to the B.A.R.C servers sometime ago. These threats pose an unprecedented challenge to lawmakers and enforcers. Likewise this throws open a new arena of challenge for Network engineers and designers. A sophisticated array of security measures is being used to keep the hackers at bay.
The first line of defense against external threats to networks is a "Firewall". The term firewall didn't originate with network security, but was borrowed from another industry- Firefighting. Years ago during disaster-skills and firefighting training, the first thing that was taught was that you remove part of the fire triangle (fuel, oxygen, heat), and fire dies. This is how a firewall works. Remove or clear an area of fuel, and, when the fire gets there, it cannot go anywhere else. Of course, the firefighters can still get through because their protocol, in their case, the ground to walk on, is still available. The firewall on your network works in much the same way. You want the good guys to get through and have what they need, but you want to prevent the evildoers from getting through.
Firewalls, consisting of hardware or software or both enforce a security policy on the communication traffic entering or leaving the
network, thus effectively isolating the domain. Firewalls not only influence the traffic leaving or entering a protected domain. They also protect certain other things from inside a domain such as communication resources and stored data. Firewalls today are very complex, and provide many features besides the traditional packet-filtering function. They provide
----continued----
|
The first is known as packet filtering. In the packet filtering mechanism, the router checks whether the entering or leaving data packets conform to the security policy and hence decide whether to allow or deny passage of data. This method allows the operators to verify all data packets. However checking the packets individually lowers the speed of data transfer. Commercial packages aim at reducing this delay caused.
Another method uses the Network Address Translator (NAT) which hides the internal addresses and the network topology from outside. For outgoing data packets the local
address is converted to the corresponding global address and vice versa for the incoming packets. Hence, little or no target information is available to the outside thus preventing unauthorized access. The third approach uses what is known as an application proxy. The application proxy understands the application protocol and data, and intercepts any information intended for that application.
Other methods include encryption, Virtual Private Servers, etc. The task of selecting the appropriate measures for your system is a complex one and deciding network policy is a complicated process. After all this the system must be tested for its security flaws which, of course is no easy task.
With no fixed standards and a large number of possible offenders, most existing firewalls today although necessary, remain imperfect security measures for network domains
|
