Domain 1.0 Network Security – 21%
Computers, routers and other network equipment store fixed firmware in ROM modules, including:
- Erasable Programmable Read-Only Memory (EPROM)
- Electronically Erasable Programmable Read-Only Memory (EEPROM)Computer manufacturers (such as Dell), chipset manufacturers (such as Intel) and router manufacturers (such as Cisco) frequently issue firmware updates. The system administrator is responsible for knowing about and implementing these updates.
Cisco routers in particular must be carefully updated. More than one bad update has been issued by Cisco, but Cisco users will still have to do their best to keep up-to-date.
Filtering packets as they arrive is the primary means of protection. Filtering can be by:
- IP address
- Domain name
- Protocol (TCP, UDP, IP)
- Port
- Text-based, by word or phraseThe filtering criteria are called a rule base. This is a chain of rules, with a final “cleanup rule,” is scanned in sequence (“rule base scanning“), with any rejection aborting the packet’s passage into the network.
Each rule has an action:
- Allow
- Deny (which returns rejection informaion to the sender)
- Drop (which sends no information back to the sender)The critical action for the network administrator is examining log files, no less than weekly.