Where Personal/Desktop Firewalls Fit in a Network

Personal and desktop firewalls are frequently overlooked as security devices that should be implemented on a network. | Where Personal Desktop Firewalls Fit in a Network Personal and desktop firewalls are frequently overlooked as security devices that should be implemented on a network. BlackHat 2004 had a keynote speaker introduce the concept of the de-perimeterization of the network. The problem he pointed out was that today s applications require so many ports to be opened in the network firewall to function properly that the network firewall almost does not need to exist in the first place. Although I disagree that the network firewall does not need to exist the basic idea that we cannot rely on network firewalls alone to protect resources is a sound one. After all a network firewall can only control traffic that passes through it. If an attacker can gain control of a system on the other side of the firewall he potentially has unfiltered and unrestricted access to launch attacks from the compromised system to all other systems rendering the network firewall useless as a defense mechanism. Consequently it is a good idea to incorporate firewall technologies on the servers themselves giving you the ability to control traffic at the point closest to the data that you need to protect the server network interface card NIC . Because the firewall is running on the server itself you can implement the most restrictive filtering rules possible literally permitting only the traffic specifically required by the applications running on the server. As illustrated in Chapter 4 Personal and Desktop Firewalls there are a number of ways to implement personal firewalls ranging from built-in utilities such as Windows Firewall for Windows-based systems and IP filter for UNIX- and Linux-based systems to third-party firewall applications such as Trend Micro ZoneAlarm and Cisco Security Agent CSA . When determining the appropriate personal firewall to use you must consider a few elements. First you need to determine whether you need to control both inbound and outbound traffic with the personal .

Bấm vào đây để xem trước nội dung
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.