Comment on National Strategy to Secure Cyberspace 14Nov200–
4 pages
English
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

Comment on National Strategy to Secure Cyberspace 14Nov200–

-

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
4 pages
English

Description

From: Engedi Technologies, Inc Sent: Thursday, November 14, 2002 12:15 AM To: 'feedback@cybersecurity.gov' Cc: Jeffrey A. Carley (carley@engedi.net) Subject: Engedi Technologies Feedback to The National Strategy to Secure Cyberspace Draft Comment on The National Strategy to Secure Cyberspace Draft Thank you for this opportunity to provide input into the strategy. Our particular area of interest is in securing remote network management. The strategy paper does not appear to focus significant attention on the need to secure the management of networking equipment distributed throughout the network infrastructure. The ability to remotely manage the devices and circuits that make up the corporate and public networks is critical for the security and reliability of those networks. There are a number of factors that make the ability to remotely manage the network elements essential to network operations. Managing these devices remotely without, in most cases, the need to dispatch a technician: • Increases network security (when the management communications is secure); • Increases network reliability and dependability; • Reduces operating costs; • Increases the skill levels of engineers and technicians available to manage devices; • Increases responsiveness to threats, outages, and new requirements; and • Increases the adaptability of the network to new environments, situations, and events. Many of these improvements are achieved ...

