This preview shows page 1. Sign up to view the full content.
Unformatted text preview: rk traffic.
A firewall is a network device used to
filter traffic and is typically deployed
between a private network and a link to
the Internet, but it can be deployed
between departments within an
Without firewalls, it would not be
possible to restrict malicious traffic from
the Internet from entering into your Firewalls …cont.
In addition to logging network traffic
activity, firewalls should log several other
events as well: Reboot of the firewall Proxies or dependencies that cannot or didn't start Proxies or other important services that have crashed
or restarted Changes to the firewall configuration file A configuration or system error while the firewall is
Firewalls are only one part of an overall security solution.
Lecture-3 53 Firewalls …cont. Static Packet-Filtering Firewall: A static packetfiltering firewall filters traffic by examining data from a
message header. Application-Level Gateway Firewall: An applicationlevel gateway firewall is also called a proxy firewall. A proxy is a mechanism that copies packets from one
network into another; the copy process also changes the
source and destination address to protect the identity of
the internal or private network. Circuit-Level Gateway Firewalls: Circuit-level
gateway firewalls are used to establish communication
circuit/session between trusted partners.
Ø They operate at the Session layer (layer 5) of the OSI model.
Lecture-3 54 Firewalls …cont. Stateful Inspection Firewalls: Stateful inspection firewalls
evaluate the state or the context of network traffic. By examining source and destination addresses,
application usage, source of origin, and the relationship
between current packets and the previous packets of the
same session, stateful inspection firewalls are able to grant
a broader range of access for authorized users and
activities and actively watch for and block unauthorized
users and activities. Lecture-3 55 Firewalls …cont.
Multihomed Firewalls: Some firewall
systems have more than one inte...
View Full Document
This note was uploaded on 01/21/2014 for the course IT 205 taught by Professor Kurts during the Winter '08 term at University of Phoenix.
- Winter '08