Networks Risk Grounding Without Airport-Level Security
by Nigel Hawthorn - Marketing Director of Blue Coat Systems - Friday, 25 April 2003.
Bookmark and Share
Air Travel Security
Network Security
Check user and destination
Firewall source/destination check
Check passport/ID
Security Gateway validate user with authentication system
Check time and date
Security Gateway time/day rules
Count baggage
Security Gateway bandwidth limits
Weigh baggage
Security Gateway content filtering
slika
slika
X-ray baggage
Security Gateway virus-scanning
Individual metal detector
Security Gateway scan/block mobile code or specific file/MIME-types
Check visa validity
Security Gateway browser, media-player, messenger application
Sniffer dogs (food, drugs etc.)
Security Gateway: ensure data not POSTed to the web
Frequent flyer awards
Logging by individual user
Specific policies depending on destination
Security Gateway granular policies


Once hold baggage is checked, a machine at the airport reads the barcode on the luggage label and directs the luggage to the correct airplane. One customer may have multiple pieces of luggage, but the machine looks at each one on individually and does not know that there may be multiple pieces of luggage that are related. This is similar to a firewall inspecting each packet of data and making forwarding decisions one packet at a time. Whereas firewalls understand packets, or individual chunks of data, and look at the source and destination and see if it matches defined rules, security gateways that address port 80 traffic understand data. They rebuild complete Web content and make decisions based on this content and its parameters. The x-ray analogy is a clear one; port 80 security devices are able to 'look inside' Web traffic and assess whether it is genuine and perfectly innocent, or an attempt by a hacker to test the network's defences.

A web page is made up of many individual pieces of data and may come to the user hundreds of individual packets, so this ability to 'look inside' them is crucial.

The device can then make decisions based on user, file-type, MIME-type, active content type, original web site, time of day, browser, user, group, site of user and other such factors. It can also take individual objects and redirect them to virus scanning devices, something that is not possible if the only understanding gained is on a packet-by-packet basis. There is a further parallel to be drawn over virus scanning, which is similar in its function to x-raying hand luggage, while metal detectors that passengers must walk through are like removing mobile code such as Java and Active-X.

Acting On Intelligence

Security gateways, also, provide an enterprise with complete logs of every user, every request, everything that happens. They allow security-critical statistics to be analysed, such as time online by user, users creating the most Web traffic, most popular sites, split of data by site category, the amount of streaming data and types of browser in use.

Spotlight

Dissecting the unpredictable DDoS landscape

Posted on 23 April 2014.  |  DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Apr 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //