Filter and Firewall
Left running head:
Chapter name (automatic)
716
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
NETWORK SECURITY - AN OVERVIEW
With Internet access provided to most private networks, many become reachable
for anyone wanting to gain access to such a private network. Besides legitimate
access being made available for conducting business, this also opens the door for
malicious access into private networks.
To circumvent such access, it is imperative for a network administrator to secure
his network perimeter and guard access to areas of the network containing
sensitive information, while not hampering applications such as e-mail and web
server access. Since, network routers connecting a private network to the Internet
are the entry points into the private network, these devices need to be included in
securing the network perimeter.
Computing systems belonging to a single organization or department that allow
complete unrestricted sharing of information, where the users are authorized and
identified, are said to belong to a "Trusted Zone". In the interest of network
security, all the other networks and users outside of the "trusted zone" are said to
belong to an "Untrusted Zone". Most corporate networks need to access the
Internet for retrieving information and the Internet is treated as an "untrusted
zone".
Communication between the trusted and untrusted zones needs to be authorized,
controlled, and monitored in effective yet transparent ways, so that malevolent
entities do not have access to the information that is privileged and sensitive.
Mechanisms that allow administrators to enforce such a regulation are called
Firewalls.
A firewall is a network element that uses a combination of hardware and software
intelligence to filter traffic between the trusted and untrusted zones. Firewalls can
monitor the flow of traffic, and decide to either permit or deny the communication
that is being attempted. Administrators define what are called access "policies"
on Firewalls, where policies are a set of rules defining the types of traffic that may
be permitted or denied. The policy specifies a packet-matching criteria to be
based on the source IP address of the packet, the destination IP address, the
source port number, the destination port number (for protocols which support
ports) or even the packet type (UDP, TCP, ICMP, etc.). These fields are called
"Classifier fields".
These security policies envisage the use of firewalls in different topologies. Before
looking at these topologies, it is imperative to familiarize with some important
firewall terminologies described below.
• “Network Security Terminologies”
• “Firewall Mechanisms”
• “Before You Configure Filters and Firewalls”
• “OmniAccess 5740 USG Specific Overview”
To Next Page
Loading...
