Page 349 -
P. 349
348 Part Two Information Technology Infrastructure
Address Translation, and application proxy filtering. They are frequently used
in combination to provide firewall protection.
Packet filtering examines selected fields in the headers of data packets flow-
ing back and forth between the trusted network and the Internet, examining
individual packets in isolation. This filtering technology can miss many types of
attacks. Stateful inspection provides additional security by determining whether
packets are part of an ongoing dialogue between a sender and a receiver. It sets
up state tables to track information over multiple packets. Packets are accepted
or rejected based on whether they are part of an approved conversation or
whether they are attempting to establish a legitimate connection.
Network Address Translation (NAT) can provide another layer of protection
when static packet filtering and stateful inspection are employed. NAT con-
ceals the IP addresses of the organization’s internal host computer(s) to prevent
sniffer programs outside the firewall from ascertaining them and using that
information to penetrate internal systems.
Application proxy filtering examines the application content of packets. A
proxy server stops data packets originating outside the organization, inspects
them, and passes a proxy to the other side of the firewall. If a user outside
the company wants to communicate with a user inside the organization, the
outside user first “talks” to the proxy application and the proxy application
communicates with the firm’s internal computer. Likewise, a computer user
inside the organization goes through the proxy to talk with computers on the
outside.
To create a good firewall, an administrator must maintain detailed inter-
nal rules identifying the people, applications, or addresses that are allowed or
rejected. Firewalls can deter, but not completely prevent, network penetration
by outsiders and should be viewed as one element in an overall security plan.
Intrusion Detection Systems
In addition to firewalls, commercial security vendors now provide intrusion
detection tools and services to protect against suspicious network traffic and
attempts to access files and databases. Intrusion detection systems feature
full-time monitoring tools placed at the most vulnerable points or “hot spots” of
corporate networks to detect and deter intruders continually. The system gen-
erates an alarm if it finds a suspicious or anomalous event. Scanning software
looks for patterns indicative of known methods of computer attacks, such as
bad passwords, checks to see if important files have been removed or modified,
and sends warnings of vandalism or system administration errors. Monitoring
software examines events as they are happening to discover security attacks in
progress. The intrusion detection tool can also be customized to shut down a
particularly sensitive part of a network if it receives unauthorized traffic.
Antivirus and Antispyware Software
Defensive technology plans for both individuals and businesses must include
anti-malware protection for every computer. Antivirus software prevents,
detects, and removes malware, including computer viruses, computer worms,
Trojan horses, spyware, and adware. However, most antivirus software is
effective only against malware already known when the software was written.
To remain effective, the antivirus software must be continually updated.
Unified Threat Management Systems
To help businesses reduce costs and improve manageability, security vendors
have combined into a single appliance various security tools, including firewalls,
MIS_13_Ch_08 Global.indd 348 1/17/2013 3:10:23 PM
