ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

228

B01. What is a network firewall?

A firewall is a system or group of systems that enforces an access-control policy between two networks.

It may also be defined as a mechanism used to protect a trusted network from an un-trusted network. The

firewall can be thought of two mechanisms. One to block the traffic, and the other to permit traffic.

B02. What makes ZyWALL secure?

The ZyWALL is pre-configured to automatically detect and thwart Denial of Service (DoS) attacks such

as Ping of Death, SYN Flood, LAND attack, IP Spoofing, etc. It also uses stateful packet inspection to

determine if an inbound connection is allowed through the firewall to the private LAN. The ZyWALL

supports Network Address Translation (NAT), which translates the private local addresses to one or

multiple public addresses. This adds a level of security since the clients on the private LAN are invisible

to the Internet.

B03. What are the basic types of firewalls?

Conceptually, there are three types of firewalls:

1. Packet Filtering Firewall

2. Application-level Firewall

3. Stateful Inspection Firewall

Packet Filtering Firewalls generally make their decisions based on the header information in individual

packets. This header information includes the source, destination addresses and ports of the packets.

Application-level Firewalls generally are hosts running proxy servers, which permit no traffic directly

between networks, and which perform logging and auditing of traffic passing through them. A proxy

server is an application gateway or circuit-level gateway that runs on top of general operating system such

as UNIX or Windows NT. It hides valuable data by requiring users to communicate with secure systems

by mean of a proxy. A key drawback of this device is performance.

Stateful Inspection Firewalls restrict access by screening data packets against defined access rules. They

make access control decisions based on IP address and protocol. They also 'inspect' the session data to

assure the integrity of the connection and to adapt to dynamic protocols. The flexible nature of Stateful

Inspection firewalls generally provides the best speed and transparency, however, they may lack the

granular application level access control or caching that some proxies support.