NOTES ON INTERNET SECURITY

A short glossary
HIPS Host based Intrusion Prevention System
NIPS Network Intrusion Protection System
A NIPS continually monitors an organization's computer networks for abnormal traffic patterns, generating
event logs, alerting system administrators to significant events and stopping potential intrusions when
possible. A NIPS is also useful for internal security auditing and providing documentation for compliance
regulations. Spyware, viruses and attacks continue to grow and it is now recognized that a layered
combination of security systems working together is necessary to protect computer networks from
compromise. A NIPS in some form is vital for any computer network that can be accessed by
unauthorized persons. Computers holding sensitive data always need protection; however, even
seemingly insignificant networks can be hijacked for use in botnet attacks.

POC - Point Of Contact - (POC) An individual associated with a particular Internet entity (IP network,
domain, ASN).

ASN
(Autonomous System Number) A unique identifier of an autonomous system on the Internet. Of the 65
thousand ASNs available, more than 30 thousand have been assigned to ISPs and NSPs. ISPs usually
have only one ASN, but NSPs may have more than one. ASNs are maintained in the Routing Arbiter
Database (RADB). See autonomous system, ISP and NSP.
Reverse proxy
Another setup is "reverse proxy" or "webserver acceleration" (using http_port 80 accel vhost). In this
mode, the cache serves an unlimited number of clients for a limited number ofor just oneweb servers.
As an example, if slow.example.com is a "real" web server, and www.example.com is the Squid cache
server that "accelerates" it, the first time any page is requested from www.example.com, the cache server
would get the actual page from slow.example.com, but later requests would get the stored copy directly
from the accelerator (for a configurable period, after which the stored copy would be discarded). The end
result, without any action by the clients, is less traffic to the source server, meaning less CPU and
memory usage, and less need for bandwidth. This does, however, mean that the source server cannot
accurately report on its traffic numbers without additional configuration, as all requests would seem to
have come from the reverse proxy. A way to adapt the reporting on the source server is to use the XForwarded-For HTTP header reported by the reverse proxy, to get the real client's IP address.
It is possible for a single Squid server to serve both as a normal and a reverse proxy simultaneously. For
example, a business might host its own website on a web server, with a Squid server acting as a reverse
proxy between clients (customers accessing the website from outside the business) and the web server.
The same Squid server could act as a classical web cache, caching HTTP requests from clients within the

business (i.e., employees accessing the internet from their workstations), so accelerating web access and
reducing bandwidth demands.

CNAME - A CNAME record is an abbreviation for Canonical Name record and is a type of resource
record in the Domain Name System (DNS) used to specify that a domain name uses the IP addresses of
another domain, the "canonical" domain.
This is convenient when running multiple services (like an FTP server and a webserver; each running on
different ports) from a single IP address. You can, for example, point ftp.example.com and
www.example.com to the A record example.com, which in turn points to the IP-address. Then, if you ever
need to change the IP-address, you only have to change it in one place (A record). CNAME records must
always be pointed to another domain name, never to an IP-address.
A DNS name server is a server that stores the DNS records for a domain name, such as address (A or
AAAA) records, name server (NS) records, and mail exchanger (MX); a DNS name server responds with
answers to queries against its database.