Measures to reduce security threats - general controls
Access - Firewall

" A site with top-secret or classified data doesn't need a firewall at all, they shouldn't be hooking up to the Internet in the first place".

With the growing number of sites connecting up to Internet, several extra security precautions are needed.
One approach is to install a "firewall"

prfirew.gif (6372 bytes)

A firewall is a combination of hardware and/or software between two networks that protects your network by blocking unwanted useres from gaining access and by disallowing messages to specific recipients outside the network, such as competitors.
Divide the outside world into two or more portions - those who are permitted access and those who aren't
Can also split further, such as what users are allowed to do once they are allowed into the network
At the high end, can take the form of a dedicated processor to run "proxy services" at the application level, authenticating and forwarding traffic for a particular application.

Analogy
- When hosting a private party, someone may be stationed at the door to check off names against an invitation list.

Types

Firewalls are usually made up of a combination of;
Packet filtering	A router examines each packet, and by following rules programmed into it, accepts messages from certain servers or nodes and drops all others
Application proxy	Special purpose software restricts incoming traffic to a specified application, such as email or Lotus Notes. Similarily outgoing traffic can be restricted if it comes from an unauthorised application.
Circuit level gateway	This gateway connects an outside TCP/IP port to an internal destination, often a shared resource like a printer. An access control mechanism on the gateway determines whether the user connected to the TCP/IP port is authorised.
Authentication	A system gives a user seeking access to the internal networ a private key shared with a service on a host. When a key distribution center clears the users key, it unlocks access to the host service.
Encryption	Encrypting data streams prevents them from being intercepted and stored as they move along the internet.

McCann,S. (1998, Nov 16), Babcock,C. (1996, Aug 12), [128]Computerworld NZ Jul '95
[Rev: 22/11/98] 3/9/97 © 1996-98 V/2-Com (Verhaart), P O Box 8415, Havelock North, New Zealand.