2.3 Appropriate Use of Network Security Tools
You should know that the absolute best and easiest way to keep a computer safe is to physically isolate it from any sort of outside contact. However, this isn’t always possible, so to keep security at a high level, networks and online environments have become extremely complex. In the end, the most important thing is to secure the devices by using security tools to secure physical items.
· NIPS – Network Intrusion-Prevention Systems. NIPS are often used with NIDS. NIPS can be both hardware and software based. The systems can range from intrusion detection to detection with prevention. NIPS will scan for configuration weaknesses and will detect attacks after they occur. Inline NIPS can prevent an attack and can proactively provide support from damage happening to machines on a network
· NIDS – Network-Based Intrusion-Detection System. Used to monitor packet flow. NIDS can also be used to locate certain packets that may have slipped through the firewall but are not allowed. They are great for picking up DoS attacks as well as access by unauthorized users.
· Firewalls – Firewalls offer great protection but shouldn’t be the only security tool used on a network. They are placed on networks and computers and are used to control undesired access by those outside of the network. Firewalls can be hardware, software, and a mixture of both. Firewalls should be the first line of defense, but not the only or last. Be aware of the different types of firewalls including proxy service firewalls, packet-filtering firewalls and others.
· Honeypot – A honeypot is used to attract and then trap malicious users who try to penetrate a vulnerable computer system. They are often used in conjunction with other security tools.
· Proxy servers – Proxy servers are similar to proxy-level firewalls as they both are placed between the Internet and the network at hand. Proxy servers are great for logging, caching, and security. When a request is sent to the proxy server for an Internet service, the request has to pass through certain filters and check back with the cache from previously visited web pages.
· Internet content filters – Internet content filters filter what sort of websites and applications can and cannot be ran. Certain words, phrases, and terms are compared to the content of applications and web pages to either allow access or deny it. These filters are popularly used at schools and in the workplace. Think of Vista’s Parental Controls.
· Protocol analyzers – Protocol analyzers are great for two things. For one they can gather packet-level information from the network to help troubleshoot a problem. When the packets are captured, they are decoded into readable data. These analyzers are also useful when it comes to monitoring, such as unwanted or unexpected network traffic.
No comments:
Post a Comment