. It must account for the possible extremes, rather than relatively minor out-
ages, failures, security breaches, or data corruption. In a disaster recovery plan, you
should consider the worst-case scenarios, from a hurricane to a military or terrorist
attack.
Chapter 13 605
CHAPTER SUMMARY
◆ Every organization should have a disaster recovery team (with an appointed coordi-
nator) and a disaster recovery plan. The plan should address not only computer sys-
tems, but also power, telephony, and paper-based files.
◆ To prepare for recovery after a potential disaster, you can maintain (or a hire a ser-
vice to maintain for you) a cold site, warm site, or hot site. A cold site contains the
elements necessary to rebuild a network, but none are appropriately configured and
connected. Therefore, restoring functionality from a cold site can take a long time. A
warm site contains the elements necessary to rebuild a network, and only some of
them are appropriately configured and connected. A hot site is a precise duplicate of
the network’s elements, all properly configured and connected. This allows an orga-
nization to regain network functionality almost immediately.
Key Terms

archive bit—A file attribute that can be checked (or set to “on”) or unchecked (or set to “off ”)
to indicate whether the file needs to be archived. An operating system checks a file’s archive
bit when it is created or changed.
array—A group of hard disks.
availability—How consistently and reliably a file, device, or connection can be accessed by
authorized personnel.
backup—A copy of data or program files created for archiving or safekeeping.
backup rotation scheme—A plan for when and how often backups occur, and which backups
are full, incremental, or differential.
blackout—A complete power loss.
boot sector virus—A virus that resides on the boot sector of a floppy disk and is transferred
to the partition sector or the DOS boot sector on a hard disk. A boot sector virus can move
from a floppy to a hard disk only if the floppy disk is left in the drive when the machine starts.
bot—A program that runs automatically. Bots can spread viruses or other malicious code
between users in a chat room by exploiting the IRC protocol.
brownout—A momentary decrease in voltage, also known as a sag. An overtaxed electrical
system may cause brownouts, recognizable as a dimming of the lights.
CD-R (compact disc - recordable)—A type of compact disc that can be written to only once. It can
store up to 650 MB of data.
CD-RW (compact disc - rewriteable)—A type of compact disc that can be written to more than
once. It can store up to 650 MB of data.
clustering—A fault-tolerance technique that links multiple servers to act as a single server. In
this configuration, clustered servers share processing duties and appear as a single server to
users. If one server in the cluster fails, the other servers in the cluster automatically take over
its data transaction and storage responsibilities.
606 Chapter 13
ENSURING INTEGRITY AND AVAILABILITY
cold site—A place where the computers, devices, and connectivity necessary to rebuild a net-
work exist, but they are not appropriately configured, updated, or connected to match the net-
work’s current state.

cold spare—A duplicate component that is not installed, but can be installed in case of a
failure.
compact disc, recordable—See CD-R.
compact disc, rewriteable—See CD-RW.
differential backup—A backup method in which only data that has changed since the last full
or incremental backup is copied to a storage medium, and in which that same information is
marked for subsequent backup, regardless of whether it has changed. In other words, a differ-
ential backup does not uncheck the archive bits for files it backs up.
disaster recovery—The process of restoring critical functionality and data to a network after
an enterprise-wide outage that affects more than a single system or a limited group of users.
disk duplexing—A storage fault-tolerance technique in which data is continually copied from
one disk to another when it is saved, just as in disk mirroring. In duplexing, however, a sepa-
rate disk controller is used for each different disk.
disk mirroring—A RAID technique in which data from one disk is automatically copied to
another disk as the information is written.
disk striping—A simple implementation of RAID in which data is written in 64-KB blocks
equally across all disks in the array.
ECC (error correction code)—An algorithm used to detect and correct errors. In RAID Lev-
els 3 and 5, for example, a type of ECC known as parity error checking is used.
encrypted virus—A virus that is encrypted to prevent detection.
error correction code—See ECC.
external disk drive—A storage device that can be attached temporarily to a computer.
fail-over—The capability for one component (such as a NIC or server) to assume another com-
ponent’s responsibilities without manual intervention.
failure—A deviation from a specified level of system performance for a given period of time.
A failure occurs when something doesn’t work as promised or as planned.
fault—The malfunction of one component of a system. A fault can result in a failure.
Fibre Channel—A distinct network transmission method that relies on fiber-optic media and
its own, proprietary protocol. Fibre Channel is capable of up to 2-Gbps throughput.
file-infected virus—A virus that attaches itself to executable files. When the infected exe-

cutable file runs, the virus copies itself to memory. Later, the virus attaches itself to other exe-
cutable files.
Chapter 13 607
KEY TERMS
full backup—A backup in which all data on all servers is copied to a storage medium, regard-
less of whether the data is new or changed. A full backup unchecks the archive bit on files it
has backed up.
grandfather-father-son—A backup rotation scheme that uses daily (son), weekly (father),
and monthly (grandfather) backup sets.
hardware RAID—A method of implementing RAID that relies on an externally attached set
of disks and a RAID disk controller, which manages the RAID array.
heuristic scanning—A type of virus scanning that attempts to identify viruses by discovering
“virus-like” behavior.
hot site—A place where the computers, devices, and connectivity necessary to rebuild a net-
work exist, and all are appropriately configured, updated, and connected to match your net-
work’s current state.
hot spare—In the context of RAID, a disk or partition that is part of the array, but used only
in case one of the RAID disks fails. More generally, “hot spare” is used as a synonym for a hot
swappable component.
hot swappable—A characteristic that enables identical components to be interchanged (or
swapped) while a machine is still running (hot). After being installed, a hot swappable com-
ponent automatically assumes the functions of its counterpart.
incremental backup—A backup in which only data that has changed since the last full or incre-
mental backup is copied to a storage medium. After backing up files, an incremental backup
unchecks the archive bit for every file it has saved.
integrity—The soundness of a network’s files, systems, and connections. To ensure integrity,
you must protect your network from anything that might render it unusable, such as corrup-
tion, tampering, natural disasters, and viruses.
integrity checking—A method of comparing the current characteristics of files and disks
against an archived version of these characteristics to discover any changes. The most common

example of integrity checking involves a checksum.
Internet Relay Chat—See IRC.
IRC (Internet Relay Chat)—A protocol that enables users running special IRC client soft-
ware to communicate instantly with other participants in a chat room on the Internet.
load balancing—An automatic distribution of traffic over multiple links, hard disks, or proces-
sors intended to optimize responses.
macro virus—A virus that takes the form of an application (for example, a word-processing or
spreadsheet) program macro, which may execute when the program is in use.
mirroring—A fault-tolerance technique in which one component or device duplicates the
activity of another.
608 Chapter 13
ENSURING INTEGRITY AND AVAILABILITY
NAS (network attached storage)—A device or set of devices attached to a client/server net-
work, dedicated to providing highly fault-tolerant access to large quantities of data. NAS
depends on traditional network transmission methods such as Ethernet.
network attached storage—See NAS.
network virus—A virus that takes advantage of network protocols, commands, messaging pro-
grams, and data links to propagate itself. Although all viruses could theoretically travel across
network connections, network viruses are specially designed to attack network vulnerabilities.
offline UPS—See standby UPS.
online backup—A technique in which data is backed up to a central location over the Inter-
net.
online UPS—A power supply that uses the A/C power from the wall outlet to continuously
charge its battery, while providing power to a network device through its battery.
optical media—A type of media capable of storing digitized data, which uses a laser to write data to
it and read data from it.
parity—The mechanism used to verify the integrity of data by making the number of bits in
a byte sum equal to either an odd or even number.
parity error checking—The process of comparing the parity of data read from a disk with the
type of parity used by the system.

polymorphic virus—A type of virus that changes its characteristics (such as the arrangement
of its bytes, size, and internal instructions) every time it is transferred to a new system, mak-
ing it harder to identify.
RAID (Redundant Array of Independent (or Inexpensive) Disks)—A server redundancy
measure that uses shared, multiple physical or logical hard disks to ensure data integrity and
availability. Some RAID designs also increase storage capacity and improve performance. See
also disk mirroring and disk striping.
RAID Level 0—An implementation of RAID in which data is written in 64-KB blocks
equally across all disks in the array.
RAID Level 1—An implementation of RAID that provides redundancy through disk mir-
roring, in which data from one disk is automatically copied to another disk as the information
is written.
RAID Level 3—An implementation of RAID that uses disk striping for data and writes par-
ity error correction code on a separate parity disk.
RAID Level 5—The most popular fault-tolerant data storage technique in use today, RAID
Level 5 writes data in small blocks across several disks. At the same time, it writes parity error
checking information among several disks.
Chapter 13 609
KEY TERMS
recordable DVD—An optical storage medium that can hold up to 4.7 GB on one single-layered
side. Both sides of the disc can be used, and each side can have up to two layers.Thus, in total, a dou-
ble-layered, two-sided DVD can store up to 17 GB of data. Recordable DVDs come in several dif-
ferent formats.
redundancy—The use of more than one identical component, device, or connection for stor-
ing, processing, or transporting data. Redundancy is the most common method of achieving
fault tolerance.
Redundant Array of Independent (or Inexpensive) Disks—See RAID.
removable disk drive—See external disk drive.
replication—A fault-tolerance technique that involves dynamic copying of data (for example,
an NOS directory or an entire server’s hard disk) from one location to another.

sag—See brownout.
SAN (storage area network)—A distinct network of multiple storage devices and servers that
provides fast, highly available, and highly fault-tolerant access to large quantities of data for a
client/server network. A SAN uses a proprietary network transmission method (such as Fibre
Channel) rather than a traditional network transmission method such as Ethernet.
server mirroring—A fault-tolerance technique in which one server duplicates the transactions
and data storage of another, identical server. Server mirroring requires a link between the servers
and software running on both servers so that the servers can continually synchronize their
actions and one can take over in case the other fails.
signature scanning—The comparison of a file’s content with known virus signatures (unique
identifying characteristics in the code) in a signature database to determine whether the file is
a virus.
software RAID—A method of implementing RAID that uses software to implement and con-
trol RAID techniques over virtually any type of hard disk(s). RAID software may be a third-
party package or utilities that come with an operating system NOS.
standby UPS—A power supply that provides continuous voltage to a device by switching vir-
tually instantaneously to the battery when it detects a loss of power from the wall outlet. Upon
restoration of the power, the standby UPS switches the device to use A/C power again.
stealth virus—A type of virus that hides itself to prevent detection. Typically, stealth viruses
disguise themselves as legitimate programs or replace part of a legitimate program’s code with
their destructive code.
storage area network—See SAN.
surge—A momentary increase in voltage due to distant lightning strikes or electrical problems.
surge protector—A device that directs excess voltage away from equipment plugged into it and
redirects it to a ground, thereby protecting the equipment from harm.
610 Chapter 13
ENSURING INTEGRITY AND AVAILABILITY
tape backup—A relatively simple and economical backup method in which data is copied to
magnetic tapes.
time-dependent virus—A virus programmed to activate on a particular date. This type of virus,

also known as a “time bomb,” can remain dormant and harmless until its activation date
arrives.
Trojan—See Trojan horse.
Trojan horse—A program that disguises itself as something useful, but actually harms your
system.
uninterruptible power supply—See UPS.
UPS (uninterruptible power supply)—A battery-operated power source directly attached to
one or more devices and to a power supply (such as a wall outlet), which prevents undesired
features of the power source from harming the device or interrupting its services.
vault—A large tape storage library.
virus—A program that replicates itself to infect more computers, either through network connec-
tions or through floppy disks passed among users. Viruses may damage files or systems, or simply
annoy users by flashing messages or pictures on the screen or by causing the keyboard to beep.
virus hoax—A rumor, or false alert, about a dangerous, new virus that could supposedly cause
serious damage to your workstation.
volt-amp (VA)—A measure of electrical power. A volt-amp is the product of the voltage and
current (measured in amps) of the electricity on a line.
warm site—A place where the computers, devices, and connectivity necessary to rebuild a net-
work exist, though only some are appropriately configured, updated, or connected to match
the network’s current state.
worm—An unwanted program that travels between computers and across networks. Although
worms do not alter other programs as viruses do, they may carry viruses.
Review Questions
1. _________________________ refers to the soundness of a network’s programs, data,
services, devices, and connections.
a. Availability
b. Heuristic scanning
c. Disk duplexing
d. Integrity
Chapter 13 611

REVIEW QUESTIONS
2. The term _________________________ refers to an implementation in which more
than one component is installed and ready to use for storing, processing, or transport-
ing data.
a. disk mirroring
b. redundancy
c. hot swappable
d. load balancing
3. Which of the following terms implies a fluctuation in voltage levels caused by other
devices on the network or electromagnetic interference?
a. Noise
b. Brownout
c. Surge
d. Cold spare
4. _________________________ is a specialized storage device or group of storage
devices that provides centralized fault-tolerant data storage for a network.
a. Software RAID
b. Offline UPS
c. Network attached storage
d. A Trojan horse
5. A _________________________ is a place where the computers, devices, and con-
nectivity necessary to rebuild a network exist, but they are not appropriately config-
ured, updated or connected.
a. cold site
b. hot spare
c. vault
d. warm site
6. True or false? A recordable DVD can hold up to 4.7 GB on one single-layered side,
and both sides of the disc can be used.
7. True or false? A Trojan horse is a program that replicates itself with the intent to

infect more computers, either through network connections or through the exchange
of external storage devices.
8. True or false? Boot sector viruses are commonly spread from external storage devices
to hard disks.
612 Chapter 13
ENSURING INTEGRITY AND AVAILABILITY
9. True or false? Fault tolerance is the capacity for a system to continue performing
despite an unexpected hardware or software malfunction.
10. True or false? Clustering is a fault tolerance technique in which one device or compo-
nent duplicates the transactions and data storage of another.
11. _________________________ viruses propagate themselves via network protocols,
commands, messaging programs, and data links.
12. A momentary decrease in voltage is known as a(n) _________________________.
13. The term _________________________ refers to identical components that can be
changed while a machine is still running.
14. _________________________ is a fault-tolerance technique that links multiple
servers together to act as a single server.
15. _________________________ is the process of restoring your critical functionality
and data after an enterprise-wide outage that affects more than a single system or a
limited group of users.
Chapter 13 613
REVIEW QUESTIONS
This page intentionally left blank
Network Security
Chapter 14
After reading this chapter and completing the exercises, you will be able to:
■ Identify security risks in LANs and WANs and design security policies
that minimize risks
■ Explain how physical security contributes to network security
■ Discuss hardware- and design-based security techniques

