Back
to the topNetwork security is a contradiction in terms, like the classic references to Jumbo Shrimp and Military Intelligence. True security can only be achieved when the information is isolated, locked in a safe, surrounded by guards, dogs and fences, and rendered inaccessible. Some would argue that even then, there is not absolute security. It simply is not possible, therefore, to render a network system completely secure, and any reader who wishes to understand and apply the principles of security to the Internet or any other network, must first understand and accept this basic tenet in order to be successful. In spite of this, managers of network systems must strive to attain this unreachable goal simultaneously.
The reason behind this often frustrating dilemma lies in the motivations for the development of networks. Networks were created as a remedy to the problem of data isolation in the early days of computing. "Islands of Automation" were a hindrance to conducting business successfully because critical information required by one "island" could not be accessed by others. Networks became the communication bridges by which these islands could be integrated. Since security and privacy are the antithesis of sharing and distribution, network security must become a balance between providing appropriate access to those who need the information and safeguarding that information by denying access to those not authorized. This is all done while assuming some level of risk which is appropriate to the sensitivity of the information being guarded.
This is not intended to imply that network security is not necessary, nor that management should not strive for it. On the contrary, the explosion of information across the networks in this country and in the world has raised the specter of corporate espionage to new heights. Corporations today know that in the information age, information is power and those organizations which control their information appropriately can gain competitive advantage: those who do not are vulnerable to losing valuable trade secrets to competitive spies.
Equally dangerous is the possibility of loss of information or compromising that information due to acts of sabotage, such as from disgruntled employees. As our employees become more mobile, and as they demand more information while they are on the road, the vulnerabilities of compromised information become more severe by an enterprise's own employees.
Within this perplexing situation, managers must navigate between the risks of losing information so necessary to the enterprise's operation and the costs and constraints associated with an overly aggressive security solution.
This primer is intended to help management successfully navigate this course by providing an overview of security principles and the technologies which are appropriate for securing networks today.
A good place to begin is by defining the basic concepts involved in securing any object. The key words in the security lexicon are vulnerability, threat, attack, and countermeasure. An examination of each follows.
Vulnerability is the susceptibility of a situation to being compromised. It is a potential, a possibility, a weakness, an opening. A vulnerability in and of itself may or may not pose a serious problem, depending on what tools are available to exploit that weakness. The classic definition of vulnerability comes to us from Greek Mythology, with the story of Achilles, whose heel represented his greatest vulnerability.
A threat is an action or tool which can exploit and expose a vulnerability and therefore compromise the integrity of a given system. Not all threats are equal in terms of their ability to expose and exploit the vulnerability. For example, the Microsoft Concept virus exploits a vulnerability in Word Macros allowing access to the users' file system, but the virus itself is relatively benign. Other similar viruses could do a lot more damage.
An attack defines the details of how a particular threat could be used to exploit a vulnerability. It is entirely possible that situations could exist where vulnerabilities are known and threats are developed, but no reasonable attack can be conceived to use the specific threat upon a vulnerability of the system. An example of an attack is a Trojan Horse attack, where a destructive tool such as a virus is packaged within a seemingly desirable object, like a piece of free software.
Countermeasures are those actions taken to protect systems from attacks which threaten specific vulnerabilities. Achilles covered his heel with a protective metal plate as a countermeasure to potential attacks to his one vulnerability. In the network security world, countermeasures consist of tools such as virus detection and cleansing, packet filtering, password authentication, and encryption.
Any security scheme must identify vulnerabilities and threats, anticipate potential attacks, assess whether they are likely to succeed or not, assess what the potential damage might be from successful attacks, and then implement countermeasures against those defined attacks which are deemed to be significant enough to counter. Therefore, we can see that security is all about identifying and managing risk, and that security is a very relative concept which must be tailored to the needs, budget, and culture of each organization. For example, a Trojan Horse attack on one organization could succeed easily and compromise extremely important information. The same attack on another organization would only result in minimal damage, perhaps because there is no sensitive data available on that particular system. Furthermore, companies have personalities just as people do, and therefore, some companies are willing to live with more risk than others. In each of these organizations, different security schemes will be employed with different countermeasures to suit their specific situations.
As we will discuss later, management must consider all of these factors in defining a security strategy. Management must also consider the cost of protecting against all possible attacks. Security costs money, and each organization must determine how much it will cost to institute appropriate countermeasures. Only then can an organization truly determine which of the possible spectrum of attacks should be defended, and which should be ignored.
In any organization, there are a number of generic security threats which must be dealt with. These include the theft of information, the compromising or corruption of information, loss of confidentiality, and the disruption of service.
One of the major threats which companies are dealing with is the introduction of malicious programs over the network. The term "computer virus" has been used loosely to categorize these attacks which come in Trojan Horses, worms, and logic bombs as well as true viruses.
A Trojan Horse is a program that conceals harmful code. It usually disguises itself as an attractive or useful program which lures users to execute it, and in doing so, damages the user's system. For example, a posting in the US Department of Energy Computer Advisory Capability page lists a known Trojan Horse in a program called AOL4FREE. While the title suggests that this program will allow you to participate in AOL without any costs, running the program will delete all of the files on your hard disk. The program hidden in the Trojan Horse can be one which causes malicious damage, or one which performs some espionage for the attacker, such as stealing the password file from the computer it invades.
A logic bomb is code that checks for certain conditions and when these conditions are met, it "detonates" to do its damage. Sometimes, like the Magellan virus, the trigger logic is a date, but it can be any given set of parameters, including a person's name, a bank account number, or some combination of events and parameters.
A worm is a self contained program which replicates itself across the network and therefore multiplies its damage by infecting many different nodes.
A virus is code which plants a version of itself in any program it can modify. The Microsoft Concept virus is a good example: once it has "infected" Microsoft Word, all subsequent documents which are opened by the user may only be saved as template files. In all other respects, Microsoft Word continues to operate normally.
It should be noted that these are not mutually exclusive threats. A logic bomb could plant a virus under the specified conditions, as could a Trojan Horse deliver a worm.
Furthermore, each of these threats could have different or multiple missions, such as the theft of data, the compromising of confidentiality, integrity or availability, or the disruption of service to the organization.
In addition to planting computer programs which could create these effects, there are also threats which involve the theft or compromise of information while it is in transit between endpoints of a network. One such example is called Snooping, in which an attacker simply eavesdrops on electronic communications.
These are the classes of threats that today's network managers must deal with, and that senior management must be aware of, since they will play a major part in determining the appropriate and tolerable cost of security to counteract these potential threats.
Given the above scenario, a reasonable question at this point might be: "What tools are available today to help mitigate the consequences of these security threats on the network?" The good news is that there are multiple technologies which can be brought to bear on the issues, and they are impressively effective.
The bad news is that no amount of technology can overcome a poorly planned, poorly implemented or nonexistent security policy. Consider the following story witnessed by a poster on a security newsgroup on the Internet: A customer being waited on at a public service agency (say a Registry of Motor Vehicles) requires some information from the clerk who in turn needs to access that information from a workstation centrally located in the area behind the window. Sitting at the workstation, the clerk yells to a co-worker "Mary, is the password still ?"
Again, the security of any information in any organization today is primarily dependent on the quality of the security policy and the processes by which that organization imposes on itself. If the security procedures are lax, are not enforced uniformly, and allow gaping security holes to exist, no amount of technology will restore the security breaches. Organizations that are concerned about security on the Internet should ask themselves a few of the following questions before worrying about encryption, packet filtering, proxy servers, and other related technology solutions.
It should be self evident at this point that the primary need for any organization is to get its own house in order, identify its security needs based on the types of information with which it deals and develop a security policy and plan before committing to technology. Following are some elements of a good security plan.
A primary tool in securing any computer system is the ability to recognize and verify the identity of users. This security feature is known as authentication. Traditionally, special names and secret passwords have been used to authenticate users, but as the anecdote above demonstrates, the password is only as good as the users' ability to keep it secret and protect it from being abused by unauthorized users.
There are three generally accepted techniques for authenticating users to host machines.
1. Authentication by something the user knows. This is the password/username concept described above. There are two common approaches to password authentication, known as PAP and CHAP. PAP, which stands for Password Authentication Protocol, simply asks the requester to provide a "secret" password, and if the password provided is included in the user profiles, the requester is given access. CHAP (Challenge Handshake Authentication Protocol) takes the concept one step further by challenging the requester to encrypt a response to the challenge message. This, in effect, acts as a different password for each entry. Often, the CHAP mechanism is combined with an encrypting smart card, which uses an encryption key to encode the challenge message. Only if the challenge message is correct will the requester be granted access to the system.
2. Authentication by something the user has. In this technique, the user is given some kind of token, such as a magnetic stripe card, key, or in sophisticated cases such as the remote access standard RADIUS discussed later, the user has a smart card equipped with a computer chip which can generate an encrypted code back to the computer system.
3. Authentication by physical characteristics. Here, the mechanism is to recognize some measure of the individual which ostensibly cannot be duplicated. Biometric techniques such as fingerprint ID, palm print ID, retinal scan, manual and digital signature, or voice recognition are used to validate the identity of the potential user.
Authentication is also necessary when two computers communicate with each other. For example, what should my host computer do when another computer asks to have a disk mounted which contains all of my organization's personnel data? How do I know that the requesting computer has a legitimate reason to access that information, and that it is not some external network hacker trying to steal information from my organization? In order to prevent such events, the Internet Engineering Task Force (IETF) has formed a working group by the name of IPSec (Internet Protocol Security). Additionally, there are a number of de facto standards - those which are developed by companies rather than by official committees, but which enjoy widespread acceptance. While many of these standards are under review and take some time to work their way through the approval process, two are worthy of mention here, IPSec's SKIP (Simple Key Management for Internet Protocol) and Livingston's RADIUS (Remote Authentication Dial In User Service).
SKIP is a technique for providing authentication and encryption security at the IP layer of the Internet architecture. It relies on the existence of an authority in the network which can issue a certificate to known trusted entities within the system. If an entity claiming to be a member of the system requests an action, the receiving computer system can have the requester present an encrypted certification that they are who they say they are. The certificate conforms to one of the methods of authentication, namely, a secret encoding technique and a secret key which are only available to trusted members of the system. The fact that SKIP operates at the very lowest protocol layers of the architecture has the advantage that it will protect all upstream applications as well, by preventing connections between systems which are not authorized. Since potential intruders cannot even establish connections, their ability to do malicious damage is severely restricted.
In the scenario depicted above, the Requesting Entity first gains a certificate by requesting one from the trusted certification authority (1), who validates the trustworthiness of the Requester by granting a certificate (2). Armed with this certificate, the Requester can now petition the host and presents the certificate along with the request of the host (3). The host, upon seeing the certificate will grant the information to the requester (4).
RADIUS is one of the more popular public network authentication protocols. The primary purpose of RADIUS is to offer centralized access control for remote dial-in users. RADIUS simplifies the administration of passwords, user names, profiles for remote users, and other security and accounting related information by placing all of the security in a central server, and issuing challenges to the user.
Virtual Private Networks
The Internet Community is constantly seeking new and better mechanisms to secure the Internet. Today, there are several other relevant proposals for standards which are under review by the Internet Engineering Task Force (IETF). One which is generating some potential interest is the Level 2 Tunneling Protocol (L2TP), which is under review as part of the IPSec group within the IETF. This proposal would establish a set of protocols by which compliant internet components could create their own channel inside the Internet. This channel would be protected by authentication and encryption countermeasures. These would ensure that even though the traffic is being transmitted over the public internet, individual sessions can be established which are private to those members allowed to work within that channel. The technology is known as tunneling because the correspondents are creating a tunnel of sorts through the public packets inhabiting the internet, and exchanging very private communications within them. The concept comes from medieval times, where tunnels were built between fortified towns and castles to allow their inhabitants to move safely between them away from the dangers of the bands of marauders outside their gates.
The use of tunneling technology allows another concept to be implemented: the concept of a Virtual Private Network, or VPN. Companies who want a less expensive alternative to private Wide Area Networks can utilize tunneling within the Internet and develop their own virtual WANs, safe from unwanted intrusions, yet riding on the cost benefits of the Internet mass volumes.
This security concept protects against the sender or receiver denying that they sent or received certain communications. For example, when a person sends a certified or registered letter via the United States Postal Service (USPS), the recipient is supposed to prove his or her identity to the delivery person, and then confirm their receipt by signing a form. The signed form is then returned to the sender, which proves to the sender that their correspondence was delivered. This prevents the recipient (for example a debtor) from claiming that they never received the correspondence (for example a demand note) and therefore using that as an excuse for their actions (not paying the debt). In computer networks, these kinds of services are also available, and are becoming increasingly valuable as commerce on the Internet continues to gain in popularity.
There are three different types of non-repudiation services that are applicable in computer network messaging:
Non-repudiation of Delivery Service is similar to the US Post office certified mail example above. This provides the sender with proof that a message was successfully delivered to the intended recipient. Many e-mail packages offer senders the option to request a return receipt. This return receipt provides the sender with a non-repudiation of delivery service feature - the recipient can't legitimately claim they did not receive the message.
Non-repudiation of Origin of Service provides the recipient with proof of who originated the message and what it contains. For example, according to a usenet posting, America Online (AOL) was victimized by crackers pretending to be AOL employees and requesting passwords and credit card information from subscribers. A recent article in the Los Angeles Times stated that a particular cracker "armed with an AOL hacker program created... [a] fake screen to pass himself off as an AOL employee and steal Knaiger's [the AOL user] password". Non Repudiation of Origin of Service could have foiled this kind of attack if it had been available to AOL subscribers. If it had been available, users could have verified that the crackers were not genuinely AOL employees, and therefore would not have given away their passwords.
Non-repudiation of Submission Service is similar to the concept of non repudiation of delivery. This service offers proof that a given message was in fact sent from a particular sender. If we go back to the US Post Office example, when we mail important papers such as legal documents, it is considered prudent to send them via registered mail. When we do so, we get a receipt from the Postal Service and a special identification number is affixed to the return. Thus, if the recipient does not receive the documents, or contends that it was not sent on time, we have evidence that our submission did occur at a particular time.
Integrity refers to the completeness and fidelity of the message as it passes through the network. The key here is making sure that the data passes from the source to the destination without undetected alteration. Note the use of the word "undetected". We may not be able to thwart someone from tapping out messages and attempting to modify them as they move through the network, but we will be able to detect any attempt at modification and therefore reject the message if such a modification attempt is detectable.
If the order of transmitted data also is ensured, the service is termed connection-oriented integrity. The term anti-replay refers to a minimal form of connection-oriented integrity designed to detect and reject duplicated or very old data units.
Confidentiality is a security property that ensures that data is disclosed only to those authorized to use it, and that it is not disclosed to unauthorized parties. The key point behind ensuring the confidentiality of information on the network is to deny information to anyone who is not specifically authorized to see it or use it. Encryption is a frequently used mechanism for guaranteeing confidentiality, since only those recipients who have access to the decrypting key are able to decode the messages. Confidentiality therefore equates to privacy.
This concept relates to the accepting or rejecting of a particular requester to have access to some service or data in any given system. A service could be a program, a device such as a printer or a file system, and data could be a text file, an image, a collection of files, or any combination of the above. The real question is, what are the risks involved in allowing access to any of the system's services or information to individuals requesting such access? In some cases, such as the advertising Web page of an organization, the answer is that no damage could occur. The objective of such a page is precisely to spread the word about the organization, and therefore access control is not an issue. On the other hand, access control is a major issue if someone requests access to the file which contains the passwords for all of the users of the system.
It is therefore necessary to define a set of access rights, privileges, and authorizations, and assign these to appropriate people within the domain of the system under analysis.
In order to understand better how these security principles can be applied, we need to understand the standard networking architecture and how the specific Internet Architecture fits this model. Then we can see how the security principles we have just discussed apply to that Internet model.
The International Standards Organization (ISO), published an architecture in the early 1980s, whose primary philosophy is that different telecommunications functions should be handled by different standard and open "layers" of the architecture. This so called Open Systems Interconnect (OSI) model is constructed as follows.
The very lowest layer is the physical layer which is responsible for the physical transmission of the data from the computer to the network. Here, there are the electronic circuits and mechanical connectors which define how transmissions are to occur over coaxial ethernet, modems, FDDI or any other medium for transmitting data.
Next is the Data-link layer, which is responsible for the integrity of the bit stream between any two points. Here, there are standards for redundancy checks, parity, retransmission protocols, etc. to ensure that the same sequence of bits sent from point A is received at point B.
The Network layer extends the concepts of the Link layer into multiple networks, which may or may not be compatible. Internetworking also implies that this layer must be aware of different routes available to connect the sender with the recipient.
The Transport Layer ensures that different transmissions, which may be part of a sequence and which may have traversed the network via different paths, are appropriately resequenced at the receiver's site.
The Session Layer manages the connecting and disconnecting of interactions between two computers and how the data is to be exchanged (duplex, simplex, etc.)
Presentation determines what code sets will be used (ASCII, EBCDIC, international character sets, etc.).
Finally, we come to the Applications Layer in which specific applications like FTP, Telnet, e-mail, Archie, and others reside.
The architecture of the OSI model is such that each layer uses services "below" it and provides services to those layers "above" it, giving the appearance of a stack. In fact, the model is known as a protocol stack and other architectures, such as TCP/IP will also follow the stack model.
At this point, the vast majority of people interested in the Internet are familiar with the acronym TCP/IP (Transmission Control Protocol/Internet Protocol), which form the foundation of communications for the net. This section will cover the architectural constructs of the TCP/IP structure and their relationship to the Open Systems Interconnect model.
The Internet uses the concept of packets and packet switching to allow for simultaneous access by millions of people. Transmissions between any two points are broken into smaller transmissions known as packets. By doing this, everyone's messages can be sent in an interleaved fashion so that all users see nearly the same level of performance.
Each connection to the Internet is designated with a unique Internet Address, usually written as four numbers determined by a standard Internet Protocol (IP). Packets are shipped to Internet destinations through routers, which use Transmission Control Protocol, or TCP.
These fundamental layers of the Internet form the backbone upon which data can be sent from one point to another, with integrity.
Applications Layer
Getting data from point A to point B is essential, but it is not enough. It is the equivalent of finding a telephone number in a phone book and being able to establish a telephone connection between the US and a foreign country. The individuals will not be able to communicate unless there is a common language. Similarly, on the Internet, as specified in the OSI model, there are other protocols and tools which are specific to the application layer and which correspond to these telephone analogies.
We can see, therefore, that the Internet layers roughly correspond to the OSI layers, with the exception of session and presentation. This means that Internet applications must handle the tasks generally assigned to session and presentation in the OSI model.
To demonstrate how these layers work, the diagram below shows a PC connected to a Web server over a local ethernet connection.
