PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
January 2003

Using routers to improve network firewall security

Almost 10 years ago, Bill Cheswick and Steve Bellovin used the term "belt and suspenders" to describe the importance of layering your IT security defenses.1 Today, as businesses expose more and more systems to the Internet, it's important to revisit how routers can act as the "suspenders" to the firewall "belt." Everyone uses an Internetwork router to connect to the Internet. A router's first job is to route, transparently and seamlessly directing packets from one network to another. But a router can do much more. First of all, if you know how to describe "bad" behavior, a router can look for it in Internetwork traffic. For example, if you can associate certain IP addresses with the network interfaces of a router, the router can tell you if an outside computer is pretending to be inside your network--a classic IP spoofing attack. Routers can also be configured to address source-routed address requests in packets. These are packets that basically say, "You see where it has my IP address here in this field? Well, when you send ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue