Specifications

Most companies rely on their own networks to exchange and process mission-

critical information for in-house purposes, such as an intranet, databases,

and e-mail. Without the proper protection mechanisms in place, all this data

would be widely available to the outside world as soon as the local network

was connected to the Internet — something that could obviously cause alot of

damage, especially for companies.

It’s easy to run a secure computer system. You just have to

disconnect all dial-up connections and permit only direct-wired

terminals, put the machine and its terminals in a shielded room, and

post a guard at the door.

F.T. Grampp and R.H. Morris

In the real world, it is impossible to run a computer system in this way. If you

are an administrator, you will know all too well about the problems arising from

the increasing number of networked machines. After all, you are the person

who has to deal with the situation on a daily basis. Up to now, your network

may have been quite manageable. It was once possible to know the users on a

network and provide network functionality to your users mainly on the basis

of trust relationships, which kept the administrative overhead at a reasonable

level. Now, with connections to the Internet commonplace, things have changed

dramatically, as have the duties of the administrator. All at once, there are users

who are completely unknown who can use resources on your network, such as

the web server.

These users need to be handled in a totally different manner than your company’s

internal employees. On the other hand, it has been proven that eighty percent

of all attacks on corporate networks are not carried out from the Internet. There

are other reasons to protect the corporate network and to restrict access to it:

crackers, or intruders, are always on the lookout for places to store pirated

software or, even worse, contents prohibited by law. Not taking any measures

against this could not only mean that the company could open itself up to legal

prosecution, but could also put your company’s good reputation at stake.

Today, there are a number of different mechanisms available to prevent unau-

thorized access to corporate networks and resources (i. e., disk space or CPU

capacity), from IP packet ﬁlters on routers to multiple-level ﬁrewall solutions

complete with a demilitarized zone (DMZ). In a general sense, of course, the

word “ﬁrewall” is used for a device prevent the spreading of ﬁres. Firewalls

made of bricks are found in buildings where they are used to isolate whole

sections from each other and in cars a special metal plate shields the passenger

compartment from the engine compartment. Similarly, the purpose of Internet