On the left is an enterprise network, labeled "Internal IP
Network" in the figure. In the internal network, there are users at client PCs,
like the one labeled C2. C2 uses the e-mail server and the internal web server,
named mail.fredsco.com and int.fredsco.com, respectively. The internal web
server has stuff that's only appropriate for employees who work for Fredsco.
Finally, the web server called www.fredsco.com is meant for external users, but
internal clients such as C2 will also want to browse that web server.
In the Internet side of the figure, you see a typical
Internet-based web server (www.example.com) and a typical Internet-based e-mail
server (mail.isp1.net). The client PC labeled as C3 represents a typical user on
the Internet.
The first task to secure Fredsco's network is to define what is
allowed and what shouldn't be allowed. You should keep two things in mind when
considering this dilemma:
After you know which two hosts are involved and which one
starts the process, you can determine what data is allowed to flow between the
hosts. For example, Figure 18-2 shows the
flows that I think should be allowed in the same network shown in Figure 18-1. To keep the figure a little
less cluttered, I removed some of the icons so that you could focus on the flows
between pairs of hosts. (The term flow refers to packets that are
sent from a specific host to another host, and vice versa. For instance, when
you browse a web page, packets go between your PC and that web server, and vice
versathat's a flow.)
Sections
Comments (0 posted)
Syndication
