Security Devices and Appliances

Security involves primarily two types of devices that can be deployed in the central office: firewalls
and encryption boxes. Chapter 9 describes the functions of both at length.
Firewalls regulate traffic going into a network and are meant to keep out intruders and
unauthorized users who are attempting to assume the identities of legitimate users. The intent
is to prevent parties from outside the network from seizing control of computers attached to
the network and examining their contents, using them as platforms from which to conduct
illicit acts, or attempting to sabotage the computers. Stateful inspection firewalls examine IP
addresses and other aspects of incoming traffic and determine whether the sender has any
business being in the network. Proxy server firewalls move transactions to servers mediating
between the subscriber’s computer(s) and the WAN so that the subscriber’s databases and
software cannot be directly accessed. Usually, a stateful inspection firewall running on its own
physical platform would be the device used to secure a public network. Proxies tend to slow
down network traffic and would require the network operator to mirror a considerable number
of subscriber computers in the network.
Authentication servers, mentioned in the preceding section, are sometimes considered to
be security devices and sometimes OSS platforms. They determine whether parties attempting
to use the network are really who they claim to be and thus regulate access to the network.
Yet other security platforms run network diagnostics and counteract attacks on the network.
These tend to be used more in the enterprise than in public networks.
A large part of security has to do not with hardware but with the proper setup and administration
of a network. One wants to be careful as to allowing remote access to the operating
and administering systems of key network elements such as routers, switches, gateways, and
so on, and also to servers hosting OSS or customer databases. It is also a good idea to encrypt
any really vital data pertaining to the customer or to network statistics and financial records.
Public networks have been hacked in the past, and they will be in the future. A successful hack
that succeeds in shutting down the network or requires the reconfiguration of routers and servers
could put network operators out of business and could expose them to heavy liability. For
this reason, proper security measures should be an integral part of normal network operations.