Firewalls and Proxy Servers - Essay Example

A recent change in leadership has influenced a change in this way of thinking. The ICT Department has been authorized to implement a more effective and efficient network defense system. It is, thus, that we are moving towards the adoption of a Stego defense system. Steganography, also called data hiding, is the art of hiding a covert (hidden) message within an overt file. Steganography can be described as a method to conceal the existence of a message within seemingly innocent material. To perform steganography, two willing parties are necessary.

The sender embeds a covert message within an overt file and sends it to the receiver, who extracts the covert message. The goal of steganography is to hide as much information as possible without it being detected (Judge, 2001). The goal of stego-marking is to embed information in a way that prevents the information from being detected or removed. Stego-marking combines the key qualities of both steganography and digital watermarking (Judge, 2001). Our organization employs both hardware and software firewalls and any solution for enhancing the defense of our network system, or protecting us from the Internet's hostile environment, will operate in conjunction with our firewall system.

At the present moment, we are involved in the implementation of a Stego system to operate in conjunction with our firewall system. In order to better understand how the one will compliment and enhance the other, it is necessary that I overview our operative firewall system.A firewall is a device that sits between two networks, usually the Internet and a corporate network. A firewall drops or allows the passing of packets based on certain conditions (Strassberg, Rollie, and Gondek, 2002).

The filtering done by a firewall is usually based on one of the following:- An IP address that is taken from the IP header- A port number that is taken from the TCP or UDP headerSome firewalls can filter packets according to application data, but most firewalls are not scaled for such filtering (Strassberg, Rollie, and Gondek, 2002). Our firewall system is not scaled for such filtering.Although firewalls are the main attack prevention device in use today, they can only filter packets at a high level.

Firewalls cannot filter packets according to specific types of information in the packets. Firewalls use certain fields, such as IP addresses and port numbers, to determine if a packet should be filtered. These fields are used because they are the only fields considered useful for identifying and preventing attacks (Strassberg, Rollie, and Gondek, 2002). Ours is a packet-filtering firewall system. It has prevented countless intrusion attempts and attacks through the said filtering but, not all.

Indeed, the failure of our firewall system to protect us from worm and virus attacks has, over the years, cost us over two hundred thousand dollars. By complimenting our firewall with a Stego system, our firewall can be used to filter packets based on data in other fields, such as the TCP and IP headers, when stego-marking is used to hide data in those fields.2.2 Stego-MarkingThe figure below depicts our network structure. The public network, or Internet, is shown in red. The semi-public network is shown in yellow.

This network contains systems that must be accessible to the Internet. The internal or private network is shown