The Internet represents a perfect social environment to promote
the development of secure systems, since it is so open.
Unfortunately, the prime technique used commercially to prevent
attacks is the use of Firewalls.
A firewall is simply a filter that is placed at the edge of an
enterprise's network that permits a restricted subset of packets or
types of communication through. Typically, this is done one of two
simple ways:
-
Packet Filters
Basically, most modern packet switches and routers can be programmed
to exclude packets by arbitrary bit-patterns, in either direction.
This has a performance impact, and also requires intimate knowledge of
the protocols, but can be made quite effective. For example, it can
restrict which hosts can initiate which types of sessions in each
direction.
-
Application Layer Relays
This is the simplest firewall technique. Basically, most, if not all,
applications can be staged via a special purpose system, placed on the
boundary of an enterprise's network. This requires a second stage of
authentication, and means that direct attacks on internal systems may
be rendered impossible It may also render external access very
inconvenient.
<#819#>#tex2html_wrap3864#<#819#>
Firewalls encourage system managers to be lax about the security behind.
If a firewall is breached, this means your systems are wide open.
Better to consider the costs of either not being networked, or else
securing all your systems properly.
<#820#>#tex2html_wrap3866#<#820#>