By setting a strict, but appropriate, HOP limit for your most-prized data you ensure it won’t get into the wrong hands, no matter how breached your firewall may be. It allows organizations to be less reactive - waiting for the bad guys to arrive hoping the firewall holds - and more proactive by setting up HOP limits that serve the best interests of an organization.Īsk yourself this: should your most-precious data - the crown jewels of your company located in your data center - have the same HOP limits that some innocuous emails sent to Europe have? Absolutely not.īecause while that local machine with the innocuous emails might need a heartier HOP limit to conduct business, your crown-jewel data likely doesn’t need a default HOP limit of more than three to five to ensure it stays within the data center. Okay, but what does this have to do with network security? Well, quite simply, it flips the script on would-be hackers. How Can HOPs Be Used in Network Security? Thereby the packet of data would have exceeded its HOP count. Well, that data packet would reach just the edge of your intended destination, one router before the device you wanted to communicate with, before that packet would destroy itself. But let’s say you wanted, for some reason, to access a destination that was 65 HOPS away, one more than the default set by LINUX. Well, each router-to-router exchange would decrement the HOP count limit of that data packet by one, from 64 to 63 to 62…and so on. BGP routers always carry a HOP count of 1. And let’s say you wanted to reach a destination 40 HOPs away. For example, let’s say you’re doing some work on your LINUX machine, with a default HOP count of 64. This is a precaution set up for the old BGP routers, a precaution that has protected the Internet for 30 years. And when that packet hits zero, it automatically destroys itself. And that is: every time data hops from one router to another the HOP count limit of that data packet is reduced by one. The beauty of HOP counts as a security tool is the fact that there’s a simple protocol that every single router in the world follows. No matter how powerful a firewall you may have. Since it only takes 40 HOPs (or routers) to reach Sofia, the capital of Eastern Europe’s poorest country, and your organization happens to be using Microsoft (with a default hop count of 128), there’s little you can do, once a hacker has breached your sphere of trust, to keep that data from being exfiltrated. This becomes an even-bigger problem when a hacker or phish gets beyond your firewall - such as when one of your employees mistakenly clicked on a bad link in an email - and that intruder has exfiltrated your data to Bulgaria. The email you sent to your colleague in London is far different from the customer credit card numbers stored in your data center. The trouble is not all data is created equal. The reason for these high default HOP counts is user convenience you don’t want to have to send an email to your colleague in London only to find your email has hit its HOP count limit and isn’t delivered. And Microsoft, since the NT4 Service Pack 6 in 1995, has boosted its default HOP count from 32 to 128. Yet the default setting for most devices is far higher than 40 HOPs. The reason HOP counts are important is that it only takes, approximately, 40 HOPs for any piece of data to reach the entire world. Thereby your packet of data - your request to view this page - will have traveled eighteen HOPs. To get all the way from your home office to you might travel through eighteen routers (or eighteen HOPS) to get to that location. Let’s say you’re on your home laptop and you want to look at the website of the Louvre in Paris. The HOP count is the total number of HOPs that a packet of data travels. Each time that a packet of data moves from one router (or device) to another - say from the router of your home network to the one just outside your county line - that is considered one HOP. HOP counts refer to the number of devices, usually routers, that a piece of data travels through. Here at HOPZERO, considering we have HOP in our name, we believe HOPs are a vital part of the Internet’s architecture, not to mention a powerful way to leverage existing protocols to protect your most-precious data.īut what does this mean for you as a network security professional? How can HOP counts do more for you than just help you pass some certification test? And just what benefit does knowing your data’s HOP counts provide you? What Does HOP Count Mean? But you might have asked yourself: What does HOP count mean? And, more importantly: Why the heck should you care? Chances are, if you’re involved in any capacity in IT, you’ve no doubt heard of the concept of HOPs.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |