Introduction to Firewall Technologies

ObjectivesUpon completion of this course, you will be able to:

Understand basic concepts

of network security

Master mandatory firewall

technologies

3Com Confidential.3Com Confidential.

33

Contents

Network Security

Firewall Technologies

Network Security Overview

• Network security is a practical issue on the Internet

• Network security is a comprehensive technology

• Network security has two meanings:

– Guarantee security of the internal LAN (away from illegal invasion)

– Protect security of data exchange with the external network

• Perfection and update of the network security technology

Coverage of Network Security

• Coverage of network security

– Prevent physical lines of the network from being easily attacked

– Effectively identify legal and illegal users

– Implement effective access control

– Guarantee concealment of the internal network

– Offer an effective anti-forgery means to focus on major data

– Provide security management for network equipment and network topology

– Provide virus protection

– Improve security protection consciousness

• Category of network security devices

3Com Confidential.3Com Confidential.

66

Contents

Network Security

Firewall Technologies

Mandatory Firewall Technologies

• As for different kinds of potential security hazards on the network, the firewall must have the following security features:

– Network isolation & access control

– Attack defending

– Network Address Translation (NAT)

– Application Specific Packet Filter (ASPF)

– ID authentication

– Content filter

– Security management

Network Isolation & Access Control

Firewall

Switch

Trusted Zone

Untrusted Zone

DMZTrusted Zone -> DMZ, accessing POP3 and SMTP servicesDMZ -> Trusted Zone, accessing no services

Untrusted Zone -> DMZ, accessing POP3 and SMTP servicesDMZ -> Untrusted Zone, accessing all services

Trusted Zone and Untrusted Zone cannot access each other

Email Server

Attack Defending

FirewallTrusted

Zone Untrusted Zone

DoS attack

Hacker

Normal user

Prevent

Network Address Translation (NAT)

Firewall

Web Server

10.1.1.0/24

10.1.1.1

210.190.100.23

10.1.1.100 → 210.190.100.23

10.1.1.100 ← 210.190.100.23

Application Specific Packet Filter (ASPF)

Dynamically create and delete filter rules

Dynamically create and delete filter rules

Monitor packets in the communication processMonitor packets in the

communication process

ID Authentication

Firewall

Access the Internet

User name and password?

Input the user name and password

Authentication success

Normal Internet access

Content Filter

Normal website

Harmful website

• Internet

Harmful contents

Healthy contents

Filter harmful websites

Remove malicious webpage contents

Security Management

Internet

Log buffer

Monitoring terminal

Console

Log host

SecPath

Summary

Basic concepts of network security

Mandatory firewall technologies

Thank you