Discuss the security implications of commonly used applications.
To properly configure security mechanisms and best protect network resources, you must understand your network's specific TCP/IP applications. Normally, the security mechanisms you implement will be in the form of a firewall, either a screening router or proxy server.
Proxy server: Proxy servers communicate with external servers on behalf of the internal clients. When the terms application gateway or circuit-level gateway are used, they refer to the specific services provided by each form of firewall.
Screening router: Examines inbound and outbound packets based upon filter rules. Screening router is another term for a packet filter.
Understanding the architecture of each application that will be routed through a firewall is necessary to proper firewall configuration. Common TCP/IP applications are described in the table below.
Telnet should only be used when you can verify the security of the entire network connecting the client and server, not over the Internet. If you wish to deny incoming Telnet connections, you should filter all Telnet traffic at the firewalls.
Malicious email attachments
A typical email message contains a header indicating where the message initiated, who the recipient is, and the time and date. An email message can include any type of attachment, including viruses and trojans.
The best defense against malicious attachments is to purchase an SMTP server that scans all messages, or to use a proxy server that scans all incoming and outgoing messages.
Another preventive measure is user education. Educating email users on how viruses and trojans are sent through SMTP will help reduce the number of viruses or trojans on the network.
Only allow anonymous connections to your FTP server so that you do not compromise any user accounts on the FTP server. Because FTP sends all user names and the corresponding passwords in plain text, your user accounts will not be compromised by using FTP.
SNMP is a viable network management solution within a company's private network, but you may want to consider filtering all SNMP traffic at the firewall.
Trojan (trojan horse): A file or program that purports to operate in a legitimate way, but which also has an alternative, secret operation, such as emailing sensitive company information to a hacker.
A trojan horse is a specific program that destroys information on a hard drive.
Simple Mail Transfer Protocol (SMTP): The Internet standard protocol to transfer electronic mail messages from one computer to another. It specifies how two mail systems interact,
as well as the format of control messages they exchange to transfer mail.