Scrambled Alphabet

There is no one single fix for security, and the systems, users and data (SUD) must be protected at many different levels, whether it be from the lowest level of the Internet model with physical security, to the highest level with data encryption. It is also never possible to truly guard every layer completely, as there are often weaknesses in each of the layers that can be exploited. In fact, one of the most difficult attacks to defend against is a social engineering attack, where users are prompted for their login details from a respected source, which is a spoofed one. As will be seen in this chapter, each of the devices which are used to protect SUD’s are typically there to deter potential intruders, and not provide an ultimately bar to intrusions. Often there is a trade-off between implementing extensive security, which will reduce the performance of intermediate devices, or to implement simplier security, which will have a lesser effect on security devices. This chapter investigates some of the devices which are used at the Internet and transport layers of the Internet model. The main devices are: - Stateless/Packet-filter firewalls. These are typically routers which filter data packets at the Internet (network) and transport layers, and thus filter network addresses and TCP/UDP ports. These are typically known as screening firewalls. These devices tend to be stateless, where each packet is looked at independently for all others. - Stateful firewalls (PIX/ASA). These are more complex devices than packet filter firewalls, and remember the state of a connection. They can also filter at most of the layers of abstration, such as for IP addresses, TCP ports, Application Layer commands, URLs, and so on. They tend to have an These are specialised devices which focus on insolating the inside network from the outside, and in creating DMZ’s. - Proxy servers. These are used to act as a buffer between an external network and an internal one, and are used to isolate nodes from external untrusted hosts. Proxy servers are often known as application gateways. - NAT (Network Address Translation) devices. These are used to translate net-work address from an internal network to an external one. They have many applications, such as being able to assign a wide range of private IP addresses, and in isolating nodes from direct external access. Figure 6.1 shows some of the icons used.

RGHDH WX KM MKH XWKVTH OWN OMD XHBIDWRU, AKF RGH XUXRHPX, IXHDX AKF FARA (XIF) PIXR SH LDMRHBRHF AR PAKU FWOOHDHKR THYHTX, JGHRGHD WR SH ODMP RGH TMJHXR THYHT MO RGH WKRHDKHR PMFHT JWRG LGUXWBAT XHBIDWRU, RM RGH GWVGHXR THYHT JWRG FARA HKBDULRWMK. WR WX ATXM KHYHD LMXXWSTH RM RDITU VIADF HYHDU TAUHD BMPLTHRHTU, AX RGHDH ADH MORHK JHAZKHXXHX WK HABG MO RGH TAUHDX RGAR BAK SH HNLTMWRHF. WK OABR, MKH MO RGH PMXR FWOOWBITR ARRABZX RM FHOHKF AVAWKXR WX A XMBWAT HKVWKHHDWKV ARRABZ, JGHDH IXHDX ADH LDMPLRHF OMD RGHWD TMVWK FHRAWTX ODMP A DHXLHBRHF XMIDBH, JGWBG WX A XLMMOHF MKH. AX JWTT SH XHHK WK RGWX BGALRHD, HABG MO RGH FHYWBHX JGWBG ADH IXHF RM LDMRHBR XIF’X ADH RULWBATTU RGHDH RM FHRHD LMRHKRWAT WKRDIFHDX, AKF KMR LDMYWFH AK ITRWPARHTU SAD RM WKRDIXWMKX. MORHK RGHDH WX A RDAFH-MOO SHRJHHK WPLTHPHKRWKV HNRHKXWYH XHBIDWRU, JGWBG JWTT DHFIBH RGH LHDOMDPAKBH MO WKRHDPHFWARH FHYWBHX, MD RM WPLTHPHKR XWPLTWHD XHBIDWRU, JGWBG JWTT GAYH A THXXHD HOOHBR MK XHBIDWRU FHYWBHX. RGWX BGALRHD WKYHXRWVARHX XMPH MO RGH FHYWBHX JGWBG ADH IXHF AR RGH WKRHDKHR AKF RDAKXLMDR TAUHDX MO RGH WKRHDKHR PMFHT. RGH PAWK FHYWBHX ADH: - XRARHTHXX/LABZHR-OWTRHD OWDHJATTX. RGHXH ADH RULWBATTU DMIRHDX JGWBG OWTRHD FARA LABZHRX AR RGH WKRHDKHR (KHRJMDZ) AKF RDAKXLMDR TAUHDX, AKF RGIX OWTRHD KHRJMDZ AFFDHXXHX AKF RBL/IFL LMDRX. RGHXH ADH RULWBATTU ZKMJK AX XBDHHKWKV OWDHJATTX. RGHXH FHYWBHX RHKF RM SH XRARHTHXX, JGHDH HABG LABZHR WX TMMZHF AR WKFHLHKFHKRTU OMD ATT MRGHDX. - XRARHOIT OWDHJATTX (LWN/AXA). RGHXH ADH PMDH BMPLTHN FHYWBHX RGAK LABZHR OWTRHD OWDHJATTX, AKF DHPHPSHD RGH XRARH MO A BMKKHBRWMK. RGHU BAK ATXM OWTRHD AR PMXR MO RGH TAUHDX MO ASXRDARWMK, XIBG AX OMD WL AFFDHXXHX, RBL LMDRX, ALLTWBARWMK TAUHD BMPPAKFX, IDTX, AKF XM MK. RGHU RHKF RM GAYH AK RGHXH ADH XLHBWATWXHF FHYWBHX JGWBG OMBIX MK WKXMTARWKV RGH WKXWFH KHRJMDZ ODMP RGH MIRXWFH, AKF WK BDHARWKV FPQ’X. - LDMNU XHDYHDX. RGHXH ADH IXHF RM ABR AX A SIOOHD SHRJHHK AK HNRHDKAT KHRJMDZ AKF AK WKRHDKAT MKH, AKF ADH IXHF RM WXMTARH KMFHX ODMP HNRHDKAT IKRDIXRHF GMXRX. LDMNU XHDYHDX ADH MORHK ZKMJK AX ALLTWBARWMK VARHJAUX. - KAR (KHRJMDZ AFFDHXX RDAKXTARWMK) FHYWBHX. RGHXH ADH IXHF RM RDAKXTARH KHR-JMDZ AFFDHXX ODMP AK WKRHDKAT KHRJMDZ RM AK HNRHDKAT MKH. RGHU GAYH PAKU ALLTWBARWMKX, XIBG AX SHWKV ASTH RM AXXWVK A JWFH DAKVH MO LDWYARH WL AFFDHXXHX, AKF WK WXMTARWKV KMFHX ODMP FWDHBR HNRHDKAT ABBHXX. OWVIDH 6.1 XGMJX XMPH MO RGH WBMKX IXHF.