Security Concepts

This section provides an introduction to security concepts and terminology. It is not intended as a complete tutorial on the subject. Many good books have been written on the subject. Please see this book's Failed Cross Reference Format for suggested reading on security.

Security Goals

The goals of a good security policy are simple to describe, if not to attain. They are to ensure that only authorized people gain access to the system, that communications on the network are kept private from outsiders, and that data being communicated is kept safe. The terms defined in this section are those commonly used to describe these security goals.

Authentication

Authentication is verifying that a person requesting access is who he or she claims to be. Knowing who is making a request for service, or is sending a piece of information, is crucial to the security of the ISP's system. Technology that provides authentication (such as what Sun^TM Internet Administrator^TM provides for administrators), assures the system that a message is coming from a trusted source, and not from an intruder pretending to be a legitimate user.

Any technology that requires a login before granting access is providing some user authentication. Signed certificates, which can be used with the SunScreen^TM SKIP product, offer a strong form of authentication.

Authorization (Access Control)

Authorization ensures that a given (authenticated) person is allowed access to the requested system resources or data. Even legitimate users are not all allowed root access, for example.

Sun Internet Administrator provides access control, limiting the access of ISP administrators to only those services that they need to manage while doing their jobs.

Accountability

Accountability is the concept of knowing who performed what actions. This is not so much a security guarantee as a way of identifying the source of trouble and removing that user from the system. In Solaris ISP Server, accountability is achieved through a thorough logging of administrator actions. Be sure to examine (audit) the logs regularly to catch any questionable activity.

Privacy

Given the public nature of the Internet, the privacy of data on the wire is of prime importance. You need to know that an intruder cannot listen to communications and pick up user passwords to be used later to gain access to your systems. Data passed between computers must be protected from being read by unauthorized individuals.

Cryptography can ensure the privacy of network communications. The SSL technology in Sun WebServer provides encryption of information accessed over the Web. The SunScreen SKIP software provides encryption of all IP traffic between interfaces on your network.

Data Integrity

Integrity is knowing that the message sent by a legitimate user is identical to that received by the system, and that its content has not been altered along the way. Clearly this is a significant security requirement, given the potentially disastrous effects of an intruder adding dangerous code to the end of an innocuous message. These "Trojan horse" attacks can frequently be devastating.

Encryption of the data, particularly strong encryption coupled with signed certificate authentication, provides data integrity by making it practically impossible for an intruder to modify a legitimate user's message. SunScreen^TM SKIP provides this technology in Solaris ISP Server.

Types of Attacks on Network Security

This section describes some of the most common types of attacks on a network connected to the Internet.

Denial of Service Attacks

These attacks make the system unavailable for customers, often by overloading the service with spurious requests. These attacks flood the network with useless traffic resulting in an inability to serve customers. Such attacks can crash the system in extreme cases, or just make the system extremely slow and thus unusable by customers.

Buffer Overrun Exploits

If a program does not check buffer limits when reading and receiving data, this opening can be exploited to add arbitrary data into a program or file system. When run, this data can give the intruder root access to your system.

Snooping and Replay Attacks

Snooping attacks involve an intruder listening to traffic between two machines on your network. If traffic includes passing unencrypted passwords, an unauthorized individual can potentially access your network and read confidential data.

IP Spoofing

In a spoofing attack, the intruder listening to your network traffic finds the IP address of a trusted host and sends messages indicating that the message is coming from that trusted host.

Internal Exposure

Many network break-ins are the result of a malicious or disgruntled present or former employee misusing access to information or breaking into your network.