To motivate the need for firewalls, let's first take a high-level tour of a typical enterprise network.Īn enterprise network is part of the Internet. At least one of these subsystems will not be susceptible to an attack since an attack typically exploits specific vulnerabilities that may be present on some, but not all, components. For example, a server is a collection of diversified subsystems with different implementations. The third line of defense consists of the attack-resilient technologies that enable the most valuable system components to survive attacks. For example, the APT malware examples we discussed previously are often hard to detect because they blend in with normal activities so well. Just like with prevention, there will be attacks that can go undetected, at least until they have inflicted their damage. These mechanisms monitor activities in our systems and networks to detect attacks and repair damage. For example, anti-virus software may not prevent a user from downloading a Trojan horse, since Trojan horses appear to be legitimate programs.ĭetection and response mechanisms make up the second line of defense. Inevitably though, some attacks will defeat the prevention mechanism. The first line of defense is prevention: prevention stops attacks from getting into our networks and systems in the first place. In other words, we should utilize multiple layers of defense mechanisms. When it comes to defense against attacks, the most important principle is to employ defense in depth. Packet Filtering Firewall Countermeasures.Additional Convenient Firewall Features.
0 kommentar(er)