■ Use network operating system techniques to provide basic security
■ Understand methods of encryption, such as SSL and IPSec, that can
secure data in storage and in transit
■ Describe how popular authentication protocols, such as RADIUS,
TACACS, Kerberos, PAP, CHAP, and MS-CHAP, function
■ Understand wireless security protocols, such as WEP,WPA, and 802.11i
I
n the early days of computing, when secured mainframes acted as central hosts and data
repositories that were accessed only by dumb terminals with limited rights, network security
was all but unassailable. As networks have become more geographically distributed and het-
erogeneous, however, the risk of their misuse has also increased. Consider the largest, most het-
erogeneous network in existence: the Internet. Because it contains millions of points of entry,
millions of servers, and millions of miles of transmission paths, it is vulnerable to millions of
break-ins. Because so many networks connect to the Internet, the threat of an outsider access-
ing an organization’s network via the Internet, and then stealing or destroying data, is very
real. In this chapter, you will learn how to assess your network’s risks, how to manage those
risks, and, perhaps most important, how to convey the importance of network security to the
rest of your organization through an effective security policy.
Security Audits
Before spending time and money on network security, you should examine your network’s secu-
rity risks. As you learn about each risk facing your network, consider the effect that a loss of
data, programs, or access would have on your network. The more serious the potential conse-
quences, the more attention you need to pay to the security of your network.
Different types of organizations have different levels of network security risk. For example, if
you work for a large savings and loan institution that allows its clients to view their current
loan status online, you must consider a number of risks associated with data and access. If some-
one obtained unauthorized access to your network, all of your customers’ personal financial data
could be vulnerable. On the other hand, if you work for a local car wash that is not connected
to the Internet and uses its internal LAN only to track assets and sales, you may be less con-
cerned if someone gains access to your network, because the implications of unauthorized access

to your data are less dire. When considering security risks, the fundamental questions are:
“What is at risk?” and “What do I stand to lose if it is stolen, damaged, or eradicated?”
Every organization should assess its security risks by conducting a security audit, which is a
thorough examination of each aspect of the network to determine how it might be compro-
mised. Security audits should be performed at least annually and preferably quarterly. They
should also be performed after making any significant changes to the network. For each threat
listed in the following sections, your security audit should rate the severity of its potential
effects, as well as its likelihood. A threat’s consequences may be severe, potentially resulting in
a network outage or the dispersal of top-secret information, or it may be mild, potentially result-
ing in a lack of access for one user or the dispersal of a relatively insignificant piece of corpo-
rate data. The more devastating a threat’s effects and the more likely it is to happen, the more
rigorously your security measures should address it. Appendix D provides a sample checklist
you can use to perform a fundamental security audit.
If your IT Department has sufficient skills and time for routine security audits, they can be per-
formed in-house. A qualified consulting company can also conduct security audits for your net-
work. The advantage of having an objective third party, such as a consultant, analyze your
network is that he might find risks that you overlooked because of your familiarity with your
environment. Third-party audits may seem expensive, but if your network hosts confidential
and critical data, they are well worth their cost.
In the next section, you will learn about security risks associated with people, hardware, soft-
ware, and Internet access.
Security Risks
As you have learned, natural disasters, viruses, and power faults can damage a network’s data,
programs, and hardware. A security breach, however, can harm a network just as easily and
quickly. To understand how to manage network security, you should first recognize the types
of threats that your network may suffer. Not all security breaches result from a manipulation
of network technology. Instead, some occur when staff members purposely or inadvertently
reveal their passwords; others result from undeveloped security policies.
Chapter 14 617
SECURITY RISKS

Many terms are used to describe those who break into data networks. A hacker, in
the original sense of the word, is someone who masters the inner workings of com-
puter hardware and software in an effort to better understand them. To be called a
hacker used to be a compliment, reflecting extraordinary computer skills. Those who
use their computer skills to destroy data or systems are technically considered crack-
ers. Today, many people use the words hacker and cracker interchangeably, and
many networking professionals have settled on “hacker” as a general term for hackers
and crackers alike. For simplicity’s sake, this chapter uses “hacker” to describe indi-
viduals who gain unauthorized access to voice or data networks, with or without mali-
cious intent.
NOTE
As you read about each security threat, think about how it could be prevented, whether it
applies to your network (and if so, how damaging it might be), and how it relates to other
security threats. Keep in mind that malicious and determined intruders may use one tech-
nique, which then allows them to use a second technique, which then allows them to use a third
technique, and so on. For example, a hacker might discover someone’s user name by watching
her log on to the network; the hacker might then use a password-cracking program to access
the network, where he might plant a program that generates an extraordinary volume of traf-
fic that essentially disables the network’s connectivity devices.
Risks Associated with People
By some estimates, human errors, ignorance, and omissions cause more than half of all secu-
rity breaches sustained by networks. One of the most common methods by which an intruder
gains access to a network is to simply ask a user for his password. For example, the intruder
might pose as a technical support analyst who needs to know the password to troubleshoot a
problem.This strategy is commonly called social engineering, because it involves manipulating social
relationships to gain access. This and other risks associated with people are included in the follow-
ing list:
◆ Intruders or attackers using social engineering or snooping to obtain user passwords
◆ An administrator incorrectly creating or configuring user IDs, groups, and their
associated rights on a file server, resulting in file and logon access

