WiMax Operator's Manual
WiMax Operator's Manual
WiMax Operator's Manual
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
190 CHAPTER 9 ■ NETWORK SECURITY<br />
of security bulletins pouring out of various monitoring organizations. Security administrators<br />
cannot afford to fall behind in such matters because their systems are immediately at risk if<br />
they do so. Obviously, an ordinary information technology (IT) manager entrusted with the<br />
routine administration of the network who tries to do security in idle moments—which<br />
scarcely exist in that position in any case—is not going to be successful.<br />
A large, mature network will probably find it wise to hire a security administrator, but a<br />
small startup generally cannot afford to do so. The only solution then becomes the retention of<br />
a reputable security firm—in other words, the outsourcing of security.<br />
This is not necessarily a bad idea. Specialists in the field such as Computer Security Associates<br />
are thoroughly up on the latest hacker strategies and will undertake aggressive network<br />
defense, including legal action against attackers. Such services are not inexpensive, but simply<br />
hoping attacks will not occur and doing nothing may represent a false economy.<br />
It is a good idea to have such a network security company perform a security audit on<br />
the network infrastructure from time to time as well as provide routine updates on security<br />
software and response to individual problems. The audit should encompass not only the<br />
OSS and the vital databases but also the facilities themselves, including the central office and<br />
base stations.<br />
A word about overall security policy and securing the network against software attacks:<br />
Network operations staff should as a matter of policy not be permitted to download files either<br />
from the Internet or from privately recorded discs onto computers utilized in network management.<br />
It is also a good idea to attach individual firewalls to such computers to prevent the<br />
former practice. In any case, the policy should be explicitly stated and rigorously enforced.<br />
Trojan horses are a favorite weapon of hackers for gaining access to well-secured networks.<br />
Network operators should also be alert to the possibility of internal sabotage by disgruntled<br />
employees. Many security organizations have suggested that the majority of computer crimes<br />
are inside jobs. Finally, visitors should not be allowed free access to vital network elements<br />
or left unsupervised in their presence, and this applies to authorized maintenance personnel.<br />
Institutional paranoia is a good adaptive response for any organization running a vital services<br />
network.<br />
Attacks and Counterattacks<br />
Hackers have a variety of motives, and their ploys tend to reflect that fact. Some regard network<br />
intrusion as a harmless sport and do little or no damage after they have achieved access. Others<br />
regard sabotage itself as a sport and intrude in order to destroy. Others engage in industrial<br />
espionage, seeking to steal information and sell it for a profit. Still others are hired assassins<br />
seeking to wreck a network at the behest of a competitor. Yet another group intrudes primarily<br />
to steal software for redistribution. And a surprisingly large number of hackers seek to enter a<br />
network to use it as a launching platform for further attacks, thus disguising the ultimate point<br />
of origin of such attacks.<br />
In the case of public networks, hackers may attempt entry not to attack or compromise the<br />
access network itself but to breech an enterprise network attached to the public network. Or<br />
they may want to eavesdrop on private transmissions either out of voyeuristic motivations or<br />
for financial gain.<br />
The arsenal of tools used by experienced hackers today is enormous, much too large to be<br />
discussed in this chapter. Unfortunately, such tools are readily available as freeware at hacker<br />
Web sites, of which there are hundreds if not thousands. And the ready availability of such tools