Level 3

Basic principles of the network security in IP environment

Nowadays, LAN can be attacked both from outside or inside. A basic IP security is set up in order to counter these attacks:

• The external attacks always exploit security flaws in internal applications which are FTP and web servers, file sharing or some security tools bad or not exploited.
• The internal attacks on a network coming from problems/virus imported either from port 80 (web) or cd-rom, DVD, web mail, USB key, FTP servers...

Security is setting up with the installation of a router linked to a firewall and with the control of the process or the server's applications (daemons).

A router defines the rout, access way between the outside world and a daemon (applications server). The router manages incoming and outgoing flows.
Outgoing flows: the transmitter IP address is translated by the router: Network AddressTranslator (NAT) overload translates all the outgoing and incoming flows which answer an internal request.
Incoming flow: Static translation table in the router : Port Address Translation (PAT)

A firewall defines the access control rules to the applications (permit/denied):
• either exhaustive list of authorized transmitters,
• or the whole world has access to the FTP or web server...
The firewall has two network interfaces: external with a public IP address and internal with a private IP address.
In fact, an IP address will never access a PC or a server if it is not identified by the firewall.

Application server (daemons):
• daemons validate requests from outside world and inside.
• filtering address etc.
If there is no listening applications (daemons), there is indeed no network security problem. The risks we could meet are due to voluntary or unvoluntary open applications.

What is the risk even if the router, the firewall and the applications are correctly set up: identity usurpation