Why secure your network? By Manuel Cereijo Some of us can remember a time when securing a network environment was a far easier than it seems to be today. As long as every user had a password and the correct levels of file permissions had been set, we could go to sleep at night confident that our network environment was relatively secure.. This confidence may or may not have been justified, but at least we felt secure. Then along came the Internet and everything changed. The Internet has accelerated at an amazing rate the pace at which information is disseminated. Increased awareness of security also brings increased responsibility. This greatly increases the urgency of deploying security-related fixes as soon as they are developed., So, along with all of our other responsibilities, we need to maintain a good security posture. The first problem is where to begin. An ever-increasing threat is not the destruction of data, but its theft and compromise. This is usually referred to as industrial, or corporate, espionage. It is a viable threat to any organization that has proprietary or confidential information-especially when the compromise of that data would leave the organization legally liable. Before you decide how to best safeguard your network, you should identify the level of protection you wish to achieve. Begin by analyzing your network to determine what level of fortification you actually require. Then proceed to perform a risk analysis. That is, to identify the assets you wish to protect and the potential threats against them. External attacks can come from many diverse sources. If you are in a highly competitive business, an ambitious competitor may see a benefit in attacking your network. This can take the form of stealing designs or financial statements. How prone you may be to competitors' attacks relates directly to how competitive your business is. Organizations that are well known or frequently in the public eye can become subjects of attack simply due to their level of visibility. A would-be attacker may attempt to infiltrate a well-known site with the hope that a successful attack will bring with it some level of notoriety. Assets for any group, corporation, or organization typically fall into one of four categories: physical resources; intellectual resources; time resources; perception resources. A risk analysis is the process of identifying these asserts and needs to answers questions such as: What assets do I need to protect?; From what sources am I trying to protect these assets: Who may wish to compromise my network and to what gain?; What is the immediate cost if an asset is compromised?; What is the cost of recovering from an attack or failure?; How can these assets be protected in a cost-effective manner? You must consider how much security will cost when determining what level of protection is appropriate for your networking environment. For example, it would probably be overkill for a five-user architectural firm with no remote access to hire a full-time security expert. Likewise, it would be unthinkable for a bank to allow outside network access without regard to any form of security measures or policies. Unfortunate, most of us fall somewhere in between these two networking examples. So? We face some difficult security choices. APPENDIX IAs our reliance on computers has grown, so has our vulnerability to cyber attack. Virtually every critical infrastructure system in this country, whether it be transportation, power, communications, or finance, operates in cyberspace. It is a huge problem, and there are few people trained in the science, or art, of computer security. We need to have intelligence, we need to monitor our systems all the time, to detect very early warnings. Take digital steganography, a technique for hiding data in seemingly innocuous messages. While it has many legitimate uses, it is also increasingly being used by terrorist groups and countries. However, the effort of a group of engineers has just develop a software package designed to detect digital steganography. A cyberattack that shut down power to an hospital or prevent fuel delivery in the dead of winter can cost lives. In 1997 a US military exercise tested the country's preparedness against a cyberattack. The NSA had hired 35 hackers to invade the Defense Department's 40,000 computer networks. By the end of the exercise, the hackers had gained root level access to at least 36 of the networks-enough to shut down the power of several major cities and take control of a navy cruiser. We must be ready, ready if our enemies try to use computers to disable power grids, banking, communications and transportation networks, police, fire and health services, or military assets. APPENDIX IISince 1998, in spite that very little has been written about the Bejucal base in Cuba, Cuba's system of international communications surveillance is in full operation. Most of what has been written has been ignored by US and European authoritities. Bejucal is an electronic espionage base used by the Cuban military intelligence to intercept and process international communications passing via communications satellites. Other parts of the same system intercept messages from the Internet, from undersea cables, from radio transmissions, from secret equipment installed inside embassies, or use orbiting satellites to monitor signals anywhere on the earth's surface. The world's most secret electronic surveillance system has its main origin in the former Soviet Union Lourdes base in Cuba.. In a deeper sense, it results from the invention of radio and the fundamental nature of telecommunications. The creation of radio permitted governments and other communicators to pass messages to receivers over transcontinental distances. But there was a penalty - anyone else could listen in. Previously, written messages were physically secure (unless the courier carrying them was ambushed, or a spy compromised communications). The invention of radio thus created a new importance for cryptography, the art and science of making secret codes. It also led to the business of signals intelligence, now an industrial scale activity. Dozens of advanced nations use sigint as a key source of intelligence. Even smaller European nations such as Denmark, the Netherlands or Switzerland have recently constructed small, stations to obtain and process intelligence by eavesdropping on civil satellite communications. All of them are smaller than Cuba's Bejucal, and none of them are so close to the United States. Everything produced in the Bejucal sigint base is marked by hundreds of special codewords that "compartmentalize" knowledge of intercepted communications and the systems used to intercept them. The scale and significance of the global surveillance system has been transformed since 1980. The arrival of low cost wideband international communications has created a wired world. But few people are aware that the first global wide area network (WAN) was not the internet, but the international network connecting sigint stations and processing centers. By the early 1970s, the laborious process of scanning paper printouts for names or terms appearing on the "watch lists" had begun to be replaced by automated computer systems. These computers performed a task essentially similar to the search engines of the internet. Prompted with a word, phrase or combination of words, they will identify all messages containing the desired words or phrases. Their job, now performed on a huge scale, is to match the "key words" or phrases of interest to intelligence agencies to the huge volume of international communications, to extract them and pass them to where they are wanted. During the 1980s, the NSA developed a "fast data finder" microprocessor that was optimally designed for this purpose. It was later commercially marketed, with claims that it "the most comprehensive character-string comparison functions of any text retrieval system in the world". A single unit could work with: *trillions of bytes of textual archive and thousands of online users, or gigabytes of live data stream per day that are filtered against tens of thousands of complex interest profiles. Although different systems are in use, the key computer system at the heart of a modern sigint station's processing operations is the "Dictionary". Bejucal contains a Dictionary. Portable versions are even available, and can be loaded into briefcase-sized units known as "Oratory" 10 . The Dictionary computers scan communications input to them, and extract for reporting and further analysis those that match the profiles of interest. In one sense, the main function of Dictionary computers are to throw most intercepted information away. The "common" automated processing equipment (ADPE) in the Bejucal base include the following elements:
· Local management subsystem
· Remote management subsystem There are 10 satellite antennas at Bejucal . There were 12 at Lourdes New methods which have been developed during the 1990s available to recognize the "topics" of phone calls, and allow to automate the processing of the content of telephone messages Under the rubric of "information warfare", the sigint bases also hope to overcome the ever more extensive use of encryption by direct interference with and attacks on targeted computers. These methods include information stealing viruses, software audio, video, and data bugs, and pre-emptive tampering with software or hardware ("trapdoors"). SatellitesSatellite communications provide the relaying of data, telephone, transoceanic and national TV signals. Most communication satellites are placed in geostationary orbit (GEO), located at 22,300 miles above the equator. The most used frequencies for these satellites are: 6GHz uplink, 4GHZ downlink, or 14 GHZ uplink and 12 GHZ downlink. Each satellite has a number of transponders aboard to amplify the received signal from the uplink and to down convert the signal for transmission on the down link. Most transponders are designed for bandwidth of 36, 54, or 72 MHZ. China has converted an ICBM base at Taiyuan, southwest of Beijing, into a satellite- launching center. China is only the third country in the world to operate recoverable satellites, which can bring photographic film and experimental specimens back to earth. The first satellite to be launched on Earth in the 21st century was a test of the Shenzhou-2 unmanned spaceship on January 9, 2001. China has launched 10 space vehicles since January 2001 up to date. This is twice the annual rate of the 1990s.
|