Specifications
Table Of Contents
- About This Document
- Understanding Networking and IP Addressing
- Introduction to Networking
- Networking using IP
- Niagara Considerations
- Additional Information
- Configuration and Troubleshooting Tools
- Connecting on a LAN
- Connecting with Direct Dial
- Connecting to an ISP
- Using Security Technologies
- Configuration Files Used for Communication
- Glossary
- Index
Chapter 1 Understanding Networking and IP Addressing
Networking using IP
Niagara Release 2.3
Niagara Networking & Connectivity Guide Revised: May 22, 2002
1–29
but only 250 are expected to be simultaneously connected, the organization can use
a private network addressing scheme for the 500 hosts, then lease one legitimate
Class C address (providing 254 addresses) for use on the proxy server.
In addition, proxy servers often provide caching, which is a function whereby the
server stores the data that is passing through it on its way to the recipient. That way,
if another request comes in for the same resource the proxy server (or firewall), can
simply fill the request without having to go get the data from its original source. The
cache usually has a defined size limit and a storage time limit. So, only the latest or
most commonly requested data is typically served up from the cache.
Firewall A firewall provides network security by restricting access to and/or from the
network. A firewall can be a packaged unit sold as a complete firewall solution, or it
could be a software package that is loaded on an existing computer situated such that
it is the mediator between the network and the Internet.
Firewalls are often implemented to provide users access to and from a secure network
via the Internet as well as to separate a company’s public Web server from its internal
network. Firewalls may also be used to keep separate internal networks secure. For
instance, an IS Manager may wish to keep a research or accounting subnet secure
from internal snooping.
Firewall protection is often implemented using a combination of the following
techniques.
Packet Filter—Also known as a “screening router,” or “static packet filtering”, this
technique blocks traffic based on IP address and/or protocol. With address filtering,
a packet is filtered based upon the IP address of either the source or the destination
address. With protocol filtering, a packet is filtered based upon the protocol being
used. In addition, a firewall can limit the availability of a port on a particular host (see
“About Ports”). Once a packet is approved, the client is connected to the destination
computer and the firewall no longer monitors the connection.
Static packet filtering is fast because it only checks the header of the packet for the
address, protocol and port information. However, it is less secure than other methods
because it does not close off the application ports from being scanned.
Stateful Inspection—This technique is also known as “dynamic packet filtering”
and tracks a transaction in order to verify that the destination of an inbound packet
matches the source of a previous outbound request. In doing so, it opens the packet
and examines it for legitimacy.
Typically, stateful inspection is slower than static packet filtering because the
firewall:
• checks the entire packet, not just the header information
• monitors the state of the connection
• builds a state table for use in checking future packets on the stream.
However, this technique provides better security because the port is only opened on
approved request.