Tasks that A Firewall Can Do
A firewall should be able to perform the following tasks:1. Manages and controls network traffic
2. Authenticates access
3. Act as intermediary
4. Protects resources
5. Records and reports on events
Manage and Control Network Traffic
This is one of the main functions that all firewalls should be able to perform. Firewalls manage and control the network traffic by packet inspection and monitoring the connections that are being made which is then filtered.Authenticate Access
This can be done in a few ways. The most common one is by extended authentication or xauth. This is implemented by prompting the user for user name and password prior to the firewall allowing a connection to be established.Another method would be through the use of certificates and public keys. This method has an advantage over the use of xauth. There is no need for the user intervention if the hosts are well configured with certificates and the use of well configured public key infrastructure for firewalls and hosts.
Lastly, access can also be verified through the use of pre-shared keys(PSKs) which are less complex to implement as compared with certificates and do not require user intervention. With PSKs, the host is provided a predetermined key that is used for the authentication process.
Acts as an intermediary
A firewall can also be configured to act as proxy. A proxy functions by mimicking the host that it is trying to protect. All communications destined for the protected host occurs at the proxy. The proxy will "rebuild" a brand new packet to be forwarded to the protected host. Therefore, there will never be a direct way of communicating with the protected host.Protects Resources
A firewall protects resources from threats by application proxies, stateful packet inspection, use of access control rules or a combination of all.Records and Reports on Events
All firewalls should be able to carry out this task of recording all transmissions so that the administrator will be able to review the recorded data.Most firewalls use two methods that is syslog or proprietary logging format. These methods enable the administrator to determine what may have occur during a security event. The data logged can also be use when troubleshooting a firewall to help determine the cause of the problems.
Reference:
Wes Noonan,Ido Dubrawsky,Firewall Fundamentals: An Introduction to Network and Computer Firewall Security,Indiana,Cisco Press,2006.
No comments:
Post a Comment