44 Chapter 2 ■ System Fundamentals
network activity without negatively impacting the operation of the network as a whole.
The obvious drawback is that the only response such an appliance creates is a notification.
IPSs, on the other hand, are proactive and preventive. Not only does an IPS sense potential
malicious activity on the network, it also takes steps to prevent further damage and thwart
further attacks.Network Security
Many books deal with network security, but here we focus on what hackers can use. Fire-
walls and IDS/IPS appliances are part of a secure network, but in this section we’ll look
briefly at the placement and functional value of each device. As you venture through the
details, keep in mind that securing a network is a holistic process; breaking into a network,
on the other hand, is a focused process. Consider it akin to building a dam. As the engi-
neer of a dam, you must consider the integrity of the entire structure and plan accordingly.
If you are looking to sabotage the dam, then all it takes is just one little poke in the right
place and it all comes flooding down. The same is true with network security.
Taking our fundamental knowledge of firewalls, whether proxy or network, let’s look at
some basic placement strategies that are commonly used in today’s networks.
Figure 2.9 is a basic setup you’ll run into in nearly every household setup today.
Of course this isn’t necessarily the enterprise-level network you’ll be attacking, but this
basic layout still encompasses the ingredients of the vulnerable points of larger layouts. The
purpose of including this design is to give you an idea of how closely it relates to our larger
network.InternetFigurE 2.9 Residential network setup