When we are responsible for managing information technology networks, especially those that are used by children and those that contain data that needs special security, we take steps to control the data that makes it onto and out of our systems. In general, we deploy three types of protections. While these will not prevent all “bad” traffic, any responsible IT manager will have all three up and running at all times.
Before explaining the three, I must describe packets. When data is sent over networks, the file to be sent is broken into packets—the details of how this is done and how it improves efficiency of network transmissions is not important at this point. Each packet contains a “header” that has various information about it, including the type of service, the source address, and the destination address. Headers contain other information, but for our purposes this is enough.
The packet also contains data. The amount of data in the packet, how it gets there, and how it is rebuilt when it gets to its destination are also unimportant for now.
We can also apply labels network resources. The tags are applied typically to networks sites based on their characteristics and contents. The tags may be applied by the owner of a web site, that may be applied by people who review the contents; of course, today, they can probably be applied by AI bots that review the contents.
In these three data sources (information about the data contained in the header, the data in the packet, and tags applied by some reviewer) can all be used as a source of information to decide if individual packets will be allowed to pass our network. The controls can be used to control both incoming and outgoing traffic.
Firewalls are software on networks (or in operating systems) that inspect the headers of packets and will block traffic based on the rules that have been configured into the software. If you want to allow network traffic only between your location and your remote office, then set firewall rules that allow traffic only between those two internet protocol addresses. If you want to allow SSH connections only from your office to the datacenter (secure shell is used to provide a command line to manage systems remotely), then only allow SSH connections from your IP address while other traffic is allowed.
Malware protection software looks at the contents of the data in the packet. If the “fingerprint” of the data matches the fingerprint of known malware, then the file is will be blocked.
Internet filters compare the tags that have been applied to a network source with those that have been blocked. Network managers identify those types of sites they do not want their users to visit and configure the filter to reflect those preferences. When one attempts to connect, if the sites is one that has been tagged with a labeled that is to be blocked, then the traffic is disallowed.
The fact that we can and must use information found in different places to control the traffic on our network demonstrates that reality that there is no single way to protect network resources, networks users, and the data on our networks.