|
Sunday, 29 July 2007 |
|
Attack techniques have evolved to where traditional packet filtering
firewalls, proxies, and even intrusion prevention systems are
dramatically less effective at securing a corporate network. The common
flaw in most perimeters is that they are designed to thwart inbound
session establishment, while being relatively permissive in what they
pass towards the Internet. This paper outlines the top five traffic
patterns that currently breach most network perimeters.
Figure 1 graphically details the typical problem with most Internet
perimeters. The legacy method of designing a network perimeter was to
install a firewall that controls Internet traffic. The firewall is
typically configured to control inbound session establishment such that
access is only permitted to hosts on a screen subnet. Further, since
the internal systems are deemed to be trustworthy, little to no control
is placed on outbound access. Even if content checking is bring
performed, encrypted communication channels such as SSL, SSH and IPSec
are not scrutinized as the data stream is already encrypted.
Read more at Sans.edu
|
