| Topic : How to secure network |
|
|
Posted in Community :
IT Infrastructure- Network Security Solutions
|
||
|
Source : http://netsecurity.about.com
Activity:
0 comments
551 views
last activity : 07 06 2010 20:18:04 +0000
|
||
|
|
No matter how good any single network security application is, there is someone out there smarter than the people who designed it with more time on his hands than scruples who will eventually get past it. It is for this reason that common security practice suggests multiple lines of defense, or defense in depth.
Defense in depth is designed on the principle that multiple layers of different types of protection from different vendors provide substantially better protection. A hacker may develop a knack for breaking through certain types of defenses or learn the intricacies or techniques of a particular vendor effectively rendering that type of defense useless.
By establishing a layered security you will help to keep out all but the cleverest and most dedicated hackers.
As a baseline I suggest implementing a firewall, an IDS (intrusion detection system) and anti-virus software. Working in concert, these three devices or applications can help to keep out unwanted traffic, notify you when unauthorized access does occur and protect your computer from known Trojans, worms and viruses.
A firewall can be hardware or software based. It is usually best to have the firewall on a separate computer or device because running the firewall on your PC or on a server gives access up to that point before the firewall can do its thing. Firewalls restrict access based on various rules. Simple firewall programs, or routers used for broadband Internet connections tend to restrict or direct traffic based simply on what port it is coming in on. Regardless of what type you use, the firewall represents your outer boundary of protection.
Should someone or something manage to get past the firewall, the next line of defense would be your IDS, or intrusion detection system. There are a few different ways of achieving intrusion detection. One of the more popular is through signature matching. Essentially, each time a new threat or exploit is learned a signature is created for it. The IDS monitors all traffic on the local network and looks for patterns that match the signatures it contains. Depending on the IDS you can configure it to counter the attack, halt the flow of traffic, alert the administrator or some other form of intervention or notification.
If the malicious code makes it past the firewall and past the IDS to your local computer, it would be left up to the anti-virus software to detect it and protect your system.
Typical anti-virus software works in a similar manner to the IDS signatures. Each time a new virus is discovered its characteristics (subject line, message body, name of attached file(s), size of email or attached file(s)- anything that makes it unique and that is consistent) are catalogued and added to the list of known viruses. The software scans the local computer files, incoming emails and Internet traffic for signs of malicious code. While hacking and viruses are two different attacks that may occur on your system, many anti-virus software packages are set up to detect or prevent known security attacks, backdoors and Trojan horse programs that might be placed on your computer by a hacker.
These are just a small sampling of the layers available to defend your network. For more complicated or larger networks it is prudent to set up multiple firewalls and create a DMZ (demilitarized zone) to segment certain types of traffic that may need less restricted access to the public Internet from your internal systems. No matter how you choose to protect your network, it is important not to put all of your eggs in one basket, or to buy all of your eggs from the same chicken.
Defense in depth is designed on the principle that multiple layers of different types of protection from different vendors provide substantially better protection. A hacker may develop a knack for breaking through certain types of defenses or learn the intricacies or techniques of a particular vendor effectively rendering that type of defense useless.
By establishing a layered security you will help to keep out all but the cleverest and most dedicated hackers.
As a baseline I suggest implementing a firewall, an IDS (intrusion detection system) and anti-virus software. Working in concert, these three devices or applications can help to keep out unwanted traffic, notify you when unauthorized access does occur and protect your computer from known Trojans, worms and viruses.
A firewall can be hardware or software based. It is usually best to have the firewall on a separate computer or device because running the firewall on your PC or on a server gives access up to that point before the firewall can do its thing. Firewalls restrict access based on various rules. Simple firewall programs, or routers used for broadband Internet connections tend to restrict or direct traffic based simply on what port it is coming in on. Regardless of what type you use, the firewall represents your outer boundary of protection.
Should someone or something manage to get past the firewall, the next line of defense would be your IDS, or intrusion detection system. There are a few different ways of achieving intrusion detection. One of the more popular is through signature matching. Essentially, each time a new threat or exploit is learned a signature is created for it. The IDS monitors all traffic on the local network and looks for patterns that match the signatures it contains. Depending on the IDS you can configure it to counter the attack, halt the flow of traffic, alert the administrator or some other form of intervention or notification.
If the malicious code makes it past the firewall and past the IDS to your local computer, it would be left up to the anti-virus software to detect it and protect your system.
Typical anti-virus software works in a similar manner to the IDS signatures. Each time a new virus is discovered its characteristics (subject line, message body, name of attached file(s), size of email or attached file(s)- anything that makes it unique and that is consistent) are catalogued and added to the list of known viruses. The software scans the local computer files, incoming emails and Internet traffic for signs of malicious code. While hacking and viruses are two different attacks that may occur on your system, many anti-virus software packages are set up to detect or prevent known security attacks, backdoors and Trojan horse programs that might be placed on your computer by a hacker.
These are just a small sampling of the layers available to defend your network. For more complicated or larger networks it is prudent to set up multiple firewalls and create a DMZ (demilitarized zone) to segment certain types of traffic that may need less restricted access to the public Internet from your internal systems. No matter how you choose to protect your network, it is important not to put all of your eggs in one basket, or to buy all of your eggs from the same chicken.
TrackBack URL:
0 comments on "In Depth Security"
Sort by:
Most Recent
Top Rated
Found the article
"In Depth Security"
interesting ?
Share with your connections and communities
Viewers also viewed
|
|
in my view the aviation security,particularly airport security,should be funded from from the... |
|
|
28 referals
4 comments,
31 views
|
|
|
Position Title: Senior Software Engineer (Security) Job Description: An Engineering degree is... |
|
|
179 referals
1 comments,
21 views
|
|
|
Datarakshak is one stop shop for all your hosting requirements from domain registration to... |
|
|
0 referals
0 comments,
6 views
|
|
|
|
|
|
|
Recent Knowledge (104)
|
|
India is a free nation. People have rights but still women are struggling to come up. There is a... |
|
|
0 referals
6 comments,
73 views
|
|
|
Why China And India Don't Get Along January 4, 2011: India-China ties are set to enter... |
|
|
98 referals
3 comments,
108 views
|
|
|
In May, LinkedIn launched a USD $ 4.3 billion IPO at USD 45/per share, stock debut USD $ 120 on... |
|
|
3030 referals
10 comments,
351 views
|
|
|
|
|
Sponsored Jobs
More From Author
Many organizations have good projects but they are not successful in their business. Many say that prioritizing the project leads to success. How should organizations prioritize projects to be successful? Share your views... |
What are the Certification given for Organisation to go Green? |
Project manager's attitude is the main driving force in quality. He is the leader in the whole process and the main supervisor overviewing each and every step. Success of the project depends upon the management skills he shows during the project...... |