Selecting a Firewall Gilbert Held
|
|
- Amos Jenkins
- 8 years ago
- Views:
Transcription
1 Selecting a Firewall Gilbert Held Payoff Although a company may reap significant benefits from connecting to a public network such as the Internet, doing so can sometimes compromise the security of a private network. This article discusses two types of firewalls that provide security by creating barriers between networks. Firewall solutions for three common network scenarios are also discussed. Introduction A firewall is a combination of hardware and software that functions as a programmable barrier to the flow of data between two or more networks. Those networks can be public, private, or a combination of the two. The hardware platform used to construct a firewall depends on the configuration of networks the firewall will protect. Bridge-Based Firewalls If a firewall is required to function as a barrier between two private local area networks (LANs) operating within the same building, a bridge hardware platform may be sufficient. Exhibit 1a illustrates the use of a firewall-based bridge to both interconnect two LANs and function as a programmable barrier between the flow of data from one LAN to another. The firewall obtains barrier capability through packet filtering. Using Bridge-Based Firewalls Packet Filtering When operating on a bridge platform that uses Media Access Control packet addresses as decision criteria for forwarding a packet from one LAN to another, the software in the firewall supersedes the bridging operation. That is, the firewall enables or disables the flow of packets from one network to another according to the packet-filtering criteria previously established. For example, one or more source or destination addresses or groups of addresses could be barred from traversing from one network to another. When operating on a bridge platform, a firewall's filtering capability is limited to source and destination addresses. A firewall cannot make decisions based on the application or any other criteria. This limitation is the result of a requirement for additional filtering to occur at the network layer while the bridge operates at the data link layer. Although filtering is limited, a bridge-based firewall is suitable for many intracompany applications. For example, the use of packet filtering can prevent specific users on one network from attempting to access a print or file server on another network. Although packet filtering is no substitute for password protection for controlling access to servers, it can be used to thwart attempts by users of one network to access resources of another network. Because every query requires a response, using packet filtering to block access requests also reduces intralan communications, which can eliminate or reduce bottlenecks when remote bridges are used to interconnect
2
3 geographically separated LANs. By using a remote bridge-based firewall at each location, users can obtain a degree of control over intralan communications. Exhibit 1b illustrates the use of a remote bridge-based firewall. The connection of geographically separated LANs by remote bridge-based firewalls requires two firewall operations to effectively limit the communications flow on the WAN. If filtering occurs at only one end of the WAN transmission path, a conventional remote bridge can permit all packets with unknown destination addresses to be transmitted over the WAN to the other LAN. Thus, implementing packet filtering on both remote bridges can effectively reduce the traffic over lower-speed WAN circuits in addition to serving as a barrier to unwanted transmission. Router-Based Firewalls A more sophisticated type of firewall, the router-based firewall, is used with a router hardware platform. Unlike a bridge, which operates at the data link layer, a router operates at the network layer. Instead of making forwarding decisions based on the destination address in a packet (as performed by a bridge, without filtering), a router makes decisions that are based on a variety of information that can be included in the network header. In addition, most routers support multiple protocols, such as NetWare Internet Packet Exchange (IPX), Transmission Control Protocol and Internet Protocol (TCP/IP), and Systems Network Architecture(SNA). Routers may support System Network Architecture by using a passthrough facility, encapsulating SNA into TCP/IP, or using IBM Corp.'s recently introduced data link switching to route SNA traffic. Because the Internet Protocol (IP) includes port numbers that define applications such as , Telnet, rlogin, and File Transfer Protocol, it is important that users consider the routerbased firewall's ability to filter using protocol addresses as well as logical port numbers that equate to distinct applications. Exhibit 2a illustrates the use of a router to provide a connection from an organization's Ethernet LAN to the Internet. In this example, the actual connection to the Internet was obtained from an Internet Access Provider. In many instances theinternet access provider furnishes both the router and the connection to the Internet. Thus, many organizations may want to examine the filtering capability of the router bundled with Internet access. Connecting a Corporate LAN to the Internet If the filtering capability is not sufficient to satisfy its communications requirements, an organization may want to install a router-based firewall between the network and the router from the access provider as an additional level of protection. This situation is illustrated in Exhibit 2b. Although the use of a firewall as illustrated in Exhibit 2b appears similar to the use of a router's built-in filtering, there can be enough differences between the two methods to justify the use of a standalone router-based firewall. The examples in the following section explain why some routers may be incapable of providing the level of filtering an organization requires. Examples of Filtering Filtering is required to make certain corporate networking functions more secure for example, employee access to the Internet, employee access to File Transfer Protocol
4
