Databases Reference
In-Depth Information
2.3
Perimeter security, firewalls, intrusion
detection, and intrusion prevention
Perimeter security is a concept that was initially created in the mid-1990s
and pertains to the notion that an organization's network must be hardened
from the outside world. The dominant approach to network security was
(and in many places still is) based on an attempt to segment the network
into inside and outside, placing firewalls as the gatekeepers for any commu-
nication that crosses this boundary and applying stringent rules and policies
to limit the harm that can come from the external, untrusted network.
2.3.1
Firewalls
Although firewalls have evolved since their early days as Internet firewalls,
most firewalls are still a perimeter defense device that splits a network into
trusted and untrusted segments and filters traffic based on an installed set of
rules. Firewalls have become elaborate, and there are many types of fire-
walls, but the mainstream ones still fall into one of three types of firewalls:
packet filters, application proxies, and stateful inspection firewalls.
Packet filter firewalls monitor the source and destination IP addresses of
any connection and match these with a set of rules to decide if the connec-
tion should be allowed or not. Packet filters do not check content and are
easily fooled using IP and/or port spoofing (changing the IP address in a
packet sent by an attacker to masquerade as another, legitimate, source).
Application proxies (or gateways) serve as the server for the client and as
a client for the server. They allow a connection to be made to the firewall
and they terminate this connection. They then initiate a connection to the
real target server and maintain these two connections back-to-back. Appli-
cation proxies tend to have limited uses because they have severe perfor-
mance limitations, but they can be effective for certain environments. Don't
confuse application proxies as a way to implement firewalls with application
security gateways—the new buzzword for Web application firewalls that
enhance the concepts supported by TCP/IP firewalls to the world of HTTP,
URLs, and Web pages (see Section 2.5).
A stateful inspection firewall is a packet processor that can validate entire
sessions, both when they are initiated as well as throughout the session. State-
ful inspection firewalls combine many functions that make for good network
security, including content checking for protocols to ensure that packets are
not malformed or assembled to break network devices, maintenance of state
tables used to monitor and validate the state of a TCP connection, address
Search WWH ::
Custom Search