Hangin’ Tough with a firewall
It’s 1990, Madonna’s booming out of the speakers, the dancefloor is packed with ‘Vogue-ing’ clubbers and everyone you know has a Thunderbird (or cider and black) in hand.
In the queue are the girls done up in lippy and heels, looking three years older than they are. They’re trying to move away from the drunk as skunks group of football supporters singing World in Motion while miming a Gazza free kick.
At the back in the shadows are some salesmen promising a trip of a lifetime – and its not a cruise in the Caribbean.
It’s not exactly one in, one out – but the bomber jacket-clad bouncer has a job on his hands. Once in, of course, what’s to stop the underage teens from drinking themselves silly on rum and cokes? Halting the commercial enterprise going on in the unlit corner? Restrain the World Cup wannabes from climbing behind the DJ booth?
So why the trip down memory lane? What’s it got to do with business and your IT? And why should you care?
It’s All About Security
This is not just about unlocking a door and allowing just anyone in – it’s about control and, in IT terms, it’s about network segregation. It is the concept of taking your large office network and chopping it down into lots of smaller networks – grouping your equipment into logical groups, perhaps by role, purpose or location.
This is not just about unlocking a door and allowing just anyone in – it’s about control and, in IT terms, it’s about network segregation. It is the concept of taking your large office network and chopping it down into lots of smaller networks – grouping your equipment into logical groups, perhaps by role, purpose or location.
You could have a network for your servers, another for your printers, and then a network for each of your departments (let’s say: sales, marketing and finance). Then, using a firewall (this is the bouncer on the door with his list of who’s coming in and who’s not!) you can control which of your networks is allowed to talk to other networks, plus the Internet.
Then you have the next stage – controlling or limiting what each network can do, achieving greater network security. You have a network for your printers… why do they need to be on a network that is allowed to talk to the Internet? More often than not they don’t, so tell the network to block Internet access (like the bouncer barring access to the VIP area!).
Arguably, all of your printing should go via your servers – so tell the network that only the servers can talk to the printers direct and that your PCs and laptops cannot (nope, you’re not getting served young lady!).
When a computer has been compromised, a lot of the changes to basic Internet functions are masked/hidden and done in an obscure way. One such example is DNS – which is what tells computers where to find each other on the Internet.
If that’s been altered, your traffic can be sent not via your server and your internet service provider, as you would expect, but off to a third party, where you definitely don’t want it to be.
The bouncer has let someone in but hasn’t passed on the message that they’re not allowed into the VIP room, where they’re merrily helping themselves to everything!
We’d like to introduce you to a bouncer known as a decent hardware firewall. Much like a bouncer, it will not be free. It will need configuring and maintaining.
For larger networks, you also need “managed switches” rather than dumb and cheap switches – this is your security inside the club. These do not cost much more money than a dumb switch (and no disrespect to bouncers here, it’s actually the techie term for the switch) and pack a wealth of features to get more from your network.
The analogy may have been pushed a bit far, but it was worth it to give us an excuse to examine what was topping the charts in 1990. Hangin’ Tough anyone?