Introduction In this document we will talk about types of security risks to organisations, describe organizational security procedure, Identify the potential impact to IT security of inc
Introduction
In this document we will talk about types of security risks to organisations, describe organizational security procedure, Identify the potential impact to IT security of incorrect configuration of firewall policies and third-party VPNs and Show, using an example for each, how implementing a DMZ, static IP and NAT in a network can improve Network Security.
Identify types of security risks to organisations
Viruses
A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code When this replication succeeds, the affected areas are then said to be "infected" with a computer virus
Virus writers use social engineering deceptions and exploit detailed knowledge of security vulnerabilities to initially infect systems and to spread the virus The vast majority of viruses target systems running Microsoft Windows, employing a variety of mechanisms to infect new hosts, and often using complex anti-detection/stealth strategies to evade antivirus software Motives for creating viruses can include seeking profit (e.g., with ransomware), desire to send a political message, personal amusement, to demonstrate that a vulnerability exists in software, for sabotage and denial of service, or simply because they wish to explore cybersecurity issues, artificial life and evolutionary algorithms.
Worms
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer
Many worms are designed only to spread, and do not attempt to change the systems they pass through However, as the Morris worm and Mydoom showed, even these "payload-free" worms can cause major disruption by increasing network traffic and other unintended effects.
Trojan horses
In computing, a Trojan horse, or Trojan, is any malware which misleads users of its true intent The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy
Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to appear not suspicious, (e.g., a routine
7 form to be filled in), or by clicking on some fake advertisement on social media or anywhere else Although their payload can be anything, many modern forms act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer Trojans may allow an attacker to access users' personal information such as banking information, passwords, or personal identity It can also delete a user's files or infect other devices connected to the network Ransomware attacks are often carried out using a Trojan.
Rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix-like operating systems) and the word "kit" (which refers to the software components that implement the tool) The term "rootkit" has negative connotations through its association with malware
Rootkit installation can be automated, or an attacker can install it after having obtained root or Administrator access Obtaining this access is a result of direct attack on a system, i.e exploiting a known vulnerability (such as privilege escalation) or a password (obtained by cracking or social engineering tactics like "phishing") Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access The key is the root or administrator access Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it
Spyware
Spyware is a software that aims to gather information about a person or organization, sometimes without their knowledge, and send such information to another entity without the consumer's consent Furthermore, spyware asserts control over a device without the consumer's knowledge, sending confidential information to another entity with the consumer's consent, through cookies
Adware
Adware, or advertising-supported software, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if the user clicks on the advertisement The software may implement advertisements in a variety of ways, including a static box display, a banner display, full screen, a video, pop-up ad or in some other form.
Ransomware
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem and difficult to trace digital currencies such as Ukash or Bitcoin and other –
10 cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult
Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.
Logic bombs
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should he or she ever be terminated from the company
Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met This technique can be used by a virus or worm to gain momentum and spread before being noticed
Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fools' Day Trojans and other computer viruses that activate on certain dates are often called "time bombs"
To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs.
Back doors
A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g a home router), or its embodiment (e.g part of a cryptosystem, algorithm, chipset, or even a "homunculus computer" —a tiny computer-within-a- computer such as that found in Intel's AMT technology).[1][2] Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptographic systems From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks
A backdoor may take the form of a hidden part of a program, a separate program (e.g Back Orifice may subvert the system through a rootkit), code in the firmware of the hardware, or parts of an operating system such as Windows Trojan horses can be used to create vulnerabilities in a device A Trojan horse may appear to be an entirely legitimate program, but when executed, it triggers an activity that may install a backdoor Although some are secretly installed, other backdoors are deliberate and widely known These kinds of backdoors have "legitimate" uses such as providing the manufacturer with a way to restore user passwords
Many systems that store information within the cloud fail to create accurate security measures If many systems are connected within the cloud, hackers can gain access to all other platforms through the most vulnerable system
Default passwords (or other default credentials) can function as backdoors if they are not changed by the user Some debugging features can also act as backdoors if they are not removed in the release version.
Zombie and botnet
In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks (DOS attacks) Most owners of "zombie" computers are unaware that their system is being used in this way Because the owner tends to be unaware, these computers are metaphorically compared to fictional zombies A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films
A botnet is a number of Internet-connected devices, each of which is running one or more bots Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection The owner can control the botnet using command and control (C&C) software The word "botnet" is a combination of the words "robot" and "network" The term is usually used with a negative or malicious connotation.
How to prevent security risks
1 Install Anti-Virus/Malware Software
This tip may go without saying, and I almost just casually mentioned it in my opening paragraph However, I have seen many computers—especially home computers—that don’t have anti- virus/malware protection This protection is a must-have first step in keeping you computer virus free
2 Keep Your Anti-Virus Software Up to Date
Having protection software is the first step; maintaining it is the second Free anti-virus software is better than nothing, but keep in mind that it’s not the best solution Microsoft does provide a security package for “free.” It’s free in that if you have Windows on your machine, you are granted access, but you did pay for your Windows license Many users aren’t aware of this program, but it’s actually decent protection
3 Run Regularly Scheduled Scans with Your Anti-Virus Software
This too may seem like a no-brainer, but many of us forget to do this Set up your software of choice to run at regular intervals Once a week is preferred, but do not wait much longer between scans It’s difficult to work on your computer while your anti-virus software is running One solution is to run the software at night when you aren’t using your computer However, we often turn off our computers at night, and so the scan never runs Set your anti-virus software to run on a specific night, and always leave your computer running on that day Make sure it doesn’t shut off automatically or go into hibernation mode
4 Keep Your Operating System Current
Whether you are running Windows, Mac OS X, Linux, or any other OS, keep it up to date OS developers are always issuing security patches that fix and plug security leaks These patches will help to keep your system secure Similarly, keep your anti-virus software up to date Viruses and malware are created all the time Your scanning software is only as good as its database It too must be as up to date as possible
Many of our computers connect to our files, printers, or the Internet via a Wi-Fi connection Make sure it requires a password to access it and that the password is strong Never broadcast an open Wi-Fi connection Use WPA or WPA2 encryption WEP is no longer strong enough as it can be bypassed in minutes by experts It’s also a great idea to not broadcast your SSID (the name of your Wi-Fi network) You can still access it with your device, you will just have to manually type in the SSID and the password If you frequently have guests who use your Internet, provide a guest SSID that uses a different password, just in case your friends are evil hackers
Avoid websites that provide pirated material Do not open an email attachment from somebody or a company that you do not know Do not click on a link in an unsolicited email Always hover over a link (especially one with a URL shortener) before you click to see where the link is really taking you If you have to download a file from the Internet, an email, an FTP site, a file-sharing service, etc., scan it before you run it A good anti-virus software will do that automatically, but make sure it is being done
7 Keep Your Personal Information Safe
This is likely the most difficult thing to do on the Internet Many hackers will access your files not by brute force, but through social engineering They will get enough of your information to gain access to your online accounts and will glean more of your personal data They will continue from account to account until they have enough of your info that they can access your banking data or just steal your identity altogether Be cautious on message boards and social media Lock down all of your privacy settings, and avoid using your real name or identity on discussion boards
8 Don’t Use Open Wi-Fi
When you are at the local coffee shop, library, and especially the airport, don’t use the “free” open (non-password, non-encrypted) Wi-Fi Think about it If you can access it with no issues, what can a trained malicious individual do?
The best thing you can do is back up your files—all of them Ideally you will have your files (your data) in at least three places: the place where you work on them, on a separate storage device, and off-site Keep your files on your computer, back them up to an external hard drive, then back them up in a different location You can use a backup service or simply get two external hard drives and keep one at work, at a friend’s house, at a family member’s house, or in a safe deposit box
Never use the same password, especially on your bank account Typically, we use the same email address or username for all of our accounts Those are easy to see and steal If you use the same password for everything, or on many things, and it is discovered, then it takes only seconds to hack your account Use a strong password Use lower case, upper case, numbers, and symbols in your password Keep it easy to remember but difficult to guess Do not use dates or pet names.
