Sender: |
|
Date: |
Fri, 17 May 2002 01:33:31 -0700 |
Reply-To: |
|
Content-type: |
text/plain; charset=US-ASCII |
Subject: |
|
MIME-Version: |
1.0 |
In-Reply-To: |
|
Content-transfer-encoding: |
7BIT |
From: |
|
Parts/Attachments: |
|
|
On 15 May 2002, at 12:46, Robert Lendrim wrote:
> 1. How does the router provide firewall protection and does it
> have to be configured to do it?
At the network level, "firewall" generally refers to one or more of
three specific technologies:
1. Packet Filtering
Each packet is checked -- to the extent possible (which might not
be enough!) to make sure that it meets criteria (address, protocols)
for being allowed through. This is simple and fast to do, but is
limited in how *thorough* it can be. Many *routers* implement this
as a feature.
2. Stateful Inspection
This generally looks at the same portions of the packets as packet
inspection, but because it also maintains a *contect* of current
connections, etc, it can recognize and reject packets that a simple
packet filter would have to allow. Many popular commercial firewall
"appliances" take this approach.
3. Application Proxy
This actually mediates all communication between the client
machines and the outside world. This can take signicant CPU, and is
generally implemented as software on a "server-class" computer.
Some of the most successful commercial products combine Stateful
Inspection (for speed) with proxying of specific common applications.
I believe the cheapest Stateful Inspection appliances sell for
about $300-$500, but you could put Linux on an older 486 or Pentium
(I) machine and install ipchains or an equivalent package.
The LinkSys routers basically provide some packet-filtering
capability, which I believe you must enable via the web interface.
That and NAT are probably sufficient for many home installations.
David Gillett
The NOSPIN Group is now offering Free PC Tech
support at our newest website:
http://freepctech.com
|
|
|