5 servers on the Internet, and customer access to files on a company's file transfer protocol (FTP) server. This section describes examples of each of these functions. Corporate Internet Access In the first example, an organization's Internet connection has been established to permit employees connected to the Ethernet to send and receive over the Internet. The users want to establish a file transfer protocol (FTP) server on their LAN that allows customers to access and retrieve information concerning price quotes, technical bulletins, and similar company information. Although the network manager wants workstation users on the company LAN to use file transfer protocol (FTP) to access file transfer protocol (FTP) servers on the Internet, the manager also wants to limit file transfer protocol (FTP) access to the LAN to customers only. Some routers with a built-in filtering capability permit anything not explicitly precluded. Other routers with a built-in filtering capability operate on the assumption that nothing is permitted unless allowed. This second type of router is less frequently encountered because it requires a more sophisticated degree of filtering and a significant amount of memory to hold permissions rather than exceptions. This type of filtering is usually encountered in router-based firewalls that, as a security precaution, only permit explicitly defined operations. Because the organization wants to transmit over the Internet, certain filtering actions are required. Because the simple mail transport protocol (SMTP) is used to transport as an IP application using port 25, filters should be set using that port assignment. If the router precludes all operations unless explicitly permitted, the following filter actions should be entered: Action Port Source Destination Inbound/Outbound Allow 25 * * Inbound Allow 25 * * Outbound The asterisk (*) functions as a global wildcard permitting any address for source or destination. Thus, the first filter allows inbound traffic using port 25 from any destination address to any source address. The second filter permits outbound using port 25 from any source address to any destination address. The combination of the two filters permits from any user on the Internet to reach any user on the company LAN and vice versa. If the company LAN were using a router that allows all operations that are not precluded, users would not have to enter any filters to use . Employee Access to FTP Servers on the Internet Once the organization's filtering requirements have been satisfied, its file transfer protocol (FTP) requirements should be evaluated. If the router a company is using precludes all operations other than those explicitly permitted, specific filtering is required. Because file transfer protocol (FTP) uses port 21 to transmit control information outbound and port 20 for the actual inbound file transfer, filtering is required to allow organizational users Internet file transfer protocol (FTP) access. To satisfy this requirement, an organization should set up the following filters: Action Port Source Destination Inbound/Outbound Allow 21 * * Outbound Allow 25 * * Inbound
6 The first filter permits any user on the LAN to initiate an file transfer protocol (FTP) request on port 21 to any destination address. The second filter permits files requested through an action on port 25 to flow inbound from any source address on the Internet to any destination address on the LAN. This action establishes the filters necessary for LAN users to access any file transfer protocol (FTP) server on the Internet. Letting Customers Access Files on the Company's FTP Server An organization should decide which filters are required so that selected customers can access files on the organization's file transfer protocol (FTP) server. It is important that the network administrator keep in mind one of the key limitations associated with many routers: their inability to support more than a few filters. An organization may want to contact customers to obtain their network addresses, either as a single workstation address representing one computer required to access the organization's File Transfer Protocol server or as a block of addresses representing a group of workstations at a customer site requiring access to the organization's file transfer protocol (FTP) server. For each customer, filters should take the following form: Action Port Source Destination Inbound/Outbound Allow 21 Address FTPA Inbound Allow 25 FTPA Address Outbound Here, FTPA represents the organization's file transfer protocol (FTP) server address, and Address represents either a customer's single workstation address or block of workstation addresses. Thus, the preceding filters would: Allow inbound traffic on port 21 from the defined source address or group of addresses to the organization's file transfer protocol (FTP) server address. Allow outbound traffic on port 25 from the organization's file transfer protocol (FTP) server address to the destination address or block of destination addresses. If, for example, an organization has 60 customers, the setup of a minimum of 120 filters would be necessary for there to be file transfer protocol (FTP) access from customers. If each customer had several workstations that required access to the company file transfer protocol (FTP) server and each address was noncontiguous, a pair of filters would have to be set up for each workstation. Thus, two workstations per customer requiring access to the organization's File Transfer Protocol server would require the setup of 60* 2 * 2 or 240 filters; three workstations per customer would require 360 filters to be set up, and so on. If the router only supports the use of a handful of filter operations because of memory constraints, an organization will probably need to use a router-based firewall to implement filtering requirements. Most router-based firewalls support the use of hundreds to thousands of filters. However, because each filter requires the router to perform a series of comparison operations, the more filters used, the lower the level of router throughput that can be obtained. Vendor performance specifications should be carefully considered because some firewalls can become network bottlenecks when as few as 50 filters are enabled. Other firewalls may support the use of hundreds of filters before performance is significantly effected.
