S 4.1 Heterogeneous networks
Description
A local network consists of the cabling (i.e. the cables as passive network components and the connecting elements) and the active network components for network coupling. In general, different types of cabling and different active network components can be integrated into a LAN. The term active network component includes all network components requiring their own power supply. Amongst other things, these include repeaters, bridges, switches, routers and gateways. The term passive network component includes all network components not requiring their own power supply. These include cables, distribution cabinets, patch panels and plug-and-socket connectors, for example.
The cabling is already described in detail in module S 2.2 Cabling and the application-related peripherals are addressed in the layer 3 modules, and so the present module predominantly focuses on the active network components, the underlying topology, their configuration, criteria for selecting suitable components, the selection of transmission protocols, as well as the related network management.
Only LAN technologies are considered, e.g. the network protocols Ethernet, token ring, or FDDI and/or the related network components such as bridges, switches, or routers. These technologies may also be used in a MAN under some circumstances. On the contrary, questions relating to a WAN connection are not addressed. Information on this can be found in module S 3.1 Security gateway (firewall).
If a LAN is to be protected sufficiently within the meaning of IT-Grundschutz, it is not sufficient to only implement the present module. Along with the active network components and the network management software used, the physical cabling and the server systems available in the network must also be taken into consideration. Therefore, it is absolutely necessary to also work through the modules mentioned above.
This module describes a guideline as to how a heterogeneous network can be analysed and, building thereon, designed and operated from a security point of view. Therefore, this module is intended for the department of an organisation responsible for network operation and disposing of the corresponding technical knowledge.
Threat scenario
The following typical threats to the IT-Grundschutz of a heterogeneous network are assumed to exist:
Force Majeure
| T 1.2 | Failure of the IT system |
| T 1.3 | Lightning |
| T 1.4 | Fire |
| T 1.5 | Water |
| T 1.7 | Inadmissible temperature and humidity |
| T 1.8 | Dust, soiling |
Organisational Shortcomings
| T 2.7 | Unauthorised use of rights |
| T 2.9 | Poor adjustment to changes in the use of IT |
| T 2.22 | Lack of or insufficient evaluation of auditing data |
| T 2.27 | Lack of or insufficient documentation |
| T 2.32 | Inadequate line bandwidth |
| T 2.44 | Incompatible active and passive network components |
| T 2.45 | Conceptual deficiencies of a network |
| T 2.46 | Exceeding the maximum allowed cable/bus length or ring size |
Human Error
| T 3.2 | Negligent destruction of equipment or data |
| T 3.3 | Non-compliance with IT security measures |
| T 3.5 | Inadvertent damaging of cables |
| T 3.6 | Hazards posed by cleaning staff or outside staff |
| T 3.8 | Improper use of the IT system |
| T 3.9 | Improper IT system administration |
| T 3.28 | Inadequate configuration of active network components |
| T 3.29 | Lack of, or unsuitable segmentation |
Technical Failure
| T 4.1 | Disruption of power supply |
| T 4.10 | Complexity of access possibilities to networked IT systems |
| T 4.31 | Failure or malfunction of a network component |
Deliberate Acts
| T 5.1 | Manipulation or destruction of equipment or accessories |
| T 5.2 | Manipulation of information or software |
| T 5.4 | Theft |
| T 5.5 | Vandalism |
| T 5.6 | Attack |
| T 5.7 | Line tapping |
| T 5.8 | Manipulation of lines |
| T 5.9 | Unauthorised use of IT systems |
| T 5.18 | Systematic trying-out of passwords |
| T 5.20 | Misuse of administrator rights |
| T 5.28 | Denial of services |
| T 5.66 | Unauthorised connection of IT systems to a network |
| T 5.67 | Unauthorised execution of network management functions |
| T 5.68 | Unauthorised access to active network components |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
At this point, it must be pointed out again that a LAN may only be provided with sufficient protection within the meaning of the IT-Grundschutz Catalogues if the bundles of safeguards from the modules S 2.12 IT cabling, S 3.1 General server and possibly the operating system-specific additions, and S 4.2 Network and system management are implemented additionally.
Moreover, the active network components should be installed in technical infrastructure rooms (e.g. distribution rooms), and so the safeguards from module S 2.6 Technical infrastructure room must also be implemented.
The workplace of the network administrator should also be especially protected. Along with the safeguards from module S 2.3 Office / local workplace, the rules for the operating system used must be mentioned here (see the corresponding layer 3 modules).
In order to securely use a heterogeneous network, a host of safeguards must be implemented, starting with the analysis of the existing network environment, to the development of a network management concept, up to operating a heterogeneous network. The steps to be followed in this case as well as the safeguards to implement in each phase are listed in the following.
- Analysis of the existing network environment (see S 2.139 Survey of the existing network environment and S 2.140 Analysis of the existing network environment)
- Conception
- Secure operation of the network
- Contingency planning
The entire bundle of safeguards for the field of heterogeneous networks is presented in the following, including rather fundamental safeguards that must be taken into account in addition to the steps mentioned above.
Planning and design
| S 2.139 | (A) | Survey of the existing network environment |
| S 2.140 | (Z) | Analysis of the existing network environment |
| S 2.141 | (B) | Development of a network concept |
| S 2.142 | (B) | Development of a network realisation plan |
| S 4.79 | (A) | Secure access mechanisms for local administration |
| S 5.2 | (A) | Selection of an appropriate network topology |
| S 5.13 | (A) | Appropriate use of equipment for network coupling |
| S 5.60 | (A) | Selection of a suitable backbone technology |
| S 5.61 | (A) | Suitable physical segmentation |
| S 5.62 | (Z) | Suitable logical segmentation |
| S 5.77 | (Z) | Establishment of subnetworks |
Implementation
| S 4.7 | (A) | Change of preset passwords |
| S 4.80 | (B) | Secure access mechanisms for remote administration |
| S 4.82 | (A) | Secure configuration of active network components |
| S 5.7 | (A) | Network management |
Operation
| S 4.81 | (B) | Auditing and logging of activities in a network |
| S 4.83 | (C) | Updating / upgrading of software and hardware in network components |
Contingency Planning
| S 6.52 | (A) | Regular backup of configuration data of active network components |
| S 6.53 | (Z) | Redundant arrangement of network components |
| S 6.54 | (B) | Procedures in case of a loss of network integrity |
| S 6.75 | (Z) | Redundant communication links |