In this environment, the PC has a coaxial connection for the physical layer, and uses ethernet as the link level control. The PC also will have a TCP/IP software protocol stack, and will likely use Netscape Navigator or Microsoft Explorer as its application software. On the server end, all of the bottom layers are identical, and the application will be the Web server and any custom software written, such as shopping or search engine applications. As mentioned earlier, each layer has its own set of dialogs and its own language in which to conduct those. For the application layer, for example, the language and protocol are contained within HTML commands and responses.
Given the architectures described earlier, where are the vulnerabilities, and specifically, what countermeasures can be taken to thwart potential attacks in this architecture? This section will examine the different tools which are available and where they are intended to be deployed for maximum protection. The placement of these security components will then constitute a Security Architecture for Internet configurations. Note that, as in any architecture, the components are designed with a great deal of flexibility and depending on particular needs of specific situations, the selection of components and their interrelationships may vary significantly.
Over time, two distinct approaches have evolved to applying security countermeasures: networked coupled security and application coupled security. As the names imply, the first philosophy favors the use of securing the network infrastructure, while the second builds security into the applications themselves.
In a Network coupled scheme, the focus is to make the network itself a trusted and secure subsystem so that the applications can assume the data being transmitted is safe, comes from authorized users and is being delivered to the appropriate recipients. If the network itself is secure, then the applications don't have to do anything special to operate in a secure environment - they simply assume that all security functions are being performed by the network itself. This philosophy is very similar to that of the Internet and OSI architectures. Applications which operate in the OSI and Internet environments do not concern themselves with sequencing of packets, validation of IP addresses, etc. The applications assume that the layers below in the supporting protocol stacks have done their job, and therefore the applications can concentrate on the data content. Similarly, in a secure network environment, applications can assume that the security is being handled by the lower levels.
The most significant advantage to network coupled security is that applications do not have to be security aware. Applications which are not security aware can be moved into a secure environment without modification. Less obvious, but equally important, is that the use of a consistent security mechanism within the network allows applications to interoperate from a security standpoint. There is no possibility that different applications will insist on different authentication schemes, key management schemes, etc.
Application Coupled Security
Proponents of this scheme argue that the application knows best what kind of security is required for that application. Therefore, control of the security aspects should rest in the application layer. To these proponents, the need to create security aware applications is not a disadvantage, but rather a natural and reasonable consequence of the need to apply security at that level. Similarly, the potential for interoperability issues is seen as a flexibility advantage to the proponents of application- coupled security, who argue that a "one size fits all" approach in network security is insufficient for the broad range of security requirements.
There is no shortage of technology available to secure an organization's Internet connections. More appropriate questions have to do with which tools to use at which layers to effect the secure communications.
Early on, router manufacturers recognized the key role they could play in this endeavor, and have placed filtering capabilities in their products to establish a primary front line of defense. A router's ability to examine and discriminate network traffic based on the IP packet addresses is known as a "screening router". Some advanced routers provide the capability to screen packets based upon other criteria such as the type of protocol (http, ftp, udp), the source address, and the destination address fields for a particular type of protocol. This way, a communications manager can build "profiles" of users who are allowed access to different applications based on the protocols. Such a case is shown below.
In this same figure, the packet filtering of the screening router is enhanced with authentication software which can add either password authentication or challenge authentication. In the scenario described above, simple filtering, even with profiles, cannot authenticate that the individual on the other end of the connection is in fact the individual who should have access to the applications and data residing on the server connected to the local LAN. Therefore, we need to add PAP/CHAP authentication to accomplish this, which provides another layer of security to the system.
The screening router either alone or in combination with authentication, is known as a "Firewall", because it keeps the "fire" of unsecured communications outside a protective "wall".
Another popular configuration, particularly for organizations which have WWW presence, is the use of a so called "bastion host". Again borrowing from the medieval fortifications of cities, this concept consists of a double walled security layer. The outside wall, or perimeter wall, consists of a screening router which provides a first pass screen for the population of outside users who are allowed access to the Internet accessible applications in the Bastion Hosts, which sits in the "moat" between the two walls. A secondary router with or without authentication enhancements provides a second filter for those few privileged users who have access to the internal network. The bastion host concept is demonstrated below.
Protecting against unauthorized access to the data via controlling who is allowed to communicate with the protected servers will guard against many of the vulnerabilities of networks. However, these schemes do not prevent espionage and theft of the data which may be captured en route between two validated correspondents. This is an area where the addition of encryption and key management, as defined in the SKIP standard, will provide effective countermeasures. By encrypting the data and properly managing the keys to the encryption and decryption, data which is intercepted is rendered unusable, and at the same time unmodifiable, thereby adding a further layer of protection for the data.
Beyond this level, additional security is still available coupled to the applications, as mentioned earlier. For example, database systems also have authentication capabilities with user names and passwords as well as profiles, access control lists, and the like. It is possible to add yet more layers of security beyond those discussed so far by adding similar technologies to the application layer. In these schemes, applications could also issue challenge passwords beyond those required to gain access to the network, thereby increasing the security of the data by decreasing the odds that a single error (lost password, etc.) could compromise the application or the data. One common form of application level security is the use of Secure Socket Layer (SSL) directly coupled with the application. In order for SSL to work, both the Browser client and the Server application must support its use, making the application security aware. SSL is discussed further in the tools section of this paper.
Network security is all about managing risks and using this risk management analysis to provide appropriate security at an affordable price. This section will explore a Risk Management tool which can be used to analyze the risks in your organization and take appropriate countermeasures.
Risks can be characterized by two criteria: the likelihood that a particular attack will be successful, and the consequences of the results if the attack is successful. Security costs money, and therefore we must use that money wisely and only spend it where there is a real likelihood of significant damage. Risk mitigation strategies then focus on either minimizing the likelihood of occurrence (by employing countermeasures), or by minimizing the consequences of the attack. One way to depict this is to characterize the risks along two axes, one indicating increasing likelihood of an attack succeeding, and a second indicating increasingly dire consequences. The individual attacks are plotted according to the two axes, and depending on where they fall, they can be characterized as worthy of defending or not. If an attack is considered serious enough to defend against, countermeasures are developed to reposition the attack into the lower left hand quadrant.
In the previous chart, five potential attacks are plotted in a hypothetical scenario to demonstrate this technique. Attacks numbered one and five fall into the upper right hand corner, which means the analysis has shown them to be likely to succeed, and that the consequences are serious. Attack number three is somewhat likely to succeed, and the results appear to be moderately serious. Attack number four is not likely to succeed, and even if it did, the results would not be particularly damaging. Attack number two is also not likely to succeed, but if it did, the results would be damaging. Based on this analysis, an organization might opt to do nothing about attack number four, would definitely provide defenses against attacks one and five, and would optionally defend against number two and number three, depending on budget constraints.
This section will describe the different technology tools available to deploy in developing a security architecture for any given network.
Secure Sockets Layer (SSL)
The SSL is inserted between the TCP protocol and the application protocol. The SSL protocol operates in two phases. In the first phase, the sender and receiver agree on the read and write keys to be used, and then in the second phase data is encrypted using the keys chosen in the first phase. Authentication and secure key exchange is also achieved using the RSA public key encryption algorithm.
HyperText Transport Protocol Secure (HTTPS)
By layering a version of SSL between HTTP and TCP, Netscape has developed a secure version of HTTP as well.
Proxy servers
A proxy server is a firewall implemented in a hardware unit such as a workstation on a NT server, rather than in a router. This device looks at all of the data in each packet, not just address and headers. In most cases, the proxy examines the content and replaces the network address in the packet with proxy destinations that are known to be secure. Besides hiding the network from the outside world, they provide more control over the actual data at the application level. However, because they inspect all of the data in each packet, there have been reports of some significant performance degradations in high traffic areas.
Encryption
Encryption is a technique as old as the Romans. It is simply the scrambling of the transmitted text using a set of rules (algorithms, which in today's world means mathematical manipulations) which is known to the recipient, but hopefully to no one else. The recipient can then use the same set of rules in reverse to unscramble the coded text and read the intended message.
There are two classes of encryption algorithm. They are:
Symmetric key. A symmetric key algorithm is one where the same key is used both to encode and decode the message. The most popular symmetric key algorithm is the Data Encryption Standard (DES), whose major advantage is that it is fast and widely implemented. Its major limitations are its relatively small key size (56 bits), which weakens the security of the algorithm, and the need to exchange a secret key between the communicating parties, before secure communication can be established. A variant of DES, Triple-DES or 3DES is based on using DES three times (normally in an encrypt-decrypt-encrypt sequence with three different, unrelated keys). Many people consider Triple-DES to be much safer than plain DES.
Asymmetric key. It is a surprising fact that there are some algorithms which are difficult to reverse, even when the algorithm, the key, and the encrypted data are all available, unless some other piece of information is known. A public key encryption system is based on an algorithm of this type. Two keys are generated. One is kept private and the other can be made public. Two systems that want to hold a secure conversation can exchange their public keys. When one system sends to the other, it will encrypt the message using the other system's public key. Even though an attacker might observe the exchange of keys and an encrypted message, the irreversiblity of the public key algorithm ensures that the data is secure.
The most popular public key algorithm is the RSA algorithm. (The name RSA is derived from the first letters of the surnames of the algorithms inventors, Ron Rivest, Adi Shamir, and Leonard Adleman).
Although public key algorithms solve the key distribution problem, they are much slower than symmetric key algorithms. When implemented in hardware, DES is up to 10,000 faster than RSA. If efficiency is required, a public key system can be used to securely exchange symmetric keys which can then be used for the bulk of the data transfer.
Firewalls
The term "firewall" has become a generic term which encompasses a spectrum of technologies intended to provide protection from communications attacks on an organization. Screening routers, application gateways, proxy servers, authentication servers, are all examples of firewalls in use today. It is possible, and often desirable, to combine these different technologies according to the needs of the organization and their budget limitations.
Application Gateways
All packets are addressed to an application on the gateway that relays the packets between the two communication points. In most application gateway implementations, additional packet filter machines are required to control and screen the traffic between the gateway and the networks. Typically, this is a use of bastion hosts. These are secure but inefficient, since they are not transparent to users and applications.
Screening Routers
One of the most cost efficient and ubiquitous techniques for securing a network, a screening router, sometimes known as a packet filtering router, will allow known users (known by their IP addresses) to connect to specified applications (determined by their port address), thereby limiting the connections of even those users allowed to enter through the firewall, and completely denying any connections to those not authorized to access any applications.
Authenticating Servers
Authenticating Servers are often used in conjunction with Screening Routers to provide authentication services, thus verifying that those users who claim to be originating from valid addresses are in fact who they say they are.
OK, so now we've covered all of the building blocks and some examples of how they might go together. The question still might be on your mind: What should MY organization do to be secure. The answer is "it depends". It depends on specific security needs and budget limitations of your organization. Very few enterprises, not even the Federal Government and the Military, can afford "security at any price". Eventually, you will be forced to stop building security features and learn to live with the residual risks of your system. Where you stop depends on how much you are willing to pay to get the amount of security appropriate to your application.
One typical and common sense approach is to develop a security infrastructure incrementally. Start inexpensively with packet filtering and authenticating routers as the beginning firewall. Many experts contend that over 90% of attacks can be successfully defended by integrated routers and firewalls. Later, if you still need more, you can add encryption and key management for further enhancements. At each point, determine where your vulnerabilities are, what the potential attacks might be, and what consequences would ensue from a successful attack. Many people find that the use of simple and inexpensive packet filtering and authentication "move their dots" into the lower left hand quadrant of the likelihood/consequence space, and they have no further need to add more sophisticated measures. Certainly, if more is required, and the cost implications are warranted, customers can move into application coupled systems to further enhance the security. The ultimate move, of course, is to go to private networks, where one eliminates the physical connection to the network from potential hackers. Finally, use the services of agencies such as the National Computer Security Agency (NCSA) and ISS, which offer security audits of sites to help you determine vulnerabilities and countermeasures, and help you decide whether the risks facing your operations warrant further expenditures of time and money.
The following is excerpted (with minor amendments) from a DoD basic security action plan with specific projects that make up an overall Internet Umbrella Security Plan. It is based on an approach and strategy which coordinates security with existing technical and policy activities and addresses four general areas of policy, technology, infrastructure, and education. As mentioned before, although this plan has the U.S. Federal Government as its focus, it contains the elements that are relevant and should be of interest to the open Internet as a whole. Readers who wish to view the entire document can find it as volume six of the DoD Technical Architecture Framework for Information Management (TAFIM). It is available over the Internet in Microsoft Word form from http://www.library.itsi.disa.mil/tafim3.0/pages/word.html.
