Firewall
302
8.4
Intrusion Detection
BAT54-Rail/F..
Release
7.54
06/08
Also monitoring of sensitive data in the Internet is not be prevented by a Fire-
wall. If data once reaches the unsecured net beyond the Firewall, then it is
exposed to well-known dangers. Despite using a Firewall, any confidential in-
formation such as contracts, passwords, development information etc.
should be transmitted only over protected connections, i.e. by using suitable
data encryption and VPN connections.
8.4 Intrusion Detection
A Firewall has the task to examine data traffic across borders between net-
works, and to reject those packets, which do not have a permission for trans-
mission. Beside attempts to access directly a computer in the protected
network, there are also attacks against the Firewall itself, or attempts to out-
wit a Firewall with falsified data packets.
Such break-in attempts are recognized, repelled and logged by the Intrusion
Detection system (IDS). Thereby it can be selected between logging within
the device, email notification, SNMP traps or SYSLOG alarms. IDS checks
the data traffic for certain properties and detects in this way also new attacks
proceeding with conspicuous patterns.
8.4.1 Examples for break-in attempts
Typical break-in attempts are falsified sender addresses ("IP Spoofing") and
port scans, as well as the abuse of special protocols such as e.g. FTP in or-
der to open a port on the attacked computer and the Firewall in front of it.
U IP Spoofing
With IP Spoofing the sender of a packet poses itself as another computer.
This happens either in order to trick the Firewall, which trusts packets from
the own network more than packets from untrusted networks, or in order to
hide the author of an attack (e.g. Smurf).
The BAT Firewall protects itself against spoofing by route examination, i.e. it
examines, whether a packet was allowed to be received over a certain inter-
face at all, from which it was received.
To Next Page
Loading...
Need help?
General
