Hello readers, this time I am going to show how to design a network and safeguard your internal network like web server,ftp server and other system from attacker. Recently there was an attack in an educational institution
which is due to improper placement of firewall and improper configuration of the router.
This picture will show the network setup of an attacked network.
ok as the figure indicates the WAN link is the interface through which the user in the internet connect to the network. and the gateway here is ROUTER and the other interface of the ROUTER is an local IP or internal network's IP.
When ever you design an network the firewall should be used to protect the network , even though we use an firewall it is not still safe, because the protection of the networks depends on placement of the firewall, i.e placing the firewall outside the network or inside the local area network.
Most of the attacks where done from outside of the local network than the internal network attack, so the firewall should be placed outside the network as shown below.
Recently one such attack had been took place to an university by compromising the cisco router, which was acting as a gateway and the firewall was placed inside the local network.
The idea of the admin was to allow all traffics to get into the local network first and then to block the unwanted packets but, he didn't think what will happen if the router have been compromised or an DOS attack takes place. The cisco router which they used was not configured securely and the router was given remote management access which is vulnerable. The admin should have placed the firewall outside the LAN and blocked the unwanted packets and services first and then left it into the LAN.
Now since the router have been attacked the whole internal network had been isolated from the internet, but the interesting part is no one in the internal network will come to know that their web server is down since its in the same network they can access with in the network
Measures to be taken:
* As I said use the firewall as the gateway, which prevents all most all possible attacks.
* Change the default password and settings in all the device.
* Don't allow any service to the device to manage it from remotely ; close telnet, SSh, HTTP .
* Enable logging on the router to trace out the attacker and to know what went wrong.
* Monitor the network 24*7.
* Recruit talented and knowledgeable IT admin. Admin need to keep updating their knowledge and should be aware of possible attacks.
"Secure the network to save your country"
In following week we will see how to configure the cisco router securely and protect from hacker.
which is due to improper placement of firewall and improper configuration of the router.
This picture will show the network setup of an attacked network.
ok as the figure indicates the WAN link is the interface through which the user in the internet connect to the network. and the gateway here is ROUTER and the other interface of the ROUTER is an local IP or internal network's IP.
When ever you design an network the firewall should be used to protect the network , even though we use an firewall it is not still safe, because the protection of the networks depends on placement of the firewall, i.e placing the firewall outside the network or inside the local area network.
Most of the attacks where done from outside of the local network than the internal network attack, so the firewall should be placed outside the network as shown below.
Recently one such attack had been took place to an university by compromising the cisco router, which was acting as a gateway and the firewall was placed inside the local network.
The idea of the admin was to allow all traffics to get into the local network first and then to block the unwanted packets but, he didn't think what will happen if the router have been compromised or an DOS attack takes place. The cisco router which they used was not configured securely and the router was given remote management access which is vulnerable. The admin should have placed the firewall outside the LAN and blocked the unwanted packets and services first and then left it into the LAN.
Now since the router have been attacked the whole internal network had been isolated from the internet, but the interesting part is no one in the internal network will come to know that their web server is down since its in the same network they can access with in the network
Measures to be taken:
* As I said use the firewall as the gateway, which prevents all most all possible attacks.
* Change the default password and settings in all the device.
* Don't allow any service to the device to manage it from remotely ; close telnet, SSh, HTTP .
* Enable logging on the router to trace out the attacker and to know what went wrong.
* Monitor the network 24*7.
* Recruit talented and knowledgeable IT admin. Admin need to keep updating their knowledge and should be aware of possible attacks.
"Secure the network to save your country"
In following week we will see how to configure the cisco router securely and protect from hacker.
No comments:
Post a Comment