ZyXEL p-660h-61 Betriebsanweisung
Prestige 660H Series User’s Guide
10-10
Firewalls
site uses a secure connection, it is safe to submit information. Secure web transactions are
quite difficult to crack.
quite difficult to crack.
♦
Never reveal your IP address or other system networking information to people outside your
company. Be careful of files e-mailed to you from strangers. One common way of getting
BackOrifice on a system is to include it as a Trojan horse with other files.
company. Be careful of files e-mailed to you from strangers. One common way of getting
BackOrifice on a system is to include it as a Trojan horse with other files.
♦
Change your passwords regularly. Also, use passwords that are not easy to figure out. The
most difficult passwords to crack are those with upper and lower case letters, numbers and a
symbol such as % or #.
most difficult passwords to crack are those with upper and lower case letters, numbers and a
symbol such as % or #.
♦
Upgrade your software regularly. Many older versions of software, especially web browsers,
have well known security deficiencies. When you upgrade to the latest versions, you get the
latest patches and fixes.
have well known security deficiencies. When you upgrade to the latest versions, you get the
latest patches and fixes.
♦
If you use “chat rooms” or IRC sessions, be careful with any information you reveal to
strangers.
strangers.
♦
If your system starts exhibiting odd behavior, contact your ISP. Some hackers will set off
hacks that cause your system to slowly become unstable or unusable.
hacks that cause your system to slowly become unstable or unusable.
♦
Always shred confidential information, particularly about your computer, before throwing it
away. Some hackers dig through the trash of companies or individuals for information that
might help them in an attack.
away. Some hackers dig through the trash of companies or individuals for information that
might help them in an attack.
10.7 Packet Filtering Vs Firewall
Below are some comparisons between the Prestige’s filtering and firewall functions.
10.7.1 Packet Filtering:
♦
The router filters packets as they pass through the router’s interface according to the filter
rules you designed.
rules you designed.
♦
Packet filtering is a powerful tool, yet can be complex to configure and maintain, especially if
you need a chain of rules to filter a service.
you need a chain of rules to filter a service.
♦
Packet filtering only checks the header portion of an IP packet.
When To Use Filtering
♦
To block/allow LAN packets by their MAC addresses.
♦
To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets.
♦
To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between
the specific inside host/network "A" and outside host/network "B". If the filter blocks the
traffic from A to B, it also blocks the traffic from B to A. Filters can not distinguish traffic
originating from an inside host or an outside host by IP address.
the specific inside host/network "A" and outside host/network "B". If the filter blocks the
traffic from A to B, it also blocks the traffic from B to A. Filters can not distinguish traffic
originating from an inside host or an outside host by IP address.
♦
To block/allow IP trace route.
10.7.2 Firewall
♦
The firewall inspects packet contents as well as their source and destination addresses.
Firewalls of this type employ an inspection module, applicable to all protocols, that
understands data in the packet is intended for other layers, from the network layer (IP headers)
up to the application layer.
Firewalls of this type employ an inspection module, applicable to all protocols, that
understands data in the packet is intended for other layers, from the network layer (IP headers)
up to the application layer.