اصول پیش زمینه و firewall 10 ص

لینک دانلود و خرید پایین توضیحات

فرمت فایل word  و قابل ویرایش و پرینت

تعداد صفحات: 10

- Background and Firewall Basics

Before being able to understand a complete discussion of firewalls, it's important to understand the basic principles that make firewalls work.

What is a network firewall?

A firewall is a system or group of systems that enforces an access control policy between two or more networks. The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic. Probably the most important thing to recognize about a firewall is that it implements an access control policy. If you don't have a good idea of what kind of access you want to allow or to deny, a firewall really won't help you. It's also important to recognize that the firewall's configuration, because it is a mechanism for enforcing policy, imposes its policy on everything behind it. Administrators for firewalls managing the connectivity for a large number of hosts therefore have a heavy responsibility.

Why would I want a firewall?

The Internet, like any other society, is plagued with the kind of jerks who enjoy the electronic equivalent of writing on other people's walls with spraypaint, tearing their mailboxes off, or just sitting in the street blowing their car horns. Some people try to get real work done over the Internet, and others have sensitive or proprietary data they must protect. Usually, a firewall's purpose is to keep the jerks out of your network while still letting you get your job done.

Many traditional-style corporations and data centers have computing security policies and practices that must be followed. In a case where a company's policies dictate how data must be protected, a firewall is very important, since it is the embodiment of the corporate policy. Frequently, the hardest part of hooking to the Internet, if you're a large company, is not justifying the expense or effort, but convincing management that it's safe to do so. A firewall provides not only real security--it often plays an important role as a security blanket for management.

Lastly, a firewall can act as your corporate ``ambassador'' to the Internet. Many corporations use their firewall systems as a place to store public information about corporate products and services, files to download, bug-fixes, and so forth. Several of these systems have become important parts of the Internet service structure (e.g., UUnet.uu.net, whitehouse.gov, gatekeeper.dec.com) and have reflected well on their organizational sponsors. Note that while this is historically true, most organizations now place public information on a Web server, often protected by a firewall, but not normally on the firewall itself.

What can a firewall protect against?

Some firewalls permit only email traffic through them, thereby protecting the network against any attacks other than attacks against the email service. Other firewalls provide less strict protections, and block services that are known to be problems.

Generally, firewalls are configured to protect against unauthenticated interactive logins from the ``outside'' world. This, more than anything, helps prevent vandals from logging into machines on your network. More elaborate firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. The firewall can protect you against any type of network-borne attack if you unplug it.

Firewalls are also important since they can provide a single ``choke point'' where security and audit can be imposed. Unlike in a situation where a computer system is being attacked by someone dialing in with a modem, the firewall can act as an effective ``phone tap'' and tracing tool. Firewalls provide an important logging and auditing function; often they provide summaries to the administrator about what kinds and amount of traffic passed through it, how many attempts there were to break into it, etc.

Because of this, firewall logs are critically important data. They can be used as evidence in a court of law in most countries. You should safeguard, analyze and protect yoru firewall logs accordingly.

This is an important point: providing this ``choke point'' can serve the same purpose on your network as a guarded gate can for your site's physical premises. That means anytime you have a change in ``zones'' or levels of sensitivity, such a checkpoint is appropriate. A company rarely has only an outside gate and no receptionist or security staff to check badges on the way in. If there are layers of security on your site, it's reasonable to expect layers of security on your network.

What can't a firewall protect against?

Firewalls can't protect against attacks that don't go through the firewall. Many corporations that connect to the Internet are very concerned about proprietary data leaking out of the company through that route. Unfortunately for those concerned, a magnetic tape, compact disc, DVD, or USB flash drives can just as effectively be used to export data. Many organizations that are terrified (at a management level) of Internet connections have no coherent policy about how dial-in access via modems should be protected. It's silly to build a six-foot thick steel door when you live in a wooden house, but there are a lot of organizations out there buying expensive firewalls and neglecting the numerous other back-doors into their network. For a firewall to work, it must be a part of a consistent overall organizational security architecture. Firewall policies must be realistic and reflect the level of security in the entire network. For example, a site with top secret or classified data doesn't need a firewall at all: they shouldn't be hooking up to the Internet in the first place, or the systems with the really secret data should be isolated from the rest of the corporate network.

Another thing a firewall can't really protect you against is traitors or idiots inside your network. While an industrial spy might export information through your firewall, he's just as likely to export it through a telephone, FAX machine, or Compact Disc. CDs are a far more likely means for information to leak from your organization than a firewall. Firewalls also cannot protect you against stupidity. Users who reveal sensitive information over the telephone are good targets for social engineering; an attacker may be able to break into your network by completely bypassing your firewall, if he can find a ``helpful'' employee inside who can be fooled into giving access to a modem pool. Before deciding this isn't a problem in your organization, ask yourself how much trouble a contractor has getting logged into the network or how much difficulty a user who forgot his password has getting it reset. If the people on the help desk believe that every call is internal, you have a problem that can't be fixed by tightening controls on the firewalls.

Firewalls can't protect against tunneling over most application protocols to trojaned or poorly written clients. There are no magic bullets and a firewall is not an excuse to not implement software controls on internal networks or ignore host security on servers. Tunneling ``bad'' things over HTTP, SMTP, and other protocols is quite simple and trivially demonstrated. Security isn't ``fire and forget''.

Lastly, firewalls can't protect against bad things being allowed through them. For instance, many Trojan Horses use the Internet Relay Chat (IRC) protocol to allow an attacker to control a compromised internal host from a public IRC server. If you allow any internal system to connect to any external system, then your firewall will provide no protection from this vector of attack.

تحقیق درباره Networking Basics (لاتین کامل)

لینک دانلود و خرید پایین توضیحات

فرمت فایل word  و قابل ویرایش و پرینت

تعداد صفحات: 21

Network Communications

This lesson introduces the basic building blocks of network communications and some of the structures used to construct data networks. There are many different kinds of data networks- from enterprise networks used by large corporations to a simple two- node local area network (LAN) used in a private home. However , many of the same of the same principles apply to all networks, regardless of size or complexity.

After this lesson , you will be able to

List the services provided by network protocols.

Describe how protocols enable networked computers to communicate

Distinguish a LAN from a wide area network (WAN)

Understand the difference between baseband and broadband networks

Identify and distinguish the characteristics of a packet- switched network and a circuit- switched network

Understand full- duplex and half- duplex communications

Describe the basic segment and backbone design of an enterprise network

Distinguish a server- based network from a peer- to- peer network

Estimated lesson time: 30 minutes

When you connect two or more computers so they can communicate with each other, you create a date network. This is true whether you connect the computers using a cable , a wireless technology such as infrared or radio waves , or even modems and telephone line. The technology that connects the computers together , no matter what form it tacks, is called the network medium , and for this reason the term network cable is often used to refer to any kind of network medium.

Signals and Protocols

Computers can communicate over a network in many ways and for many reasons , but a great deal that goes on in the networking process is unconcerned with the nature of the data passing over the network medium. By the time the data generated by the transmitting computer reaches the cable or other medium, it has been reduced to signals that are native to that medium. These might be electrical voltages for a copper cable network, pulses of light for fiber optic , or infrared or radio waves. These signals form a code that the network interface in each receiving computer converts back into the binary data understood by the software running on that computer. The computer then interprets the binary code into information it can use in a variety of ways. Of course there is a great deal more to this process than this description indicates , and there is a lot going on to make it possible for the e- mail you just sent to your mother to get reduced to electrical voltages , transmitted halfway across the country , and then reconstituted into text on her computer.

In some cases , a network consists of identical computers running the same version of the same operating system and using all the same applications , whereas other networks consist of many different computing platforms running entirely different software. It might seem that it would be easier for the identical computers to communicate than it would be easier for the different ones, and in some ways it is. But no matter what kind of computers the network uses and what software the computers are running , they most have a common language to understand each other. These common languages are called protocols, and computers use many of them during even the simplest exchanges of network data. Just as two people must speak a common language to communicate , two computers must have one or more protocols in common to exchange data.

A network protocol can be relatively simple or highly complex. In some cases , a protocol is simply a code - such as a pattern of electrical voltage - that defines the binary value of a bit of data: 0 or 1. The concept is the same as that of Morse code, in which a pattern of dots and dashes represents a latter of the alphabet.

More complicated networking protocols can provide a variety of services , including the following:

Packet acknowledgment. This is the transmission of a return message by the recipient to verify the receipt of a packet or packets. A packet is the fundamental unit of data transmitted over a LAN.

Segmentation. This is the division of a lengthy data stream into segments sufficiently small for transmission over the network inside packets.