-- PAGE 10 --
Some Historic developments in Network Security cont...
Around the year 2000, although firewall solutions remained important and necessary, they nonetheless failed to prevent attacks exploiting open ports through which an extensive variety of new attacks and intrusions were launched. Such attacks bypassed the firewall rules by either upper layer intrusion or taking advantage of newly discovered network vulnerabilities. By this time, the accessibility of network resources, zero loss effort on network management, risk control and on-demand bandwidth balance are all being factoring into assessing the stability of secure networks. These requirements obviously fall outside of the capability of a firewall or internal security policies to prevent without human intervention. Meanwhile, more risks emerged from both inside the network and ones external to the network, and a network based monitoring and analysis structure started to be developed. The Intrusion Detection System (IDS), was designed for this purpose. (See figure 8)
Figure 8: Typical Network Security Model in 1999
As discussed, the Intrusion Detection System (IDS) was developed in order to analyze network traffic and uncover malicious dataflows, and also, to identify vulnerabilities on the network upon the basis of evidence gathered from the logs for current and previous attacks. The reports which the IDS generated helped to indicate which hosts and network elements needed to be better protected. Compared to the previous security model, it is apparent that the essentials of network security measurements were being driven by the rapidly evolving nature of the network environment, including new hardware platforms and application services and new devices e.g. multilayer switches, IDS sensors, new IT infrastructures, such as VPNs, wireless LANs and new cross-layer business applications like VoIP. Also, since the bandwidth bottleneck between local networks and WANs was omitted, a large amount of web based services and applications were open to the public and facing global service requests. By tracing the actual changes to the security model, the evaluation factors of common security measurement are easier to address.
-- PAGE 10 --
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Glossary |
References
Xuhua Ji, September 2007
(You are free to reproduce any of the information in this article or part thereof, so long as the byline remains intact and a link is provided back to this page)
add to del.icio.us
0870 393 0044
free articles
- Internet marketing tips - onsite SEO (pdf opens in a new window) read more >>
- Email messaging services and protocols (pdf opens in a new window) read more >>
- Search engine optimisation: an integrated approach (opens in a new window) read more >>
- How to find a good web designer or eCommerce provider - read more >>
- How to keep old computers out of landfill - read more >>
- How enterprises can save money on software licenses - read more > >
- More green computing tips for businesses - read more > >
- How to find a domain name - read more > >
- how to find a web hosting package - read more > >
- IPSs- an intro read more > >
free links
- free technical resource links read more > >
- list of free business directories read more > >