ZyXEL p-660hwp Manual Do Utilizador
Chapter 10 Firewalls
P-660HWP-Dx User’s Guide
36
10.2.2 Application-level Firewalls
Application-level firewalls restrict access by serving as proxies for external servers. Since they
use programs written for specific Internet services, such as HTTP, FTP and telnet, they can
evaluate network packets for valid application-specific data. Application-level gateways have
a number of general advantages over the default mode of permitting application traffic directly
to internal hosts:
Information hiding prevents the names of internal systems from being made known via DNS
to outside systems, since the application gateway is the only host whose name must be made
known to outside systems.
Robust authentication and logging pre-authenticates application traffic before it reaches
internal hosts and causes it to be logged more effectively than if it were logged with standard
host logging. Filtering rules at the packet filtering router can be less complex than they would
be if the router needed to filter application traffic and direct it to a number of specific systems.
The router need only allow application traffic destined for the application gateway and reject
the rest.
use programs written for specific Internet services, such as HTTP, FTP and telnet, they can
evaluate network packets for valid application-specific data. Application-level gateways have
a number of general advantages over the default mode of permitting application traffic directly
to internal hosts:
Information hiding prevents the names of internal systems from being made known via DNS
to outside systems, since the application gateway is the only host whose name must be made
known to outside systems.
Robust authentication and logging pre-authenticates application traffic before it reaches
internal hosts and causes it to be logged more effectively than if it were logged with standard
host logging. Filtering rules at the packet filtering router can be less complex than they would
be if the router needed to filter application traffic and direct it to a number of specific systems.
The router need only allow application traffic destined for the application gateway and reject
the rest.
10.2.3 Stateful Inspection Firewalls
Stateful inspection firewalls restrict access by screening data packets against defined access
rules. They make access control decisions based on IP address and protocol. They also
"inspect" the session data to assure the integrity of the connection and to adapt to dynamic
protocols. These firewalls generally provide the best speed and transparency, however, they
may lack the granular application level access control or caching that some proxies support.
See
rules. They make access control decisions based on IP address and protocol. They also
"inspect" the session data to assure the integrity of the connection and to adapt to dynamic
protocols. These firewalls generally provide the best speed and transparency, however, they
may lack the granular application level access control or caching that some proxies support.
See
for more information on stateful inspection.
Firewalls, of one type or another, have become an integral part of standard security solutions
for enterprises.
for enterprises.
10.3 Introduction to ZyXEL’s Firewall
The P-660HWP-Dx firewall is a stateful inspection firewall and is designed to protect against
Denial of Service attacks when activated. The P-660HWP-Dx’s purpose is to allow a private
Local Area Network (LAN) to be securely connected to the Internet. The P-660HWP-Dx can
be used to prevent theft, destruction and modification of data, as well as log events, which may
be important to the security of your network. The P-660HWP-Dx also has packet filtering
capabilities.
The P-660HWP-Dx is installed between the LAN and the Internet. This allows it to act as a
secure gateway for all data passing between the Internet and the LAN.
The P-660HWP-Dx has one DSL/ISDN port and one Ethernet LAN port, which physically
separate the network into two areas.
Denial of Service attacks when activated. The P-660HWP-Dx’s purpose is to allow a private
Local Area Network (LAN) to be securely connected to the Internet. The P-660HWP-Dx can
be used to prevent theft, destruction and modification of data, as well as log events, which may
be important to the security of your network. The P-660HWP-Dx also has packet filtering
capabilities.
The P-660HWP-Dx is installed between the LAN and the Internet. This allows it to act as a
secure gateway for all data passing between the Internet and the LAN.
The P-660HWP-Dx has one DSL/ISDN port and one Ethernet LAN port, which physically
separate the network into two areas.
• The DSL/ISDN port connects to the Internet.
• The LAN (Local Area Network) port attaches to a network of computers, which needs
• The LAN (Local Area Network) port attaches to a network of computers, which needs
security from the outside world. These computers will have access to Internet services
such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be
allowed unless you configure remote management or create a firewall rule to allow a
remote host to use a specific service.
such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be
allowed unless you configure remote management or create a firewall rule to allow a
remote host to use a specific service.