100Base-2 -- The Institute of Electrical and Elec-tronic Engineers (IEEE) 802.3 specification for ethernet over thin coaxial cable.
10Base-T -- The IEEE 802.3 specification for ethernet over unshielded twisted pair (UTP).
Access Control List (ACL) -- Most network security systems operate by allowing selective use of services. An Access Control List is the usual means by which access to, and denial of, services is controlled. It is simply a list of the services available, each with a list of the hosts permitted to use the service.
Adapter -- A board installed in a computer system to provide network communication capabilities to and from that computer system. Also called a Network Interface Card (NIC).
Alternate Routing -- A mechanism that supports the use of a new path after an attempt to set up a connection along a previously selected path fails.
American Standard Code for Information Interchange (ASCII) -- This is the code that most computers use to represent displayable characters. An ASCII file is a straightforward text file without special control characters.
AppleTalk -- A networking protocol developed by Apple Computer for communication between Apple Computer products and other computers. This protocol is independent of what network it is layered on. Current implementations exist for LocalTalk (235 Kbps) and EtherTalk (10 Mbps).
Application Layer -- Layer seven of the OSI Reference Model; implemented by various network applications including file transfer, electronic mail, and terminal emulation.
Application-Level Firewall -- A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.
Asymmetrical Digital Subscriber Line (ASDL) A new standard for transmitting at speeds up to seven Mbps over a single copper pair.
Asynchronous - Referring to two or more signals which, though they have the same nominal rates, actually operate at different rates.
Asynchronous Protocol -- A type of transmission where information is sent at any speed and at random with no routing information.
Asynchronous Transfer Mode (ATM) -- (1) The CCITT standard for cell relay wherein information for multiple types of services (voice, video, data) is conveyed in small, fixed-size cells. ATM is a connection oriented technology used in both LAN and WAN environments. (2) A fast-packet switching technology allowing free allocation of capacity to each channel. The SONET synchronous payload envelope is a variation of ATM. (3) ATM is an international ISDN high speed, high-volume, packet switching transmission protocol standard. ATM currently accommodates transmission speeds from 64 Kbps to 622 Mbps.
Authentication -- The process of assuring that data has come from its claimed source, or of corroborating the claimed identity of a communicating party.
Authentication Token -- A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords.
Authorization -- The process of determining what types of activities are permitted. Usually, authorization is in the context of authentication: once you have authenticated a user, they may be authorized different types of access or activity.
B Channel -- In ISDN, a full duplex, 64 Kbps channel for sending data.
Bandwidth -- (1) Measure of the information capacity of a transmission channel. (2) The difference between the highest and lowest frequencies of a band that can be passed by a transmission medium without undue distortion, such as the AM band - 535 to 1705 kilohertz. (3)Information carrying capacity of a communication channel. Analog bandwidth is the range of signal frequencies that can be transmitted by a communication channel or network. (4) A term used to indicate the amount of transmission or processing capacity possessed by a system or a specific location in a system (usually a network system).
Bandwidth Balancing (BWB) -- Method to reduce a station's access to a transmission bus, to improve fairness (802.6).
Bandwidth on Demand (BoD) -- Dynamic allocation of line capacity to active users, inherent in FastComm FRADs.
Bandwidth On Demand Interoperability Group (BONDING) -- Makers of inverse muxes.
Bastion Host -- A system that has been hardened to resist attack, and which is installed on a network in such a way that it is expected to potentially come under attack. Bastion hosts are often components of firewalls, or may be "outside" Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., UNIX, VMS, WNT, etc.) rather than a ROM-based or firmware operating system.
Bridge/Router -- A device that can provide the functions of a bridge, router or both concurrently. Bridge/router can route one or more protocols, such as TCP/IP and/or XNS, and bridge all other traffic.
Broadcast Storm Firewalls -- A mechanism that limits the rate at which broadcast/multicast packets are forwarded through the system.
Challenge Handshake Authentication Protocol (CHAP) -- Log-in security procedure for dial-in access.
Challenge/Response -- An authentication technique whereby a server sends an unpredictable challenge to the user, who computes a response using some form of authentication token.
Channel Service Unit (CSU) -- A CSU is a device that interfaces customer T1 (or E1) equipment to a carrier's T1 (or E1) service. At its most basic level, a CSU performs certain line-conditioning and equalization functions, and responds to loopback commands sent from the central office.
Channel Service Unit/Data Service Unit (CSU/DSU) -- A digital interface unit that connects end user equipment to the local digital telephone loop.
Circuit -- A two-way communications path. (2) A communication path or network; usually a pair of channels providing bidirectional communication.
Client/Server -- A distributed system model of computing that brings computing power to the desktop, where users ("clients") access resources from servers.
Configuration -- The phase in which the LE client discovers the LE Service.
D Channel -- Full duplex 16 Kbps (basic rate) or 64 Kbps (primary rate) ISDN channel.
Data Encryption Standard (DES) -- A popular, standard encryption scheme.
Data Terminal Equipment (DTE) -- The part of a data station that serves as a data source, destination, or both, and that provides for the data communications control function according to protocol. DTE includes computers, protocol translators, and multiplexers.
Dial up -- A type of communication that is established by a switched-circuit connection using the telephone network.
Digital Data System (DDS) -- U.S. private data transmission network, established in 1974 by AT&T and based on AT&T's Dataphone data service. DDS is a digital overlay network built on the existing loop and trunking network.
DSU/CSU - Equipment used to terminate a Switched 56 line and convert a PC's digital data signal into a digital transmission signal.
Dynamic Bandwidth Allocation (DBA) - A process that optimizes overall network efficiency by automatically increasing or decreasing the bandwidth of a channel to accommodate changes in data flow from end-user equipment.
Dynamic Password Authentication Servers -- Products consisting of server software that generates constantly changing passwords and two-factor, software or hardware-based password generators that teleworkers carry with them.
Dynamic Routing -- Routing that adjusts automatically to changes in network topology or traffic.
Encryption -- Applying a specific algorithm to data so as to alter the data's appearance and prevent other devices from reading the information. Decryption applies the algorithm in reverse to restore the data to its original form.
