159
D.3 Firewall Basics
D.3.1 What is a Firewall?
Firewalls prevent unauthorized Internet users from accessing private networks
connected to the Internet. All messages entering or leaving the intranet pass
through the firewall, which examines each message and blocks those that do not
meet the specified security criteria. With the functionality of a NAT router, the
firewall adds features that deal with outside Internet intrusion and attacks. When an
attack or intrusion is detected, the firewall can be configured to log the intrusion
attempt, and can also notify the administrator of the incident. With this information,
the administrator can work with the ISP to take action against the hacker. Against
some types of attacks, the firewall can discard intruder packets, thereby fending off
the hacker from the private network.
D.3.1.1 Stateful Packet Inspection
BiGuard 30 uses Stateful Packet Inspection (SPI) to protect your network from
intrusions and attacks. Unlike less sophisticated Internet sharing routers, SPI
ensures secure firewall filtering by intercepting incoming packets at the network
layer, and analyzing them for state-related information that is associated with all
network connections. User-level applications such as Web browsers and FTP can
make complex network traffic patterns, which BiGuard 30 analyzes by looking at
groups of connection states.
All state information is stored in a central cache. Traffic passing through the firewall
is analyzed against these states, and then is either allowed to pass through or
rejected.
D.3.1.2 Denial of Service (DoS) Attack
A hacker may be able to prevent your network from operating or communicating by
launching a Denial of Service (DoS) attack. The method used for such an attack can
be as simple as merely flooding your site with more requests than it can handle. A
more sophisticated attack may attempt to exploit some weakness in the operating
system used by your router or gateway. Some operating systems can be disrupted
by simply sending a packet with incorrect length information.
Содержание BiGuard 30
Страница 1: ...BiGuard 30 iBusiness Security Gateway SMB User s Manual Version Release 5 00 FW 1 03...
Страница 46: ...46 2 Double click the Network icon The Network window displays a list of installed components...
Страница 48: ...48 c Select the manufacturer and model of your Ethernet adapter then click OK If you need TCP IP a Click Add...
Страница 51: ...51 2 In the Control Panel double click Network and choose the Configuration tab...
Страница 171: ...171 Main Aggressive mode peer ID is identifier string ISAKMP SA Established IPsec SA Established...
Страница 182: ...182 Step 4 From the same menu set the WAN2 DDNS settings Step 5 Click Save Config to save all changes to flash memory...
Страница 190: ...190 Step 4 Go to Configuration Advanced Dynamic DNS and input the dynamic DNS settings for WAN1 and WAN2 WAN1...
Страница 191: ...191 WAN 2 Step 5 Go to Configuration Virtual Server and set up a virtual server for both FTP and HTTP...
Страница 207: ...207 Step10 Input PPTP Server Address and press Next Step11 Please press Finish...
Страница 211: ...211 Step5 In another BiGuard as Client Go to Configuration WAN ISP Settings Step6 Click Apply and Save CONFIG...