Home arrow Security arrow Page 2 - Network Security Assessment

IP: The Foundation of the Internet - Security

If you want to run a business with a website, security must be high on your list of important matters to get right up front. In this article, you will learn about Internet-based network security assessment and penetration testing, which can help you determine your website's risk of being successfully attacked -- and what to do to fix any problems. It is taken from chapter one of the book Network Security Assessment by Chris McNab (O'Reilly, 2004; ISBN: 059600611X).

TABLE OF CONTENTS:
  1. Network Security Assessment
  2. IP: The Foundation of the Internet
  3. Assessment Service Definitions
  4. Internet Host and Network Enumeration
  5. Investigation of Vulnerabilities
  6. The Cyclic Assessment Approach
By: O'Reilly Media
Rating: starstarstarstarstar / 12
May 19, 2005

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

The Internet Protocol Version 4 (IPv4) is the networking protocol suite all public Internet sites currently use to communicate and transmit data to one another. From a network security assessment methodology standpoint, this book comprehensively discusses the steps that should be taken during the security assessment of any IPv4 network.

IPv6 is an improved protocol that is gaining popularity among academic networks. IPv6 offers a 128-bit network space (3.4 x 1038 addresses) as opposed to the 32-bit space of IPv4 (only 4 billion addresses) that allows a massive number of devices to have publicly routable addresses. Eventually, the entire Internet will migrate across to IPv6, and every electronic device in your home will have an address.

Due to the large size of the Internet and sheer number of security issues and vulnerabilities publicized, opportunistic attackers (commonly referred to as script kiddies) will continue to scour the public IP address space seeking vulnerable hosts. The combination of new vulnerabilities being disclosed on a daily basis, along with the adoption of IPv6, ensures that opportunistic attackers will always be able to compromise a certain percentage of Internet networks.

Classifying Internet-Based Attackers

The first type of threat that all publicly accessible networks are at risk from is that posed by opportunistic attackers. These attackers use auto-rooting scripts and network scanning tools to find and compromise vulnerable Internet hosts. Most opportunistic attackers fall into two distinct groups:

  • Those who compromise hosts for denial-of-service and flooding purposes

  • Those who compromise hosts through which attacks can be bounced (including port scans, breaking into other hosts, or sending spam email)

The second type of threat is that posed by determined attackers. A determined attacker will exhaustively probe every point of entry into a target network from the Internet, port scanning each and every IP address and assessing each and every network service in depth. Even if the determined attacker canít compromise the target network on his first attempt, he will be aware of areas of weakness. Detailed knowledge of a siteís operating systems and network services allows the determined attacker to compromise the network upon the release of new exploit scripts in the future.

In light of this, the networks that are most at risk are those with sizeable numbers of publicly accessible hosts. Having many entry points into a network multiplies the exploitable vulnerabilities that exist at different levels; managing these risks becomes an increasingly difficult task as networks grow.



 
 
>>> More Security Articles          >>> More By O'Reilly Media
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

SECURITY ARTICLES

- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- Whatís behind the curtain? Part II

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: