Security issues in networks with Internet access

This paper describes the basic principles of designing and administering a relatively secure network. The principles are illustrated by describing the security issues a hypothetical company faces as the networks that support its operations evolve from strictly private, through a mix of Internet and private nets, to a final state in which the Internet is finally integrated into its operations and the company participates in international electronic commerce. At each stage, the vulnerabilities and threats that the company faces, the countermeasures that it considers, and the residual risk the company accepts are noted. Network security policy and services are discussed, and a description of Internet architecture and vulnerabilities provides additional technical detail underlying the scenario. Lastly, a number of building blocks for secure networks are presented that can mitigate some of the vulnerabilities.

[1]  Yakov Rekhter,et al.  Dynamic Updates in the Domain Name System (DNS UPDATE) , 1997, RFC.

[2]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[3]  Peter Wayner,et al.  Digital cash - commerce on the net , 1995 .

[4]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[5]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[6]  David Ferbrache,et al.  Malicious Software and Hacking , 1997, Inf. Secur. J. A Glob. Perspect..

[7]  조국현,et al.  [서평]Internetworking with TCP/IP , 1996 .

[8]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[9]  Steven M. Bellovin,et al.  Problem Areas for the IP Security Protocols , 1996, USENIX Security Symposium.

[10]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[11]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[12]  Eugene H. Spafford,et al.  Writing, supporting, and evaluating tripwire: a publically available security tool , 1994 .

[13]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[14]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[15]  S. Bradner,et al.  IPng: Internet protocol next generation , 1996 .

[16]  D. M. Goldschlag,et al.  Security issues in networks with Internet access : Global information infrastructure , 1997 .

[17]  Simson L. Garfinkel,et al.  Practical UNIX and Internet Security , 1996 .

[18]  Paul V. Mockapetris,et al.  Domain names - concepts and facilities , 1987, RFC.

[19]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[20]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[21]  Gary McGraw,et al.  Java security: hostile applets, holes&antidotes , 1997 .

[22]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[23]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[24]  Gary McGraw,et al.  Java Security , 1996 .

[25]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[26]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[27]  Jr. Allen B. Tucker,et al.  The Computer Science and Engineering Handbook , 1997 .

[28]  T. Chen Network And Internet Security (Guest Editorial) , 1997 .

[29]  Carl E. Landwehr,et al.  Protection (Security) Models and Policy , 1997, The Computer Science and Engineering Handbook.

[30]  F. T. Grampp,et al.  The UNIX system UNIX operating system security , 1984, AT&T Bell Laboratories Technical Journal.

[31]  R. Mateosian Practical Unix and Internet Security, 2nd ed. [Books] , 1996, IEEE Micro.

[32]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[33]  P. Hoffman Internet Draft , 1998 .

[34]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[35]  Donald E. Eastlake Secure Domain Name System Dynamic Update , 1997, RFC.

[36]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.