How Information Flows on Networks: Overview of TCP/IP and Ethernet

Almost every local area network users the Ethernet protocol, which is designed to
transmit information in packets with maximum size of about 1.4 kB, but many files are larger
than 1 MB, so those large file are divided into thousand of packets. The information to do
accomplish that is contained in the Transmission Control Protocol (TCP), Internet Protocol (IP),
and Ethernet headers. The TCP header contains fields that specify the sequential position of that
packet in relation to the entire file and the port numbers (addresses) on the sending and receiving
devices from which the file originates and where it is to be reassembled. The IP header contains
fields that specify the network address (IP address) of sending and receiving devices. Routers are
special purpose device designed to read the source and destination address fields in IP packet
headers to decide where to send (route) the packet next. The Ethernet header contains the MAC
addresses of the sending and receiving device, which is used to control the flow of traffic on the
local area network (LAN).
Border routers and the organizations main firewall use to sets of IF-THEN rules, called
Access Control Lists (ACLs), to determine what to do with arriving packets. The border router
must examine the destination IP address field in the IP packet header to determine whether the
packet is intended for the organization or should be forwarded back out to the internet. The rules
in the organizations main firewalls ACL look at other fields in the IP and TCP packet headers to
determine whether to block the incoming packet or permit it to enter.
Packet filtering is a process that uses various fields in packets IP and TCP headers to
decide what to do with the packet. Packet filtering is fast and can catch patently undesirable
traffic, but its effectiveness is limited. Just as unacceptable of physical mail is more effective if
each envelope or package is opened and inspected, control over network traffic is more effective
if the actual data are examined, a process referred to as deep packet inspection. For example,
web application firewalls use deep packet inspection to better protect an organizations e
commerce web server by examining the contents of incoming packets to permit requests for data
using the HTML get command, but block attempts to use the HTML put command to deface
the website. The added control provided by deep packet inspection, however, comes at the cost
of speed: It takes more time to examine the up to 1.4 kB of data in a packet than just the 40 or so
bytes in the IP and TCP headers.

Intrusion prevention system (IPS) is software or hardware that monitors patterns in the
traffic flow to identify and automatically block attacks. This is important because examining a
pattern of traffic is often the only way to identify undesirable activity. IPSs use two primary
techniques to identify undesirable traffic patterns. The simplest approach is to compare traffic
pattern to a database of signatures of known attacks. A more complicated approach involves
developing a profile of normal traffic and using statistical analysis to identify packets that dont
fit the profile. Its mean, blocks not only known attacks, for which signature already exist, but
also any new attacks that violate the standards. IPSs are relative new and, therefore, not without
problems, like slows overall throughput, danger of false alarms.
Internal firewalls help to restrict what data and portions of the organizations information
system particular employees can access. And also not only increasing the security but strengthens
internal control by providing a means for enforcing segregation of duties.
Securing Dial-Up Connections
Remote Authentication Dial-In User Service (RADIUS) is a standard method for
verifying the identity of users that attempting to connect via dial-in access. Dial-in users connect
to a remote access server and submit their log-in credentials. The remote access server passes
those credentials to the RADIUS server, which performs compatibility tests to authenticate the
identity of that user.
Sometimes, the employee using and install modem on their desktop workstations without
seeking permission. Its dangerous because its not filtered by the main firewall and make
attackers can easily enter (be a back door). To anticipate those situation, management need to use
war dialing software, that searching for an idle modem by programming a computer to dial
thousands of phone lines and the modem that want to connect will be disconnected.
Securing Wireless Access
Wireless access is convenient and easy, but it also provides another venue for attack and
extend the perimeter that must be protected. The following procedures need to be followed to
adequately secure wireless access are:
1. Turn on available security features. For example is WPA.
2. Authenticate all devices attempting to establish wireless access to the network before
assigning them IP address.

3. Configure all authorized wireless devices to operate only in infrastructure mode, which
force the device to connect only to wireless access points.
4. Use noninformative names for the access points address, which is called a service set
identifier (SSID).
5. Reduce the broadcast strength of wireless access points, locate them in the interior of the
building, and use directional antennas to make unauthorized reception off-premises more
difficult.
6. Encrypt all wireless traffic. Transmitted over the air and, inherently susceptible to

unauthorized interception.