P-661HNU Series Support Notes
18
All contents copyright © 2010 ZyXEL Communications Corporation.
Stateful Inspection Firewalls restrict access by screening data packets against
defined access rules. They make access control decisions based on IP
address and protocol. They also 'inspect' the session data to assure the
integrity of the connection and to adapt to dynamic protocols. The flexible
nature of Stateful Inspection firewalls generally provides the best speed and
transparency, however, they may lack the granular application level access
control or caching that some proxies support.
4. What kind of firewall is the P-661HNU-Fx?
1. The P-661HNU-Fx's firewall inspects packets contents and IP headers.
It is applicable to all protocols, that understands data in the packet is
intended for other layers, from network layer up to the application layer.
2. The P-661HNU-Fx's firewall performs stateful inspection. It takes into
account the state of connections it handles so that, for example, a
legitimate incoming packet can be matched with the outbound request
for that packet and allowed in. Conversely, an incoming packet
masquerading as a response to a nonexistent outbound request can be
blocked.
3. The P-661HNU-Fx's firewall uses session filtering, i.e., smart rules, that
enhance the filtering process and control the network session rather
than control individual packets in a session.
4. The P-661HNU-Fx's firewall is fast. It uses a hashing function to search
the matched session cache instead of going through every individual
rule for a packet.
5. Why do you need a firewall when your router has NAT built-in?
With the spectacular growth of the Internet and online access, companies that
do business on the Internet face greater security threats. Although NAT restrict
access to particular computers and networks, however, for the other
companies this security may be insufficient, but firewall can maintain session
state. Thus, for greater security, a firewall is considered.
6. What is Denials of Service (DoS) attack?
Denial of Service (DoS) attacks are aimed at devices and networks with a
connection to the Internet. Their goal is not to steal information, but to disable
a device or network so users no longer have access to network resources.
There are four types of DoS attacks:
1. Those that exploits bugs in a TCP/IP implementation such as Ping of
Death and Teardrop.