ATL Telecom AM2 User Manual
Page 46
ATL User Guide
AM2 G.SHDSL Modem
46
6.5.7 FIREWALL
A firewall protects networked computers from intentional hostile intrusion that could compromise
confidentiality or result in data corruption or denial of service. It must have at least two network interfaces,
one for the network it is intended to protect, and one for the network it is exposed to. A firewall sits at the
junction point or gateway between the two networks, usually a private network and a public network such
as the Internet.
A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it
is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic.
It can also manage public access to private networked resources such as host applications. It can be used to
log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is
attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This
is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as
protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for
example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.
An Internet firewall cannot prevent individual users with modems from dialling into or out of the network. By
doing so they bypass the firewall altogether. Employee misconduct or carelessness cannot be controlled by
firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly enforced.
These are management issues that should be raised during the planning of any security policy, but that cannot
be solved with Internet firewalls alone.
A firewall is a set of related programs that protects the resources of a private network from other networks.
It is helpful to users preventing hackers from accessing its own private data resource accidentally.