Security Laboratory

Security Laboratory: Networking

This networking series will help the computer security manager understand the basics of an Internet Protocol network and give them the tools to help them manage those networks effectively.

View Archives »

A Management Perspective for Networks

Apr 28th, 2009
By Stephen Northcutt
Version 1.1

Since John Gage first uttered the phrase, Sun has been saying "The Network is the Computer." It's one of those rare vision statements that only becomes more true over time.[1] Whether we are talking about grid computing, a phrase in distributed computing which can have several meanings[2] but generally means a virtual supercomputer tied together by a network, or about the latest architectures for building a network, what is certain is that networks have become computers and computers rely on networks. The majority of attacks from people outside of an organization are launched over public networks (e.g., the Internet).[3] This may seem like an obvious statement, but carefully consider the ramifications to an organization connecting to the Internet. Besides a constant flurry of worms, viruses, and determined attackers trying to compromise the security of our resources, we also have to be concerned about the availability of the resources that we've come to rely on, including web servers, databases, and e-mail systems. Organizations devote significant resources and money to protect and ensure the availability of mission-critical resources, in terms of server and network redundancy, human resources, monitoring systems, firewalls, intrusion detection systems, network appliances, etc., etc. One source of cost information is the Sage Research study.[4]

The certification for the course we author and teach, Management 512 SANS Security Leadership Essentials For Managers was subject to error analysis research to see areas students had not mastered; networking was at the top of the list. This is not surprising, computer security managers from all walks of life are often quite uninformed about networks. Our organizations depend on them to accomplish work, they can be used to attack us and yet, we are all too willing to treat them as something beneath the manager's responsibility and beyond our understanding. At a minimum, security leaders are responsible for ensuring that metrics are in place to monitor the health of this resource and oversee the development of a secure architecture. Whether you can manage what you can't measure is a hotly debated topic,[5,6] but a network that is not being measured is not being managed. This networking series will help the computer security manager understand the basics of an Internet Protocol network and give them the tools to help them manage those networks effectively. Downtime is also expensive.[7] NOTE: We realize this is an older reference, if you have access to more modern data on networks please contact stephen@sans.edu

Economics of Networks

The original network was the thick Ethernet cable. It had marks every 2.5 meters so that you could connect to the network. To connect, you drilled into the cable, this was called a tap. This type of network was far cheaper than modern networks because it was so simple.[8] Today, we have routers, switches, various security appliances and increasingly in order to be compliant event management appliances.[9] In addition, more and more we are starting to use network attached storage and this transfers the cost of disk space from the servers to the network. All these factors increase the cost of the network. Adding a new network drop can run between $100 and $150.[10] In the past, it was generally considered to be cheaper to use a wired network, however many organizations are finding that a mix of wired, or even an all wireless LAN can be more cost effective. Networks cost more today than ever before, but they do a lot more, and it has never been more true, the network is the computer.

==
Links valid as of the writing of this paper, April 23, 2009
1 http://blogs.sun.com/jonathan/entry/the_network_is_the_computer
2 http://en.wikipedia.org/wiki/Grid_computing
3 http://www.cl.cam.ac.uk/~rja14/Papers/SE-18.pdf
4 http://newsroom.cisco.com/dlls/tln/research_studies/nco_study.html
5 http://management.about.com/od/metrics/a/Measure2Manage.htm
6 http://www.oandp.com/edge/issues/articles/2005-10_02.asp
7. http://telephonyonline.com/ar/telecom_cost_network_downtime/
8. http://en.wikipedia.org/wiki/10BASE5
9 http://www.netscout.com/docs/itimpactbriefs/NetScout_iib_Metzler_200903_Modern_IP_Network_Management.pdf
10 http://www.hardforum.com/archive/index.php/t-1270906.html
11 http://www.arubanetworks.com/pdf/technology/whitepapers/wp_Rightsizing.pdf

Questions?

Email us at info@sans.edu.

SANS AppSec 2012 Summit

Featured Research

Student Presentations

Expanding Response: Deeper Analysis for Incident Handlers
By Russ McRee | Nov 2011 | 622 KB

Detecting and Responding to Data Link Layer Attacks with Scapy
By TJ O'Connor | Sep 2011 | 2.44 MB

Scoping Security Assessments: A Project Management Approach
By Ahmed Abdel-Aziz | Sep 2011 | 387 KB

View More Student Presentations »

Featured Student/Alumni

TJ O'Connor STI Alumn

TJ O'Connor

TJ O'Connor is a member of the US Department of Defense and a former faculty member at the US Military Academy, where he taught courses on forensics, exploitation, and information assurance.

Click here to read more »

 

Internet Storm Center

View our Site Directory

Contact Us

Phone: (720) 941-4932
Questions: info@sans.edu
Web: webmaster@sans.edu

"After starting the program, I was promoted to Information Security Officer. I believe my involvement in the program was a contributing factor in that happening."
- John Brozycki, Alumni of SANS Technology Institute

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute