266
Part II: Gaining Access and Securing the Gateway
A segment is a subset of machines on the same subnet. Routers are used to partition networks into subnets. Hence, they also form borders between segments in a network. Unlike bridges and switches, which do not interact with software on other devices, routers interact with network layer software on the devices in the network. Machines on different subnets are always part of different segments. Segments are divisions within subnets, although many subnets consist of a single segment in many networks. Dividing a network into subnets with routers is a more radical solution to the sniffing problem than dividing subnets into segments. However, as you will see in a later section, it may help with some spoofing problems. Segmentation of a network is the primary tool one has in fighting sniffing. Ideally, each machine would be on its own segment and its interface would not have access to network data for which it is not the destination. This ideal can be accomplished by using switches instead of hubs to connect to individual machines in a 10BASE-T network. As a matter of practicality and economics, however, one must often find a less ideal solution. Such solutions all involve the notion of trust between machines. Machines that can trust each other can be on the same segment without worry of one machine sniffing at the other’s data.
Understanding Trust Typically, one thinks of trust at the application layer between file servers and clients. Clearly, the file server trusts its clients to authenticate users. However, this notion of trust extends to lower-level network devices as well. For example, at the network layer, routers are trusted to deliver datagrams and correct routing tables to the hosts on their networks. Hosts are trusting of routers and routers are trusted machines. If you extend the concept of trust down to the data link layer one gets to sniffing. A machine sending data considered private on a particular network segment must trust all machines on that network segment. To be worthy of that trust, the machines on the segment and the wiring between them must have sufficient physical security (locks on doors, armed guards, and such) to ensure that an attacker cannot install a sniffer on that segment. The threat of sniffing comes from someone installing sniffing software on a machine normally on the network, someone taking a sniffer into a room and jacking it into the network connections available there, or even installing an unauthorized network connection to sniff. To counter these options, you must rely on the security of the operating system itself to prevent the execution of unauthorized sniffing, the personal trustworthiness of the people who have access to the rooms in which network components are located, and physical security to prevent untrustworthy people from gaining access to these rooms.
Hardware Barriers To create trustworthy segments, you must set up barriers between secure segments and insecure segments. All of the machines on a segment must mutually trust each other with the data traveling on the segment. An example of such a segment would be a segment that does not extend outside the machine room of a computing facility. All machines are under the
p1vPHCP/nhb1
Internet Security Pro Ref 577-7 Gina 1-27-96 CH06 LP#3