Professional Documents
Culture Documents
Firewall - Concept
7. Firewall - Concept
Firewall components
Network policy
Advance authentication
Packet Filter
Application Filter
Proxy
NAT
Proxies make tampering with an internal system from the external network
more difficult and misuse of one internal system would not necessarily
cause a security breach exploitable from outside the firewall (as long as the
application proxy remains intact and properly configured). Conversely,
intruders may hijack a publicly-reachable system and use it as a proxy for
their own purposes; the proxy then masquerades as that system to other
internal machines. While use of internal address spaces enhances security,
crackers may still employ methods such as IP spoofing to attempt to pass
packets to a target network..
9. Firewall Policy
Firewall Policy
1. Allow Web traffic (TCP 80/443) from any external address to internal web
server
2. Allow DNS (UDP 53) from any external address to internal DNS server
3. Allow SMTP (TCP 25) from any external address to internal POP server
4. Allow Oracle (TCP 1521) from Accounting Dept. to internal DB server
5. Allow Web traffic (TCP 80/443) from Sales Dept. to any address.
6. Allow Web traffic (TCP 80/443) from Marketing Dept. to any address
7. DROP
SrcPort
Destination
DstPort
Protocol
Action