Chapter 7.


Firewalls


Information security is commonly thought of as a process and not a product. However, standard secu 


rity implementations usually employ some form of dedicated mechanism to control access privileges


and restrict network resources to users who are authorized, identifiable, and traceable. Red Hat Linux


includes several powerful tools to assist administrators and security engineers with network level ac 


cess control issues.


Aside from VPN solutions such as CIPE or IPSec (discussed in Chapter 6), firewalls are one of the core


components of network security implementation. Several vendors market firewall solutions catering to


all levels of the marketplace: from home users protecting one PC to data center solutions safeguarding


vital enterprise information. Firewalls can be standalone hardware solutions, such as firewall appli 


ances by Cisco, Sonicwall, and Nokia. There are also proprietary software firewall solutions developed


for home and business markets by vendors such as Checkpoint, McAfee, and Symantec.


Apart from the differences between hardware and software firewalls, there are also differences in the


way firewalls function that separate one solution from another. Table 7 1 details three common types


of firewalls and how they function:


Method Description


Advantages


Disadvantages


NAT


Network Address


Can be configured


Cannot prevent malicious


Translation (NAT) places


transparently to machines


activity once users connect


internal network IP


on a LAN


to a service outside of the


subnetworks behind one or


Protection of many


firewall.


a small pool of external IP


machines and services


addresses, masquerading all


behind one or more


requests to one source


external IP address(es),


rather than several


simplifying administration


duties


Restriction of user access


to and from the LAN can be


configured by opening and


closing ports on the NAT


firewall/gateway


Packet


Packet filtering firewalls


Customizable through the


Cannot filter packets for


Filter


read each data packet that


iptables


front end


content like proxy firewalls


passes within and outside of


utility


Processes packets at the


a LAN. It can read and


Does not require any


protocol layer, but cannot


process packets by header


customization on the client


filter packets at an


information and filters the


side, as all network


application layer


packet based on sets of


activity is filtered at the


Complex network


programmable rules


router level rather than at


architectures can make


implemented by the firewall


the application level


establishing packet filtering


administrator. The Linux


Since packets are not


rules difficult, especially if


kernel has built in packet


transmitted through a proxy, coupled with IP


filtering functionality


network performance is


masquerading or local


through the netfilter kernel


faster due to direct


subnets and DMZ networks


subsystem.


connection from client to


remote host








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved