Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
________________________ * Copyright © 2001 by the Consortium for Computing in Small Colleges. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the CCSC copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Consortium for Computing in Small Colleges. To copy otherwise, or to republish, requires a fee and/or specific permission. 187 A FIREWALL CONFIGURATION STRATEGY FOR THE PROTECTION OF COMPUTER NETWORKED LABS IN A COLLEGE SETTING * Dennis Guster, Professor and Charles Hall, Research Assistant MCS Program, Department of Statistics St. Cloud State University St. Cloud, MN 56301-4498 320/255-4961 [email protected] As more and more networked college instructional computer laboratories are attached to the Internet, the need for protection from hackers becomes evident. The attacks perpetrated can take many forms from information compromise to introducing viruses. However, one of the most dangerous is a passive takeover of a host so that it may relay attacks on other sites which allows the hacker to cover his or her tracks. Configuring any given host to be secure from this type of attack is a most challenging endeavor. This problem is especially magnified if the domain in question contains hosts configured by students. This is especially true for students just beginning a course sequence in networking or operating systems. The operating systems when installed with the default settings are often ripe with security holes. These problems range from unblocked I-O ports (OSI/4) such as UUCP to permitting potentially dangerous types of ICMP traffic such as routing requests. It cannot be expected that beginning students have the knowledge to combat these security problems, although as they progress through the course sequence, hopefully they will. Furthermore, this first course that involves OS configuration provides prerequisite knowledge, and therefore unprotected machines may need to exist in an educational network domain.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
JCSC 17, 1 (October 2001) 188 Because security measures cannot be invoked on every machine in the domain, the security measures need to be applied through a firewall as traffic enters and leaves the domain. Therefore, the paper proposed herein will describe how that firewall should be configured and will focus on what types of incoming/outgoing UDP, TCP and ICMP traffic should be denied or accepted. THE PROBLEM Hacking on the Internet has reached epidemic proportions. A recent CBS report stated that even the CIA couldn't keep pace with the logic and technology employed by today's hacking community. These attacks occur at a frequency that is hard to imagine. A recent article reported an
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/05/2011 for the course CS 2105 taught by Professor Ana during the Fall '09 term at National University of Singapore.

Page1 / 7


This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online