Firewall Design Rules - Netopia 3341-ENT Firmware User Manual
Enterprise-series netopia firmware version 8.7
Hide thumbs
Also See for 3341-ENT:
- Getting started manual (40 pages) ,
- Specifications (2 pages) ,
- Specification sheet (2 pages)
Table of Contents
Advertisement
10-40 Firmware User Guide
Example TCP/UDP Ports
Firewall design rules
There are two basic rules to firewall design:
•
"What is not explicitly allowed is denied."
and
•
"What is not explicitly denied is allowed."
The first rule is far more secure, and is the best approach to firewall design. It is far easier (and more secure)
to allow in or out only certain services and deny anything else. If the other rule is used, you would have to figure
out everything that you want to disallow, now and in the future.
Firewall Logic
Firewall design is a test of logic, and filter rule ordering is critical. If a packet is forwarded through a series of
filter rules and then the packet matches a rule, the appropriate action is taken. The packet will not forward
through the remainder of the filter rules.
For example, if you had the following filter set...
Allow WWW access;
Allow FTP access;
Allow SMTP access;
Deny all other packets.
and a packet goes through these rules destined for FTP, the packet would forward through the first rule (WWW),
go through the second rule (FTP), and match this rule; the packet is allowed through.
If you had this filter set for example....
Allow WWW access;
Allow FTP access;
Deny FTP access;
Deny all other packets.
TCP Port
Service
20/21
FTP
23
Telnet
25
SMTP
80
WWW
144
News
UDP Port
Service
161
SNMP
69
TFTP
387
AURP
- Quick Links:
- Telnet-Based Management
- Ip Setup
Hide quick links:
Advertisement
Table of Contents