Sujets

Informations

Publié par
Nombre de lectures 19
Langue English

Exrait

From:
Engedi Technologies, Inc
Sent:
Thursday, November 14, 2002 12:15 AM
To:
'feedback@cybersecurity.gov'
Cc:
Jeffrey A. Carley (carley@engedi.net)
Subject:
Engedi Technologies Feedback to The National Strategy to Secure Cyberspace Draft
Comment on The National Strategy to Secure Cyberspace Draft
Thank you for this opportunity to provide input into the strategy. Our particular area of
interest is in securing remote network management. The strategy paper does not appear
to focus significant attention on the need to secure the management of networking
equipment distributed throughout the network infrastructure.
The ability to remotely manage the devices and circuits that make up the corporate and
public networks is critical for the security and reliability of those networks. There are a
number of factors that make the ability to remotely manage the network elements
essential to network operations. Managing these devices remotely without, in most cases,
the need to dispatch a technician:
Increases network security (when the management communications is secure);
Increases network reliability and dependability;
Reduces operating costs;
Increases the skill levels of engineers and technicians available to manage
devices;
Increases responsiveness to threats, outages, and new requirements; and
Increases the adaptability of the network to new environments, situations, and
events.
Many of these improvements are achieved by allowing a skilled technician or
management software to access the device from a remote location to perform
maintenance, monitoring, problem determination, and remediation. Due to the greater
economic feasibility of performing these activities from a remote location the software
and configurations are kept more current allowing for known vulnerabilities to be
corrected more quickly and new safeguards to be incorporated sooner. Also, an outage or
attack will be detected more quickly with remote management and a remote administrator
can respond without the time delay or cost required to travel to the site.
However, more focus needs to be placed on securing the information that is
communicated between a device and a remote administrator than is common practice in
the industry today. More often than not, this information is communicated in clear text
and is vulnerable to a variety of attacks. Often, telnet is still utilized for command line
access to the device and monitoring is performed using insecure versions of SNMP. The
information that travels over these insecure channels can be very sensitive including
administrative level passwords, device and configuration information, and performance
information.
This information may flow over an internal network or it may flow over a public
network. While allowing this information to travel unprotected over a public network is
obviously a grave security risk, allowing this information to travel on an internal network
is also a risk that should be closely scrutinized. Much of this information should only be
available to network administrators with a need to know. It needs to be protected on the
internal network as well. Solutions need to be developed to protect this information in all
environments.
While keeping the management information on an internal network can offer some
additional security and cost savings over utilizing a public network such as the PSTN or
the Internet, there are some strong advantages to having an out-of-band network
management connection available. Recommendation R4-2 and Discussion D4-2 indicate
the need for out-of-band management, but the strategy does not provide any verbiage in
support of this. There is also no indication that this out-of-band management connection
needs to be carefully secured, especially if it travels on a public network. Securing this
information should be part of the strategy.
Some of the reasons an out-of-band connection can be important include:
Some operations can only be performed over an out-of-band connection such as
password recovery on a Cisco router;
Some network or facility failures can impact the internal network connection.
Access to the device by some other connection is essential for problem
determination and/or remediation. If problem determination can commence in
minutes rather than the hours it might take to dispatch a technician, then the
Mean-Time-To-Repair can often be significantly reduced.
Some attacks, such as denial-of-service attacks, can reduce or eliminate the
remote administrator’s ability to access the device over the internal network.
Having an out-of-band connection for management can be essential to countering
the attack.
However, since an out-of-band connection is more likely to be over a public network,
even more steps need to be taken to protect the data that travels over that connection.
Some form of secure connection such as SSH or IPSec needs to be utilized over the
public network. Also, since the device might now be connected to a public network
without any firewall or IDS to protect it; strong measures need to be taken to protect that
device from possible attacks over the public network such as restricting this connection to
only those services needed for network management, filtering on allowable source
addresses or phone numbers, and strong authentication of the remote administrator by the
managed device.
Recommendation R4-2 refers to more secure router technology.
However, with the
continuing increase in connection speeds and advances in hardware, the demarcation
between switching, routing, and transport level connections are not as clear as it once
was.
It appears that R4-2 is meant to address the network infrastructure and the
management of said infrastructure.
Our recommendation is that this should include
routers, switches, load balancers, cache engines, firewalls, IDS sensors, WAN switches,
VPN hardware, etc. All of these require greater attention to security in their design and
implementation.
Remote management of these devices is a major area that has not
received the emphasis it needs.
R4-2 can be modified to reflect something more along the lines of:
R4-2 A public-private partnership should perfect and accelerate the adoption of more
secure networking equipment and the management of said equipment.
Securing the
management of the networking equipment includes both protecting the contents of
management connections and securing local and remote access to the networking
equipment for management purposes, including out-of-band access.
For discussion item D4-2 the wording can be more along the line of:
D4-2 How could secure out-of-band management for networking equipment be
implemented over the Internet while also protecting the networking equipment from
attack over that connection, and what are the costs and benefits?
We also believe it would be appropriate to include, under Level 4 in the Securing Shared
Systems section, a subsection discussing remote management of networking equipment.
It would seem to naturally fit after the Vulnerability Remediation subsection on page 41
of the draft. Something along the following lines might be appropriate:
Remote Management
The ability to remotely manage and monitor networking equipment is critical for the
security and reliability of the network. Remote management of the equipment allows for
more cost effective and frequent updating of the software and configuration of the
equipment to eliminate known vulnerabilities while remote monitoring allows for earlier
identification of problems or attacks, and a swifter response. Also, a larger pool of
skilled engineers and technicians are able to maintain the equipment than would be the
case if only local access were allowed. Responses to outages, threats, and attacks can
also be more rapid when the administrator can remotely access the device for problem
determination and remediation or countermeasures. Sensitive information, however, is
often communicated over the connection between the equipment and the remote
administrator including passwords and configuration information. It is therefore essential
to secure the information that is transmitted between the equipment and the remote
administrator. It is also important to restrict access to the administrative functions only to
authorized administrators.
Since the remote administrator may need access to networking equipment at a time when
the network is compromised, the administrator should have a connection to the
equipment that does not depend on the availability of the network. Often this out-of-band
connection will utilize a public network.
When a public network is utilized, it is
important to not only protect the information being transmitted, but also to protect the
networking equipment from unauthorized access or attack over the public network.
The strategic goal is to provide greater reliability and security of the network, and to
enhance the responsiveness of administrators by securing both in-band and out-of-band
remote management of networking equipment. Achieving this goal is possible by:
Providing for in-band and out-of-band connections for administrative access;
Providing strong access controls that protect access to the administrative
functions;
Ensuring that protocols are utilized that protect the information communicated
between the networking equipment and the remote administrator or monitoring
station; and,
Developing methods to protect management interfaces from attack over a
connection to a public network.
Thank you for allowing us the opportunity to provide this feedback.
Kindest regards,
Jeff Carley
CTO Engedi Technologies, Inc.
carley@engedi.net
719-510-5322
  • Accueil Accueil
  • Univers Univers
  • Ebooks Ebooks
  • Livres audio Livres audio
  • Presse Presse
  • BD BD
  • Documents Documents