TUTORIAL - NETWORK SECURITY
Overview
With the continual increase in Internet usage, the advent of ?always on? connections
such as ADSL and the reliance of NET based communications to run our businesses,
network security is becoming ever more important. A bewildering range of
measures are now available for even the smallest business and selecting the
right products or services can be a daunting task for those not familiar
with this area of technology.
This short tutorial is aimed at those new to the field looking to upgrade or
improve their companies security mechanisms or those who want the speed offered
by broadband (such as ADSL), but want to maintain a strong security barrier.
Firewalls
A firewall is a device used to control network access at a connection point
or gateway between two networks. It enforces an access control policy between
two networks, most commonly a private network and the public Internet and
the principle upon which a firewall operates is based around;
Packet inspection - each LAN
packet passing through the firewall is inspected.
Packet Match - The packet is examined
against an access control policy or access list to determine who is allowed
in or out.
Block or Forward - The traffic is
either blocked or permitted based upon the access policy.
Probably the most important thing to recognize about a firewall is that it
implements an access control policy, which needs to be carefully planned. This
means that regardless of the many features and facilities now offered in modern
firewalls, the security of the system very much depends upon the rules or set-up
of the firewall.
However, the good news is that firewalls and firewall based appliances are
now cheaper & much more easily configured with graphical interfaces & set-up
wizards making the technology applicable to a wider market, most notably the
Small Medium Business (SMB) sector.
Hardware or Software Based Firewall?
Firewalls can be either hardware or software based. Hardware based firewalls
are standalone metal boxes which are self contained and run their own operating
system (OS). Software based firewalls are software packages installed onto
a host computer, using the native OS.
Both architectures are widely used, with similar features offered by both,
but perhaps the largest growth has been in the hardware based firewalls, particularly
through the development of network security appliances, which offer a range
of features in a single box. This type of device will be of particular interest
to the SMB sector.
Network Security Appliances
Hardware based network security appliances, such as those offered by Sonicwall,
Cisco Systems and Nokia are all in one boxes offering firewall, VPN, content
filtering and even virus scanning services. Their OS is often based around
Unix or Linux, but is generally hidden behind the systems GUI interface. Throughput
of these boxes will vary from 10Mb/s to 100Mb/s or more, with certain manufacturers
building their systems around custom made ASICs (Application Specific Integrated
Circuits), which offer increased speed and where functions are hard coded on
to the chips.
Virtual Private Network (VPN)
VPNs are private networks overlaid on to physical carrier networks. The most
common usage is in Internet based VPNs, which are used to establish private
branch to HQ, office to office or remote access type applications. The key
to this technology is the security of connection offered by communication protocols
such as IPSec and encryption schemes such as DES & TripleDES. For further
reading see IP Sec. VPN features are now common in many firewall products,
extending the functionality of these security products.
Content Filtering
Many of the security appliances now seen, offer subscription based
content filtering aimed at preventing authorised Internet users
from your LAN, access to undesirable sites. These lists are maintained
and routinely updated from secure Internet sites or can be manually
configured. This type of filtering can also be extended to email
content. For further information see http://www.icra.org/labelv02.html
Virus Scanning
Computer viruses and worms are the biggest security threat to Internet-connected
networks and whilst most organizations have virus protection in place, they
can still be vulnerable. Anti-Virus software can be found in many leading
firewall appliances and scan for worm or viruses in content or even enforce
PC users to update virus definitions before accessing the Internet.
De-Militarized
Zone (DMZ)
Many firewalls offer a DMZ, which allows you to host public services
from your own site, such as Web or E-mail servers, while maintaining
the security of your private LAN. The DMZ is often a port on a hardware
firewall, where public servers are connected. The DMZ port of a
firewall can then be protected against external attacks, such as
Denial of Service (DoS).
Certification
Certification is an important area, giving customers reassurance
that the security product they are buying meets a recognised standard.
ICSA Labs have a firewall certification program, whereby devices
must meet specified criteria in tests conducts at its labs. See
www.icsalabs.com for further details. Other bodies have been formed
by firewall vendors, such as OPSEC, which aims to eliminate the
burden on customers of having to verify that products from different
vendors can work together. This particular scheme is more appropriate
to the enterprise sector, for more information see www.opsec.com
.
Further References
There are many internet sites where you can gain further information,
including;
www.infowar.com
Good site with many useful references, books and services
www.netcraft.co.uk
Provides free security guide.
www.icsa.net
International Computer Security Association
http://www.alw.nih.gov/Security/security-www.html
Links to various sites
There are many reference books on network security, but here are
a couple worth a look;
Firewalls & Internet Security SE by William Cheswick & Steve
Bellovin
Building Internet Firewalls SE by E Zwicky, S Cooper & D Brent
Further Details
Contact
us .....
|
