Firewall feature set overview, Reasons for installing a firewall, Firewall feature set overview -9 – Enterasys Networks Security Router X-PeditionTM User Manual

Firewall Feature Set Overview

XSR User’s Guide 16-9

18. Optionally, if you want to tighten security on the XSR, enter ip ssh server disable to

deactivate SSH.

19. Enter policy telnet to enable Telnet access for the new user.

20. Enter exit to quit AAA user mode.

21. Enter aaa client telnet to permit the new user to employ Telnet.

The XSR is now ready to connect remote login users. Remember to save your configuration
after all edits.

Firewall Feature Set Overview

A firewall is defined generally as a set of related applications or a device dedicated to protect the
enterprise network. Placed at any entry way to a corporation’s private network, a firewall
examines all packets arriving from the Internet and admits or bars traffic based upon its policies.
A firewall may also control inside access to destinations on the Internet or interior resources.

Fundamentally, a firewall monitors and filters network traffic. Depending on your enterprise
needs, you can set up a simple or more robust firewall. For instance, application-level filtering can
be matched to source/destination IP addresses and port numbers for FTP, HTTP, NNTP, or
Telnet; protocol-level filtering can be set on IP protocols such as OSPF, IGP or ICMP; and stateful
filtering can be applied to a session’s state.

Reasons for Installing a Firewall

The rationale for installing a firewall can include the following:

•

Provide a focal point for security decisions

•

Segment networks into discrete security zones

•

Enforce security policy between different security zones to protect proprietary information
from falling into the wrong hands

•

Enable users to safely connect to and conduct business over a public, untrusted network
(Internet):

–

Restrict undesirable traffic that may otherwise flow between your internal hosts and the
Internet

–

Protect internal networks from hostile and malicious attacks

•

Log network activity

•

Limit your exposure in case of a successful attack

Ideally, these network nodes should be checked daily for security holes, but since that is
impractical, the next best course is to run a firewall to block all non-essential ports and cut the risk
of attack. A firewall can be conceived as a virtual wall through which “holes” or ports are opened
to allow permitted traffic through as shown in

Figure 16-10

which illustrates a topology using the

XSR firewall feature set.