|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
 |
HACKSTOMPER©
|
|||||||||||
|
DETAILS |
||||||||||||
|
Monitoring
for suspicious activity suggests that there is something you can do about
it once it's discovered. New rules can be written to cut off access to
certain machines, businesses, and even whole geographic regions. While
testing various Firewalls for our own site, we noticed lots of suspicious
traffic we couldn't account for coming from the Far East. It was tracked
down to several locations in China, Korea, Japan, and Turkey. Since we
don't do business with that area of the world, we wrote firewall rules
to discard all traffic from large portions of the Far East. Knowing how
to write such rules is obviously required in attempting to implement
such a policy, and the firewall itself has to be configurable to accept
these rules.
Computer crime statistics point at sites in the former Soviet Union, the Middle East, the Far East, and many other locations as places where organized computer crime originates. The criminals are either trying to make a political statement, or are after credit card numbers, Social Security Numbers, and other information that they can turn into cash through nefarious means. Computer criminals in the US attempt to hide their tracks by first going off shore with their traffic and then coming back into the US to make it appear that a foreign entity is the source. As new software vulnerabilities are discovered in various applications, sometimes the firewall can be used to shield the business from the vulnerability, and sometimes it can't. If a particular service, like email for example, is discovered to have a serious flaw then it needs to be fixed. Sites that have shown an interest in security by installing a quality firewall are more apt to work with a consultant to keep their defenses up than a business that just hopes for the best. Security is a process, not a product.
|
| Copyright© 2003 YCC All Rights Reserved | Feedback | Privacy Policy | |
