Page 442 - StudyBook.pdf
P. 442

426    Chapter 7 • Topologies and IDS

             Introduction


             In today’s network infrastructures, it is critical to know the fundamentals of basic
             security infrastructure. Before any computer is connected to the Internet, planning
             must occur to make sure the network is designed in a secure manner. Many of the
             attacks that hackers use are successful because of an insecure network design.That
             is why it is so important for a security professional to use the secure topologies and
             tools like intrusion detection and prevention that are discussed in this chapter. For
             example, if you are working with Cisco technologies (and other switch vendors),
             you might be familiar with virtual local area network (VLAN) technology.VLANs
             are responsible for securing a broadcast domain to a group of switch ports.This
             relates directly to secure topologies, because different Internet Protocol (IP) subnets
             can be put on different port groupings and separated, either by routing or by
             applying an access control list (ACL) (e.g., the Executive group can be isolated
             from the general user population on a network).
                 Other items related to topology that we examine in this chapter include demil-
             itarized zones (DMZs). DMZ’s can be used in conjunction with network address
             translation (NAT) and extranets to help build a more secure network.We’ll look at
             each of these items and examine how they can be used to build a layered defense.


              TEST DAY TIP

                  An ACL is a list of users that have permission to access a resource or
                  modify a file. ACLs are used in nearly all modern-day operating systems
                  (OSes) to determine what permissions a user has on a particular resource
                  or file.




                 The second half of this chapter covers intrusion detection. It is important to
             understand not only the concepts of intrusion detection, but also the use and
             placement of intrusion detection systems (IDSes) within a network infrastructure.
             The placement of an IDS is critical to deployment success.This section also covers
             intrusion prevention systems (IPS), honeypots, and incident response.












          www.syngress.com
   437   438   439   440   441   442   443   444   445   446   447