Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X4500
11121314151617181920
User Guide 5
Introduction to Network Security
About Domain Name Service (DNS)
If you do not know the address of a person, you can frequently find it in the telephone directory. On the
Internet, the equivalent to a telephone directory is the DNS (Domain Name System). This is a network system
of servers that translates numeric IP addresses into readable Internet addresses, and vice versa. DNS takes the
friendly domain name you type when you want to see a particular web site, such as www.example.com, and
finds the equivalent IP address, such as 50.50.50.1. Network devices need the actual IP address to find the web
site, but domain names are much easier for users to type and remember than IP addresses.
A DNS server is a server that performs this translation.
About services and policies
You use a service to send different types of data (such as email, files, or commands) from one computer to
another across a network or to a different network. These services use protocols. Frequently used Internet
services are:
World Wide Web access uses Hypertext Transfer Protocol (HTTP)
Email uses Simple Mail Transfer Protocol (SMTP) or Post Office Protocol (POP3)
File transfer uses File Transfer Protocol (FTP)
Resolving a domain name to an Internet address uses Domain Name Service (DNS)
Remote terminal access uses Telnet or SSH (Secure Shell)
When you allow or deny a service, you must add a policy to your Firebox configuration. Each policy you add
can also add a security risk. To send and receive data, you must open a door in your computer, which puts your
network at risk. We recommend that you add only the policies that are necessary for your business.
As an example of how a policy might be used, suppose the network administrator of a company wants to
activate a Windows terminal services connection to the company’s public web server on the optional interface
of the Firebox. He or she routinely administers the web server with a Remote Desktop connection. At the same
time, he or she wants to make sure that no other network users can use the Remote Desktop Protocol terminal
services through the Firebox. The network administrator would add a policy that allows RDP connections only
from the IP address of his or her own desktop computer to the IP address of the public web server.
When you configure your Firebox with the Quick Setup Wizard, the wizard adds only limited outgoing
connectivity. If you have more software applications and network traffic for the Firebox to examine, you must:
Configure the policies on the Edge to let necessary traffic through
Set the approved hosts and properties for each policy
Balance the requirement to protect your network against the requirements of your users to get access
to external resources