Network security -- Taking the layered approach

By Andrew R. Hickey, Senior News Writer 10 Jan 2007 | SearchNetworking.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

Using that as a baseline, author and security expert Michael Gregg wrote Hack the Stack, a new network security book that not only acknowledges the layered approach to security but also plays that against the popular seven-layer OSI stack model.

"Hack the Stack takes a look at security and kind of approaches it in a different way," Gregg said in a recent interview. "People look at security in a layered approach. We wanted to look at the layered approach with the OSI model and look at it that way."

In the book's title, the word "hack" does not signify malicious intent. Instead, it encourages networking and security pros to dig into their systems and learn how they work in order to determine where vulnerabilities or security holes may lie. Gaining a better understanding and deeper knowledge of how TCP/IP systems work will lead to tighter security, Gregg said.

And though the seven layers of the OSI model -- physical, data link, network, transport, session, presentation and application -- are fairly well known, Gregg said, one of the first steps to taking an OSI approach to network security is understanding the mythical eighth layer -- people.

"People are a big part of security," he said, noting that their actions and behaviors while on the network and their overall attitudes can have a great impact on security and how an enterprise pursues it.

From the physical layer to the application layer -- and the "people layer" -- Hack the Stack dissects security risks at each level and offers practical and cost-effective countermeasures to protect against them.

According to Gregg, many companies tend to ignore the physical layer when trying to secure the network, but physical security is becoming extremely important.

"You can have the best logical security, but if you don't have any physical control, that means nothing," he said, adding that the loss of physical security can leave the network totally exposed.

For more information Check out a chapter from Hack the Stack Read some expert answers from Michael Gregg

From the physical layer, the book continues through the other layers. For example, it teaches how to attack and defend the data link layer and examines methods such as ARP spoofing, MAC flooding and the use of honeytokens. On the session layer, it shows how tools can be used maliciously -- session hijacking, for instance -- or for protection.

Hack the Stack also looks into IP attacks and relays how spoofing and evasion can undermine the network layer. It teaches how to detect scans and understand port scanning techniques. It analyzes how to protect confidentiality with IPsec and has tips to avoid hijack.

"Each chapter is set up with vulnerabilities and exposures and presents countermeasures," Gregg said. "At the end of each chapter, we give a step-by-step project."

The projects are fairly simple ways to ensure that each level of the stack is secured.

"Our target was not only the security guy," Gregg said. "Our thought on this was security doesn't just involve the security guy. We tried to reach out to get programmers, network guys, applications guys. We tried to reach everyone. That's the way we designed it. At each layer, there's something there that each of these groups can do to boost that layer's security."

Even if enterprises can't complete the projects at each of the seven layers, Gregg said, they still provides defense in depth. And each project consists mostly of easily obtainable, low-cost or open source software."

Tags: The OSI Model,  Network Security Monitoring and Analysis,  IP Networking,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT The OSI Model Which OSI layers are network managers responsible for? What network monitoring tools monitor all OSI layers? How do routers and switches differ in the OSI model? How can I define the layered approach to protocols? How does a Layer 3 switch work in a network? OSI -- Securing the stack OSI: Securing the Stack, Layer 8 -- Social engineering and security policy OSI: Securing the Stack, Layer 7 -- Applications OSI: Securing the Stack, Layer 6 -- Encryption Is it possible to convert a Layer 2 switch to a Layer 3 switch? Network Security Monitoring and Analysis Where can I find a sample security audit report? How can I run my own? The firewall remains the network traffic cop, but its role is changing Troubleshooting VLANs: How to monitor 802.1q tagged traffic Poor data-loss prevention practices almost cost Intel a billion How can I block my competitor's IP address range from my website? Hospital gains network visibility by convincing vendors to collaborate What software monitors and locks users from accessing my router? Data leak prevention starts with trusting your users NagVis -- 'Nagios: System and Network Monitoring, Second Edition,' Chapter 18 What is a genetic algorithm and where can I learn more about them online? IP Networking What is IP? Connect your LAN to the Internet using static or dynamic NAT Using tracert and TTL to troubleshoot network connectivity problems Test your TCP/IP protocol stack to troubleshoot network connectivity Checking IP configuration to troubleshoot Windows network connectivity Does IPv6 abandon TCP/IP fragmentation? VLANs versus IP subnets: Why use a VLAN over IP subnetting? Difference between circuit-switching and packet-switching in examples Can Network Address Translation work without static IP addresses? Why are TCP/IP networks considered unsecured?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary ES-IS  (WhatIs.com) FTAM  (SearchNetworking.com) layer 2  (SearchNetworking.com) Network layer  (SearchNetworking.com) OSI  (SearchNetworking.com) physical layer  (SearchNetworking.com) Session layer  (SearchNetworking.com) Technical Office Protocol  (SearchNetworking.com) TP0-TP4  (SearchNetworking.com) Transport Services Access Point  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary