A Note About Firewalls

Previous page
Table of content
Next page

A firewall is a system that protects a local network from attack by unauthorized users attempting to access the LAN from the Internet. The word firewall has entered the lexicon of Internet jargon, and it is one of many computer terms that can fall within a wide range of definitions. Firewalls perform a number of functions. However, one of the most basic features of a firewall is something that is pertinent to this hour.

That important feature is the capability of a firewall to block off access to specific TCP and UDP ports. The word firewall, in fact, is sometimes used as a verb, meaning to close off access to a port.

For example, to initiate a Telnet session with the server, a client machine must send a request to Telnet's well-known port address, TCP port 23. (Telnet is a utility that lets the client computer serve as a terminal for the server. You'll learn more about Telnet in Hour 15, "Remote Access Utilities.") Unauthorized use of Telnet can sometimes pose a security threat. To increase security, the server can be configured to stop using port 23 to access Telnet; for that matter, the server can simply stop using the Telnet application, but that extreme solution would prohibit authorized users on the LAN from using Telnet for authorized activities. (Why have it if you're not going to use it?) An alternative would be to install a firewall as shown in Figure 6.10 and configure that firewall to block access to TCP port 23. The result is that users on the LAN, from inside the firewall, have free access to TCP port 23 on the server. Users from the Internet, outside the LAN, do not have access to the server's TCP port 23 and therefore cannot access the server through Telnet. In fact, users from the Internet cannot use Telnet at all to access any computer on the LAN.

Figure 6.10. A typical firewall scenario.

graphics/06fig10.gif

This scenario uses Telnet and TCP port 23 as an example. Firewalls typically block access to any or all ports that might pose a security threat. Network administrators often block access to all ports except those that are absolutely necessary, such as a port that handles incoming email. You often find devices that provide the company's Internet presence, such as a Web server, placed outside the firewall, so that access to the Internet device will not result in unauthorized access to the LAN.

By the Way

Just as a firewall can keep outside users from accessing services within the network, it can keep inside users from accessing services outside the network.



Previous page
Table of content
Next page
Sams Teach Yourself TCP/IP in 24 Hours
Sams Teach Yourself TCP/IP in 24 Hours (4th Edition)
ISBN: 0672329964
EAN: 2147483647
Year: 2003
Pages: 259
Authors: Joe Casad
BUY ON AMAZON
Documenting Software Architectures: Views and Beyond
Developing Tablet PC Applications (Charles River Media Programming)
C & Data Structures (Charles River Media Computer Engineering)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Cisco CallManager Fundamentals (2nd Edition)
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy