Manualshelf

User`s manual

ManualsBrandsZyXEL Communications ManualsComputer equipmentP-660D - V3.40
11121314151617181920
P-660 Series Support Notes
19
All contents copyright © 2005 ZyXEL Communications Corporation.
Firewall FAQ (For P-660 H/HW Only)
General
1. What is a network firewall?
A firewall is a system or group of systems that enforces an access-control policy
between two networks. It may also be defined as a mechanism used to protect a
trusted network from an untrusted network. The firewall can be thought of two
mechanisms. One to block the traffic, and the other to permit traffic.
2. What makes P-660 secure?
The P-660 is pre-configured to automatically detect and thwart Denial of Service
(DoS) attacks such as Ping of Death, SYN Flood, LAND attack, IP Spoofing, etc. It
also uses stateful packet inspection to determine if an inbound connection is allowed
through the firewall to the private LAN. The P-660supports Network Address
Translation (NAT), which translates the private local addresses to one or multiple
public addresses. This adds a level of security since the clients on the private LAN are
invisible to the Internet.
3. What are the basic types of firewalls?
Conceptually, there are three types of firewalls:
1. Packet Filtering Firewall
2. Application-level Firewall
3. Stateful Inspection Firewall
Packet Filtering Firewalls generally make their decisions based on the header
information in individual packets. These headers information include the source,
destination addresses and ports of the packets.
Application-level Firewalls generally are hosts running proxy servers, which permit
no traffic directly between networks, and which perform logging and auditing of
traffic passing through them. A proxy server is an application gateway or circuit-level
gateway that runs on top of general operating system such as UNIX or Windows NT.
It hides valuable data by requiring users to communicate with secure systems by mean
of a proxy. A key drawback of this device is performance.
Stateful Inspection Firewalls restrict access by screening data packets against defined
access rules. They make access control decisions based on IP address and protocol.
They also 'inspect' the session data to assure the integrity of the connection and to
adapt to dynamic protocols. The flexible nature of Stateful Inspection firewalls