should be private for a computer network to be secure. These kinds of information include the
following:
- Passwords
- Financial account numbers
- Private data
- Low-level protocol information
The following subsections are intended to provide examples of these kinds.
Sniffing Passwords
Perhaps the most common loss of computer privacy is the loss of passwords. Typical users type
a password at least once a day. Data is often thought of as secure because access to it requires a
password. Users usually are very careful about guarding their password by not sharing it with
anyone and not writing it down anywhere.
Passwords are used not only to authenticate users for access to the files they keep in their
private accounts but other passwords are often employed within multilevel secure database
systems. When the user types any of these passwords, the system does not echo them to the
computer screen to ensure that no one will see them. After jealously guarding these passwords
and having the computer system reinforce the notion that they are private, a setup that sends
each character in a password across the network is extremely easy for any Ethernet sniffer to
see. End users do not realize just how easily these passwords can be found by someone using a
simple and common piece of software.
Sniffing Financial Account Numbers
Most users are uneasy about sending financial account numbers, such as credit card numbers
and checking account numbers, over the Internet. This apprehension may be partly because of
the carelessness most retailers display when tearing up or returning carbons of credit card
receipts. The privacy of each user’s credit card numbers is important. Although the Internet is
by no means bulletproof, the most likely location for the loss of privacy to occur is at the
endpoints of the transmission. Presumably, businesses making electronic transactions are as
fastidious about security as those that make paper transactions, so the highest risk probably
comes from the same local network in which the users are typing passwords.
However, much larger potential losses exist for businesses that conduct electronic funds
transfer or electronic document interchange over a computer network. These transactions
involve the transmission of account numbers that a sniffer could pick up; the thief could then
transfer funds into his or her own account or order goods paid for by a corporate account.
Most credit card fraud of this kind involves only a few thousand dollars per incident.
Sniffing Private Data
Loss of privacy is also common in e-mail transactions. Many e-mail messages have been
publicized without the permission of the sender or receiver. Remember the Iran-Contra affair
in which President Reagan’s secretary of defense, Caspar Weinberger, was convicted. A crucial
piece of evidence was backup tapes of PROFS e-mail on a National Security Agency computer.
The e-mail was not intercepted in transit, but in a typical networked system, it could have
been. It is not at all uncommon for e-mail to contain confidential business information or
personal information. Even routine memos can be embarrassing when they fall into the wrong
hands.
Sniffing Low-Level Protocol Information
Information network protocols send between computers includes hardware addresses of local
network interfaces, the IP addresses of remote network interfaces, IP routing information, and
sequence numbers assigned to bytes on a TCP connection. Knowledge of any of this informa-
tion can be misused by someone interested in attacking the security of machines on the
network. See the second part of this chapter for more information on how these data can pose
risks for the security of a network. A sniffer can obtain any of these data. After an attacker has
this kind of information, he or she is in a position to turn a passive attack into an active attack
with even greater potential for damage.
Protocol Sniffing: A Case Study
At one point in time, all user access to computing facilities in the organization under study
(the university at which the author is employed) was done via terminals. It was not practical to
hardwire each terminal to the host, and users needed to use more than one host. To solve these
two problems, Central Computing used a switch (an AT&T ISN switch) between the termi-
nals and the hosts. The terminals connected to the switch so that the user had a choice of
hosts. When the user chose a host the switch connected the terminal to the chosen host via a
very real, physical connection. The switch had several thousand ports and was, in theory,
capable of setting up connections between any pair of ports. In practice, however, some ports
attached to terminals and other ports attached to hosts. Figure 6.1 illustrates this setup.
To make the system more flexible, the central computing facility was changed to a new system
that uses a set of (DEC 550) Ethernet terminal servers with ports connected to the switch,
rather than the old system, which used a fixed number of switch ports connected to each host.
The new terminal servers are on an Ethernet segment shared by the hosts in the central
machine room.
Offices have a cable running from a wallplate to a wiring closet punchdown block. The punch-
down block has cables running to multiplexers which in turn connect to the switch. The
multiplexers serve to decrease the number of cables that need to be long. With this arrange-
ment sniffing or other forms of security problems are not an issue. No two offices share any
media. The switch mediates all interaction between computers, isolating the flow of data away
from the physical location of the end users.
Rather than using simple terminals, however, most computer users have a computer on their
desktop that they use in addition to the Central Computing computers. The switch services
these computers as well as simple terminals. The number of computer users, however, has
grown rapidly over the past decade and the switch is no longer adequate. Terminal ports are in
short supply, host ports are in even shorter supply, and the switch does not supply particularly
high-speed connections.
To phase out the switch, Central Computing installed an Ethernet hub in the basement of
each building next to the punchdown block used to support both the switch multiplexer and
the telephone lines. The hubs in the basements connect to the central facility using fiber-optic
cables to prevent signal degradation over long distances. Hubs also were placed in the wiring
closets on each floor of each building that connected to the basement hub. Now the cables
leading to the wallplates in the offices are being moved from the punchdown block that leads
to the multiplexer to a punchdown block that leads to one of these hubs. The new wiring
scheme neatly parallels the old and was changed relatively inexpensively. Figure 6.3 illustrates
the system after the networking of user areas. Figure 6.4 shows the user area networking detail.
Although the new wiring scheme neatly parallels the old, the data traveling on the new wiring
scheme does not neatly parallel its previous path. From a logical standpoint, it can get to the
same places, but the data can and does go to many other places as well. Under this scheme, any
office can sniff on all the data flowing to Central Computing from all of the other offices in
the building. Different departments are located in the same building. These departments
compete for resources allocated by upper management and are not above spying on one
another. Ordinary staff, the managers that supervise them, and middle management all are
located in the same building. A fair amount of potential exists for employees to want to know
what other people are sending in e-mail messages, storing in personnel files, and storing in
project planning files.
In addition to nosiness and competition, a variety of people sharing the same physical media in
the new wiring scheme, could easily misuse the network. Since all occupants of a building
share a single set of Ethernet hubs, they broadcast all of their network traffic to every network
interface in the entire building. Any sensitive information that they transmit is no longer
limited to a direct path between the user’s machine and the final destination, anyone in the
building can intercept the information with a sniffer. However, some careful planning of
network installation or a redesign of an existing network should include security considerations
(as well as performance issues) to avoid the risks inherent in shared media networking.
The network in the case study fails miserably in the prevention of sniffing. Any computer in a
building is capable of sniffing the network traffic to or from any other computer in the
building. The following section describes how to design a network that limits the sharing of
media to prevent sniffing by untrustworthy machines.
