Filter and Firewall
Left running head:
Chapter name (automatic)
648
Beta
Beta
CLI Configuration Guide
Alcatel-Lucent
N
ETWORK
S
ECURITY
- A
N
OVERVIEW
With Internet access provided to most private networks, many become reachable
for anyone wanting to gain access to such a private network. Besides legitimate
access being made available for conducting business, this also opens the door for
malicious access into private networks.
To circumvent such access, it is imperative for a network administrator to secure
his network perimeter and guard access to areas of the network containing
sensitive information, while not hampering applications such as e-mail and web
server access. Since, network routers connecting a private network to the Internet
are the entry points into the private network, these devices need to be included in
securing the network perimeter.
Computing systems belonging to a single organization or department that allow
complete unrestricted sharing of information, where the users are authorized and
identified, are said to belong to a "
Trusted Zone
". In the interest of network
security, all the other networks and users outside of the "trusted zone" are said to
belong to an "
Untrusted Zone
". Most corporate networks need to access the
Internet for retrieving information and the Internet is treated as an "untrusted
zone".
Communication between the trusted and untrusted zones needs to be authorized,
controlled, and monitored in effective yet transparent ways, so that malevolent
entities do not have access to the information that is privileged and sensitive.
Mechanisms that allow administrators to enforce such a regulation are called
Firewalls.
A firewall is a network element that uses a combination of hardware and software
intelligence to filter traffic between this trusted and untrusted zones. Firewalls can
monitor the flow of traffic, and decide to either permit or deny the communication
that is being attempted. Administrators define what are called access "
policies
"
on Firewalls, where policies are a set of rules defining the types of traffic that may
be permitted or denied. The policy specifies a packet-matching criteria to be
based on the source IP address of the packet, the destination IP address, the
source port number, the destination port number (for protocols which support
ports) or even the packet type (UDP, TCP, ICMP, etc.). These fields are called
"
Classifier fields
".
These security policies envisage the use of firewalls in different topologies. Before
looking at these topologies, it is imperative to familiarize with some important
firewall terminologies described below.
•
“Network Security Terminologies”
•
“Firewall Mechanisms”
•
“Before You Configure Filters and Firewalls”
•
“OA-700 Specific Overview”
Содержание OmniAccess 700
Страница 38: ...Left running head Chapter name automatic 12 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 176: ...Left running head Chapter name automatic 150 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 224: ...Per VLAN Spanning Tree Left running head Chapter name automatic 198 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 258: ...Port Monitoring Left running head Chapter name automatic 232 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 260: ...Left running head Chapter name automatic 234 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 296: ...T1E1 Line Card Left running head Chapter name automatic 270 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 360: ...Point to Point Protocol Left running head Chapter name automatic 334 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 434: ...Left running head Chapter name automatic 408 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 462: ...Common Classifiers Left running head Chapter name automatic 436 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 464: ...Left running head Chapter name automatic 438 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 534: ...Border Gateway Protocol Left running head Chapter name automatic 508 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 638: ...Left running head Chapter name automatic 612 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 762: ...Filter and Firewall Left running head Chapter name automatic 736 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 890: ...Transparent Firewall Left running head Chapter name automatic 864 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 940: ...Left running head Chapter name automatic 914 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1000: ...Quality of Service Left running head Chapter name automatic 974 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1002: ...Left running head Chapter name automatic 976 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1044: ...DNS Domain Name Service Client Left running head Chapter name automatic 1018 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1046: ...Left running head Chapter name automatic 1020 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1058: ...Left running head Chapter name automatic 1032 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1074: ...Lifeline Left running head Chapter name automatic 1048 Beta Beta CLI Configuration Guide Alcatel Lucent line con 0 end ...
Страница 1076: ...Left running head Chapter name automatic 1050 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1118: ...Web Cache Server Left running head Chapter name automatic 1092 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1120: ...Left running head Chapter name automatic 2 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1140: ...QoS Values and Mnemonics Left running head Chapter name automatic 22 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1156: ...IPsec Interoperability of OA 700 Left running head Chapter name automatic 38 Beta Beta CLI Configuration Guide Alcatel Lucent ...