Chapter 7.
Firewalls
Information security is commonly thought of as a process and not a product. However, standard secu
rity implementations usually employ some form of dedicated mechanism to control access privileges
and restrict network resources to users who are authorized, identifiable, and traceable. Red Hat Linux
includes several powerful tools to assist administrators and security engineers with network level ac
cess control issues.
Aside from VPN solutions such as CIPE or IPSec (discussed in Chapter 6), firewalls are one of the core
components of network security implementation. Several vendors market firewall solutions catering to
all levels of the marketplace: from home users protecting one PC to data center solutions safeguarding
vital enterprise information. Firewalls can be standalone hardware solutions, such as firewall appli
ances by Cisco, Sonicwall, and Nokia. There are also proprietary software firewall solutions developed
for home and business markets by vendors such as Checkpoint, McAfee, and Symantec.
Apart from the differences between hardware and software firewalls, there are also differences in the
way firewalls function that separate one solution from another. Table 7 1 details three common types
of firewalls and how they function:
Method Description
Advantages
Disadvantages
NAT
Network Address
Can be configured
Cannot prevent malicious
Translation (NAT) places
transparently to machines
activity once users connect
internal network IP
on a LAN
to a service outside of the
subnetworks behind one or
Protection of many
firewall.
a small pool of external IP
machines and services
addresses, masquerading all
behind one or more
requests to one source
external IP address(es),
rather than several
simplifying administration
duties
Restriction of user access
to and from the LAN can be
configured by opening and
closing ports on the NAT
firewall/gateway
Packet
Packet filtering firewalls
Customizable through the
Cannot filter packets for
Filter
read each data packet that
iptables
front end
content like proxy firewalls
passes within and outside of
utility
Processes packets at the
a LAN. It can read and
Does not require any
protocol layer, but cannot
process packets by header
customization on the client
filter packets at an
information and filters the
side, as all network
application layer
packet based on sets of
activity is filtered at the
Complex network
programmable rules
router level rather than at
architectures can make
implemented by the firewall
the application level
establishing packet filtering
administrator. The Linux
Since packets are not
rules difficult, especially if
kernel has built in packet
transmitted through a proxy, coupled with IP
filtering functionality
network performance is
masquerading or local
through the netfilter kernel
faster due to direct
subnets and DMZ networks
subsystem.
connection from client to
remote host
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved