Filter-based security, Filter-based security 185, Figure 7-7 – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

Chapter 7: Filtering

n

185

212777-A, February 2002

Filter-based Security

This section provides an example of configuring filters for providing the best security. It is
generally recommended that you configure filters to deny all traffic except for those services
that you specifically wish to allow. Consider the following sample network:

Figure 7-7 Security Topology Example

In this example, the network is made of local clients on a collector switch, a Web server, a mail
server, a domain name server, and a connection to the Internet. All the local devices are on the
same subnet.

For best security, it is generally recommended that you configure filters to deny all traffic
except for those services that you specifically wish to allow. In this example, the administrator
wishes to install basic security filters to allow only the following traffic:

n

External HTTP access to the local Web server

n

External SMTP (mail) access to the local mail server

n

Local clients browsing the World Wide Web

n

Local clients using Telnet to access sites outside the intranet

n

DNS traffic

All other traffic is denied and logged by the default filter.

N

OTE

–

Since IP address and port information can be manipulated by external sources, filter-

ing does not replace the necessity for a well-constructed network firewall.

Web Server

205.177.15.2

Mail Server

205.177.15.3

DNS

205.177.15.4

Alteon Web Switch

Local Clients

Internet

Router

Client Switch