Chapter 2: Internetwork Security Concepts
Introduction
The key to network security can be found in understanding the choices and strategies available to you look to the building blocks of network security. These include implementing user authentication, using proxy servers and firewalls, setting up demilitarized zones, and taking advantage of port- and packet-filtering technologies. The overview of these security solutions provided by this chapter will give you an understanding of the technology; you can then build on that knowledge as later chapters discuss how different vendors implement that technology.
User authentication, the first option discussed in this chapter, is the most basic component of network security, and its success depends on the method used (encrypted, plain text, and so forth), and on the ability to keep this information from unauthorized personnel. Some of the more popular versions of user authentication include the Password Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP).
Proxy servers can provide multiple functions to your network. Not only can they provide security for your wide area network (WAN) connection, but they can also provide services like caching, port filtering, and in some products, reverse proxy. Firewalls can be software, hardware, or both, and they effectively block unauthorized access to your network just as proxy servers do. There are several types of firewalls that include software that enables them to act as a packet filter, circuit gateway, and application gateway. You should also keep in mind that the differences between these pieces of equipment are getting smaller very rapidly. The desire for...