TCP and UDP,ICMP and IPSEC PROTOCOLS

TCP and UDP

TCP and UDP are used by applications. An application server typically listens at a fixed TCP or UDP port, while application clients typically use any of a wide range of ports—and as with other aspects of firewall rulesets, deny by default policies should be used for incoming TCP and UDP traffic.

Less stringent policies are generally used for outgoing TCP and UDP traffic because most organizations permit their users [..]

Firewall policies | IP Addresses and Characteristics

Firewall policies should only permit appropriate source and destination IP addresses to be used. Specific recommendations for IP addresses include:

• Traffic with invalid source or destination addresses should always be blocked, regardless of the firewall location. Examples of relatively common invalid IPv4 addresses are 127.0.0.1 (also known as the localhost address) and 0.0.0.0 (interpreted by some operating systems as a localhost or a broadcast address). These have no legitimate use on [..]

Architecture with Multiple Layers of Firewalls

There is no limitation on where a firewall can be placed in a network. While firewalls should be at the edge of a logical network boundary, creating an “inside” and “outside” on either side of the firewall, a network administrator may wish to have additional boundaries within the network and deploy additional firewalls to establish such boundaries.

The use of multiple layers of firewalls is quite common to provide defense-in-depth. For [..]

Network Layouts with Firewalls

The figure below shows a typical network layout with a hardware firewall device acting as a router. The unprotected side of the firewall connects to the single path labeled “WAN,” and the protected side connects to three paths labeled “LAN1,” “LAN2,” and “LAN3.” The firewall acts as a router for traffic between the Wide Area Network (WAN) path and [..]

Firewalls – Dedicated Proxy Servers

Dedicated proxy servers differ from application-proxy and circuit-level gateways in that while they retain proxy control of traffic, they do not have firewalling capabilities.

Although dedicated proxy servers are not firewalls, they are described in this section because of their close relationship to application-proxy gateway firewalls and circuit-level gateway firewalls. Many proxies are application-specific, and some actually perform analysis and [..]

Firewalls – Application Proxy Gateways

An application-proxy gateway is a feature of advanced firewalls that combines lower layer access control with upper layer functionality. These firewalls contain a proxy agent that acts as an intermediary between two hosts that wish to communicate with each other, and never allows a direct connection between the two hosts.

Each successful connection attempt actually results in the creation of two separate connections—one between the client and the proxy server, and [..]

Firewalls | Packet Filtering

The most basic feature of a firewall is the packet filter. Firewalls that are only packet filters—also known as stateless inspection firewalls—are essentially routing devices that provide access control functionality for host addresses and communication sessions. Unlike more advanced filters, packet filters are not concerned about the content of packets.

Their access control functionality is governed by a set of directives referred to as a ruleset. Packet filtering capabilities are built [..]

Overview of Firewall Technologies

Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. While firewalls are often discussed in the context of Internet connectivity, they may also have applicability in other network environments.

For example, many enterprise networks employ firewalls to restrict connectivity to and from the internal networks used to service more sensitive functions, such as personnel or accounting. An organization [..]

Security of Handheld Devices

Maintaining handheld device security requires constant effort, sufficient resources, and vigilance from an organization. Maintaining the security of a handheld device usually involves the following steps [..]

Smartphones | Security Management Practices and Controls

Appropriate management practices are essential to maintaining and operating a secure infrastructure that incorporates smartphones and PDAs. Security practices entail the identification of an organization’s information system assets and the development, documentation, and implementation of policies, procedures, standards, and guidelines that help to ensure the [..]