vulnerabilities
◆ Network administrators overlooking security flaws in topology or hardware configu-
ration
◆ Network administrators overlooking security flaws in the operating system or appli-
cation configuration
◆ Lack of proper documentation and communication of security policies, leading to
deliberate or inadvertent misuse of files or network access
◆ Dishonest or disgruntled employees abusing their file and access rights
◆ An unused computer or terminal being left logged on to the network, thereby pro-
viding an entry point for an intruder
◆ Users or administrators choosing easy-to-guess passwords
◆ Authorized staff leaving computer room doors open or unlocked, allowing unautho-
rized individuals to enter
◆ Staff discarding disks or backup tapes in public waste containers
◆ Administrators neglecting to remove access and file rights for employees who have
left the organization
◆ Users writing their passwords on paper, then placing the paper in an easily accessible
place (for example, taping it to their monitor or keyboard)
Human errors account for so many security breaches because taking advantage of them is the
easiest way to circumvent network security. Imagine a man named Kyle, who was recently fired
from his job at a local bank. Kyle felt he was unfairly treated, so he wants to take revenge on
his employer. He still has a few friends at the bank. Even though the bank’s network admin-
istrator was wise enough to deactivate Kyle’s user account upon his termination, and even
though the bank has a policy prohibiting employees from sharing their passwords, Kyle knows
618 Chapter 14
NETWORK SECURITY
his friends’ user names and passwords. Nevertheless, the bank’s policy prevents former employ-
ees from walking into its offices.
How might Kyle attain his goal of deleting a month’s worth of client account activity state-
ments? Although the bank has a network security policy, employees such as Kyle’s friends prob-

ably don’t pay much attention to it. Kyle might walk into the bank’s offices, ostensibly to meet
one of his friends for lunch. While in the offices, Kyle could either sit down at a machine where
his friend was still logged on or log on as his friend because he knows his friend’s password.
Once in the system, he could locate the account activity statements and delete them. Alterna-
tively, if the bank allows employees to access the network remotely, Kyle might use a friend’s
user name and password to log on to the bank’s LAN from home.
Risks Associated with Transmission and Hardware
This section describes security risks inherent in the Physical, Data Link, and Network layers
of the OSI Model. Recall that the transmission media, NICs, hubs, network access methods
(for example, Ethernet), bridges, switches, and routers reside at these layers. At these levels,
security breaches require more technical sophistication than those that take advantage of human
errors. For instance, to eavesdrop on transmissions passing through a switch, an intruder must
use a device such as a sniffer, connected to one of the switch’s ports. In the middle layers of the
OSI Model, it is somewhat difficult to distinguish between hardware and software techniques.
For example, because a router acts to connect one type of network to another, an intruder might
take advantage of the router’s security flaws by sending a flood of TCP/IP transmissions to
the router, thereby disabling it from carrying legitimate traffic. You will learn about software-
related risks in the following section.
The following risks are inherent in network hardware and design:
◆ Transmissions can be intercepted (spread-spectrum wireless and fiber-based trans-
missions are more difficult to intercept).
◆ Networks that use leased public lines, such as T1 or DSL connections to the Inter-
net, are vulnerable to eavesdropping at a building’s demarcation point (demarc), at a
remote switching facility, or in a central office.
◆ Network hubs broadcast traffic over the entire segment, thus making transmissions
more widely vulnerable to sniffing. (By contrast, switches provide logical point-to-
point communications, which limit the availability of data transmissions to the send-
ing and receiving nodes.)
◆ Unused hub, router, or server ports can be exploited and accessed by hackers if they
are not disabled. A router’s configuration port, accessible by Telnet, may not be ade-

quately secured.
◆ If routers are not properly configured to mask internal subnets, users on outside net-
works (such as the Internet) can read the private addresses.
◆ Modems attached to network devices may be configured to accept incoming calls,
thus opening security holes if they are not properly protected.
Chapter 14 619
SECURITY RISKS
◆ Dial-in access servers used by telecommuting or remote staff may not be carefully
secured and monitored.
◆ Computers hosting very sensitive data may coexist on the same subnet with comput-
ers open to the general public.
◆ Passwords for switches, routers, and other devices may not be sufficiently difficult to
guess, changed frequently, or worse, may be left at their default value.
Imagine that a hacker wants to bring a library’s database and mail servers to a halt. Suppose
also that the library’s database is public and can be searched by anyone on the Web. The hacker
might begin by scanning ports on the database server to determine which have no protection.
If she found an open port on the database server, the hacker might connect to the system and
deposit a program that would, a few days later, damage operating system files. Or, she may
launch a heavy stream of traffic that overwhelms the database server and prevents it from
functioning. She might also use her newly discovered access to determine the root password
on the system, gain access to other systems, and launch a similar attack on the library’s mail
server, which is attached to the database server. In this way, even a single mistake on one server
(not protecting an open port) can open vulnerabilities on multiple systems.
Risks Associated with Protocols and Software
Like hardware, networked software is only as secure as you configure it to be. This section
describes risks inherent in the higher layers of the OSI Model, such as the Transport, Session,
Presentation, and Application layers. As noted earlier, the distinctions between hardware and
software risks are somewhat blurry because protocols and hardware operate in tandem. For
example, if a router has not been properly configured, a hacker may exploit the openness of
TCP/IP to gain access to a network. Network operating systems and application software pre-

sent different risks. In many cases, their security is compromised by a poor understanding of
file access rights or simple negligence in configuring the software. Remember—even the best
encryption, computer room door locks, security policies, and password rules make no differ-
ence if you grant the wrong users access to critical data and programs.
The following are some risks pertaining to networking protocols and software:
◆ TCP/IP contains several security flaws. For example, IP addresses can be falsified
easily, checksums can be thwarted, UDP requires no authentication, and TCP
requires only weak authentication.
◆ Trust relationships between one server and another may allow a hacker to access the
entire network because of a single flaw.
◆ NOSs may contain “back doors” or security flaws that allow unauthorized users to
gain access to the system. Unless the network administrator performs regular
updates, a hacker may exploit these flaws.
◆ If the NOS allows server operators to exit to a command prompt, intruders could
run destructive command-line programs.
620 Chapter 14
NETWORK SECURITY
◆ Administrators might accept the default security options after installing an operating
system or application. Often, defaults are not optimal. For example, the default user
name that enables someone to modify anything in Windows Server 2003 is called
“Administrator.” This default is well known, so if you leave the default user name as
“Administrator,” you have given a hacker half the information he needs to access and
obtain full rights to your system.
◆ Transactions that take place between applications, such as databases and Web-based
forms, may be open to interception.
To understand the risks that arise when an administrator accepts the default settings associ-
ated with a software program, consider the following scenario. Imagine that you have invited
a large group of computer science students to tour your IT Department. While you’re in the
computer room talking about subnetting, a bored student standing next to a Windows XP
workstation that is logged on to the network decides to find out which programs are installed

on the workstation. He discovers that this workstation has the SQL Server administrator soft-
ware installed. Your organization uses a SQL Server database to hold all of your employees’
salaries, addresses, and other confidential information. The student knows a little about SQL
Server, including the facts that the default administrator user ID is called “sa,” and that, by
default, no password is created for this ID when someone installs SQL Server. He tries con-
necting to your SQL Server database with the “sa” user ID and no password. Because you
accepted the defaults for the program during its installation, within seconds the student is able
to gain access to your employees’ information. He could then change, delete, or steal any of the
data.
Risks Associated with Internet Access
Although the Internet has brought computer crime, such as hacking, to the public’s attention,
network security is more often compromised “from the inside” than from external sources. Nev-
ertheless, the threat of outside intruders is very real, and it will only grow as more people gain
access to the Internet.
Users need to be careful when they connect to the Internet. Even the most popular Web
browsers sometimes contain bugs that permit scripts to access their systems while they’re con-
nected to the Internet, potentially for the purpose of causing damage. Users must also be care-
ful about providing information while browsing the Web. Some sites will capture that
information to use when attempting to break into systems. Bear in mind that hackers are cre-
ative and typically revel in devising new ways of breaking into systems. As a result, new Inter-
net-related security threats arise frequently. By keeping software current, staying abreast of
emerging security threats, and designing your Internet access wisely, users can prevent most of
these threats. Common Internet-related security issues include the following:
◆ A firewall may not be adequate protection, if it is configured improperly. For example, it
may allow outsiders to obtain internal IP addresses, then use those addresses to pretend
that they have authority to access your internal network from the Internet—a process
called IP spoofing. Alternately, a firewall may not be configured correctly to perform even
Chapter 14 621
SECURITY RISKS
its simplest function—preventing unauthorized packets from entering the LAN from

outside. (You will learn more about firewalls later in this chapter.) Correctly configuring a
firewall is one of the best means to protect your internal LAN from Internet-based
attacks.
◆ When a user Telnets or FTPs to your site over the Internet, his user ID and pass-
word are transmitted in plain text—that is, unencrypted. Anyone monitoring the
network (that is, running a network monitor program or a hacking program specially
designed to capture logon data) can pick up the user ID and password and use it to
gain access to the system.
◆ Hackers may obtain information about your user ID from newsgroups, mailing lists,
or forms you have filled out on the Web.
◆ While users remain logged on to Internet chat sessions, they may be vulnerable to
other Internet users who might send commands to their machines that cause the
screen to fill with garbage characters and require them to terminate their chat ses-
sions. This type of attack is called flashing.
◆ After gaining access to your system through the Internet, a hacker may launch
denial-of-service attacks. A denial-of-service attack occurs when a system becomes
unable to function because it has been deluged with data transmissions or otherwise
disrupted. This incursion is a relatively simple attack to launch (for example, a
hacker could create a looping program that sends thousands of e-mail messages to
your system per minute). The easiest resolution of this problem is to bring down the
attacked server, then reconfigure the firewall to deny service (in return) to the
attacking machine. Denial-of-service attacks may also result from malfunctioning
software. Regularly upgrading software is essential to maintaining network security.
An Effective Security Policy
As you have learned, network security breaches can be initiated from within an organization,
and many take advantage of human errors. This section describes how to minimize the risk of
break-ins by communicating with and managing the users in your organization via a thoroughly
planned security policy. A security policy identifies your security goals, risks, levels of author-
ity, designated security coordinator and team members, responsibilities for each team member,
and responsibilities for each employee. In addition, it specifies how to address security breaches.

It should not state exactly which hardware, software, architecture, or protocols will be used to
ensure security, nor how hardware or software will be installed and configured. These details
change from time to time and should be shared only with authorized network administrators
or managers.
Security Policy Goals
Before drafting a security policy, you should understand why the security policy is necessary
and how it will serve your organization. Typical goals for security policies are as follows:
622 Chapter 14
NETWORK SECURITY
◆ Ensure that authorized users have appropriate access to the resources they need.
◆ Prevent unauthorized users from gaining access to the network, systems, programs,
or data.
◆ Protect sensitive data from unauthorized access, both from within and from outside
the organization.
◆ Prevent accidental damage to hardware or software.
◆ Prevent intentional damage to hardware or software.
◆ Create an environment in which the network and systems can withstand and, if nec-
essary, quickly respond to and recover from any type of threat.
◆ Communicate each employee’s responsibilities with respect to maintaining data
integrity and system security.
Chapter 14 623
AN EFFECTIVE SECURITY POLICY
A company’s security policy may not pertain exclusively to computers or networks.
For example, it might state that each employee must shred paper files that contain
sensitive data or that each employee is responsible for signing in his visitors at the
front desk and obtaining a temporary badge for them. Non-computer-related aspects
of security policies are beyond the scope of this chapter, however.
NOTE
After defining the goals of your security policy, you can devise a strategy to attain them. First,
you might form a committee composed of managers and interested parties from a variety of

departments, in addition to your network administrators. The more decision-making people
you can involve, the more supported and effective your policy will be. This committee can assign
a security coordinator, who will then drive the creation of a security policy.
To increase the acceptance of your security policy in your organization, tie security
measures to business needs and clearly communicate the potential effects of secu-
rity breaches. For example, if your company sells clothes over the Internet and a two-
hour outage (as could be caused by a hacker who uses IP spoofing to gain control of
your systems) could cost the company $1 million in lost sales, make certain that
users and managers understand this fact. If they do, they are more likely to embrace
the security policy.
TIP
A security policy must address an organization’s specific risks. To understand your risks, you
should conduct a security audit that identifies vulnerabilities and rates both the severity of
each threat and its likelihood of occurring, as described earlier in this chapter. After risks are
identified, the security coordinator should assign one person the responsibility for addressing
that threat.
Security Policy Content
After your risks are identified and responsibilities for managing them are assigned, the policy’s
outline should be generated with those risks in mind. Some subheadings for the policy might
include the following: Password policy; Software installation policy; Confidential and sensitive
data policy; Network access policy; E-mail use policy; Internet use policy; Modem use policy;
Remote access policy; Policies for connecting to remote locations, the Internet, and customers’
and vendors’ networks; Policies for use of laptops and loaner machines; and Computer room
access policy. Although compiling all of this information might seem daunting, the process
ensures that everyone understands the organization’s stance on security and the reasons it is so
important.
The security policy should explain to users what they can and cannot do and how these mea-
sures protect the network’s security. Clear and regular communication about security policies
make them more acceptable and better understood. One idea for making security policies
more sustainable is to distribute a “security newsletter” that keeps security issues fresh in

