Firewall uses a variety of architectures to manage access control. Thses are :
a. Packet-Filtering Firewalls
b. Proxy firewall
c. Stageful Inspection
Packet-filtering Firewall
This type of firewall examines all the packets it comes across. It forwards them or drops them based on pre-defined rules. This redimentary firewall provides only basic protection. Packet-filtering firewalls are restrictive since network managers can only define a few parameters.
Many routers and proxy servers use some form of packet filtering that provides firewall capabilities for protecting the network from unauthorized traffic. Administrators can create rules for filtering out unwanted packets and can arrange these rules in the most efficient order. A packet that passes all the rules is only allowed through, while a packet that violates any rules is dropped.
Packet filtering can be implemented on routers and other devices in two ways:
1. Static filtering
2. Dynamic filtering
Static filtering
Static paket filtering provides limited security by configuring selected ports as either permanently open or permanently closed. For example, to deny outside packets access to a company internet server on port 80 (the standart port number for the Hypetext Transfer Protocol or HTTP) one could configure the router of firewall to block all incoming packets directed port 80.
Dynamic filtering
Dynamic packet filtering provides enhanced security. It acts by allowing selected ports to be opened at the start of a legitimate session and then closes them at the end of the session. This is particularly useful for protocols that allocate ports dynamically - for example, with the File Transfer Protocol (FTP).
No comments:
Post a Comment