Networking Fundamentals, 3rd Edition page 478

Copyright Goodheart-Willcox Co., Inc. 478 Networking Fundamentals while hiding the address of the true host inside the LAN. To anyone outside the net- work, only the proxy server is seen. Proxy servers replace the IP address of outgoing packets with the IP address assigned to the proxy server. For incoming packets that are allowed to fl ow into the network, the reverse is true. Th e proxy server can be confi gured to allow packets to fl ow into and out of the network if they meet certain conditions. Th e conditions confi gured can be items such as specifi c IP addresses, certain protocols, and server names or URLs. Proxy servers may also cache information such as frequently visited websites. By caching the websites and their IP addresses, connections can be made faster than when searching for the website. Proxy servers are sometimes referred to as gateways. Remember, there are many types of gateways. A gateway provides a connection be- tween the network and some other service. A common example is a VoIP gateway, which provides Voice over IP access. Securing Remote Access Remote access is sometimes a necessity, especially for sales personnel who travel. Sales personnel typically need to attach to the offi ce fi le server to check their e-mail, place customer orders, and check an order’s status. While remote access is neces- sary, it can also pose as a vulnerable access point. It is interesting to note that remote access can occur without the direct knowl- edge of network administrators. An employee can secretly attach a modem to his or her workstation so that he or she may access offi ce fi les from home. Software such as pcAnywhere and Windows Remote Desktop Connection are designed for such capabilities. A hacker can gain access the exact way the employee did. Most intruders are aware that telephone numbers assigned to an offi ce run in successive numerical order. For example, if the business telephone number is 333-1234, it is probably a safe bet that other telephones in the business are assigned telephone numbers, such as 333-1235, 333-1236, 333-1237, and 333-1238. Th e pattern is easily revealed. Th is is also true for telephone number extensions. When an employee attaches a telephone modem to his or her computer at work, he or she leaves a backdoor open to an intruder. As stated earlier, the employee most likely has created a fi le share on his or her workstation so the fi le share can be accessed from home or while traveling. Physical Security Physical security is an important aspect of network security. Th e phrase physical security refers to the location of the physical system. File servers should be placed in a secure room. A secure room is one that it is physically locked and can only be accessed by authorized personnel. Th is policy should apply to the fi le server room, wiring closets, point of presence location, and anywhere along data lines where someone can gain access. Devices that connect the workstations to the network, such as hubs and routers, must also be secured but generally not at such a high level as the fi le server and wiring closets. Workstations should also be physically secured. Many users leave their work- station connected to the network when they go home for the day. When they leave, the workstation is still logged on to the network with their user account. Th is is an open invitation to unauthorized personnel. Th is is especially true in a large, open- offi ce environment when 50 or more workers have open access to every computer in the offi ce area. What if a sensitive document such as a salary schedule for the entire corporation was downloaded from an employee’s workstation, reproduced, and posted on the company lounge bulletin board? Management would most likely

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 478 (500 of 720)

Resources and Downloads

Help