Lancom Systems LCOS 3.50 Server User Manual


 
̈ Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
105
Firewall
̈ Destroy data on the workstations of the LAN.
̈ Paralyse workstations of the LAN or the connection to the Internet.
We restrict ourselves in this section to the attacks of local networks
(LAN) resp. to workstations and servers in such LANs.
8.1.2 The ways of the perpetrators
In order to undertake their objectives, the perpetrators need at first a way to
access your PCs and data. In principle, the following ways are open as long
as they are neither blocked nor protected:
̈ Via the central Internet connection, e. g. via routers.
̈ Via decentral connections to the Internet, e. g. modems of single PCs or
mobile phones on notebooks.
̈ Via wireless networks operating as a supplement to wired networks.
In this chapter we only deal with the ways via the central Internet con-
nection, via the router.
For hints on the protection of wireless networks, please refer to the
respective chapters of this reference manual resp. of the appropriate
device documentation.
8.1.3 The methods
Normally strangers have of course no access to your local area network or to
the workstations belonging to it. Without the appropriate access data or pass-
words nobody can thus access the protected area. If spying out of these access
data is not possible, the attackers will try another way to achieve their goals.
A fundamental starting point is to smuggle data on one of the allowed ways
for data exchange into the network, which opens from the inside the access
for the attacker. Small programs can be transferred on a computer by appen-
dices in e-mails or active contents on web pages, e.g., in order to lead after-
wards to a crash. The program uses the crash to install a new administrator
on the computer, which can then be used from distance for further actions in
the LAN.
If the access via e-mail or www is not possible, the attacker can also look out
for certain services of servers in the LAN, which are useful for his purposes.
Because services of the servers are identified over certain ports of the TCP/IP