ZyXEL Communications P-334WT Support Notes page 22

Stateful Inspection Firewalls restrict access by screening data packets against defined access rules.
They make access control decisions based on IP address and protocol. They also 'inspect' the session
data to assure the integrity of the connection and to adapt to dynamic protocols. The flexible nature
of Stateful Inspection firewalls generally provides the best speed and transparency, however, they
may lack the granular application level access control or caching that some proxies support.
4. What kind of firewall is the P-334WT?
1. The P-334WT's firewall inspects packets contents and IP headers. It is applicable to all
protocols, that understands data in the packet is intended for other layers, from network layer
up to the application layer.
2. The P-334WT's firewall performs stateful inspection. It takes into account the state of
connections it handles so that, for example, a legitimate incoming packet can be matched
with the outbound request for that packet and allowed in. Conversely, an incoming packet
masquerading as a response to a nonexistent outbound request can be blocked.
3. The P-334WT's firewall uses session filtering, i.e., smart rules, that enhance the filtering
process and control the network session rather than control individual packets in a session.
4. The P-334WT's firewall is fast. It uses a hashing function to search the matched session
cache instead of going through every individual rule for a packet.
5. The P-334WT's firewall provides email service to notify you for routine reports and when
alerts occur.
5. Why do you need a firewall when your router has packet filtering and NAT built-in?
With the spectacular growth of the Internet and online access, companies that do business on the
Internet face greater security threats. Although packet filter and NAT restrict access to particular
computers and networks, however, for the other companies this security may be insufficient, because
packets filters typically cannot maintain session state. Thus, for greater security, a firewall is
considered.
6. What is Denials of Service (DoS)attack?
Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet.
Their goal is not to steal information, but to disable a device or network so users no longer have
access to network resources.
There are four types of DoS attacks:
1. Those that exploits bugs in a TCP/IP implementation such as Ping of Death and Teardrop.
2. Those that exploits weaknesses in the TCP/IP specification such as SYN Flood and LAND
Attacks.
3. Brute-force attacks that flood a network with useless data such as Smurf attack.
4. IP Spoofing
7. What is Ping of Death attack?
Ping of Death uses a 'PING' utility to create an IP packet that exceeds the maximum 65535 bytes of
data allowed by the IP specification. The oversize packet is then sent to an unsuspecting system.
Systems may crash, hang, or reboot.
8. What is Teardrop attack?
Teardrop attack exploits weakness in the reassemble of the IP packet fragments. As data is
transmitted through a network, IP packets are often broken up into smaller chunks. Each fragment
looks like the original packet except that it contains an offset field. The Teardrop program creates a