Data Communications Networking Devices - 4th Ed.pdf

794 ___________________________________________________________ SPECIALIZED DEVICESAs mentioned previously, the message key and key code change determine thenumber of coding variations as well as the total codes available. Like most devicesused in data communications, encryption devices have a wide range of interfaceoptions which the user must properly select from to match the terminal'srequirements. To prevent transmission from being compromised if the deviceshould fail, some encryption devices have built-in alarm circuitry which monitorsthe key generator output and will inhibit data transmission upon detection ofencoding failure. Now that we have an appreciation for WAN security devices, let'sturn our attention to LAN security.LAN securityOne of the major goals of any organization that connects an internal private networkto a public network is to do so in a manner that minimizes the possibility of securitythreats to the internal network. Although we would obviously prefer to eliminate allrisk, the complexity of hardware and software may result in loopholes hackers maybe able to exploit. Thus, we should assume that there will always be some riskassociated with the connection of a private internal network to a public network andconsider the use of hardware and software to minimize that risk.In this section we will examine the operation and utilization of two networkingdevices that can be used to minimize the threat associated with connecting a privatelocal area network to a public network, such as the Internet. The ®rst device we willexamine is the router, which provides the ability to block data transfers based uponnetwork and transport layer information. Although this level of protection may besuf®cient for many networks, it precludes the ability to stop a variety of networkattacks, as well as ignores such key security items as authentication and encryption.Thus, we will then turn our attention to the use of ®rewalls and their operationalcapability in the form of proxy services that can be used to plug the holes associatedwith reliance upon routers for network security.RoutersRouters operate at layer 3 of the ISO Reference Model. This means that they canread network layer information. Recognizing that routers provide the basicmechanism by which private and public networks are interconnected, and alsorecognizing the need of organizations to control access to their internal network,router manufacturers added a packet ®ltering capability to their products. Thiscapability, frequently implemented in the form of a list of access permissions, is alsocommonly referred to as a router's access list and is the focus of this section.Access listsAn access list represents a sequential collection of permit and deny conditions thatare applied to network addresses based upon a particular protocol. Since the most