 |
|
|
|
|
 |
CertiGuide to Security+ 9 Chapter 3: Infrastructure Security (Domain 3.0; 20%) 9 3.1 Devices |
|
3.1.1 Firewalls
In the non-computer world, a firewall is a fireproof wall used as a barrier to prevent the spread of fire.263 In the computer world, it’s a barrier intended to prevent undesired access to computer and network resources, keeping those on the outside of your network out, and those on the inside of your network, compliant with company policies on network use. In chapter 1, we mentioned using firewalls to block or open access to different TCP/IP protocols, as a means of controlling access to resources. For example, if you want to allow selected users to surf the web, but not allow access to the Internet by others, you could set up the firewall to allow only port 80 and 443 connections from those users’ workstations outbound to the Internet. When a firewall is protecting an entire network, it is normally a separate system that is not used for any other task on the network. It may be ordinary PC’s running specialized software, or perhaps, a customized hardware ‘box’ specifically manufactured to provide firewall functions.
Is there anything else a firewall can do for the network? In addition to providing access control based on port numbers and source/destination address, firewalls can provide other functionality such as:
- Access control based on time of day or an authenticated
user ID, allowing access to a service only during certain times of the
day or by certain user ID’s, and disallowing it at other times
or for other users
- Session logging, useful for tracking connection
utilization
- Intrusion detection and notification (and optionally, network reconfiguration in response to an intrusion)
Additionally, some provide a facility known as Network Address Translation, or NAT. Most commonly, this feature allows computers on your internal, non-Internet-addressable network to gain access to the Internet, by automatically translating internal network addresses to external network addresses.
The benefit of this is that your internal IP numbers are not known or accessed by Internet hosts.
Any internal nodes, for which NAT is not performed, are effectively isolated from the Internet (unless, of course, someone compromises one of your internal systems and uses that as a springboard to get to other internal systems).
There are two main types of enterprise network firewalls: application-level and network-level (sometimes called circuit level). Each has its advantages and disadvantages, as we’ll see in the upcoming sections.
|
Firewalls
|
|
Quick navigation to subsections and regular topics in this section |
__________________
263. American Heritage Dictionary of the English Language, Fourth Edition, Houghton Mifflin Company, 2000.
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.