Data Communications Networking Devices - 4th Ed.pdf

800 ___________________________________________________________ SPECIALIZED DEVICESTable7.11ThreatCommon security threats not controllable by routersDescriptionCommunications monitoringDictionary attackPassword guessingTerminal session monitoringVirus uploadA tap of your organization'sInternet connection providespasswords and user accountinformation as well as the abilityto read data transferredHacker tries each entry inelectronic dictionary to gain accessto deviceHacker uses default installationpassword or common passwords such as'cisco' for accountsHacker monitors active user,capturing keystrokes in an attemptto learn login to another systemA program containing a virus isplaced onto a corporate FTP serveror as an attachment to an emailcapability to examine the contents of each packet at each layer in the ISO ReferenceModel up through the application layer. Depending upon the capabilities programmedinto the ®rewall, the use of proxy services makes the device capable ofdetecting suspicious activity on a given connection, generating alerts in response tosuspicious activity, differentiating between different ®le transfer modes, and makingauthentication and authorization decisions. Thus, a ®rewall can be consideredto represent a much more sophisticated security device than that obtainablethrough the use of the packet ®ltering capability of a router.PlacementWhen connecting an internal private network to the Internet or to a similar publicnetwork, a ®rewall is placed between the two, protecting inside users from outsideusers. Although you can place a ®rewall on an internal network and have allincoming access ®rst directed to that device, if a person learns your internal networkaddressing scheme, it becomes possible to bypass the ®rewall and direct packets torecipients that may be better served by a packet examination process performed bythe proxy service capability of most ®rewalls. Thus, the most common method usedto install a ®rewall is to locate it on a separate network, a network commonlyreferred to as a demilitarized zone, or DMZ. The term DMZ or DMZ LAN obtainsits name from the fact that LAN contains no directly connected organizationalcomputers. Instead, a DMZ LAN has only two connectionsÐa router connection