Managing Cisco Network Security P2

Before the advent of virtual private network (VPN) technology, remote connections were usually through expensive dedicated lines, or smaller organizations may have used on-demand connection technologies such as dial-up over Integrated Services Digital Network (ISDN) or Public Switched Telephone Network (PSTN). VPN has allowed companies to shift their connections to the Internet and save money, but still provide confidentiality and integrity to their communication traffic. Branch offices can be located on the other side of the city or scattered across a continent. They may exist to provide business services, distribution, sales, or technical services closer to the location of customers....
Nội dung trích xuất từ tài liệu:
Managing Cisco Network Security P26 Chapter 1 • Introduction to IP Network Security Figure 1.1 A typical site scenario. WAN Central Site Headquarters Branch Office Laptop Internet Telecommuter Business Laptop Partner PDA Campus Network Before the advent of virtual private network (VPN) technology, remote connections were usually through expensive dedicated lines, or smaller organizations may have used on-demand connection technologies such as dial-up over Integrated Services Digital Network (ISDN) or Public Switched Telephone Network (PSTN). VPN has allowed companies to shift their con- nections to the Internet and save money, but still provide confidentiality and integrity to their communication traffic. Branch offices can be located on the other side of the city or scattered across a continent. They may exist to provide business services, distribu- tion, sales, or technical services closer to the location of customers. These offices can have one, two, or up to hundreds of employees. A branch office usually has business needs to access information securely at the head- quarters site or other branch offices, but due to its smaller size, is con- www.syngress.com Introduction to IP Network Security • Chapter 1 7strained by cost for its connectivity options. When the cost or businessneeds are justified, the branch office would have a permanent connectionto the central headquarters. Most branch offices will also have an Internetconnection. Business partners may be collaborative partners, manufacturers, orsupply chain partners. Technologies such as Electronic Data Interchange(EDI) over proprietary networks have been used by large businesses to per-form transactions, but are difficult and expensive to use. Many companieshave implemented extranets by using dedicated network connections toshare data and operate joint business applications. Extranets and busi-ness-to-business transactions are popular because they reduce businesstransaction cycle times and allow companies to reduce costs and invento-ries while increasing responsiveness and service. This trend will only con-tinue to grow. Business-to-business interactions are now rapidly shifting tothe Internet. Extranets can be built over the Internet using VPN technology. Mobile users and telecommuters typically use dial-up services for con-nectivity to their headquarters or local office. Newer technologies such asDigital Subscriber Line (DSL) or cable modems offer permanent, high-speed Internet access to the home-based telecommuters.TIP It is well known that modems inside your campus network can create a backdoor to your network by dialing out to another network, or being left in answer mode to allow remote access directly to a workstation on your internal network. These backdoors bypass the firewall and other security measures that you may have in place. The always-on Internet connections from home now offer the ability to create the backdoor remotely. It is possible to have an employee or contractor online with a modem to the corporate network remote access facility, while they still have an Internet connection through their DSL or cable modem. Attention to detail in the security policy, workstation con- figuration, and user awareness is critical to ensure that vulnerabilities don’t creep into your system.Host SecurityAny vendor’s software is susceptible to harboring security vulnerabilities.Almost every day, Web sites that track security vulnerabilities, such asCERT, are reporting new vulnerability discoveries in operating systems, www.syngress.com8 Chapter 1 • Introduction to IP Network Security application software, server software, and even in security software or devices. Patches are implemented for these known bugs, but new vulnera- bility discoveries contin ...