7 Conclusion Two types of firewalls should be considered to protect the network resources of an organization. In brief: Bridge-based firewalls should be considered if an organization wants to control the flow of information between LANs that are interconnected or can be interconnected by bridges. If an organization wants to connect its private network to a public network, it should consider the use of a router-based firewall to obtain network protection. By carefully examining the filtering capability of a firewall, including its ability to enable or disable the flow of packets based on source addresses, destination addresses, and logical ports, a barrier can be obtained that provides a satisfactory measure of security. Although the filtering capability of a firewall is its primary evaluation feature, other features should be considered before selecting this type of communications product. Exhibit 3 lists some of the additional features of a router-based firewall. This checklist can be used as a basis for comparing vendor products to company requirements. Router-Based Firewall Features Feature Requirement Vendor A Vendor B Filter Construction Number supported Binary linkage LAN Support Token Ring Ethernet Protocol Support TCP/IP IPX SPX RIP SLIP Other WAN Support RS232 V.35 RS-449 Other Author Biographies Gilbert Held Gilbert Held is director of 4-Degree Consulting, a Macon GA-based high-tech consulting group. He is an internationally recognized author and lecturer, having written more than 40 books and 300 technical articles. He earned a BSEE from Pennsylvania Military College, an MSEE from New York University, and MBA and MSTM degrees from The American
8 University. He has represented the US at technical conferences in Moscow and Jerusalem and received numerous awards for excellence in technical writing.
52-20-16 Using RMON to Manage Remote Networks Gilbert Held
52-20-16 Using RMON to Manage Remote Networks Gilbert Held Payoff By standardizing the management information base (MIB) for Ethernet and Token Ring LANs, a network administrator can use the management
More informationUPPER LAYER SWITCHING
52-20-40 DATA COMMUNICATIONS MANAGEMENT UPPER LAYER SWITCHING Gilbert Held INSIDE Upper Layer Operations; Address Translation; Layer 3 Switching; Layer 4 Switching OVERVIEW The first series of LAN switches
More informationNETWORK BASELINING AS A PLANNING TOOL
50-40-02 DATA COMMUNICATIONS MANAGEMENT NETWORK BASELINING AS A PLANNING TOOL Gilbert Held INSIDE Baselining Tools and Techniques, SimpleView, NEWT, EtherVision, Foundation Manager INTRODUCTION Baselining
More informationLab 5.5.3 Developing ACLs to Implement Firewall Rule Sets
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Device Interface
More informationPROTECTING NETWORKS WITH FIREWALLS
83-10-44 DATA SECURITY MANAGEMENT PROTECTING NETWORKS WITH FIREWALLS Gilbert Held INSIDE Connecting to the Internet; Router Packet Filtering; Firewalls; Address Hiding; Proxy Services; Authentication;
More information51-30-60 DATA COMMUNICATIONS MANAGEMENT. Gilbert Held INSIDE
51-30-60 DATA COMMUNICATIONS MANAGEMENT PROTECTING A NETWORK FROM SPOOFING AND DENIAL OF SERVICE ATTACKS Gilbert Held INSIDE Spoofing; Spoofing Methods; Blocking Spoofed Addresses; Anti-spoofing Statements;
More information83-20-10 Secure Data Center Operations Gilbert Held Payoff
83-20-10 Secure Data Center Operations Gilbert Held Payoff The data center stores information necessary for the effective and efficient operation of the entire organization. Loss of this data, conveyance
More information51-30-21 Selecting a Web Server Connection Rate Gilbert Held
51-30-21 Selecting a Web Server Connection Rate Gilbert Held Payoff Determining the best operating rate for a WAN connection to the Internet is a common problem for organizations wishing to obtain a presence
More informationUnderstanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX
APPENDIX A Introduction Understanding TCP/IP To fully understand the architecture of Cisco Centri Firewall, you need to understand the TCP/IP architecture on which the Internet is based. This appendix
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationOverview - Using ADAMS With a Firewall
Page 1 of 6 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
More informationPowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions
Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,
More informationOverview - Using ADAMS With a Firewall
Page 1 of 9 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationSFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004
SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 Introduction: A computer firewall protects computer networks from unwanted intrusions which could compromise confidentiality
