| In order to defend against the threats from Internet (hackers, viruses, and denial of service attacks, etc.), network administrators often take into account the boundary between the Intranet and the Internet to implement various security controls, such as:firewall, IDS, Anti-DDoS systems, content auditing and VPN.These border security controls usually play a good role in reducing the risk of internal network security, especially in protecting of servers and terminals. However, there are many employees lacked of safety awareness in an organization. They use the PSTN, CDMA Modem, GPRS Modem or other means to access the Internet, in case of connected with Intranet in the same time. We call this behavior "illegal outreach.’Illegal outreach makes the internal network exposed to the insecure Internet by an undefended border; the threat from the Internet may take advantage of this issue. The detection and prevention of illegal outreach is very important, this paper discussed and proposed an improved solution.At present, there are two categories of illegal outreach detection methods:host-based and network-based.Illegal outreach detection method proposed in this paper is a kind of network-based methods, and it has been improved. The key points of this method include:a) An analysis of the stateful technology, found the root cause of failure to alarm of traditional methods;b) To follow the traditional methods fake source IP technology;c) To follow the traditional methods of packet capture technology;d) An in-depth analysis of IP network routing and priority of routing, an improved detection methods;e) An in-depth analysis of Windows host routing and priority of default routing, an improved detection methods.f) The analysis of ARP protocol, a method of blocking illegal outreach.The main contribution of this paper is:To solved the issue of omission caused by Internet firewall of the ISP. |
PDF Full Text Request