HostedDB - Dedicated UNIX Servers
index_10
Auerbach Publications © 2001 CRC Press LLC 08/01 connectivity rests solely on the access device, freeing the user, and the user’s computer from the need to maintain the connection. The end sys- tem is simply a node on a network. Computers that are connected to the access device are connected to the Internet with little or no protection. It is very common for a broad- band provider to install the cable or line and an Ethernet interface in the computer and directly connect the system with no security modifications. This results in basic end-systems with no security control being connect- ed directly to the Internet for extended periods of time. The difference is tremendous. Instead of a fleeting instance of a roaming user on the Inter- net dialing up an ISP, the IP address, type of traffic, and even the location of the computer are exposed to the Internet for extended periods of time. When compared with the direct remote user dial-up support for corpo- rations, the exposure is staggering. The obvious difference is that the user is connected to the Internet whereas the dial-up service provided by the company was point-to-point. It is widely accepted that when a system is connected to the Internet, regardless of type, it is exposed to a colossal number of threats. It is also accepted that the length of continuous time the connection is estab- lished, the greater the exposure or the risk of being found and targeted. Firewalls are usually placed on networks that have dedicated Internet connections,  but they are not usually seen on hosts that have intermit- tent connections to the Internet. One of the reasons can be the nature of the connection — it is much more difficult to hit a moving target. But the reality is that this can be misleading, and roaming systems can be accost- ed in the same way as a system with a dedicated connection. In short, dial-up access to the Internet exposes the system to threats, and dedicat- ed connections are exposed to the same threats as well but with in- creased risk that can typically be attributed to duration. Whether connected all the time or some of the time, by broadband or modem, if you’re on the Internet you’re exposed to attack; it just so happens that when connected all the time you are a sitting duck, not a flying one. ACCESSING  CORPORATE  NETWORKS VPN technology is the final catalyst for allowing remote users to gain ac- cess to corporate resources by utilizing the Internet. This was a natural progression; the Internet is everywhere. Like the phone system, the higher bandwidth connections are becoming the norm, and VPN technology is securing the transmission with encryption techniques and authentication. Much of VPN’s success has been attributed to the advent and availabil- ity of broadband technologies, because high-speed access was great for browsing and getting bigger things off the Internet faster, but that is about all. Almost overnight the bandwidth typically associated with per- sonal access, such as 32K or even 56K modems, to the Internet was in-