2.3 Analyze the technology being used 45
2.2.6
Identify industry trends and standards
This step can identify a common trend that businesses in all sectors are cur-
rently undergoing. Your business may be moving data via the Internet. Supply
chain integration may use virtual private networks (VPN) to communicate
with the vendors, including on-line ordering and JIT (Just in Time) raw
material order and delivery management.
Example. Both companies that create Widgets and Sprockets share the
same parts distributors (customers), vendors, and business partners. All the
major players in this market communicate with their suppliers via a VPN
over the Internet. Also, the parts houses are requesting the ability to gener-
ate JIT orders and on-the-fly orders via the Internet.
2.3
Analyze the technology being used
Next, you need to review your current use of technology. This review will
include your "trusted network." A trusted network is the network that a
company uses to conduct internal business. In many cases, the trusted network
is by default defined in the organization as "secure." The trusted network
typically supports the backend systems, internal-only-based web pages, data
processing, messaging, and, in some cases, internal instant messaging. In
many companies, the trusted network allows direct interaction between sys-
tems without encryption. Also, various protocols will exist within the trusted
network without any type of filtering or even virus scanning.
The problem with this definition is that many assumptions are being
made at these companies. A trusted network is not always a secure network.
In fact, in many cases the trusted network cannot be trusted, because an
internal network is composed of many different networks. These include
new acquisitions, old acquisitions, international access points, and even sev-
eral access point to the outside world.
A common practice is to define the trusted network as the network that
internal employees use when at the office or via a secure, controlled dial-in
mechanism. A single access point is established to the outside world via a
mechanism called the DMZ (demilitarized zone). A DMZ is an isolated
network placed as a buffer area between a company's trusted network and
the nontrusted network. The DMZ prevents outside users from gaining
I Chapter 2
46 2.3 Analyze the technology being used
v
Figure
2.2
Web Access
HTTP
• Blue line shows the
Web Access to DMZ / path to
Mail Files Replicated from Trusted / the user mail files
Network /IRIm
Port 80 Blocked in both ~ ,t/" p~
directions I m[erne[ I •
Also Blocked-Ports: ~ / ~
389~ ~ https://www.thecustomersite.comlmail.htm
143 ~ I Port 443 and
Port 443 110 ~. I ./ 636 Enabled Port 80 Blocked
Enabled ~ ~ also Blocked - Ports:
-- ~ ------I ~,~ 389
" ~ DMZ Router ~
/
DMZ~
119
Firewall In this example the HTTP
Server will listen for the SSL port
• . 443. Users will be required to use
WebServer001 er https://in the URL statement. The
server will not accept any http://
HTTP Server Router requests. The port will be encrypted
Listens for port 443 before the username and password
box is displayed.
j i Truste Ne ork I p
Client SMTP MailServer001 Client
(User Mail Files)
direct access to the Trusted Network. There are several methods to set up/
configure a DMZ. 3
For most of our discussion in this book, we will use the following example.
Example= Our DMZ will have flanking routers on either side of a firewall
to shield us from unwanted traffic. The firewall's job is to work within the
DMZ to filter all network packets to determine whether to forward them to
another server or to a computer workstation.
i
i
Firewalls will be covered in detail in a later chapter. Let's focus on the DMZ
for now, as seen in Figure 2.2.
Access this URL at Cisco for several examples,
http:/www.cisco.com/warp/public/cc/cisco/mkt/security/iosfw/tech/
firew_wp.htm
Get Internet Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
