Page 458 - StudyBook.pdf
P. 458

442    Chapter 7 • Topologies and IDS


                  ■   Make sure that the firewall is configured properly to stop attack attempts
                      at the firewall.There are many different opinions on how to do this, but
                      the majority of security professionals agree that you should start with a
                      deny all or “block everything” mentality and then open the firewall on a
                      case-by-case basis, thereby only allowing specific types of traffic to cross it
                      (regardless of which direction the traffic is flowing). It’s important to
                      remember that each open port and service offers the attacker an additional
                      path from which he may potentially target the network.

                  ■   Additionally, make sure that the firewall is configured properly to prevent
                      unauthorized network traffic, such as file sharing programs (for example,
                      BitTorrent, Gnutella or Morpheus) from being used on the internal net-
                      work.These types of programs can sometimes be difficult to block, but it
                      can be done.
                  ■   Make sure the firewall will watch traffic that egresses or leaves the net-
                      work from trusted hosts, and ensure that it is not intercepted and altered
                      en route; steps should also be taken to try to eliminate spoofing from
                      attackers.
                  ■   Make sure that the antivirus software is in use and up to date. Consider
                      implementing an enterprise-level solution, consisting of a central server
                      responsible for coordinating and controlling the identification and collec-
                      tion of viruses on your network.
                  ■   Educate users on the necessity of keeping their computers logged out
                      when not in use.
                  ■   Implement Secure Internet Protocol (IPSec) on the intranet between all
                      clients and servers to prevent eavesdropping; note that more often than
                      not, the greatest enemy lies on the inside of the firewall.
                  ■   Conduct regular, but unannounced, security audits and inspections. Be
                      sure to closely monitor all logs that are applicable.
                  ■   Do not allow the installation of modems or unsecured wireless access
                      points on any intranet computers. Do not allow any connection to the
                      Internet except through the firewall and proxy servers, as applicable.











          www.syngress.com
   453   454   455   456   457   458   459   460   461   462   463