Border controls are controls that sit at the junction between trusted and less trusted segments of a network. They can be firewalls, remote access servers, intrusion detection systems (IDSs), packet filtering routers, VPN servers, or a combination of these things that are located on a border between the internal private network and an external network such as the Internet, They can be the same controls used to protect gateways between geographically dispersed segments of a single organization's network or to link partner networks into an extranet. They can also be the same devices used to segment internal networks into areas of trust.
Note Most IT professionals are familiar with IDSs—security screening devices that alert the administrator to potential attacks on the network. Recently, a new type of device known as an intrusion protection system (IPS), which is built to react to and stop an attack without administrative intervention, has emerged on the market. These products detect attacks and can be programmed to respond to them. For example, the device might immediately block all traffic from the identified interloper. In addition, specific types of packets, such as those that are improperly formed (empty, inconsistent, too short, too long, arriving on the wrong ports, and so on) are dropped. Examples of these systems are Jasomi Networks' PeerPoint Intrusion Prevention System (http://www.jasomi.com/peerpointintrusion.html), Psynapse Technologies' Checkmate Intrusion Protection System (http://www.psynapsetech.com/.)
Some capabilities of these new products have been featured in firewalls and IDSs in the past. For example, some IPSs will proactively block data from an IP address or IP address range that appears to be being used in an attack. The difference with these products is the extent to which the product can and does go and the fact that the product is a separate device. The IPS idea is catching on—even the IDS manufacturers are now also touting new IPS features on their IDSs. Read about Cisco's efforts in this area at http://www.cisco.com/en/US /products/sw/secursw/ps2113/ and Internet Security System's efforts at http://www.iss.net /products_serw'ces/enterprise_protect/on/.
Firewall Considerations
Many types of firewalls are available. Most, such as Microsoft Internet Acceleration and Security server, start with the premise that all traffic should be blocked by default and require that the administrator configure access rules. Many provide additional services such as intrusion detection/protection and VPNs. Several issues reduce the effectiveness of firewalls as border controls:
About us