3com 3031 Instruccion De Instalación
774
C
HAPTER
56: N
ETWORK
S
ECURITY
C
ONFIGURATION
■
Packet filter: Such a firewall filters each packet depending on the items that
defined by the user. For example, it compares the packets with the defined
rules in source and destination addresses for a match. A packet filter neither
considers the status of sessions, nor analyzes the data. If the user specifies that
the packets carrying port number 21 or a port number no less than 1024 are
permitted, all the packets matching the condition will be able to pass through
the firewall. If the configured rules are properly set for the actual applications,
many packets that bring potential threat to the security can be filtered at this
layer.
defined by the user. For example, it compares the packets with the defined
rules in source and destination addresses for a match. A packet filter neither
considers the status of sessions, nor analyzes the data. If the user specifies that
the packets carrying port number 21 or a port number no less than 1024 are
permitted, all the packets matching the condition will be able to pass through
the firewall. If the configured rules are properly set for the actual applications,
many packets that bring potential threat to the security can be filtered at this
layer.
■
Network Address Translation: Also called address proxy, NAT makes it possible
for a private network to access an external network. The NAT mechanism is to
substitute an external network address and port of router for the IP address
and port of a host on a private network and vice versa. In other words, it fulfills
the conversion between <Private address + Port number> and <Public address
+ Port number>. The private address discussed here refers to an internal
network or host address, and public address refers to a globally unique IP
address on the Internet. Internet Assigned Number Authority (IANA)
provisioned that that the following IP address ranges are reserved for private
addresses:
for a private network to access an external network. The NAT mechanism is to
substitute an external network address and port of router for the IP address
and port of a host on a private network and vice versa. In other words, it fulfills
the conversion between <Private address + Port number> and <Public address
+ Port number>. The private address discussed here refers to an internal
network or host address, and public address refers to a globally unique IP
address on the Internet. Internet Assigned Number Authority (IANA)
provisioned that that the following IP address ranges are reserved for private
addresses:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
In other words, the addresses in these three ranges will be used inside an
organization or companies rather than assigned on the Internet. A company can
select a proper internal network address ranges, taking into consideration the
number of the internal hosts and networks in the near future. The internal
network addresses of different companies can be the same. However, it will be
very likely to cause chaos if a company selects a segment beyond the three ranges
given above as the internal network address. NAT allows internal hosts to access
the Internet resources while keeping their “privacy”.
organization or companies rather than assigned on the Internet. A company can
select a proper internal network address ranges, taking into consideration the
number of the internal hosts and networks in the near future. The internal
network addresses of different companies can be the same. However, it will be
very likely to cause chaos if a company selects a segment beyond the three ranges
given above as the internal network address. NAT allows internal hosts to access
the Internet resources while keeping their “privacy”.
Packet Filter
Function
Normally, a packet filter filters the IP packets. For the packets that the router will
forward, the filter will first obtain the header information of each packet,
including upper protocol carried by the IP layer, source and destination addresses
of the packet, and source and destination ports. Then, it compares them with the
preset rules to determine whether the packet should be forwarded or discarded.
forward, the filter will first obtain the header information of each packet,
including upper protocol carried by the IP layer, source and destination addresses
of the packet, and source and destination ports. Then, it compares them with the
preset rules to determine whether the packet should be forwarded or discarded.