30-01-2012, 03:16 PM
Firewalls
[attachment=16843]
.Sits between two networks
Used to protect one from the other
Places a bottleneck between the networks
All communications must pass through the bottleneck – this gives us a single point of control
.Protection Methods
.Packet Filtering
Rejects TCP/IP packets from unauthorized hosts and/or connection attempts bt unauthorized hosts
.Network Address Translation (NAT)
Translates the addresses of internal hosts so as to hide them from the outside world
Also known as IP masquerading
.Proxy Services
Makes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts
Proxies
Address seen by the external network is the address of the proxy
Everything possible is done to hide the identy if the internal user
e-mail addresses in the http headers are not propigated through the proxy10
Doesn’t have to be actual part of the Firewall, any server sitting between the two networks and be used
Virtual Private Networks (VPN)
.Used to connect two private networks via the internet
Provides an encrypted tunnel between the two private networks
Usually cheaper than a private leased line but should be studied on an individual basis
Once established and as long as the encryption remains secure the VPN is impervious to exploitation
For large organizations using VPNs to connect geographically diverse sites, always attempt to use the same ISP to get best performance.
Try to avoid having to go through small Mom-n-Pop ISPs as they will tend to be real bottlenecks
[attachment=16843]
.Sits between two networks
Used to protect one from the other
Places a bottleneck between the networks
All communications must pass through the bottleneck – this gives us a single point of control
.Protection Methods
.Packet Filtering
Rejects TCP/IP packets from unauthorized hosts and/or connection attempts bt unauthorized hosts
.Network Address Translation (NAT)
Translates the addresses of internal hosts so as to hide them from the outside world
Also known as IP masquerading
.Proxy Services
Makes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts
Proxies
Address seen by the external network is the address of the proxy
Everything possible is done to hide the identy if the internal user
e-mail addresses in the http headers are not propigated through the proxy10
Doesn’t have to be actual part of the Firewall, any server sitting between the two networks and be used
Virtual Private Networks (VPN)
.Used to connect two private networks via the internet
Provides an encrypted tunnel between the two private networks
Usually cheaper than a private leased line but should be studied on an individual basis
Once established and as long as the encryption remains secure the VPN is impervious to exploitation
For large organizations using VPNs to connect geographically diverse sites, always attempt to use the same ISP to get best performance.
Try to avoid having to go through small Mom-n-Pop ISPs as they will tend to be real bottlenecks