easier to remember and enter www.mile2.com than it is to
            remember the IPv4 address. DNS is a tree structure that resolves
            the addresses so that a network device that receives a request
            from a person entering www.mile2.com will be able to look up
            the IPv4 address and then route the request properly through the
            network. When a network device does not know the IP address
            associated with a ‘web name,’ it sends a DNS request up
            through the DNS tree to a higher level DNS resolver; the reply
            is then sent to the requesting device using UDP over port 53.
            The requesting device will then store the IP address and name
            for future use.

            There have been many attacks on the Internet using DNS;
            People have sent false DNS replies that would misroute traffic,
            and DNS replies have been used in amplification attacks to
            flood a victim’s system.  People have done ‘cybersquatting’ to
            reserve the names of sites that another organization may want
            and only agree to sell that name to the organization at a higher
            price. DNS can sometimes be used to ‘learn’ information about
            a company and its administrators that can be used in attacks.

            Network Defense

            Network defense is an excellent example of the use of layered
            defense. Networks security starts with protection at the
            perimeter of the network using firewalls and network
            segmentation. The area of the network that is accessible to
            outsiders on the network is isolated into a demilitarized zone
            (DMZ). This prevents an attacker from having direct access to
            internal systems; all devices in the DMZ are hardened with all
            unnecessary functionality disabled. Such devices are often
            referred to as a Bastion Host. In the DMZ and at other points on