How does a VBR protect Intranet security?

This article mainly introduces how to protect the Intranet security of the border router, so where should we start with protection? The following articles will provide detailed answers and hope to help you.

When using this filter policy, you can block ports that are not used in your network and ports that are commonly used by Trojans or detection activities to enhance the security of your network. For example, blocking port 139 and port 445 (TCP and UDP) makes it more difficult for hackers to attack your network. Blocking ports 31337 (TCP and UDP) makes it more difficult for the Back Orifice Trojan program to attack your network. This work should be determined in the network planning phase. At this time, the security level requirements should meet the needs of network users. View the list of these ports to understand the normal use of these ports.

Establish an address filtering policy that allows inbound and outbound access

Create a policy on your VBR to filter inbound and outbound network violations based on IP addresses. Except in special cases, all IP addresses that attempt to access the Internet from within your network should have an IP address allocated to your LAN. For example, the IP address 192.168.0.1 may be valid for accessing the Internet through this VBR. However, the address 216.239.55.99 may be fraudulent and part of an attack. On the contrary, source addresses for external communications from the Internet should not be part of your internal network. Therefore, IP addresses such as 192.168.X.X, 172.16.X.X, and 10. X must be blocked.

Finally, communication with the source address or all the communication with the destination address that cannot be routed should be allowed through this VBR. This includes the return address 127.0.0.1 or class E address segment 240.0.0.0-254.255.255.255.

Maintain the physical security of the VBR

From the perspective of network sniffing, vbrs are more secure than hubs. This is because the virtual border router intelligently routes data packets based on the IP address, and data is broadcast on all nodes in the hub. If a system connected to the Hub places its network adapter in messy mode, they can receive and see all broadcasts, including passwords, POP3 communications, and Web communications. Then, it is important to ensure that physical access to your network device is safe to prevent unauthorized laptop computers and other sniffing devices from being placed in your local subnet.

Spend time reviewing security records

Review your VBR record (using its built-in firewall function) is the most effective way to identify security events, whether it is identifying ongoing attacks or future attacks. By using outbound records, you can also find Trojans and spyware programs that attempt to establish external connections. Careful security administrators can detect "red code" and "Nimda" virus attacks before the virus disseminators respond. In addition, in general, the border router is located at the edge of your network and allows you to see all the communication conditions in and out of your network.