Security procedures
Acceptable Use Policy (AUP)
An acceptable use policy (AUP) is a document that outlines a set of rules to be followed by users or customers of a set of computing resources, which could be a computer network, website or
16 large computer system An AUP clearly states what the user is and is not allowed to do with these resources
An AUP is very similar to the ubiquitous terms and conditions or end-user license agreements (EULA) found on almost all software applications The main difference is that an AUP covers the use of a much larger shared computing resource, such as an LAN or website, as opposed to a single software item One consequence of sharing is that an AUP typically goes into detail about etiquette and respect for fellow users of the resource, which is not applicable for single-user software applications.
Access Control Policy (ACP)
An access control policy authorizes a group of users to perform a set of actions on a set of resources within WebSphere Commerce Unless authorized through one or more access control policies, users have no access to any functions of the system To understand access control policies you need to understand four main concepts: users, actions, resources, and relationships Users are the people who use the system Resources are objects in the system that need to be protected Actions are the activities that users can perform on the resources Relationships are optional conditions that exist between users and resources
The policies are what grant users access to your site Unless they are authorized to perform their responsibilities through one or more access control policies, users have no access to site functions.
Change Management Policy
A change management policy refers to a formal process for making changes to IT, software development and security services/operations The goal of a change management program is to increase the awareness and understanding of proposed changes across an organization, and to ensure that all changes are conducted methodically to minimize any adverse impact on services and customers A good example of an IT change management policy available for fair use is at SANS.
Information Security Policy
Information security policy is a set of policies issued by an organization to ensure that all information technology users within the domain of the organization or its networks comply with rules and guidelines related to the security of the information stored digitally at any point in the network or within the organization's boundaries of authority
Incident Response (IR) Policy
Incident response (IR) is a structured methodology for handling security incidents, breaches, and cyber threats A well-defined incident response plan allows you to effectively identify, minimize the damage, and reduce the cost of a cyber attack, while finding and fixing the cause to prevent future attacks.
Remote Access Policy
Remote access policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network It is essential in large organization where networks are geographically dispersed and extend into insecure network locations such as public networks or unmanaged home networks It should cover all available methods to remotely access internal resources:
Email/Communication Policy
A company's email policy is a document that is used to formally outline how employees can use the business’ chosen electronic communication medium I have seen this policy cover email, blogs, social media and chat technologies The primary goal of this policy is to provide guidelines to employees on what is considered the acceptable and unacceptable use of any corporate communication technology.
Disaster Recovery Policy
Disaster Recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster Disaster recovery focuses on the IT or technology systems supporting critical business functions,[1] as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events Disaster recovery can therefore be considered as a subset of business continuity.
Business Continuity Plan (BCP)
A business continuity plan (BCP) is a plan to help ensure that business processes can continue during a time of emergency or disaster Such emergencies or disasters might include a fire or any
18 other case where business is not able to occur under normal conditions Businesses need to look at all such potential threats and devise BCPs to ensure continued operations should the threat become a reality.
Method to assess and treat IT security risks
IT security Risk Assessment and Risk Management
As described in chapter 2, IT security risk management is an integral part of a company’s management process that deals with the identification, treatment, communication and acceptance of IT security risks It involves the selection and implementation of countermeasures justified by the identified IT security risks and the reduction of those risks to acceptable levels It also comprises continuous monitoring of risks and risk communication
All those steps will be explained in more detail in this chapter and be shown in an example
A business manager should include IT risk management as one more element in his decision- making
An IT security risk is composed of an asset, a threat and vulnerability: if one of these items is irrelevant, then there is no risk to encounter Aggregation of all single IT security risk results in the total IT risk A key step in the risk management process is risk assessment; this involves evaluating each IT risk as well as the total IT risk, and then giving them priorities
In this section, we give some simplified definitions and examples limited to the components of
IT security risks, namely: asset, threat and vulnerability
Asset: anything that has value to the organisation (ISO/IEC IS 13335-1)
In our context an asset is a tangible or intangible component of information systems Assets can be hardware, software, data, buildings, infrastructure, but also products, knowledge resources, customer relationships or reputation To estimate the risk, firstly the security needs of each asset have to be evaluated by taking into account its value The asset value could for example be the costs of reconstruction or replacement, or its value for the business functions, the value of lost or destroyed data or property or the value of the lost business opportunity Determining these values and consequences is called “impact assessment”
Threat: any action or event with the potential to cause harm (based on ISO/IEC IS 13335-1)
Threats can be of different types, for example:
• Environmental (e.g flood, lightening, storms, earthquakes, etc.)
