A wide variety of countermeasures are needed to protect an organization from the assortment of threats. The counter measure’s used to defend Internet-based threats are not much different from those protecting similar risks in some countries.
Network and computer-related security countermeasure are discussed elsewhere on the internet would often apply when network, system or application is opened to the Internet. The Internet represents the worst case security scenario for any system or application, as this exposes it to the most potent threats that exist.
Firewalls: Firewall is devices that control the flow of messages between networks. Placed at the boundary between the Internet and an organization’s internal network, firewalls enforce a security policy by prohibiting all inbound traffic except for the specific few types of traffic that are permitted to a select few systems. For example
Permit incoming email to be sent only to the organization’s email server.
Permit incoming HTTP requests to be sent only to the organization’s Internet facing web server.
Permit incoming file transfer requests to be sent only to the organization’s file transfer gateway.
Permit outbound email to originate only from the organizations’ file.
Permit outbound email to originate only from the organizations’ email server.
The firewalls control not only what comes into an organizations network but also what leaves an organizations network. This last control, permitting outbound mail to originate only from the email server, prevents malware from arising its email messages, thereby slowing down the spread and impact of some types of malware.
These simpler firewalls are designed to examine each packet and compare it to access control (ACL) to determine if, based on its source and destination IP addresses and ports, whether it should be permitted to pass through the firewall.
Stateful Inspection Firewalls
This type of firewall is designed to record incoming packets and keep track of TCP /IP sessions external and internal hosts. In the TCP protocol, an incoming packet is answered with an outgoing packet, a stateful inspection firewall will examine an outgoing packet and make a go /no-go decision based on whether it believes that the outgoing packet is a part of an active session. Stateful inspection firewalls are more complex and capable of more effectively protecting an organization’s network.