Environmental Engineering Reference
In-Depth Information
• The irewall may deny all trafic unless it meets certain criteria.
• The irewall may allow all trafic through unless it meets certain
criteria.
A simple example of the first method is screening requests to ensure that
they come from an acceptable (i.e., previously identified) domain name and
Internet protocol address. Firewalls may also use more complex rules that
analyze the application data to determine if the traffic should be allowed
through; for example, the firewall may require user authentication (i.e., use
of a password) to access the system. How a firewall determines what traffic
to let through depends on which network layer it operates within and how it
is configured. Firewalls may be a piece of hardware, a software program, or
an application card that contains both.
Advanced features that can be incorporated into firewalls allow for the
tracking of attempts to log onto the local area network system; for example,
a report of successful and unsuccessful log-in attempts may be generated for
the computer specialist to analyze. For systems with mobile users, firewalls
allow remote access to the private network via secure log-on procedures and
authentication certificates. Most firewalls have a graphical user interface for
managing the firewall. In addition, new Ethernet firewall cards that fit in
the slots of individual computers bundle additional layers of defense (such
as encryption and permit/deny) for individual computer transmissions to
the network interface function. The cost of these new cards is only slightly
higher than for traditional network interface cards.
Network Intrusion Hardware/Software
Network intrusion detection and prevention system are software- and hard-
ware-based programs designed to detect unauthorized attacks on a com-
puter network system. Whereas other applications, such as firewalls and
antivirus software, share similar objectives with network intrusion systems,
network intrusion systems provide a deeper layer of protection beyond the
capabilities of these other systems because they evaluate patterns of com-
puter activity rather than specific files. It is worth noting that attacks may
come from either outside or within the system (i.e., from an insider) and that
network intrusion detection systems may be more applicable for detecting
patterns of suspicious activity from inside a facility (e.g., accessing sensitive
data) than other information technology solutions. Network intrusion detec-
tion systems employ a variety of mechanisms to evaluate potential threats.
The types of search and detection mechanisms are dependent upon the level
of sophistication of the system. Some of the available detection methods
include the following:
