My is IP Address  •
Detail of TCP/IP  •
Internet IP Addressing  •
IP Subnetting  •
IPv6 Technologies  •
OSI Model  •
Network Security  •
Hacking Explained  •
Types of Hacking  •
Firewall & IDS  •
VPN (Virtual Private Network)  •
IPSec (IP Security)  •
Data Encryption  •
DES & Key Exchange  •
Ethernet Technologies  •
History of Ethernet  •
LAN Switching History  •
LAN Switching  •
Virtual LAN  •
Bridge & Switch  •
Router Technologies  •
Routing Technologies  •
WAN Technologies  •
Fiber-optic Networking  •
Frame Relay Technologies  •
ATM (Asynchronous Transfer Mode)  •
MPLS (Multiprotocol Label Switching)  •
Detail of MPLS  •
Wireless Networks  •
WLAN (Wireless LAN)  •
Wireless Roaming and Bridges  •
Broadband Technologies  •
DSL Technologies  •
Cable Broadband  •
ISDN Technologies  •
IP Telephony  •
VoIP (Voice over IP)  •
IP Convergence  •
IP Multicast  •
Videoconference  •
Network Maintenance  •
Disaster Recovery  •
QoS (Quality of Service)  •
Routing Protocols  •
High Availability  •
STP (Spanning Tree Protocol)  •
Data Center  •
SAN (Storage Area Networks)  •
SAN Technologies  •
SNA (Systems Network Architecture)  •
Desktop Protocols  •
E-Learning  •
E-Commerce  •
Windows & Linux Comparison  •
SQL Server  •

Firewall

Firewall

With more home computers and business networks connecting to the Internet, there is considerably more opportunity for malicious attacks from hackers and saboteurs. The same danger applies to internal corporate networks in that companies must protect their data centers and computing resources from internal and external attack.

Network attacks occur for a variety of reasons: extortion, fraud, espionage, sabotage, or simple curiosity. The acts themselves involve a range of activities, including misuse of authorized systems, system break-ins, equipment theft, interception of network traffic, and reconfiguration of computer systems to allow for future access. Because of the nature of global networks, these attacks can (and often do) cross network and national boundaries.

Firewalls and intrusions detection systems (IDSs) provide the perimeter defense of corporate and personal networks. As hackers become more sophisticated (and aggressive) in their attacks, so has the technology behind keeping networks safe. Firewalls and IDSs are a direct response to hackers.

With the advances in technology comes a great deal of innovation around the deployment of these systems, which is important to companies with public websites.

The main goal with perimeter security is to keep the bad guys out of the network. The way to be absolutely sure of perimeter security is to not connect to anything. However, most companies rely on the Internet, and for some, it is a critical aspect of their business. The problem then is how to maintain an external presence and still stay relatively safe against attacks.

Examples of network-related security threats include the following:

  • Passive eavesdropping - Attackers use packet-capture programs to glean sensitive information or steal username/password combinations.
  • IP address spoofing - An attacker pretends to be a trusted computer by using an IP address within the accepted range of internal IP addresses. This tactic is similar to assuming another identity.
  • Port scans - Servers "listen" for traffic on different ports. For example, port 80 is where servers listen for web HTTP traffic. Attackers find ways to infiltrate servers through individual server ports.
  • Denial-of-service attack - The attacker attempts to block valid users from accessing servers by creating TCP SYN packets that exhaust the server so it cannot handle any valid requests.
  • Application-layer attack - These attacks exploit the weaknesses of certain applications to obtain illicit access to the hosting server.

What Does a Firewall Do?
Firewalls provide the ability to block these and other attacks by inspecting traffic, tracking valid sessions, and filtering traffic that looks suspect so it cannot pass. They do so by inspecting packets for known attack profiles and by acting as a proxy between you and the rest of the world.

Intrusion Detection Systems
Firewalls provide a barrier for traffic. However, some traffic might look legitimate, and some traffic might in fact be legitimate but unbeknownst to the user carry devious viruses or attack programs.

Although a firewall is sufficient for home use, corporations tend to have more at risk and choose to invest in extra measures to detect traffic patterns that a firewall can’t catch. Intrusion detection provides this ability.

Intrusion detection systems (IDSs) analyze data in real time to detect, log, and hinder misuse and attacks. Host-based IDSs monitor server operations for any mischievous events, and network-based IDSs monitor network traffic on a specific segment.

Network-based IDSs monitor traffic in real time, looking at each packet for mischievous data profiles. When a particular data flow is suspect, the IDS logs the finding and notifies the receiving router to deny the traffic and any future traffic from that source.

Keeping Up with the Times
New viruses and new forms of attacks are introduced to networks regularly. For each security measure put in place, motivated attackers always find a way to work around it. There is no such thing as a foolproof security measure.

For that reason, network administrators and home users must be diligent in regularly updating their security software and profiles. Firewall updates can block newly found vulnerabilities. IDS updates can detect new forms of viruses or attacks.

The Internet is anarchy in a good and bad way. Companies and individuals have the burden of protecting themselves from probing individuals.




Copyright © 2006 myipaddressinfo.com. All rights reserved.
vinyl flooring  |   rubber flooring  |   cork flooring  |   bamboo flooring  |   hardwood flooring  |   laminate flooring  |   ceramic flooring  |   ceramic tile  |   flooring
health | home  |   recipes  |   web design  |   seo  |   schools  |   golf courses  |   html  |   flash design

This website and the materials and information you find on this website are provided "as is", without warranty of any kind, either express or implied, including without limitation any warranty for information, services, or products provided through or in connection with the service and any implied warranties of merchantability, fitness for a particular purpose, expectation of privacy or non-infringement.