Network Protection Systems – Chapter 13

This chapter is all about network protection systems with a focus on several key elements such as routers, firewalls, web filtering and honeypots. The first section begins with Routers and explains protocols, basic hardware, and then follows up with taking a closer look at Cisco routers. A strong point made was that routers are used as network protection devices. This is accomplished through having similar components as a computer. Such as the following:

• Random access memory (RAM) – The component holds the router’s running configuration, routing tables, and buffers. If you turn off the router, the contents stored in RAM are eased. Any changes you make to a router’s configuration, such as changing the prompt displayed, are stored in RAM and aren’t permanent unless you save the configuration.
• Nonvolatile RAM (NVRAM) - This component holds the router’s configuration file, but the information isn’t lost if the router is turned off.
•  Flash memory – This component holds the IOS the router is using, it’s rewritable memory, so you can upgrade the IOS if cisco releases a new version or the current IOS version becomes corrupted.
• Read only memory (ROM) – This component contains a minimal version of cisco’s IOS that’s used to boot the router if flash memory gets corrupted. You can boot the router and then correct any problems with the IOS, possibly installing a new, uncorrupted version.
• Interfaces – These components are the hardware connectivity points to the router and the components you’re most concerned with. An Ethernet port, for example is an interface that connects to a Lan and can be configured to restrict traffic from a specific IP address, subnet, or network.

The computers Firewall is an important part to the network protection. It serves two main purposes. The first is controlling access traffic entering an internal network and second controlling traffic leaving an internal network. There are both hardware and software firewalls they each have their own advantages and disadvantages. The security tester must pay close attention to this aspect of network protection.

A honeypot is a place on the network perimeter that contains information or data intended to lure or trap hackers. The purpose of this is to distract hackers from getting legitimate data. Another objective of the honeypot is to attract hackers to the phony computer long enough so they can be traced and turned over to law enforcement. A good website for more information about honeypots is www.honeynet.org.

The chapter presented a lot of good material that will certainly help in protecting a network system. There were many helpful websites as well as charts and diagrams.