Without protection against malware and intruders, connecting to the Internet would be very dangerous. Firewalls, intrusion detection systems, and antivirus software have become essential business tools.
Firewalls
Firewalls prevent unauthorized users from accessing private networks. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic. It is generally placed between the organization’s private internal networks and distrusted external networks, such as the Internet, although firewalls can also be used to protect one part of a company’s network from the rest of the network (see Figure 8.5). The firewall acts like a gatekeeper who examines each user’s credentials before access is granted to a network. The firewall identifies names, IP addresses, applications, and other characteristics of incoming traffic. It checks this information against the access rules that have been programmed into the system by the network administrator. The firewall prevents unauthorized communication into and out of the network.
In large organizations, the firewall often resides on a specially designated computer separate from the rest of the network, so no incoming request directly accesses private network resources. There are a number of firewall screeningtechnologies, including static packet filtering, stateful inspection, Network
Firewalls
Firewalls prevent unauthorized users from accessing private networks. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic. It is generally placed between the organization’s private internal networks and distrusted external networks, such as the Internet, although firewalls can also be used to protect one part of a company’s network from the rest of the network (see Figure 8.5). The firewall acts like a gatekeeper who examines each user’s credentials before access is granted to a network. The firewall identifies names, IP addresses, applications, and other characteristics of incoming traffic. It checks this information against the access rules that have been programmed into the system by the network administrator. The firewall prevents unauthorized communication into and out of the network.
In large organizations, the firewall often resides on a specially designated computer separate from the rest of the network, so no incoming request directly accesses private network resources. There are a number of firewall screeningtechnologies, including static packet filtering, stateful inspection, Network
The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic.
Address Translation, and application proxy filtering. They are frequently used in combination to provide firewall protection. Packet filtering examines selected fields in the headers of data packets flowing back and forth between the trusted network and the Internet, examining individual packets in isolation. This filtering technology can miss many types of attacks. Stateful inspection provides additional security by determining whether packets are part of an ongoing dialogue between a sender and a receiver. It sets up state tables to track information over multiple packets. Packets are accepted or rejected based on whether they are part of an approved conversation or whether they are attempting to establish a legitimate connection.
Network Address Translation (NAT) can provide another layer of protection when static packet filtering and stateful inspection are employed. NAT conceals the IP addresses of the organization’s internal host computer(s) to prevent sniffer programs outside the firewall from ascertaining them and using that information to penetrate internal systems.Application proxy filtering examines the application content of packets. A proxy server stops data packets originating outside the organization, inspects them, and passes a proxy to the other side of the firewall. If a user outside the company wants to communicate with a user inside the organization, the outside user first “talks” to the proxy application and the proxy application communicates with the firm’s internal computer. Likewise, a computer user inside the organization goes through the proxy to talk with computers on the outside. To create a good firewall, an administrator must maintain detailed internal rules identifying the people, applications, or addresses that are allowed or rejected. Firewalls can deter, but not completely prevent, network penetration by outsiders and should be viewed as one element in an overall security plan.
Intrusion Detection Systems
In addition to firewalls, commercial security vendors now provide intrusion detection tools and services to protect against suspicious network traffic and attempts to access files and databases. Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points or “hot spots” of corporate networks to detect and deter intruders continually. The system generates an alarm if it finds a suspicious or anomalous event. Scanning software looks for patterns indicative of known methods of computer attacks, such as bad passwords, checks to see if important files have been removed or modified, and sends warnings of vandalism or system administration errors. Monitoring software examines events as they are happening to discover security attacks in progress. The intrusion detection tool can also be customized to shut down a particularly sensitive part of a network if it receives unauthorized traffic.
Antivirus and Antispyware Software
Defensive technology plans for both individuals and businesses must include anti-malware protection for every computer. Antivirus software prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware, and adware. However, most antivirus software is effective only against malware already known when the software was written. To remain effective, the antivirus software must be continually updated.
Unified Threat Management Systems
To help businesses reduce costs and improve manageability, security vendors have combined into a single appliance various security tools, including firewalls, virtual private networks, intrusion detection systems, and Web content filtering and antispam software. These comprehensive security management products are called unified threat management (UTM) systems. Although initially aimed at small and medium-sized businesses, UTM products are available for all sizes of networks. Leading UTM vendors include Crossbeam, Fortinent, and Check Point, and networking vendors such as Cisco Systems and Juniper Networks provide some UTM capabilities in their equipment.
Network Address Translation (NAT) can provide another layer of protection when static packet filtering and stateful inspection are employed. NAT conceals the IP addresses of the organization’s internal host computer(s) to prevent sniffer programs outside the firewall from ascertaining them and using that information to penetrate internal systems.Application proxy filtering examines the application content of packets. A proxy server stops data packets originating outside the organization, inspects them, and passes a proxy to the other side of the firewall. If a user outside the company wants to communicate with a user inside the organization, the outside user first “talks” to the proxy application and the proxy application communicates with the firm’s internal computer. Likewise, a computer user inside the organization goes through the proxy to talk with computers on the outside. To create a good firewall, an administrator must maintain detailed internal rules identifying the people, applications, or addresses that are allowed or rejected. Firewalls can deter, but not completely prevent, network penetration by outsiders and should be viewed as one element in an overall security plan.
Intrusion Detection Systems
In addition to firewalls, commercial security vendors now provide intrusion detection tools and services to protect against suspicious network traffic and attempts to access files and databases. Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points or “hot spots” of corporate networks to detect and deter intruders continually. The system generates an alarm if it finds a suspicious or anomalous event. Scanning software looks for patterns indicative of known methods of computer attacks, such as bad passwords, checks to see if important files have been removed or modified, and sends warnings of vandalism or system administration errors. Monitoring software examines events as they are happening to discover security attacks in progress. The intrusion detection tool can also be customized to shut down a particularly sensitive part of a network if it receives unauthorized traffic.
Antivirus and Antispyware Software
Defensive technology plans for both individuals and businesses must include anti-malware protection for every computer. Antivirus software prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware, and adware. However, most antivirus software is effective only against malware already known when the software was written. To remain effective, the antivirus software must be continually updated.
Unified Threat Management Systems
To help businesses reduce costs and improve manageability, security vendors have combined into a single appliance various security tools, including firewalls, virtual private networks, intrusion detection systems, and Web content filtering and antispam software. These comprehensive security management products are called unified threat management (UTM) systems. Although initially aimed at small and medium-sized businesses, UTM products are available for all sizes of networks. Leading UTM vendors include Crossbeam, Fortinent, and Check Point, and networking vendors such as Cisco Systems and Juniper Networks provide some UTM capabilities in their equipment.
No comments:
Post a Comment