Page 444 - StudyBook.pdf
P. 444
428 Chapter 7 • Topologies and IDS
This is a fairly complex example, but helps illustrate the need for differing
security topologies on the same network. Under no circumstances should COM+
servers or SQL 2005 servers be exposed to the Internet directly—they should be
protected by placing them behind a strong security solution.At the same time, you
do not want to leave IISes exposed to every hacker and script kiddie out there, so
they should be placed in a DMZ or behind the first firewall or router.The idea
here is to layer security so that a breach of one set of servers such as the IIS servers
does not directly expose COM+ or SQL servers.
What Is a Firewall?
Head of the Class… against external threats, such as hackers, coming from another network,
According to the Microsoft Computer Dictionary (Fifth Edition), a firewall
is a security system that is intended to protect an organization’s network
such as the Internet.
Simply put, a firewall is a hardware or software device used to keep
undesirables electronically out of a network the same way that locked
doors and secured server racks keep undesirables physically away from a
network. A firewall filters traffic crossing it (both inbound and out-
bound) based on rules established by the firewall administrator. In this
way, it acts as a sort of digital traffic cop, allowing some (or all) of the sys-
tems on the internal network to communicate with some of the systems
on the Internet, but only if the communications comply with the defined
rule set.
While differing topologies can be effectively used together, in some instances
they need to be used completely separately from each other.The next sections
examine the concept of security zones, how to employ them on a network, how
they work, and what they can provide in regards to increased security.
EXAM WARNING
Make sure you know the definitions of and the differences between a
firewall and a DMZ.
www.syngress.com
