are the portals through which the outside world accesses the information
stored on your computer. Every server must:
Determine what information or action
the client requests.
Decide whether or not the client is entitled to
the information, optionally authenticating the person (or program)
on the other side of the network that is requesting service.
Transfer the requested information or perform the
By their design, many servers must run with
privileges. A bug or an intentional back door built into a
server can therefore compromise the security of an entire computer,
opening the system to any user of the network who is aware of the
flaw. Even a relatively innocuous program can be the downfall of
an entire computer. Flaws may remain in programs distributed by
vendors for many years, only to be uncovered some time in the future.
rely on IP numbers or hostnames to authenticate incoming network
connections. This approach is fundamentally flawed, as neither the
IP protocol nor
were designed to be resistant
to attack. There have been many reports of computers that have fallen
victim to successful IP spoofing attacks or
Given these factors, you may wish to adopt one or more of
the following strategies to protect your servers and data:
encryption to protect your data. If it is stolen,
the data will do your attacker no good. Furthermore, making alterations
in your data that you will not notice will be difficult, if not
passwords and host-based authentication. Instead,
rely on tokens, one-time passwords, or cryptographically secure
Use a firewall to isolate your internal network
from the outside world.
Disconnect your internal network from the outside
world. You can still relay electronic mail between the two networks
or some other mechanism. Set up separate
network workstations to allow people to access the
or other Internet services.
Create a second internal network for the most confidential