|
There are basic methods used
to protect a network from unauthorized Internet access.
1. Application Proxy
An
Application Proxy is a software program or device that
makes software requests on behalf of another device
on the network. A typical Proxy Server is configured
to perform Internet Browser functions for a workstation
on the trusted or internal network. The workstation
browser sends its browsing request to the Proxy Server
rather than to the destination Web server on the Internet.
The Proxy then forwards the browsing request to the
destination Web server and examines the packets that
are returned from the remote Web server. The Proxy can
then examine the actual application program data contained
within the packet and reject it or pass it on to the
originating workstation based on the security policy
created by the Network Administrator.
2. Packet Filtering
Packet Filtering is the most
basic method of perimeter security. Packets are filtered
by a device, typically a router or a firewall when they
do not meet predetermined rules set by the Network Administrator.
Packet filters are configured to consider the source
and destination address of the packets and the type
of protocol embedded in the packet. A packet filter
might be configured to drop or reject any packets coming
from the un-trusted or Internet side of the router that
contain the Telnet protocol.
3. Stateful Packet
Inspection
A Stateful Inspection firewall
keeps track of all packets associated with a specific
communication session. A typical communication session
between two computers will consist of several thousand
packets, each of which is identified by a unique source
and destination address and a sequence
number that allows all of the packets to be re-assembled
into the correct data file at the destination computer.
In a typical network, thousands of sessions may be occurring
simultaneously. A Stateful Inspection firewall keeps
track of all these concurrent sessions. Each packet
of data is checked to ensure that it belongs to the
proper session. Any packets that are not part of an
existing session are rejected. In addition to checking
and validating the communication session by the source
and destination addresses of the machines and ensuring
that all packets belong to the proper session, the firewall
further screens the packet at the software port level.
4. Hybrid Solutions
Many current firewalls blend
Stateful Packet Inspection with Application Proxy technology
to address a broad range of security functions.
The following are some major
method of remote access.
Telnet
Telnet provides a remote
login capability. Once logged in the client computer,
Telnet passes any keystrokes to the remote system. During
Telnet Option negotiation, the Telnet client must specify
what type of terminal it is emulating. If you are writing
your own emulation above the Telnet protocol you will
specify that type.
Dialup
We would encourage you for
remote access to use an Internet Service Provider (ISP).
When the modem pool was originally established there
was no accessibility to ISPs. But now remote access
via an ISP will most likely provide you faster and less
expensive access than via the modem pool.
|
