In addition to protecting individual computers and servers attached to the network, it is important to control traffic traveling to and from the network.
A Firewall is one of the most effective security tools available for protecting internal network users from external threats. A firewall resides between two or more networks and controls the traffic between them as well as helps prevent unauthorized access. Firewall products use various techniques for determining what is permitted or denied access to a network.
Packet Filtering - Prevents or allows access based on IP or MAC addresses.
Application / Web Site Filtering - Prevents or allows access based on the application. Websites can be blocked by specifying a website URL address or keywords.
Stateful Packet Inspection (SPI) - Incoming packets must be legitimate responses to requests from internal hosts. Unsolicited packets are blocked unless permitted specifically. SPI can also include the capability to recognize and filter out specific types of attacks such as DoS.Firewall products may support one or more of these filtering capabilities. Additionally, Firewalls often perform Network Address Translation (NAT). NAT translates an internal address or group of addresses into an outside, public address that is sent across the network. This allows internal IP addresses to be concealed from outside users.
Firewall products come packaged in various forms:
Appliance-based firewalls - An appliance-based firewall is a firewall that is built-in to a dedicated hardware device known as a security appliance.
Server-based firewalls - A server-based firewall consists of a firewall application that runs on a network operating system (NOS) such as UNIX, Windows or Novell.
Integrated Firewalls - An integrated firewall is implemented by adding firewall functionality to an existing device, such as a router.
Personal firewalls - Personal firewalls reside on host computers and are not designed for LAN implementations. They may be available by default from the OS or may be installed from an outside vendor.
0 comments:
Post a Comment