Let’s look at some of the different integrity solutions.
One of the functions of integrity is making sure the network is up. You need to guarantee that data in fact gets where it’s supposed to This is job 1! Your network isn’t worth a thing if your routers go down. If network infrastructure isn’t reliable, business doesn’t happen. Let’s look at a few features.
TCP Intercept is designed to prevent a SYN flooding Denial of Service attack by tracking, optionally intercepting and validating TCP connection requests. A SYN flooding attack involves flooding a server with a barrage of requests for connection. However, since these messages have invalid return addresses, the connections can never be established. The resulting volume of unresolved open connections eventually overwhelms the server and can cause it to deny service to valid requests. TCP Intercept is capable of operating in two different modes – intercept mode and monitor mode.
When used in intercept mode (the default setting), it checks for incoming TCP connection requests and will proxy-answer on behalf of the destination server to ensure that the request is valid before connecting to the server. In monitor mode, TCP Intercept passively watches the connection requests flowing through, and, if a connection fails to get established in a configurable interval, it will intervene and terminate the connection attempt.
A common hacking technique is to instruct devices to send traffic along an alternate route, a less secure route, that opens up a doorway for the hacker to get in.
Route authentication enables routers to identify one another and verify each other’s legitimacy before accepting route updates. So route authentication ensures that you have trusted devices talking to trusted devices.
Integrity also means ensuring the safety of the network devices and the flows of information between them, including payload data, configuration and configuration updates.
Everyone is connecting to the Internet, so networks are vulnerable: you need to defend your perimeters. There are several kinds of network perimeter, and you may need some kind of firewall protection at each perimeter access point to reflect your security policy. Perimeter security gives customers the ability to leverage the Internet as a business resource, while protecting internal resources.
The key to network integrity is that it be implemented across all types of devices with full internetworking, so that every device in the network can participate and not be a weak link in the security implementation chain.
Let’s look at some of these technologies.
So Access Control Lists are often the first wave of defense. Security is a multi-step thing, and Access Control Lists can play an important part in this. Standard Access Control Lists can filter addresses.
So you can say, “Hey, I don’t want traffic from particular places,” maybe people that are known spammers or something like that. It may be anything. It’s not part of your extranet. So you can do permit and denies on an entire protocol suite.
Maybe you don’t want to see a particular class of service flowing through this particular router. There’s also extended Access Control Lists where we can filter the source and destination address. So if you have a list of people that you don’t want to be making connections, you can tell that to your ACL, as Access Control Lists are called.
You can sort these both on inbound and outbound, on port number. For an example, maybe you want to create a demilitarized zone, or DMZ, and you only want traffic that’s on the Web port where HTML traffic goes, which is port 80.
So this would be an example of using a port number to restrict traffic to a particular part of the network.
You can have permit and deny of specific protocols. Reflexive; in other words, Access Control Lists that can change based on certain criteria.
And also time based. Maybe you have a different set of rules during business hours as opposed to after business hours.