Spoofing – One machine or user on a network masquerades as another

Sniffing – An eavesdropper listens in on a transmission between users

Hijacking – Spoofing and other techniques are used to take control of a communications session, allowing the attacker to masquerade as one of the communicating parties

Protecting the perimeter

For the purposes of this discussion we will focus on Firewall and Intrusion detection deployments – an integral part of any security policy, the effective deployment of these internet security appliances create a trusted network environment for business.

Installing a firewall is critical as the first line of defense, both at the corporate campus and remote sites including the homes of mobile workers. A firewall will inspect the connection and assure that it is allowable within a defined policy.  However, firewalls only inspect connections, they do not look for abnormalities in the packet header or malicious code within the data portion of the packet.

For maximum perimeter protection, network intrusion detection sensors should be strategically located to monitor and protect the firewall and internal network.  The best coverage is obtained by placing NIDS / IPS sensors both inside and outside the firewall.  The external sensor detects attacks on the firewall and monitors for denial-of-service, probes and firewall exploits.  The internal sensor detects unusual activity such as trojan horse and back door infections and other externally addressed traffic.

Another critical element of perimeter protection is using a NIDS on VPN and WAN links.  Hackers will often target branch offices – which tend to have lax security policy adherence and poor physical security – to attack an organization’s network resources.  In this way, a hacker can bypass a firewall by accessing the network through the VPN or WAN.

www.bestitdocuments.com