The network has become the lifeblood of today’s corporation. Where issues of network management and information security were once considered necessary evils, they are now considered business necessities. There was a time when the management of a network consisted of the simple task of identifying when an object (network device, application, etc.) was down. Similarly, security was a relatively simple matter of requiring passwords on all user accounts. Today, availability requirements and sophisticated attack technologies can result in unforeseen complications during the installation and integration of supposedly interoperable networking products.
Security managers and network managers are often at odds during the design, implementation and operation of a network. Highly secure networks are often perceived as nearly unmanageable, because the security system limits management access to controlled devices. Conversely, managed networks today are highly vulnerable to attack, due to weaknesses in network management security. Negotiating a peaceful settlement is often the fine art of balancing risks and benefits, understanding the impact of both technical and operational decisions, and creating a solution to minimize both the management and security challenges.
Understanding the "Costs" of Security
Recent studies by the Computer Security Institute (CSI) and the Federal Bureau of Investigation (FBI) indicate that the number of reported security incidents is increasing dramatically every year. Current nationwide estimates show that more than $300 billion dollars are lost annually, due to insufficient information security measures.
What are the risks? One of the primary responsibilities of security personnel is to envision what security breaches might occur, and how they might come about. Information risks are generally divided into three categories: confidentiality, integrity and availability. A breach of confidentiality can result in soft-costs (such as loss of competitive advantage or public image), or it may result in hard-costs associated with lawsuits resulting from losing containment on third-party information assets (such as credit or medical records).
A loss of integrity can result in lost data or corrupted information resulting in erroneous decisions and lost productivity. Similarly, if critical information becomes unavailable, productivity is diminished, and decision-making capacity is reduced.
Understanding the primary goals of the entire organization, as well as the specific section of the organization being considered, allows the security budget and staff to be allocated to the highest priority risks first. The triangle of confidentiality, integrity and availability can be used to rapidly describe the relative importance of each of these types of concerns.
What’s at stake? The goal of the security professional is to design a defense system that is appropriate to the risks at hand. A critical question that needs to be answered is: "What are we trying to protect?" The next question is: "What is it worth?"
In order to answer these questions properly, an inventory of significant information assets must be developed, and that inventory must list each significant asset’s value, at least in terms of an order of magnitude. Consider the cost of reconstructing the data, either by hand or from backups (if they exist), the value of the competitive advantage that asset affords, and the decisions that are based upon timely access to that information. There are a great number of factors that need to be considered when placing a value on information assets. It’s easy to assign huge numbers to information assets, but the appropriate numbers are often elusive.
Without a clear understanding of the realistic value of information assets, and the actual probability of threats, all security decisions fall into the realm of guesses. Actual decisions require detailed actuarial data. Management must make business decisions as to what level of risk is acceptable, and what risks must be mitigated. It is the role of the security professional to provide management with the information necessary to make informed business decisions. This includes:
• Asset inventory, including estimated value.
• Risks to each asset, including probability.
• Risk reduction options, including cost and net probability.
Dispelling the Myths of Security’s Impact on Productivity
There is a commonly held belief that strong security impinges upon productivity. This is true, if the policies and systems do not reflect the business goals and processes of the organization, or if the security architecture is incompletely implemented. A well-constructed security environment can increase overall productivity and operational inefficiency, resulting in a security system that can actually provide a profitable return on the investment.
Reducing Human Error. The primary source of information loss is simple human error. Accidental file deletion, or failure to keep virus data dictionaries up to date, can lead to serious data loss and can increase operating costs by engaging system administrators in file restorations or virus eradication operations.
An effective security plan, including end user security awareness training, will greatly reduce these recurring costs. The technical security implementation can act as a guiding system, keeping workers on track by providing automated protections against common errors.
Creating "Natural" Security Policies and Systems. The principal failing of most security implementations results from the attempt by the security administrator to exhibit complete control over all actions on the network.
In reality, what is needed is a clear record of what actions have taken place, and a system of technology and policy which provides clear accountability for those actions.
Often, corporations implement security policies that merely state "corporate information systems are provided for corporate business purposes only. All other use is prohibited." This is hardly realistic.