More informationOperating System Concepts. Operating System 資 訊 工 程 學 系 袁 賢 銘 老 師
Lecture 7: Distributed Operating Systems A Distributed System 7.2 Resource sharing Motivation sharing and printing files at remote sites processing information in a distributed database using remote specialized
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationNZQA Expiring unit standard 6857 version 4 Page 1 of 5. Demonstrate an understanding of local and wide area computer networks
Page 1 of 5 Title Demonstrate an understanding of local and wide area computer networks Level 7 Credits 10 Purpose People credited with this unit standard are able to: describe network types and standards;
More informationPART OF THE PICTURE: The TCP/IP Communications Architecture
PART OF THE PICTURE: The / Communications Architecture 1 PART OF THE PICTURE: The / Communications Architecture BY WILLIAM STALLINGS The key to the success of distributed applications is that all the terminals
More informationData Communication Networks and Converged Networks
Data Communication Networks and Converged Networks The OSI Model and Encapsulation Layer traversal through networks Protocol Stacks Converged Data/Telecommunication Networks From Telecom to Datacom, Asynchronous
More informationMANAGEMENT INFORMATION SYSTEMS 8/E
MANAGEMENT INFORMATION SYSTEMS 8/E Raymond McLeod, Jr. and George Schell Chapter 10 Data Communications Copyright 2001 Prentice-Hall, Inc. 10-1 Objectives Understand data communication basics. Know the
More informationAccess Control Lists: Overview and Guidelines
Access Control Lists: Overview and Guidelines Cisco provides basic traffic filtering capabilities with access control lists (also referred to as access lists). Access lists can be configured for all routed
More informationAS/400e. TCP/IP routing and workload balancing
AS/400e TCP/IP routing and workload balancing AS/400e TCP/IP routing and workload balancing Copyright International Business Machines Corporation 2000. All rights reserved. US Government Users Restricted
More informationLecture (02) Networking Model (TCP/IP) Networking Standard (OSI) (I)
Lecture (02) Networking Model (TCP/IP) Networking Standard (OSI) (I) By: Dr. Ahmed ElShafee ١ Dr. Ahmed ElShafee, ACU : Fall 2015, Networks II Agenda Introduction to networking architecture Historical
More informationA Heterogeneous Internetworking Model with Enhanced Management and Security Functions
Session 1626 A Heterogeneous Internetworking Model with Enhanced Management and Security Functions Youlu Zheng Computer Science Department University of Montana Yan Zhu Sybase, Inc. To demonstrate how
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationComputer Networks Vs. Distributed Systems
Computer Networks Vs. Distributed Systems Computer Networks: A computer network is an interconnected collection of autonomous computers able to exchange information. A computer network usually require
More informationCisco Configuring Commonly Used IP ACLs
Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow
More informationFirewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
More informationIntroduction to Computer Networks and Data Communications
Introduction to Computer Networks and Data Communications Chapter 1 Learning Objectives After reading this chapter, you should be able to: Define the basic terminology of computer networks Recognize the
More information83-10-41 Types of Firewalls E. Eugene Schultz Payoff
83-10-41 Types of Firewalls E. Eugene Schultz Payoff Firewalls are an excellent security mechanism to protect networks from intruders, and they can establish a relatively secure barrier between a system
More informationSecurity threats and network. Software firewall. Hardware firewall. Firewalls
Security threats and network As we have already discussed, many serious security threats come from the networks; Firewalls The firewalls implement hardware or software solutions based on the control of
More information1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
More informationERserver. iseries. TCP/IP routing and workload balancing
ERserver iseries TCP/IP routing and workload balancing ERserver iseries TCP/IP routing and workload balancing Copyright International Business Machines Corporation 1998, 2001. All rights reserved. US
More informationMulti-Homing Dual WAN Firewall Router
Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet
More informationNetworking Basics for Automation Engineers
Networking Basics for Automation Engineers Page 1 of 10 mac-solutions.co.uk v1.0 Oct 2014 1. What is Transmission Control Protocol/Internet Protocol (TCP/IP)------------------------------------------------------------
More informationChapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
More informationChapter 14: Distributed Operating Systems
Chapter 14: Distributed Operating Systems Chapter 14: Distributed Operating Systems Motivation Types of Distributed Operating Systems Network Structure Network Topology Communication Structure Communication
More informationNetworking TCP/IP routing and workload balancing
System i Networking TCP/IP routing and workload balancing Version 5 Release 4 System i Networking TCP/IP routing and workload balancing Version 5 Release 4 Note Before using this information and the product
More informationFirewall VPN Router. Quick Installation Guide M73-APO09-380
Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,
More informationComputer Networks. Definition of LAN. Connection of Network. Key Points of LAN. Lecture 06 Connecting Networks
Computer Networks Lecture 06 Connecting Networks Kuang-hua Chen Department of Library and Information Science National Taiwan University Local Area Networks (LAN) 5 kilometer IEEE 802.3 Ethernet IEEE 802.4
More information87-01-30 Secure External Network Communications Lynda L. McGhie Payoff
87-01-30 Secure External Network Communications Lynda L. McGhie Payoff Large organizations must be able to communicate with external suppliers, partners, and customers. Implementation of bidirectional
More informationInternet Concepts. What is a Network?
Internet Concepts Network, Protocol Client/server model TCP/IP Internet Addressing Development of the Global Internet Autumn 2004 Trinity College, Dublin 1 What is a Network? A group of two or more devices,
More informationUIP1868P User Interface Guide
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationcnds@napier Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer)
Slide 1 Introduction In today s and next week s lecture we will cover two of the most important areas in networking and the Internet: IP and TCP. These cover the network and transport layer of the OSI
More informationDigi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering
Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming
More informationSE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions. Kevin Law 26 th March, 2005-03-29
SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions Kevin Law 26 th March, 2005-03-29 1). Introduction A person who has used the Internet before would hear about the term firewall.
More informationBasic Network Configuration
Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the
More informationThe TCP/IP Reference Model
The TCP/IP Reference Model The TCP/IP Model Comparison to OSI Model Example Networks The TCP/IP Model Origins from ARPANET, DoD research network ARPA - Advanced Research Projects Agency Reliability was
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationProtocol Data Units and Encapsulation
Chapter 2: Communicating over the 51 Protocol Units and Encapsulation For application data to travel uncorrupted from one host to another, header (or control data), which contains control and addressing
More informationChapter 16: Distributed Operating Systems
Module 16: Distributed ib System Structure, Silberschatz, Galvin and Gagne 2009 Chapter 16: Distributed Operating Systems Motivation Types of Network-Based Operating Systems Network Structure Network Topology
More informationCOMPUTER NETWORK TECHNOLOGY (300)
Page 1 of 10 Contestant Number: Time: Rank: COMPUTER NETWORK TECHNOLOGY (300) REGIONAL 2014 TOTAL POINTS (500) Failure to adhere to any of the following rules will result in disqualification: 1. Contestant
More information52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller
52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller Payoff The Remote Monitoring (RMON) Management Information Base (MIB) is a set of object definitions that extend the capabilities
More informationJOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01
JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT Test Code: 4514 Version: 01 Specific Competencies and Skills Tested in this Assessment: PC Principles Identify physical and equipment
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationLogical & Physical Security
Building a Secure Ethernet Environment By Frank Prendergast Manager, Network Certification Services Schneider Electric s Automation Business North Andover, MA The trend toward using Ethernet as the sole
More informations@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]
s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] Topic break down Topic No. of Questions Topic 1: Network Architecture 183 Topic 2: Network Operations 149
