Table of Contents
Advertisement
IP Spoofing
Data packets sent is from a fake source address. If the firewall's policy does
not restrict these packets from passing through, they could be used to attack
internal servers easily.
Network Address Translation
NAT is the translation of IP addresses between internal or private networks and
the public IP addresses on the Internet. There are three IP address blocks that
have been assigned as private IP address space:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
Through the NAT mechanism, an enterprise's internal networks can use any IP
addresses that fall in the three private spaces. Note that, private IP addresses
can not pass through routers to their destinations.
Packet Filtering
Packet Filters check the headers of IP, TCP and ICMP packets to gather
information, such as sources addresses, source ports, destination
addresses, and destination ports. It also checks the relationships between
packets to decide whether a packet is for normal connection. In this way,
attacks can be detected and blocked.
Address
Each address in Address Table can be either an IP address or a sub-network
address. Administrators can create a name for a specific address for easier
reference. Basically, base on the networks they are located, IP address falls
into 3 categories: Internal IP addresses, external IP addresses and DMZ IP
addresses. When setting up policies, administrators choose IP addresses in
Address Table as the source/destination addresses. So Address Table has to
be constructed before setting up policies.
128
Advertisement
Table of Contents
