Masterclass: Good Firewall Design
IntroductionIn this masterclass, we will have a closer look at both firewall design
and configuration issues. Firewall design has gone through some
changes over the past years, but the fundamental control mechanisms
have more or less remained the same.
The two fundamental mechanisms that are used in firewalls are:
• Packet filtering
• Proxy servers
We will now examine each in turn in more detail. Both are able to
enforce an access control policy, but in different ways and with different
results.
Packet Filtering
While routers build routing tables in memory in order to determine the
most suitable route towards the next destination of the packet, packetfiltering
routers also determine if a packet should be passed on at all.
Packet filters can allow or disallow transfer of packets usually only
based on:
• The source address of the packet.
• The destination address of the packet.
• The session and application protocols used to transmit the data.
Packet filtering is usually performed on the Internet layer and the
transport layer, not on the network access layer or the application layer.
A generic structure to the packets at each layer, focussing on the packet
header.
No comments:
Post a Comment