Practical Security Approaches?

The Internet represents a perfect social environment to promote the development of secure systems, since it is so open. Unfortunately, the prime technique used commercially to prevent attacks is the use of Firewalls. A firewall is simply a filter that is placed at the edge of an enterprise's network that permits a restricted subset of packets or types of communication through. Typically, this is done one of two simple ways:
  1. Packet Filters Basically, most modern packet switches and routers can be programmed to exclude packets by arbitrary bit-patterns, in either direction. This has a performance impact, and also requires intimate knowledge of the protocols, but can be made quite effective. For example, it can restrict which hosts can initiate which types of sessions in each direction.
  2. Application Layer Relays This is the simplest firewall technique. Basically, most, if not all, applications can be staged via a special purpose system, placed on the boundary of an enterprise's network. This requires a second stage of authentication, and means that direct attacks on internal systems may be rendered impossible It may also render external access very inconvenient.
<#819#>#tex2html_wrap3864#<#819#> Firewalls encourage system managers to be lax about the security behind. If a firewall is breached, this means your systems are wide open. Better to consider the costs of either not being networked, or else securing all your systems properly. <#820#>#tex2html_wrap3866#<#820#>