Security 13-133
■
Discarded if all the filters are configured to pass (for ward)
■
Discarded if the set contains a combination of pass and discard filters
Disadvantages of filters
Although using filter sets can greatly enhance network security, there are disadvantages:
■
Filters are complex. Combining them in filter sets introduces subtle interactions, increasing the likelihood
of implementation errors.
■
Enabling a large number of filters can have a negative impact on per formance. Processing of packets will
take longer if they have to go through many checkpoints.
■
Too much reliance on packet filters can cause too little reliance on other security methods. Filter sets are
not
a substitute for password protection, effective safeguarding of passwords, caller ID, the “must match”
option in the answer profile, PAP or CHAP in connection profiles, callback, and general awareness of how
your network may be vulnerable.
An approach to using filters
The ultimate goal of network security is to prevent unauthorized access to the network without compromising
authorized access. Using filter sets is par t of reaching that goal.
Each filter set you design will be based on one of the following approaches:
■
That which is not expressly prohibited is permitted.
■
That which is not expressly permitted is prohibited.
It is strongly recommended that you take the latter, and safer, approach to all of your filter set designs.
Working with IP filters and filter sets
To work with filters and filter sets, begin by accessing the filter set screens.
Note:
Make sure you understand how filters work before attempting to use them. Read the section
“About
filters and filter sets,” beginning on page 13-126
.
Main
Menu
System
Configuration
Filter
Sets
IP Filter Sets
Содержание R910
Страница 1: ...Netopia R910 Ethernet Router for DSL and Cable Modems User s Reference Guide ...
Страница 22: ...4 22 User s Reference Guide ...
Страница 30: ...5 30 User s Reference Guide ...
Страница 122: ...12 122 User s Reference Guide ...
Страница 172: ...A 172 User s Reference Guide ...
Страница 186: ...B 186 User s Reference Guide ...
Страница 200: ...E 200 User s Reference Guide ...
Страница 204: ...F 204 User s Reference Guide ...