Page 414 - StudyBook.pdf
P. 414
398 Chapter 6 • Infrastructure Security: Devices and Media
files, or access network applications.As such, they are considered one of the most
critical aspects of the network infrastructure and it is critical that they be as secure
as possible.
Typically, people attacking a network use the information gathered from net-
work devices, workstations, or data flowing across the LAN to compromise the
security of the servers.There are other reasons for breaking into a network, such as
setting up additional sites for performing a DDoS attack, but accessing the servers is
usually the goal.
Since this is the primary storage location for data on a network, this is where
attackers will be able to obtain the most data or cause the most damage. It can be
said that these systems are the final goal of most attacks upon a network.
Most servers in a properly secured network are behind one or more firewalls
and have several layers of protection between them and the outside world.
Protecting these systems also includes physical security.There can be all the net-
work security in the world, but it will not help when an attacker walks into a
building and starts typing at the server’s local console. Some systems, such as Web
servers, will always be more vulnerable due to their accessibility from the outside.
Systems in a DMZ are less protected than those on a normal LAN.
Some of the same vulnerabilities that apply to workstations also apply to
servers.The OS or application software may contain bugs or security vulnerabilities
that allow the system to be compromised. In addition, some viruses are able to
infect remote file shares; therefore, it is important to make sure that virus scanning
is implemented on all of the servers.This especially applies to e-mail servers where
an e-mail virus can be removed before it makes it to the end user’s e-mail box.
Keeping OS and application software up-to-date with security patches is critical to
minimizing the vulnerability of servers. Security professionals should always keep
abreast of new bugs or vulnerabilities in the applications running on their network,
and be ready to implement workarounds or fixes as soon as they are available.
It is always a good idea to make sure that the servers are as secure as possible
from outside attack, but it is not wise to forget the possibility of attack from the
inside.There are many cases where confidential data has been leaked from compa-
nies due to poor security on their servers and an irate employee. It is important to
make sure that the most restrictive access control possible is applied to the user’s
accounts. Users should always have access to the data or services necessary to per-
form their job functions, but no more than that.This goes back to the fundamental
security concept of deny by default. It is always easier to grant a user access to data
than it is to clean up the mess when a user has access to something that they
should not have.
www.syngress.com
