34
screening
routers,
proxies,
system
monitoring devices,
encryption
systems,
and
even
honeypots. Usually
they
implement multiple
layers of
each apparatus
for
better defense
system.
Intrusion detection system (IDS)
or
intrusion prevention system (IPS)
is
usually
added
among
those
layers
as
“defense
in depth”,
a
strategy
to
deeply
secure
the
system
by
monitoring any
intrusions
and
any
malicious
code
injections
to
the
system
and
preventing it to happen as possible.
2.1.7.1 Firewall
Firewall,
which can be
dedicated
hardware or
installed software, is often
used
to
strengthen computer
security
and
defense
from
malicious
activities
such
as
hackers.
Firewall
is
typically
considered
as
a
network’s
gate,
which
functions
in
allowing
and
restricting access
through
the
passage
of
network
traffic
that
is
passing
through
the
firewall based upon a set of rules.
However,
firewall cannot simply block some
particular attacks
that,
for
example, flow
through
allowed
ports.
Attacks
like
DoS
or
protocol anomalies are unbeaten while breaking through firewall.
Host
Internet
Switch
Router
Firewall
Server
Figure 6 – Basic Implementation of Firewall
 |