[cisb102sp04] cisb 102 Lesson 3 QS.6
- From: Vally Sangeetha Balakrishnan <vally_balak@xxxxxxxxx>
- To: cisb102sp04@xxxxxxxxxxxxx
- Date: Sat, 21 Feb 2004 18:08:33 -0800 (PST)
From Vally Balakrishanan vally_balak@xxxxxxxxx
URL : http://www.freebsd.org
The topic I chose is firewalls
There are currently two distinct types of firewalls in common use on
the Internet today. The first type is more properly called a packet
filtering router. This type of firewall utilizes a multi-homed machine
and a set of rules to determine whether to forward or block individual
packets. A multi-homed machine is simply a device with multiple network
interfaces. The second type, known as a proxy server, relies on daemons
to provide authentication and to forward packets, possibly on a
multi-homed machine which has kernel packet forwarding disabled.
Sometimes sites combine the two types of firewalls, so that only a
certain machine (known as a bastion host) is allowed to send packets
through a packet filtering router onto an internal network. Proxy
services are run on the bastion host, which are generally more secure
than normal authentication mechanisms. FreeBSD comes with a kernel
packet filter (known as IPFW).
People often think that having a firewall between your internal network
and the ``Big Bad Internet'' will solve all your security problems. It
may help, but a poorly set up firewall system is more of a security
risk than not having one at all. A firewall can add another layer of
security to your systems, but it cannot stop a really determined
cracker from penetrating your internal network. If you let internal
security lapse because you believe your firewall to be impenetrable,
you have just made the crackers job that much easier.
__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
Other related posts:
