Network Security Assessment - IP: The Foundation of the Internet (
Page 2 of 6 )
The Internet Protocol Version 4 (IPv4) is the networking protocol suite all public Internet sites currently use to communicate and transmit data to one another. From a network security assessment methodology standpoint, this book comprehensively discusses the steps that should be taken during the security assessment of any IPv4 network.
IPv6 is an improved protocol that is gaining popularity among academic networks. IPv6 offers a 128-bit network space (3.4 x 1038 addresses) as opposed to the 32-bit space of IPv4 (only 4 billion addresses) that allows a massive number of devices to have publicly routable addresses. Eventually, the entire Internet will migrate across to IPv6, and every electronic device in your home will have an address.
Due to the large size of the Internet and sheer number of security issues and vulnerabilities publicized, opportunistic attackers (commonly referred to as script kiddies) will continue to scour the public IP address space seeking vulnerable hosts. The combination of new vulnerabilities being disclosed on a daily basis, along with the adoption of IPv6, ensures that opportunistic attackers will always be able to compromise a certain percentage of Internet networks.
Classifying Internet-Based Attackers
The first type of threat that all publicly accessible networks are at risk from is that posed by opportunistic attackers. These attackers use auto-rooting scripts and network scanning tools to find and compromise vulnerable Internet hosts. Most opportunistic attackers fall into two distinct groups:
- Those who compromise hosts for denial-of-service and flooding purposes
- Those who compromise hosts through which attacks can be bounced (including port scans, breaking into other hosts, or sending spam email)
The second type of threat is that posed by determined attackers. A determined attacker will exhaustively probe every point of entry into a target network from the Internet, port scanning each and every IP address and assessing each and every network service in depth. Even if the determined attacker can’t compromise the target network on his first attempt, he will be aware of areas of weakness. Detailed knowledge of a site’s operating systems and network services allows the determined attacker to compromise the network upon the release of new exploit scripts in the future.
In light of this, the networks that are most at risk are those with sizeable numbers of publicly accessible hosts. Having many entry points into a network multiplies the exploitable vulnerabilities that exist at different levels; managing these risks becomes an increasingly difficult task as networks grow.