A more natural policy would state "corporate information systems are provided for corporate business purposes. personal, non-profit use is permitted provided that such use consumes only a trivial amount of resources and does not impact the corporation’s ability to conduct business."
This policy allows for the amount of personal use of online systems that will occur, and will therefore engender end user support of the policy. It also places worker productivity problems back in the hands of management, rather than in the hands of the security administrator.
Security systems that place an unreasonable burden on the end users will be circumvented almost immediately, and workers will not report violations of a policy that they consider unreasonable.
Network Management Roadblocks Caused by Security
It is very easy to create a security environment that is too strict, creating roadblocks to the effective uses of the systems being protected. The same is true for network management. Modern security systems use a variety of techniques to maintain control over information and information systems, and some of these create major difficulties for network management applications.
Encrypting Management Messages/ VPN Models. VPN can be a very effective way to maintain the confidentiality and integrity of information as it traverses unsecured networks. VPN technology encrypts data prior to transmission, and decrypts it upon reception. There are two modes for this operation: payload encapsulation and tunneling systems.
Tunneling systems encrypt an entire IP packet. The packet is then wrapped in another IP header and transmitted to the destination, flagged as encrypted data. The receiving system unwraps the encrypted packet, decrypts it and processes it. The tunnel end-points may be intermediate systems, routers in the path of the traffic or the end stations.
Payload encapsulation encrypts the data portion of an IP packet. The packet header remains the same, but the data within the frame is readable only by the proper receiver.
Both VPN technologies can create management difficulties in that these processes increase network latency, and reduce a network manager’s ability to isolate problems in IP data. Tunneling can run counter to effective routing, and keeping routing tables and VPN end-points synchronized is often a manual process that is poorly managed and dramatically increases recurring costs.
Automatic Incident Response Handling. Most security devices have the ability to detect and respond automatically to a variety of well-known attacks. Manufacturers typically configure these products to "fail-secure" in the event of a major threat. This means that, if a significant attack is detected, the device shuts off communication until an operator can manually address the threat and restore the device to proper operation.
This fail-secure behavior is not what network managers typically want. Instead, these devices need to be configured such that they fail in a predictable and planned way. Depending upon the primary concerns for the systems being protected, some devices may well be configured differently than others.
Network Address Translation Effects. Many networks now use private address spaces for internal networks, and use Network Address Translation technology at the borders. This insulates the interior network from the vagaries of ISPs and non-portable network addresses. It also provides an access control mechanism by hiding some internal machines and preventing any access to them from the Internet.
This NAT technology can be a nightmare for network managers. Translation is typically accomplished by extracting the data portion of an IP packet and inserting it in a new, fabricated header. However, SNMP data is filled with IP addresses at various locations, and if the header and data do not match, the management system may interpret the data incorrectly, or not at all.
This can lead to incorrectly reported traps, configuration changes to the wrong device, or even field technicians dispatched to the wrong city. It can even result in entire sections of the network never being managed at all, or requiring a second management center to be built on the other side of a translator.
There are a few new companies that are trying to develop SNMP translators, but we have yet to find one on the market. At this time, the only solution is to manage the actual system addresses, and ignore the translated addresses.
Negotiating a Peaceful Settlement
It is important to recognize that that both security and network management are important to the health of the network, and, therefore, to the health of the organization. Since neither of these efforts can be ignored, the technical staff must find a way to meet both needs as effectively as possible.
Security professionals need to accept that network management is a critical application that must be supported by the security infrastructure. Network management personnel need to realize that without proper security controls in place, their operational costs are going to increase, and their uptime goals won’t be achieved.
The network operation center typically has pervasive access to all devices, which the security organization can use to facilitate centralized logging and centralized multisystem, multievent intrusion detection. Network operations personnel can handle some incident response procedures. The security system can make use of network operations center facilities to send security traps, and tie into automated trouble-ticketing systems.
One of the main goals of network management is to increase the availability of network resources. To assist in this effort, a security system should be adopted that helps prevent unauthorized modification of network equipment and facilitates the confidentiality of network operations center information bases.
An information security organization’s goal of ensuring the confidentiality, integrity, and availability of proprietary information can be greatly facilitated through the use of network management access and infrastructures. Indeed, it is crucial to integrate the functions of both operations, whenever possible.