Securing your IP network future

W ith IP now the protocol of choice for Windows NT customers and soon to be the default protocol for NetWare shops, there are a few things you might want to know about IP security.

While IP has a lot going for it, networks based on the technology are favorite targets for intruders.

Sure, most network and desktop operating systems can inform net managers if an unauthorized user tries to gain access. But the bigger security picture is detailed in a new white paper from Thomas Ptacek and Timothy Newsham of Secure Networks, in Calgary, Alberta.

The paper is called "Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection" and is available for viewing at www.secnet.com/papers.

The white paper states that it's no longer intruders, but intrusions, that we need to guard against. The authors go on to define intrusions as any unauthorized usage or misuse of a computer system.

Ptacek and Newsham note that it is difficult to come up with a definition for intrusions based on descriptions put forth by intrusion detection system vendors. These companies tend to define only those attacks that their specific product guards against as intrusions.

As a result, the white paper settles on the Stuart Staniford-Chens Common Intrusion Detection Framework (http://seclab.cs.ucdavis.edu). The definition was developed at the Defense Advanced Research Projects Agency's Information Technology Office as a basis for documenting the lengthy list of attacks that can be termed intrusions.

If reading that far into the white paper isn't enough to give you nightmares, read on about Ptacek and Newsham's evaluation of available intrusion detection systems. The authors concluded the following: "Our tests revealed serious flaws in each system we examined."

The paper ends by stating, "The number of attacks against network ID systems, and the relative simplicity of the problems that were actually demonstrated to be exploitable on the commercial systems we tested, indicates to us that network intrusion detection is not a mature technology. More research and testing needs to occur before network intrusion detection can be looked to as a reliable component in a security system."

So even if you're running IPX or NETBEUI as your network protocol, odds are you'll need to use or incorporate IP sooner or later. Knowing some of the risks you'll face should enable you to build as secure a system as possible.

Kearns, a former network administrator, is a freelance writer and consultant in Austin, Texas. He is also author of the twice-weekly Network World Fusion Focus: Windows NT. He can be reached at wired@vquill.com.