Translation Results Requested Through Conyac Made Public

Domain Name System (DNS) Servers

All host names and addresses stored in an external DNS server are supposed to be exposed to public. Hence, the external DNS server should not hold information about the internal network. The external DNS server may be hosted at the Internet Service Provider (ISP).

• A separate internal DNS server could be set up and placed in the internal network if internal domain information is needed, but the information should not be disclosed to the Internet.

Intrusion Detection and Monitoring

As mentioned above, the intrusion detection and monitoring function can be performed either manually or automatically by using some intrusion detection and monitoring tools.

If performed manually, system and application logs should be properly kept, reviewed and analysed for all critical components. Reviewing and monitoring procedures should be properly established and followed. If performed automatically, network IDS or IPS tools can be used.

An IDS passively monitors traffic by listening to and examining the packets within a network. Signatures of known attack attempts will be compared against traffic pattern to trigger an alert.

An IPS provides a more proactive approach beyond an IDS because it can be configured to stop the attack from damaging or retrieving data from the target victim upon detection of an attack pattern.

Similar to a firewall, an IPS can intercept and forward packets and can thus block attacks in real-time.

These tools reside in the networks or hosts to detect any suspicious activities, and monitor the network traffic or system activities. Some suggestions are listed as follows:

• IDS/IPS should be placed in the DMZ to detect external attacks. Additional IDS/IPS can be placed in the internal network to detect internal attacks if required.

• The operation of the IDS/IPS should be as stealth as possible. It should be hidden and protected by the firewall system to protect it from attacks.