Selecting a Firewall Gilbert Held

Size: px
Start display at page:

Download "51-30-10 Selecting a Firewall Gilbert Held"

Transcription

1 Selecting a Firewall Gilbert Held Payoff Although a company may reap significant benefits from connecting to a public network such as the Internet, doing so can sometimes compromise the security of a private network. This article discusses two types of firewalls that provide security by creating barriers between networks. Firewall solutions for three common network scenarios are also discussed. Introduction A firewall is a combination of hardware and software that functions as a programmable barrier to the flow of data between two or more networks. Those networks can be public, private, or a combination of the two. The hardware platform used to construct a firewall depends on the configuration of networks the firewall will protect. Bridge-Based Firewalls If a firewall is required to function as a barrier between two private local area networks (LANs) operating within the same building, a bridge hardware platform may be sufficient. Exhibit 1a illustrates the use of a firewall-based bridge to both interconnect two LANs and function as a programmable barrier between the flow of data from one LAN to another. The firewall obtains barrier capability through packet filtering. Using Bridge-Based Firewalls Packet Filtering When operating on a bridge platform that uses Media Access Control packet addresses as decision criteria for forwarding a packet from one LAN to another, the software in the firewall supersedes the bridging operation. That is, the firewall enables or disables the flow of packets from one network to another according to the packet-filtering criteria previously established. For example, one or more source or destination addresses or groups of addresses could be barred from traversing from one network to another. When operating on a bridge platform, a firewall's filtering capability is limited to source and destination addresses. A firewall cannot make decisions based on the application or any other criteria. This limitation is the result of a requirement for additional filtering to occur at the network layer while the bridge operates at the data link layer. Although filtering is limited, a bridge-based firewall is suitable for many intracompany applications. For example, the use of packet filtering can prevent specific users on one network from attempting to access a print or file server on another network. Although packet filtering is no substitute for password protection for controlling access to servers, it can be used to thwart attempts by users of one network to access resources of another network. Because every query requires a response, using packet filtering to block access requests also reduces intralan communications, which can eliminate or reduce bottlenecks when remote bridges are used to interconnect

2

3 geographically separated LANs. By using a remote bridge-based firewall at each location, users can obtain a degree of control over intralan communications. Exhibit 1b illustrates the use of a remote bridge-based firewall. The connection of geographically separated LANs by remote bridge-based firewalls requires two firewall operations to effectively limit the communications flow on the WAN. If filtering occurs at only one end of the WAN transmission path, a conventional remote bridge can permit all packets with unknown destination addresses to be transmitted over the WAN to the other LAN. Thus, implementing packet filtering on both remote bridges can effectively reduce the traffic over lower-speed WAN circuits in addition to serving as a barrier to unwanted transmission. Router-Based Firewalls A more sophisticated type of firewall, the router-based firewall, is used with a router hardware platform. Unlike a bridge, which operates at the data link layer, a router operates at the network layer. Instead of making forwarding decisions based on the destination address in a packet (as performed by a bridge, without filtering), a router makes decisions that are based on a variety of information that can be included in the network header. In addition, most routers support multiple protocols, such as NetWare Internet Packet Exchange (IPX), Transmission Control Protocol and Internet Protocol (TCP/IP), and Systems Network Architecture(SNA). Routers may support System Network Architecture by using a passthrough facility, encapsulating SNA into TCP/IP, or using IBM Corp.'s recently introduced data link switching to route SNA traffic. Because the Internet Protocol (IP) includes port numbers that define applications such as , Telnet, rlogin, and File Transfer Protocol, it is important that users consider the routerbased firewall's ability to filter using protocol addresses as well as logical port numbers that equate to distinct applications. Exhibit 2a illustrates the use of a router to provide a connection from an organization's Ethernet LAN to the Internet. In this example, the actual connection to the Internet was obtained from an Internet Access Provider. In many instances theinternet access provider furnishes both the router and the connection to the Internet. Thus, many organizations may want to examine the filtering capability of the router bundled with Internet access. Connecting a Corporate LAN to the Internet If the filtering capability is not sufficient to satisfy its communications requirements, an organization may want to install a router-based firewall between the network and the router from the access provider as an additional level of protection. This situation is illustrated in Exhibit 2b. Although the use of a firewall as illustrated in Exhibit 2b appears similar to the use of a router's built-in filtering, there can be enough differences between the two methods to justify the use of a standalone router-based firewall. The examples in the following section explain why some routers may be incapable of providing the level of filtering an organization requires. Examples of Filtering Filtering is required to make certain corporate networking functions more secure for example, employee access to the Internet, employee access to File Transfer Protocol

4

5 servers on the Internet, and customer access to files on a company's file transfer protocol (FTP) server. This section describes examples of each of these functions. Corporate Internet Access In the first example, an organization's Internet connection has been established to permit employees connected to the Ethernet to send and receive over the Internet. The users want to establish a file transfer protocol (FTP) server on their LAN that allows customers to access and retrieve information concerning price quotes, technical bulletins, and similar company information. Although the network manager wants workstation users on the company LAN to use file transfer protocol (FTP) to access file transfer protocol (FTP) servers on the Internet, the manager also wants to limit file transfer protocol (FTP) access to the LAN to customers only. Some routers with a built-in filtering capability permit anything not explicitly precluded. Other routers with a built-in filtering capability operate on the assumption that nothing is permitted unless allowed. This second type of router is less frequently encountered because it requires a more sophisticated degree of filtering and a significant amount of memory to hold permissions rather than exceptions. This type of filtering is usually encountered in router-based firewalls that, as a security precaution, only permit explicitly defined operations. Because the organization wants to transmit over the Internet, certain filtering actions are required. Because the simple mail transport protocol (SMTP) is used to transport as an IP application using port 25, filters should be set using that port assignment. If the router precludes all operations unless explicitly permitted, the following filter actions should be entered: Action Port Source Destination Inbound/Outbound Allow 25 * * Inbound Allow 25 * * Outbound The asterisk (*) functions as a global wildcard permitting any address for source or destination. Thus, the first filter allows inbound traffic using port 25 from any destination address to any source address. The second filter permits outbound using port 25 from any source address to any destination address. The combination of the two filters permits from any user on the Internet to reach any user on the company LAN and vice versa. If the company LAN were using a router that allows all operations that are not precluded, users would not have to enter any filters to use . Employee Access to FTP Servers on the Internet Once the organization's filtering requirements have been satisfied, its file transfer protocol (FTP) requirements should be evaluated. If the router a company is using precludes all operations other than those explicitly permitted, specific filtering is required. Because file transfer protocol (FTP) uses port 21 to transmit control information outbound and port 20 for the actual inbound file transfer, filtering is required to allow organizational users Internet file transfer protocol (FTP) access. To satisfy this requirement, an organization should set up the following filters: Action Port Source Destination Inbound/Outbound Allow 21 * * Outbound Allow 25 * * Inbound

6 The first filter permits any user on the LAN to initiate an file transfer protocol (FTP) request on port 21 to any destination address. The second filter permits files requested through an action on port 25 to flow inbound from any source address on the Internet to any destination address on the LAN. This action establishes the filters necessary for LAN users to access any file transfer protocol (FTP) server on the Internet. Letting Customers Access Files on the Company's FTP Server An organization should decide which filters are required so that selected customers can access files on the organization's file transfer protocol (FTP) server. It is important that the network administrator keep in mind one of the key limitations associated with many routers: their inability to support more than a few filters. An organization may want to contact customers to obtain their network addresses, either as a single workstation address representing one computer required to access the organization's File Transfer Protocol server or as a block of addresses representing a group of workstations at a customer site requiring access to the organization's file transfer protocol (FTP) server. For each customer, filters should take the following form: Action Port Source Destination Inbound/Outbound Allow 21 Address FTPA Inbound Allow 25 FTPA Address Outbound Here, FTPA represents the organization's file transfer protocol (FTP) server address, and Address represents either a customer's single workstation address or block of workstation addresses. Thus, the preceding filters would: Allow inbound traffic on port 21 from the defined source address or group of addresses to the organization's file transfer protocol (FTP) server address. Allow outbound traffic on port 25 from the organization's file transfer protocol (FTP) server address to the destination address or block of destination addresses. If, for example, an organization has 60 customers, the setup of a minimum of 120 filters would be necessary for there to be file transfer protocol (FTP) access from customers. If each customer had several workstations that required access to the company file transfer protocol (FTP) server and each address was noncontiguous, a pair of filters would have to be set up for each workstation. Thus, two workstations per customer requiring access to the organization's File Transfer Protocol server would require the setup of 60* 2 * 2 or 240 filters; three workstations per customer would require 360 filters to be set up, and so on. If the router only supports the use of a handful of filter operations because of memory constraints, an organization will probably need to use a router-based firewall to implement filtering requirements. Most router-based firewalls support the use of hundreds to thousands of filters. However, because each filter requires the router to perform a series of comparison operations, the more filters used, the lower the level of router throughput that can be obtained. Vendor performance specifications should be carefully considered because some firewalls can become network bottlenecks when as few as 50 filters are enabled. Other firewalls may support the use of hundreds of filters before performance is significantly effected.

