Printer Friendly

Layer on your security.

True enterprise security is a combination of on-premise defenses and those that stand at the provider's edge, fighting crippling attacks before they reach an enterprise's firewall. In order to sufficiently protect themselves, enterprises must understand the different types of threats, how they work and, most importantly, how they can be avoided.

Denial-of-service (DOS) and distributed denial-of-service (DDoS) attacks are the most common type of enterprise security breach. These attacks can originate from anywhere in the world and are launched from compromised computers, which either have defective software (many users forget to download the recommended patches) or have remotely controllable soltware loaded on them.

Specific Web sites are the most common targets of DoS and DDoS attacks, hut because these attacks are often self-perpetuating and difficult to stop once they start, they can also quickly reach the servers of an enterprise. The result of a DoS or a DDoS attack is network paralysis-the server becomes overwhelmed and cannot process the requests, often causing legitimate business to slip through the cracks. To prevent DoS and DDoS attacks, enterprises should take a layered approach to security.

The first line of defense is a CPE-based, Layer 3 stateful packet inspection firewall. CPE-based firewalls are housed on the customer's premise and provide protection for the in-building LAN. Companies can set their firewall to only accept traffic from specific people and businesses and, thus, thwart unauthorized packets from entering the company's network.

CPE-based firewalls are dependent on good information from the on-site IT staff and/or the service provider managing the service. If a dangerous source is mistakenly approved, the enterprise becomes vulnerable. Companies should constantly monitor the flow of traffic, looking for anomalies and warning signals. This way, new threats can be quickly assessed and the firewall adjusted accordingly.

Due to the unique placement of the device within the service provider's network, the network-based firewall can push protection into the ISP cloud, allowing for DoS and DDoS detection, alerting and mitigation before it reaches the enterprise's firewall.

A network-based firewall also enables the ISP to customize its settings for each enterprise, implementing the same policies the customer has on its premise into the network. This type of security is particularly attractive to small and medium-sized companies that may not have an IT person on staff to constantly monitor the flow of traffic.

Some enterprises choose to implement an IP virtual private network (VPN) service in tandem with either or both the on-premise and network-based firewalls. An IP VPN service allows enterprises to create their own virtual network, sending information within companies without fear of attack or confidentiality being breached. Because of the settings on the IP VPN, only authenticated members of the communication's flow have the "key" to decode the encrypted message. Normally, a communications provider configures and manages this service, taking the data from end-users, encrypting it and sending it to its destination.

This type of premise-to-premise data encryption may be required by businesses in industries with mandated privacy acts, such as healthcare with the Health Insurance Portability and Accountability Act and financial services companies with the Gramm Leach Bliley Act.

This multilayered approach to security is best for companies that rely on mission-critical data to manage their business, host Web sites or maintain e-mail servers, communicate between multiple locations or transmit valuable data over their networks.

For more information from Time WornerTelecom:

This article was provided by Mike Rouleau, a senior vice president at Time Warner Telecom, Littleton, Colo.
COPYRIGHT 2005 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Network Security
Author:Rouleau, Mike
Publication:Communications News
Date:Mar 1, 2005
Previous Article:Reduce the threat from computers: adding network-based policy enforcement to the LAN protects against endpoint attacks.
Next Article:Shore up your network.

Related Articles
How to secure switches and routers: security-in-depth philosophy marries traditional network security technologies with implementations. (Special...
Application layer awareness is key: adding voice to converged infrastructure brings several challenges.
A new network perimeter.
Top Layer Networks Releases Network Security Analyzer; Extends IPS 5500 User Response to Security Incidents.
Top Layer Networks Releases Network Security Analyzer V5.0; Enables Faster Customer Response to Security Incidents.
Top Layer and NH&A, LLC Partner to Bring Award-Winning Intrusion Prevention Systems to Growing Market for Proactive Security Solutions.
Top Layer and Tenable Network Security Partner to Provide Intelligent Defense-In-Depth Security.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters