Premium Essay

Discuss the Roles and Motivations for Separately Filtering Ingress and Egress Traffic in the Enterprise Network. Describe Separate Conditions for Both Ingress and Egress Traffic as They Transit the Network. Discuss:

In: Computers and Technology

Submitted By nitkkr
Words 763
Pages 4
Discuss the roles and motivations for separately filtering ingress and egress traffic in the enterprise network. Describe separate conditions for both ingress and egress traffic as they transit the network. Discuss: What roles do ingress and egress filtering play in protecting a network? How do protective isolations help to protect a network? Why do we need to separate and isolate the types of traffic?

Ingress filtering is the filtering of any IP packets with untrusted source addresses before they have a chance to enter and affect your system or network. It can protect users from malicious attacks based on spoofing, where a hacker attempts to make a packet look like it originated from somewhere else. Internet service providers (ISPs) typically use ingress filtering to defend their customers and an individual home or office network can have additional safety measures in place. One major use for ingress filtering is to combat denial of service (DOS) attacks. These attacks rely on flooding networks with packets, many of which are spoofed to conceal their origins. The network can catch packets an ISP may not have identified as a problem, depending on the type of filtering used. This adds an extra layer of security for individual users, along with other safety measures like scanning incoming information for viruses and other malicious software that may pose a risk to the safety of computer systems or data on the network. It is also possible to compare the spoofing information against known databases to connect hacking attacks for the purpose of tracking infected computers and malicious users.
A network firewall is hardware and/or software designed to protect a network from unsafe network communications. A network firewall can permit only authorized messages to enter a network; this is ingress filtering.
Possibly condition ingress traffic to ensure that packets which…...

Similar Documents

Premium Essay

Computer Networks

...reserved. No part of this book may be reproduced, in any form or by any means, without permission in writing from the publisher. Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 Pearson Education LTD. Pearson Education Australia PTY, Limited Pearson Education Singapore, Pte. Ltd. Pearson Education North Asia Ltd. Pearson Education Canada, Ltd. Pearson Educación de Mexico, S.A. de C.V. Pearson Education — Japan Pearson Education Malaysia, Pte. Ltd. Pearson Education, Upper Saddle River, New Jersey Dedication To Suzanne, Barbara, Marvin, and the memory of Bram and Sweetie π Other bestselling titles by Andrew S. Tanenbaum Distributed Systems: Principles and Paradigms This new book, co-authored with Maarten van Steen, covers both the principles and paradigms of modern distributed systems. In the first part, it covers the principles of communication, processes, naming, synchronization, consistency and replication, fault tolerance, and security in detail. Then in the second part, it goes into different paradigms used to build distributed systems, including object-based systems, distributed file systems, document-based systems, and coordination-based systems. Numerous examples are discussed at length. Modern Operating Systems, 2nd edition This comprehensive text covers the principles of modern operating systems in detail and illustrates them with numerous real-world examples. After an introductory chapter, the next five chapters deal with the basic concepts:......

Words: 292171 - Pages: 1169

Premium Essay

Dmz Ingress/Egress

...red and placed in a green box represent the DMZ which is needed to establish secure email and web ingress traffic. The green box around the red devices represents the physical security of the devices in the DMZ. The devices that are highlighted blue and placed in the yellow box represents the devices on the network that controls egress traffic. The yellow box represent the physical security for those devices. Filtering Schema The Ingress traffic will flow through the router where its filter through the firewall then Proxy Server. After its filter by the Proxy Server it will flow to the Web and Email Servers where it makes contact with the switch-first network device. Anti-virus, malware, and intrusion detection software will be implemented to discover any harmful traffic that may have been missed by the firewall or was a product of an end-user inadvertently downloading malicious malware onto the network. It’s critical to close all unused ports on the network to reduce the risk of attack. There will be a policy in place that updates patches for all VPN and remote-access end-users to ensure that the devices security corresponds with the rest of the network. A layered approach would be to also implement account threshold, attempts, and reset authentication policies. The Diagram below is an example of what devices would be in a DMZ and the position that the Ingress traffic would flow to in order to maintain security integrity....

Words: 253 - Pages: 2

Premium Essay

Integrative Network Design

...Integrative Network Design NTC 362 Integrative Network Design This project will consist of five different phases totaling a timeline of six months. The first month will be the planning phase. This phase will have a deadline no longer than 30 days. After the first 30 days, the second phase will take into effect, which is the installation phase. This phase will also have a timeline of no more than 30 days. The Third Phase will be the longest phase of a timeline of 60 days. The third phase will be the testing phase. The testing phase is important because this is the troubleshooting phase. Troubleshooting is important to ensuring the new system is running up to optimal standards. The fourth phase will have a deadline of 30 days. The fourth phase is the Training Phase, and our trainers only need a month to convert the needed employees to the new system. The Fifth and Final Stage is our Final Evaluation/Lessons Learned Stage. At this point, the system is at full running operation, and for the last month the system will be ready for a full evaluation. Riordan Manufacturing is a fast growing business, and has grown into a large fortune 1000 company. As they grew into this large company they have been encountering problems with lost or misplaced material. As of now Riordan’s material is manually tracked by paper and pen by employees then entered into a database by an inventory clerk at the end of the day. This is causing them to misplace customer packages resulting in......

Words: 2910 - Pages: 12

Free Essay

Traffic Merging for Energy-Efficient Datacenter Networks

...Traffic Merging for Energy-Efficient Datacenter Networks Alessandro Carrega Suresh Singh Roberto Bruschi Raffaele Bolla Portland State University National Inter-University Consortium for University of Genoa University of Genoa Genoa, Italy Telecommunications (CNIT) Portland, OR 97207 Genoa, Italy raffaele.bolla@unige.it Genoa, Italy singh@cs.pdx.edu alessandro.carrega@unige.it roberto.bruschi@cnit.it Abstract—Numerous studies have shown that datacenter networks typically see loads of between 5% – 25% but the energy draw of these networks is equal to operating them at maximum load. In this paper, we propose a novel way to make these networks more energy proportional – that is, the energy draw scales with the network load. We propose the idea of traffic aggregation, in which low traffic from N links is combined together to create H < N streams of high traffic. These streams are fed to H switch interfaces which run at maximum rate while the remaining interfaces are switched to the lowest possible one. We show that this merging can be accomplished with minimal latency and energy costs (less than 0.1W) while simultaneously allowing us a deterministic way of switching link rates between maximum and minimum. Using simulations based on previously developed traffic models, we show that 49% energy savings are obtained for 5% of the load while we get an energy savings of 22% for a 50% load. Hence, forasmuch as the packet losses are statistically insignificant, the results show that......

Words: 4509 - Pages: 19

Premium Essay

Computer Networks

...computer networks Table of Contents DECLARATION 2 INTRODUCTION 5 PURPOSE 5 NETWORK CRITERIA 6 Performance 6 Reliability 6 Security 6 TYPES OF NETWORK CONNECTION 6 NETWORK CLASSIFICATION 7 Connection method 7 Wired technologies 7 Wireless technologies 8 Scale 9 Personal Area Network 9 Local Area Network 9 Metropolitan Area Networks 10 Wide Area Network 10 Network Architecture 10 BASIC HARDWARE COMPONENTS 14 Network interface cards 14 Repeaters 14 Hubs 14 Bridges 15 Switches 15 Routers 15 Modem 16 CABLE STANDARD 16 Connectors and other information 16 Conductors required 17 Characteristics 17 ACCESS CONTROL METHODS 19 Token Based Access 19 Token priority 19 Carrier Sense Multiple Access with Collision Detection (CSMA/CD) 20 Collision detected procedure 20 INTRODUCTION A computer network, often simply referred to as a network, is a group of computers and devices interconnected by communications channels that facilitate communications among users and allows users to share resources. Networks may be classified according to a wide variety of characteristics. A computer network allows sharing of resources and information among interconnected devices. In the 1960s, the Advanced Research Projects Agency (ARPA) started funding the design of the Advanced Research Projects Agency Network (ARPANET) for the United States Department of Defense. It was the first computer network in the World.  Development of the......

Words: 5343 - Pages: 22

Free Essay

Network 320 Week 4 Wireless Network Traffic

...Wireless Network Traffic DeVry University Wireless Network Traffic More and more traffic is being moved to wireless networks of various types. Voice traffic in particular can provide substantial savings on a company’s telephone service. It allows companies to use an IP network to make phone calls instead of the traditional telephone companies' public switched telephone network (PSTN). Although cost savings is the biggest advantage to using wireless networks for voice traffic, there are still a few issues and limitations. When voice traffic travels over a wireless network, the packets must compete with occurrences that may affect the overall voice quality. The primary factors that determine voice quality are packet loss, latency and jitter. Packet loss occurs when packets sent over the network are not properly received by end stations, causing them to be discarded by the receiver. There are several reasons why packet loss can occur. Overloaded links, overload in the receiving device, excessive collisions in the wireless link, physical media errors due to interference and low link quality are among a few of the reasons why packet loss happens. Packet loss can and will degrade voice quality. Some protocols such as TCP will ask the receiver for retransmission or the sender automatically resend any segments that have not been acknowledged when packet loss occurs. Others solutions to eliminate packet loss are: reduce the number of packets transmitted and enable the end......

Words: 588 - Pages: 3

Free Essay

Networks

...The Wealth of Networks The Wealth of Networks How Social Production Transforms Markets and Freedom Yochai Benkler Yale University Press New Haven and London Copyright _ 2006 by Yochai Benkler. All rights reserved. Subject to the exception immediately following, this book may not be reproduced, in whole or in part, including illustrations, in any form (beyond that copying permitted by Sections 107 and 108 of the U.S. Copyright Law and except by reviewers for the public press), without written permission from the publishers. The author has made an online version of the book available under a Creative Commons Noncommercial Sharealike license; it can be accessed through the author’s website at http://www.benkler.org. Printed in the United States of America. Library of Congress Cataloging-in-Publication Data Benkler, Yochai. The wealth of networks : how social production transforms markets and freedom / Yochai Benkler. p. cm. Includes bibliographical references and index. ISBN-13: 978-0-300-11056-2 (alk. paper) ISBN-10: 0-300-11056-1 (alk. paper) 1. Information society. 2. Information networks. 3. Computer networks—Social aspects. 4. Computer networks—Economic aspects. I. Title. HM851.B457 2006 303.48'33—dc22 2005028316 A catalogue record for this book is available from the British Library. The paper in this book meets the guidelines for permanence and durability of the Committee on Production Guidelines for Book Longevity of the Council on Library Resources. 10 9 8 7 6 5 4 3 2 1...

Words: 214717 - Pages: 859

Premium Essay

Network Security

...CHAPTER Firewall Fundamentals 2 T o some network administrators, a firewall is the key component of their infrastructure’s security. To others, a firewall is a hassle and a barrier to accomplishing essential tasks. In most cases, the negative view of firewalls stems from a basic misunderstanding of the nature of firewalls and how they work. This chapter will help dispel this confusion. This chapter clearly defines the fundamentals of firewalls. These include what a firewall is, what a firewall does, how it performs these tasks, why firewalls are necessary, the various firewall types, and filtering mechanisms. Once you understand these fundamentals of firewalls, you will be able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefits of effective firewall architecture will become clear. Like any tool, firewalls are useful in solving a variety of problems and in supporting essential network security. Chapter 2 Topics This chapter covers the following topics and concepts: • What a firewall is • Why you need a firewall • How firewalls work and what they do • What the basics of TCP/IP are • What the types of firewalls are • What ingress and egress filtering is • What the types of firewall filtering are • What the difference between software and hardware firewalls is • What dual-homed and triple-homed firewalls are • What the best placement of a firewall is 43 Chapter 2 Goals When you......

Words: 15367 - Pages: 62

Premium Essay

Voice, Video, Network

... VOICE, VIDEO, AND DATA NETWORK CONVERGENCE VOICE, VIDEO, AND DATA NETWORK CONVERGENCE ARCHITECTURE AND DESIGN, FROM VOIP TO WIRELESS JUANITA ELLIS CHARLES PURSELL JOY RAHMAN Amsterdam Boston London New York Oxford San Francisco Singapore Sydney Tokyo Paris San Diego This book is printed on acid-free paper. Copyright 2003, Elsevier Science (USA). All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford, UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: permissions@elsevier.com.uk. You may also complete your request on-line via the Elsevier Science homepage (http://elsevier.com), by selecting “Customer Support” and then “Obtaining Permissions.” Explicit permission from Academic Press is not required to reproduce a maximum of two figures or tables from an Academic Press chapter in another scientific or research publication provided that the material has not been credited to another source and that full credit to the Academic Press chapter is given. Academic Press An imprint of Elsevier Science 525 B Street, Suite 1900, San Diego, California 92101-4495, USA http://www.academicpress.com Academic Press 84 Theobald’s Road, London WC1X......

Words: 125371 - Pages: 502

Free Essay

Lab #10 Securing the Network with an Intrusion Detection System (Ids)

...Lab #10 Securing the Network with an Intrusion Detection System (IDS) Introduction Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS......

Words: 3209 - Pages: 13

Premium Essay

Networks

...Chapter 1 Analyzing Business Goals and Constraints This chapter serves as an introduction to the rest of the book by describing top-down network design. The first section explains how to use a systematic, top-down process when designing computer networks for your customers. Depending on your job, your customers might consist of other departments within your company, those to whom you are trying to sell products, or clients of your consulting business. After describing the methodology, this chapter focuses on the first step in top-down network design: analyzing your customer’s business goals. Business goals include the capability to run network applications to meet corporate business objectives, and the need to work within business constraints, such as budgets, limited networking personnel, and tight timeframes. This chapter also covers an important business constraint that some people call the eighth layer of the Open System Interconnection (OSI) reference model: workplace politics. To ensure the success of your network design project, you should gain an understanding of any corporate politics and policies at your customer’s site that could affect your project. The chapter concludes with a checklist to help you determine if you have addressed the business issues in a network design project. Using a Top-Down Network Design Methodology According to Albert Einstein: 000200010270745975 “The world we’ve made as a result of the level of thinking we have......

