Advertisement
Promo

Network management Toolkit in association with http://ad.doubleclick.net/clk;217618582;14453422;e?http://www.citrix.com/lang/English/lp/lp_1688615.asp

Strengthen your network defences

Brien M Posey

Published: 30 Apr 2003 15:45 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Recently, Microsoft has publicised the idea that if you want to have a truly secure network, you must focus your efforts in five primary areas: perimeter defences, network defences, application defences, data defences, and host defences. In this article, I'll focus on network defences, and provide four steps you can use to secure them.

What are network defences?
Network defences address the issues involved in connecting networks to each other and in operating a network as a whole. They don't address issues like external firewalls or dial-up connections, since the perimeter security layer covers these. Nor do network defences cover individual servers and workstations, since the host defences layer covers these. Instead, network defences cover things such as protocols and routers.

Internal firewalls
Just because the network defences area doesn't cover external firewalls doesn't mean that it doesn't cover firewalls at all. One of the first steps that I recommend taking toward securing your network defences is to enable internal firewalls where possible. Internal firewalls are basically the same as external firewalls. The main difference is that their primary job is to protect the machine against traffic that is already on your network. There are a couple of reasons for implementing internal firewalls.

First, imagine for a moment that a hacker or a virus was able to manipulate your external firewall in a way that allowed all varieties of traffic to flow through it. Normally, this would mean that it was open season against your network. However, if you had enabled internal firewalls, they would block the malicious packets that the external firewall had let slip through.

The other main reason for enabling some internal firewalls is that many attacks tend to be internal in nature. At first, you might hear this statement and think that an internal attack couldn't possibly happen on your network, but I've seen internal attacks and other security breaches in every company I've ever worked for.

At two of the places where I used to work, people in other departments who were hacker or administrator wannabes thought that it would be cool to probe the network to see how much information they could acquire. In both cases, they had no ill intent (or so they said); they were simply looking to impress their friends by hacking the system. Whatever their motivation, they did attempt to break through the network's security. You need to protect your network from people like this.

In other places where I've worked, I've seen people bring in unauthorised software infected with Trojan horses. (Remember "Back Orifice"?) These Trojan horses broadcast on specific ports. The firewall was powerless to stop malicious packets from entering the network because they were already on the network.

This kind of attack brings up an interesting point: most of the techs I know configure their external firewalls to block all but a few inbound ports and to allow all outbound traffic. I recommend being just as picky with the outbound ports as you are with the inbound ports, because you never know when a Trojan horse could be using some obscure port to broadcast information about your network to the world.

Ideally, you should place internal firewalls on each PC and on each server. Several good personal firewall products are on the market, such as Norton's Personal Firewall 2003 from Symantec. However, you may not have to spend a dime on an internal firewall for your workstations, since Windows XP contains its own built-in personal firewall.

To enable the Windows XP firewall, right-click on My Network Places and select the Properties command from the resulting shortcut menu to display the Network Connections window. Next, right-click on the network connection you want to protect and select Properties. Finally, select the Advanced tab and then the check box in the Internet Connection Firewall section. You can also use the Settings button to enable any ports that should remain open. Although the Windows XP firewall is intended as an Internet firewall, it works great as an internal firewall as well.

Next

Previous

1 2 3


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
148 out of 332 people found this useful


Full Talkback thread

0 comments


Company/Topic Alerts

Create a new alert from the list below:







Related Citrix Resources

Achieving the lowest server virtualization TCO

Consolidation through server virtualization is a powerful agent for datacenter change, but...

Achieving the lowest server virtualization Total Cost of Ownership

Consolidation through server virtualization is a powerful agent for datacenter change, but...

Citrix XenDesktop: The Best Desktop Delivery System For Today's Demanding Business Needs

Whether you're considering your first virtual desktop solution or trying to salvage an existing...

Desktop Virtualization: A buyer's checklist

Desktop virtualization should do more than just move desktop management to the datacenter—its real...

Five reasons why you need Citrix Essentials for Hyper-V now

This paper explores common challenges associated with server virtualization deployments and the...

See All White Papers

Video icon

Video

On The Road Blog

Jabra Stone Bluetooth headset

I don’t get on very well with Bluetooth headsets. But it is not a prejudice against them. I don’t get on well with those flat, saucer-like in-ear headphones either. My ears are just... More

Post a comment

Ion pleases the eye and kills off the...

The netbook has been a rapidly evolving beast. The idea was initially unveiled about four years ago by the OLPC initiative, who wanted to bring out a cheap educational tool for the... More

1 comment

BlackBerry developer chief demos new s...

Late last week I got to share milk and cookies with Mike Kirkup who is RIM’s director of developer relations. Mike was passing through London on the European leg of his 'press the flesh... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters