Port Blocking Isn't Enough Security II
Unfortunately, builders of malicious software have already thought of this. The generic parts of the envelope--the state, city and street in our analogy--always appear valid. Even if they are forged, there's no way to tell how or what is right or wrong. So looking in the envelope does no good.
Looking into the data or packet payload that contains the worm's executable instructions holds some promise. However, the bad guys have thought of this, too. Most try to hide the instructions through random variations that make it difficult to identify a signature for a particular worm or virus. An effective packet-scanning firewall must constantly receive updates of the very latest signatures to even stand a chance of catching an incursion. With so many to check, the firewall becomes a serious bottleneck. So far, nobody has come up with an efficient way to do this.
This leaves us with no choice but to understand better what passes over our networks, its value and how it operates. In the event of a release of a new worm, network managers can use the port number as a crude blockade, just as before. But, in order to effectively use port blockage, they must first understand what valid applications operate over these ports so that they can make informed allowances.
Unfortunately, few organizations understand the relationship of their networked business applications to port numbers. Sure, it's easy enough for a network analyst to identify the ports used on the network. However, this is of marginal use. It just enables network managers to say to their business counterparts, "I'm blocking port 445, which runs on servers A and B. OK?" Frankly, few people--even the techies--understand what this means to the bottom line.
You will find much more on this topic at WorldsLargestNetwork.com
| |||||||
 | |||||||
| |||||||
| |||||||
| |||||||
|
WorldsLargestNetwork.com
