P312 Broadband Security Gateway

Chapter 13

What is a Firewall

This chapter gives some background information on firewalls.

Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The network term firewall is typically defined as a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network. Of course, firewalls cannot solve every security problem. A firewall is one of the mechanisms used to establish a network security perimeter in support of a network security policy. It should never be the only mechanism or method employed. For a firewall to guard effectively, you must design and deploy it appropriately. This requires integrating the firewall into a broad information-security policy. In addition, specific policies must be implemented within the firewall itself.

13.1 Types of Firewalls

There are three main types of firewalls:

1.Packet Filtering Firewalls

2.Application-level Firewalls

3.Stateful Inspection firewalls

13.1.1 Packet Filtering Firewalls

Packet Filtering Firewalls restrict access based on the source/destination of the computer network address and the type of application. The Prestige has packet filtering capabilities.

13.1.2 Application-level Firewalls

Application-level Firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP, and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts:

i.Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems.

ii.Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging. Filtering rules at the packet filtering router can be less complex than they would be if the router

What Is a Firewall?

13-1

Page 148 Page 150
Page 149
Image 149
ZyXEL Communications P-312 What is a Firewall, Types of Firewalls, Packet Filtering Firewalls, Application-level Firewalls
Page 148 Page 150
Top Page Image Contents