Firewall Feature Set Overview

18.Optionally, if you want to tighten security on the XSR, enter ip ssh server disable to deactivate SSH.

19.Enter policy telnet to enable Telnet access for the new user.

20.Enter exit to quit AAA user mode.

21.Enter aaa client telnet to permit the new user to employ Telnet.

The XSR is now ready to connect remote login users. Remember to save your configuration after all edits.

Firewall Feature Set Overview

A firewall is defined generally as a set of related applications or a device dedicated to protect the enterprise network. Placed at any entry way to a corporation’s private network, a firewall examines all packets arriving from the Internet and admits or bars traffic based upon its policies. A firewall may also control inside access to destinations on the Internet or interior resources.

Fundamentally, a firewall monitors and filters network traffic. Depending on your enterprise needs, you can set up a simple or more robust firewall. For instance, application-levelfiltering can be matched to source/destination IP addresses and port numbers for FTP, HTTP, NNTP, or Telnet; protocol-levelfiltering can be set on IP protocols such as OSPF, IGP or ICMP; and stateful filtering can be applied to a session’s state.

Reasons for Installing a Firewall

The rationale for installing a firewall can include the following:

Provide a focal point for security decisions

Segment networks into discrete security zones

Enforce security policy between different security zones to protect proprietary information from falling into the wrong hands

Enable users to safely connect to and conduct business over a public, untrusted network (Internet):

Restrict undesirable traffic that may otherwise flow between your internal hosts and the Internet

Protect internal networks from hostile and malicious attacks

Log network activity

Limit your exposure in case of a successful attack

Ideally, these network nodes should be checked daily for security holes, but since that is impractical, the next best course is to run a firewall to block all non-essential ports and cut the risk of attack. A firewall can be conceived as a virtual wall through which “holes” or ports are opened to allow permitted traffic through as shown in Figure 16-10which illustrates a topology using the XSR firewall feature set.

XSR User’s Guide 16-9

Page 395
Image 395
Enterasys Networks X-PeditionTM manual Firewall Feature Set Overview, Reasons for Installing a Firewall