More informationNetwork Troubleshooting with the LinkView Classic Network Analyzer
November 2, 1999 www.wwgsolutions.com Network Troubleshooting with the LinkView Classic Network Analyzer Network Troubleshooting Today The goal of successful network troubleshooting is to eliminate network
More informationCommunications and Computer Networks
SFWR 4C03: Computer Networks and Computer Security January 5-8 2004 Lecturer: Kartik Krishnan Lectures 1-3 Communications and Computer Networks The fundamental purpose of a communication system is the
More informationBasic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet
Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected
More informationRAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009
Systems Development Proposal Scott Klarman March 15, 2009 Systems Development Proposal Page 2 Planning Objective: RAS Associates will be working to acquire a second location in Detroit to add to their
More informationConfiguring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
CHAPTER 4 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance This chapter describes how to configure the switch ports and VLAN interfaces of the ASA 5505 adaptive
More informationiseries TCP/IP routing and workload balancing
iseries TCP/IP routing and workload balancing iseries TCP/IP routing and workload balancing Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users Restricted
More informationFirewall Architecture
NEXTEP Broadband White Paper Firewall Architecture Understanding the purpose of a firewall when connecting to ADSL network services. A Nextep Broadband White Paper June 2001 Firewall Architecture WHAT
More informationModule 15: Network Structures
Module 15: Network Structures Background Topology Network Types Communication Communication Protocol Robustness Design Strategies 15.1 A Distributed System 15.2 Motivation Resource sharing sharing and
More informationINTRODUCTION TO VOICE OVER IP
52-30-20 DATA COMMUNICATIONS MANAGEMENT INTRODUCTION TO VOICE OVER IP Gilbert Held INSIDE Equipment Utilization; VoIP Gateway; Router with Voice Modules; IP Gateway; Latency; Delay Components; Encoding;
More informationEE4367 Telecom. Switching & Transmission. Prof. Murat Torlak
Packet Switching and Computer Networks Switching As computer networks became more pervasive, more and more data and also less voice was transmitted over telephone lines. Circuit Switching The telephone
More informationProxy Server, Network Address Translator, Firewall. Proxy Server
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
More informationStateful Inspection Technology
Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions
More informationGuide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols
Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various
More informationESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK
VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK Contemporary Control Systems, Inc. Understanding Ethernet Switches and Routers This extended article was based on a two-part article that was
More informationHow To Understand and Configure Your Network for IntraVUE
How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of
More informationIMPLEMENTING AND SUPPORTING EXTRANETS
87-10-18 DATA SECURITY MANAGEMENT IMPLEMENTING AND SUPPORTING EXTRANETS Phillip Q. Maier INSIDE Extranet Architectures; Router-Based Extranet Architecture; Application Gateway Firewalls; Scalability; Multi-homed
More informationNETWORK SECURITY 10.1 ROUTERS
Internetworking LANs and WANs: Concepts, Techniques and Methods. Second Edition. Gilbert Held Copyright & 1993, 1998 John Wiley & Sons Ltd Print ISBN 0-471-97514-1 Online ISBN 0-470-84155-9 10 NETWORK
More informationFigure 41-1 IP Filter Rules
41. Firewall / IP Filter This function allows user to enable the functionality of IP filter. Both inside and outside packets through router could be decided to allow or drop by supervisor. Figure 41-1
More informationSystem Development and Life-Cycle Management (SDLCM) Methodology
System Development and Life-Cycle Management (SDLCM) Methodology Subject Type Standard Approval CISSCO Program Director A. PURPOSE This standard specifies the format and conventions to be used in developing
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationFirewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls
CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationEXPLORER. TFT Filter CONFIGURATION
EXPLORER TFT Filter Configuration Page 1 of 9 EXPLORER TFT Filter CONFIGURATION Thrane & Thrane Author: HenrikMøller Rev. PA4 Page 1 6/15/2006 EXPLORER TFT Filter Configuration Page 2 of 9 1 Table of Content