7 Conclusion Two types of firewalls should be considered to protect the network resources of an organization. In brief: Bridge-based firewalls should be considered if an organization wants to control the flow of information between LANs that are interconnected or can be interconnected by bridges. If an organization wants to connect its private network to a public network, it should consider the use of a router-based firewall to obtain network protection. By carefully examining the filtering capability of a firewall, including its ability to enable or disable the flow of packets based on source addresses, destination addresses, and logical ports, a barrier can be obtained that provides a satisfactory measure of security. Although the filtering capability of a firewall is its primary evaluation feature, other features should be considered before selecting this type of communications product. Exhibit 3 lists some of the additional features of a router-based firewall. This checklist can be used as a basis for comparing vendor products to company requirements. Router-Based Firewall Features Feature Requirement Vendor A Vendor B Filter Construction Number supported Binary linkage LAN Support Token Ring Ethernet Protocol Support TCP/IP IPX SPX RIP SLIP Other WAN Support RS232 V.35 RS-449 Other Author Biographies Gilbert Held Gilbert Held is director of 4-Degree Consulting, a Macon GA-based high-tech consulting group. He is an internationally recognized author and lecturer, having written more than 40 books and 300 technical articles. He earned a BSEE from Pennsylvania Military College, an MSEE from New York University, and MBA and MSTM degrees from The American

8 University. He has represented the US at technical conferences in Moscow and Jerusalem and received numerous awards for excellence in technical writing.

52-20-16 Using RMON to Manage Remote Networks Gilbert Held

52-20-16 Using RMON to Manage Remote Networks Gilbert Held 52-20-16 Using RMON to Manage Remote Networks Gilbert Held Payoff By standardizing the management information base (MIB) for Ethernet and Token Ring LANs, a network administrator can use the management

More information

NETWORK BASELINING AS A PLANNING TOOL

NETWORK BASELINING AS A PLANNING TOOL 50-40-02 DATA COMMUNICATIONS MANAGEMENT NETWORK BASELINING AS A PLANNING TOOL Gilbert Held INSIDE Baselining Tools and Techniques, SimpleView, NEWT, EtherVision, Foundation Manager INTRODUCTION Baselining

More information

UPPER LAYER SWITCHING

UPPER LAYER SWITCHING 52-20-40 DATA COMMUNICATIONS MANAGEMENT UPPER LAYER SWITCHING Gilbert Held INSIDE Upper Layer Operations; Address Translation; Layer 3 Switching; Layer 4 Switching OVERVIEW The first series of LAN switches

More information

PROTECTING NETWORKS WITH FIREWALLS

PROTECTING NETWORKS WITH FIREWALLS 83-10-44 DATA SECURITY MANAGEMENT PROTECTING NETWORKS WITH FIREWALLS Gilbert Held INSIDE Connecting to the Internet; Router Packet Filtering; Firewalls; Address Hiding; Proxy Services; Authentication;

More information

Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets

Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Device Interface

More information

51-30-60 DATA COMMUNICATIONS MANAGEMENT. Gilbert Held INSIDE

51-30-60 DATA COMMUNICATIONS MANAGEMENT. Gilbert Held INSIDE 51-30-60 DATA COMMUNICATIONS MANAGEMENT PROTECTING A NETWORK FROM SPOOFING AND DENIAL OF SERVICE ATTACKS Gilbert Held INSIDE Spoofing; Spoofing Methods; Blocking Spoofed Addresses; Anti-spoofing Statements;

More information

83-20-10 Secure Data Center Operations Gilbert Held Payoff

83-20-10 Secure Data Center Operations Gilbert Held Payoff 83-20-10 Secure Data Center Operations Gilbert Held Payoff The data center stores information necessary for the effective and efficient operation of the entire organization. Loss of this data, conveyance

More information

51-30-21 Selecting a Web Server Connection Rate Gilbert Held

51-30-21 Selecting a Web Server Connection Rate Gilbert Held 51-30-21 Selecting a Web Server Connection Rate Gilbert Held Payoff Determining the best operating rate for a WAN connection to the Internet is a common problem for organizations wishing to obtain a presence

More information

Introduction to LAN Protocols

Introduction to LAN Protocols CHAPTER 2 Chapter Goals Learn about different LAN protocols. Understand the different methods used to deal with media contention. Learn about different LAN topologies. This chapter introduces the various

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin 2008 Course Technology Learning Objectives Describe packets and packet filtering

More information

The OSI Model and the TCP/IP Protocol Suite. Pritee Parwekar ANITS 1

The OSI Model and the TCP/IP Protocol Suite. Pritee Parwekar ANITS 1 The OSI Model and the TCP/IP Protocol Suite Pritee Parwekar ANITS 1 To study To discuss the idea of multiple layering in data communication and networking and the interrelationship between layers. To discuss

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

Overview - Using ADAMS With a Firewall

Overview - Using ADAMS With a Firewall Page 1 of 6 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX APPENDIX A Introduction Understanding TCP/IP To fully understand the architecture of Cisco Centri Firewall, you need to understand the TCP/IP architecture on which the Internet is based. This appendix

More information

Operating System Concepts. Operating System 資 訊 工 程 學 系 袁 賢 銘 老 師

Operating System Concepts. Operating System 資 訊 工 程 學 系 袁 賢 銘 老 師 Lecture 7: Distributed Operating Systems A Distributed System 7.2 Resource sharing Motivation sharing and printing files at remote sites processing information in a distributed database using remote specialized

More information

Overview - Using ADAMS With a Firewall

Overview - Using ADAMS With a Firewall Page 1 of 9 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular

More information

Cisco Configuring Commonly Used IP ACLs

Cisco Configuring Commonly Used IP ACLs Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,

More information

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 Introduction: A computer firewall protects computer networks from unwanted intrusions which could compromise confidentiality

More information

PART OF THE PICTURE: The TCP/IP Communications Architecture

PART OF THE PICTURE: The TCP/IP Communications Architecture PART OF THE PICTURE: The / Communications Architecture 1 PART OF THE PICTURE: The / Communications Architecture BY WILLIAM STALLINGS The key to the success of distributed applications is that all the terminals

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Data Communication Networks and Converged Networks

Data Communication Networks and Converged Networks Data Communication Networks and Converged Networks The OSI Model and Encapsulation Layer traversal through networks Protocol Stacks Converged Data/Telecommunication Networks From Telecom to Datacom, Asynchronous

More information

A Heterogeneous Internetworking Model with Enhanced Management and Security Functions

A Heterogeneous Internetworking Model with Enhanced Management and Security Functions Session 1626 A Heterogeneous Internetworking Model with Enhanced Management and Security Functions Youlu Zheng Computer Science Department University of Montana Yan Zhu Sybase, Inc. To demonstrate how

More information

Access Control Lists: Overview and Guidelines

Access Control Lists: Overview and Guidelines Access Control Lists: Overview and Guidelines Cisco provides basic traffic filtering capabilities with access control lists (also referred to as access lists). Access lists can be configured for all routed

More information

AS/400e. TCP/IP routing and workload balancing

AS/400e. TCP/IP routing and workload balancing AS/400e TCP/IP routing and workload balancing AS/400e TCP/IP routing and workload balancing Copyright International Business Machines Corporation 2000. All rights reserved. US Government Users Restricted

More information

Firewalls (IPTABLES)

Firewalls (IPTABLES) Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context

More information

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer

More information

The OSI Model and the TCP/IP Protocol Suite. TCP/IP Protocol Suite 1

The OSI Model and the TCP/IP Protocol Suite. TCP/IP Protocol Suite 1 The OSI Model and the TCP/IP Protocol Suite TCP/IP Protocol Suite 1 To discuss the idea of multiple layering in data communication and networking and the interrelationship between layers. To discuss the

More information

Lecture (02) Networking Model (TCP/IP) Networking Standard (OSI) (I)

Lecture (02) Networking Model (TCP/IP) Networking Standard (OSI) (I) Lecture (02) Networking Model (TCP/IP) Networking Standard (OSI) (I) By: Dr. Ahmed ElShafee ١ Dr. Ahmed ElShafee, ACU : Fall 2015, Networks II Agenda Introduction to networking architecture Historical

More information

MANAGEMENT INFORMATION SYSTEMS 8/E

MANAGEMENT INFORMATION SYSTEMS 8/E MANAGEMENT INFORMATION SYSTEMS 8/E Raymond McLeod, Jr. and George Schell Chapter 10 Data Communications Copyright 2001 Prentice-Hall, Inc. 10-1 Objectives Understand data communication basics. Know the

More information

Computer Networks Vs. Distributed Systems

Computer Networks Vs. Distributed Systems Computer Networks Vs. Distributed Systems Computer Networks: A computer network is an interconnected collection of autonomous computers able to exchange information. A computer network usually require

More information

Stateful Inspection Technology

Stateful Inspection Technology Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions

More information

83-10-41 Types of Firewalls E. Eugene Schultz Payoff

83-10-41 Types of Firewalls E. Eugene Schultz Payoff 83-10-41 Types of Firewalls E. Eugene Schultz Payoff Firewalls are an excellent security mechanism to protect networks from intruders, and they can establish a relatively secure barrier between a system

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

Chapter 14: Distributed Operating Systems

Chapter 14: Distributed Operating Systems Chapter 14: Distributed Operating Systems Chapter 14: Distributed Operating Systems Motivation Types of Distributed Operating Systems Network Structure Network Topology Communication Structure Communication

More information

Network+ Guide to Networks, Fourth Edition. Chapter 7 WANs, Internet Access, and Remote Connectivity. Objectives

Network+ Guide to Networks, Fourth Edition. Chapter 7 WANs, Internet Access, and Remote Connectivity. Objectives Network+ Guide to Networks, Fourth Edition Chapter 7 WANs, Internet Access, and Remote Connectivity Objectives Identify a variety of uses for WANs Explain different WAN topologies, including their advantages

More information

The OSI Model: Understanding the Seven Layers of Computer Networks

The OSI Model: Understanding the Seven Layers of Computer Networks Rab Nawaz Khan Jadoon Lecturer Department of Computer Sciences COMSATS Institute of Information Technology, Lahore, Pakistan Email: rabnawaz@ciitlahore.edu.pk Home: http://jadoon956.wordpress.com The OSI

More information

1. What was the first type of microcomputer network to be implemented? A. MAN B. WAN C. LAN D. PAN

1. What was the first type of microcomputer network to be implemented? A. MAN B. WAN C. LAN D. PAN CCNA 1 Module 2 1. What was the first type of microcomputer network to be implemented? A. MAN B. WAN C. LAN D. PAN 2. Using modem connections, how many modems would it take to allow connections from ten

More information

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009 Systems Development Proposal Scott Klarman March 15, 2009 Systems Development Proposal Page 2 Planning Objective: RAS Associates will be working to acquire a second location in Detroit to add to their

More information

The OSI Model and the TCP/IP Protocol Suite

The OSI Model and the TCP/IP Protocol Suite The OSI Model and the TCP/IP Protocol Suite 1 Example 1 Assume Maria and Ann are neighbors with a lot of common ideas. However, Maria speaks only Spanish, and Ann speaks only English. Since both have learned

More information

iseries TCP/IP routing and workload balancing

iseries TCP/IP routing and workload balancing iseries TCP/IP routing and workload balancing iseries TCP/IP routing and workload balancing Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users Restricted

More information

Computer Networks. Definition of LAN. Connection of Network. Key Points of LAN. Lecture 06 Connecting Networks

Computer Networks. Definition of LAN. Connection of Network. Key Points of LAN. Lecture 06 Connecting Networks Computer Networks Lecture 06 Connecting Networks Kuang-hua Chen Department of Library and Information Science National Taiwan University Local Area Networks (LAN) 5 kilometer IEEE 802.3 Ethernet IEEE 802.4

More information

NZQA Expiring unit standard 6857 version 4 Page 1 of 5. Demonstrate an understanding of local and wide area computer networks

NZQA Expiring unit standard 6857 version 4 Page 1 of 5. Demonstrate an understanding of local and wide area computer networks Page 1 of 5 Title Demonstrate an understanding of local and wide area computer networks Level 7 Credits 10 Purpose People credited with this unit standard are able to: describe network types and standards;

More information

Overview. Firewall Security. Perimeter Security Devices. Routers

Overview. Firewall Security. Perimeter Security Devices. Routers Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security

More information

1 combine the characteristics of bridges and routers. 2 Repeaters operate at which OSI layer?

1 combine the characteristics of bridges and routers. 2 Repeaters operate at which OSI layer? Review questions 1 combine the characteristics of bridges and routers. Brouters 2 Repeaters operate at which OSI layer? 3 Repeaters are typically used on what type of network? A Bus B Star C Ring D Hybrid

More information

INTRODUCTION TO VOICE OVER IP

INTRODUCTION TO VOICE OVER IP 52-30-20 DATA COMMUNICATIONS MANAGEMENT INTRODUCTION TO VOICE OVER IP Gilbert Held INSIDE Equipment Utilization; VoIP Gateway; Router with Voice Modules; IP Gateway; Latency; Delay Components; Encoding;

More information

cnds@napier Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer)

cnds@napier Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer) Slide 1 Introduction In today s and next week s lecture we will cover two of the most important areas in networking and the Internet: IP and TCP. These cover the network and transport layer of the OSI

More information

UIP1868P User Interface Guide

UIP1868P User Interface Guide UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting

More information

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming

More information

NETWORK SECURITY 10.1 ROUTERS

NETWORK SECURITY 10.1 ROUTERS Internetworking LANs and WANs: Concepts, Techniques and Methods. Second Edition. Gilbert Held Copyright & 1993, 1998 John Wiley & Sons Ltd Print ISBN 0-471-97514-1 Online ISBN 0-470-84155-9 10 NETWORK

More information

Security threats and network. Software firewall. Hardware firewall. Firewalls

Security threats and network. Software firewall. Hardware firewall. Firewalls Security threats and network As we have already discussed, many serious security threats come from the networks; Firewalls The firewalls implement hardware or software solutions based on the control of

More information

Basic Network Configuration

Basic Network Configuration Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the

More information

How To Understand and Configure Your Network for IntraVUE

How To Understand and Configure Your Network for IntraVUE How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of

More information

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance CHAPTER 4 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance This chapter describes how to configure the switch ports and VLAN interfaces of the ASA 5505 adaptive

More information

Chapter 16: Distributed Operating Systems

Chapter 16: Distributed Operating Systems Module 16: Distributed ib System Structure, Silberschatz, Galvin and Gagne 2009 Chapter 16: Distributed Operating Systems Motivation Types of Network-Based Operating Systems Network Structure Network Topology

More information

Networking TCP/IP routing and workload balancing

Networking TCP/IP routing and workload balancing System i Networking TCP/IP routing and workload balancing Version 5 Release 4 System i Networking TCP/IP routing and workload balancing Version 5 Release 4 Note Before using this information and the product

More information

Internet Concepts. What is a Network?

Internet Concepts. What is a Network? Internet Concepts Network, Protocol Client/server model TCP/IP Internet Addressing Development of the Global Internet Autumn 2004 Trinity College, Dublin 1 What is a Network? A group of two or more devices,

More information

Introduction to Computer Networks and Data Communications

Introduction to Computer Networks and Data Communications Introduction to Computer Networks and Data Communications Chapter 1 Learning Objectives After reading this chapter, you should be able to: Define the basic terminology of computer networks Recognize the

More information

Module 15: Network Structures

Module 15: Network Structures Module 15: Network Structures Background Topology Network Types Communication Communication Protocol Robustness Design Strategies 15.1 A Distributed System 15.2 Motivation Resource sharing sharing and

More information

Multi-Homing Dual WAN Firewall Router

Multi-Homing Dual WAN Firewall Router Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet

More information

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01 JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT Test Code: 4514 Version: 01 Specific Competencies and Skills Tested in this Assessment: PC Principles Identify physical and equipment

More information

Communications and Computer Networks

Communications and Computer Networks SFWR 4C03: Computer Networks and Computer Security January 5-8 2004 Lecturer: Kartik Krishnan Lectures 1-3 Communications and Computer Networks The fundamental purpose of a communication system is the

More information

Proxy Server, Network Address Translator, Firewall. Proxy Server

Proxy Server, Network Address Translator, Firewall. Proxy Server Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

ESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK

ESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK Contemporary Control Systems, Inc. Understanding Ethernet Switches and Routers This extended article was based on a two-part article that was

More information

87-01-30 Secure External Network Communications Lynda L. McGhie Payoff

87-01-30 Secure External Network Communications Lynda L. McGhie Payoff 87-01-30 Secure External Network Communications Lynda L. McGhie Payoff Large organizations must be able to communicate with external suppliers, partners, and customers. Implementation of bidirectional

More information

NetFlow Subinterface Support

NetFlow Subinterface Support NetFlow Subinterface Support Feature History Release Modification 12.2(14)S This feature was introduced. 12.2(15)T This feature was integrated into Cisco IOS Release 12.2 T. This document describes the

More information

Logical & Physical Security

Logical & Physical Security Building a Secure Ethernet Environment By Frank Prendergast Manager, Network Certification Services Schneider Electric s Automation Business North Andover, MA The trend toward using Ethernet as the sole

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

ERserver. iseries. TCP/IP routing and workload balancing

ERserver. iseries. TCP/IP routing and workload balancing ERserver iseries TCP/IP routing and workload balancing ERserver iseries TCP/IP routing and workload balancing Copyright International Business Machines Corporation 1998, 2001. All rights reserved. US

More information

Introduction to Local Area Networks

Introduction to Local Area Networks For Summer Training on Computer Networking visit Introduction to Local Area Networks Prepared by : Swapan Purkait Director Nettech Private Limited swapan@nettech.in + 91 93315 90003 Introduction A local

More information

The TCP/IP Reference Model

The TCP/IP Reference Model The TCP/IP Reference Model The TCP/IP Model Comparison to OSI Model Example Networks The TCP/IP Model Origins from ARPANET, DoD research network ARPA - Advanced Research Projects Agency Reliability was

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Fig. 4.2.1: Packet Filtering

Fig. 4.2.1: Packet Filtering 4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the

More information

Contents. Introduction

Contents. Introduction viii Contents Introduction xix Chapter 1 Design Goals 2 Do I Know This Already? Quiz 3 Foundation Topics 6 Customer Objectives 6 Business Requirements of the Customer 6 Technical Requirements of the Customer

More information

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] Topic break down Topic No. of Questions Topic 1: Network Architecture 183 Topic 2: Network Operations 149

More information

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various

More information

COMPUTER NETWORK TECHNOLOGY (300)

COMPUTER NETWORK TECHNOLOGY (300) Page 1 of 10 Contestant Number: Time: Rank: COMPUTER NETWORK TECHNOLOGY (300) REGIONAL 2014 TOTAL POINTS (500) Failure to adhere to any of the following rules will result in disqualification: 1. Contestant

More information

Networking Basics for Automation Engineers

Networking Basics for Automation Engineers Networking Basics for Automation Engineers Page 1 of 10 mac-solutions.co.uk v1.0 Oct 2014 1. What is Transmission Control Protocol/Internet Protocol (TCP/IP)------------------------------------------------------------

More information

IMPLEMENTING AND SUPPORTING EXTRANETS

IMPLEMENTING AND SUPPORTING EXTRANETS 87-10-18 DATA SECURITY MANAGEMENT IMPLEMENTING AND SUPPORTING EXTRANETS Phillip Q. Maier INSIDE Extranet Architectures; Router-Based Extranet Architecture; Application Gateway Firewalls; Scalability; Multi-homed

More information

Firewall Design Principles Firewall Characteristics Types of Firewalls

Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008

More information

52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller

52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller 52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller Payoff The Remote Monitoring (RMON) Management Information Base (MIB) is a set of object definitions that extend the capabilities

More information

GeorgeAlmeida.com. Learn IP Subnetting in 15 minutes

GeorgeAlmeida.com. Learn IP Subnetting in 15 minutes GeorgeAlmeida.com Learn IP Subnetting in 15 minutes George Almeida 3-8-2015 Contents Preface... 2 Terms and Definitions... 3 Introduction... 3 Obtaining an IP Address for the Internet... 4 Verifying TCP/IP

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

Chapter 2. The OSI Model and the TCP/IP Protocol Suite

Chapter 2. The OSI Model and the TCP/IP Protocol Suite Chapter 2 The OSI Model and the TCP/IP Protocol Suite TCP/IP Protocol Suite 1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter Outline TCP/IP Protocol

More information

Protocol Data Units and Encapsulation

Protocol Data Units and Encapsulation Chapter 2: Communicating over the 51 Protocol Units and Encapsulation For application data to travel uncorrupted from one host to another, header (or control data), which contains control and addressing

More information

Indian Institute of Technology Kharagpur. TCP/IP Part I. Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology

Indian Institute of Technology Kharagpur. TCP/IP Part I. Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Indian Institute of Technology Kharagpur TCP/IP Part I Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Kharagpur Lecture 3: TCP/IP Part I On completion, the student

More information

allow all such packets? While outgoing communications request information from a

allow all such packets? While outgoing communications request information from a FIREWALL RULES Firewalls operate by examining a data packet and performing a comparison with some predetermined logical rules. The logic is based on a set of guidelines programmed in by a firewall administrator,

More information

Figure 41-1 IP Filter Rules

Figure 41-1 IP Filter Rules 41. Firewall / IP Filter This function allows user to enable the functionality of IP filter. Both inside and outside packets through router could be decided to allow or drop by supervisor. Figure 41-1

More information

BCIS 4680 -- BUSINESS DATA COMMUNICATIONS and NETWORKING Mr. Cengiz Capan -- Spring 2016

BCIS 4680 -- BUSINESS DATA COMMUNICATIONS and NETWORKING Mr. Cengiz Capan -- Spring 2016 Office : BLB 290E, Business Leadership Building Office Hours: Tu &Th 9:00 am - 11:00 am, or by appointment/drop-in Telephone: 940-565-4660 Web Page: http://www.coba.unt.edu/bcis/faculty/capan/capan.htm

More information

Protocols and Architecture

Protocols and Architecture Protocols and Architecture 1 Protocol Architecture Layered structure of hardware and software that supports the exchange of data between systems as well as a distributed application (e.g. email or file

More information

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,

More information

SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions. Kevin Law 26 th March, 2005-03-29

SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions. Kevin Law 26 th March, 2005-03-29 SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions Kevin Law 26 th March, 2005-03-29 1). Introduction A person who has used the Internet before would hear about the term firewall.

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

Review For Exam 2. Network Architecture Models (Layered Communications) Summary Questions

Review For Exam 2. Network Architecture Models (Layered Communications) Summary Questions School of Business Review For Exam 2 (Week 7, Monday 2/24/2003) School of Business Network Architecture Models (Layered Communications) Encapsulation and Deencapsulation (Week 3, Wednesday 1/29/2003) 3

More information

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected

More information