Words: 8812 - Pages: 36

Premium Essay

Network

...Home » Resources » Networking Tutorials » Network Switching Tutorial Network Switching Tutorial Network Switching Switches can be a valuable asset to networking. Overall, they can increase the capacity and speed of your network. However, switching should not be seen as a cure-all for network issues. Before incorporating network switching, you must first ask yourself two important questions: First, how can you tell if your network will benefit from switching? Second, how do you add switches to your network design to provide the most benefit? This tutorial is written to answer these questions. Along the way, we’ll describe how switches work, and how they can both harm and benefit your networking strategy. We’ll also discuss different network types, so you can profile your network and gauge the potential benefit of network switching for your environment. What is a Switch? Switches occupy the same place in the network as hubs. Unlike hubs, switches examine each packet and process it accordingly rather than simply repeating the signal to all ports. Switches map the Ethernet addresses of the nodes residing on each network segment and then allow only the necessary traffic to pass through the switch. When a packet is received by the switch, the switch examines the destination and source hardware addresses and compares them to a table of network segments and addresses. If the segments are the same, the packet is dropped or “filtered”; if the segments......

Words: 3115 - Pages: 13

Free Essay

Traffic Engineering

... Traffic Engineering Design This page intentionally left blank Traffic Engineering Design Principles and Practice Second edition Mike Slinn MVA Limited, MVA House, Victoria Way, Woking GU21 1DD, UK Paul Matthews MVA Limited, Third Floor, One Berners Street, London W1T 3LA, UK Peter Guest 8 The Grove, Farnborough, Hampshire GU14 6QR, UK AMSTERDAM • BOSTON • HEIDELBERG • LONDON • NEW YORK • OXFORD PARIS • SAN DIEGO • SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Elsevier Butterworth-Heinemann Linacre House, Jordan Hill, Oxford OX2 8DP 30 Corporate Drive, Burlington, MA 01803 First published by Arnold, 1998 Reprinted 2003 Second edition 2005 Copyright © 2005, Elsevier Ltd. All rights reserved. No part of this publication may be reproduced in any material form (including photocopying or storing in any medium by electronic means and whether or not transiently or incidentally to some other use of this publication) without the written permission of the copyright holder except in accordance with the provisions of the Copyright, Designs and Patents Act 1988 or under the terms of a license issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London, England W1T 4LP. Applications for the copyright holder’s written permission to reproduce any part of this publication should be addressed to the publisher. Permissions may be sought directly from Elsevier’s Science and Technology Rights Department in Oxford, UK: phone: (ϩ44) (0) 1865 843830; fax: (ϩ44) (0) 1865......

Words: 83129 - Pages: 333

Free Essay

Denial of Service Attacks in Network Security

...Denial of service attacks in Network security introduction and short history of DoS attacks: Denial of service attacks are one of the major threat to the modern computer networks.It has been said that first DDoS attack was launched in 1999 against the IRC server of university of minnesota which affected 227 systems and server was down for several days.Another DoS attack was documented in the week of feb 7 2000.A 15 year old canadian hacker named “mafiaboy” performed a series of DoS attack against some sites like ebay and amazon.Companies suffered from 1.7 billion of damage.After that it became the best way of hacking among cybercriminals. People used to perform these attacks for profits.Hackers will follow the procedures like mafiaboy and ask for the money.In 2005 ,it became more easy to implement those attacks ,a boy of 18-yr old named Farid Essabar developed a worm called MyTob which used to open a backdoor in Ms windows hosts and connect to the remote IRC server.The computer then used to wait for the commands from the servers.Farid was arrested for distributing the worm.This was surely not the last case.DDoS attacks were used to attack and money extortion. As name suggests Denial of Service aka DoS, it’s main objective is to make the system to deny the legitimate service requests. Basically DoS attacks are performed by exhausting the resources of the computer like processing power,network bandwidth,TCP connection and service buffers,CPU cycles and so on.Hackers......

Words: 2218 - Pages: 9

Premium Essay

Network Support for Ip Traceback

...226 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 9, NO. 3, JUNE 2001 Network Support for IP Traceback Stefan Savage, David Wetherall, Member, IEEE, Anna Karlin, and Tom Anderson Abstract--This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back toward their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or "spoofed," source addresses. In this paper, we describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed "post mortem"--after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backward compatible, and can be efficiently implemented using conventional technology. Index Terms--Computer network management, computer network security, network servers, stochastic approximation, wide-area networks. I. INTRODUCTION D ENIAL-OF-SERVICE attacks consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Such attacks are among the hardest security problems to address because they are simple to implement, difficult to prevent, and very......

Words: 11860 - Pages: 48