• Organizational deficits (ill-defined responsibilities, etc.)
• Human errors (wrong e-mail address, missing critical dates, noting passwords on stickers, mistakenly deleting files, etc.)
• Technical failures (hardware failure, short circuits, hard disk crash, etc.)
• Deliberate acts (hacking, phishing, fraud, use of malicious code, theft, etc.)
Sources of threats could be vandalism, espionage or just human mistakes and accidents In the two first cases the strength of the threat can result from two major factors: the motivation of the threat and the attractiveness of the asset
Vulnerability: a weakness of an asset that can be exploited by one or more threats (based on
Vulnerabilities can exist in all parts of an IT system, e.g in hardware or software, in organizational structures, in the infrastructure or in personnel There are also different types of vulnerabilities, like:
• Physical (no access control, no guards, etc.)
• Logical (no security patch, no anti virus, etc.)
2 Complete definitions can be found in reference documents [ISO/IEC IS 13335-1] and [EU reg 2004/460]
• Network (no network segmentation, no security gates, connection to mistrusted parties, etc.)
Typical vulnerabilities resulting from the organizational deficits are, for example, ill-defined responsibilities for information security or the lack of audit trails Unstable power grids or location in an area susceptible to flood are further examples of vulnerabilities of the environment and infrastructure
IT security risk: a potential event that a threat will exploit vulnerability in an asset and thereby cause harm to the organization and its business
Risk Assessment can be understood as the generation of a snapshot of current risks More technically, it consists of the following phases:
• Threats identification: identify all relevant threats
• Threat characterization: determine the impact and likelihood of the relevant threats
• Exposure assessment: identify the vulnerability of the assets
• Risk characterization: determine the risks and evaluate their impacts on the business Complete definitions can be found in document (EU Reg 2004/460)
Figure 2 below illustrates how IT security risk can be seen as a function of threat, vulnerability and assets value It also shows that there are different ways to reduce the risks: countermeasures can either reduce the probability for a threat to become true They can reduce vulnerability or they might help to reduce the impact caused when a threat comes true
Figure 2: Risk as a function of asset value, threat and vulnerability
Risks that remain after applying countermeasures are called “residual risks” Residual risks have to be considered by the management and be accepted or rejected (in the latter case the risks have to be treated again)
Let us consider the example of a commercial engineer who possesses a company laptop This hardware stores a copy of the price list of products as well as a database with client data The
21 commercial engineer is a frequent traveller and he uses his laptop in public places like restaurants or the customers’ offices
• Threats are the loss or theft of the laptop with the impact of disclosure of company confidential information
• Vulnerabilities result from storing confidential plaintext data on the laptop or leaving the laptop unattended without a screen lock or appropriate password protection
• Assets are the hardware itself (replacement costs in case of theft or loss) and the confidential data for the company To calculate the value of these assets, several questions have to be answered:
- What is the cost (money and time) for reconstructing the data in case of loss?
- What is the degree of confidentiality of the data stored in the laptop?
- What is the potential impact of data disclosure to competing companies?
Figure 3 shows the phases of the risk assessment process:
Figure 3: Phases of IT security risk assessment
In the example, as a result of the risk assessment the risk that company information could be disclosed to non-trusted parties has been identified This risk has major business impacts for the company Figure 4 below shows the steps required to deal with the risks connected to the threats and vulnerabilities of an asset
Figure 4: Actions on the components of the risks
In order to mitigate the identified IT security risks a risk management process should be implemented For each assessed risk, the risk manager should propose security controls
In general, security standards propose security controls categorised in the following areas:
Logical controls (e.g protection of data, protection of network assets, protection of access to applications etc.)
Physical controls (e.g alarm systems, fire sensors, physical access control, surveillance etc.)
Organisational controls (e.g usage rules, administration procedures, process descriptions, definition of roles etc.)
Personnel controls (e.g sanctions, confidentiality clauses in contracts, training and awareness etc.) In our example these security controls could be:
• Awareness training for commercial engineers (i.e control of personnel type)
• Encryption of confidential data stored on the notebook (i.e control of logical type)
• Only the data actually needed for the trip should be stored on the notebook (i.e control of organisational type)
• Insurance for the case of theft or loss of the hardware (i.e control of organisational type) The security controls should be selected, planned, implemented, communicated and monitored
IT Security Risk Management is a global approach to risk: on the basis of the assessed risks the process continues with the selection and implementation of security controls (“risk treatment”), the acceptance of risk that cannot or should not be treated further, the communication of risks and their monitoring
More technically speaking, the process of Risk Management includes:
• Risk assessment: find out which risks apply to your business and evaluate them Management has to decide which risks will be treated or not
• Risk treatment: select and implement security controls to reduce risks Controls can have different effects, like:
In the example given above, a disk encryption (that would strongly reduce the risk that competing companies get access to confidential data in case the laptop is stolen) is a measure of risk mitigation, an insurance covering the hardware replacement cost is a measure of risk transfer An example for risk avoidance is to take on the laptop no more than the necessary data
You can and should use multiple security controls to treat risks It is advisable to use different types of controls
• Risk acceptance: Even when the risks have been treated, residual risks will generally remain, even after risk treatment has been performed or if controls are not feasible The management has to accept the way risks have been treated Thus, risk acceptance should always be a management decisio n.
In our example, applying the four security controls mentioned above reduces the risk considerably, but there is still some residual risk: for example the unavailability of the notebook
24 until it is replaced or the possibility that the encryption system used for disk encryption might be broken Nevertheless, as in the first instance the possible impact is relatively small, and in the second one the probability that this happens (i.e that the underlying encryption system is broken) is very small, the risks will probably be accepted
potential impact to IT security of incorrect configuration of firewall policies and third-party VPNs 25 1 Insider Attacks
Missed Security Patches
This is an issue that arises when network firewall software isn’t managed properly For any software program, there are vulnerabilities that attackers may exploit—this is as true of firewall programs as it is of any other piece of software When firewall vendors discover these vulnerabilities, they usually work to create a patch that fixes the problem as soon as possible
However, the patch’s mere existence doesn’t mean that it will automatically be applied to your company’s firewall program Until that patch is actually applied to your firewall software, the vulnerability is still there—just waiting to be exploited by a random attacker
The best fix for this problem is to create and stick to a strict patch management schedule Under such a schedule, you (or the person managing your cybersecurity) should check for any and all security updates for your firewall software and make sure to apply them as soon as possible.
Configuration Mistakes
Even when a firewall is in place on your network, and has all of the latest vulnerability patches, it can still cause problems if the firewall’s configuration settings create conflicts This can lead to a loss of performance on your company’s network in some cases, and a firewall outright failing to provide protection in others
For example, dynamic routing is a setting that was long ago deemed a bad idea to enable because it results in a loss of control that reduces security Yet, some companies leave it on, creating a vulnerability in their firewall protection
Having a poorly-configured firewall is kind of like filling a castle’s moat with sand and putting the key to the main gate in a hide-a-key right next to the entrance—you’re just making things easier for attackers while wasting time, money, and effort on your “security” measure.
A Lack of Deep Packet Inspection
Layer 7 (or “deep packet”) inspection is a rigorous inspection mode used by next-generation firewalls to examine the contents of an information packet prior to approving or denying that packet passage to or from a system
Less advanced firewalls may simply check the data packet’s point of origin and destination before approving or denying a request—info that an attacker can easily spoof to trick your network’s firewall
The best fix for this problem is to use a firewall that can perform deep packet inspection to check information packets for known malware so it can be rejected.
DDoS Attacks
Distributed Denial of Service (DDoS) attacks are a frequently-used attack strategy noted for being highly effective and relatively low-cost to execute The basic goal is to overwhelm a defender’s resources and cause a shutdown or prolonged inability to deliver services One category of attack—protocol attacks—are designed to drain firewall and load balancer resources to keep them from processing legitimate traffic
While firewalls can mitigate some types of DDoS attacks, they can still be overloaded by protocol attacks
There is no easy fix for DDoS attacks, as there are numerous attack strategies that can leverage different weaknesses in your company’s network architecture Some cybersecurity service providers offer “scrubbing” services, wherein they divert incoming traffic away from your network and sort out the legitimate access attempts from the DDoS traffic This legitimate traffic is then sent to your network so you can resume normal operations
Alone, firewalls cannot protect your network from all of the threats that are out there However, they can serve as an integral part of a larger cybersecurity strategy to safeguard your business
Want to learn more about how you can craft a strong cybersecurity plan for your business? Check out our free guide to cybersecurity basics at the link below! Or, contact Compuquip Cybersecurity now to get expert advice from an experienced cybersecurity professional.
DMZ, static IP and NAT
DMZ
The DMZ Network exists to protect the hosts most vulnerable to attack These hosts usually involve services that extend to users outside of the local area network, the most common examples being email, web servers, and DNS servers Because of the increased potential for attack, they are placed into the monitored subnetwork to help protect the rest of the network if they become compromised
Hosts in the DMZ have tightly controlled access permissions to other services within the internal network, because the data passed through the DMZ is not as secure On top of that, communications between hosts in the DMZ and the external network are also restricted to help increase the protected border zone This allows hosts in the protected network to interact with the internal and external network, while the firewall separates and manages all traffic shared between the DMZ and the internal network Typically, an additional firewall will be responsible for protecting the DMZ from exposure to everything on the external network
All services accessible to users on communicating from an external network can and should be placed in the DMZ, if one is used The most common services are:
- Web servers: Web servers responsible for maintaining communication with an internal database server may need to be placed into a DMZ This helps ensure the safety of the internal database, which is often storing sensitive information The web servers can then interact with internal database server through an application firewall or directly, while still falling under the umbrella of the DMZ protections
- Mail servers: individual email messages, as well as the user database built to store login credentials and personal messages, are usually stored on servers without direct access to the internet Therefore, an email server will be built or placed inside the DMZ in order to interact with and access the email database without directly exposing it to potentially harmful traffic
- FTP servers: These can host critical content on an organization's site, and allow direct interaction with files Therefore, an FTP server should always be partially isolated from critical internal systems
A DMZ configuration provides additional security from external attacks, but it typically has no bearing on internal attacks such as sniffing communication via a packet analyzer or spoofing via email or other means
There are numerous ways to construct a network with a DMZ The two major methods are a single firewall (sometimes called a three-legged model), or dual firewalls Each of these system can be expanded to create complex architectures built to satisfy network requirements:
Single firewall: A modest approach to network architecture involves using a single firewall, with a minimum of 3 network interfaces The DMZ will be placed Inside of this firewall The tier of operations is as follows: the external network device makes the connection from the ISP, the internal network is connected by the second device, and connections within the DMZ is handled by the third network device
Dual firewall: The more secure approach is to use two firewalls to create a DMZ The first firewall (referred to as the “frontend” firewall) is configured to only allow traffic destined for the DMZ The second firewall (referred to as the “backend” firewall) is only responsible for the traffic that travels from the DMZ to the internal network An effective way of further increasing protection is to use firewalls built by separate vendors, because they are less likely to have the same security vulnerabilities While more effective, this scheme can be more costly to implement across a large network
DMZ is suitable for small and medium businesses that want to use independent LAN system Limit the loss of data from external or being stolen This is a similar way to the firewall, protecting sensitive data and resource
Static IP
One of the biggest advantages of a static IP address is that computers using this type of address can host servers containing data that other computers access through the Internet A static IP address makes it easier for computers to locate the server from anywhere in the world
In addition, computers that allow remote access on a closed network work best with static IP addresses This allows different types of computers running different operating systems to access the host system by searching for the same IP address every time
Static IP addresses are also more stable for Internet use since they never change In cases of a dynamic IP address, the Internet service provider may automatically change the address on a regular basis, as frequently as every few hours This can cause a lapse in the user's connection The computer may also have trouble reconnecting to the Internet using the new address Using a static IP address avoids all of these potential problems
Static IP addresses are simpler to assign and maintain For network administrators, it becomes easier to track Internet traffic and assign access to certain users based on IP address identification Dynamic addresses require a program that assigns and changes IP addresses, and may require users to change the settings on their computers
One main disadvantage of static IP addresses is that each address, once assigned, is occupied by a single computer even when that computer is not in use Since each computer needs a unique address, this limits the number of available IP addresses This has led Internet service providers to create several different IP standards to
30 introduce more IP addresses into the system, thus making room for more computers
A computer with a static IP address is much easier to track through the Internet This can be a disadvantage in the case of websites that allow each visitor to download or view a set amount of content The only way to view or download additional content may be to renew the IP address under a dynamic IP address system
In the same way, copyright enforcers can track computer users who download content by tracking the IP address
Users have raised privacy concerns over this sort of tracking and the question of whether or not Internet service providers should be required to disclose the name and address of the user associated with a particular static IP address remains a subject of debate
At the point when Static IP Addresses are used Static IP locations are essential for gadgets that need steady access On the other hand, if the server were doled out a dynamic IP address, it would change infrequently which would keep your switch from knowing which computer on the network in the right server People can use the static IP address to host private file or FTP server, host a private website or domain name server or even a chat server
Static IP would be great in the classroom They can share a printer over a network by using static
NAT
NAT serves three main purposes:
- Provides a type of firewall by hiding internal IP addresses
- Enables a company to use more internal IP addresses Since they're used internally only, there's no possibility of conflict with IP addresses used by other companies and organizations
- Allows a company to combine multiple ISDN connections into a single Internet connection
Basically, NAT allows a single device, such as a router, to act as an agent between the Internet (or public network) and a local network (or private network), which means that only a single unique IP address is required to represent an entire group of computers to anything outside their network
While this guides in network security, it additionally restrains the quantity of IP tends to required by organizations and associations This will help the large company with hundred or even thousands of computers using a specific IP address for connecting to the internet and sharing data.
Three benefits of implement network monitoring systems with supporting reasons
Manage Technical Issues with Ease
Consider a situation where you sell custom software, or even some type of cloud archiving as part of your support for any given product For many businesses, there are bound to be times when your customers need some form technical support In many cases, these people won't have to worry about sending the device back to the factory if a technician can simply access the customer’s computer and run a few diagnostics on the attached device When it comes to the juncture between customer satisfaction and saving money on business continuity and managed services, network monitoring can save you thousands of dollars in a very short period of time.
Keep Your Data Safe at All Times
As you may be aware, many business owners are concerned about data loss When you have network monitoring setup on your network, you can easily create automated, centralized backups of all your systems, even if they are located in different parts of the world No matter whether you only have one or two locations to cover, or you collaborate with dozens of people on a routine basis, network monitoring will make it very easy to keep backups synchronized As an added bonus, if one member of the team needs to access another server in real time, network monitoring will offer a secure and efficient set of protocols to work with.
Manage Client Network Usage with Confidence
Today, many businesses allow office workers and other employees to access the internet as part of doing routine work Unfortunately, if you do not make use of network monitoring of client networks, it will be very hard to pinpoint employees that may be abusing the system, or even using confidential information for private purposes In addition, if your clients rely on you for data backup and integrity, few methods offer the kind of seamless interface found on networks with network monitoring While IT consultants may be able to find other ways to monitor the