Page 486 - StudyBook.pdf
P. 486

470    Chapter 7 • Topologies and IDS

             Summary of Exam Objectives


             In today’s networking world, networks no longer have to be designed the same
             way.There are many options available as to how to physically and logically design a
             network.All of these options can be used to increase the security of the internal
             network by keeping untrusted and unauthorized users out.The usage of DMZs to
             segment Web and e-mail traffic to a protected zone between external and internal
             firewalls, helps prevent attacks that may deface the Web server from having any
             effect on the critical database servers. Just the same, an attack on your Web server
             will have little lasting damage.
                 A NAT device can be used to hide the private intranet from the public
             Internet. NAT devices work by translating all private IP addresses into one or more
             public IP addresses, therefore making it look as if all traffic from the internal net-
             work is coming from one computer (or a small group of computers).The NAT
             device maintains a routing table of all connection requests, and therefore is able to
             ensure that all returning packets get directed to the correct originating host.
             Extranets can be established using VPN tunnels to provide secure access to intranet
             resources from different geographic locations.VPNs are also used to allow remote
             network users to securely connect back to the corporate network.
                 IDSes are used to identify and respond to attacks on the network. Several types
             of IDSes exist, each with its own unique pros and cons.Which type you choose
             depends on your needs, and ultimately on your budget.An IPS is a newer type of
             IDS that can quickly respond to perceived attacks. Honeypots are advanced IDSes
             that can intelligently respond to attacks, actually enticing the attacker to select them
             over other real targets on the network. Honeypots can be used to distract attackers
             from real servers and keep them occupied while you collect information on the
             attack and the source of the attack.
                 After an attack has occurred, the most important thing to do is to collect all of
             the evidence of the attack and its methods.You will also want to take steps to
             ensure that the same type of attack cannot be successfully performed on the net-
             work in the future.















          www.syngress.com
   481   482   483   484   485   486   487   488   489   490   491