More informationFig. 4.2.1: Packet Filtering
4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the
More informationFirewall Design Principles Firewall Characteristics Types of Firewalls
Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008
More informationChapter 7: Computer Networks, the Internet, and the World Wide Web. Invitation to Computer Science, C++ Version, Third Edition
Chapter 7: Computer Networks, the Internet, and the World Wide Web Invitation to Computer Science, C++ Version, Third Edition Objectives In this chapter, you will learn about: Basic networking concepts
More informationVirtual Server in SP883
Virtual Server in SP883 1 Introduction: 1.1 Micronet SP883 is a hard QoS broadband router, means its guaranteed service can provide absolute reservation of resource (bandwidth) for specific traffic;not
More informationReview: Lecture 1 - Internet History
Review: Lecture 1 - Internet History late 60's ARPANET, NCP 1977 first internet 1980's The Internet collection of networks communicating using the TCP/IP protocols 1 Review: Lecture 1 - Administration
More informationLecture 1. Lecture Overview. Intro to Networking. Intro to Networking. Motivation behind Networking. Computer / Data Networks
Lecture 1 An Introduction to Networking Chapter 1, pages 1-22 Dave Novak BSAD 146, Introduction to Networking School of Business Administration University of Vermont Lecture Overview Brief introduction
More informationHow To Use A Network Over The Internet (Networking) With A Network (Netware) And A Network On A Computer (Network)
1 TCP Transmission Control Protocol, is a connection based Internet protocol responsible for breaking data into packets to send over a network using IP (internet protocol) IP works at the TCP/IP Internet
More informationOct 15, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 3. Internet : the vast collection of interconnected networks that all use the TCP/IP protocols
E-Commerce Infrastructure II: the World Wide Web The Internet and the World Wide Web are two separate but related things Oct 15, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 1 Outline The Internet and
More informationThe OSI Model: Understanding the Seven Layers of Computer Networks
Expert Reference Series of White Papers The OSI Model: Understanding the Seven Layers of Computer Networks 1-800-COURSES www.globalknowledge.com The OSI Model: Understanding the Seven Layers of Computer
More informationThis course has been retired. View the schedule of current <a href=http://www.ptr.co.uk/networkingcourses.htm>networking
Introduction to Data Communications & Networking Course Description: This course has been retired. View the schedule of current networking Courses
More informationNetwork Simulation Traffic, Paths and Impairment
Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating
More informationERserver. iseries. Remote Access Services: PPP connections
ERserver iseries Remote Access Services: PPP connections ERserver iseries Remote Access Services: PPP connections Copyright International Business Machines Corporation 1998, 2002. All rights reserved.
More informationallow all such packets? While outgoing communications request information from a
FIREWALL RULES Firewalls operate by examining a data packet and performing a comparison with some predetermined logical rules. The logic is based on a set of guidelines programmed in by a firewall administrator,
More informationTerminal Services Overview
Terminal Services Overview This chapter provides an overview of Cisco IOS terminal services and includes the following main sections: Cisco IOS Network Access Devices Line Characteristics and s Asynchronous
More informationNetwork System Design Lesson Objectives
Network System Design Lesson Unit 1: INTRODUCTION TO NETWORK DESIGN Assignment Customer Needs and Goals Identify the purpose and parts of a good customer needs report. Gather information to identify network
More informationPeer-to-Peer SIP Mode with FXS and FXO Gateways
Peer-to-Peer SIP Mode with FXS and FXO Gateways New Rock s SIP based VoIP gateways with FXS and FXO ports support peer-to-peer mode which has many applications in deploying enterprise multi-site telephone
More informationNetFlow Subinterface Support
NetFlow Subinterface Support Feature History Release Modification 12.2(14)S This feature was introduced. 12.2(15)T This feature was integrated into Cisco IOS Release 12.2 T. This document describes the
More informationChapter 2 TCP/IP Networking Basics
Chapter 2 TCP/IP Networking Basics A network in your home or small business uses the same type of TCP/IP networking that is used for the Internet. This manual provides an overview of IP (Internet Protocol)
More information