Printer Friendly
The Free Library
22,728,043 articles and books

Layer on your security.

True enterprise security is a combination of on-premise defenses and those that stand at the provider's edge, fighting crippling attacks before they reach an enterprise's firewall. In order to sufficiently protect themselves, enterprises must understand the different types of threats, how they work and, most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent"
above all, most especially
, how they can be avoided.

Denial-of-service (DOS) and distributed denial-of-service (DDoS) attacks are the most common type of enterprise security breach. These attacks can originate from anywhere in the world and are launched from compromised computers, which either have defective software (many users forget to download the recommended patches) or have remotely controllable soltware loaded on them.

Specific Web sites are the most common targets of DoS and DDoS attacks, hut because these attacks are often self-perpetuating and difficult to stop once they start, they can also quickly reach the servers of an enterprise. The result of a DoS or a DDoS attack is network paralysis-the server becomes overwhelmed and cannot process the requests, often causing legitimate business to slip through the cracks. To prevent DoS and DDoS attacks, enterprises should take a layered approach to security.

The first line of defense is a CPE-based, Layer 3 stateful packet inspection See stateful inspection.  firewall. CPE-based firewalls are housed on the customer's premise and provide protection for the in-building LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. . Companies can set their firewall to only accept traffic from specific people and businesses and, thus, thwart unauthorized packets from entering the company's network.

CPE-based firewalls are dependent on good information from the on-site IT staff and/or the service provider managing the service. If a dangerous source is mistakenly approved, the enterprise becomes vulnerable. Companies should constantly monitor the flow of traffic, looking for Looking for

In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with.
 anomalies and warning signals. This way, new threats can be quickly assessed and the firewall adjusted accordingly.

Due to the unique placement of the device within the service provider's network, the network-based firewall can push protection into the ISP (1) See in-system programmable.

(2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines.
 cloud, allowing for DoS and DDoS detection, alerting and mitigation before it reaches the enterprise's firewall.

A network-based firewall also enables the ISP to customize its settings for each enterprise, implementing the same policies the customer has on its premise into the network. This type of security is particularly attractive to small and medium-sized companies that may not have an IT person on staff to constantly monitor the flow of traffic.

Some enterprises choose to implement an IP virtual private network (VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. ) service in tandem Adv. 1. in tandem - one behind the other; "ride tandem on a bicycle built for two"; "riding horses down the path in tandem"
 with either or both the on-premise and network-based firewalls. An IP VPN service allows enterprises to create their own virtual network, sending information within companies without fear of attack or confidentiality being breached. Because of the settings on the IP VPN, only authenticated members of the communication's flow have the "key" to decode the encrypted message. Normally, a communications provider configures and manages this service, taking the data from end-users, encrypting it and sending it to its destination.

This type of premise-to-premise data encryption data encryption, the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign  may be required by businesses in industries with mandated privacy acts, such as healthcare with the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.

According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when
 and financial services companies with the Gramm Leach Bliley Act.

This multilayered approach to security is best for companies that rely on mission-critical data to manage their business, host Web sites or maintain e-mail servers, communicate between multiple locations or transmit valuable data over their networks.

For more information from Time WornerTelecom:

This article was provided by Mike Rouleau rouleau /rou·leau/ (roo-lo´) pl. rouleaux´   [Fr.] an abnormal group of red blood cells adhering together like a roll of coins.


pl. rouleaux [Fr.] a roll of red blood cells resembling a pile of coins.
, a senior vice president at Time Warner Telecom Time Warner Telecom NASDAQ: TWTC is headquartered in Littleton, Colorado.

The company provides managed network services, specializing in Ethernet and transport data networking, Internet access, local and long distance voice, VoIP and security, to enterprise
, Littleton, Colo.
COPYRIGHT 2005 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005 Gale, Cengage Learning. All rights reserved.

 Reader Opinion




Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Network Security
Author:Rouleau, Mike
Publication:Communications News
Date:Mar 1, 2005
Previous Article:Reduce the threat from computers: adding network-based policy enforcement to the LAN protects against endpoint attacks.
Next Article:Shore up your network.

Related Articles
How to secure switches and routers: security-in-depth philosophy marries traditional network security technologies with implementations. (Special...
Application layer awareness is key: adding voice to converged infrastructure brings several challenges.
A new network perimeter.
Top Layer Networks Releases Network Security Analyzer; Extends IPS 5500 User Response to Security Incidents.
Top Layer Networks Releases Network Security Analyzer V5.0; Enables Faster Customer Response to Security Incidents.
Top Layer and NH&A, LLC Partner to Bring Award-Winning Intrusion Prevention Systems to Growing Market for Proactive Security Solutions.
Top Layer and Tenable Network Security Partner to Provide Intelligent Defense-In-Depth Security.

Terms of use | Copyright © 2014 Farlex, Inc. | Feedback | For webmasters