This security approach is based on the concept of building several layers of defense around the host or information resource that you want to protect against malicious attacks.
In enterprise IT networks, the defense in depth approach is implemented using different security infrastructure equipment and mechanisms. These include hardware firewalls, Intrusion Prevention Systems, Authentication and Authorization servers, encryption devices, proxy servers, enterprise antivirus software, host intrusion detection software etc. Depending how big the enterprise is and how much security level they want to achieve, security administrators use some or all of the mentioned security tools.
On the other hand, for small home networks to attain a strong defense in depth I would suggest at least the following: [Read more…]
How To Protect your network from IP Spoofing
In a normal IP communication between two hosts, the sending host inserts its configured IP address in the ‘source IP’ field of the IP header, in order for the receiving host to know where to send the reply traffic back. In IP Spoofing, a malicious host can forge the IP header and change the source IP address to something different, thus making the packet to appear that it’s coming from a different machine.
IP spoofing is frequently used in Denial of Service attacks, where the attacker wants to hide its identity (source IP address) and also does not care about receiving responses to its attack packets. [Read more…]
How to secure your small business with a PIX Firewall
One of the most popular firewall products for the small business market is the Cisco PIX 501. Out of the box it requires just a few configuration entries and you are up and running.
In this guide, we will walk through the steps for configuring your brand new pix at the network edge.
This guide is written for the user who has no knowledge of the PIX firewall. As such, it is not a treatise on network security, but a quick, by-the numbers guide to configuring a PIX firewall with as little jargon as possible. [Read more…]