Introduction to Firewall Technologies
ObjectivesUpon completion of this course, you will be able to:
Understand basic concepts
of network security
Master mandatory firewall
technologies
3Com Confidential.3Com Confidential.
33
Contents
Network Security
Firewall Technologies
Network Security Overview
• Network security is a practical issue on the Internet
• Network security is a comprehensive technology
• Network security has two meanings:
– Guarantee security of the internal LAN (away from illegal invasion)
– Protect security of data exchange with the external network
• Perfection and update of the network security technology
Coverage of Network Security
• Coverage of network security
– Prevent physical lines of the network from being easily attacked
– Effectively identify legal and illegal users
– Implement effective access control
– Guarantee concealment of the internal network
– Offer an effective anti-forgery means to focus on major data
– Provide security management for network equipment and network topology
– Provide virus protection
– Improve security protection consciousness
• Category of network security devices
3Com Confidential.3Com Confidential.
66
Contents
Network Security
Firewall Technologies
Mandatory Firewall Technologies
• As for different kinds of potential security hazards on the network, the firewall must have the following security features:
– Network isolation & access control
– Attack defending
– Network Address Translation (NAT)
– Application Specific Packet Filter (ASPF)
– ID authentication
– Content filter
– Security management
Network Isolation & Access Control
Firewall
Switch
Trusted Zone
Untrusted Zone
DMZTrusted Zone -> DMZ, accessing POP3 and SMTP servicesDMZ -> Trusted Zone, accessing no services
Untrusted Zone -> DMZ, accessing POP3 and SMTP servicesDMZ -> Untrusted Zone, accessing all services
Trusted Zone and Untrusted Zone cannot access each other
Email Server
Attack Defending
FirewallTrusted
Zone Untrusted Zone
DoS attack
Hacker
Normal user
Prevent
Network Address Translation (NAT)
Firewall
Web Server
10.1.1.0/24
10.1.1.1
210.190.100.23
10.1.1.100 → 210.190.100.23
10.1.1.100 ← 210.190.100.23
Application Specific Packet Filter (ASPF)
Dynamically create and delete filter rules
Dynamically create and delete filter rules
Monitor packets in the communication processMonitor packets in the
communication process
ID Authentication
Firewall
Access the Internet
User name and password?
Input the user name and password
Authentication success
Normal Internet access
Content Filter
Normal website
Harmful website
• Internet
Harmful contents
Healthy contents
Filter harmful websites
Remove malicious webpage contents
Security Management
Internet
Log buffer
Monitoring terminal
Console
Log host
SecPath
Summary
Basic concepts of network security
Mandatory firewall technologies
Thank you