Summary

  

The importance of the OSI model, DMZs, Java Sockets, HTTP tunneling, and firewalls was introduced and discussed in this chapter. I also presented important network concepts and investigated how security is handled at the network level. You should have an understanding of asynchronous communications, TCP, UDP, and routing and be able to run, understand, and write Java-code implementing sockets, channels, TCP, and UDP concepts.

To understand network security, you must understand common network principles and be able to apply them over and over again in different organizations to block attackers . Firewalls and router security are just some of the tools that are available, but using these products in unison to provide robust security and understanding is only one fraction of securing an organization. Having a secure organization, and hence a secure network, should be the goal of every organization. Thus, having a dual- homed host should be a minimum, not a maximum. Having a monitor device and a network engineer who can read the packets coming across a network should also be a minimum in the organization's overall security scheme.

There are many organizations that have secure doors going in o the buildings , but the network is like an open door without a key. So I ask, what is the purpose of having a locked door, when the biggest door, the network, is unsecure? Security is an everyday requirement, and a discipline that should be practiced by the organization's best people. If an organization doesn't wish to protect its resources through secure means, the organization should question what resources they have that are not publicly available. What information makes that organization special?

Using network security, understanding networks and blocking of questionable packets, is a practice that has been around since the ARPANET. Some of the RFCs that are still in use today date back to the 70s and 80s. With the information being available to both organizations and attackers for so long, it is surprising to see how few people can read a packet or truly look at network practices. From our experiences, I have known many people with the network engineer responsibilities who do not know what a firewall is, have called a DMZ a system with one firewall and do not understand the need for another firewall. In contrast I have also met people who could read information across a network as easily as many people read a newspaper. You can imagine what would happen if people like these turn to hacking.

This chapter was an introduction, and I hope you start the down the path of examining more information, and encourage your organization to employ true network engineers . I suggest to any organization interested in securing its systems that it employ staff with many years of network experience, enforce its network systems, ensure that it has proper security equipment, and test these systems by practicing mock attacks to check whether its systems are vulnerable.

  


Java Security Solutions
Java Security Solutions
ISBN: 0764549286
EAN: 2147483647
Year: 2001
Pages: 222

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net