The Computer Tech


Home / Books



Protect the Internal Network From Hackers
By Shrif S Kassem

Attention! All the hackers on the systems of various according to their sects and wishes are eager to penetrate your network, but you can defeat these attacks by providing an appropriate combination of security tactics.

Networks are daily threaded with attacks, so you need to provide permanent protection. No doubt that the most common threats are: first, the viruses, which are small programs that in reality is trying to infiltrate your network and fool the computer, entering it as an attachment with an e-mail message, beginning immediately after opening the attached file, repeating the same self in the system of your computer. Secondly, Trojan horses which run through the computer by entering the applications or data files are useful, and that is activated on the Trojans after the mediation of specific programs; even begin to take over the reins in the system of your computer.

Thirdly, the worms that are also working to replicate itself and spread to begin the search for security holes in your system, so as to penetrate your system, and often remain hidden until the right opportunity to start attack of the distributed service (DDoS). No doubt that these three types of attacks pose a major threat to his company's data and your personal data as well. Of course, you don't want or any one of the owners of companies that their networks are points of attack to distributed denial of service attacks. Therefore, we must first ensure that the protection of all devices connected to your company, and the first step to ensure this protection is to provide these devices with firewall, which is a line of defense to it.

But is it enough to spend hundreds of dollars for the provision of firewalls, or that the cost would amount to several thousands of dollars? On the walls at a minimum be equipped with an examination engine of the data package (SPI), which examines the content of packages of data and gives the right of access to your network, in the event it was free from malicious software code.

How to use the firewall?

Firewalls can also be based on certain rules or filters block the movement of inappropriate incoming and outgoing data. It can benefit the choice of Internet Protocol (IP) for example, and to prevent existing staff in the network access to the protocol specific addresses on the Internet or receiving emails from them. Firewalls can also block the movement of data in the network based on a unique identifier named " the title of control to access to the" (MAC). Many of firewalls can control in data by using filters of key words or scope, and permit data which is destined for a particular location. Firewalls also allow the creation of more sophisticated to make more complex rules for the data.

There is a better option than the firewall which is equipped with the test engine of the data packages (SPI), is the firewall, which depends on the engine of test of the deep data packages (DPI). It works great test engine (DPI) to examine the full content of the data package in addition to the advantage of examining the packet header to be performed by the firewall engine equipped with the examination of the data packages (SPI). The engines can deep packet inspection of data, during the examination of the contents of packets to discover and prevent many types of attacks: denial of service attacks, such as (DoS), and rash cache, and attacks the guise of Internet Protocol, in addition to a series of attacks by worms. The more the costs of the firewalls as become more like instruments of security, as a result of processing the applications of intent to combat viruses, spyware and virtual private networks (VPNs).

Know the firewall that you need

When the cost of the firewall is cheap, the process was prepared more easily, because the additional costs of course will provide more options, and as we know that when the number of options are increased and available, The process of the preparation of these options are more complex, so we recommend you first to learn what works well on protection, and what are the threats that want to keep away from you. For that we recommend first to write a list of all the services that users need to access, such as web sites and e-mail servers and FTP servers in addition to the messenger services and remote access of data, because the firewall can filter services on the basis of the nomination of port numbers (a way of addressing a particular service in a computer) used by these services, and Internet Protocol address of the source or destination of data. We will mention the following examples of common services outlets figures, namely: 80 of 23 service and HTTP service Telnet and FTP service for the 21 and 25 of the service SMTP.

There is no doubt that the safest way to build a list of control to access to services is beginning block all data movements, and then revisit it after the disengagement to the services required for the block one after the other, such as allowing the movement of data on port 25, if these data are bound to Internet protocol address on your e-mail in your network. If you need access to services in the internal network of computers outside your network, such as Web servers or e-mail servers, you will build more complex rules of the nomination. You can know if the firewall, which has used an outlet of the neutral area DMZ to connect with these services and to be able to isolate the services open to external networks, on the internal network, but if the firewall does not have an outlet for the neutral area DMZ, then supposed to be allowed to feature passage of the performing the work, a process in which all the movements of short data service on a particular Internet protocol address of an internal party. For those who are afraid of the topic of writing the rules for the nomination to firewalls, we say that the operations are not difficult, as appears to them, they soon learn to establish a simple set of such rules, they will learn quickly accomplish complex rules, but if they insist on their fear of the establishment of rules for the nomination, they then use specialists.



About the Author:
Read more on internal network security at horus4it.net

 

  Contact Us
Copyright 2008-2010 © Linda Butler
PO Box 92, Chilliwack BC V2P 6H7 Canada
All Rights Reserved Internationally
Last Modified: 15 Apr 10

Legal Notice and Privacy Policy