You are in the: Small Business Computing Channel

» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

www.ecommerce-guide.com/news/trends/article.php/253601

Back to Article

E-Commerce Security Technologies - Part One By Mark Merkow, CCP, CISSP December 2, 1999 Corporate networks are built assuming certain levels of trust in how the information passing through them is accessed and used. When they''re hooked into public networks, like the Internet, a safer -- and more intelligent route -- leads security administrators to trust no one on the outside. In our last segment here at EC Outlook, An Ounce Of Prevention, we examined the Common Vulnerabilities and Exposures (CVE) List that standardizes the naming of network and system vulnerabilities on systems attached to the Internet, as well as for private networks. To help answer any questions you may have about where CVE is needed and used, this segment opens a four-part series on security technologies used to defend against attacks initiated from both within and without an organization. The series will examine the pieces of the security puzzle to see how to best fit them together for effective defenses and coverage. In the series, we''ll explore several security methods that are used wherever the Internet and corporate networks intersect. These include the uses of: Routers Firewalls Intrusion Detection Systems (IDSs) Vunerability Assessment Tools (Scanners, etc.) Basic Security Infrastructures Figure 1 illustrates the basic design for a secure network infrastructure. As you see, the infrastructure relies upon layers of devices that serve specific purposes, and provide multiple barriers of security that protect, detect, and respond to network attacks, often in real time. Figure 1 A Basic Network Security Model Each segment of the series will focus on each of the building blocks that are needed to complete the network security picture. Thanks goes out 3Com and the Computer Emergency Response Team (CERT) for their insights and expertise on Internet security issues and approaches. In this segment, we''ll examine in some detail the uses of packet-filtering routers. Routers A router is a network traffic-managing device that sits in between sub-networks and routes traffic intended for, or emanating from, the segments to which it''s attached. Naturally, this makes them sensible places to implement packet filtering rules, based on your security polices that you''ve already developed for the routing of network traffic. Packet Filtering A packet filter is a simple and effective form of protection. A packet filter matches all packets against a series of rules. If the packet matches a rule, then an action is performed (packet is accepted, rejected, logged, etc.). Basic Packet Filtering Straight Packet Filtering mechanisms allow communication originating from one side or the other. To enable two-way traffic, you must specify a rule for each direction. Packet filtering firewalls identify and control traffic by examining the source, destination, port number, and protocol types (UDP, TCP, or other).

Go to page: 1  2  Next