Simply put, TCP/IP is the network. Because most networks today run TCP/IP and most firewalls operate using TCP/IP, it is critical for the firewall administrator to understand how TCP/IP functions. The reason for this is simple: Most firewall filtering rulesets and access control lists are written and designed to filter traffic based on information obtained from the TCP, UDP, ICMP, or IP header information. Without an understanding of how these protocols function and the applications, processes, and services that enable these functions, it is almost impossible to effectively protect network resources with a firewall. This is especially true with regard to NAT (which is implemented in almost every major firewall produced today). |