Professional Documents
Culture Documents
12 Firewalls......................................................................................................... 619
12.1 Instructional Objectives........................................................................... 622
12.2 Overview................................................................................................. 623
12.3 Firewall Definition ................................................................................... 624
12.4 Firewall Roles ......................................................................................... 626
12.5 Firewall Architectures and Functions ...................................................... 627
12.5.1 Architecture Considerations........................................................ 628
12.5.2 Firewall Architectures.................................................................. 630
12.5.3 Architecture Classes and Tradeoff Criteria ................................. 632
12.5.4 Single Layer Architecture–Basic ................................................. 634
12.5.5 Single Layer Architecture– Base with untrustworthy host.......... 635
12.5.6 Single Layer Architecture–Basic with DMZ network ................... 636
12.5.7 Multi Layer Architecture–Dual with DMZ network ....................... 637
12.6 Firewall Functions................................................................................... 638
12.6.1 Stateless Packet Filtering ........................................................... 639
12.6.2 Stateful Packet Filtering .............................................................. 641
12.6.3 Stateless vs. Stateful .................................................................. 642
12.6.4 Stateless vs. Stateful–UDP......................................................... 643
12.7 Application Proxy .................................................................................... 644
12.7.1 Transparent vs. Non-transparent Proxies ................................... 647
12.8 Network Address Translation (NAT)........................................................ 648
12.8.1 Static NAT................................................................................... 650
12.8.2 Dynamic NAT.............................................................................. 651
12.8.3 Overloading or Port Address Translation (PAT) ......................... 652
12.9 Function Selection Criteria...................................................................... 654
12.10 Review Questions............................................................................ 656
12.11 Summary ......................................................................................... 657
12.12 References ...................................................................................... 658