For the many businesses switching to cloud based technologies, WAN security must be at the core of any brand extension or security upgrade. A normal P2P network has a layer of firewall in front of the client which controls access to all the other users. It is therefore only expected that the network core firewall, which is open to all traffic (it’s designed for that), allows the protocols and communications to flow freely and is kept secure. Using private networks is a relatively new phenomenon. According to companies like Fortinet, most people don’t have a static IP address. They have network addresses, like 10.1.1.200 or 10.0.0.0. The problem with these addresses is that the firewall filters packets based on protocol and hosts. It is very common to see a lot of blocked protocol and service traffic, such as SSL traffic, because the firewall blocks traffic based on protocols (which is often SSL). WAN-based networks are very common on the Internet and it is assumed that there are the same types of problems with the network infrastructure, the same kind of firewall filtering.
Some years ago, network administrators developed an approach to overcome these problems, which they called a Layer 3 proxy. This is a network traffic passing proxy, that is controlled by the network engineers and manages which traffic is allowed to pass and which is not allowed. I’m not going to go too deep into the technical aspects of this. Suffice to say that the default security policy of many networks is to filter out all traffic based on firewall rules, which means that the firewalls are basically open to all traffic. If you want to block or filter, you don’t have to go to the hardware firewall or the network firewall, you can implement the WAN-based approach.
This is done using the Web Access Control lists, which have a very flexible default configuration. It allows the firewall to manage whether packets are allowed or not, based on those defined rules. As a network administrator, you can set all these rules. All traffic, and as many protocols and services as you want, can be supported by this software and a WAN-based implementation is fully compliant with the Internet Assigned Numbers Authority (IANA) standards. It is therefore possible to use this technology on your own network without any specialist knowledge or experience. The last point I want to make about the WAN-based approach is that it is not only applicable to your own LAN, it can be used in any environment in which you have to manage communication between clients and the computer, network switches, servers and routers in your environment. Your clients connect to your servers via WAN. Your servers connect to your routers via WAN. Your networks can be exposed to the Internet as well, thus it is possible for your clients to connect through the network and through the Internet, in the same communication domain. Now let me move on to networking security as a whole.
The first part of this chapter will be dedicated to practical matters, e.g. how do we setup the firewalls. In the rest of the chapter we will focus on how to get the information we need from the network, that is the different types of networks, which technologies are used in the network and security vulnerabilities.