Firewall faq – ZyXEL Communications P-202 User Manual

Page 17

Advertising
background image

P-202H Plus v2 Support Notes

Firewall FAQ

General

1. What is a network firewall?

A firewall is a system or group of systems that enforces an access-control policy
between two networks. It may also be defined as a mechanism used to protect a
trusted network from an untrusted network. The firewall can be thought of two
mechanisms. One to block the traffic, and the other to permit traffic.

2. What makes P-202H Plus v2 secure?

The P-202H Plus v2 is pre-configured to automatically detect and thwart Denial
of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND attack, IP
Spoofing, etc. It also uses stateful packet inspection to determine if an inbound
connection is allowed through the firewall to the private LAN. The P-202H Plus
v2supports Network Address Translation (NAT), which translates the private local
addresses to one or multiple public addresses. This adds a level of security since
the clients on the private LAN are invisible to the Internet.

3. What are the basic types of firewalls?

Conceptually, there are three types of firewalls:

1. Packet Filtering Firewall
2. Application-level Firewall
3. Stateful Inspection Firewall

Packet Filtering Firewalls generally make their decisions based on the header
information in individual packets. These header information include the source,
destination addresses and ports of the packets.

Application-level Firewalls generally are hosts running proxy servers, which
permit no traffic directly between networks, and which perform logging and
auditing of traffic passing through them. A proxy server is an application gateway
or circuit-level gateway that runs on top of general operating system such as
UNIX or Windows NT. It hides valuable data by requiring users to communicate
with secure systems by mean of a proxy. A key drawback of this device is
performance.

All contents copyright © 2006 ZyXEL Communications Corporation.

17

Stateful Inspection Firewalls restrict access by screening data packets against
defined access rules. They make access control decisions based on IP address
and protocol. They also 'inspect' the session data to assure the integrity of the
connection and to adapt to dynamic protocols. The flexible nature of Stateful


Advertising
Popular Brands
Popular manuals