Flylib.com

Books Software

 
 
 

Category list


Similar pages

Network Security Architecture


Buy on amazon.com >>
Castelli M. J.
    << Previous page
    Table of contents
    Next page >>

    Network Security Architecture

    There are many possible places for an enterprise to place the IDS. Three of the most common and effective include the following:

    • Network perimeter - Includes all that is internal to the network against all that is external. The perimeter equipment includes:

      - Firewalls - Connect the internal network to the external network. Firewalls also can create firewalls within firewalls, blocking off various resources to other areas, for example, blocking certain human resource services from employees .

      - Access servers and modems - Enable the users entry point into the network.

      - Network service provider links - The points between the proprietary wiring and commercial services; for example, direct connection to the Internet.

      Figure 15-4 illustrates the network perimeter.

      Figure 15-4. Network Perimeter

      graphics/15fig04.gif

      In this scenario, a network-based IDS should be placed at every entry point on the network perimeter; in this case, at the Access Server and firewall points.

    • Server farms - The server farms are the segments of the network that host the servers; no client workstations exist in the server farm environment.

      Figure 15-5 illustrates a server farm layout.

      Figure 15-5. Server Farm

      graphics/15fig05.gif

      The server farm is a network concentration of servers providing resources to users, such as World Wide Web hosting, FTP servers, organization file servers, e-commerce servers, etc.

    In this scenario, a network-based IDS should be placed at the entry point for both dedicated and dial-in users, as well as the entry point to the server farm. Further protection is afforded by placing host-based IDS systems on each server in the server farm.

    • Network backbone - The network backbone provides access to various network areas. They can be low- or high-bandwidth, depending on the implementation. Avoiding backbone links may eliminate some network delay. Intruders would be looking for important systems on this type of network. Anomalous traffic such as port scanning and IP spoofing attempts should encourage a flag for the administrator to investigate.

      Figure 15-6 illustrates regional network connections, with all traffic crossing a backbone as the traffic is forwarded from one region to the next .

      Figure 15-6. Network Backbone

      graphics/15fig06.gif

      In this scenario, a network-based IDS should be placed at the entry point for each regional network in the network backbone.

    Summary

    The goal of network security is to provide users with access to necessary network resources, while preventing access against known and unknown, internal and external, threats. Network or system threats are categorized as follows :

    • Denial-of-service (DoS) - The attacker sends more requests to a host (such as a web server), than the host can handle.

    • Unauthorized Access - The attacker accesses host resource that would not otherwise be available to that person.

    • Illicit Command Execution - Unauthorized persons executing commands on an organization's servers.

    • Confidentiality Breaches - Access to certain, potentially damaging , information through the compromise of a normal user account.

    • Destructive Behavior - There are two types destructive attacks: changing the data and destroying the data

    There are many ways that attackers can access or abuse unprotected networks or hosts (computers), the most popular being via the introduction of macros or viruses to a network system.

    Firewalls are an effective solution against most network attacks because they can stop an attacker outside the network from logging into a computer inside the network and wreaking havoc on network resources. Intrusion Detection Systems (IDSs) are another effective solution against most network attacks. IDSs detect the inappropriate, incorrect, or anomalous activity impacting network and its resources. An intrusion can include a network attack from the outside (intruder or unauthorized user) or from an internal network user (misuse).

    IDSs are implemented in one of two ways:

    • Host-based - Detection software is loaded on the host the IDS will be monitoring.

    • Network-based (NIDS) - Packets on the network and audit data from several hosts are monitored on a particular network segment.

    Firewalls and IDSs can be placed anywhere within a network, but the most common and effective placements are at the network perimeter, the network backbone, and network server farms.


    Buy on amazon.com >>
    Castelli M. J.
      << Previous page
      Table of contents
      Next page >>

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy