Keeping a Watchful Eye Over Who Drives into Your (Network) Neighborhood

Chapter 18. Keeping a Watchful Eye Over Who Drives into Your (Network) Neighborhood

What You Will Learn

After reading this chapter, you should be able to do the following:

• List some of the typical types of traffic that should and shouldn't be allowed between an enterprise network and the Internet

• Explain how a firewall can identify which host is trying to initiate a new TCP connection

• Explain how a firewall decides to allow some packets through, and not allow others

• Describe the general idea behind the use of a DMZ

• Explain the basic roles of IDS systems and anti-virus software

In many U.S. cities and towns, people in neighborhoods often take notice when they see someone driving or walking through the neighborhood who they don't know. Although it's good to be friendly to neighbors you haven't met, it also helps to figure out who doesn't really belong in the neighborhood, and possibly even who might be there to break into a house or cause other problems. In fact, some neighborhoods have a formal neighborhood watch program to watch for suspicious activity. Although you might be a little nosy when monitoring the traffic in your neighborhood, you might prevent a crime or two.

Similarly, when an enterprise network or a home PC connects to the Internet, you need to keep a watchful eye on network traffic. Although the Internet has some wonderful things, it also has many dangerous thingsand dangerous people. So, to be safe, you have to be careful and watch for things coming into your network that look a little suspicious. In this chapter, I'll hit the highlights of a few of the key tools used to help secure a connection to the Internet and prevent, or at least reduce, the impact of dangerous things and dangerous people on a network.