Manualshelf

Specifications

ManualsBrandsShoreTel ManualsConsumer electronicsIP100
131132133134135136137138139140
Network Requirements and Preparation
922 ShoreTel, Inc.
Firewalls
A firewall is the first major purchase and the foundation of network security
(Figure 9-2). It prevents unauthorized access to the network or web site by examining
both incoming and outgoing traffic. Based on the predefined security policies, each
individual packet is inspected and processed. Any type of traffic that is deemed to be
“illegal” (based on rules that specify protocol type, source or destination IP address,
and so on) is not allowed through the firewall. Using this tool, administrators can
achieve tight control over the activities they allow into and out of their corporate
network or e-business site. In a corporate network, a firewall prevents intruders from
accessing corporate resources while allowing employees Internet access. In an
e-business site, it allows outside access to the web server while preventing
unauthorized access or attacks.
Figure 9-2 Firewalls
Often, a typical network access point, called a DMZ (demilitarized zone), is
implemented to offer an “outside” presence for e-commerce clients, e-business
partners, and web surfers. The DMZ acts as the gateway through which all Internet
communications with the company or site transpire. It allows for controlled access to
front-end web servers while protecting mission-critical resources (databases, routers,
servers, and so on). Thus, the DMZ needs to be flexible, reliable, and available.
The firewall is often the first line of defense in this environment. Always vigilant, this
device must look into all traffic for the site. As part of its duty, the firewall recognizes
and deals with denial-of-service attacks, such as TCP SYN flood and Ping of Death. In
each of these attacks, the hackers are simply attempting to overwhelm the devices that
provide an Internet presence for the company.