tailieunhanh - Practical TCP/IP and Ethernet Networking- P49
Practical TCP/IP and Ethernet Networking- P49: The transmitter encodes the information into a suitable form to be transmitted over the communications channel. The communications channel moves this signal as electromagnetic energy from the source to one or more destination receivers. The channel may convert this energy from one form to another, such as electrical to optical signals, whilst maintaining the integrity of the information so the recipient can understand the message sent by the transmitter | 222 Practical TCP IP and Ethernet Networking that travels with a signal coming back through the configuration table thus obtaining all addresses. To remove this potential weakness of dynamic IP address allocation firewalls can track the TCP sequence numbers and port numbers of originating TCP IP connections. In order for spoofers to penetrate the firewall to reach an end server they would need not only the IP address but the port number and TCP sequence numbers as well. To minimize the possibility of unauthorized network penetration some firewalls also support sequence number randomization a process that prevents potential IP address spoofing attacks as described in a Security Advisory CA-95 01 from the Computer Emergency Response Team CERT . Essentially this advisory proposes to randomize TCP sequence numbers in order to prevent spoofers from deciphering these numbers and then hijacking sessions. By using a randomizing algorithm to generate TCP sequence numbers the firewall then makes this spoofing process extremely difficult if not impossible. In fact the only accesses that can occur through this type of firewall are those made from designated servers which network administrators configure with a dedicated conduit through the firewall to a specific server - and that server alone. DMZs de-militarized zones Most firewalls have two ports one connected to the intranet and the other to the outside world. The problem arises on which side does one place a particular . WWW FTP or any other application server On either side of the firewall the server is exposed to attacks either from insiders or from outsiders. In order to address this problem some firewalls have a third port protected from both the other ports leading to a so-called DMZ or de-militarized zone. A server attached to this port is protected from attacks both from inside and outside. Strike back intruder response Some firewalls have a so-called intruder response function. If an attack is detected or an .
đang nạp các trang xem trước