Handbook of Information Security Management:Computer Architecture and System Security

Previous Table of Contents Next


The configuration of a particular LAN server, and the personal computer clients that it serves, may have been tweaked and fine-tuned over a long period of time. It is seldom possible to simply take the server backup tapes, load them onto a different server, and bring up the system. There are simply too many variables. There are some steps you can take to minimize these problems:

1.  Carefully document the current LAN hardware and software, including all configuration settings.
2.  Use “standard” equipment and configurations wherever possible.
3.  Document the minimum configuration required to restore essential data and services on a replacement LAN.
4.  Use server-mirroring, fault-tolerant hardware, and redundant disk arrays.

SECURE REMOTE ACCESS AND INTERNET CONNECTION

One of the most revolutionary, and largely unforeseen, implications of personal computer technology has been the emergence of the home office and the mobile worker. Invariably, users who are on the road need to call home, and so do their computers. Laptops like to link up with head office systems to update data bases and download E-mail. A growing army of work-at-home telecommuters need some sort of remote access to their employer’s systems. The technology with which to create these connections has been around for some time, and so has the subtle art of subverting it for nefarious purposes, or mere curiosity.

It might be hard to understand, but some people get a genuine thrill simply being “in” someone else’s computer system. Remote access points are still a popular way of getting in. (Given the number of frustrating hurdles that you sometimes have to clear in order to establish a legitimate connection, it might be hard to imagine someone doing this for fun; however, at that precise moment when you finally get your own E-mail after hours of dropped connections and redials, it is possible to sense something of the kick you get from hacking into someone else’s system.)

Recent publicity about computer break-ins over the Internet has tended to overshadow hacking in through remote access points such as those provided for telecommuters, maintenance people, and field staff. However, this form of penetration is still used. Typically, it starts with a war dialer, a piece of software running on a modem-equipped PC, which automatically calls all of the phone numbers in a certain range, such as 345-0000, 345-0001 to 347-9999. The software records which numbers are answered by a modem. This gives the hacker a list of numbers worth testing for further access.

One technique that can reduce the risk of being found by such a technique is to set your modem to answer only after four or five rings — since the default operation of war dialers is geared toward speed, they may not linger that long at unanswered numbers. Of course, there are less technically sophisticated ways of getting phone numbers for computers, such as downloading lists of such numbers that are routinely shared on hacker bulletin boards, or digging through company trash for discarded phone directories.

Technically speaking you have several options for remote access. The most basic is a modem on your desktop machine which answers calls from the modem on your laptop. With “remote control” software running at both ends, the laptop user can operate the desktop machine as though seated at it. This remote control technology was popular early on in PC development since it kept to a minimum the data that needed to be sent over the phone at slow modem speeds. Later, when desktop machines were networked, the remote laptop user was able to control the desktop machine while it was logged into the network, thus giving network access.

With faster modems it became possible to log a remote caller directly into the network as a remote node. In other words, the laptop becomes a workstation on the network. This is typically more convenient for the user, but it may be more expensive since the laptop needs to have its own licensed copy of the networked applications (instead of borrowing them from the desktop). However, network managers have tended to prefer remote node access because it is easier to manage, and this in turn provides security benefits. The remote machine has to prove its identity to the more demanding network server, rather than a mere desktop workstation.


Previous Table of Contents Next



The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.