Network security -- Taking the layered approach

Network security is typically done in layers. Whether folks secure at the edge, the core, or in between, the network is secured in layers to ensure optimum protection.

Using that as a baseline, author and security expert Michael Gregg wrote Hack the Stack, a new network security book that not only acknowledges the layered approach to security but also plays that against the popular seven-layer OSI stack model.

"Hack the Stack takes a look at security and kind of approaches it in a different way," Gregg said in a recent interview. &quotPeople look at security in a layered approach. We wanted to look at the layered approach with the OSI model and look at it that way."

In the book''s title, the word &quothack" does not signify malicious intent. Instead, it encourages networking and security pros to dig into their systems and learn how they work in order to determine where vulnerabilities or security holes may lie. Gaining a better understanding and deeper knowledge of how TCP/IP systems work will lead to tighter security, Gregg said.

And though the seven layers of the OSI model -- physical, data link, network, transport, session, presentation and application -- are fairly well known, Gregg said, one of the first steps to taking an OSI approach to network security is understanding the mythical eighth layer -- people.

&quotPeople are a big part of security," he said, noting that their actions and behaviors while on the network and their overall attitudes can have a great impact on security and how an enterprise pursues it.

From the physical layer to the application layer -- and the &quotpeople layer" -- Hack the Stack dissects security risks at each level and offers practical and cost-effective countermeasures to protect against them.

According to Gregg, many companies tend to ignore the physical layer when trying to secure the network, but physical security is becoming extremely important.

&quotYou can have the best logical security, but if you don''t have any physical control, that means nothing," he said, adding that the loss of physical security can leave the network totally exposed.

From the physical layer, the book continues through the other layers. For example, it teaches how to attack and defend the data link layer and examines methods such as ARP spoofing, MAC flooding and the use of honeytokens. On the session layer, it shows how tools can be used maliciously -- session hijacking, for instance -- or for protection.

Hack the Stack also looks into IP attacks and relays how spoofing and evasion can undermine the network layer. It teaches how to detect scans and understand port scanning techniques. It analyzes how to protect confidentiality with IPsec and has tips to avoid hijack.

&quotEach chapter is set up with vulnerabilities and exposures and presents countermeasures," Gregg said. &quotAt the end of each chapter, we give a step-by-step project."

The projects are fairly simple ways to ensure that each level of the stack is secured.

&quotOur target was not only the security guy," Gregg said. &quotOur thought on this was security doesn''t just involve the security guy. We tried to reach out to get programmers, network guys, applications guys. We tried to reach everyone. That''s the way we designed it. At each layer, there''s something there that each of these groups can do to boost that layer''s security."

Even if enterprises can''t complete the projects at each of the seven layers, Gregg said, they still provides defense in depth. And each project consists mostly of easily obtainable, low-cost or open source software."