Notes


1. War-dialing is the process of dialing a block of telephone numbers such as 1-802-555-0000 through 9999 and checking for computerized devices attached to the other end. Software to perform such scans is readily available from the Internet and easy to use. War-dialing is a popular method of circumventing corporate perimeter security by looking for a forgotten backdoor into the network via a modem.

2. SNMPv3 supports encryption. SNMP is a fine protocol with which to monitor routers, but allowing an SNMP agent to write to routers is not recommended.

3. The Session Initiation Protocol (SIP) is commonly used to initiate Voice-over-IP calls. The actual transfer of voice information, however, is done using the Real-Time Protocol (RTP).

4. Note there are many ways of using packets to map a network. Using ICMP echoes is only the most obvious way. Most scanners will not even bother with this option because it is so widely defended against.

5. The Nmap program and documentation can be found at www.nmap.org, and the Nessus server, client, and documentation can be found on www.nessus.org.

6. It is easy to argue that many security lapses in networks are the result of misconfiguration on the part of a human being. Thus, the more we let the computer do, the better the chance of a correct and secure implementation.

7. If this were a full network design, the subnet between the access router and the firewall would be ideal for an intrusion detection system. Because we are focusing on NAT in this discussion, however, we will omit this from the diagram.




Network Perimeter Security. Building Defense In-Depth
Network Perimeter Security: Building Defense In-Depth
ISBN: 0849316286
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Cliff Riggs

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net