6.7 Heterogenous networks

Description

A local network is composed of wiring (i.e. cables and connecting elements, which are passive network components) as well as active network coupling components. Generally, various types of cable and active network components can be integrated into a LAN. Active network components require a separate power supply. Such components include repeaters, bridges, switches, routers, gateways etc. Passive network components do not require a separate power supply. Such components include cables, distributor cabinets, patch fields and plug connectors.

Cabling is discussed in detail in Chapter 4.2, while Chapters 5 and 6 deal with application-related periphery. Consequently, this module focuses on the active network components, the topology underlying them, their configuration, criteria for choosing suitable components, the selection of communication protocols and the related network management. Only LAN technologies, e.g. Ethernet, Token Ring and FDDI network protocols and the related network components such as bridges, switches and routers are considered here. These technologies can also be used in MANs. However, integration into WANs is not discussed here; this information is provided in Chapter 7.3 "Firewalls".

If a LAN is to be protected adequately from the perspective of IT baseline protection, a reference to this chapter alone is not sufficient. In addition to the active network components and network management software, a treatment of the physical wiring and of the server systems present in the network is also required. For this reason, it is absolutely necessary to refer to the above-mentioned chapters as well. This chapter provides guidelines on how to analyse a heterogeneous network and use this analysis as a basis for realising and operating such a network from the perspective of IT security. Consequently, this chapter is intended for organisational departments responsible for operating networks and in possession of the corresponding technical know-how.

Threat Scenario

The following typical threats are assumed as regards IT baseline protection of a heterogeneous network:

Force Majeure:

• T 1.1 Loss of personnel
• T 1.2 Failure of the IT system
• T 1.3 Lightning
• T 1.4 Fire
• T 1.5 Water
• T 1.7 Inadmissible temperature and humidity
• T 1.8 Dust, soiling

Organisational Shortcomings:

• T 2.7 Unauthorised use of rights
• T 2.9 Poor adjustment to changes in the use of IT
• T 2.22 Lack of evaluation of auditing data
• T 2.27 Lack of, or inadequate, documentation
• T 2.32 Inadequate line bandwidth
• T 2.44 Incompatible active and passive network components
• T 2.45 Conceptual deficiencies of a network
• T 2.46 Exceeding the maximum allowed cable/bus length or ring size

Human Failure:

• T 3.2 Negligent destroying of equipment or data
• T 3.3 Non-compliance with IT security measures
• T 3.5 Inadvertent damaging of cables
• T 3.6 Hazards posed by cleaning staff or outside staff
• T 3.8 Improper use of the IT system
• T 3.9 Improper IT system administration
• T 3.28 Inadequate configuration of active network components
• T 3.29 Lack of, or unsuitable segmentation

Technical Failure:

• T 4.1 Disruption of power supply
• T 4.6 Voltage variations / overvoltage / undervoltage
• T 4.8 Discovery of software vulnerabilities
• T 4.31 Failure or malfunction of a network component

Deliberate Acts:

• T 5.1 Manipulation/destruction of IT equipment or accessories
• T 5.2 Manipulation of data or software
• T 5.4 Theft
• T 5.5 Vandalism
• T 5.6 Attack
• T 5.7 Interception of lines
• T 5.8 Manipulation of lines
• T 5.9 Unauthorised use of IT systems
• T 5.18 Systematic trying-out of passwords
• T 5.28 Denial of services
• T 5.66 Unauthorised connection of IT systems to a network
• T 5.67 Unauthorised execution of network management functions
• T 5.68 Unauthorised access to active network components

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.
Here, it must be pointed out once again that adequate protection of a LAN from the perspective of IT baseline protection can only be ensured if the packages of safeguards described in Chapter 4.2 Cabling, Chapter 6.1 Server-based networks and, if applicable, additional measures related to the operating-system in use and Chapter 6.8 Network and system management are also implemented.
Furthermore, the active network components should be installed in rooms intended to accommodate technical infrastructure (e.g. distributor rooms), this means that the safeguards described in Chapter 4.3.4 Technical infrastructure rooms also need to be taken into account.
The network administrator's workstation also requires special protection. In addition to the safeguards described in Chapter 4.3.1 Offices, rules pertaining to the operating system in use must also be specified here (refer to Chapter 6).
Secure operation of a heterogeneous network requires the implementation of a number of measures, beginning with an analysis of the existing network environment, followed by the development of a network management concept, and leading to the actual operation of a heterogeneous network. The steps and measures involved are described below:

1. Analysis of the existing network environment (refer to S 2.139 Survey of the existing network environment and S 2.140 Analysis of the existing network environment)

• Survey of load factors and analysis of traffic flow
• Determination of network bottlenecks
• Identification of critical areas

2. Conception

• Conception of a network (refer to S 2.141 Development of a network concept, S 2.142 Development of a network realisation plan and S 5.60 Selection of a suitable backbone technology)
• Conception of a network management (refer to S 2.143 Development of a network management concept and S 2.144 Selection of a suitable network management protocol)

3. Reliable operation of a network

• Segmentation of a network (refer to S 5.61 Suitable physical segmentation and S 5.62 Suitable logical segmentation)
• Use of a network management software package (refer to S 2.145 Requirements for a network management tool and S 2.146 Reliable operation of a network management system)
• Auditing of a network (refer to S 4.81 Auditing and logging of activities in a network and S 2.64 Checking the log files)

4. Contingency planning

• Redundant arrangement of network components (refer to S 6.53 Redundant arrangement of network components)
• Backup of configuration files (refer to S 6.52 Regular backup of configuration data of active network components and S 6.22 Sporadic checks of the restorability of backups)

The complete package of safeguards for the area of heterogeneous networks is presented in the following; this package includes measures of a fundamental nature which need to be noted in addition to the measures described above.

Infrastructure:

• S 1.25 (1) Overvoltage protection
• S 1.27 (2) Air conditioning
• S 1.28 (1) Local uninterruptable power supply (ups)
• S 1.29 (3) Adequate siting of an IT system (optional)
• S 1.32 (1) Adequate siting of the consoles, devices with exchangeable data media, and printers

Organisation:

• S 2.4 (2) Maintenance/repair regulations
• S 2.22 (2) Escrow of passwords
• S 2.25 (1) Documentation on the system configuration
• S 2.26 (1) Designation of an administrator and his deputy
• S 2.34 (1) Documentation on changes made to an existing IT system
• S 2.35 (1) Obtaining information on security weaknesses of the system
• S 2.38 (2) Division of administrator roles in PC networks
• S 2.64 (2) Checking the log files
• S 2.139 (1) Survey of the existing network environment
• S 2.140 (1) Analysis of the existing network environment (optional)
• S 2.141 (1) Development of a network concept
• S 2.142 (1) Development of a network realisation plan
• S 2.143 (1) Development of a network management concept
• S 2.144 (1) Selection of a suitable network management protocol
• S 2.145 (2) Requirements for a network management tool
• S 2.146 (1) Secure operation of a network management system

Personnel:

• S 3.4 (1) Training before actual use of a program
• S 3.5 (1) Education on IT security measures
• S 3.10 (1) Selection of a trustworthy administrator and his substitute
• S 3.11 (1) Training of maintenance and administration staff

Hardware/Software:

• S 4.7 (1) Change of preset passwords
• S 4.15 (2) Secure log-in
• S 4.24 (1) Ensuring consistent system management
• S 4.79 (1) Secure access mechanisms for local administration
• S 4.80 (1) Secure access mechanisms for remote administration
• S 4.81 (2) Auditing and logging of activities in a network
• S 4.82 (1) Secure configuration of active network components
• S 4.83 (3) Updating / upgrading of software and hardware in network components

Communications:

• S 5.2 (1) Selection of an appropriate network topography
• S 5.7 (1) Network management
• S 5.12 (2) Setting up an additional network administrator
• S 5.13 (1) Appropriate use of equipment for network coupling
• S 5.60 (1) Selection of a suitable backbone technology
• S 5.61 (1) Suitable physical segmentation
• S 5.62 (1) Suitable logical segmentation (optional)

Contingency Planning:

• S 6.22 (2) Sporadic checks of the restorability of backups
• S 6.52 (1) Regular backup of configuration data of active network components
• S 6.53 (1) Redundant arrangement of network components
• S 6.54 (3) Procedures in case of a loss of network integrity

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000