everyone’s mind. Perhaps the newsletter could highlight industry statistics about significant
security breaches and their effect on the victimized organizations.
Another tactic is to create a separate section of the policy that applies only to users. Within the
users’ section, divide security rules according to the particular function or part of the network
to which they apply. This approach makes the policy easier for users to read and understand;
it also prevents them from having to read through the entire document. For example, in the
“Passwords” section, guidelines might include: “Users may not share passwords with friends or
relatives”; “users must choose passwords that exceed six characters and are composed of both
letters and numbers”; and “users should choose passwords that bear no resemblance to a spouse’s
name, pet’s name, birth date, anniversary, or other widely available information.”
A security policy should also define what “confidential” means to the organization. In general,
information is confidential if it could be used by other parties to impair an organization’s func-
tioning, decrease customers’ confidence, cause a financial loss, damage an organization’s status,
or give a significant advantage to a competitor. However, if you work in an environment such
as a hospital, where most data is sensitive or confidential, your security policy should classify
information in degrees of sensitivity that correspond to how strictly its access is regulated. For
example, “top-secret” data may be accessible only by the organization’s CEO and vice presi-
dents, whereas “confidential” data may be accessible only to those who must modify or create
it (for example, doctors or hospital accountants).
624 Chapter 14
NETWORK SECURITY
Response Policy
Finally, a security policy should provide for a planned response in the event of a security breach.
The response policy should identify the members of a response team, all of whom should clearly
understand the security policy, risks, and measures in place. Each team member should be
assigned a role and responsibilities. Like a disaster recovery response team, the security response
team should regularly rehearse their defense by participating in a security threat drill. Some
suggestions for team roles are the following:
◆ Dispatcher—The person on call who first notices or is alerted to the problem. The
dispatcher notifies the lead technical support specialist and then the manager. She

creates a record for the incident, detailing the time it began, its symptoms, and any
other pertinent information about the situation. The dispatcher remains available to
answer calls from clients or employees or to assist the manager.
◆ Manager—This team member coordinates the resources necessary to solve the prob-
lem. If in-house technicians cannot handle the break-in, the manager finds outside
assistance. The manager also ensures that the security policy is followed and that
everyone within the organization is aware of the situation. As the response ensues,
the manager continues to monitor events and communicate with the public relations
specialist.
◆ Technical support specialist—This team member focuses on only one thing: solving
the problem as quickly as possible. After the situation has been resolved, the techni-
cal support specialist describes in detail what happened and helps the manager find
ways to avert such an incident in the future. Depending on the size of the organiza-
tion and the severity of the incident, this role may be filled by more than one person.
◆ Public relations specialist—If necessary, this team member learns about the situation
and the response, then acts as official spokesperson for the organization to the pub-
lic.
After resolving a problem, the team reviews what happened, determines how it might have
been prevented, then implements those measures to prevent future problems. A security pol-
icy alone can’t guard against intruders. Network administrators must also attend to physical,
network design, and network operating system vulnerabilities, as described in the following
sections.
Physical Security
An important element in network security is restricting physical access to its components. At
the very least, only authorized networking personnel should have access to computer rooms. If
computer rooms are not locked, intruders may easily steal equipment or sabotage software and
hardware. For example, a malicious visitor could slip into an unsecured computer room and take
control of a NetWare server where an administrator is logged on, then steal data or reformat
the server’s hard disk. Although a security policy defines who has access to the computer
room, locking the computer room is necessary to keep unauthorized individuals out.

Chapter 14 625
PHYSICAL SECURITY
It isn’t only the computer room that must be secured. Think of all the points at which your sys-
tems or data could be compromised: hubs or switches in a wiring closet, an unattended work-
station at someone’s desk, an equipment room or entrance facility where your leased line to the
Internet terminates, or a storage room for archived data and backup tapes. If a wiring closet is
left unlocked, for example, a prankster could easily enter, grab a handful of wires, and pull
them out of the patch panels.
Locks may be either physical or electronic. Many large organizations require authorized
employees to wear electronic access badges. These badges can be programmed to allow their
owner access to some, but not all, rooms in a building. Figure 14-1 depicts a typical badge access
security system.
626 Chapter 14
NETWORK SECURITY
FIGURE 14-1 Badge access security system
A less expensive alternative to the electronic badge access system consists of locks that require entrants
to punch a numeric code to gain access. For added security, these electronic locks can be combined
with key locks. A more expensive solution involves bio-recognition access, in which a device scans
an individual’s unique physical characteristics, such as the color patterns in her iris or the geom-
etry of her hand, to verify her identity. On a larger scale, organizations may regulate entrance
through physical barriers to their campuses, such as gates, fences, walls, or landscaping.
Many IT departments also use closed-circuit TV systems to monitor activity in secured rooms.
Surveillance cameras may be placed in computer rooms, telco rooms, supply rooms, and data
storage areas, as well as facility entrances. A central security office may display several camera
views at once, or it may switch from camera to camera. The video footage generated from