Manualshelf

Installation guide

ManualsBrandsShoreTel ManualsComputer equipmentShoreWare
61626364656667686970
62 Planning and Installation Guide ShoreTel 14.2
Network Requirements and Preparation Firewalls
3
Firewalls
A firewall is the foundation of network security (see Figure 2). It prevents unauthorized access to the
network or web site by examining both incoming and outgoing traffic. Based on the predefined security
policies, each individual packet is inspected and processed. Any type of traffic deemed “illegal” (based
on rules that specify protocol type, source or destination IP address, and so on) is not allowed through
the firewall. Using this tool, administrators can achieve tight control over the activities they allow into
and out of their corporate network or e-business site. In a corporate network, a firewall prevents
intruders from accessing corporate resources while allowing Internet access for employees. In an e-
business site, it allows outside access to the web server while preventing unauthorized access or
attacks.
Often, a typical network access point, called a DMZ (demilitarized zone), is implemented to offer an
“outside” presence for e-commerce clients, e-business partners, and web surfers. The DMZ acts as
the gateway through which all Internet communications with the company or site transpire. It allows for
controlled access to front-end web servers while protecting mission-critical resources (databases,
routers, servers, and so on). Thus, the DMZ needs to be flexible, reliable, and available.
The firewall is often the first line of defense in this environment. Always vigilant, this device must look
into all traffic for the site. As part of its duty, the firewall recognizes and deals with denial-of-service
attacks, such as TCP SYN flood and Ping of Death. In each of these attacks, the hackers are simply
attempting to overwhelm the devices that provide an Internet presence for the company.
With a TCP SYN flood, a stream of TCP SYN packets is sent to the receiving device (often the
firewall). The finite memory and size of the TCP entry tables can be overrun by spurious SYN packets,
preventing any real users from making a TCP connection required for HTTP communications.
Figure 2: Firewalls
An ICMP flood attack also floods a device, by streaming ICMP echo packets at a recipient destination.
This flood of packets requires the device to process and respond to these pings, burning precious
resources and preventing other traffic from being serviced. By examining the site’s traffic patterns,