|
Posted by Will on March 20, 2008, 7:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options > Will wrote:
>
>> To protect internal users and networks I really like the approach used in
>> the Fortinet Fortigate firewall appliances, which integrate a lot of
>> anti-virus, intrusion protection, and other higher level abstractions
>> directly into the firewall. The Fortigate is just a standard firewall,
>> however, when it comes to protecting internal servers against hackers.
>> For example, you can design a set of firewall rules that might limit
>> incoming connections to the web server to port 80, but there is no
>> protocol level inspection of incoming HTTP requests, to detect or block
>> specific kinds of probes or attacks against the web server.
>
> If the internal servers are on a separate subnet traffic to them can be
> inspected by a suitable filtering device just the same way that the device
> can inspect traffic to/from external servers.
The attack is usually different. The user inside the network using a
browser goes to a page with a trojan and it is embedded as an Active/X, for
example. So a defense against that would be to inspect the active/x binary
during download for metainformation as well as checksum that might identify
it and then block it.
The attack against the web server you own is more likely to focus on trying
to force buffer overloads on your server, so the defense against that is
more about inspecting for bad URLs, SQL injections, etc.
--
Will
| 
XML site map