An Unauthorized Lan Access

Published Date: 02 Nov 2017

LAN SECURITY

Introduction

A LAN, or local area network, is a network of computers deployed in a small geographic area such as an office complex, building, or campus.

Local area networks (LANS) have become a major tool for many organizations in meeting data processing and data communication needs. In LAN, computers interconnect to each other to share resources like files, printers and services. LAN’s of various banks, financial institutes, and corporations store a lot of customer information like social security numbers, driver’s license and other sensitive information’s such as purchasing profiles. Over the years, although network security has increased, the frequency of attacks on the network has also increased (vacca).Many organizations use large LANs internally and also connect to public networks, such as the Internet. By doing so, organizations increase their exposure to threats from intruder activity (nist security handbook).In a corporate network LAN’s, securing the data is of paramount importance as the network is constantly under attack from hackers. Apart from the security threats by hackers there is also the threat of espionage by competitive companies. A competitor may hijack the resources such as web services; domain name services leading to Denial of Service.

There are three objectives of the network security

Confidentiality: Only authorized users have access to the network.

Integrity: Data cannot be modified by unauthorized users.

Access: Security must be designed so that authorized users have uninterrupted access to data (vacca).

Threats and Vulnerabilities

A threat can be any person, object, or event that, if realized, could potentially cause damage to the LAN. Threats can be malicious, such as the intentional modification of sensitive information, or can be accidental, such as an error in a calculation, or the accidental deletion of a file. Threats can also be acts of nature, i.e. flooding, wind, lightning, etc.

Vulnerabilities are flaws in a LAN that can be exploited by a threat resulting in loss. For example, unauthorized access (the threat) to the LAN could occur by an outsider guessing an obvious password. The vulnerability exploited is the poor password choice made by a user. Reducing or eliminating the vulnerabilities of the LAN can reduce or eliminate the risk of threats to the LAN. For example, a tool that can help users choose robust passwords may reduce the chance that users will utilize poor passwords, and thus reduce the threat of unauthorized LAN access (FIPS).

This paper discusses the various vulnerabilities of a LAN that an IT manager faces and the how the IT manager can mitigate these vulnerabilities.

Unauthorized LAN Access

A LAN provides designated users with shared access to hardware, software, and data.Unauthorized access to LAN resources is one of the greatest LAN vulnerability.. Unauthorized LAN access occurs when someone, who is not authorized to use the LAN, gains access to the LAN (Fips).This access type can be internal or external(intruder).

Password: Password sharing/capturing/guessing allows an unauthorized user to have the LAN access and privileges of a legitimate user; with the legitimate user's knowledge and acceptance. Unauthorized LAN access can occur by exploiting the password vulnerabilities like poor password management, easy guess password.

Network access: An unauthorized access to network nodes like switches, hubs or routers on LAN can be used by intruder to launch denial of service attacks. A network entry point and exit point are the most vulnerable network element. The most common threats from network are hijacking of resources such as Domain Name Service, antivirus, web services leading to DoS or distributed DoS attacks.(vacca)

Unauthorized access may occur simply because the access rights assigned to the resource are not assigned properly. However, unauthorized access may also occur because the access control mechanism or the privilege mechanism is not granular enough.

Loss of Data Confidentiality

Confidentiality is providing access and disclosure of information only to authorized user and preventing access to unauthorized users. The disclosure of LAN data or software occurs when the data or software is accessed, read and possibly released to an individual who is not authorized for the data results in loss of data confidentiality. The loss of data confidentiality can cause a company not only financial expenses but can also cause it to lose its reputation resulting in loss of customers. Improper access control, lack of data encryption policy and general display of monitors or printouts are some of the vulnerability that an attacker can use to cause to disrupt an Organization’s information systems.

2.1.4 Loss of Data Integrity

When an unauthorized changes are made to data or software it results in loss of data integrity (Fips). Data integrity is critical to any organization that maintains electronic records including: corporations, governmental agencies, non-profit organizations, service groups, medical practices and educational institutions. If the integrity of records is compromised, the impact on the organization could be horrific, resulting in financial records being exposed, the theft of customer or client identities, the exposure of strategic initiatives, loss of business, and even the malicious transfer of funds, all of which are potential outcomes, when an organization’s database technologies are compromised.(Hallman,Stahl and Ahmadov). PCs are especially vulnerable to viruses and related malicious software (e.g., Trojan horse, logic bomb, worm). An executing program, including a virus-infected program, has access to most things in memory or on disk. A PC LAN is also highly vulnerable, because any PC can propagate an infected copy of a program

2.1.5 Disclosure of LAN Traffic

The disclosure of LAN traffic occurs when someone who is unauthorized listens on the traffic in LAN that is intended for authorized user. Transmitting data in plaintext over LAN and inadequate protection of LAN devices compromises LAN security (Goodrich). LAN traffic can be compromised by listening and capturing traffic transmitted over the LAN transport media like tapping into a network cable, listening to traffic transmitted over the air, misusing a provided network connection by attaching an analysis device (FIPs).

Spoofing of LAN Traffic

Data that is transmitted over a LAN should not be altered in an unauthorized manner as a result of that transmission, either by the LAN itself, or by an intruder. It is expected by LAN users the message sent, is received unmodified. Spoofing of LAN traffic involves an attacker masquerading as a legitimate endpoint and sending or receiving messages on LAN. For example an attacker can modify the ARP messages sent on a LAN to launch man-in-the-middle attack. The lack of message authentication or digital signature, timestamp and identification verification make LAN vulnerable to ARP spoofing kind of attacks.

2.1.7 Disruption of LAN Functions

A LAN is a tool, used by an organization, to share information and transmit it from one location to another. A disruption of functionality occurs when the LAN cannnot provide the needed functionality in an acceptable, timely manner. A disruption can interrupt one type of functionality or many. A disruption of LAN functionalities can occur by exploiting the following types of vulnerabilities:

Vulnerabilities

inability to detect unusual traffic patterns (i.e. intentional flooding),

inability to reroute traffic, handle hardware failures, etc,

configuration of LAN that allows for a single point of failure,

unauthorized changes made to hardware components (reconfiguring addresses on workstations, modifying router or hub configurations, etc.), a improper maintenance of LAN hardware,

Improper physical security of LAN hardware. (FIPS)

LAN Security Management

A security service is the collection of mechanisms, procedures and other controls that are implemented to help reduce the risk associated with threat. For example, the identification and authentication service helps reduce the risk of the unauthorized user threat. Some services provide protection from threats, while other services provide for detection of the threat occurrence. An example of this would be a logging or monitoring service. The following services will be discussed in this section:

Identification and authentication - is the security service that helps ensure that the LAN is accessed by only authorized individuals.

Access control - is the security service that helps ensure that LAN resources are being utilized in an authorized manner.

Data and message confidentiality - is the security service that helps ensure that LAN data, software and messages are not disclosed to unauthorized parties.

Data and message integrity - is the security service that helps ensure that LAN data, software and messages are not modified by unauthorized parties.

Non-repudiation - is the security service by which the entities involved in a communication cannot deny having participated. Specifically the sending entity cannot deny having sent a message (non-repudiation with proof of' origin) and the receiving entity cannot deny having received a message (non-repudiation with proof of delivery).

Logging and Monitoring - is the security service by which uses of LAN resources can be traced throughout the LAN.

2.2.1 Identification and Authentication

User identification and authentication (verification) controls are used to verify the identity of a station, originator, or individual prior to allowing access to the system, or specific categories of information within the system. Identification involves the identifier or name by which the user is known to the LAN in some manner. This is usually based on an assigned userid. However the LAN cannot trust the validity that the user is in fact, who the user claims to be, without being authenticated. Authentication is the process of "proving" that the individual is actually the person associated with the identifier. A user can be authenticated using various mechanisms such as passwords, biometrics or token. Passwords are the most common authentication method used to control LAN access. An organization must have a password policy established by management to prevent passwords from being guessed or cracked. Password policies like password expiration, no reusable passwords strong passwords policies are the first step in defense of network.

Password-only mechanisms are vulnerable to password cracking and password capturing attacks.. Because of the vulnerabilities that still exist with the use of password-only mechanisms, more robust mechanisms can be used like token-based authentication and the use of biometrics. Locking mechanisms for LAN devices, workstations, or PCs that require user authentication to unlock can be useful to users who must leave their work areas frequently. These locks allow users to remain logged into the LAN and leave their work areas (for an acceptable short period of time ) without exposing an entry point into the LAN (FIPS).

2.2.2 Access Control

This service protects against the unauthorized use of LAN resources, and can be provided by the use of access control mechanisms and privilege mechanisms. Access control is the selective restriction of access to a place or other resource. For example, some information must be accessible to all users, some may be needed by several groups or departments, and some should be accessed by only a few individuals. The users must have access to the information they need to do their jobs, it may also be required to deny access to non-job-related information.

Access control can be achieved by using discretionary access control , mandatory access control or role based access control. Discretionary access control is the most common type of access control used by LANS.

A LAN operating system may implement user profiles, capability lists or access control lists to specify access rights for many individual users and many different groups. Using these mechanisms allows more flexibility in granting different access rights to different users, which may provide more stringent access control for the file (or directory). (FIPS).

These access controls can also be used to restrict usage between servers on the LAN. Network access control is a set of protocols that define and implement policies to access the systems and resources in a network(umuc). NAC’s ensures that whoever is connecting to within LAN complies with the minimum basic requirements of corporate security policy standards. This ensures that the laptops/computers are compliant with minimum patching level scans and antivirus definition levels before being allowed to connect to LAN.

2.2.3 Data and Message Confidentiality

These controls provide protection for data that must be held in confidence and protected from unauthorized disclosure. As a front line protection, this service may incorporate mechanisms associated with the access control service, but can also rely on encryption to provide further secrecy protection. Encryption is a means of encoding (scrambling) data so that they are unreadable. When the data are received, the reverse scrambling takes place. The scrambling and descrambling requires an encryption capability at either end and a specific key, either hardware or software to code and decode the data. Encryption allows only authorized users to have access to applications and data.

It is very difficult to control unauthorized access to LAN traffic as it is moved through the LAN. For most LAN users, this is a realized and accepted problem. The use of encryption reduces the risk of someone capturing and reading LAN messages in transit by making the message unreadable to those who may capture it. Only the authorized user who has the correct key can decrypt the message once it is received.

Explain some encryption methods public private

2.2.4 Data and Message Integrity

It is very important that the traffic flowing through the LAN is not modified in transit. The unauthorized modification can be intentional or accidental. It is not possible to stop the modification of data but it is possible to detect the modification using check-sums (fips).To protect the message integrity tools like message authentication code are used.MAC is a type of cryptographic checksum that accepts as input a secret key an arbitrary-length message to be authenticated, and outputs a tag which is the cryptographic checksum of key and message (vacca).The sender and receiver both share the symmetric key. Sender after tagging sends the message to receiver. The receiver verifies the message by recomputing the tag using key and message and comparing the result with the tag input. If they do not match an unauthorized modification is assumed else the message is declared authentic. The data and message integrity service also helps to ensure that a message is not altered, deleted or added to in any manner during transmission.

2.2.5 Non-repudiation

Non-repudiation is a property achieved through cryptographic methods which prevents an individual or entity from denying having performed a particular action related to data. If two parties are exchanging some digital document like emails , it is important to protect data so that the recipient has confidence that the document was indeed created by the sender and was not altered in transit.The chief way that nonrepudiation property is achieved is through the use of digital signatures.Digital signature

2.2.6 Logging and Monitoring

Detection controls monitor the network for any malicious activity on a network or computer that might constitute a breach of security (umuc). Intrusion etection system is a software or hardware system that collects information from various system and network resources to detect intrusion (vacca).In a LAN environment the IDS sits at the perimeter of a network and monitors the incoming and outgoing traffic patterns. IDS are designed to protect LAN from attacks such as port scans, denial of service attacks, malware attacks arp spoofing and dns cache poisioning (Goodrich).If such an activity occurs, the intrusion detection system and/or firewall first registers the attack and then sends an alert to notify the system administrator of the event.

Logging is an important consideration in security. Proper logging information not only helps in solving the intrusion problem but also provides the auditing mechansism for LAN. Depending on the extensiveness of the logging, the detected event should be traceable throughout the system. Some of the information that should be logged on LAN are failed authentication attempts, failed file or resource access attempts, modification of user and group accounts (vacca).