Ethernet -- (1) A baseband LAN specification invented by Xerox Corporation and developed jointly by Xerox, Intel, and Digital Equipment Corporation. Ethernet networks operate at 10 Mbps using CSMA/CD to run over coaxial cable. Ethernet is similar to a series of standards produced by IEEE referred to as IEEE 802.3. (2) A very common method of networking computers in a local area network (LAN). Ethernet will handle about 10,000,000 bits per second and can be used with almost any kind of computer.
File Transfer Protocol (FTP) -- (1) An IP application protocol for transferring files between network nodes. (2) An Internet protocol that allows a user on one host to transfer files to and from another host over a network.
Firewall -- (1) Isolation of LAN segments
from each other to protect data resources and help manage traffic. (2) Hardware
or software that restricts traffic to a private network from an unsecured
network.
Flash Memory -- A technology developed by Intel and licensed to other semiconductor companies. Flash memory is non-volatile storage that can be electrically erased in the circuit and reprogrammed.
Fractional E1 - A carrier service that offers data rates between 64 kbps and 2.048 mbps (E1) in increments of 64 Kbps.
Fractional T-1 -- A WAN communications service that provides the user with some portion of a T1 circuit which has been divided into 24 separate 64 Kb channels. Fractional E-1 is in Europe.
Frame Relay -- High-performance interface for packet-switching networks. Considered more efficient than X.25 which it is expected to replace. Frame relay technology can handle "bursty" communications that have rapidly changing bandwidth requirements.
Frame Relay Forum -- A voluntary organization composed of Frame Relay vendors, manufacturers, service providers, research organizations, and users. Similar in purpose to the ATM Forum.
Frequently Asked Questions (FAQ) -- Usually appears in the form of a "read - me" file in a variety of Internet formats. New users are expected to read the FAQ before participating in newsgroups, bulletin boards, video conferences and so on.
Government Open Systems Interconnection Profile (GOSIP) -- U.S. government version of the OSI protocols. GOSIP compatibility is a requirement in government networking purchases.
Home Page -- The first page of a Web site or of a logical group of HTML documents.
Hyper Text Transfer Protocol (HTTP) -- (1) The protocol most commonly used in the World-Wide Web to transfer information from Web servers to Web browsers. (2) The protocol that negotiates document delivery to a Web browser from a Web server.
Insider Attack -- An attack originating from inside a protected network.
Integrated Digital Network (IDN) -- The integration of transmission and switching functions using digital technology in a circuit-switched telecommunications network.
Integrated Services Digital Network (ISDN) -- (1)The recommendation published by CCITT for private or public digital telephone networks where binary data, such as graphics and digitized voice and data transmission, pass over the same digital network that carries most telephone transmissions today. (2) An overall application of the technology to provide for both newer digital and more traditional telephone services in an integrated network and incorporates the new network and interfacing standards which are being adopted worldwide. (3) Method for carrying many different services over the same digital transmission and switching facilities. (4) A Digital telephone system made up of two 64kbps "B" channels for data and one "D" channel for message trafficking.
Interior Gateway Routing Protocol (IGRP) -- Learns best routes through LAN Internet (TCP/IP).
Internation Organization for Standardization (ISO) -- Best known for the 7-layer OSI Reference Model.
Internet -- A collection of networks interconnected by a set of routers which allow them to function as a single, large virtual network.
Internet Access -- The method by which users connect to the Internet.
Internet Address -- Also called an IP address. It is a 32-bit address assigned to hosts using TCP/IP. The address is written as four octets separated with periods (dotted decimal format) that are made up of a network section, an optional subnet section, and a host section.
Internet Protocol (IP) -- A Layer 3 (network layer) protocol that contains addressing information and some control information that allows packets to be routed. Documented in RFC 791.
Internet Service Provider (ISP) -- (1) Any of a number of companies that sell Internet access to individuals or organizations at speeds ranging from 300bps to OC-3. (2) A business that enables individuals and companies to connect to the Internet by providing the interface to the Internet backbone.
Internetwork -- A collection of networks interconnected by routers that function (generally) as a single network. Sometimes called an internet, which is not to be confused with the Internet.
Internetworking -- General term used to refer to the industry that has arisen around the problem of connecting networks together. The term can refer to products, procedures, and technologies.
Intranet -- A private network that uses Internet software and standards.
IP Spoofing -- An attack whereby a system attempts to illicitly impersonate another system by using its IP network address.
ISDN BRI -- A digital access line that is divided into three channels. Two of the channels, called B channels, operate at 64 Kbps and are always used for data or voice. The third D channel is used for signaling at 16 Kbps.
ISDN Centrex -- A service provided by local telephone companies to customer premises, in which a central office digital switch performs in lieu of a customer PBX in an ISDN system. ISDN Centrex uses one B channel and one D channel to provide an array of digital voice and data capabilities.
ISDN Integrated Access Bridge/Router -- A remote access device that connects your computer to an ISDN line, performs bridging and/or routing and supports analog devices such as phones or faxes.
ISDN PRI -- Based physically and electrically on an E1 circuit, but channelized so that two channels are used for signaling and 30 channels are allocated for user traffic. ISDN PRI is available in E1 and T1 frame formats, depending on country.
Modem -- Contraction of modulator-demodulator. A device which modulates and demodulates signals transmitted over communication facilities.
Multi-homed Host -- A computer connected to more than one physical datalink. The data links may or may not be attached to the same network.
Network -- A collection of computers and other devices that are able to communicate with each other over some network medium.
Open Systems Interconnection (OSI) -- A 7-layer architecture model for communications systems developed by ISO and used as a reference model for most network architectures.
Packet -- (1) A logical grouping of information that includes a header and (usually) user data. (2) Continuous sequence of binary digits of information is switched through the network and an integral unit. Consists of up to 1024 bits (128 octets) of customer data plus additional transmission and error control information.
Packet Buffer -- Storage area to hold incoming data until the receiving device can process the data.
Packet Filtering -- A second layer of filtering on top of the standard filtering provided by a traditional transparent bridge. Can improve network performance, provide additional security, or logically segment a network to support virtual workgroups.
Packet Switch Node (PSN) -- The modern term used for nodes in the ARPANET and MILNET. These used to be called IMPs (Interface Message Processors). PSNs are currently implemented with BBN C30 or C300 minicomputers.
Packet Switching -- Type of data transfer that occupies a communication link only during the time of actual data transmission. Messages are split into packets and reassembled at the receiving end of the communication link. (2) A transmission technique that segments and routes information into discrete units. Packet switching allows for efficient sharing of network resources as packets from different sources can all be sent over the same channel in the same bitstream.
Password -- A group of characters assigned to a Staffware User by the System Administrator and used to sign off some Forms.
Password Authentication Protocol (PAP) -- A simple password protocol that transmits a user name and password across the network, unencrypted.
Path -- One or more Sonet lines, including network elements at each end capable of accessing, generating, and processing Path Overhead. Paths provide end-to-end transport of services.
Perimeter Firewall -- There are two types of perimeter firewalls: static packet filtering and dynamic firewalls. Both work at the IP address level, selectively passing or blocking data packets. Static packet filters are less flexible than dynamic firewalls.
Port -- The identifier (16-bit unsigned integer) used by Internet transport protocols to distinguish among multiple simultaneous connections to a single destination host.
Profile -- A set of information about a User, such as name, password or department, set up by the System Administrator.
Protocol -- (1)A formal description of a set of rules and conventions that govern how devices on a network exchange information. (2) Set of rules conducting interactions between two or more parties. These rules consist of syntax (header structure) semantics (actions and reactions that are supposed to occur) and timing (relative ordering and direction of states and events).(3) A formal set of rules.
Protocol Address -- Also called a network address. A network layer address referring to a logical, rather than a physical, network device.
Protocol Stack -- Related layers of protocol software that function together to implement a particular communications architecture. Examples include AppleTalk and DECnet.
Proxy -- The mechanism whereby one system "fronts for" another system in responding to protocol requests. Proxy systems are used in network management to avoid having to implement full protocol stacks in simple devices, such as modems.
Remote Access -- The process of allowing remote workers to access a corporate LAN over analog or digital telephone lines.
Remote Access Server -- Access equipment at a central site that connects remote users with corporate LAN resources.
Remote Bridge -- A bridge that connects physically disparate network segments via WAN links.
Route -- A path through an internetwork.
Routed (Route Daemon) -- A program that runs under 4.2 or 4.3BDS UNIX systems (and derived operating systems) to propagate routes among machines on a local area network. Pronounced "route-dee."
Routed Protocol -- A protocol that can be routed by a router. To route a routed protocol, a router must understand the logical internetwork as perceived by that routed protocol. Examples of routed protocols include DECnet, AppleTalk, and IP.
Router -- (1) An OSI Layer 3 device that can decide which of several paths network traffic will follow based on some optimality metric. Also called a gateway (although this definition of gateway is becoming increasingly outdated), routers forward packets from one network to another based on network-layer information. (2) A dedicated computer hardware and/or software package which manages the connection between two or more networks.
Router Cluster -- Private, high-speed switched links to each building in a campus. They are used to expand interbuilding bandwidth.
Routing -- The process of finding a path to the destination host. Routing is very complex in large networks because of the many potential intermediate destinations a packet might traverse before reaching its destination host.
Routing Bridge -- MAC-layer bridge that uses network layer methods to determine a network's topology.
Routing Information Protocol (RIP) -- An IGP supplied with Berkeley UNIX systems. It is the most common IGP in the Internet. RIP uses hop count as a routing metric. The largest allowable hop count for RIP is 16.
Routing Metric -- The method by which a routing algorithm determines that one route is better than another. This information is stored in routing tables. Metrics include reliability, delay, bandwidth, load, MTUs, communication costs, and hop count.
Routing Protocol -- A protocol that accomplishes routing through the implementation of a specific routing algorithm. Examples of routing protocols include IGRP, RIP, and OSPF.
Routing Table -- A table stored in a router or some other internetworking device that keeps track of routes (and, in some cases, metrics associated with those routes) to particular network destinations.
Routing Update -- A message sent from a router to indicate network reachability and associated cost information. Routing updates are typically sent at regular intervals and after a change in network topology.
Secure HTTP (S-HTTP) -- An extension of HTTP for authentication and data encryption between a Web server and a Web browser.
Security -- Protection against unwanted behavior. The most widely used definition of (computer) security is security = confidentiality + integrity + availability.
Security Policy -- A security policy is the set of rules, principles and practices that determine how security is implemented in an organization. It must maintain the principles of the organization's general security policy.
Simple Mail Transfer Protocol (SMTP) -- Protocol governing mail transmissions. It is defined in RFC 821, with associated message format descriptions in RFC 822.
Subnetwork -- Collection of OSI end systems and intermediate systems under the control of one administrative domain and using a single network access protocol. For example, private X.25 networks, a series of bridged LANs.
Switched FDDI -- A technique of transparently connecting separate FDDI networks at full 100 Mbps wire speed.
Synchronous Transfer Mode (STM) -- B-ISDN communications method that transmits a group of several traffic streams synchronized to a single reference clock. This is the standard method carriers currently utilize to assign channels within a T1/E1 line.
T1 -- (1) Digital transmission facility operating with a nominal bandwidth of 1.544 Mbps. Also known as Digital Signal Level 1 (D1). Composed of 24 DS-0 channels in many cases. The T1 digital transmission system is the primary digital communication system in North America. (2) A high-speed 1.5 mbits/sec leased line often used by companies for access to the Internet.
Transmission Control Protocol/Internet Protocol (TCP/IP) -- (1) The common name for the suite of protocols developed by the U.S. Department of Defense in the 1970s to support the construction of world-wide internetworks. TCP and IP are the two best-known protocols in the suite. TCP corresponds to Layer 4 (the transport layer) of the OSI reference model. It provides reliable transmission of data. IP corresponds to layer 3 (the network layer) of the OSI reference model and provides connectionless datagram service. (2) The collection of transport and application protocols used to communicate on the Internet and other networks.
U Interface (ISDN BRI) -- The two-wire interface that connects to the NT1 on a user's premises. In North America it can be integrated into the customer premises equipment. In other countries, it is typically supplied by the local carrier.
Use File -- a file designated as a Use File resides in a special area, and is read into the active Form each time it is created.
User -- A person who has access to the Staffware system via a computer workstation.
Virtual Private Network (VPN) -- A network service offered by public carriers in which the customer is provided a network that in many ways appears as if it is a private network (customer-unique addressing, network management capabilities, dynamic reconfiguration, etc.) but which, in fact, is provided over the carrier's public network facilities.
Web --Web, used as a noun, is shorthand for the World Wide Web.
Web Page -- An HTML document on the Web, usually one of many that together make up a We
Copyright - Syntek Computer Group - All rights reserved - 2001