Eicon Networks S92 Instrukcja Użytkownika Pobierz pdf (Strona 130)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 130

WithEiconcardConnectionsforWindows2000,allpacketsareforwardedfora

connectionforwhichnoIPpacketfiltersiscreated.However,buildingtoomany

filterscanbecostlyasmoreprocessinghastobedoneforeverypackethandled.We

definitelydonotwantRouter_Eiconcardtobecomethenetworkbottleneck.

RulesandOrders

Sinceallinternalsegmentsareprotectedbymultiplelayersoffirewall,screening

activitiesatRouter_Eiconcardshouldberestrictedtoonlydroppingincominginternet

trafficthathassourceaddressesbelongingtoGIAC’sinternalIPsubnets(wedothis

toprotectthenetworkagainstspoofingattack). Thiswaydelaycanbeminimizedat

thischokingpointofthenetwork.

Accordingtowebopedia.com,spoofingis:

“atechniqueusedtogainunauthorizedaccesstocomputers,wherebytheintruder

sendsmessagestoacomputerwithanIP addressindicatingthatthemessageis

comingfromatrustedhost.ToengageinIPspoofing,ahackermustfirstusea variety

oftechniquestofindanIPaddressofatrustedhostand thenmodifythepacket

1 2 ... 125 126 127 128 129 130 131 132 133 134 135 ... 208 209

Brak uwag

Eicon Networks S92 Instrukcja Użytkownika Strona 130